Leveraging the payment networks for immunity passports


As if lockdown were not bad enough, many of us are now faced with spending the next year with children unable to spend their Gap Year travelling the more exotic parts of the world. The traditional jobs within the entertainment and leisure sectors that could keep them busy, and paid for their travel, are no longer available. The opportunity to spend time with elderly relatives depends on the results of their last COVID-19 test.

I recognize that we are a lucky family to have such ‘problems’. However, they are representative of the issues we all face as we work hard to bring our families, companies and organizations out of lockdown. When can we open up our facilities to our employees, customers and visitors? What protection should we offer those employees that must or choose to work away from home? What is the impact of the CEO travelling abroad to meet new employees or customers, sign that large deal or deliver the keynote at that trade fair in Las Vegas?

It is no longer unusual for a company in the City to regularly test its employees before allowing them to work in their offices and support the additional costs of their commute avoiding public transport.

Billions are being invested in vaccine research and tests to confirm that we have the antibodies to protect us and those with whom we interact. But will that be sufficient? Will it allow you to visit your relatives in the care home, sit inside your favorite restaurant, work in close proximity to your colleagues and/or travel without the need to quarantine for 14 days when you arrive and/or return?

Experience would suggest that over the next year or so a variety of vaccinations and tests will be released, which will work to a greater or lesser extent. The question will be: ‘is the vaccination, or test, recognized by the venue (and their insurers), or country, which you are trying to enter?’

For some organizations, the fact that the COVID-19 tracing application on your phone turns green, will be sufficient. Others will only recognize specific vaccinations and tests and will want to check that the immunizations are still valid. Both will be concerned by the availability of fake immunity certificates. Thus, in parallel with the medical developments, we have to implement a robust and efficient method of sharing and remotely validating the immunity certificates or passports that they will deliver.

Those of us who regularly travel in North Africa and South America are used to handing over our yellow International Certificate of Vaccination or Prophylaxis (ICVP), with our passport, to prove that we had yellow fever vaccine. This program, which is governed by International Health Regulations, could provide the governance framework for the operation of the COVID-19 immunity passports.

Over the last few months, Consult Hyperion has proven that the contactless payment networks, which allow you to use your credit or debit card anywhere in the world, can also be used to share and remotely validate your COVID-19 immunity passport.

Our idea is that anywhere you can use your payment card you can also validate that you have the required immunity to enter the building or country. As with your payment transaction, an organization can choose whether or not to accept your immunity passport based on the:

  • Issuer of the immunity passport
  • Vaccinations and/or tests administered
  • Date when the vaccinations and/or tests were administered
  • Potential that the passport is a fake or you are not the genuine passport holder

If required, the organization can also revert to the issuer of the immunity passport to check there and then that your passport is still valid.

The consumer experience delivered by the immunity passport is similar to that of a contactless, Apple Pay or Google Pay transaction. The immunity passport is stored in a secure application in your smartphone or biometric smartcard. When asked to prove your Immunity Status you use your fingerprint to authenticate yourself to your phone/card and then touch your phone/card to a contactless reader. An application on the reader validates your immunity passport and passes only the required information to the restaurateur, owner of the care home or office or border control officer.

From the international community’s perspective, the payment infrastructure over which the immunity passports are shared and remotely validated is in place, proven and robust. It is supported by a raft of rules administered by PCI, which protect the security of personal information, at rest and in flight, within the system. There is an active marketplace for cheap, certified readers, operating secure protocols, which offer Contact Free validation of the immunity passport away from the classical point of sale locations. These include mPOS and SoftPOS solutions which allow a standard mobile phone to be used as a contactless payment terminal, and ruggedized terminals used to validate tickets in high traffic areas, such as the entrance to sports arenas and concert venues.

While the world waits to see if the science supports the ability to establish immunity to COVID-19, and society works through the implications of immune people being able to avoid restrictions which apply to others, we technologists need to prepare the infrastructure that will allow people to share and validate immunity passports.

One of the things I love about working at Consult Hyperion is that we regularly come up with, and deliver, ideas that significantly impact people’s lives – contact and contactless payment cards (worldwide), M-PESA (Kenya), Open Loop Transit Ticketing (London) and more recently SoftPOS (London), just to mention a few. Something tells me that immunity passports will be the next. If you are interested and would like to help deliver the network that will allow life to return to something close to ‘old normal’, please let me know.

Would you use the NHSX app?

