Security the key to Africa's mobile FinTech revolution
Security the key to Africa's mobile FinTech revolution
Fifteen years ago, Africa gave the world a master class in using technology innovatively in finance. With large unbanked populations, widespread poverty and poor internet penetration, Africa seemed light years behind the developed world. Even in the real world, branch coverage was patchy.
Africa's saving grace was its love affair with mobile technology. Even though feature phones were the order of the day, African banks came up with novel ways to use the technology at hand to provide banking services—and include more people in the economy.
The most famous example of Africa's innovative capacity is mobile operator Safaricom's M-Pesa, launched in 2007 to provide a way to transfer money from mobile to mobile - almost a decade before brands such as Venmo, Facebook Messenger payments and WeChat Pay were available.
Today, African firms still stand out as innovators in the world of FinTech: Nigerian payment gateway Flutterwave is a graduate of the prestigious Y Combinator programme, and South African media giant Naspers owned, until recently, a third of WeChat Pay parent Tencent.
Much has changed. Some US$34 billion of aid has poured into financial-inclusion projects in Africa, and the number of mobile phones has continued to grow. The mobile network operators' industry body, GSMA, estimates that many more African mobile payment accounts exist than registered bank accounts -277 million compared with 178 million.
The difference between Africa and the rest of the world is stark. In 2014, 12% of adults on the continent had a mobile money account, compared to just 2% of the population in the rest of the world. That number is rapidly growing: half of all mobile money services in use today are based somewhere in Africa.
However, as a recent paper in the Review of Development Finance in June 2017 shows, there is a direct progression from use of mobile payments to formal financial inclusion and the opening of savings accounts.
The security challenges
In order to facilitate this progression towards full financial inclusivity, Africa will no doubt continue to innovate - but it must also face up to several challenges, one of the main ones being security.
Security risks in the world of mobile payments are unique. Safaricom has reported in the past that, at 0.002%, the incidence of fraud on the M-Pesa platform is much lower than that of credit cards, at between 0.05% and 0.1% globally. This is partly a result of Safaricom's investment in security, and partly that M-Pesa customers aren't high-value targets. Far more at risk are the agents, who convert digital cash into physical currency and vice versa.
Fully fledged mobile carries different risks and solutions. For customers who are banking online with smartphones and apps, the security concerns in Africa are the same as anywhere else in the world. Cell phone theft, password breaches, malware breaches and phishing attacks are the main worries for customers with an iPhone whether they are in Nairobi or New York.
What's different in Africa's emerging consumers are the types of cell phones that must be secured against an ever more dangerous threat landscape. According to Pew Research Centre, 37% of South Africans own a smartphone, as do 28% of Nigerians, 26% of Kenyans and 21% of Ghanaians. Other African countries lag behind significantly. Feature phones are used for mobile banking and payments all over the continent but, the key technologies used -SMS and USSD -have known security weaknesses that could be exploited to intercept transactions.
Clearly, greater use of smartphones that support fully encrypted, app-based transacting will improve security. This is happening organically as the cost of a new smartphone is almost the same as a feature phone today. Once smartphones are available, apps become popular fast.
A survey by IT vendor Avaya found that the app was the preferred banking channel for 30% of South Africans, more than three-quarters of all those who have access to mobile apps.
An additional issue is that many Africans use free Wi-Fi hotspots in cities because of high data costs. But low-cost smartphones may not protect against weaknesses in the WPA2 protocol, almost universally used for Wi-Fi security.
Another key issue is the fact that co-operative and community-based savings organisations remain the most affordable and accessible ways to begin saving money, so driving financial inclusion. Because of the high fees charged by mainstream banks, these organisations are looking at ways of operating online, but few have the resources to correctly secure digital services.
Novel technologies may be the solution here, believes Sonny Fisher of FORUS. Fisher is launching a Blockchain-based network aimed at informal traders and savings societies across Africa, with the backing of several co-operative savings groups. He believes this will lower the cost of transacting to zero, while at the same time providing security through federated authentication.
A final point is that criminals are increasingly using artificial intelligence and machine learning to launch ever more sophisticated and convincing phishing attacks on bank customers. In areas where digital literacy is low but uptake of mobile banking high, helping people understand digital risks as they enter the formal banking system for the first time will be the most critical defense against attacks.
* By David Noel-Lardin, Vice President for Digital Payment Gemalto CISMEA.