Wednesday, December 31, 2008

Thoughts on Mobile Banking business cases

I was close to some of the early projects that launched the first Internet banking services in South Africa during the middle of the nineties. None of them had any business cases. Banks deployed these services because it was unthinkable to have a bank without allowing clients to access their bank accounts via the Internet. Today all Internet banking divisions have solid revenue targets and (in most cases) good ROI business cases.

However, things have changed. It is now impossible to deploy products without a solid business case and strategic motivation of why it must be done. Mobile banking initiatives are often subjected to such requirements and this frequently delay decisions, but seldom stop them. It is thus important to think about the business cases for mobile banking. While each initiative differs in terms of investment, potential penetration and impact on financial metrics, it is possible to categorise the business benefits in three categories:

  • Direct revenue benefits exist and is usually one or a combination of the following (transaction fees, monthly subscription fees, commission on goods sold, differential on interest and others - like interchange fees). It is my experience that these should generate revenue of at least $1 per month in order to build a revenue-based business model.
  • Cost savings should also be considered. The different benefits that can be achieved by the deployment of mobile banking are savings on less complex business processes, cutting banking staff out of the process and savings on capital expenses.
  • Many indirect benefits exist. Some can be quantified, while it is difficult to do it with others. I have seen some of the following actually happen during mobile banking deployments and I believe it is important to include them in business cases too.Mobile banking increase stickiness, brand loyalty and impulse buying without a doubt. Enough measurements exist to back this up. I have seen large increases in voice ARPU for instance if mobile banking is depl0yed by mobile operators. One should also not ignore defensive imperatives in markets where other players have launched mobile banking.

Sources of Remittances

When thinking about about money remittance solutions, it is important to consider the different sources of remittances money. The mechanism utilised by the payer to trigger the transaction could have major implications on a number of factors of a remittance transaction. Some of the implications can be:
  • The degree of conformance to banking regulation
  • The involvement of third parties and their role
  • Risk and fraud considerations
  • The liability profile of the operator and/or the payer
  • And of course as always the cost associated with performing the transactions
The different mechanisms that can be employed in triggering a remittance payment are the following:
  • Cash (typically via an Agent)
  • Bank account (usually via the Internet)
  • Credit card (or other cards) (via the Internet)
  • A mobile wallet via a mobile phone
One should consider the registration process, the confirmation, the dispute mechanisms and reversals or refunds for each of these different mechanisms when designing money remittance solutions.

Money remittance and mobile payments meet

I stumbled on a very interesting website from a money remittance perspective. Mondato (Read more here). The company provides a mechanism to compare money remittance options from one country to another. As is stated on their website, "We offer a consumer search function to enable people to find options for money transfer...". No doubt, the intention is to provide services in the money remittance space.

Now click on the newsletters in the bottom left hand corner. The company provides a regular newsletter with well researched information. Some of the topics:
  • Android and Mobile Value Transfer
  • Hey, that phone owes me $50
  • Opportunity assessment: Mobile financial services market
  • Obopay and the evolution of global, mobile money
It seems that people that provide information to assist workers to find cheaper mechanisms to remit money are extremely interested in mobile payments...

Sunday, December 14, 2008

Implications of HUB deployments

With so much talk about the deployment of mobile remittance hubs (Read here, here and here), I think it is important to consider some of the implications of establishing these "hubs". The migration from a one-to-one then many-to-one and ultimately many-to-many creates a lot of additional complexities previously not visible. Deploying one-to-one mobile remittance solutions are difficult enough, yet I have seen many solution providers already talking about their many-to-many remittance solutions.

Some of the difficulties that must be considered (and solved) in this regard are:

  • Financial risk because of non-availability of funds, also because exposures may not be as visible or tools to take action if the system is exposed may not exist.
  • Lost transactions and thus the need for reconciliation, with all the added complexities when dealing with many nodes.
  • The challenges associated with the routing of clearing transactions between different systems (that work in different ways) and the need for different message-protocols or convergence.
  • The contractual and commercial complexities in working with different parties with different needs and expectations.
  • The implications of failed or disputed transactions (both in terms of business process and customer support)

I am sure all of these (and others that I can't think of right now) will be solved, but it will take baby steps first and dedication and hard work.