I listened with interest to yesterday’s parliamentary committee on the proposed NHSX contact tracing app, which is being trialled on the Isle of Wight from today. You can see the recording here.

Much of the discussion concerned the decision to follow a centralised approach, in contrast to several other countries such as Germany, Switzerland and Ireland. Two key concerns were raised:

1. Can a centralised system be privacy respecting?
Of course the answer to this question is yes, but it depends on how data is collected and stored. Cryptographic techniques such as differential privacy are designed to allow data to be de-indentified so that is can be analysed anonymously (e.g. for medical research) for example, although there was no suggestion that NHSX is actually doing this.

The precise details of the NHSX app are not clear at this stage but it seems that the approach will involve identifiers being shared between mobile devices when they come into close proximity. These identifiers will then be uploaded to a central service to support studying the epidemiology of COVID-19 and to facilitate notifying people who may be at risk, having been in close proximity to an infected person. Whilst the stated intention is for those identifiers to be anonymous, the parliamentary debate clearly showed there a number of ways that the identifiers could become more identifiable over time. Because the identifiers are persistent they are likely to only be pseudonymous at best.

By way of contrast, a large team of academics has developed an approach called DP-3T, which apparently has influenced designs in Germany and elsewhere. It uses ephemeral (short-lived) identifiers. The approach is not fully decentralised however. When a user reports that they have COVID-19 symptoms, the list of ephemeral identifiers that user’s device has received, when coming into close proximity to other devices, is shared via a centralised service. In fact, they are broadcast to every device in the system so that risk decisioning is made at the edges not in the middle. This means that no central database of identifiers is needed (but presumably there will be database of registered devices).

It also means there will be less scope for epidemiological research.

All of this is way beyond the understanding of most people, including those tasked with providing parliamentary scrutiny. So how can the average person on the street or the average peer in Westminster be confident in the NHSX app? Well apparently the NHSX app is going to be open sourced and that probably is going to be our greatest protection. That will mean you won’t need to rely on what NHSX says but inevitably there will be universities, hackers, enthusiasts and others lining up to pick it apart.

2. Can a centralised system interoperate with the decentralised systems in other countries to allow cross border contact tracing?
It seems to us that whether a system is centralised or not is a gross simplification of the potential interoperability issues. True, the primary issue does seem to be the way that identifiers are generated, shared and used in risk decisioning. For cross border contact tracing to be possible there will need to be alignment on a whole range of other things including technical standards, legal requirements and perhaps even, dare I say it, liability. Of course, if the DP-3T model is adopted by many countries then it could become the de facto standard, in which case that could leave the NHSX app isolated.

Will the NHSX app be an effective tool to help us get back to normal? This will depend entirely on how widely it is adopted, which in turn will require people to see that the benefits outweigh the costs. That’s a value exchange calculation that most people will not be able to make. How can they make a value judgment on the potential risks to their civil liberties of such a system? The average user is probably more likely to notice the impact on their phone’s battery life or when their Bluetooth headphones stop working.

There’s a lot more that could be said and I’ll be discussing the topic further with Edgar WhitleyNicky Hickman and Justin Gage on Thursday during our weekly webinar.

Paying for food

It feels strange to be writing about paying for food, one of the basic skills we learn in early childhood. However, these are exceptional times, when the basic notion of how we pay is being challenged. It seems we are now considering the different options for paying safely when physical contact must be kept to a minimum.

Consult Hyperion has been alerted to many requests for advice from community groups who normally rely on cash payments, so in response we have drawn up some guiding principles:

1. Maintain good practice: be aware of the vulnerability, both real and perceived, of people unable to leave their homes. Asking them to do things differently risks increasing anxiety and leaving them open to fraud.

2. Keep it simple: work with payments options people already use, and those they are familiar with. The large spike in phishing attacks over the past month highlights scammers’ eagerness to abuse this situation.

3. Maintain records: clear and consistent transaction logging is essential to protect both organisers and the people they are helping. Keep invoices for tracking and reconciliation purposes.

4. Work with existing networks: local authorities, housing associations, care providers, charities, community groups, faith groups, even village shops. The mix will vary according to the community.

5. Only allow demonstrably trustworthy individuals to handle payments: the list of people permitted to countersign passport applications could be a good starting point, but each community is different. Trust is vital in payments.

6. Keep payments and shopping separate: older readers will remember having an account with their local shop and having items added to their tally, paying the bill weekly or monthly.

