Wednesday, November 25, 2009

Card Association certification of mobile payment schemes

Using mobile phones to secure card-not-present transactions have been announced frequently. This is probably one of the areas in payment where innovation is rife. Anyone that have experienced the inconvenience of a stolen card and this card then being used for fraudulent transactions on the Internet will appreciate the advantage of using mobile phones in this way.

This blog is not about the many attempts to secure card payments in a proprietary way - and many examples exist - but about the fact that the card associations now seem to be certifying some of these solutions. I think that this is a major step forward with significant implications. The fact that unique payment solutions (some of these being very different to what we generally would have done) now get Credit Card Association endorsement or even licensing is indeed very interesting.

While quite a few of these examples can be found (one that we at Fundamo are intimately involved with), I would like to just quote two:
  • Mastercard recently announced their Chip Authentication Program (CAP) which allows for a One Time Password (OTP) to be generated by a phone (Read here). This means that someone can use a card on the Internet with a OTP that has been generated by their mobile. This is quite interesting as merchants can validate the OTP for a specific transaction. Security is much higher and the computing power of the phone is utilised well.
  • The mCheck solution deployed on Airtel in India is also an interesting case study.(Read here). While I do not know the detailed architecture of the solution, it is my understanding that the encryption capabilities of the SIM card is used to good effect to secure an ordinary Credit Card transaction. This is solution is endorsed by VISA, even though it is very specific to mCheck.
This approach, while commendable, may lead to a situation where so many acceptable schemes are available that it becomes extremely difficult to keep track of legal mechanisms. The allocation of liabilities may also not always be clear to the uninformed. The proliferation of different Credit Card Schemas could lead to some problems.

Tuesday, November 24, 2009

The technical requirements for interconnected mobile banking

This posting is an attempt at listing the key technical requirements that must be present in order for two mobile banking systems to be able to inter-connect. This means the ability of a subscriber in one system to be able to send money (preferably in real-time) to another subscriber on the other system.

Both systems must be able to do the following:
  • Adhere to the same message routing strategies. It is essential that the payment instruction issued on the one system should travel to the correct destination system and then that the actual target account be identified. This is not a simple problem as the routing should cater for multiple accounts associated with the same telephone number. Banking systems use the concept of a BIN to route payment systems, Telco systems use international dialing codes and operator codes (or look-up tables if number portability has been implemented). Which one of the two should banking systems use?
  • A mechanism to clear the transaction and ultimately settle the transfers must be implemented in the same way by both systems. This is not a trivial issue as clearing and settlement creates all kinds of liabilities that must be analysed properly and catered for in the selected system. Reconciliation and detection (and correction) of discrepancies are also important.
  • One of the most difficult interconnect problems is the schema for the management of uncompleted transactions. This type of situation would occur when the originating system did not get a confirmation nor a decline message from the destination system. The resolution of such conflicts are extremely complex. The design of roll-backs, pending transactions etc. is not trivial.
  • Reporting systems must be agreed on.
  • Technical handshakes, unavailability of one of the systems and consideration like load management (because of the potential huge volumes) must be well defined in order for the solution to work.
In my interaction with industry specialists and technical suppliers, it is my perception that this problem is not understood well at all. Very few companies have the experience and expertise to design and build such systems.

Monday, November 23, 2009

The popularity of Mobile Banking Worms

I found Twitter to be one of the best sources of information. I am constantly logged into the service (either by means of my PC or iPhone). One of the streams that I track is a search on the keyword "mobile banking".

On the 24th of November the Twitter search stream filled up with the following news item: "New Worm Attacks iPhones, Targets Mobile Banking ". I think that this Tweet was re-tweeted probably hundred times. In reading the associated press (here), it is clear that this is probably a no-event. The attack focused on clients of ING in the Netherlands and only if the subscriber's iPhone has been jailbroken. The target community for this attack is probably less than ten phones.

So why is it that people find this article so interesting. I believe it is because of the following reasons:
  • Anything related to an iPhone is news
  • The potential risk associated with remote banking is always interesting. It seems that security and how it can be penetrated is always newsworthy.
  • And then, could it be that mobile banking is also of sufficient interest that people want to hear about it.

Sunday, November 22, 2009

What is it: Interoperable or interconnected mobile payments?

