The financial inclusion objective of the Central Bank of Nigeria (CBN) received a boost recently as the Globacom Telecommunications Network officially commenced operations in its PSB subsidiary, Licensed by the Central Bank of Nigeria (CBN) on 27 August 2020. The CBN licensed the PSBs to provide financial services to many unbanked and underbanked residents in the country as well as about 79million bank accounts without registered BVNs. To bridge this gap, the CBN licensed the PSBs, and they commenced commercial operations on May 30, 2022. Globacom joined other networks providers, MTN and Airtel, that have diversified their product stack beyond telecoms sources to include operations in the PSB subsector of the financial sector, for the benefit of the people and to deepen financial inclusion in the country.

The launch of the financial technology (fintech) services of the MoneyMaster PSB of Globacom came with the introduction of its G-Kala. The G-Kala makes it possible for all prospective customers with Glo lines or any other telecommunications lines to simply dial *995# and then follow the prompts for enrolment. It allows the customers’ phone numbers to be used as account numbers. In order words, the Globacom’s PSB accommodates customers with phone numbers registered with their BVN, in all telecommunications services in Nigeria.

The PSBs licence gives the operators the platform to facilitate payment and remittance services within Nigeria, accept deposits from individuals and small businesses, issue debit and prepaid cards, operate electronic wallets, inbound remittances, and carry out other services in line with CBN regulations. The difference between the commercial banks and the PSBs is that the PSBs are not allowed to grant loans. Because of their nationwide spread, telecommunication services companies provide veritable opportunities for extending financial services to the largely unbaked rural populations (housewives, farmers, petty traders, etc.)  in the different parts of the country, who have over the years been financially excluded. This PSB also introduces the company into a different avenue source leveraging their huge customer base.

With the launch of the PSB by Globacom, the four biggest telecommunications companies in Nigeria have all diversified their services along the line of fintech services. While MTN owns MoMo PSB, Airtel has SmartCash PSB. 9PSB, on the other hand, is the payments subsidiary of telecom firm 9Mobile. These moves towards further digitalizing the economy will help revolutionize the financial services ecosystem in the country.

The NCC Releases Draft Guidelines on Infrastructure Deployment in the Telecom Sector

As part of agenda setting for the successful rollout of the Fifth Generation (5G) network scheduled for August 2022, the Nigerian Communications Commission (NCC), has released a draft guideline on infrastructure deployment in the telecom sector. The guidelines spelt out concerns about public safety, and the safety of personnel and equipment, the responsibilities of all stakeholders including the owners, designers and fabricators of communications masts and towers; the demands of the local operating environment as well as the need to achieve substantial conformity with applicable international best practices.

In the guidelines are the types and constituents of tower structures and a comprehensive data on wind speeds in Nigeria, to be referenced by engineers in the design of masts and towers. There are also the technical and general requirements for network design and planning, and the connection of all buildings within a new development with public networks, with a customer demand forecast of not less than 10 years. Other areas covered in the guideline are the requirements for reserve capacity, to allow for the construction of sufficient duct capacity for current and the future service. The guideline maintains that the siting of masts and towers shall be in line with the provisions of the NCC Act and guided by provisions of the collocation and infrastructure sharing guidelines of the Commission. It added that all masts and towers sited in cities shall conform to the guidelines and standards of the Commission concerning all matters on radio frequency. 

The guidelines are aimed at ensuring environmental safety and sound engineering practices, and therefore must be strictly adhered to by communications services providers/operators, designers, fabricators, and installers of communications towers, and other operators in the sector.

MTN and Huawei Install 100 5G Sites in Nigeria

Meanwhile, ahead of the commercial rollout of the 5G network in August, MTN Nigeria in partnership with Huawei Nigeria Technologies Company Ltd Technologies Company Ltd. has installed more than 100 5G mobile technology cell sites in the country. This is to enable them rollout service in at least one state in each geo-political zone: South-West, South-South, South-East, North-Central (including FCT), North-West and North-East zones within two years of the award of the country’s two 100MHz spectrum licences in the 3.5GHz spectrum band for 5G auctioned by the Nigerian Communications Commission (NCC) in December 2021 and which licenses were issued in March this year after payment by the winners.

Beyond that, the NCC mandates that “Service roll out in each state would mean a minimum of 5 sites in a state. The installation of more than 100 5G mobile technology cell sites in the country means that MTN has met the minimum standard set by the NCC of at least 30 sites in the country or 5 sites in each of the states chosen in each of the region. If successfully rolled out this month, Nigeria will become the third in Africa after South Africa and Kenya and the first in West Africa to launch the 5G network. Both the MTN Nigeria and Mafab Communications Limited are expected to commence the rollout of their 5G networks from 24 August in line with the terms and conditions of the concessions.