7. School meals provide a good example: cards (or biometrics) are used to ensure all students have equal access to food, without the stigma attached with free school meals. Food is still served, even if the system has technical issues.

8. Take the time to discuss people’s preferences over the phone: The person receiving the shopping doesn’t have to be the person who pays. Be creative in encouraging people to contribute a little extra, or allow friends and family to pay on their behalf.

When organising payments, only use options people already have. This is not the time for a stressful sign-up process. In order of preference:

Online – PayPal, Bank Transfer, Pingit

With any new online payment, if there is a level of trust through an existing relationship, ask the account holder to send a small sum of 1p or 10p to the intended account, to check that it does arrive in the right place.

PayPal: convenient if you already have an account. Allows you to choose different sources of funds to transfer. Can be used for paying individuals as well as organisations. Includes a degree of protection.

Bank transfer (frequently referred to as Faster Payments): Despite communication from many of our banks, the full roll out of Confirmation of Payee is delayed. There is uncertainty over whether the money will arrive in the right place, so test initially with small amounts. It is irreversible. It can be performed easily via internet banking if you have the capability. Telephone banking is currently overloaded.

Some apps enable an invoice with bank details to be presented through a link to web page. This is better than simply sending requests for payments within an email, as fraudsters can’t just intercept the email and change the recipient details. It requires more effort to set up a fraud and is more likely to get spotted.

Pingit: Less widespread but convenient person-to-person payments which can be sent to a mobile number.

Contactless at the door

Using a portable reader from companies like iZettle, SumUp and Square. Apple Pay and Google Pay are good options as they allow higher value payments without the need to touch the device, if people already have the capability. Appropriate distancing must be observed.


The householder only has to part with a single piece of paper and does not have to receive change. Cheques will have to be paid in and take a while to clear but there is very little risk of the householder absconding.


People are encouraged to avoid handling cash and avoid touching ATMs. Keeping cash in the home makes people more vulnerable. However, some people rely on cash. Where change is to be given, this should be arranged in advance and put in an envelope.

These are extraordinary times, which force us to look differently at the way we pay. Consult Hyperion have been enabling secure payments for over 30 years and we are able to apply our own Structured Risk Analysis process to understand the threats and possible countermeasures in every situation. These threats normally relate to the security of systems but in this case also encompass the risk of infection and people being left without essential supplies.


If you are reading this from home and need help, try phoning your local shop. If they are not organising deliveries themselves, they may well be aware of groups who are. Many local stores and community groups are providing help to these who need it, providing a much needed service. Get in touch with your local group.

Dave New World #IWD2020

One of my favourite quotes is, “at any given IT conference, there are more attendees named Dave[1] than there are women”. Having checked the attendee list at several conferences, it seems a pretty fair rule of thumb.

My first step into IT was to escape a rogue boss, who handled both male and female employees equally, resulting in my predecessor taking a case to tribunal. The local university offered postgraduate qualifications in both IT and accountancy. The first year of IT counted towards both, so I took the path of least resistance. After a year creating expert systems and researching Artificial Life, my choice was made.

Having settled into a technical role with a major network provider, I expressed an interest in moving into the security team, only to be told “you can’t have that job, it’s Dave’s job”. When I insisted, a second opening was found and Dave became a much-valued colleague and friend. When I was promoted to lead the team, it emerged that my salary even after promotion was well below Dave’s and rapid adjustments had to be made.

At around this time I worked alongside a firewall consultant, whose best client had bandwidth beyond our wildest imaginings. She needed cutting edge technology to protect her revenues while engaged in the world’s oldest profession. This consultant, known to use the same password on every system, later put the first firewall into 10 Downing Street. In recent years, I have had the opportunity to research (in a professional capacity) the importance of digital identity in the context of adult services, highlighting the sheer scale of this industry and the important role of technology in this area.

When I first joined Consult Hyperion in 2006, I was asked to organise a workshop for identity experts from across Europe. It was a great opportunity and a real inspiration when Angela Sasse, a leading light in HCI, spoke about the importance of both women and men contributing to systems which are to serve the public. One of my favourite feminists, another Dave, was later to highlight the peculiar assumptions behind some technologies. For instance, the concept of the smart home managed remotely by a man on the move. It may work for people living alone but the ability to turn the lights off or the heating down while partners or family members are at home is not so great.

We are lucky at CHYP to have a diverse and highly skilled team working in Hyperlab, including a Dave. His working proof that an EMV contactless transaction could be completed in under 500ms in a live transit environment was critical to the adoption of the technology by Transport for London, which in turn contributed to the wider implementation of contactless payments. He has also worked on financial inclusion projects in both the UK and Africa, enabling aid to be distributed to farmers in remote areas.

