Enabling banking through Mobile Technology in Nigeria

advertisement
Enabling banking through mobile technology
in Nigeria.
kennyphillips@gmail.com
Abstract
In Nigeria, huge sums of cash move around on a daily basis without actually going through the banking system. The government and the banking sector of Nigeria understand the need for this cash to enter
the banking system as it provides a boost to the economy. The use of these funds for profitable business activities would eventually lead to greater economic growth. There are also benefits to the individual in
an economy where cash is handled a lot less. This dissertation takes a look at the importance of banking the un-banked and how mobile technology can be used to provide banking services to the un-banked
(in particular) as well as anyone else. It then goes on to propose a solution best suited to the Nigerian market and gives a detailed description of how this solution will work.
The solution proposed in this dissertation is inspired by the M-Pesa payment solution in Kenya. However, the M-Pesa solution does not use USSD technology (it is the technology used to top-up
airtime/credit) being proposed in this dissertation. Aside from a detailed theoretical description of the proposed system, a comprehensive model – using a formal method – of the proposed solution was also
developed to show how the system would work in a reality.
The importance of banking the un-banked
A review of existing mobile payment systems in Africa
 Secure Storage: Banks provide secure storage facilities.
 Enhanced liquidity: Money held in the banks can be converted into loans for others.
 Secure payment system: Banking services provide a secure way to execute commerce.
 Economic growth: Money in the bank is invested into diverse projects which yield more funds.
The M-Pesa payment solution: Easily the market leader on the continent and had 7 millions customers in
2009. It is operational in Kenya and was introduced in 2007 by Safaricom, Kenya’s largest mobile network
operator (which is part owned by Vodafone UK). It uses SAT and is a major means of remittance amongst the
un-banked. A menu is generated on the handset with all available options showing.
A review of relevant mobile technology
Short Message Service (SMS) Easy to use but not suitable for secure communication. Sent messages are held
by an SMS Centre prior to delivery to recipient – referred to as a store and forward system – which is one of its
vulnerabilities as the message can be accessed while at the SMS centre. SMS messages can also be lost during
transmission which poses a problem for a payment solution. Messages are stored on either the sending handset,
the receiving handset or both (except when deliberately deleted). Costs of SMS messages are borne by user.
Unstructured Supplementary Service Data (USSD) Similar to SMS but communication is session based (not
store and forward) meaning a real time connection between communicating parties during which time all
exchanges for this session take place. Messages are not stored on any of the handsets involved in the
communication. Also easy to use but a lot more secure. USSD messaging is free to the user.
SIM Application ToolKit (SAT/STK) Very secure but requires training to use, hence not easy to use.
Application needs to be downloaded/imbibed onto SIM card. SIM swap required for the user which could kill
the introduction of the solution to the market.
The Wizzit payment solution: There is a lot of hype about this solution but not much information about its
success (or not) in the public domain. . Wizzit is a solution provider working with the South African bank of
Athens. It is operational in South Africa and uses Wizzkids to market the solution unfortunately, it appears like
only the Wizzkids have information on how it works. Hence details of the technology in use is not in the public
domain.
The Celpay payment solution: Run by a third party provider (Celpay Zambia Ltd) and not tied to any bank or
mobile network operator. It is operational in Zambia and the solution is supplied by a company called Fundamo.
This solution is available to subscribers of any mobile network and a SIM swap is necessary to generate a menu
on the handset. The technology in use is assumed to be SAT but it is not expressly mentioned. There is not much
information on the success of this solution in the public domain.
The MTN mobile money payment solution: A joint venture initiative between MTN mobile network and
Standard bank but it uses other banks as agent partners. This solution is also supplied by Fundamo and uses SAT
technology. No need for a SIM swap though as the application can be downloaded over the air. Again not much
information in the public domain about the success of this solution.
Interactive Voice Response (IVR) Easy to use and just as secure as USSD. Only disadvantage is that call costs
are borne by user. A call is placed to a service number and the user is guided through a set of instructions by a
voice prompt.
The proposed solution – MobiCash – An Overview
Given that the average un-banked individual in Nigeria is familiar with USSD technology, it costs nothing to the user and is relatively secure it was then chosen as the technology to use for the MobiCash system. The
system is easy to use and does not stray from what the user is familiar with. There is a registration process and once this is completed a virtual account – associated with a phone number – is created which can then be
used to send or receive funds. The main functions are described below (there are other functions):
Topping-up using an agent
Sending funds
Withdrawing funds
The user types the following on his/her phone
*123*1*4321*1500*08033033033# (*service number*function
identifier*agent’s PIN*amount*recipient number#) then hits the send
button.
