Sunday, September 30, 2007

Mobile Banking's additional layer


I am often asked why a dedicated mobile banking installation is needed. Some of the companies that we deal with have already deployed excellent Internet banking services or run advanced ATM networks. They sometimes feel that they may as well make the same service available on the mobile.

Many reasons exist for deploying an additional layer between the core banking and the mobile network. The most important ones can be summarised under the following headings:

State management
The Mobile banking layer have to be able to manage the "state" of the interaction of a mobile phone with a back office system that often has not been designed to work with a mobile front-end. In its most simple format, let us look at a balance inquiry. If the back office is busy and a balance is not returned in an acceptable timeframe, the mobile logic should return a message that says: "Service not available, please retry later". In more complex situations where balances are debited and credited across multiple systems with many possible points of failure, state management can be even more challenging, with capabilities to be able to manage (and resolve) transactions in a "pending" state essential.

Buffering of peak transactions
Banking systems are generally designed to deal with transaction peaks of not more than hundreds of transactions a second. In mobile telephony is is possible to be confronted with peaks of tens of thousands of transactions per second. It is good practice to "shield" banking core systems from these levels of transactions while still communicating with subscribers in a meaningful way. It is also important to "shut down" in a structured way when the system is flooded rather than crashing. The problem with most mobile payment/banking deployments is that they have never been exposed to these levels of transactions. Quite a few of Fundamo's deployments are managing transaction volumes that sometimes peak at around fifty transactions a second. I have learned from hard experience that the challenges in this regard are not trivial.

Channel management
Mobile banking/payment solutions are often designed from the front to the inside. This means that the decision regarding the channel (SMS, USSD, Java or xHTML) is taken first and the rest of the system is then developed to support this channel only. These systems are quite simple, but also very inflexible. It is preferred to deploy "channel agnostic" solutions where many different front-end technologies can live together and can be utilised as required. This approach enable banks to offer more advanced solutions that can actually be used.

Unique mobile security elements
Effective, (but also usable) security can be deployed using mobile phones. Unfortunately this is often different than ATM's or the Internet. Characteristics like CLI, SIM certificates, phone and location based data are all available and should at least be catered for. A dedicated layer is the best way to harvest this.

The above factors are just some of the reasons why a separate mobile banking and payment channel is recommended in all serious installations.

Thursday, September 27, 2007

Redundancy in Mobile Payments



I was training for the Argus cycle race last night and when I fell off my bike and hurt my right arm. Luckily I still have a left arm that I can use for shaving and brushing my teeth etc. This made me think how amazing humans are put together. In many ways the body is built with full redundancy: two kidneys, two eyes, pair of limbs etc. etc. Even if one breaks the body still works.


This is of course exactly the way financial systems are usually built and this is the only way to ensure 100% availability. Unfortunately this challenge is amplified ten times when financial systems connect to mobile phones. Suddenly many points of "single failure" exist. And of course this situation is amplified. The availability of systems is a factor of the availability of the individual components.


The need for redundancy in mobile payment solutions is even more visible because of the perception of subscribers that the service should be available all of the time (and everywhere). This sometimes create almost unsurmountable challenges. Often these challenges are not even visible to companies that deploy mobile payment solutions the first time. It is only when problems occur in production that design flaws become visible.
This is why it is even more important to contract experienced suppliers for the delivery of mobile payment systems than is the case with other financial systems.

Wednesday, September 26, 2007

The mobile banking "take off or not" dilemma

When I was much younger I learned to fly hang gliders. (That is why I still have three stainless steel bolts in my right shoulder). The interesting thing about hang gliders is that they stall at about 40 km/h. This means that if you are taking off into a headwind of say 20km/h it is absolutely important to run as fast as you can when going over the edge of the cliff. This will give you the best chance of actually flying. When you are tentative about getting airborne, you increase your risk of crashing.

That is why I cringe when I hear banks talking of trying out mobile banking to see if it will work, or "the jury is still out if people will use mobile banking". If banks deploy mobile banking half-heartedly, it will fail. This is called self-fulfilling prophecies. What product ever in a consumer market space today work and receives massive take-up if not properly supported by co-ordinated marketing and sales efforts? One way to guarantee the failure of a mobile banking deployment is to go to the market tentatively.