On a personal level, it is always good to see more women joining the industry. It’s a great place to work, with constant change and exciting new challenges. I respect initiatives such as Microsoft’s Girls in STEM[2], although it has caused upset in my household, as my son was very disappointed that there was no equivalent for Boys in STEM. He has a truly inspirational IT teacher, who spent much of her career working in the industry and is equally at home with coding and infrastructure (or ‘the boring stuff’, as my son likes to call my main area of interest). Despite every possible encouragement, there are no girls taking Computer Science in his year. The local girls’ school does not even offer the subject at A level. However, whatever profession you adopt, chances are you will need technology to achieve your goals. At a time of huge opportunity, it is important to remember that there are many different paths into a career in technology. For instance, privacy requires strong legal and technical underpinnings. It is therefore vital that from the earliest years, we encourage children to engage with technology in whatever way best suits their own individual passions.

I’ve run up against some interesting attitudes in my working life: “you don’t look like a techie[3]”, “girls can’t do firewalls”, “a female consultant?” and, disappointingly, female colleagues refusing to take on “men’s work”. Having spent my formative years around a boys’ prep school, where women were mostly ‘below stairs’, I learned early to take this kind of thing in my stride.

[1] In this article, the term ‘Dave’ is used to denote anyone with the given name of ‘David’.

[2] https://www.microsoft.com/en-us/corporate-responsibility/skills-employability/girls-stem-computer-science

[3] https://www.bbc.co.uk/news/blogs-trending-33783007

To paraphrase Plato: the cost of not taking part is to be subject to the decisions of those less capable than you.

Consult Hyperion’s Live 5 for 2020

At Consult Hyperion we take a certain amount of enjoyment looking back over some of our most interesting projects around the world over the previous year or so, wrapping up thoughts on what we’re hearing in the market and spending some time thinking about the future. Each year we consolidate the themes and bring together our Live Five.

2020 is upon us and so it’s time for some more future gazing! Now, as in previous years, how can you pay any attention to our prognostications without first reviewing our previous attempts? In 2017 we highlighted regtech and PSD2, 2018 was open banking and conversational commerce, and for 2019 it was secure customer authentication and digital wallets — so we’re a pretty good weathervane for the secure transactions’ world! Now, let’s turn to what we see for this coming year.

Hello 2020

Our Live Five has once again been put together with particular regard to the views of our clients. They are telling us that over the next 12 months retailers, banks, regulators and their suppliers will focus on privacy as a proposition, customer intimacy driven by hyper-personalisation and personalized payment options, underpinned by a focus on cyber-resilience. In the background, they want to do what they can to reduce their impact on the global environment. For our transit clients, there will be a particular focus on bringing these threads together to reduce congestion through flexible fare collection.

So here we go…

1. This year will see privacy as a consumer proposition. This is an easy prediction to make, because serious players are going to push it. We already see this happening with “Sign in with Apple” and more services in this mould are sure to follow. Until quite recently privacy was a hygiene factor that belonged in the “back office”. But with increasing industry and consumer concerns about privacy, regulatory drivers such as GDPR and the potential for a backlash against services that are seen to abuse personal data, privacy will be an integral part of new services. As part of this we expect to see organisations that collect large amounts of personal data looking at ways to monetise this trend by shifting to attribute exchange and anonymised data analytics. Banks are an obvious candidate for this type of innovation, but not the only one – one of our biggest privacy projects is for a mass transit operator, concerned by the amount of additional personal information they are able to collect on travellers as they migrate towards the acceptance of contactless payment cards at the faregate.

2. Underpinning all of this is the urgent need to address cyber-resilience. Not a week goes by without news of some breach or failure by a major organisation putting consumer data and transactions at risk. With the advent of data protection regulations such as GDPR, these issues are major threats to the stability and profitability of companies in all sectors. The first step to addressing this is to identify the threats and vulnerabilities in existing systems before deciding how and where to invest in countermeasures.

Our Structured Risk Analysis (SRA) process is designed to help our customers through this process to ensure that they are prepared for the potential issues that could undermine their businesses.

3. Privacy and Open Data, if correctly implemented and trusted by the consumer, will facilitate the hyper-personalisation of services, which in turn will drive customer intimacy. Many of us are familiar with Google telling us how long it will take us to get home, or to the gym, as we leave the office. Fewer of us will have experienced the pleasure of being pushed new financing options by the first round of Open Banking Fintechs, aimed at helping entrepreneurs to better manage their start-up’s finances.