Fake Credit Card Factory

Mobile banking and payments, in some ways, are about changing a physical world of payment instruments into a virtual world. The need to issue physical payment instruments (like credit cards) will ultimately be replaced by digital tokens stored on a device carried by individuals. The mobile phone is this device for now.

A virtual, digital token, held by a subscriber and secured by a private key is of course much more secure than a physical token. It is much more difficult to copy and to re-produce, while it is (at the same time) much more easy to cancel and to re-issue.

It is within this frame of mind that I find articles about the manufacturing of fraudulent card of interest. One such case was recently uncovered in South Africa (Read more here.) According to this article, the sophistication of the fake credit card factory was quite high. How many fake credit cards are in circulation in the physical world? And, will banks tell us, knowing that it could lead to a major breakdown in trust?

Cross border payments

With more and more cross border payment mechanisms being deployed, most of these electronic solutions, one should be aware of the implications. Mobile payments are being touted as the catalyst to ensure that more people can participate in electronic transfers in multiple currencies. A more efficient and less expensive mechanism will definitely lead to bigger volumes in both transactions and value. Cash based (and illegal transactions) should reduce as subscribers start to experience the benefits of electronic transactions.

This would lead to an increase in monitory flows across borders.

What I have found interesting in thinking about this future, is the secondary impact that this will have on the macro-economy. I am not an expert in economics, but I feel it would be interesting (and prudent) to build some economic models to look at the following impacts of an increase in exchange rate based transactions:

  • The impact on exchange rate movements and market dynamics that can influence these indexes. I am sure that a more competitive and transparent market would look to different behaviour in terms of how exchange rates behave.
  • I am also sure that higher volumes of remittances and transactions that can respond to changes much faster, will have a marked impact on local economies. On the one hand this could potentially stimulate individual economies, but I am sure, will also react to instability and political shenanigans much more quickly.
  • The impact on and the effect that this much more dynamic financial world would have on regulatory dispensations would be interesting. One thing is for sure, it would become much more difficult to control financial behavior by means of direct interventions.

Mobile banking and Remittances

Since the time that the GSMA announce their MMT (Mobile Money Transfer) program and Western Union established their mobile remittance division (able steered by Matt), many mobile-based remittance projects were launched. Some were more successful than others, yet the majority have not yet been deployed. Some of these projects are faced with very complex problems and challenges to make it work.

In order to stay focussed, it may be of interest to look at the primary reason for Mobile-based remittances - define the objectves (without limiting ongoing innovation). I am of the opinion that mobile-phone based money remittances intend meeting the following objectives:
  • To eliminate (or at a minimum reduce) cash as this is the most costly element in the remittance ecosystem. Mobile remittance systems should always keep this in mind. While understanding the cultural, practical and social implications, the aim should always be to have as little as possible cash in the system.
  • To increase the speed of fulfilling a remittance transaction (to clear it immediately). This objective can be achieved by making use of the phone as a tetrminating device.
  • To increase the auditability and legality of money remittance systems
  • To empower poor subscribers to become more financially inclusive. The objective is to ensure that money received via this system is put to good use. It would be great if these systems could assist poor people to budget better and to be able to have more direct control over their finsncisl ditution.

Monday, November 24, 2008

My new Touch Screen Phone

I recently started using a new touch screen phone, the Samsung i900 Omnia. I told myself that this is an experiment of how new phones will work, and seeing that I am in the phone application business, had to get one to use myself. (I am not an Apple-person, so the iPhone would not have done it for me).

As with all modern phones the Omnia comes with everything: GPS, FM radio, MP3 player, 5Mpixel camera, Card recognition, support for PowerPoint, Excel and Word... you name it. Ordinary e-mail or Push e-mail either delivered via WiFi or full HSDPA 3G, all of this packed into a phone smaller than my previous Sony Ericsson. And it can do Mobile banking too. The existing Fundamo application for Mobile Money runs seamlessly - even better than on the older phones.