We at Fundamo have helped our clients deploy many different mobile banking initiatives. Yes we have seen some fail and this have taught us valuable lessons. We have also seen some be successful in dramatic ways. The single most consistent factor in all the success stories have been commitment and determination to make it work. If you want to fly, run like hell...

The real cost of banking

How do you get banking to become cheaper? By making it less expensive of course. It is only possible to offer affordable banking to the bottom of the pyramid if the real cost of banking is understood and changed. It does not make sense to reduce the price of banking when the underlying cost remains the same.

So where are the fundamental cost of banking?

This would probably take a comprehensive study to understand and clarify, but if we look at well known facts applicable on any other industry that sell something on a recurring basis, it must be the cost of distribution and indirectly the effect of churning. In order to translate this into banking terms, this is the cost of opening a bank account and then get people to keep on using it. To keep the account on the books (even if it is been used heavily) does not take much cost nowadays. With the cost of equipment and systems as low as they are (compared to the past), it does not cost much to run a bank account. Costs associated with disputes and complaints (I think) will also add to the real expense.

So how to reduce the cost of banking? ... by reducing the cost of opening a bank account. We have demonstrated how to achieve this by enabling clients to open a fully functional (and legal) bank account on a mobile phone. This has been deployed successfully in South Africa and we can now show metrics that indicate savings of more than 95% on the cost of opening a bank account.

Saturday, September 15, 2007

Using Credit Cards on the Internet

I received a comment on one of my previous posts regarding shopping with your credit card on line and the dangers associated with it. This writer then pointed us in the direction of a company with an interesting solution. It seems that this solution allows one to go to an ATM and receive a number (similar in structure to a credit card) that one could use on the Internet. This is of course an extremely clever mechanism to ensure that your card number is never used on the Internet and could combat fraud effectively. This is a solution obviously invented by a technologist (Not that there is anything wrong with this - I am a technologist). But it lacks the insight in how end-users would use this feature. Imagine a shopper at the point of buying something on the Internet, suddenly having to get to the closest ATM to get a number to enter into the website... won't work.

Of course one have seen many initiatives to combat Internet shopping fraud. These solutions have ranged from very ambitious initiatives (like Verified by Visa or SET-remember SET?) to clever schemes that would probably win limited (if any) support. Many utilise alternative numbers or some provide a feedback loop (either through powerful fraud protection logic) and others still guarantee secure transmission of card information etc.

The most obvious way to protect consumers is to utilise their mobile phone to achieve peace of mind to the card holder. We (at Fundamo) have implemented successful solutions to our clients (in production running thousands of transactions) where we harness the characteristics of the mobile to protect the card holder. We have done it in a number of ways ranging from SMS alerts when the card has been used to the ability to block the card from the phone. We have also implemented mechanisms where the card is "unlocked" for MOTO (card not present) transactions and can only be used in such instances if it has been unlocked. In this way we have increased the security of using your card on the Internet without changing the card or the Internet.

Friday, September 14, 2007

Safe shopping on the Internet

It is actually much safer to shop on the Internet than doing that in a shopping center. It is literally impossible to get involved in a car accident or to be mugged on your way back from the shop. It is highly unlikely that you would slip on the floor in the supermarket or that you contract a disease from the many shoppers that you mingle with.

Internet shopping is only unsafe in the sense that you do not necessarily know what you get when you buy. There is also a risks that you enable someone to steal your information or identity and then use this to de-fraud you.

If it possible to eliminate (or drastically reduce) these risks from Internet shopping by utilising the unique characteristics of mobile phones. Mobile phones provide an alternative channel (that is often very difficult to intercept - not like the Internet) that can be used for alternative security communication. In addition the phone is a very simple (yet extremely secure and easy to use) second factor for authentication. This provides for an easy implementation of dual factor authentication.

Wednesday, September 12, 2007

Lloyds TSB announces SMS alerts service

This article caught my eye. Lloyds felt compelled to announce that they have actually implemented a system whereby they would send you an SMS to warn you of a possible overdraft problem. Amazing!