We have already demonstrated to our clients that it is possible to use new technology in interesting ways to deliver hyper-personalisation in a privacy-enhancing way. Many of these depend on the standardization of Premium Open Banking API’s, i.e. API’s that extend the data shared by banks beyond that required by the regulators, into areas that can generate additional revenue for the bank. We expect to see the emergence of new lending and insurance services, linked to your current financial circumstances, at the point of service, similar to those provided by Klarna.

4. One particular area where personalisation will have immediate impact is giving consumers personalised payment options with new technologies being deployed, such as EMV’s Secure Remote Commerce (SRC) and W3C’s payment request API. Today, most payment solutions are based around payment cards but increasingly we will see direct to account (D2A) payment options such as the PSD2 payment APIs. Cards themselves will increasingly disappear to be replaced by tokenized equivalents which can be deployed with enhanced security to a wide range of form factors – watches, smartphones, IoT devices, etc. The availability of D2A and tokenized solutions will vastly expand the range of payment options available to consumers who will be able to choose the option most suitable for them in specific circumstances. Increasingly we expect to see the awkwardness and friction of the end of purchase payment disappear, as consumers select the payment methods that offer them the maximum convenience for the maximum reward. Real-time, cross-border settlement will power the ability to make many of our commerce transactions completely transparent. Many merchants are confused by the plethora of new payment services and are uncertain about which will bring them more customers and therefore which they should support. Traditionally they have turned to the processors for such advice, but mergers in this field are not necessarily leading to clear direction.

We know how to strategise, design and implement the new payment options to deliver value to all of the stakeholders and our track record in helping global clients to deliver population-scale solutions is a testament to our expertise and experience in this field.

5. In the transit sector, we can see how all of the issues come together. New pay-as-you-go systems based upon cards continue to rollout around the world. The leading edge of Automated Fare Collection (AFC) is however advancing. How a traveller chooses to identify himself, and how he chooses to pay are, in principle, different decisions and we expect to see more flexibility. Reducing congestion and improving air quality are of concern globally; best addressed by providing door-to-door journeys without reliance on private internal combustion engines. This will only prove popular when ultra-convenient. That means that payment for a whole journey (or collection or journeys) involving, say, bike/ride share, tram and train, must be frictionless and support the young, old and in-between alike.

Moving people on to public transport by making it simple and convenient to pay is how we will help people to take practical steps towards sustainability.

So, there we go. Privacy-enhanced resilient infrastructure will deliver hyper-personalisation and give customers more safe payment choices. AFC will use this infrastructure to both deliver value and help the environment to the great benefit of all of us. It’s an exciting year ahead in our field!

Password security

The publication by NIST of an updated version of its digital identity guidelines marks a significant change in its approach to identity management. It highlights the importance of implementing digital identity in context, with three different elements replacing the previously monolithic Level of Assurance. These Levels are the Identity Assurance Level for identity proofing, the Authenticator Assurance Level for authentication and the Federation Assurance Level for use in a federated environment. Criteria for each Assurance type run from Level 1 to Level 3. This is intended to provide greater flexibility in implementation, for example combining pseudonymity with strong authentication for privacy purposes. Although optional, federation is positively encouraged for reasons of user experience, cost and privacy.

Risk management features prominently in the guidelines, with risk assessments used to determine appropriate identity choices according to system requirements. Although the requirements are technology agnostic, they are prescriptive regarding the assurance levels required for particular purposes. One area in which the guidelines are particularly refreshing is in their approach to passwords. Drawing on research into passwords exposed during data breaches, the use of unwieldy complexity rules is discouraged. Instead, it is suggested that users should be allowed to make passwords as long as they wish, encouraging the use of pass phrases and excluding very short passwords.

Faced with restrictive rules, many users will select predictable passwords which just meet the system requirements but are easily guessed. It is suggested that passwords should be checked against a blacklist of obvious choices and known compromised passwords, to filter these out. Randomly-generated secrets are therefore preferred to user-generated secrets.

The guidelines also highlight the importance of usability, supporting the use of password managers and only requiring passwords to be changed when there is evidence of compromise. There is some flexibility regarding displaying passwords on screen, depending on the context. In order to maintain an adequate level of security, a mechanism for limiting the number of possible failed authentication attempts is required.