One of the biggest benefits that I have because of the wide readership that I have, is the interaction that I have from valued readers of the blog. The comments that I receive are so valuable and I would like to thank everyone that respond to my attempts at publishing something worthwhile. I received an e-mail from a good friend on my latest entry. I will quote a short paragraph:

"...there is a difference between interoperability (...to connect components that interoperate) and interconnectedness (where systems are interconnected and are able to communicate between each other)". As is the case with all things, using the wrong terminology will confuse everyone. We must be succinct and accurate with what we say to ensure accurate understanding. (sometimes difficult for me considering that English is a second language). So should it be interoperate or interconnect. In order to answer the question, lets evaluate what I think we were talking about.

The term should describe the situation where one mobile banking subscriber on (lets say) system one can send or receive a payment from another subscriber on system two. These two systems (system one and system two), must be able to communicate/interact in such a way that payments can be cleared between the two subscribers. We would like to achieve this in such a way that system one and system two should not necessarily be connected, but that a transaction path must (at a minimum) exist between the two systems.

While I see that interoperate is not correct, I am not sure that interconnect describe this also. Maybe we need another term? Any suggestions?

How do you regulate to ensure interoperable mobile payments?

I was recently asked: "What needs to take place, both from a technical and regulatory perspective, for mobile banking to be fully interoperable...". This is such a good question as it verbalise a growing need (specifically from subscribers) to have this functionality available, as well as highlighting the two factors that must be addressed in order to solve this complex problem: technical and regulatory.

Before talking about the technical and regulatory requirements, just some general observations that will illustrate the extremely complex nature of mobile banking interoperability:
  • Mobile banking payments are of a totally different nature than any other type of payment, because of the following two characteristics, in combination: The payment is initiated by the payer (not the payee as is the case with most electronic payments). This simple fact have major ramifications in as far as clearing, disputes, roll-backs etc. is concerned. The complexity is aggravated because mobile banking (by nature) should be real-time.
  • Current game plans in big eco-systems are to build a competitive advantage over other competitors through mobile banking. The mobile banking supplier with the biggest market share (and thus having the best chance of ensuring interoperability) usually do not want this to happen as it would dilute their competitive advantage.
  • While it is possible to route a telephone call to a unique telephone number, this is not as easy with a payment. Some factors that could complicate this are more than one bank account associated with one telephone number, implications of wrong numbers and other incidents where reversals may be required.
I will describe some of the technical requirements of interoperable payments in the next post.

Friday, November 20, 2009

What drives dedicated mobile banking professionals?

Contrary to what many people may think, the deployment and support of mobile banking systems is extremely hard work. The complexity and the tolerance levels of these systems are on par with the most complicated systems that can be deployed. Furthermore, these projects are often under difficult timeframes.

Mobile banking professionals are always under pressure, often out on a edge (because new frontiers are being crossed) and with limited support. Price pressures on many of these projects also mean that monetary benefits cannot be their main motivator.

Yet these special people almost always are full of energy and passion. They produce miracles and serve as inspiration to others. Why is this the case?

I know this is because most are working in this industry because they are driven by a bigger purpose: to help people that are less fortunate than them. Or to quote from the movie The Soloist: "The dignity of being loyal to something you believe in. "

Posted from my iPhone

Some thoughts on the hierarchy of agents

Mobile Operators utilise agent hierarchies for the distribution of pre-paid airtime. By implementing a multi-layer of agents Operators can reach a much bigger market. For instance with just ten super-agents an
Operator can have thousands of agents in the field.

This approach does have one major drawback: in order to
make deep hierarchies work the Operator must sacrifice big margins. This means that this approach is an expensive distribution mechanism.

It seems that it is obvious that Operators should utilise the same approach when implementing mobile money systems. However there are three reasons why this should be re-evaluated:
  • The available margin in mobile money systems are significantly smaller than airtime. It is usually not possible to offer the same level of margins to support multi-layers of agents.
  • Indications are that Mobile Operators should be more involved with support, training and controls for mobile money agents. Deep hierarchies implies that the Operator does not have the same access to the agents that they would need to support these agents effectively.
  • Good mobile money systems are based on sophisticated banking systems (as apposed to over-extending airtime systems). This means that commissions can now be controlled in much more focused ways.
It does seem that mobile money system should have flatter hierarchies. In the long run this may even lead to an approach where airtime can be distributed cheaper.

