Snippet: In its Global Innovation Index 2015 report, INSEAD makes the point that, “While gaps remain in overall innovation performance between rich and poor countries, the technology gap is narrowing.

In its Global Innovation Index 2015 report, INSEAD makes the point that, “While gaps remain in overall innovation performance between rich and poor countries, the technology gap is narrowing. This is due to the fact that recent new technologies are globalised from the start, such as 3D printing, cloud computing, and big data analytics.” I’d place mobile technology in that same category.

The growth of mobile connectivity in Africa has been phenomenal over the last five years. More people now own a mobile device than have a toothbrush, apparently. Most of these are feature phones, but the smartphone market in Africa increased by 66 percent during the first quarter of 2015 alone.

When it comes to mobile financial services, peer-to-peer payments has been the most popular service, with other kinds of payments following later, including day to day purchases and bill payments (all in lieu of formal bank accounts and payment cards). There has actually been more growth in mobile money – or using a phone-based account as a means to store or transfer money – among users in Sub-Saharan Africa than anywhere else in the world.

This growth has been driven by two primary factors. First, the relative lack of infrastructure. The debate over bricks-and-mortar vs digital self-help is a luxury of the developed world. With the constrained transportation options many Africans still face, mobile is the only practical means of reaching all but the most advantaged, financially and geographically. Mobile networks have bridged Africa’s enormous spaces, nimbly leapfrogged an often sparse, relatively expensive, government-controlled fixed-line telecommunications infrastructure, and brought valuable information and services to every corner of the continent.

The second factor I referred to above is the lack of regulation related to mobile. Unfettered by red tape, mobile network operators, financial institutions, and other service providers continue to compete and innovate at a whiplash speed to meet consumer demand.

Action is required to head off the fraudsters

The biggest concern for anyone when it comes to their money is how to keep it safe. Mobile peer-to-peer payments have helped Africans cut out the middlemen they have often relied on to carry hard currency from place to place on their behalf, with all the risk associated with this practice. On the other hand, the explosion in new mobile money technology, unprotected by government oversight, has introduced new risks.

Branchless banking apps tend to be safer than using a mobile browser, but a growing number of security lapses can be linked directly to poor code quality in the fast-proliferating ranks of such apps. Two academics at the University of Florida, Patrick Traynor and Kevin Butler, recently published a study, Mo(bile) Money, Mo(bile) Problems, that should raise alarms for anyone in African financial services. Their team analysed 46 Android branchless banking apps used in developing countries across the world, paying particular attention to account registration, account login, and transacting. In their abstract, they summarized their alarming conclusions like this:

We uncover pervasive and systemic vulnerabilities spanning botched certification validation, do-it-yourself cryptography, and myriad other forms of information leakage that allow an attacker to impersonate legitimate users, modify transactions in flight, and steal financial records. These findings confirm that the majority of these apps fail to provide the protections needed by financial services.

This situation represents the darker side of Africa’s unregulated boom in mobile financial services, but the security challenges surrounding mobile payments are, of course, a global concern.

ISACA, the Information Systems Audit and Control Association, recently surveyed over 900 cybersecurity experts from around the world (8 percent of them from Africa) for its 2015 Mobile Security Study. An overwhelming majority – 87 percent said they expected an increase in mobile payment data breaches over the following year. Requiring multi-factor authentication was their most popular suggestion for securing mobile payments (66 percent), followed by one-time passwords (18 percent) and phone-based security apps (9 percent).

It’s no secret where Entersekt stands on these different approaches to securing digital channels. I will simply say that, for those African banks and other providers that want to protect their customers, boosting security cannot intrude on the user experience. And it need not.

For more information on these challenges and more, download Entersekt’s complimentary white papers, listed here.

Subscribe to our blog.


Pieter de Wet

VP BUSINESS DEVELOPMENT, PARTNER & ALLIANCES

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.