One thing is clear. Consumers will be confronted by so many features and functions on modern phones that mobile banking/payments will definitely be lost in all the noise. Unless mobile banking is used frequently, the average consumer would not know where to find the functionality. As developers of mobile banking applications, we will have to think carefully how we make mobile banking part of the modern cellphone users life. I believe that this is only possible if we use more "push" functionality and integrate mobile payments with more and more of the applications.

Tuesday, November 18, 2008

Counter-Terrorism targets cellphone banking






I have noticed that Cellphone banking is being targeted again as a mechanism to fund terrirism activities (Read here). In a way I have an appreciation for these type of posts. The fear of a payment instrument that is real-time, easy to access and largely anonymous is of course scary. Such a payment eco-system can easily be utilised to fund harmful activities without being able to track the perpetrators.

The reality of mobile banking is that it has not (and will most probably not) create such an eco-system. As a matter of fact, mobile banking would enable much more control, transparency and auditability for international transactions than what is currently possible. As such, it is my believe that counter-terrorism bodies should applaud cellphone banking initiatives.

Internet-based payment systems are much more prone to harmful eco-systems. The difficulty in auditability, authorisation and identification of participants in the payment system makes it much more likely to be miss-used. In the light of this, I find it quite amusing that one can contribute towards funding the Counterterrorism blog using Paypal.

Tuesday, November 11, 2008

Mobile Money Academy

One of the biggest challenges of this fledgling industry is a lack of skills. The deployment and operations of Mobile Money solutions requires a diverse set of skills almost never present in one individual nor in one company. Diverse knowledge and experience is needed covering the following areas of specialisation in order to successfully deploy mobile financial services:
  • High volume and secure transactional systems
  • Marketing and distribution skills
  • Regulatory expertise
  • Skills related to fraud management
  • Operational expertise of a new generation of banking systems
  • Management of banking functionality (reporting, treasury functions etc.)
In order to grow the industry, it is critical that we should produce more and more skilled professionals that can build companies and run operations. One idea that was born in Dubai and that I think is essential to ensure a vibrant industry is to establish an Academy for Mobile Money. Hopefully someone will see this gap and start working at filling it.

The Future of Mobile Banking

It has been some time since the first mobile payment solution was prototyped during the late 1990's. It would be correct to say that next year mobile payments and banking have been around for a decade. Many challenges were overcome and many deployments made. During the past ten years many mistakes were made and a lot of money has been invested (and lost!) to develop the industry to the current stage.

Mobile banking has come of age. The little baby is without doubt a teenager today and many banks and mobile operators have made serious commitments to making mobile banking real. Mobile banking moved from the maverick fringe to maintstream relevance with many success stories and case studies. The question is, what can we expect in the future... next year and (if it is possible to look that far in the future), the next ten years? This is some of the things that I believe will materialise:

In the short term, it is my expectation that the following would happen
  • I expect that we will see a massive increase in the number of subscribers to mobile banking functionality. The penetration of subscribers are already quite impressive, especially in countries like Kenya and South Africa, but this performance will be replicated in other countries as operators and banks get better at the products and increase investments in marketing and services.
  • As the numbers increase towards the end of the year, we ill see an exponential increase in transaction volumes, particularly phone to phone payments. The most important catalyst for this will be the cash-in and cash-out facilities created. With an increase in subscribers, increased value of cash held in values, transactions will follow.
  • I do not expect any mainstream standards emerging as different suppliers offer different solutions, but I expect an increase in the ability to inter-connect different solutions with one another. Even today it is possible to send money from a Western Union system to a GCash system. I expect more of these inter-connections to be built.
  • Most mainstream (relevant) banks would participate in mobile banking. At a stage not to far in the future all banks will realise that they will have to invest in this technology in order to stay relevant and they will.
In the longer term, I expect some of the following to occur
  • Because mobile banking holds the promise of extremely secure authentication (actual implementation of digital signatures), I expect the emergence of dedicated identification devices. These devices will hold your identity in digital format. Any transaction will be unlocked by this device in conjunction with your own private key or even possibly biometrics. This device will become the most important thing that you will have with you all the time. (Some people may even be happy for the device to be implanted in them).
  • With an exponential increase in the number of people with access to bank accounts, more people will be able to receive money, have access to funding and this will lead to a massive increased economic empowerment. This will directly lead to a better life for more.
  • Ultimately, I expect cash to totally disappear as people start recognising the problems associated with cash.

