NCBA Becomes Kenya’s First Bank To Attain PCI DSS Certification

NCBA has announced the successful completion of its Payment Card Industry Data Security Standard (PCI DSS) certification, reinforcing its position as a leader in secure banking in Kenya and the region.

NCBA is currently the first financial institution in Kenya to have secured PCI DSS Version 4.0.1 on both NCBA Bank and Loop Cards, based on VISA’s registry. This comes at a pivotal time as the Central Bank of Kenya (CBK) plans to introduce e-money and digital wallet compensation guidelines to better protect consumers against fraud.

The Communications Authority of Kenya reports that the nation witnessed a record 400 million attempted cyber-attacks in the last year alone, targeting the financial services sector. Cybercrime is estimated to cost the world USD 10.5 trillion by the year 2025, worldwide.

Against this backdrop, NCBA’s certification reinforces its leadership in securing transactions and strengthening trust in the digital economy.

“Banking is a business of trust, and we acknowledge and are aware that risk is continuously increasing. This certification strengthens our security framework, ensuring NCBA remains compliant with global standards and proactive in defending against threats,” said Mr. Isaac Owilla, NCBA Group Director, Technology and Operations. “Achieving PCI DSS certification affirms that our digital-first platform can scale securely, supporting the growth of digital payments and lifestyle services without compromising on safety.”

The certification, awarded after a rigorous assessment of NCBA’s systems, policies, and processes, is a guarantee that NCBA is compliant with international standards for protecting cardholder data. It also puts NCBA in a premier league of financial institutions within the region to achieve this milestone.

“Afenoid Enterprise Limited is proud to celebrate this remarkable achievement with NCBA. This is a step towards process improvements and protecting customer trust. We walked this journey with NCBA from a point of guidance assessment support in this journey of strengthening the payment security environment. NCBA has demonstrated leadership in putting trust and security of its customers first through protecting their data. NCBA has shown that security is not an afterthought but part of the culture. As Afenoid, we are proud to be NCBA’s Qualified Assessor Company and be part of its success story,” said Preston Odera, Afenoid’s Country Representative.

Through certification, NCBA has enhanced its ability to support the growing digital economy while giving customers, regulators, and business partners confidence in the Bank’s systems.

Basil Kithinji, Visa Director Risk East Africa, said, “Visa East Africa is proud to partner with NCBA over the years, providing customer-centric solutions. Together, we have built a shared vision of trust to deliver every customer transaction seamlessly.  This is a significant milestone that demonstrates the unwavering commitment to security and trust in this ever-evolving world. It is important to ensure we embed security in our operations, systems, and culture. NCBA has managed to achieve the most stringent certification against cyber threats. This demonstrates what is made possible when you put like-minded partners together. Security is not a destination; it is a journey. Achieving PCI DSS is a great achievement, which not only meets global standards but also sets them.

Read Also: NCBA Insurance Leads Cyber Resilience Drive with Kenya’s First Embedded Cyber Insurance Offering