Technology Inequality
Opportunities and Challenges for Mobile Financial Services
April 2017
AUTHOR Leon Perlman, PhD Foreword 1
Executive Summary 2
Introduction 6 Study Methodology 9
1. Technologies That Enable Access to Mobile Financial Services 10 Unstructured Supplementary Service Data (USSD): The Accidental Hero of MFS 11 STK Applications: Potential for Global Use 12 Java-Based Feature Phone Applications: Cheaper and Quicker Than USSD 14 Acknowledgements Sound-Based Access: Universally Compatible and Secure, But Somewhat Convenient and Relatively Expensive 15 The Center for Financial Inclusion at Accion would 2. Effect of MNO Coverage on the Spread of Mobile Financial Services 16 like to acknowledge Elisabeth Rhyne, Sonja Kelly and Tess Johnson for their integral 3. Which Phone for Which Purpose? 19 contributions to this report. Basic and Feature Phones Still Dominate the MFS Market 19 Basic Phones: Still Widely Used 22 Cover Photo Credit: Feature Phones: Growing More Popular and Getting Smarter 22 Xavier Arnau Smartphones: Developing Markets Are Slowly Embracing Them 24 Hybrid “Smart Feature Phones:” An Emerging Trend 26
4. Mobile Phone Components and Their Impact on MFS 27 System-on-a-Chip (SOC) Technology Revolutionizes Phone Design 27 Mobile Phone Operating Systems 28 Mobile Phone Memory Capacity Constraints 29 Battery Technology Affects Sustained MFS Use 29 Display and Camera Technology 29
5. Technology Fraud and Security 32 Vulnerabilities to Bad Actors 33 Fake Mobile Base Stations Undertake Man-in-the-Middle Attacks 36 Unsecure Mobile Applications May Compromise User Funds 36 Java-based MFS Apps Are More Secure 37
6. Competition Aspects of MFS Technology Access and Use 38 Thin SIMs 38
Annex A Summary of Mobile Technologies and Their Use in MFS 40
Annex B Example Market-Level Regulatory and Industry Initiatives to Combat Fraudulent Devices 42 Foreword
When mobile money debuted a decade ago, display MFS menus. These combinations observers marveled that a woman in rural are well-adapted to low-end conditions, Kenya with limited education or financial especially in rural areas in developing means could receive money instantly from her countries, because they operate reliably with children in Nairobi through a cell phone. Ten inexpensive handsets in areas with poor (e.g., years on, tens of millions of people use mobile 2G) connectivity. The widespread coverage, financial services (MFS), and the sector is low cost and reliability of the ‘traditional’ MFS preparing for a switch to smartphones that systems make them essential for reaching will enable even more and better services. financial inclusion target populations for the Not so fast, cautions CFI Fellow Leon Perlman foreseeable future, according to Perlman. in this report. Like many techno-wonders On the other hand, the smartphone of our world, the services used in Kenya revolution is not yet mature. Gaps in and many other countries operate through geographic coverage of high-speed data distinct technologies that must interconnect transmission, $30 smartphone handsets that seamlessly to complete transactions securely. use substandard components, and numerous These layers include data transmission compatibility issues with smartphone connectivity, the handsets themselves and apps all contribute to system fragility. Even their operating systems, and the technologies though smartphones are penetrating markets, delivering MFS menus and commands. These the handset capabilities, data transmission systems are continually evolving, subject to speeds and fraud protection must improve market and technology forces that do not before the standards needed for MFS are necessarily prioritize mobile money. consistently met. In this report, Perlman steers readers This report urges regulators and technology through a primer on the technology that providers to continue supporting MFS based enables MFS to operate on basic, feature on feature phones, even as they work to create and smart phones. But more importantly, paths for new-generation services. In fact, the report sounds a cautionary note about feature phone handsets are getting better, the readiness of the sector for a large-scale cheaper and smarter, and sales are rising. If shift to smartphone and internet-based MFS, mobile financial services are to be a force for particularly for low-end consumers. While financial inclusion, we must not prematurely smartphones promise more intuitive and abandon older technologies as we concurrently richer user interfaces, this promise will take push to create a smartphone-based future. some time to materialize fully and robustly. The backbone of mobile financial services Elisabeth Rhyne to date has been the combination of feature Managing Director phones with USSD or STK platforms that Center for Financial Inclusion
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 1 Executive Summary
