GhIPSS to Intensify Cybersecurity Compliance and Monitoring Across Payment Ecosystem, Says CEO Clara Arthur
Chief Executive Officer of the Ghana Interbank Payment and Settlement System (GhIPSS), Clara Arthur, says the institution is set to significantly tighten cybersecurity standards and monitoring across Ghana’s payments ecosystem as the number of participants on its network continues to expand.
Speaking during a panel discussion on “Strengthening Cybersecurity in Payments: Governance, Training, and Strategic Approaches” at the 2025 Payments Industry Cybersecurity Summit organised by the Bank of Ghana and Visa, Ms. Arthur disclosed that GhIPSS currently has close to 100 participants — including banks and mobile service providers — all of whom must strictly comply with multiple regulatory cybersecurity directives before being allowed to connect to the national payments infrastructure.
“We currently have close to 100 participants on our network… before you connect to us, I’m sure every participant here is aware of the various things you need to comply with, and we guide you religiously,” she noted, adding that the strict compliance regime has become necessary given the growing risks associated with payment systems.
Ms. Arthur emphasised that adherence to the Bank of Ghana’s Cybersecurity Information Directive, the Cyber Security Authority’s Critical Information Infrastructure Directive, and PCI-DSS/OCAP-related standards remains compulsory for all participants, including banks and fintechs.
New Classification Framework for Participants
As part of GhIPSS’s new cybersecurity strategy, institutions will soon be classified based on their level of compliance and security posture. The CEO disclosed that the classification model — highlighted during one of the summit presentations — will provide a clear view of institutions that are fully secure (“green”) and those requiring improvement (“red”).
“We are going to conduct those classifications… and I think it encourages others to invest and ensure they can move into the green zone as well,” she said.
Stronger Enforcement and Follow-Up on Remediation
Ms. Arthur also admitted that while institutions often present remediation plans after assessments, follow-up on implementation has not always been effective. GhIPSS, she noted, will now aggressively enforce remediation timelines to close vulnerabilities more efficiently.
“One of the things we’re going to do is enforce remediation… someone gives a plan, but there’s not always follow-up. That is going to change,” she stressed.
Continuous Monitoring to Guard Against Cyber Risks
She stated that continuous monitoring will remain a central pillar of GhIPSS’s approach, describing cyber vigilance as an area where “there’s never anything like over-monitoring.”
Although GhIPSS itself undergoes cybersecurity checks from the Bank of Ghana as an operator, Ms. Arthur said the organisation will extend the same level of scrutiny to all participating banks and payment service providers.
Partnerships with Regulators, Fintechs and Global Firms
GhIPSS intends to deepen engagements with the Bank of Ghana, industry participants, and global partners like Visa on training, capacity building and deployment of advanced tools.
She highlighted interest in Visa’s cybersecurity education framework, which offers beginner, intermediate and advanced levels, indicating that GhIPSS plans to explore collaboration to strengthen technical skills within the ecosystem.
Securing Instant Payments with Instant Cyber Responses
Drawing an analogy with aviation risks and safety, Ms. Arthur underscored the need for “instant cybersecurity solutions and reinforcement mechanisms” to match the rise of real-time digital payments.
“If we have real-time or instant payments, we have to ensure that in terms of cybersecurity, we’ve got instant solutions as well,” she said.
Ms. Arthur reiterated GhIPSS’s commitment to working collaboratively with regulators, service providers and global technology partners to fortify Ghana’s payment systems against evolving cyber threats.
