Can Current Technology Deliver Secure Mobile Voting Solutions?

red check mark over black box

Insecure technology is regularly cited as barrier to the use of online voting systems, in particular when casting your vote through your mobile phone, rather than putting your cross on a piece of paper and putting in a box at the polling station or mail box. At the same time those detractors trust the same mobile technology to place stock trades, initiate high value payments and more recently accessing their health records.

Yep, people are interested in NFC again

Dgwb blog white border

As we head back to Barcelona for Mobile World Congress again, there’s more talk about NFC and this time it’s not only coming from the operators.

In her state of the industry address at the GSMA NFC & Mobile Money Summit last fall in New York, GSMA Director General Anne Bouverot said that NFC is gaining traction globally, and it is certainly true the the number of handsets sold with NFC capabilities is steadily rising, even if most consumers neither know nor care that they have NFC. But it’s not just in phones: NFC is springing up in TVs, printers, cameras and all sorts of other consumer electronics. In our corner of the transaction treehouse, however, NFC means making contactless payments in retail environments. This hasn’t been going so well. As I said at the time, consumers can’t use NFC to ride the bus, which was my throwaway and prosaic benchmark of mass-market acceptability. But they might soon.

Madrid-based non-public bus operator Jiménez constellation is to introduce a brand new cloud-based NFC ticketing resolution that allows Nexus five NFC phones to be used as contactless ticketing readers at a “fraction of the value of ancient contactless reader infrastructures”. Ticktrack, developed by Spanish startup Aditium, uses host card emulation (HCE)…

[From Spanish bus drivers to check tickets using NFC host card emulation – NFC Business Cards]

Interesting. Something has changed. There were handsets out there. There were announcements all the time about pilots, trials and even live services. But somehow the technology was (and is, to be honest) struggling to gain traction, and every time that Apple announce a new phone without NFC there are a plethora of articles about the death of NFC. If you do have a handset with NFC in it, let’s say one of the super new Samsung S4s, you can’t use it for much interesting. I can’t log in to my bank and load my credit card onto it, for example. All I can do with the NFC on my Android phone is use it as a slightly more convenient version of a QR code. Except in Canada, where I could download my Tim Horton app and buy coffee with a tap.

Something has definitely changed. What? Well, here’s a framing of problem that I often hear. The GSMA (and others) opted for an architecture that put the mobile operators in control. And there’s nothing wrong with that. The GSMA is the mobile operators. But — and let’s be frank, to move the sector forward — the banks and operators have found it difficult to work together. I don’t want to cause trouble, especially since Consult Hyperion advises both banks and operators, but I think we have to be honest and open up the discussions that everyone knows are going on behind closed doors.

These MNOs operate a TSM service and establish the trust. Technically perfect, but this is also the problem that get things stuck. It has no technical issues, it is political. The banks just do not want the MNOs in their food chain.

[From EMV compliant NFC transaction from a mobile phone | The Abrantix Blog]

Maybe. And there is certainly evidence from the marketplace that banks will go to some lengths in order to avoid having to deal with the MNOs. This is despite countless attempts to work together. Personally, I suspect that some of this is down to the sheer hassle of it as much as it is to deep-seated strategic aversion to the Single-Wire Protocol (SWP), but it is nonetheless an observable phenomenon.

Bank of China (Hong Kong) is to introduce a microSD card based NFC payments service before the end of the year… BOC e-Wallet will initially be available for the Samsung Galaxy S4 LTE, Galaxy S III LTE, Galaxy Note II LTE, Galaxy S4, Galaxy Note II, Galaxy S III and LG Optimus G Pro smartphones.

[From Bank of China launches NFC payments in Hong Kong • NFC World]

Phones such as the S4, as noted, already have NFC. So, you might wonder, why bother putting a microSD NFC card into a phone that already has it if not to go around the MNO? This is the nub of the problem. In the complicated (but, let’s be clear, very secure) SIM-based SE model, the MNO calls the shots. And that has turned out to be a significant barrier to progress. It’s not impermeable: in some places (Canada and Australia spring to mind) where there are highly concentrated industries (ie, a small number of big banks and a couple of dominant MNOs) and a determination to work together despite thin margins there are now multiple handsets and multiple banks with functioning implementations in the market.