The user types the following on his/her phone
*123*2*6789*1500*08033033033# (*service number*function
identifier*sender’s PIN*amount*recipient number#) then hits the send
button.
The user types the following on his/her phone
*123*4*6789*3000*08033345678# (*service number*function
identifier*withdrawer’s PIN*amount*agent’s number#, similar to sending
funds as funds are being sent from the withdrawer to the agent however the
function identifier ‘4’ signifies that it is a withdraw transaction) then hits the
send button.
A customer goes to an agent and verifies that the agent can process the
required transaction then hands over cash. Then as depicted above;
1) Upon receipt of the cash, the agent sends a USSD message to the
MNO.
2) This message is passed along to the MobiCash server. The agent’s
phone number is recognized by the system as being an agent and the
customer’s number is also recognised as having a virtual account
associated with it and the amount in the message is added to the
customer’s virtual account (as long as it does not exceed the
transaction limit for the account neither does the sum of this amount
and previous top-up amounts for the day exceed the daily transaction
limit).
3) A confirmation of the transaction (to both the agent and the customer)
is returned from the MobiCash server through the MNO.
4) The confirmation is passed along to the agent.
5) The confirmation is passed along to the customer.
Topping up can also be done using a scratch card or by bank transfer
from a bank account.
As depicted above;
1) An account holder ‘Account 1’ sends the USSD request to the MNO.
2) The request is passed along to the MobiCash server. The phone number is
recognized by the system as having a virtual account associated with it
and once the PIN matches the virtual account the transaction is allowed
to go through as long as there is sufficient funds in the account and the
amount does not exceed the transaction limit for the particular account
neither does the sum of this amount and previous send amounts for the
day exceed the daily transaction limit, then the amount is deducted from
the sender’s account and added to the recipient’s account (in this case
Account 2).
3) A confirmation of the transaction is returned from the MobiCash server
through the MNO for both parties.
4) The confirmation is passed along to the sender.
5) The confirmation is passed along to the recipient.
A customer goes to an agent and verifies that the agent has enough funds
to process the required transaction then as depicted above;
1) The account holder ‘Account 1’ sends the USSD request to the MNO.
2) The request is passed along to the MobiCash server. The phone number
is recognized by the system as having a virtual account associated with
it and once the PIN matches the virtual account the transaction is
allowed to go through as long as there is sufficient funds in the
account and the amount does not exceed the transaction limit for the
particular account neither does the sum of this amount and previous
withdraw amounts for the day exceed the daily transaction limit, then
the amount is deducted from the sender’s account and added to the
agent’s account.
3) A confirmation of the transaction is returned from the MobiCash server
through the MNO for both parties.
4) The confirmation is passed along to the sender.
5) The confirmation is passed along to the agent.
The option to send money to non-account holders also exists in which case
a temporary account is created – holding the amount sent – and a unique
number ‘PIN’ is generated which is used to access this account at the
point of withdrawal. This PIN is sent to the sender (the origin of the
transaction) in the confirmation message. It is then the sender’s
responsibility to get the PIN across to the recipient.
Upon receipt of this confirmation, the agent hands over the appropriate
physical cash (if the account is registered as either semi-banked or
fully-banked then the agent also checks the account holder’s
identification).
Is it secure?
Yes; no transaction information is held on the handset or SIM, each virtual account is associated with a PIN which is needed to complete a transaction and the GSM infrastructure provides the security of encryption, subscriber
authentication and subscriber identity confidentiality for each transaction/user. The MobiCash server is three tiered: front-end, business logic and back-end tiers with all external communication processed by the front-end which is
protected by a set of well defined firewall rules. The data held – in the back-end tier – is encrypted and the three tier reside within a secure LAN. The rewards versus investment for cracking all of this are virtually non-existent.
Conclusions
The take up of mobile technology in Nigeria has been very successful making it an effective medium to use for other related services. The success of the M-Pesa solution has shown that banking services can be offered via mobile
technology. Unfortunately, the SAT technology presents a steep learning curve making it’s roll out more difficult and could potentially kill the solution. Using USSD technology for the MobiCash system has ensured that the
solution stays within familiar territory, is easy to use, convenient, does not require any new hardware and is adequately secure. The system was modelled using the B Method and demonstrates its execution in practice.
Future Work
Finding a way to implement this solution in Nigeria and introducing the use of IVR – using a toll free number – because it presents the added advantage of using voice prompts in the various local dialects.
Kenny Phillips – BSc Computing
Download