MMT08 Feedback

I was quite critical of the planned MMT08 conference planned for Dubai during Novemebre (Read here). In the end I did attend the conference and must congratulate the organisers. Clarion did a great job of ensuring that many of the key players in the industry got together in Dubai. I specifically enjoyed the networking opportunities - meeting many of my old friends again, but also getting the opportunity to meet key players that I have never had the chance to meet. We need good conference organisers to push the industry forward. If the guys from Clarion can keep it up, they will serve the industry well.

Friday, October 31, 2008

Collaboration between Banks and Mobile Operators

Call me a skeptic, but I have seen it too many times in the mobile banking industry to not believe it this time. The latest attempt at collaboration between banks and mobile operators was announced in France recently (see here and here). While it is a logical way to go for the industry to really get traction, history is cluttered with many failures for banks and mobile operators working together in a formal way. At the risk of being contradicted, I will not list the many attempts here, but readers are welcome to search the web for examples.

I believe that the differences between these types of organisations are so fundamental that it is not possible for them to collaborate formally. Of course, it is important that they work together, but the most effective is by working through defined interfaces that exist already. (for instance clearing and settlement interfaces already exist in banking, standard API's to connect to network services already exist). By establishing organisations to formally collaborate nobody will benefit and a lot of time and money will be lost.

Provisioning of Handsets

The process of provisioning an electronic payment instrument is probably the most critical step and the most onerous from a fraud perspective. Provisioning is the process of connected the payment instrument with a central database so that payment instructions are routed in the correct way. This provisioning process for cards are completed prior to distributing the cards (especially chip based cards).

In all of the deployments that we have done with mobile phones the provisioning is also done prior to distribution of the SIM cards (effectively by injecting a key or keys into the SIM card). In this way the process is much more secure and controlled. The idea of provisioning a payment instrument over the air (OTA) is of course very attractive as this would enable clients to sign up for a mobile payment service with very light authentication. This is why a lot of work is done in this space. For instance, see the following patent.

Mastercard recently announced specifications for OTA provisioning for a PayPass payment instrument on suitably equipped handset. The process as described on the MasterCard is sketchy and it is not clear how a number of hurdles have been overcome. (For instance initial identification of the handset, management of the application on the phone etc.), but it is a step in the right direction.

POCit

POCit is a new mobile payment service launched in South Africa recently. The service allows anyone with a credit card to send money to anyone (with a cellphone). Because of the background of the company backing the service, POCit also allows a subscriber to pay medical bills. A subscriber must download a Java application in order to get access to the service.

This is good news as it shows that the degree of activity in the industry, but is also worrying because of the proliferation of services and the lack of integration and coordination. It would be interesting how many subscribers POCit would gather in a very competitive South African market.

Increased security for Internet Banking

One of the potential advantages of mobile banking is access to the crypto keys on the SIM card. If utilised correctly (and by the way, a small number of suppliers actually have the expertise to do this), banking solutions can be delivered with the same security than EMV (chip and PIN) cards. The reason for this, is that the banking application has access to cryptographic keys available on the SIM card. Internet banking deployments do not have access to crypto keys on the subscriber PC/laptop. Internet banking can therefore (through first principles) never be as secure as mobile banking.

With the launch of laptops with SIM card slots integrated into the machine (I blogged about this previously), I thought that this would enable much more secure Internet banking solutions. This did not materialise (up to now), as the SIM card in the laptop is only being used to create connectivity access to 3G networks. Opportunity lost?