So what has changed? Why are the Canadian coffee chain and the Spanish bus company investing in NFC ? Well, the most interesting case study from Mobile World Congress last year was, as I have said before, BankInter in Spain. They launched what we called at the time a “NOSE” (NO Secure Element) payment service that uses tokenization to shift the risk analysis balance away from SE levels of security. The reason why this was such an interesting case study was that Bank Inter own an MNO. When you own an MNO, and still find it too much hassle to launch a SIM-based NFC payment service, that has to tell you something about the chosen model. Last year I called it an earthquake, and I stand by that.

Technically, what they did was to use a version of Android that had Host Card Emulation (HCE). At high level, this means that handset can pretend to be a payment card rather than having to have the SIM involved. When last year Google announced that HCE would become part of Android and that there would be no need to patch any more, a lot of people suddenly regained interested in the technology. The responses to this technology change have been very interesting indeed, as they seem to indicate considerable latent demand for a technology that we were being told was finished.

“With the entry of HCE we are free”

[From Spanish bus drivers to check tickets using NFC host card emulation • NFC World]

It wasn’t the technology that was the problem, it was the business model. Having previously criticised the SIM-centric model (with genuine integrity and, I think experience has shown, real cause), I stand in testament to the GSMA’s commitment to explore different views on this important topic and I am delighted to be able confirm that I will be giving part of the breakfast briefing on “HCE: NFC Threat or Opportunity” at the Mobile World Congress in Barcleona on Wednesday 26th February at 8.30am. I am genuinely looking forward to this as I personally think that there is an opportunity for mobile operators to use HCE to revitalise NFC in the mass market and, along with BLE, find new and more flexible business models that will make sense to financial services and other sectors. I expect to learn a lot from my fellow panelists and I look forward to seeing you all there.

Why all the fuss about HCE?

[Dave Birch] First things first. Why is everyone in our cozy corner of the transactions treehouse asking about Host-Based Card Emulation, HCE, all of a sudden? HCE is quite simple: it means using the NFC interface on a device (a PC, a mobile phone, a car, whatever) to allow the device to be a contactless card so that you can make a payment (or present a ticket, show an ID card or a million other things). If you want to make your phone be, for example, your Barclays debit card then you have to overcome two problems: first of all, the phone has to store some security information and secondly the phone has to be able to send this information through NFC. Until recently, both of these things were difficult.

  • The security keys on your debit card are very valuable, which is why they are stored in a high security tamper-resistant chip on your debit card, so if you wanted to put them in a phone you had to put them in the high security tamper-resistant chip that talks to the NFC interface on your phone: the secure element (SE). Either the operator SE on the SIM card or the manufacturer SE in the handset.
  • Even if you did want to take the risk and put your security keys in the handset, the terminal couldn’t talk to them because when you tap your phone against a contactless terminal in Marks & Sparks, the data is sent to the SE and not to your app.

Now, you could get round this by patching Android using the CyanogenMod variant as SimplyTapp have done, or by using any Blackberry 10 phone. And, indeed, that’s what we’ve been doing for the last two years when, for a variety of (legitimate) reasons to do with testing, prototyping, demonstrations and just showing off, we’ve loaded the keys into the handset to execute payment transactions without using the SE. In an operational service, however, you wouldn’t want to load quite the same security information into your mobile phone as you have in your chip and PIN card (because, as noted, the chip on the chip and PIN card is secure and your mobile phone isn’t). What you can do, though, is load “limited” versions of the security information into your mobile phone. Information that can only be used for a day, or for transaction, or in a specific merchant or whatever. Let’s call that information a “token”.

The mobile phone security environment is very different from the card security environment. The payment application in your card contains the security keys that must be kept secret for the lifetime of the card, even in the face of an attacker with huge resources and unlimited physical access to the card. The payment application in your mobile phone contains keys that need only live for the lifetime of the token and need only withstand software attacks.

This generic class of solution (which we started calling NO Secure Element, or NOSE, transactions) was well-known to our clients because we showed it to them and started working with some of them. In February of this year, Bankinter in Spain became the first European issuer to announce an operational NOSE-style service, which we commented on at the time.

