Enabling banking through mobile technology in Nigeria. kennyphillips@gmail.com Abstract In Nigeria, huge sums of cash move around on a daily basis without actually going through the banking system. The government and the banking sector of Nigeria understand the need for this cash to enter the banking system as it provides a boost to the economy. The use of these funds for profitable business activities would eventually lead to greater economic growth. There are also benefits to the individual in an economy where cash is handled a lot less. This dissertation takes a look at the importance of banking the un-banked and how mobile technology can be used to provide banking services to the un-banked (in particular) as well as anyone else. It then goes on to propose a solution best suited to the Nigerian market and gives a detailed description of how this solution will work. The solution proposed in this dissertation is inspired by the M-Pesa payment solution in Kenya. However, the M-Pesa solution does not use USSD technology (it is the technology used to top-up airtime/credit) being proposed in this dissertation. Aside from a detailed theoretical description of the proposed system, a comprehensive model – using a formal method – of the proposed solution was also developed to show how the system would work in a reality. The importance of banking the un-banked A review of existing mobile payment systems in Africa Secure Storage: Banks provide secure storage facilities. Enhanced liquidity: Money held in the banks can be converted into loans for others. Secure payment system: Banking services provide a secure way to execute commerce. Economic growth: Money in the bank is invested into diverse projects which yield more funds. The M-Pesa payment solution: Easily the market leader on the continent and had 7 millions customers in 2009. It is operational in Kenya and was introduced in 2007 by Safaricom, Kenya’s largest mobile network operator (which is part owned by Vodafone UK). It uses SAT and is a major means of remittance amongst the un-banked. A menu is generated on the handset with all available options showing. A review of relevant mobile technology Short Message Service (SMS) Easy to use but not suitable for secure communication. Sent messages are held by an SMS Centre prior to delivery to recipient – referred to as a store and forward system – which is one of its vulnerabilities as the message can be accessed while at the SMS centre. SMS messages can also be lost during transmission which poses a problem for a payment solution. Messages are stored on either the sending handset, the receiving handset or both (except when deliberately deleted). Costs of SMS messages are borne by user. Unstructured Supplementary Service Data (USSD) Similar to SMS but communication is session based (not store and forward) meaning a real time connection between communicating parties during which time all exchanges for this session take place. Messages are not stored on any of the handsets involved in the communication. Also easy to use but a lot more secure. USSD messaging is free to the user. SIM Application ToolKit (SAT/STK) Very secure but requires training to use, hence not easy to use. Application needs to be downloaded/imbibed onto SIM card. SIM swap required for the user which could kill the introduction of the solution to the market. The Wizzit payment solution: There is a lot of hype about this solution but not much information about its success (or not) in the public domain. . Wizzit is a solution provider working with the South African bank of Athens. It is operational in South Africa and uses Wizzkids to market the solution unfortunately, it appears like only the Wizzkids have information on how it works. Hence details of the technology in use is not in the public domain. The Celpay payment solution: Run by a third party provider (Celpay Zambia Ltd) and not tied to any bank or mobile network operator. It is operational in Zambia and the solution is supplied by a company called Fundamo. This solution is available to subscribers of any mobile network and a SIM swap is necessary to generate a menu on the handset. The technology in use is assumed to be SAT but it is not expressly mentioned. There is not much information on the success of this solution in the public domain. The MTN mobile money payment solution: A joint venture initiative between MTN mobile network and Standard bank but it uses other banks as agent partners. This solution is also supplied by Fundamo and uses SAT technology. No need for a SIM swap though as the application can be downloaded over the air. Again not much information in the public domain about the success of this solution. Interactive Voice Response (IVR) Easy to use and just as secure as USSD. Only disadvantage is that call costs are borne by user. A call is placed to a service number and the user is guided through a set of instructions by a voice prompt. The proposed solution – MobiCash – An Overview Given that the average un-banked individual in Nigeria is familiar with USSD technology, it costs nothing to the user and is relatively secure it was then chosen as the technology to use for the MobiCash system. The system is easy to use and does not stray from what the user is familiar with. There is a registration process and once this is completed a virtual account – associated with a phone number – is created which can then be used to send or receive funds. The main functions are described below (there are other functions): Topping-up using an agent Sending funds Withdrawing funds The user types the following on his/her phone *123*1*4321*1500*08033033033# (*service number*function identifier*agent’s