In the brief decade since they were introduced, consumer-facing technology designs, security mobile financial services (MFS) have become challenges, type and quality of devices being a pivotal and successful enabler of financial used, and the usability of various access inclusion, bringing services to millions of devices. The report is meant to motivate people, many of whom had never before used a providers, vendors and regulators to improve formal financial service. The potential for MFS upon existing devices, system security and to continue growing in reach and sophistication the regulatory environment as it affects the during the next decade is enormous. MFS ability of BoP customers to access and use MFS may become a significant channel not only effectively. We seek to generate a discussion on for transferring funds from person to person the technical and related challenges faced by (its first major use), but also to store and save the MFS ecosystem and to spark action to solve funds, make and receive payments, borrow, these key challenges. invest, buy insurance and manage personal or business finances. While the report reveals many specific The growth and success of MFS depends challenges and is optimistic overall about on technical components that work together the future of MFS, it does have one clear to bring the customer a seamless, reliable, bottom line. In brief, that bottom line is a convenient and affordable experience, and on call for providers and regulators to continue the regulations and business relationships that to ensure that the technical “combo” that enable the technical harmony. From the handset has dominated MFS to date remains robust to the user interface to the mobile network, for the foreseeable future: feature phones each technology must fit with the others, using Unstructured Supplementary Service even though a wide range of technologies and Data (USSD) or SIM Application Toolkit commercial and public interests are at play. (STK) technologies and operating even While these technical components have where only slow second generation (2G)- developed remarkably well and successfully type communication speeds are available. over the past number of years, there are still While smartphone-using apps and 3G or 4G numerous technical, cost, competition, capacity, networks are developing quickly and may security and access challenges that particularly become dominant in the future, bringing affect people at the “base of the pyramid” enhanced services with them, that future has (BoP) who tend to be the most excluded from not yet arrived, especially for customers in financial services. There will invariably be the developing world who live in rural areas trade-offs between access, cost, security or who cannot afford high-end smartphones. and reliability of devices and services. The smartphone MFS market still faces This study investigates existing and evolving numerous growing pains that must be technologies in MFS systems: mobile data overcome before it can take the place of its “bearer” technologies, access platforms and more pedestrian forebears. Providers and user devices. We unpack the issues surrounding policymakers must not prematurely rush policy, pricing of bearer services, network toward a smartphone future if that means access coverage, cost of devices, evolution of neglecting the feature phone present.
2 CENTER FOR FINANCIAL INCLUSION This report provides a primer on the technical Supplementary Service Data (USSD), the elements that underpin MFS, and as it does so, dominant mechanism; Short Message Service it describes their current status, emphasizing (SMS) in its SIM Application Toolkit (STK) the dynamism in both the feature phone and incarnation, next in prevalence; and finally, smartphone markets. Java applets. Feature phones are likely to dominate ••Part I describes the access and user interface MFS for BoP for the foreseeable future. While (UI) technologies that deliver MFS, detailing smartphones are penetrating BoP markets, their pros, cons and (in layman’s terms) the pace remains relatively slow. With user technical requirements. preferences having shifted away from basic phones, feature phone manufacturing is ••Part II reviews the state of mobile network actually growing. As early mobile technology coverage in developing countries, looking patents expire, costs will continue to drop and at gaps in the move toward higher-speed use will grow: 3G and 4G coverage. ••Most feature phones lack high-speed 3G ••Part III discusses the evolving capabilities and 4G access, but many do have cameras, of basic, feature and smartphones, noting WiFi and Bluetooth capabilities, small in particular the enhancements around non-touch displays, and 2G-type mobile feature phones and the shortcomings of data access speeds allowing use of Wireless lower-end smartphones. Application Protocol (WAP) for browsing websites formatted to be viewed on small ••Part IV examines particular components mobile screens. of phones — operating systems, memory, battery and display — and their role in ••Feature phones are slowly becoming more creating an MFS package that works for sophisticated; few have factory-installed low-end consumers. social media-type applications that operate over 3G and 4G networks. Devices are also ••Part V discusses the emerging problems of emerging that use the Android operating technology fraud and counterfeit phones. system on non-touch small screens.