All NFC-enabled digital wallets require access to a secure element on the device

[From Visa’s plan to spur NFC mobile wallet adoption may hit a snag | Mobile World Congress – CNET Reviews]

This is not true, but it has been taken as read by the industry. Hence I was surprised that one announcement didn’t attract more attention.

Spanish banking group Bankinter has developed an NFC payments solution that works without a secure element.

[From Bankinter develops NFC payments service that eliminates need for secure elements • NFC World]

This is huge

[From Did anyone notice? There was just an NFC earthquake]

So why now? After all, Consult Hyperion has been writing HCE software since 2007 without much fuss. In fact, here is a video of an HCE EMV transaction recorded almost exactly six years ago!

Well, as we told our clients, the new version of Android includes HCE so, with apologies to our friends at Blackberry, this now makes NOSE mainstream. In fact,

A detailed guide to Android 4.4 KitKat’s support for Host Card Emulation (HCE), which enables NFC payments and other secure services to be delivered without the use of a secure element, is now available on the Android Developers website.

[From Google posts HCE guide • NFC World]

So why is this a big deal?

And a representative of MasterCard, James Anderson, said he believed host-card emulation might help break the logjam now blocking rollouts of NFC. Sometimes called software emulation or “secure element in the cloud,” host-based card emulation–known by the abbreviation HCE–also could potentially use the trusted execution environment in place of secure elements, say some observers.

[From SPECIAL REPORT: Google Backs Host-Card Emulation, but Visa and MasterCard Could Hold Keys to Success – BayPay Members Blogs]

Including, for example, me. Although I should note, rather nerdishly, that SE-in-the-cloud and NOSE are, strictly speaking, different solutions. But never mind. James is a very smart guy, and if he thinks HCE might break the “logjam”, I take him seriously.

But it is far from certain how it will all work. One of the reasons why banks weren’t that keen on the SIM-based SE in the first place was that it meant that someone else (ie, the mobile operators) controlled the channel. Why would they dump SIM-based SE under operator control for a handset-based Trusted Execution Environment (TEE) under handset manufacturer control when they can have a cloud-based SE under their own control? From their point of view, being at the mercy of Apple or Google is no different to being at the mercy of Vodafone or Telefonica. A more likely scenario is that the TEE is used for secure authentication (perhaps inside a FIDO framework) by HCE apps in the handset. Then, much like Apple’s use of the fingerprint sensor for purchasing on iTunes, the TEE would provide added security and convenience, but apps could still work without it (maybe you would have to type a longer password, or answer a question and give a voice response to something, or whatever, instead of PIN entry or fingerprint touch.

While the schemes have yet to give any definitive ruling on NoSE (No Secure Element) payments with EMV (and remember, there is already the live service with Bankinter in Spain), it is unlikely they will rule against it. As Karen Webster noted with characteristic accuracy in her comments on the topic, their is an under-the-hood synergy with tokenisation, since the limited use or special security keys that I talked about above are, in fact, tokens. Therefore, what it makes sense for the schemes to do is integrate HCE into their tokenisation roadmap and — and I’m saying this only as an informed observer, not using any “inside information” — set out basic security requirements that will be needed for certification. This can clearly be done: I already have a PingIt app on my iPhone that gives direct access to my bank account. If it is possible to find countermeasures that give the right risk analysis balance for that app, it is possible to find countermeasures for a Visa, MasterCard, Amex or Discover app with API interfaces to retailer apps.

This ail radically reduces the cost of development, deployment and use, as it’s goodbye to the Trusted Service Manager (TSM) and the operator’s “apartment model” of renting SIM space.

[From NFC aftershocks]

So having said all of this, let’s get back the basic question: what does NFC change? In the UK, where there are lots of contactless payment terminals and lots of Android mobile phones, it means that banks, retailers, transport operators, games companies and other can add NFC to their apps and make for a more attractive customer experience. It means that mobile operators will have to work harder to add value to their NFC propositions if they are to recover their investment in SIM-based SEs and TSMs. A place to start, and I will be talking about this at the Samsung Developer Day 2013 next week, will be to add convenience to apps and then add security. Let me give you a hypothetical example: I’ve written before that I like the PayPayl Here app, but I’d like it more with added NFC sparkle.