Now two products have caught my attention with the potential of significantly improving online banking. These products (both) plug into the USB slot on the PC and provides the cryptographic capabilities on the PC platform:

  • IBM recently announced the Zone Trusted Information Channel (ZTIC) (read more here). This is a hardware device with crypto security that can be utilised for online banking and that plugs into your PC's USB slot.
  • Gemalto ships a similar product called the USB Shell Token (see here). With the relationship between Fundamo and Gemalto, we are investigating ways to leverage our experience in mobile banking to increase security of online banking by making use of this hardware device.
Maybe online banking security will ultimately be improved by means of USB devices and not through the SIM card on the PC?

Wednesday, October 22, 2008

Pres Sarkozy and Phishing

I must congratulate Pres. Sarkozy. I am sure that he is not the first public figure that have been hit by an Internet scam, yet he allowed information about the event to become known. (Read here). And I think that this is a first. It is important that mere mortals should be made aware of the risks associated with Internet crime.

What can be done about this. First education (see one of my blogs on this), and mobile banking of course. (Read here). Someone should subscribe Pres. Sarkozy to a well-designed mobile banking solution.

People transact more in time of uncertainty

Ukash recently reported a major shift in people buying Ukash vouchers to shop online. (Read more here). I must congratulate my friend Mark Chirnside on this good growth. Some of our customers also told us that their money remittance business tripled during the money crunch period as exchange rates started going mad.

This made me wonder if one could not look at the world of financial transactions in the following way. The more uncertain life becomes the more people do financial transactions. (See the graph). We are living in extremely uncertain times - this is a fact. Does this mean that people will have a need to do more and more financial transactions?

Is USSD for mobile banking a cul de sac?

I was recently asked to elaborate on my statement in a previous blog that USSD is a cul-de-sac. (Read the blog here.)

At the outset, I need to emphasise that I do believe that USSD is an excellent channel to deploy mobile banking solutions. It should always be considered in designing mobile banking solutions and is best suited for deployments where the mobile operator is involved in setting up the solution, but is not prepared to allow banking applications on their SIM cards. It is also well-suited for countries where a culture of "short-code" based solutions are entrenched. I have previously blogged on some of the mis-conceptions of USSD. (See here)

My statement about a "cul-de-sac" was based on my view of where different consumer access channels will evolve to over the next few years. In other words to what extend USSD applications and architectures will be suited for new generation platforms and user-interfaces. I believe that USSD mobile banking applications will not easily evolve to benefit from improved user-interfaces that will become more entrenched in new-generation handsets/phones. I also cannot see how USSD applications can evolve to benefit from the expected advances in improved security paradigms that will more and more be based on certificate and encryption paradigms. Also, the inherent architecture of USSD applications (predominantly based on sessions and grabbing hold of an array of network resources in order to complete a transaction), will not be able to benefit from improvements in network architecture and particularly 3G designs. As data-connections reduce in cost and increase in accessibility, USSD applications will slowly get replaced by applications based on GPRS and IP-protocol.

In summary, I do not believe that USSD designs are positioning mobile banking providers well from a strategic perspective. I would urge banks and mobile operators to work with suppliers that provide USSD applications in such a way that mobile banking can evolve as new technologies become available. These new technologies (3G, new handsets, new security paradigms) are less likely to enhance investments in USSD.

Tuesday, October 21, 2008

Biometrics and mobile payments

As is common knowledge, electronic security should be based on one of the following components (preferably a combination of these):

> Something you know. (Typically passwords, PIN's etc.)
> Something you have. (Typically a chip card, your phone etc. - all of these should preferably be based on some cryptographics in order to stop the ability to copy)
> Something you are. (Typically a fingerprint, retinal scan etc.)

Better mobile banking solutions (from a security perspective) are usually based on at least the first two (E.g. your SIM card and a PIN, a key in a Java application on the phone and a password). A number of interactions with innovative companies this week made me wonder about the possibility of implementing workable biometric solutions in mobile banking applications.