••A brief but essential Part VI discusses ••System-on-a-Chip (SOC) fabrication allows competition issues that may hinder access multiple features to be placed on a single and notes possible solutions. chip, which shrinks the device size while improving speed and reducing the retail cost Major Findings of handsets to well under US$10. For MFS to continue to grow, it is important to continue supporting feature phones with ••While Near Field Communication (NFC)- USSD and STK interfaces. based contactless payment services are Mobile financial services for BoP users are growing, most of them require smartphones. currently provided largely on feature phones However, retrofitted NFC sticker technology operating across 2G-type mobile networks and for feature phones is beginning to appear for using menu-driven, text-based user interfaces use at points of sale and transit applications (UI). The ease of use and accessibility of this (e.g., train, subway). combination of technologies has contributed greatly to the success of MFS. The main access ••Encrypted, sound-based access to MFS and UI technologies in use are Unstructured products is growing.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 3 Though the general pace of growth of While smartphone-using apps and 3G+ networks smartphones is relatively slow in developing may become dominant in the future, bringing markets, the emergence of new, inexpensive enhanced services with them, that future brands using system-on-a-chip (SOC) chipsets may speed that growth. has not yet arrived — especially for customers Cheap smartphones are not yet sophisticated in the developing world who live in rural areas enough to support MFS. Many entry-level or who cannot afford high-end smartphones. smartphones sold in the developing world:
••Do not support 3G or 4G mobile data ••Contain low power capacity batteries ••Have low resolution and fragile touch Because of the continued widespread use of or non-touch screens MFS systems based on feature phones and USSD or STK interfaces and the relatively slow ••Have small touch screens making them pace of adoption of MFS-ready smartphones, liable to “fat finger” data input mistakes regulators must continue to develop and maintain policies that support these systems. ••Have low processing power and storage, making it difficult to run all but very ••Poor mobile signals and antenna design simple apps may hinder successful USSD sessions. Timeouts and dropped sessions occur, due ••Use thin film transistor display technology to: poor signal quality, response time limits that suck up power (higher-end phones or long data entry strings (e.g., for account use thin active matrix organic LED displays numbers). Fear of timeouts and dropped that use less power) service encourages users to request agents to perform transactions over the counter, and Android is the most popular smart phone may discourage users altogether. operating system worldwide. Particular issues however with Android phones include the lack ••Incompatibility between chips from various of backwards compatibility in many cases, manufacturers means that ubiquitous meaning that newer MFS applications will not installation use of Java-based MFS work on smartphones using older versions of applications is problematic. Android or which have low memory storage. In addition, STK, a mainstay for access to many Realizing the promise of smartphones MFS implementations around the world, does for MFS first requires improving their not work on all Android phones. technical specifications and the presence Smartphone MFS applications usually of high-speed networks (3G or 4G). require faster mobile data network access. Smartphones — which allow third party To provide a media-rich UX, MFS apps require applications to be installed on the 3G mobile data speeds or above. “Data-lite” device — offer many new features, such as smartphone apps could however be developed enhanced UI and user experience (UX). These for use on slow 2G networks. features could support a range of additional Gaps in high-speed 3G mobile data coverage MFS products and capabilities. For example, persist, especially in MFS-focused rural smartphones with built-in biometric identity and peri-urban areas. Where there is no 3G capture and authentication can allow higher coverage, there is usually no 4G coverage either. anti-money laundering/know your customer Mobile network operators (MNOs) can satisfy (AML/KYC) tiered authentication and use and their universal service obligations in providing boost access to merchant and government 2G-type voice and slow mobile data coverage, services, including social benefit payments. even though that may not equate to universal