Yes it is better than NFC is, but it’s not better than NFC could be.

[From Back in the real world (well, West London)]

I meant that apps could use NFC for convenience, not for security, so for a customer with an iPhone, they can run the PayPal app, select the merchant and then check in to PayPal Here and pay. It will all work perfectly. A customer with a Samsung S4 could just tap. But because of HCE apps can use now use NFC for security too. They can load payment scheme applications, yes, but also ID cards and travel tickets and corporate access and event management and and and…

A retailer and a bank, for example, might integrate payments via HCE into the retailers own app, bringing together Bluetooth Low Energy (BLE) and NFC to provide a seamless customer experience. You walk into the store and get personalised attention through the app – which now knows which shelf you are standing front of – and the app downloads a payment token from the bank via mobile, wifi, BLE or whatever. When you’ve finished shopping you tap and pay at the unmodified POS terminal using that same retailer app which now feeds the bank token to the POS across the NFC interface. An HCE/NFC/BLE world seems rather attractive from a consumer experience perspective.

NFC just got a lot more interesting again.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Are the British more open to mobile wallets?

[Jane Adams]A couple of weeks ago I wrote about the results of the consumer research we carried out in the US when we asked consumers who they most trusted to issue mobile wallets. We also asked the same question in the UK and the results were a little more encouraging. Here only 42% said they would never use a wallet, meaning 58% would.

This 58% figure in favour is in contrast to the 64% of US consumers who say they would never use a mobile wallet.

Consumers were asked who they would trust most to issue a mobile wallet: banks, phone companies, Google or major retailers, with a final option of saying no-one because they would not use such a service. The most trusted issuers for UK consumers were banks at 34%, followed by Google at 14%, mobile operators at 6% and retailers such as Debenhams at 4%. In contrast US figures were banks at 20%, followed by Google at 10%, retailers such as Walmart at 3% and phone service providers at 2%. 

Most trusted issuer of mobile wallets- UK – source: Consult Hyperion

Both age and gender made a difference to results with British men being more willing to use a wallet – only 37% said they never would against 44% of British women. Younger people were more open to the idea than the older generation with the group most likely to use wallets being men of 18-14 at 73% whereas the group least likely to was women aged 55-64 at 31%. In contrast, 18-24 year old men in the US were one of the most conservative groups with 71% saying they would never use a mobile wallet. This possibly may reflect a lack of ease with financial services in that age group rather than technology though.

The group most likely to trust banks in the UK were the 35-44 year olds, whereas 18-24 year olds were the group most in favour of Google. The only demographic segment that favour retailers as issuers were women aged 25-34, but even for them retailers came second behind banks as the preferred issuer.

Scots were least likely to consider using a wallet whereas the English were most likely. As a Scot by adoption I’m backing rapidly away from that finding except to say that clearly conservatism in general has a lot to do with rates of new product uptake and while Scotland couldn’t be less Conservative, it is, especially outside the Central Belt, fairly conservative.

What could be the reason for the fairly striking headline difference with the US? Again, in many respects, the US is more conservative than the UK, especially with respect to financial services. Cheques are still widely used and while we have Faster Payments, it has recently emerged that US banks stopped a similar proposal being developed. With no commonly used Chip & PIN (yet), many may find no particular reason to stop using credit cards at the point of sale.

In addition, UK consumers are a lot more at home with mobile banking than those in the US. Recent figures from the Office of National Statistics show that over half of UK adults use mobile banking, whereas according to the Federal Reserve, the equivalent US figure is 21%. So it makes sense that there might be more hesitance about mobile payments too.

Pingit’s success may have paved the way in Britain too.

Overall though, our main conclusion about the US holds for the UK too. A key marketing challenge for any mobile wallet issuer is to come up with a narrative or metaphor that makes sense to the consumer. Then they need to identify the pain points for the consumer and use that as a way in. Personally, I think that rather than loyalty and couponing, that is online payments. Despite how much 3D Secure has improved in recent times, it's still easier to use PayPal. That ease is what wallets need to emulate.