The limitations, of course, are the current input capabilities available on the mobile phone today. The only options that I can see is the possibility of voice-prints built on the voice (microphone) capabilities of a mobile phone. We at Fundamo have worked on one such implementation. It proved extremely problematic to get to work - predominantly because of the digital compression on mobile networks. The other alternatives would be to utilise the camera that is built into the phone for things like retina scans or fingerprints. Would this be possible? Maybe some-one have some ideas on this.

Thursday, October 09, 2008

How $20 turned into $2000

When Johannes Maartens paid with a cheque for the maintenance on his Ford truck, he never thought that this would turn into a nightmare. The $20 cheque that he gave to the electrician that fixed the indicator on the truck turned into a $ 2000 withdrawal when the cheque was offered to his bank. It took Johannes a lot of time and effort through the courts to get the matter resolved. (Read the full article here)

I was just thinking when I read this article: Would this type of fraud been possible if he made a mobile payment (as he could have done today in South Africa). and the answer is absolutely not - because it is virtually impossible for the electrician to change the payment instruction. Episodes like this should convince people to start doing more of their transactions via their cellphones.

Wednesday, October 01, 2008

Armageddon and mobile banking

This was without doubt one of the most defining moments in the history of financial services. The bail-outs, the lack of trust and the lack of liquidity all initiated a new world where money will never be the same again. We all lived through this week of financial imploding and we all speculated on how the world would be different where most banks are nationalised.

Of course I tried to put this new world in the context of mobile banking and I came to the following conclusions:

  • Regulations will change and probably become more tough and rigorous, this is bad news for companies that had an intention to launch transformational banking on the back of mobile telephony
  • Solutions based on positive balance (rather than credit) will become more attractive. This would require on-line, always available solutions - much easier to deliver using mobile banking.
  • Consumers would require real-time banking systems that place them in control of their money. They would want more up to date information, more control over moving money and more access to information in context. It is much more easy to deliver this via mobile banking than through any other channel.
  • Banks would become more conservative, but companies on the fringe (MFI's, MNO's etc.) may see this as an opportunity to start offering alternative banking services.
The recent financial Armageddon may just lead to a far more aggressive deployment of mobile banking solutions.

The end of Bank branches?

A recent report out of New Zealand made for interesting reading. According to the local media transactions at ANZ conducted at branches have fallen 23 per cent since 2003. according to the report this is because of simpler processes, fewer forms, more use of call centres and more use of Internet banking. (Read more here). This is contrary to many papers and reports that seems to indicate the opposite (for instance here).

Question is, who is right. All these reports or ANZ's findings. My view is that most of the reports are based on US data, which is not applicable in many markets. If I just take myself and how Internet and Mobile banking changed my behaviour. I definitely visit bank branches significantly less than I used to in the past. However, I do much, much more transactions than I used to. Bank branches also started changing in what they do. In the past branches were a place where one did financial transactions (deposit money, change a cheque etc.) Nowadays they have become support centers for electronic channels. If I look at my local branch, the help and info counter personnel work much harder than the tellers.

Of course, if the measurements of ANZ were accurate this trend would surely be accelerated by the take-up of mobile banking applications, especially if these applications were well designed and clear in its objectives. Also, if this trend is truely the case, then surely mobile banking business cases can claim the savings that can be realised in closing branches. This would make mobile banking business cases a "no-brainer".




The Android of Mobile Banking

So the first Google-phone is here (Read here). It seems to be a well-made phone with many features and something that a lot of people would want to have. (at least it is made by some-one that have been making great PDA-like phones for a long time - I am sure they re-used some of their old designs.) The thing that I am the most intrigued in is the operating system: Android.

As one could expect from some-one like Google, Android is different to all operating systems that phones run on and this is what is really interesting (Read more here). Some of the characteristics of the operating system in this case have major implications for mobile banking and I would like to highlight a few.

