Africa’s largest domestic card scheme, Verve, is strengthening its payment security after securing memberships of two major global payment security bodies. The move comes at a critical moment as threats to Nigeria’s digital financial infrastructure continue to rise.
The announcement, made by parent company Interswitch Group, positions Verve at the table where global payment security standards are actively debated and written. For a card scheme that crossed the 100 million issuance milestone just five months ago, the timing of this security push is anything but coincidental.
Verve’s ambitions around infrastructure and security were already signalled in December 2025. When the scheme hit 100 million cards issued, it announced plans to invest further in security, including chip-and-PIN technology and advanced fraud-prevention systems, alongside a push into contactless payments and tokenisation. The PCI and NEXGO memberships are, therefore, not a reactive measure. They represent the next visible step in a deliberate security roadmap.
The PCI Security Standards Council is the global authority that defines the Payment Card Industry Data Security Standard, the baseline compliance framework that every serious card scheme must demonstrate. NEXGO, meanwhile, is a terminal and payments technology community focused on secure hardware and standards alignment. Together, membership of both signals that Verve is building the institutional credibility to operate and be trusted beyond Nigerian shores.
This announcement arrives against a deeply unsettling backdrop. Over the past several weeks, a single threat actor operating under the name ByteToBreach has carried out a series of attacks targeting some of Nigeria’s most sensitive digital institutions.
The Nigeria Data Protection Commission launched an investigation into alleged breaches at Remita Payment Services and Sterling Bank, following claims that sensitive customer data, including BVNs, KYC documents and transaction records, had been compromised. Meanwhile, the same actor subsequently breached the Corporate Affairs Commission’s online database.
The mechanics of these breaches are damning. The Remita breach happened because of a simple mistake: a misconfigured Amazon cloud storage bucket that left three terabytes of data open. No sophisticated hacking was needed. It was a basic human error in how data was stored and protected. Production credentials, meanwhile, were reportedly stored in plaintext inside a code repository.
Security researchers pointed to archaic software and the habit of giving tech jobs to political connections instead of skilled professionals as root causes. Nigeria’s digital systems are expanding rapidly, but the security culture, staffing and institutional discipline are not keeping pace.
In that context, Verve’s move stands apart. It is proactive, standards-led, and it is externally verifiable.
For cardholders, the most immediate implication is accountability. PCI compliance is not a badge of honour; it is a technical and operational obligation. Member organisations submit to audits, implement defined security controls and bear consequences for lapses. Joining the PCI Security Standards Council also gives Verve a seat in the room where future standards are shaped, rather than simply inheriting rules written elsewhere.
For merchants and financial institutions that accept or issue Verve cards, the memberships provide a stronger basis for confidence. Interoperability and trust, especially as Verve pushes deeper into contactless and tokenised transactions, depend heavily on whether the infrastructure beneath the card is credible to international partners.
For the broader Nigerian fintech ecosystem, the signal is equally important. A domestic card scheme achieving this level of global standards alignment raises the bar for what is acceptable. It also makes a quiet argument that African-built financial infrastructure can meet global security expectations, not approximate them.
At a moment when Nigerian institutions are being publicly shamed for security failures rooted in carelessness, Verve is quietly doing the opposite, building the structural accountability that digital finance at scale demands.