Incidentally, we’ve had a number of comments on the lines that it was a shame that we didn’t include PayPal in the research as an option. All I can do is agree. Although our initial motivation was mainly to see how banks lined up against MNOs and retailers, it would have been very interesting to see how the results might have differed. In fact that’s given me an idea for some more research…

Making people want wallets

[Jane Adams] Consumer research we carried out recently amongst US consumers paints a worrying picture for putative mobile wallet issuers.

We asked 1015 US consumers who they most trusted to issue mobile wallets. The question was preceded by a brief definition of a mobile wallet that was designed to be understandable to non-industry specialists (and that also fitted in the character restrictions for questions imposed by the research tool) – “A mobile wallet is an app that lets you pay online and in-store, provide ID, collect points/coupons and store data with a phone. Who do you trust most to issue mobile wallets?”

While banks came out clearly as the most trusted issuer, ahead of Google, major retailers (we gave Target and Walmart as examples, given their MCX involvement) and phone operators, an overwhelming majority of respondents at 64% said that they would never use mobile wallets. Banks gained 20% of votes, Google 10%, retailers 3% and phone operators 2%. One person wrote in Santa Claus. The overall result was considered statistically significant.

That’s pretty dispiriting news for retailers and perhaps surprising given the often stated public dislike of banks post the 2008 economic crash. However it suggests that although people may dislike banks they still trust them.

We were able to break down the responses by age, gender and income to gain some further insights. The group most likely to use wallets overall from the sample were men aged between 25-34, where only 50% said they would never use a wallet.

Other noteworthy results were that women overall were less trusting of wallets than men although only by about 7%. Men were more trusting of banks, Google and phone operators as issuers, whereas women were three times more likely to trust retailers than men.

In all age groups, the majority opinion was that they would trust no-one to issue a mobile wallet and would never use one, with banks coming in second place as most trusted of the potential issuers specified. The age group least likely to use a wallet was 65+ at 73%, then 45-54 at 72% then 55-64% at 69%. The most open minded group was 25-34 year olds at 52% then 35-44 at 56%.

18-24 year olds were surprisingly against the idea with 64%, almost identical to the overall figure, saying they would never use one, although there was a big gender split here with women notably keener than men in that age group on the idea of wallets.

The biggest fans of banks and of Google were aged between 25-44, although in no age group did Google’s trust rating go above 14%. It’s worth bearing in mind that the survey was conducted online and hence excluded the non-IT literate and so a truly representative population sample would be likely to display lower trust ratings of Google. Retailers received little trust across the board, with their highest trust rating being from over 65s at just 3%.

Middle income earners were most open to the idea of wallets and to the idea of Google as an issuer.

So what does all this mean? It’s tempting to conclude that the concept of the wallet is fatally flawed. However, you’ll notice that I’m not the Chyp wallet expert, I’m the Chyp marketing expert and I’d argue that the problem is primarily a marketing one.

The first clue may come from how difficult it was for us to define the term ‘mobile wallet’ in an easy to understand way within the space constraints allowed by the research tool. Mobile wallets aren’t an easy concept to explain to people who don’t work in the sector, and that reduces consumer awareness. Back in pre-historic times when 99.9% of people only used landlines I’m sure a similar survey would have showed little enthusiasm for mobile phones.

Furthermore, explanations can be confusing. Is the Starbucks app a mobile wallet? A mobile wallet app? Just a payments app? It’s not always clear whether a mobile wallet app refers to a payments app within a mobile wallet or the wallet itself. For me, the wallet is a wrapper (of varying degrees of cleverness) for a variety of apps, just as a leather wallet is what you put a card in, not the card itself. However it’s not altogether surprising that that isn’t a distinction that’s clear to the layperson.

That means that issuers need to do a better job of explaining what mobile wallets are and what benefits they bring. After all, mobile payments are by no means unknown and the Starbucks figures referenced in the link above suggest that they aren’t unpopular, so there seems no particular reason why people would object to something that makes a product they like (the Starbucks app for example) even easier and better.

Perhaps the word wallet is the problem. For a start, to some degree or another, it’s a gendered word. A lot of women don’t carry wallets (maybe that’s why electronic purses didn’t really take off outside specific markets- it could be no coincidence that a lot of Belgian men carry manbags or ‘purses’ of the leather sort anyhow). Women replying to our survey were certainly less enthusiastic than the men.