The number of mobile and internet data subscriptions in Nigeria have continued to be on the rise despite the ban on several subscribers who failed to link their Subscriber Identification Module (SIM) cards with the National Identification Number (NIN) within the given period. As of June 2022, a total of 206,081,720 active telephony subscribers were recorded. This is 1,867,073 or about 1 per cent higher than 204,214,647 recorded in the month of May 2022, and 18,806,173 or about 10 percent higher than 187,275,547 recorded in the same month in 2021 (Fig. 1). This figure is also higher than the previous subscriptions in the current year.

The distribution of subscription shows that MTN dominated the telephony services by about 38 percent, followed by Airtel and Globacom which had about 28 and 27 percent respectively. The list subscribed network is 9Mobile which recorded about 6 percent (See Fig. 2). This increase in subscription which remained the trajectory since the year also surpassed their previous months subscription.

In the internet data subscription, about 42 percent of data was subscribed by MTN users, followed by Airtel which received about 28 percent of the total subscription and by Gobacom with about 27 percent. 9Mobile received only about 4 percent of total data subscription in the month of June 2022 (Fig. 3).

In the month under review, the mobile network operators have also continued to witness the transfer of services by subscribers from one network service provider to another. A total of 2,601 lines were ported into the four network service providers by subscribers, while 2,942 were transferred out of their original networks. MTN received the highest number of the mobile lines, 1,770 or about 68 percent of the incoming line. Airtel and 9Mobile received about 14 and 13 percent respectively while Globacom about 6 percent only. On the hand, out of 2,942 number ported out of their original networks, MTN lost only 237 numbers. This is about 1,533 numbers less than the numbers than ported into its network. This is sharp contrast with 9Mobile which lost 1,661 numbers compared to only 324 lines it received. In other words, 9Mobile has a deficit of 1,337 lines in the month of June. Both Globacom and Airtel also suffered deficits in the number of telecommunications lines in the month under review (See Fig.4).

What is MTN doing that 9Mobile is not doing? Why can Globacom not overtake MTN? Why is Airtel lagging behind MTN and Globacom? Precise will provide answers to these questions.

Plans are underway to regulate Twitter, Facebook, WhatsApp, Instagram, Google, TikTok, and other social media platforms in the country. This is conveyed in the draft guideline recently released by the National Information Technology Development Agency (NITDA) which contains new directives and conditions for social media platforms operating in Nigeria. The essence of this guideline according to NITDA, is to curb online abuse, including disinformation and misinformation, as well as protect the fundamental human rights of Nigerians and non-Nigerians living in the country. Part of the guideline states that these social media platforms shall “not deploy or modify their Platform in any way that will undermine or interfere with the application and/or enforcement of the law.”

Amidst other contents, the draft code of practices provides that interactive computer service platforms/internet intermediaries shall;

• Register with the country’s Corporate Affairs Commission (CAC).
• Appoint a designated country representative to interface with Nigerian authorities.
• Abide by all regulatory demands after establishing a legal presence.
• Comply with all applicable tax obligations on its operations under Nigerian law.
• Provide a comprehensive compliance mechanism to avoid publication of prohibited content[s] and unethical behavior on their platform.
• Provide information to authorities on harmful accounts, suspected botnets, troll groups, and other coordinated disinformation networks and delete any information that violates Nigerian law within an agreed time. Such information demand from a platform or an intermediary must be specific and accompanied with a valid court order.
• Take down all unlawful or harmful content within 24hrs of demand.
• Exercise due diligence to ensure that no harmful content is uploaded on their site.
• Provide a channel for lodging complaints and each complaint should be with a unique tracking number and how such complaint has been resolved with sufficient information.
• Provide clear terms of service in simple language that can be understood and how it’s services can be accessed and used.
• File annual compliance report on the activities of the platform for the year; number of users (active and non-active); complaints received (how many have been resolved and how many are pending; contents taken down, etc.
• Preserve information on contents taken down and number of users that are no longer registered with the platform for some time.
• Large platforms must be registered in Nigeria and have a physical office and a liaison officer.
• Must invest in creating awareness on misinformation and disinformation and how credible contents can be verified.
• Must abide by Nigerian laws and not deploy or modify their Platform in any way that will undermine or interfere with the application and/or enforcement of the law.