4 CENTER FOR FINANCIAL INCLUSION quality of service. While 3G (and 4G) coverage based on feature phones and written in the is predominant in urban areas and along major Java computer programming language mostly highways, rural areas still receive mainly use encrypted SMS, and so they could provide 2G-type coverage. a secure and ubiquitous means of transacting. Given the potential for security breaches, Costs, for both providers and customers, terms and conditions offered to consumers are the source of many of the bottlenecks need revision. As currently written, most identified here. service agreements assume that networks MNOs face high costs for acquiring spectrum are secure and leave financial loss due to and building infrastructure in rural areas technology exploits with the customer. in order to expand and upgrade service. Counterfeit and stolen phone sales are However, the release by telecommunications increasing, especially for Nokia, Samsung regulators of 700 and 800 MHz frequency and BlackBerry devices. Potential harms to bands (a process resulting from the global purchasers of such phones include: analog TV switch-off) will allow for increased 3G and 4G coverage (and much later, 5G), ••Inability to set up and use mobile networks including in rural areas. The spread is likely due to the lack of proper serial numbers or to take several years and could be curtailed International Mobile Equipment Identifiers if the spectrum purchase costs are too high. (IMEIs), which bad actors tamper with. There are however emerging technologies Regulators blacklist phones identified that may fill high-speed mobile data coverage through their IMEI number as stolen or gaps without as-large capital outlays. counterfeit, rendering the phone inoperable Handset manufacturers reduce capabilities on the country’s mobile networks and so in order to keep prices affordable for the cutting off customer access to MFS accounts. mass market. Patents add at least 5 percent Millions of stolen and counterfeit phones to smartphone costs. have already been switched off. Data costs for use of 3G (and 4G) by data- hungry smartphones may be prohibitive ••Health dangers through high radiation for many users. and the possibility of batteries exploding.
Security threats are emerging for MFS ••Risk of exposure to factory-installed channels and devices. malware. Signaling System 7 (SS7), a 1970s-era technology, is used by both fixed line and Policy makers must address competition mobile networks to communicate with each issues for MFS systems. Access to service other, with their base stations and with gateways should be fair, reasonable and customer handsets. This technology has non-discriminatory. Technological solutions however been exploited by bad actors, putting may be available. the integrity of MFS transactions and systems MNOs may be gatekeepers for access to at risk. USSD and any financial systems that services and infrastructure for competing MFS rely on unencrypted SMS for communication providers. Those competing service providers and authentication — both of which operate may be handicapped (“foreclosed”) by being through SS7 — are especially vulnerable. denied access to USSD or STK gateways The standard mobile air interface is and short codes or through prohibitive vulnerable to interception by relatively cheap pricing. Also, MNOs and non-bank service do-it-yourself data interception devices providers may be denied access to payment performing “man-in-the-middle” interception infrastructures required to interoperate or of any mobile voice, SMS and data traffic. provide services such as merchant acceptance Some MFS-type smartphone apps are or ATM withdrawals. designed with insufficient security, although Thin SIM technology is being implemented a growing awareness of the security gaps is in several countries as a technical fix to evade helping to address them. However, MFS apps such blockages.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 5 Introduction
Mobile financial services (MFS) sit at the Supplementary Service Data (USSD), Short leading edge of a great transformation bringing Message Service (SMS) and various low universal and affordable access to basic financial data speed capabilities. The late 1990s saw services for customers at the base of the the introduction of higher-speed third pyramid (BoP). These services include person-to- generation (3G) technologies, and more person payments, cash-in/cash-out transactions, recently, a number of markets have introduced mobile airtime purchases and some bill fourth generation (4G) technology. Fifth payments. Customers can also store value generation (5G) technology is still under on mobile wallets, and in some jurisdictions, development, and will most likely only be limited credit is also available. Mobile network available commercially in markets by 2020. operators (MNOs), in partnership with non-bank The most frequently used user