In addition, a lot of what wallets do are things that we expect phones to do with the multiple apps we use on them anyhow. Maybe the concept of a wrapper within a wrapper is a bit too meta for the general public.

Or perhaps, given that some studies show that people tend not to use smart phones for calls much anymore, we should remove the word mobile. Maybe a specialist payments device separate from the phone might appeal to some. Maybe it’s time to return to the PDA and call it a wallet. I’m not sure I know what the answer is here. All I’m saying is that consumers might well respond better to a clearer message.

One final observation on the mistrust of wallets. I paid for this survey, carried out using Google Consumer Surveys, using my credit card. When I went back to set up another survey (we repeated the exercise in the UK) I found that my payment for that went through automatically from my Google Wallet with one click. Convenient? Absolutely (assuming I wanted to use the same card, which I didn’t). Somewhat disconcerting? Yes.

 Not many people like technology with a mind of its own. Perhaps wallets sound (at least in the definition we used) just a little bit too clever?

Bear in mind though that this is just the US. As we will see in a future blog post, the picture for issuers is not quite as bleak in the UK.

Missing transactions

[Paul Makin] Consult Hyperion are strong advocates of mobile money – we believe that not only does it offer the best route for financial inclusion, it also represents the next generation of financial services, unencumbered by legacy issues and constraints.

So we’re disappointed to note that, of the 191 services that are apparently live (according to the Mobile Money Tracker), very few of them have reached that milestone of 1 million customers – the level at which they can be viewed as a profitable, successful service. In fact, rather less than 10% have reached this point.

Why are so few reaching this milestone? We contend that in many cases it’s to do with relevance to most customers’ lives. Much of the industry is founded on watching M-PESA, and doing what they do: to paraphrase, “M-PESA is built on domestic remittances (P2P), and M-PESA is successful, so we must do the same”. But Kenya is different from many other countries in having such a strong culture of domestic migration. The consequence is that very few services have been able to build a base of regular and sustained P2P transactions. And since the profitability of mobile money services is largely determined by the number of transactions they carry out rather than the amount spent, they need to find other transactions beyond P2P if they are going to prosper.

Consider this. The large majority of the unbanked populations in emerging markets do not have access to refrigeration, so that they need to buy fresh food every day. Whether they buy the staples from a small shop or from a market trader, it is likely that this amounts to (say) one transaction a day, or 7 over the course of a week. In even the most optimistic scenario where a customer receives a P2P remittance from a relative once a week, these small retail transactions outnumber P2P by 7:1!

Addressing Retail

So if retail transactions are the answer, the question becomes “how?” Merchants are not going to be willing to sign up to multiple mobile money operators with the attendant inconvenience of using multiple MMO handsets with multiple transaction experiences and making multiple claims for settlement in order to accept payments, and so an interoperable solution is needed.

The conventional answer to this problem is the payment switch: someone – probably a bank or a large international payments organization – should be tasked with providing a switch, connecting all of the merchants, banks and mobile money operators, and giving customers a card. This familiar solution, the standard model in the so-called developed world, has evolved over five decades to overcome limitations such as the difficulty of communication, the limited availability and power of computers, and the reliance on paper for confirming contracts.

But emerging markets are coming to this need for interoperable payments with a blank sheet, to which none of these limitations apply: we have powerful mobile telecommunications, mobile phones which exceed the power of the fastest supercomputers of 30 years ago which can all interconnect via the mobile Internet, and an understanding of modern cryptography. Taken together, these factors give the emerging markets the potential to leapfrog the rest of the world and to adopt a truly modern approach to payments interoperability.

WinguPay

Consult Hyperion have developed such a solution. We call it WinguPay. It:

  • Allows complete interoperability for retail/merchant payments across participating mobile money operators and banks;
  • Uses a single merchant smartphone or POS terminal for all transactions;
  • Makes no assumptions about the capabilities of the customer’s mobile phone;
  • Does away with the need for a switch;
  • Does not require the retailer to have multiple accounts – his/her account can be at any participating mobile money operator or bank;
  • Uses public key cryptography to ensure the integrity and confidentiality of transactions;
  • Uses NFC technology to enable customer identification.