According to NITDA, the draft code of practice was developed through the collaboration of the different stakeholders in the communication industry, including the Nigerian Communications Commission (NCC) and National Broadcasting Commission (NBC), with inputs from Interactive Computer Service Platforms such as Twitter, Facebook, WhatsApp, Instagram, Google, and TikTok, among others. Already, the proposed draft code of practice has been criticized by many, different stakeholders see it as a ploy to regulate social media and other online platforms through the backdoor by circumventing the legislative process. They are urging the government to backtrack on the plan or face the consequences.

There have been several attempts by the Federal Government to regulate social media and other online platforms in Nigeria since the inception of this administration in 2015. Towards the end of 2015, the then Deputy Senate Leader, Senator Bala Na’Allah sponsored a bill for an Act to prohibit Frivolous petitions and other matters connected therewith. This attempted legislation was meant to regulate the use of social media min Nigeria. Following public outcry over certain contentious provisions contained in it and opposition mounted by civil society organisations and other stakeholders, the Senate withdrew the controversial bill.

In 2018, the Senator Mohammed Sani Musa, representing Niger East Senatorial District, sponsored another bill for protection from Internet falsehoods and manipulation. The bill proposed for the regulation, control and conduct, the use of the Internet and various social platforms in the transmission of information in Nigeria. The bill was quashed in 2020 because of groundswell opposition mounted by various stakeholders including civil society organisations.

Similarly, on the 5^th of June 2021, the government of Nigeria banned twitter, a micro-blogging platform in Nigeria, following the deletion of tweets made by President Muhammed Buhari from its platform, on the heels of his treat which warned the Igbos of the southeastern people of Nigeria, of a potential repeat of the 1967 Biafran Civil War due to the ongoing insurgency in the region. The ban which was condemned by different groups, organisations and individuals, including the Amnesty International, the British, Canadian and Swedish diplomatic missions to Nigeria, etc., was lifted on the 13^th of January 2022.

If the current plan by the government to regulate social media activities works, it means that the government has succeeded in clipping the voices of many Nigerians who use the social media to voice out their grievances against the perceived injustice in the country. This would have a negative impact on the revenue of telecoms operators because the number of people who use social media to push information even when they are not sure of the sources of such information will reduce, and this also would reduce the amount of data purchased. While it cannot be denied that there are a lot of misinformation in the social media space, the positive aspect of it should be considered. It is obvious that the social media has affected the world in many advantageous ways. it has help to checkmate the excesses of tyrannous government and has helped to expose impunities in many places. Its advantage far outweighs the negative side.

The spate of insecurity ravaging the Northern part of Nigeria has taken another toll on the telecoms sector in Nigeria. This is as Kaduna state joins Zamfara, Sokoto and Katsina states who shut down telecoms operations in some part of their states to prevent the coordination of banditry and to help the security forces crack down escalating criminal activity and, in particular, gangs who specialize in abduction and extortion.

Zamfara State, alone had 2,177,431 active voice subscribers and 1,592,746 active internet subscribers, out of a total of 192,413,613 active voice subscribers and 144,949,194 active internet subscribers in the first quarter of 2021 who have been affected by this development. With more LGAs in Katsina and Sokoto and the entire Kaduna State, the number of subscribers affected may be very high.

It was estimated that the four big telecom operators might have lost N6.3bn after two weeks of shutting down operations in Zamfara state. While the shutdown has continued in Zamfara State, Sokoto and Katsina states have also shutdown telecoms activities in some local government areas in their states. With Kaduna joining, the telecoms operators, especially the four major ones (MTN, Globacom, Airtel, 9Mobile) would be counting big revenue losses as a result of this. Even their ongoing projects would have been stalled as they business would go on in an atmosphere of insecurity.

According to Governor Aminu Tambuwal of Sokoto State, the seven governors of the North-West had all endorsed the practice of shutting down base stations to fight insecurity, an indication that more could be shut down soon. This is an indication that any dream of an imminent revenue from the affected states by the telecoms operators may be a mirage

The NCC has inaugurated an incidence response facility, called the Center for Computer Security Incident Response (NCC-CSIRT). This is to address incidences of cybercrimes, protect telecoms infrastructure and encourage increased participation in nation’s digital economy. The centre aligns with the National Cybersecurity Policy and Strategy (NCPS) published by the Office of the National Security Adviser (ONSA), which requires each sector to establish a computer incident response team that will provide requisite services to the stakeholders and players within the sector. The NCC-CSIRT is to ensure continuous improvement of processes and communication frameworks to guarantee secure and collaborative exchange of timely information while responding to cyber threats within the telecoms sector.

