April 4, 2011

Can SIM registration curb mobile payment fraud?

 A major challenge before the Central Bank of Nigeria (CBN) and the 16 mobile payment licensees is how to prevent the use of mobile payment services for criminal activities. This however requires an acceptable standard of verifying the identity of mobile payment users so as to ensure adherence to the Know Your Customer (KYC) requirement. The ongoing SIM registration by the Nigerian Communication Commission (NCC) is seen as potential solution to this challenge. Electronic payment experts and regulators gathered at the eNNOVATORs Breakfast series agree that while SIM registration has crime prevention benefits for mobile payment, it also has its limitations, Babajide Komolafe writes.

Mobile Money, which is person-to person payment through the mobile phone or the use of mobile phones to conduct financial transactions, is the latest electronic banking innovation and a revolution changing the lives of millions across the globe.

Recognising this revolutionary impact of Mobile Money and particularly its effectiveness for financial inclusion of the millions of un-banked in Nigeria, the  Central Bank of Nigeria   in 2009 unveiled the Regulatory Framework  for Provision of Mobile Money services, and last year it  granted provisional licenses to 16 firms including six banks to render mobile money services.

But like other financial services, mobile payment is vulnerable to abuse especially by fraudsters and its vulnerability is unique given the ease at which anyone can acquire and operate a mobile phone. One effective way of reducing this risk of abuse is to be sure of the identity of anybody using mobile payment services. This implies that adherence to the principle and requirement of Know Your Customer is very critical to successful mobile payment system.

Mpesa in Kenya is the most notable example of a successful mobile payment service, but this is because they have a national identity system through which the identity of every user can be verified.

But such a unique way of identification is still lacking in Nigeria. Presently banks identify customers through Drivers license, International passports and National identity card. But not every Nigerian has these identification tokens especially the mass of under banked, which are expected to be the major beneficiary of mobile banking.

Yet by next month the CBN would issue final licenses to the 16 mobile payment licensees. The implication is that the country would be embarking on a great risk if mobile payment commences without addressing the challenge of identification.

Last week, some experts and regulatory officials convened at the financialtechnology’s eNNOVATORS Breakfast series discussed the possibility of harnessing the on-going SIM registration exercise by the Nigeria Communication Commission to solve this identification problem.

“What are we going to use for KYC purposes in mobile payment and is it possible to use the SIM registration for this purpose? Sola Fanawopo, Editor-in-Chief of Finacialtechnology asked in his welcome remarks.

Mr. Emmanuel Obaigbona, Deputy Director, Domestic Payment Division said that the CBN is concerned about KYC issue in mobile payment.

“It considers SIM registration as a possible solution but it is mindful of the problem of multiple ownership of SIM by individuals. He said the CBN however look up to identity data base of National Identity Management System (NIMS) to overcome this challenge.

Sir Aladekomo, the Chairman of Chams PLC  in his presentation noted that  SIM registration is beneficial to mobile payment KYC and crime prevention and it is not peculiar to Nigeria as it also been  done in nine African countries.

He said what Nigeria needs is a single identity data base managed by an agency as represented by NIMS with contributions from strategic agencies and services providers and easy access for identity verification. “The SIM registration data base of 60 million lines represents a critical mass for such national identity data base”, he said.

James Agada, Chief Executive of ExpertEdge said that while SIM registration offers KYC benefit to mobile payment, but for this benefits to be harnessed there is need for an identification token that can be verified by mobile payment agents online and that would require integrating  SIM registration data base with mobile payment framework.

Gansirey Seck of Ingenico raised the challenge of illiteracy vis-a-vis KYC requirements and the goal of attracting the unbanked. To overcome this and the issue of identification, she suggested the use of biometric (finger print) for authentication of mobile payment transactions. Mosh Adetoro of Qrioos, on his part recommended the voice recognition of subscribers to address the dual problem of illiteracy and identification adding that KYC does not necessarily has to be filling of forms. Emmanuel of MobileMoneyAfrica suggested the use of mobile money agents for both SIM registration and identity of Mobile payment users.

 From the papers presented and recommendations of the speakers one notable  discovery is that the KYC benefit of SIM registration can be harnessed to curb criminal activities in mobile payment by integrating SIM  card registration with mobile payment infrastructure such that it allows for an additional authentication by mobile payment users which can be verified online by mobile payment agents.
How can this be achieved?

As recommended by one of the speakers, there should be a platform for online interface between SIM registration data base and mobile payment users.

The SIM registration should include biometrics (and possibly the voice) of each SIM owner. The Biometric (and/or the voice) should be assigned a unique number, which would only be known by the SIM owner. Hence the SIM registration data base will include the details of the owner of each SIM and their Biometrics, Voice and the number assigned to them.

This biometric (and voice) number should be used as additional authentication for mobile payment transactions.

Since there is an online interface between the SIM registration data bank and the mobile money payment, the mobile money agent can always verify this authentication online before honouring any mobile payment request.

This would help to trace mobile payment transactions to the specific person that authorizes it.

Furthermore, where a mobile payment users lose their phone (perhaps   due to theft) nobody would be able to use the phone to make illegal or unauthorized mobile payment transactions.

This however requires a  stakeholder’s conference involving, NCC, Telcos, CBN, EFCC and Mobile Money licensees is necessary to discuss the workability and implementation.