interfaces third party service providers, have been the in MFS include USSD, SMS, SIM Application pathfinders in providing these services, enabled Toolkit (STK), Java computing language-based by regulatory innovations allowing non-banks applications, and Wireless Application Protocol to provide MFS. As of December 2016, there (WAP), a method for displaying simple web were 277 MFS offerings available in 92 countries.1 pages on small mobile screens. Some markets They provide MFS to over 500 million people, feature applications that provide over-the- many of whom live in rural areas.2 top (OTT) services — that is, over the Internet MFS depend on specific access and user access to MFS for smartphone users. interface (UI) technologies, all with varying Our goal in this study is to determine degrees of ease of access, ease of use, efficacy, whether the core technical components of cost, security, and reliability.3 Together, the MFS ecosystem interact well with one these technologies constitute the enabling another and to identify friction points and infrastructure for MFS, and thus it is of utmost legal and regulatory issues. For example, use importance for the spread of MFS that the of smartphones as the perceived next step in technologies be robust and compatible, even MFS access beyond basic and feature phones as technologies evolve. may not be the imminent panacea for access Most MFS technologies use the GSM (i.e., and improved user experience (UX). The study Global System for Mobile Communications) found that 3G coverage needed to power the mobile infrastructure (see Annex A on rich media used in smartphones is lacking, Mobile Technologies).4 Developed initially the and that many smartphone handsets are 1980s, these digital technologies have since substandard, and even counterfeit. evolved to include second generation (2G) This report investigates the following mobile technologies such as Unstructured selected components of and issues within
6 CENTER FOR FINANCIAL INCLUSION EXHIBIT 1
Typology of MFS in the Northern and Southern Hemispheres
Northern Hemisphere Bank Branches ••More physical bank branches ••Higher bank account use ••Higher smartphone penetration ••2G–5G network speeds ••Mainly Near Field Communication
Southern Hemisphere Bank Branches ••Fewer physical bank branches ••Lower bank account use ••Higher feature phone penetration ••2G network speed; some 3–4G ••Mainly USSD, STK and WAP connections
The southern hemisphere is characterized by transformational access and services, with non-banks providing financial services to BoP customers. Mobile devices are primarily basic and feature phones types, and national 3G coverage is generally scarce.
Source Leon Perlman, 2010
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 7 While smartphones are often perceived as the next imminent step in MFS access, this study found that the 3G coverage needed to power their rich media is lacking, and that many are substandard, even counterfeit.
the MFS ecosystem from the perspective of ••Phone operating systems customers, MNOs, MFS providers, MFS platform vendors and regulators, all with special ••Mapping handset features with the ability attention to financial inclusion: to support MFS
••Use and impact of Signaling System 7 (SS7) ••Degree of low-speed 2G-type and high- technology as the core data transport speed 3G or 4G mobile coverage across methodology in mobile networks and MFS MFS areas, and the effect of the provision of smartphone-based MFS services ••Use and effect of remote access mechanisms for MFS, such as IVR (Interactive Voice ••Magnitude and impact of stolen and Response), USSD, SMS, GRPS/EDGE, 3G, 4G, counterfeit mobile phones and components and sound on customers
••Use and effect of user interfaces (UIs) for MFS, ••Magnitude and impact of security such as USSD, STK, SMS, Java applications vulnerabilities in MNO and MFS systems used on some feature phones, OTT MFS and the legal implications smartphone applications, Wireless Application Protocol (WAP), and encrypted sound ••Competition issues relating to entry to access networks and payment networks ••Survey of basic phones, feature phones, smartphones and new hybrid smart This report starts with a primer on the feature phones ecosystem of technologies necessary to access MFS, then discusses access to these ••Relative penetration of basic phones, feature technologies particularly in remote areas. phones and smartphones and the effect on It goes on to compare basic, feature and the user experience and regulatory policy smartphone access, use and connectivity, and the implications for MFS. It concludes ••Technical components of handsets, such with discussions on two important trends as processors, battery technology, displays to consider: security of MFS and the and memory competitive environment.