The details of WinguPay are too complex to set out in this blog post.  I’ve prepared a White Paper, which may be downloaded at:

http://www.chyp.com/assets/uploads/Documents/2013/09/White_Paper-MM_Interoperability-Introducing_WinguPay_V0_8.pdf

Of course, adopting WinguPay is not sufficient. There also need to be changes in tariffs, of which more in another blog post.

What do we mean by mobile money interoperability?

[Susie Lonie]Intuitively, interoperable mobile money schemes sound like a good thing.  Telecoms services interoperate; bank accounts (mostly) interoperate; and many case studies have demonstrated that interoperability caused these markets to grow, to the benefit of all.  So why not mandate interconnected platforms for mobile money?  It’s a “no-brainer”.  Or is it?

The MM market is currently afflicted by a lack of agreed terminology – as is normal for any new market – so first we must define exactly what we mean by MM interoperability.  If we put international remittances to one side for now, there are two distinct high level domestic candidates:

  1. The ability for customers of any mobile money operator (MMO) to connect with a range of other types of financial service provider, such as banks and payment services providers (PSPs)
  2. The ability for customers to send e-money between MM accounts provided by different MMOs on different platforms

Type one, more accurately termed interconnection really is a no-brainer as discussed in my previous blog post [http://www.chyp.com/mobile-money-practice/blog-entry/time-for-mobile-money-to-start-playing-with-the-big-boys]  .  Indeed it can be argued that in many markets, especially those where domestic remittances are less common, this interconnection is needed in order to create successful MM services.  It will certainly result in growth of the whole MM market, particularly in “dual economies” with a more developed financial service infrastructure as well as a high unbanked population.   It could theoretically be achieved by multiple bilateral agreements between MMOs and the various financial institutions.  In practice this is likely to be limited to interconnection between MMOs with large customer bases and the friendlier financial institutions and thus be slow and self-limiting as a mechanism to grow the MM market overall.

The more likely recipe for success will involve one or more interconnection services which plug MM transactions on one side of their switch (or other suitable infrastructure) and conventional financial service providers on the other.  These interconnections will allow much faster development of an integrated market with more participants than are possible from multiple bilateral negotiations and technical integrations.  The organisations successfully providing this connectivity are yet to emerge although there are already a few contenders lining up.

There may also be a third way to interconnect for specific use cases such as the WinguPay service concept for in store payments [http://www.chyp.com/media/library].

The second type of interoperability, between MM systems, has fewer advantages at this early stage of the industry’s development.  There are two levels of interoperability:

1.    Customers with MMO1 can send funds directly to the account of MMO2 and vice versa

2.    Customers of MMO1 can use the agent or merchant recruited by MMO2

Sending funds directly to an off-net customer account is certainly more convenient than the current norm of sending an “unregistered user voucher” which can be cashed at an agent, and it should encourage people to keep e-money in their account to use for other digital transactions.  But it is not clear that it will dramatically change customers’ use of e-money, particularly as it is not uncommon for them to have accounts (and SIMs) with multiple MMOs.  Undoubtedly MM account to account integration will happen over time but it does not have the same priority as interconnection.Again it may be achieved, when the time is right, bilaterally or via an intermediary.

Agent and merchant sharing is a potential issue for commercial as well as technical reasons.  Companies acting as MMOs are mainly doing so to differentiate themselves from competitors in their core business, and the winners tend to be the services with the biggest and most efficient agent networks.  Agent sharing removes their competitive advantage.  Worse, companies that invest in their agent network will see it given away to their less committed competitors for free.  They are unlikely to regard this kind of interoperability as motivation to invest in their agent network. Further, interoperability tends to imply a version of a four-party banking model, for which there are no scheme rules, technical standards or common user experience.  Suddenly the simple closed loop system becomes much more complex with increased administration and additional entities levying charges.  Few mobile money services can yet sustain a drop in revenue, so they will need to increase the cost to consumers who are unlikely to view higher transaction fees as enhancing economic empowerment.

Interoperability is certainly coming, and done properly will certainly move the MM industry forward.  However the various types of interoperability need to be clearly understood, prioritised, and introduced when the markets are ready, or they may have the opposite effect.

 

 


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
Verified by MonsterInsights