No don't get me wrong, I don't think that this is an amazing service provided by Lloyds... I am amazed that this is newsworthy to the point that one actually would want to announce it. This kind of service is so old and have been implemented by all South African banks that you would actually expect to get it. This is not something that you would draft a press release about. A South African bank would be so ashamed that they only now release such service that they would rather keep it quiet. In South Africa and in other developing countries, the mobile banking features that are generally available, seems to me, might not even be on the release plan of European banks.

This thought really made me think. Is mobile banking services so far behind in developed markets that their announcements make us in developing countries laugh? or don't I get it? I think that the answer is yes. Developing countries have deployed advanced mobile banking solutions and have perfected the offering because the need is much higher. Also, we were not confronted by constrained thinking about new standards (read SIMPAY) nor complex integration to legacy systems. We could merely get on with the job. The result is that mobile banking solutions from developing markets are far superior to those that are available in developed markets.

Maybe Lloyds should work on opening branches on Saturdays first. Now that would be something to do a press release on.

Sunday, September 09, 2007

Online fraud is growing

I found a recent research report produced by consultancy firm 1871 Ltd very interesting. According to this report (based on data for the United Kingdom), more than three million online crimes were carried out last year. These included more than 200,000 cases of financial fraud, twice the official number of real-world robberies carried out during the same period. A breakdown of the crimes committed include more than 90 000 incidents of online identity theft and unauthorised access to someone’s PC with ulterior intent reached 144,500. According to the report, 90% of cybercrimes go unreported with victims deterred from coming forward as they wrongly believe the activity is not criminal or that the police will be unable or unwilling to investigate.
A security briefing published by Lloyds during August, indicate that 51% of people surveyed indicate that they are worried about Internet banking fraud, with more than a quarter indicating that they believe that nothing can be done about this crime as "these things happen".
This is absolutely shocking to me! We are living in a virtual world with crime on the rampant (I would say out of control) and almost nothing is done about it. As a matter of fact, we all visit this unsafe world, because we have to, but we all feel extremely unsafe there. What is so sad about this situation is that a very simple and extremely successful deterrent exists to combat this crime effectively. It is very easy to implement and can almost eliminate virtual fraud as it connects every banking transaction to something physical - something that we have with us all of the time.
The solution is mobile banking - implemented with simple cryptographic tokens. We at Fundamo, have been supplying these solutions to major banks for the past eight years and have excellent case studies to prove the point.

Where will we get enough bank accounts

All of us are well aware of the mobile revolution. During the past eighteen months, Mobile Network Operators have added another half a billion subscribers, with projections expecting that the planet will have three and a half billion connected cellphones by 2012. That is a lot of mobile phones.

By far the majority of these new connections are happening in developing economies: India, China, Indonesia and large parts of South America and Africa. This is great, because more and more people will get connected and will have all the benefits associated with the free market and being able to participate in economic transactions. This is the vision that every-one gets excited about and a lot of effort is being invested to make this a reality.

The irony for me is that most of the solutions that is being presented is based on the assumption that transactions will flow from the cellphone holders credit card. And if this person do not have a credit card, then maybe their debit card (if we can figure out how to accept a PIN on the phone securely). This is where I loose the argument...

Where will we get all the credit cards from (three and a half billion to be precise)?

It is obvious that one should be looking for another solution that is much easier to execute on, is legal and conform to banking rules and regulations, yet can be executed with much less effort and overhead. In order to provide these masses with a transacting account, one will have to think different and develop new solutions that will enable transacting capabilities to grow at the same rate as mobile phones do.

My take on this is that we will see the development of a new kind of mobile wallet associated with a mobile phone (preferably identified by the mobile number), but low cost to open and to operate. This wallet will have to be able to initiate and terminate payment transactions in a secure, easy way, that is both intuitive and rigorous. Payment transactions should be possible across networks and must also cater for multi-currency transactions (like making local and international calls). Furthermore, the only way that this will be possible, would be if Mobile Operators and Banks start to collaborate (rather than fighting each other).

If this starts happening, we will truely make this world a better place.