a. Four risks linked with Electronic Banking and the utilization of Electronic Payment Channels are outlined and elaborated below, drawing from practical experiences in the Ghanaian banking sector, aligned with the Bank of Ghana’s Cyber and Information Security Directive 2020 and Payment Systems and Services Act, 2019 (Act 987). These risks highlight the need for robust controls to ensure compliance and operational resilience.

• Cybersecurity Threats (e.g., Phishing and Malware Attacks): Electronic banking platforms, such as mobile apps and online portals, are vulnerable to phishing scams where fraudsters impersonate the bank to steal card details or login credentials. In Ghana, incidents like those during the 2017-2019 banking cleanup exposed weaknesses, where malware infected customer devices, leading to unauthorized transactions. This risk can result in financial losses and erode trust; for instance, at Stanbic Bank Ghana, enhanced multi-factor authentication (MFA) has been implemented to mitigate this, as per BoG directives requiring encryption and secure protocols.
• Data Breaches and Privacy Violations: The use of electronic payment channels involves handling vast amounts of sensitive data, making banks targets for breaches. Under the Data Protection Act, 2012 (Act 843), non-compliance can lead to penalties. A real-world example is the 2022 data leak at a Ghanaian fintech partner, affecting card users. This risk impacts reputation and invites regulatory scrutiny from BoG, emphasizing the need for regular audits and data encryption in systems like ATMs or POS terminals.
• Operational Disruptions from System Failures: Reliance on electronic channels exposes banks to downtime risks due to technical glitches or cyberattacks like DDoS. During the post-DDEP recovery in 2023-2024, some banks faced liquidity strains exacerbated by channel outages, delaying payments. This aligns with Basel III’s operational risk standards adapted in Ghana, where Ecobank Ghana’s investment in redundant servers has proven effective in maintaining service continuity.
• Fraudulent Transactions and Insider Threats: Card skimming at ATMs or insider collusion in electronic departments can lead to unauthorized fund transfers. Historical cases, such as the collapse of UT Bank due to governance lapses including fraud, underscore this. BoG’s Corporate Governance Directive 2018 mandates segregation of duties; practical measures include AI-driven anomaly detection, as seen in GCB Bank’s fraud monitoring systems.

b. To guarantee that customers are shielded from the adverse consequences of these fraudulent activities, banks must adopt proactive, customer-centric strategies compliant with BoG guidelines. Two examples include:

• Implementing Zero-Liability Policies for Unauthorized Transactions: As per BoG’s consumer protection directives, banks like Access Bank Ghana offer zero-liability for fraud if reported promptly (within 24-48 hours). This shields customers by reimbursing losses, as in cases of card cloning, while educating them via SMS alerts on safe practices, fostering trust and compliance with Act 987.
• Deploying Advanced Fraud Detection and Response Mechanisms: Using real-time monitoring tools integrated with AI, banks can freeze suspicious transactions instantly. For instance, Stanbic Bank Ghana’s collaboration with Visa for tokenization ensures card details are not exposed, protecting customers during e-commerce. This includes 24/7 helplines for immediate support, aligning with the Cyber Security Directive to minimize impact and ensure quick resolution.