This new, more person-centric approach from NIST follows on from UK government guidance published by GCHQ in 2016, advising ‘dramatic simplification’ of password management policies. This guidance also focused on achieving security by implementing processes which are easier for people to follow and therefore less susceptible to being undermined by users attempting to take short cuts through the system.

CHYP’s involvement in research has highlighted for us the difference between the way people say they behave and how they actually behave online. This kind of performativity may take the form of people describing how careful they are online (perhaps repeating recent official advice), while doing something conflicting on screen even as they are speaking. A similar effect can be seen when comparing figures produced from a user survey by the Gambling Commission, to usage statistics reported by gambling companies. The companies are able to draw statistics directly from their systems, while the survey figures are composed of gamblers’ reporting of their own behaviour. These discrepancies highlight the importance of observation when developing policies based on user behaviour.

It is encouraging to see a more effective approach to combination of privacy, security and usability in Identity Management being promoted at the highest levels. Even in local hospitals, it is now common to see screens showing simply ‘tap your pass or enter your passphrase’, where previously unpredictable processes were in place. Organisations such as FIDO have done a great deal to promote standardisation.

For a standalone organisation to adopt the new NIST rules would seem both positive and achieveable. They are in any case intended to be used within the US government. However, where organisations are already working in partnership and have existing legacy agreements regarding security requirements, it may be necessary to revisit these and agree a new set of password rules to replace existing, outdated approaches. Standardisation and education can go a long way towards supporting this process, although for larger organisations and those with multiple partners, it may take longer.

Publications such as ‘Why Johnny can’t encrypt’ and ‘Users are not the enemy’ have long been recognised for highlighting enduring issues with implementing security software. While education is important, attempts to fundamentally change people will inevitably fail, resulting in escalating support costs and unpredictable security risks. People are simply not equipped to adjust that quickly. In comparison, machines are generally designed by people and comparatively easily modified. Even with the advent of AI, machines are likely to remain reasonably malleable.

Where most user interaction involves people and machines, security tends also to involve mathematics. The NIST guidelines prescribe the use of appropriate cryptography at every stage. This is essential to securing the system but does not of itself guarantee that the system will remain secure. Appropriate system design and implementation are crucial to ensuring secure operations. This is exemplified by the recent flaw discovered in the WPA2 WiFi protocol. A mathematical proof is available for the security of the protocol but there is a vulnerability in the key management, which is not covered by the proof.

As in any system, a mathematical proof has to be ‘situated’ to be useful. Effective risk modelling will take into account the wider context of the system, focusing in on the most critical areas for greater attention. This process may have to be revisited over time, as the surrounding environment evolves. The increasing interconnectedness of the Internet of Things will require greater attention to disconnection technologies to preserve system integrity over time.