Posted from my iPhone

Wednesday, November 18, 2009

A fresh new VISA

For those of us that have been working in the payment industry for some time, VISA was always seen as the protector of the status quo. Even new initiatives that were sometimes brought to market took a long time to deploy or were not applicable. (Remember SET?). VISA was an extension of the institutionalise banks, and (the perception were), that banks used the card associations to protect their interests, rather than help their customers. The fact that both Mastercard and VISA were controlled by the same banks meant that competition did not always pan out the way that one would have liked it to be.

This is why it is so good to see a new VISA that emerged after the listing. The approach is now much more open and driven by an honest effort to find solutions that customers would want. Nowhere is this more clear than in the mobile payment industry. The people and decisions that we are experiencing as an industry shows a new style of collaboration and openness to new ideas. A search of the news channels will show many initiatives that supports this view (Read here, here and here). One of the exciting initiatives is the mDirect initiative recently launched by Mobile Money in South Africa. In this instance the go to market strategy was based on joint branding between MTN (a mobile operator) and VISA. This would have been unheard of ten years ago.

Could it be that a change in ownership and governance structures can have such a dramatic change in behaviour? It does seem to be the case.

Friday, November 06, 2009

Balance of competitive forces is a prime consideration for mobile banking regulation

The complexity of providing regulatory frameworks for transformational banking is well known. While regulators are keen to create mechanisms to ensure access to banking services also for the poor, they have to the risks in changing existing regulations. I have written about these risks. (Read here). To recap, the following are the typical risks that one should be thinking of:
  • Utilising the system for criminal activities (money laundering, funding terrorism etc.)
  • Protecting the customer so that deposits are safe and also information protection
  • The creation of money
Lately, in discussions with regulators and what I have seen in the market, it seems that regulators are also apprehensive about an competitive imbalances that may be created by allowing transformational banking. My first reaction was that this is not the mandate of regulators, but thinking about it, this makes a lot of sense. The natural forces in a free market system ensure behaviour that will not harm the customer, keep costs in check and contain criminal actions. If these forces are lost because of a dominant player all of these benefits will not materialise. Regulators concerned about the balance of competitive forces may just be getting it right.

A view on the trigger behaviour for mobile payments

It is my believe that many experts just re-package what they heard other people say. The saying: "Originality is the art of concealing your source", is true for most people. However, some individuals do exist that are capable of new, original thought. It is these people that build new offerings and ultimately change the world. I am privileged to know quite a few such people. One of them is my good friend Dave Parratt.

We have shared thoughts on this industry through many hours of discussion and always found his thoughts interesting and stimulating. Unfortunately I cannot share all of them because they were shared in confidentiality. However, he recently spoke about one such theory in a podcast published on the web (Read here). I suppose this means that it is now general knowledge and I can also publish it.

Dave postulate that widespread adoption of payment systems are triggered by change in behaviour of the population. He says (for instance) that the big move to card-based payments from check-payments was triggered by people that started travelling more frequently. Check-payments from foreigners were frowned on, but quickly got replaced by a plastic card.

He then describe (in much more detail than is possible on this blog), how the need for "card-not-present" transactions will drive the adoption of mobile payments. He does not believe that mobile payments (ala NFC) will replace card payments in retail environments, but will definitely become the preferred mechanism to pay in situations where cards cannot be used. (On the web, call centers, and of course on your phone). Transactions where you wanted to use your card, but cannot because you could not swipe the plastic, it is those type of transactions that are the low hanging fruit for mobile payments.

Some books that one should read in order to appreciate mobile banking

Peter, one of our senior solution consultants sent me the following quote:

"Overcoming poverty is not a task of charity, it is an act of justice. Like Slavery and Apartheid, poverty is not natural. It is man-made and it can be overcome and eradicated by the actions of human beings. Sometimes it falls on a generation to be great. YOU can be that great generation. Let your greatness blossom."

— Nelson Mandela


This really resonate with me. This is what I would want to work on and what I believe mobile banking can change. I found two books worthwhile reading with similar messages:
  • "Portfolios of the Poor" is a great book describing the complexities of managing money if you are poor. The book looks at the many different instruments that poor people use to manage their financial world. (Read here)
  • In "You can hear me now", Nick Sullivan talks about his experiences in poor countries and also the effect of cellphones on the wealth of people (Read here)
I am looking forward to hearing about other books that is a must read for us that are passionate about using mobile phones to better the lifes of billions.

Thursday, November 05, 2009

Visiting our new offices

My apologies - this blogpost was mistakenly published to the wrong blog. It was meant for my private blog.