First, let me just describe the biggest differences in Android and other existing mobile phone interfaces. I would argue that the biggest differences are the following:
  • Android is much more open than any other operating system. Developers have much more control and access to phone resources than with other operating systems. This will enable more people to write applications for the phone.
  • The operating system allows individual applications to access other applications. The interaction of applications with each other is much more powerful, allowing for the activation of one application of another and the passing of data between the two applications.
These two characteristics are good and they are bad from a mobile banking perspective:

This is great news for bona-fide developers of mobile banking applications. It is now possible to deploy much more powerful banking applications and also allowing for third party developers to release applications that can interact with banking and payment applications on the phone. As a case in point, VISA announced (Read more here) recently that they have developed and are in the process of developing a whole new host of applications for the Android.

The downside of the openness of the Android platform is of course that much more developers can now apply themselves to build applications with harmful intent. The ability to craft phising applications and other attack applications have now increased significantly. Developers of mobile banking applications will have to work twice as hard to ensure that consumers are protected.

Much more discussion is needed on this topic.



Tuesday, September 23, 2008

Indian Central Bank guidelines

While I have commented on the Indian Central Bank guidelines for mobile banking previously, it does require another look as it seems as if the bank have now confirmed these guidelines. It is not clear if the bank would move to a point where these guidelines will be enforced. If this is the intention my impression is that mobile payment is in a dire position in India as the guidelines do not serve to facilitate mobile payments, but rather to inhibit the growth of this important tool to empower so many people with financial services.

My position is based on the following points:
  • The fact that the guidelines prohibits the deployment of money remittance services by means of mobile payment. This has been one of the important drivers of mobile payments in other countries and it is not clear why the bank would limit mobile payments in India to be only for Rupee based transactions.
  • The limits on the value of transactions and daily limits imposed are so low that it would limit the deployment of services to (for instance) business users and agents. This has been the driver in many countries for the take-up of mobile payment services and it does not make sense to set these limits as this would almost close down these avenues for the growth in mobile banking.
  • The fact that all payment services must be available on all mobile networks is also strange as this would remove the incentive of mobile operators to offer mobile centric services to only their subscribers. Mobile operators were major drivers in most countries for the deployment of these services. By removing them from the equation, the RBI have effectively taken a major driver out of the eco-system.
  • The need for end-to-end (application level) encryption, basically eliminate the use of USSD, SMS and Browser-based payment solutions. It is only possible to conform to this requirement with SIM-resident applications or Java on the phone. Very few Indian solutions currently offers these options. Is it the intention of the bank that all service providers should change their channel strategy to conform to the guidelines?
  • The role of the MPFI and the requirement of them to develop the message formats for the industry is short-sighted as this has not been achieved anywhere. In countries where interoperable mobile payment schemes exist (from Austria to Zambia), these schemes developed out of economic drivers not via established industry bodies.
If the bank were to enforce the above guidelines, none of the existing deployments will conform, and mobile payment industry in India would be set back years.

Monday, September 15, 2008

Complexity of Transactional systems

I have always believed that software development is an engineering discipline. Although software cannot be touched like other engineering structures, it should nevertheless be designed, constructed and quality assured according to the same engineering disciplines that one would use for construction of anything else. This is the way that we at Fundamo approach the building of our software and this is why we are so confident about the software's ability to deal with complexity.

I was therefore intrigues when reading the results of research done by Finextra and Mysis recently (read here). According to this research based on interviews with 100 product managers and directors at banks, IT complexity is viewed as the biggest obstacle to corporate transaction banking. The survey shows that 45% of banks believe that their ability is average to worse and that they are moving more and more of the functionality on-line to solve the problem. "At the top of the list of technical problems that banks say their customers want them to solve is greater integration with corporate systems and delivery of cross-border, multi-currency cash pooling services."

Anybody that worked on transactional systems would concur with these observations. One could possibly add that it is likely that the needs (and complexity) would increase substantially as markets develop and clients see more and more of need to be on-line and to perform financial transactions in realtime. What is the key thing that banks should do? Well, lets look at the art of engineering. The more complex the structure the more time is spent in designing and testing the architecture of the design. Get the architecture wrong and the bridge will collapse, get it right and even the construction is a breeze.

Banks should think carefully (and consult with experts) to get the architecture of their transactional systems right... and this is not a trivial task.