A way to embrace “over the counter” mobile money transactions

As one of the pioneers of mobile money (cutting my teeth on the initial service proposition and business model for M-PESA, way back in 2004, three years before commercial launch), I’m always naturally inclined to see its potential in a positive light. But I’m starting to wonder if maybe we need to give it a bit of a nudge – realign it, if you will.
One of the more interesting phenomena we’ve seen in recent years is the rise of Over The Counter (OTC) transactions – those transactions carried out by agents on a customer’s behalf, in many cases without any link to the real people relating to a transaction. We’ve seen cases where agents maintain four or five mobile money accounts, on different phones, so that they can spread their customers’ transactions across accounts and so avoid transaction limits.
The reasons for OTC can be various, but certainly include illiteracy, lack of appropriate language support on mobile handsets, and – fairly commonly – liability (after all, if things are going to go wrong, you want someone else to blame, don’t you?). But the obvious potential for money laundering means that this situation can be a financial regulator’s nightmare.
Of course, it doesn’t have to be this way, and there are examples of it being done properly, with even in some cases biometric authentication of all parties to an OTC transaction. Worldwide, however, this is rare.
But I digress. What I really wanted to talk about was the somewhat self-congratulatory attitude we in the industry are all guilty of at some time – after all, an industry that has grown from nothing to something more than 270 services in over 90 countries in only fifteen years is undeniably impressive. But I do wonder if we’re all kidding ourselves sometimes. I mean, sure, for the middle classes, and for many of the employed poor, it has been an amazing opportunity, and has transformed access to financial services. But there are gaps – possibly some big gaps.
As an example, I’d like to relate a recent experience. First, you have to understand that I believe you can’t develop anything new without spending time with the people who are going to be using it; so I like to go out to the field, and see what people are actually doing, not what the research tells me. Just sit and watch, and ask the occasional question. It can be very educational.
So we were working with this mobile money operator (MMO), who has a deal with an MFI for the delivery of MFI services through MM. On paper, it all looks very good, plenty of transactions, lots of people receiving loans and making repayments, all through MM. I was very keen to go to a group meeting and find out what the customers thought, how they used it, what else they did – the usual.
We turned up at the meeting, and the first thing that was happening was training from the field officer. Great. But there was a surprise in store; the training included the following advice about security: “Always keep your PIN secret. Never tell anybody. EXCEPT the Agent – you should whisper it quietly into his ear” – uh oh. The alarm bells started to ring.
And then the Agent turned up. At this point the field officer started to gather repayments, in the traditional way for group lending – laboriously entering everyone’s name into a list, checking that they have the cash to make the repayment, noting down the repayment amount, all at a glacial pace (now this is one area where investment in IT could make an immediate impact) – and then the mobile money part started. Each person making a repayment took their phone and their cash, one by one, to the Agent – who took their phone, ‘deposited’ the cash for them, then forwarded the repayment to the MFI.
There were also three loan disbursements that day, and the process was much the same: hand your phone to the Agent, whisper your PIN to him, walk away with a wad of cash.
All of these people at the group meeting are in the MMO’s books as active mobile money subscribers. So I have to ask: in what way are these people mobile money subscribers? How is this empowerment? All that I can see is that the MFI has outsourced their cash management problems to the Agent, who walks the streets with a bag full of cash. Glad that’s not me.
So there are clearly a large number of people, down towards the bottom of the pyramid, for whom the step from a pure cash environment to being asked to use a mobile money wallet or account to manage their finances is just too big. Expecting people who’ve never had a bank account to make the conceptual leap from paper cash to mobile finance in one step is asking too much. Without help many of them will never do it.
Maybe the way forward is to make the steps a little more manageable. Introduce an intermediate step. And I think the way to do that is to embrace OTC, but to do it in a way that formalises it and addresses the concerns of the regulatory authorities: give this section of customers a card, which identifies their account. Maybe secure it with biometrics, if you want. Let them visit an agent, and get the agent to do the transactions for them, but now with all transactions linked to the card/the account. Link it to their mobile phone, so that the more adventurous can see their balance via the MM service. Make sure they’re comfortable with this, and make sure there’s a migration path that leads to the full MM service over time.
After all, this is the long term migration path we’ve seen in Europe over the course of decades; the move from cash, to bank accounts, to debit and credit cards, to Internet banking and mobile payments has happened, of course; but with each step taking years or even decades. Expecting people immersed in a world of cash to make the leap in a matter of days or weeks is just unrealistic. Why should they be any different?

Footnote: Yes, the author is well aware of Safaricom’s moves to issue a companion card for the use of M-PESA for retail transactions. That’s somewhat different to the case described here, though in itself interesting.

Developing services that change people’s lives

One of the most exciting things about working here at Consult Hyperion is that you are involved in the design and delivery of services which have a huge impact on people’s lives. My family moaned when I asked the taxi driver that took us from the airport into Nairobi whether he used M-PESA. However they were soon having similar conversations as they realised how important the service is to every Kenyan they met. More recently they have accused me of being responsible for “card clash” on the London Underground and have resorted to buying shielded wallets to ensure that TfL only take money from the Oyster Cards that I fund!

Sat here as I am at the AidEx conference in Brussels, surrounded by the great and good of the Humanitarian Aid community, I feel that Consult Hyperion is on the verge of delivering yet another life changing service.

The refugee issue is a regular topic of discussion across all media. Most stories focus on the plight of the individuals walking across Eastern Europe. However there is a growing awareness of the impact of so many refugees on the local economy. For example Alex Forsyth, reporting for the BBC’s From Our Own Correspondent, highlighted that the holiday season in Lesbos has been extended, as people descend on the island to help the refugees arriving by sea.

The conversations in Brussels have focused on the need to provide aid to the refugees in the form of cash-based payments, rather than physical goods, such as rice or tents. The argument goes that if the refugees have the funds to buy the goods, then the entrepreneurs in the host country will invest in the distribution channels to ensure that the goods that the refugees need are where they want to buy them.