According to NCC, the CSIRT’s services will commence with four main thrusts, namely; monitoring, incident management, communication, and alert and warning. It has a mandate to assist the telecoms sector in the defence and response to major cyber threats and attacks targeted at the members, provide information, technical as well as policy advisories to strengthen the defensive and response capabilities to cyber threats in the sector. The Centre will liaise with other sectoral CSIRTs as well as local and international security frameworks to protect the communications sector and the general wellbeing of the Nigerian people. The centre will also provide guidance and direction for the constituents in dealing with issues relating to the security of critical infrastructure in their possession; and to periodically assess, review and collate the threat landscape, risks, and opportunities affecting the communications sector and provide advice to relevant stakeholders.

As the internet usage increase since the COVID-19 period, there has been a rise in cyber incidents and criminal activities. The CSIRT will assist the telecoms sector with the management and coordination of cyber security incidents and threats. This will help to provide proactive steps towards building trust, and safety needed for growing the digital economy

In line with the constitution which makes 18 years as the age of consent in Nigeria, the NCC is set to enforce the contract between service providers and their subscribers. One of such is to disallow a minor or a person less than 18 years from engaging in the contract of SIM acquisition which requires a person of proper legal status to undertake. In the Reviewed/Draft Registration of Telephone Subscribers Regulations, presented on Tuesday, October 6, 2021, a subscriber is a person of 18 years and above, with a proper legal status, and matured and rational enough to bear certain responsibilities, obligations and liabilities imposed by a contract.

In order not to contravene the constitution, the NCC intends to limit SIM acquisition to those of this legal status. In the Reviewed/Draft Registration of Telephone Subscribers Regulations, the NCC defines any person below the age of 18 as minor, while a “subscriber is a person from the age of 18 years who subscribes to communications services by purchasing a subscription medium or entering into a subscription contract with a licensee.” It is therefore incumbent on parents or guardian of such people to acquire SIMs in their names for their children and wards under this age. However, they must be ready to take responsibilities for any liability that might accrue thereafter from the use of such SIM card. The policy therefore puts a significant responsibility on parents and guardians to monitor the activities of their minors.

The implication of this policy is that any person below the age of 18 is disqualified from registering and owning a SIM card in any of the network companies in Nigeria. If the policy comes in place, network operators will in the short run delete and loss the subscribers who are not of this age. The ability of them to gain back these subscribers in the long run will depend on the ability of parents and guardians to have the trust that will catalyze them to register SIMs for their adolescents. Even at that, those below the age of 18 without parents, guardians or people who can place adequate trust on them will be lost completely until they reach the legal age of contract as provided by the constitution. This may result to another round of revenue loss to the telecoms companies in Nigeria.

In an attempt to rid the nation of illegal telecoms systems, the NCC has uncovered about 1300 illegal masks and towers in the nation’s capital, Abuja. According to the Federal Capital Territory (FCT) Department of Outdoor Advertisement and Signage (DOAS), 126 of these illegal towers without documentation have been demolished, while a few others who met the requirements have been regularized. However, the DOAS have also written to the NCC to decommission those that are far from meeting the regulatory standards

This finding shows that many illegal masks and towers through which a significant number of Nigerian’s currently receive mobile connectivity, exist throughout Nigeria. There are therefore many companies, unknown to law, competing with other telecom firms in Nigeria, in an era of insecurity. While the known firms in the industry may not be exonerated from this illegal installation of masks and towers, the DOAS has mapped out strategies to raise a huge amount of money from this. In order words, there is room for the regularization of these illegal masks and towers, but such would have to come through the payment of fines. These illegal operators should therefore note and prepare to pay such fines or see such illegal masks and towers demolished.

The Nigerian communications commission (NCC) has set new mobile international rate (ITR) for voice services paid by overseas telecom carriers for terminating international calls on local networks in Nigeria at $0.045. The new rate which shall take effect from January 1, 2022, is the floor price or the minimum that can be charged for ITR services. The essence of charging this new rate in the U.S. dollars is to enable Nigerian operators to receive an increasing rate in Naira terms should there be naira devaluation. The new ITR is denominated in dollars to help the local operators. Being denominated in Naira, the existing ITR had multiple negative impacts on local operators which was further exacerbated by episodes of devaluation of naira which ultimately left Nigeria from being a net receiver with respect to international minutes to a net payer.

The new ITR floor rate makes it unlawful for any local networks in Nigeria to charge below the fixed rate. Thus, no licensee shall charge and/or receive effective rate per minute below determined ITR floor rate. Therefore, all networks in Nigeria shall therefore put into consideration all payment discounts, volume discounts and any other concession so as not to go below the fixed ITR. However, operators are free to negotiate a rate above the floor and this will be entirely left to commercial negotiation between the operators and international carriers/partners.

