In a bid to help protect customers from fraudulent activity, financial institutions often limit the amount of money that can be accessed in a given period. Transaction limit may be varied due to account activity and maturity of account upon customers request or at the discretion of the financial institution.
In August 2014 CBN pegged the transaction limit on NIP and other electronic payments option to 1m for individuals and 10m for corporate organizations. In the same vein, financial institutions are mandated to configure transaction limits and velocity limits on their payment channels according to the organization risk appetite to reduce their customer exposure to fraud.
In the past, several customers have suffered losses as a result of fraudulent transactions that were consummated way above the limits configured on the system. The control of limits configured did not take effect to decline the transactions as expected.
- Hence, we are recommending that these limits (specific transaction limit, daily limit, and global limit or threshold) should be subjected to exhaustive tests to confirm their effectiveness and also to know if transactions above the set limit can be declined as expected.
- The test results must be certified OK before products are deployed to production for a pilot test or go-live.
- During the tests, dummy accounts should be set up so that transactions are simulated to mimic the real-life scenario as it is in the production environment.
- These tests should include negative tests where transactions are simulated below and above the set limits so as to establish that the system can restrict and trigger errors to prevent spurious transactions and fraud.
On this note, all members are enjoined to go back to their various institutions and inculcate the culture of rigorous testing of transaction limits on their various payment channels both before deployment to live and on a periodic base whilst the products and services are in production.
Emerging Technologies Committee