The trouble with cash is that it has a tendency to evaporate, i.e. not all the intended funds reach the recipient, even if it is transported into the region in 40 foot steel shipping containers on the back of a truck.  As we discovered in Nigeria the principal alternative, paper vouchers, have some major disadvantages. They are difficult to manage in large numbers; they must be printed by specialist printers; they have to be ordered significantly in advance; they have to be the right value to allow the refugee to spend all the funds in one visit to the merchant, even when the local currency is devaluing; the merchant and the agency running the scheme have to reconcile the vouchers before the funds can be provided to the merchant; and the used vouchers have to be stored in case of dispute.

Recognising this, there is growing support within the Humanitarian Aid community for the use of Cash Based Transfers (CBTs), essentially smartcard based e-money schemes, which can be rapidly established in times of crisis and in which the reconciliation process can be done automatically in the Cloud. The trials to date have focused on prepaid card schemes. But these also have significant disadvantages, since they require access to expensive payment terminals designed to operate in clean retail environments typically found in urban areas, whilst creating a huge problem with cash liquidity in the local community.

Groups of representatives from the Humanitarian Aid community under the auspices of Electronic Cash Transfer Learning Action Network (ELAN), the Cash Learning Partnership (CALP) and the High Level Panel on Humanitarian Cash Transfers, sponsored by DFID, have analysed these trials and documented their requirements for CBT solutions.

Reviewing these with the retail payment experts within Consult Hyperion it became apparent we had already developed many of the building blocks required to deliver the Humanitarian Aid community’s ideal CBT solution:-

•  A proven, robust and scalable beneficiary registration and voucher distribution service, The TAP Platform, which was used to register in excess of 500,000 subsistence farmers in Nigeria’s northern states to the Ministry of Agriculture and Rural Development’s GES voucher scheme. The transparent nature of the information stored within the system allowed us to remotely identify incorrect or fraudulent activity within the system and initiate remedial action accordingly.

•  Mobile applications which can be used to complete transactions initiated by tapping a smartcard to the merchant’s mobile phone, replacing the payment terminals and removing the need for physical cash.

•  AML/KYC compliance solutions developed for use in regions where regulatory supervision is limited, such as Somalia.

•  A group of ethical hackers who could validate the security of the end to end service.

The result is TeMS (the TAP e-Money Service), which we are launching at the AidEx conference. Our market research tells us that TeMS will make it easier for the Humanitarian Organisations to rapidly and securely deliver cash payments in areas with limited or no communications or electricity.

But there is a lot more behind that simple statement. The local community will be more inclined to welcome the recipients as they will bring income into the region. The teams delivering the aid will be able to focus on the financial awareness of the merchants and recipients, helping them to learn how to plan and save, rather than spending time reconciling paper vouchers or ensuring that there is sufficient cash in the region. Donors will have access to detailed information about who is receiving what aid and where, allowing them to respond to the growing demand for value for money information from their local media.

My hope is that my daughter, who is planning to spend time within the Humanitarian Aid Community when she graduates from medical school, will again be able to ask the people she is working with how a product Consult Hyperion developed has changed their lives.

Technology roadmapping

In 2005 when we performed an update to our biometrics and identification technology roadmap for the UK police, body odour was a ‘technology’ that was looking interesting, but not mature enough. The idea was that if dogs can do it, why might it not be automated. And identical twins have a unique smell, apparently.

Police biometrics techs 2005

We identified policing applications of biometrics and identification technologies, one of which was automated identification of police officers. At that time, each Force had it’s own warrant cards (so there was no confidence in what they should look like) and there was no way of using them with machines to authenticate the cardholder as an ‘officer of the lieu’ and grant them access to building and machines.

Automated identification of police officers

We foresaw the benefits of a national police warrant smart card and were retained to specify the standard which is used today across the Forces.

More recently, the technology roadmapping I have been involved in has been for transport applications. As well as the usual technologies in this space (mobile apps with 2-D bar-code; contactless payment cards; NFC mobile devices emulating contactless cards) we have also been thinking about more interesting stuff. Such as USB contactless readers used at home for fulfilment of tickets or value direct to smart cards. Or mobile devices with Bluetooth Low Energy (BLE) interacting with beacons waking the app up to present the appropriate form of ticket for the time and place. And, or course, NFC devices with the Host Card Emulation (HCE) API allowing them to escape the tyranny of the Secure Element (SE) and Trusted Service Managers (TSMs).

You’ll not be surprised to hear that we are still tracking the technology of person identification via body odour. I look forward to being sniffed by a transit gate before being allowed onto the train platform in the near future.

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.