Security Policy

1. Our Security Measures

Magajin-Gari MFB employs the following security controls across all our systems:

• End-to-end encryption of all data transmitted between your phone and our servers
• AES-256 encryption for all stored personal and financial data
• Secure, tokenised payment processing for all transactions
• Regular penetration testing and third-party security audits
• 24/7 transaction monitoring with automated fraud detection
• Segregation of customer funds from operational accounts
• Role-based access controls restricting staff access to customer data on a need-to-know basis
• Disaster recovery and business continuity systems with regular tested backups

2. USSD Security

Our USSD platform (*367*626#) is secured through:

• PIN-based authentication — your PIN is never stored in plain text
• Session timeouts after periods of inactivity
• Transaction limits that you can set to match your needs
• Real-time SMS alerts for every transaction on your account

3. App Security

The Magajin-Gari mobile app includes the following security features:

• Biometric authentication (fingerprint and face ID where supported)
• Automatic session lock after inactivity
• Certificate pinning to prevent man-in-the-middle attacks
• Remote account lock via the app if your phone is lost or stolen
• Device binding — your account can only be accessed from registered devices

4. Fraud Prevention

We operate automated fraud detection systems that monitor all transactions in real time. Suspicious activity triggers:

• Immediate transaction blocking pending your verification
• SMS and push notification alerts to your registered number
• Temporary account freeze if multiple failed PIN attempts are detected
• Manual review by our fraud team for flagged transactions

5. Your Responsibilities

You play a critical role in keeping your account secure. Please:

• Never share your USSD PIN or app password with anyone, including family members
• Use a unique, hard-to-guess PIN — avoid using birthdates, phone numbers or repeated digits
• Change your PIN immediately if you suspect it has been compromised
• Keep your registered phone number active so you receive transaction alerts
• Log out of the app when you are done with your session
• Keep your phone secure with a screen lock and report loss or theft to us immediately
• Verify agent identity before transacting at any agency banking location

6. Phishing and Scam Awareness

Common scams to watch out for:

• Fake loan offers — we do not charge upfront fees for loan processing
• Account verification calls — we will never call you to ask for your PIN or OTP
• Fake agent locations — only transact at verified agent hubs listed on our website
• Phishing SMS — do not click links in SMS messages claiming to be from us unless you initiated the request
• SIM swap fraud — report immediately if your SIM stops working unexpectedly

7. Reporting a Security Incident

If you believe your account has been compromised or you have experienced fraud, take the following steps immediately:

1. Dial *367*626# and select the account freeze option
2. Call our emergency security line: +234 801 234 5678
3. Email security@magajingari.com with details of the incident
4. Visit any of our agent locations for in-person assistance

The faster you report, the better our ability to recover lost funds and prevent further unauthorised access.

8. Data Breach Response

In the unlikely event of a data breach affecting your personal information, we will:

• Notify you within 72 hours of becoming aware of the breach
• Report the incident to the Nigeria Data Protection Commission (NDPC) as required by the NDPA 2023
• Take immediate steps to contain the breach and prevent further exposure
• Provide guidance on steps you should take to protect yourself