PIN*amount*recipient number#) then hits the send button. The user types the following on his/her phone *123*2*6789*1500*08033033033# (*service number*function identifier*sender’s PIN*amount*recipient number#) then hits the send button. The user types the following on his/her phone *123*4*6789*3000*08033345678# (*service number*function identifier*withdrawer’s PIN*amount*agent’s number#, similar to sending funds as funds are being sent from the withdrawer to the agent however the function identifier ‘4’ signifies that it is a withdraw transaction) then hits the send button. A customer goes to an agent and verifies that the agent can process the required transaction then hands over cash. Then as depicted above; 1) Upon receipt of the cash, the agent sends a USSD message to the MNO. 2) This message is passed along to the MobiCash server. The agent’s phone number is recognized by the system as being an agent and the customer’s number is also recognised as having a virtual account associated with it and the amount in the message is added to the customer’s virtual account (as long as it does not exceed the transaction limit for the account neither does the sum of this amount and previous top-up amounts for the day exceed the daily transaction limit). 3) A confirmation of the transaction (to both the agent and the customer) is returned from the MobiCash server through the MNO. 4) The confirmation is passed along to the agent. 5) The confirmation is passed along to the customer. Topping up can also be done using a scratch card or by bank transfer from a bank account. As depicted above; 1) An account holder ‘Account 1’ sends the USSD request to the MNO. 2) The request is passed along to the MobiCash server. The phone number is recognized by the system as having a virtual account associated with it and once the PIN matches the virtual account the transaction is allowed to go through as long as there is sufficient funds in the account and the amount does not exceed the transaction limit for the particular account neither does the sum of this amount and previous send amounts for the day exceed the daily transaction limit, then the amount is deducted from the sender’s account and added to the recipient’s account (in this case Account 2). 3) A confirmation of the transaction is returned from the MobiCash server through the MNO for both parties. 4) The confirmation is passed along to the sender. 5) The confirmation is passed along to the recipient. A customer goes to an agent and verifies that the agent has enough funds to process the required transaction then as depicted above; 1) The account holder ‘Account 1’ sends the USSD request to the MNO. 2) The request is passed along to the MobiCash server. The phone number is recognized by the system as having a virtual account associated with it and once the PIN matches the virtual account the transaction is allowed to go through as long as there is sufficient funds in the account and the amount does not exceed the transaction limit for the particular account neither does the sum of this amount and previous withdraw amounts for the day exceed the daily transaction limit, then the amount is deducted from the sender’s account and added to the agent’s account. 3) A confirmation of the transaction is returned from the MobiCash server through the MNO for both parties. 4) The confirmation is passed along to the sender. 5) The confirmation is passed along to the agent. The option to send money to non-account holders also exists in which case a temporary account is created – holding the amount sent – and a unique number ‘PIN’ is generated which is used to access this account at the point of withdrawal. This PIN is sent to the sender (the origin of the transaction) in the confirmation message. It is then the sender’s responsibility to get the PIN across to the recipient. Upon receipt of this confirmation, the agent hands over the appropriate physical cash (if the account is registered as either semi-banked or fully-banked then the agent also checks the account holder’s identification). Is it secure? Yes; no transaction information is held on the handset or SIM, each virtual account is associated with a PIN which is needed to complete a transaction and the GSM infrastructure provides the security of encryption, subscriber authentication and subscriber identity confidentiality for each transaction/user. The MobiCash server is three tiered: front-end, business logic and back-end tiers with all external communication processed by the front-end which is protected by a set of well defined firewall rules. The data held – in the back-end tier – is encrypted and the three tier reside within a secure LAN. The rewards versus investment for cracking all of this are virtually non-existent. Conclusions The take up of mobile technology in Nigeria has been very successful making it an effective medium to use for other related services. The success of the M-Pesa solution has shown that banking services can be offered via mobile technology. Unfortunately, the SAT technology presents a steep learning curve making it’s roll out more difficult and could potentially kill the solution. Using USSD technology for the MobiCash system has ensured that the solution stays within familiar territory, is easy to use, convenient, does not require any new hardware and is adequately secure. The system was modelled using the B Method and demonstrates its execution in practice. Future Work Finding a way to implement this solution in Nigeria and introducing the use of IVR – using a toll free number – because it presents the added advantage of using voice prompts in the various local dialects. Kenny Phillips – BSc Computing