8 CENTER FOR FINANCIAL INCLUSION Study Methodology To facilitate this study, we conducted in ••We tested mobile network operator situ research in Bangladesh, Colombia, 2G-type and 3G (and higher 4G; both El Salvador, Fiji, Jordan, India, Indonesia, where available) mobile data availability Malawi, Mozambique, Rwanda, South Africa, and speeds using two smartphones and Tanzania and Uganda. a feature phone in urban, peri-urban, We purchased, examined and used MFS, rural areas, and along national roads and putting the handsets and services through their periphery. We checked data speeds a series of tests. We also interviewed and using our test smartphones using the free consulted with MNOs, service providers, Android application Speedtest.net. industry associations, banks, technical service providers, standard setting bodies, ••We initiated MFS sessions via USSD regulators and domain experts to gather in rural areas to verify the ability to insights and potential solutions to issues initiate and sustain USSD sessions and highlighted in this study. to send and receive SMSs. SMSs acted as Among the tests we applied were a proxy for SIM Application Toolkit-type the following: (STK) SMS where STK was not offered by the local MFS provider. We used local ••To investigate the prevalence and quality SIM cards for testing the local MNOs’ of phone types, we visited informal street general and mobile data coverage. Where vendors and stores selling phones. We necessary, we locked phones into either purchased and/or tested these devices only 2G-type or 3G (or higher 4G speeds, in situ, and we checked the features and where available) modes to ensure that we specifications against those outlined could check the availability and quality of on the retail packaging. We noted and the required signals. Where MFS agents compared the prevalence of regional were found, we noted in situ the strength phone brands, and we also compared and type of mobile coverage. local mobile data and MFS charges and applicable taxes. ••We procured a thin SIM and stuck it onto a hard SIM to check for ease ••Where phones were sold without retail of installation and use, as well as packaging, we checked them for complete the effect of multiple removal and IMEI serial numbers using the universal insertions between various phones *#06# phone command for displaying the on its physical longevity. IMEI number to determine whether fake or stolen phones were being sold. We also ••To check for version compatibility for matched the displayed numbers against Java applets on feature phones, we the IMEI number of the factory-installed downloaded available MFS applets model and serial number stickers (if from the provider’s WAP or website. We available) placed inside the phone. attempted installation using a Bluetooth sideloading technique, as well as direct ••We opened MFS accounts where necessary installation through WAP download. For to determine ease of the process, the time MFS Android apps, we tested the ability allowed for input of USSD commands and of new and older Android phones running responses, and for later testing of quality various versions of Android to install and of access to services. fully use all the features of these apps.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 9 Technologies That Enable Access to Mobile Financial Services
The seamless availability and variety of technol- Added to these technologies for moving data ogies on mobile networks has been the key to the are technologies that create access “gateways” growth of MFS in developing markets (see Annex and user interfaces (UI) that allow customers A on the types of technologies each generation to transact. Among the most important UI encompasses). To understand the technologies technologies and their technology bearers on which MFS is based, it helps to sort them by currently used in MFS are: generation, from earlier and slower to more recent and faster. Each technology involves specific ••Mobile Originated Unstructured technologies for data transport — or “bearers” — Supplementary Service Data (MO-USSD) and these bearers play a key role in shaping MFS.5 ••Network Initiated USSD (NI-USSD) ••SMS encrypted via SIM Application ••2G technology comprises a set of narrowband Toolkit (STK)9 or low-speed technologies. The most prevalent ••SMS encrypted via Java-based applets of these are those based on GSM. The data ••SMS — cleartext (unencrypted) transport mechanisms associated with ••Internet Protocol (IP)-based over-the-top 2G GSM technology