Thursday, September 11, 2008

Pakistan Mobile Banking

Pakistan is the sixth most populous country in the world and has the second largest Muslim population in the world after Indonesia. The country is also listed among the "Next Eleven" economies. With a population of 175 million, a population growth of 2% and an average age of 21, this is a country with major economic growth potential (averaging almost 8% growth for the past five years). The country have almost a negligible Internet subscriber population (less than 200 000), yet 90 million mobile phone subscribers.

In addition to all of the above, a number of other factors make Pakistan an ideal market for the growth of mobile banking. These factors are the following:
  • A well-developed and balanced guideline to the development of branchless banking by the Pakistan Central bank exist. This guideline was published pro-actively and is state-of-the-art regulations that will support mobile banking development well.
  • A good mix of well-run local banks as well as international banks are present in Pakistan. Most banks have good management and are well funded. In an environment that is becoming more and more competitive, banks will be looking at ways to compete and develop unique selling points.
  • The five mobile operators are innovative and aggressive. All of them are backed by strong international shareholders with access to good international practices as well as resources.
  • A clear need exist with a large portion of the population dependent on international money remittances or running SMME businesses.
  • Excellent (and sometimes unique) inter-bank settlement and clearing systems with a growing ATM and POS network.
I expect that major growth will be seen in the take-up of mobile banking in this country in the next eighteen months.

Interoperability

It is unlikely that all mobile banking/payment subscribers in the world will be served by one deployment. This is not practical and will be highly unlikely (if not impossible) given the current state of success in the markets. It is just not conceivably possible that all Smartmoney subscribers in the Philippines will all be converted to MTN Mobile Money system hosted in South Africa. In all the countries where mobile money deployments are successful, many (or at least more than one) deployments can be found.

It is therefore important to consider how subscribers to different mobile payment networks would be able to make payments to subscribers on other networks. Cellphone users are accustomed to phone subscribers on other networks. It stands to reason that they would expect to be able to pay subscribers on other networks. Unfortunately this is an extremely tough problem. Anyone suggesting a "easy" solution to this interoperability problem should not be taken seriously. The problem is multi-dimensional. A workable solution will have to consider many of the following aspects: technological problems, clearing and settlement challenges, legal and regulatory, consumer protection (including mechanisms to cater for disputes, warrenties and claims). The problem is almost unsurmountable.

So what is the way forwards? For a start one will be seeing many point-to-point solutions. (Two installations allowing bi-lateral agreements between each other). It is essential that interoperability is tested and experienced in these one-on-one situations first. We at Fundamo have now deployed sufficient installations running our technology (more than thirty) that make these one-on-one interoperable situations possible. After we see success with these, expect more complex network interoperable deployments to start appearing.

Also expect the industry to start working on solutions that will drive interoperability. A recent announcement in this regard is relevant.

ATM PIN fraud and implications

The recent action of banks (Citi, Lloyds TSB, HSBC, Dubai Bank, National Bank of Abu Dhabi (NBAD) amongst others) in the AUE to contact their customers about a PIN compromise was widely reported (see here). The thing is that this is not new. It seems that the cloning of cards have turned into an epidemic (see for instance here, here, and here). It is actually relatively easy to clone a card (especially magstripe cards). One of the more common ways of doing this is by attaching a device to the cardslot on an ATM. (See the picture). It is also doubtful how diligently banks are reporting on these activities and how exposed we really are to this kind of crime (see one of my recent blogs).

The banks are responding to this threat by turning to chip based security. This is (rightly so) why a lot of effort is being placed on making all payment solutions EMV compliant. But indications exist that even these measures don't seem to be ample protection for the consumer (see here and here). I am of the strong believe that the only mechanism to defend against this kind of identity theft is to provide bank customers with a personal device that is connected all the time to the bank system with a secure chip in the device. In this way, the security is stored in a device that is carried by the customer and can only be unlocked with a private key, yet the bank can access the device anytime and anywhere in the world. The only device that this is possible today is the mobile phone. (Providing proper use is made of the security chip in the phone for banking too).