The NCC had engaged Messrs’ Payday Advance and Support Services Limited to undertake a cost-based study of voice MTR that is most suitable for the Nigerian telecommunications industry, given the challenges faced by the local operators as a result of the denomination of ITR in Naira. Based on different parameters as well as regulatory measures such as international experience, cost model results, the state of competition in the sector and the Nigerian macro-economic environment, in addition to the information provided by the stakeholders, the NCC arrived at the present cost-based ITR of $0.045 for voice services paid by overseas telecom carriers for terminating international calls on local networks in Nigeria.

There is a new Android malware named ‘AbstractEmu’, attacking android devices, this is reported by the Nigerian Communications Commission (NCC). If the malware gains access to smartphones, it takes complete control of infected smartphones and silently modifies device settings while simultaneously taking steps to evade detection.

This AbstractEmu is distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure. So far, a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware. The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others.

The rooting malware although rare, and very dangerous. It operates by using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant itself dangerous permissions or install additional malware – steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances.

Once installed in a device, it leverages one of five exploits for older Android security flaws that would allow it to gain root permissions. It also takes over the device, installs additional malware, extracts sensitive data, and transmits to a remote attack-controlled server. It can also modify the phone settings to give app ability to reset the device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimisation; monitor notifications; capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera, and microphone.

Although the app has been removed from the Google Play Store, the other app stores are likely distributing them. Consequently, to mitigate the risks. The NCC creates a two-fold advisory include:

• Users should be wary of installing unknown or unusual apps, and look out for different behaviours as they use their phones.
• Reset your phone to factory settings when there is suspicion of unusual behaviours in your phone.

This is the second malware reported by the NCC since October. The first was Flubot.

Similarly, the NCC also alerted of an advanced persistent threat (APT), an Iranian hacking group known as Lyceum (also known as Hexane, Siamesekitten, or Spirlin) targeting telecoms, Internet Service Providers (ISPs) and Ministries of Foreign Affairs (MFA) in Africa with upgraded malware in a recent politically motivated attacks oriented in cyberespionage. The hacking group is known to be focused on infiltrating the networks of telecoms companies and ISPs. Between July and October, 2021, Lyceum was implicated in attacks against ISPs and telecoms organisations in Israel, Morocco, Tunisia, and Saudi Arabia. Lyceum has been linked to campaigns that hit Middle Eastern oil and gas companies in the past. The APT is also responsible for a campaign against an unnamed African government's Ministry of Foreign Affairs. The group appears to have expanded its focus to the technology sector.

There are various ways through which the lyceum group could attack its target. Lyceum's initial onslaught vectors include credential stuffing and brute-force attacks. Once a victim’s system is compromised, the attackers conduct surveillance on specific targets. Lyceum will attempt to deploy two different kinds of malware: Shark and Milan (known together as James). Both malwares are backdoors. Shark, a 32-bit executable written in C# and .NET, generates a configuration file for domain name system (DNS) tunneling or Hypertext Transfer Protocol (HTTP) C2 communications. Milan is a 32-bit Remote Access Trojan (RAT) that retrieves data. These two malwares are able to communicate with the group’s command-and-control (C2) servers. The APT maintains a C2 server network that connects to the group's backdoors, consisting of over 20 domains, including six that were previously not associated with the threat actors.

The malwares usually target individual accounts at companies of interest, once these accounts are breached, they are used as a springboard to launch spear-phishing attacks against high-profile executives in an organization. The suggests that not only do these attackers seek out data on subscribers and connected third-party companies, but once compromised, threat actors or their sponsors can also use these industries to surveil individuals of interest.

There are however ways to guard against this kind of threats. The NCC therefore re-echo ngCERT reports that multiple layers of security in addition to constant network monitoring is required by telecom companies and ISPs alike to stave off potential attacks.

Specifically, telecom consumers and the general public are advised to:

• Ensure the consistent use of firewalls (software, hardware and cloud firewalls).
• Enable a Web Application Firewall to help detect and prevent attacks coming from web applications by inspecting HTTP traffic.
• Install Up-to-date antivirus programmes to help detect and prevent a wide range of malware, trojans, and viruses, which APT hackers will use to exploit your system.
• Implement the use of Intrusion Prevention Systems that monitors your network.
• Create a secure sandboxing environment that allows you to open and run untrusted programs or codes without risking harm to your operating system.
• Ensure the use of virtual private network (VPN) to prevent an easy opportunity for APT hackers to gain initial access to your company’s network.
• Enable spam and malware protection for your email applications, and educate your employees on how to identify potentially malicious emails.