include USSD and SMS (OTT) mobile phone applications, usually (SS7-based technologies) and later, GPRS through smartphones and EDGE (Internet Protocol [IP]-based ••IP-based Wireless Application Protocol (WAP) technologies) as so-called 2G+ technologies.6 ••Voice channel — Interactive Voice These technologies were developed in the Response (IVR)10 1980s and 1990s. In this study we refer to ••Voice channel — acoustic or Near Sound them in aggregate as “2G-type” technologies. Data Transfer (NSDT) for encrypted transaction authentication ••3G technologies are higher-speed and IP-based, using Wideband Code Division Multiple Access In some cases, the UI and the remote access (W-CDMA) technology manifested in variations bearer technology are the same thing, as is of Universal Mobile Telecommunications the case with USSD and SMS. Combinations System (UMTS) and its successor, High Speed of these remote access bearers may be used Packet Access (HSPA).7 They were developed for technical reasons or for transaction in the 1990s and evolved from GSM. confirmation, regulatory requirements, user experience, competition, or simply for cost ••4G technology represents a new set of mobile reasons. Service providers generally try to technologies that manifests commercially provide remote access methods that recognize as Long Term Evolution (LTE). Its newest and serve most of the access devices and reflect (and emerging) incarnations are LTE-A the technical literacy of their customers.11 (LTE-Advanced), LTE-M (LTE-Machine), and Today, by far the most prevalent gateway the LTE-U (Unlicensed) family that includes systems for MFS are USSD and the SMS- LTE-LAA (Licensed Assisted Access) that based STK — both of which work on almost will allow MNOs to augment their high-speed all GSM-based handsets.12 Developed long mobile data access provision and coverage before MFS using national currencies using WiFi-type frequencies.8 and e-money emerged, they were initially
10 CENTER FOR FINANCIAL INCLUSION conceived for MNO airtime recharges and As noted above, USSD is both a GSM for providing a ubiquitous mechanism to pay bearer technology and a MFS user interface. for “infotainment” using the MNO’s airtime Moreover, customers do not need to download wallet acting as a non-redeemable “virtual or install anything in order to use it, and it currency.” They are essentially “bolt-ons” to requires no Internet connection. USSD is the basic telecommunications function, the unsung hero of MFS, providing nearly tied to the specific type of bearer in use.13 universal access to MFS platforms worldwide This prevalence goes hand in hand with the across the full range of GSM-based mobile dominance of basic and feature phones (rather phones — so much so that USSD has been than smartphones) in today’s frontier and termed “the third universal app,” used on developing markets. These phone and access basic, feature and smartphones.18 USSD is the technologies together provide access to person- most-used technology in MFS deployments to-person transactions, cash-in/cash-out around the world, including Econet Zimbabwe, transactions, balance and transaction inquiries, Zain Jordan, Orange Jordan, TNM Malawi, airtime recharge, and some bill payments Tigo Tanzania, Airtel Tanzania, Vodacom (see Exhibit 10 for types of MFS activities and Tanzania, bKash Bangladesh, Wing Cambodia, the devices they rely on). and EasyPaisa Pakistan. Other MFS remote access mechanisms — A major advantage of USSD is that it can be IVR, cleartext SMS, IP-based WAP, and easily adapted as a provider’s suite of product NI-USSD — are seen as secondary access offerings evolves. The menus to support new mechanisms, and used for additional levels of or revised services can be created at very little authentication or similar purpose.14 Similarly, cost with relatively simple coding and menu NSDT is a sound-based technology that is design. USSD menus are dynamic, meaning used primarily for merchant payments and that as the provider’s service range expands, transaction authentication. USSD menu tree structures can be created and Near Field Communication (NFC) is a served in real time.19 proximity or “contactless” payment technology However, USSD is not without drawbacks. used in a few MFS implementations, primarily in Since its adaptation for MFS use, USSD’s merchant point-of-sale devices or in fare capture technical limitations have increased, leading systems in transit applications.15 MFS-oriented to growing menu complexities and increased over-the-top (OTT) apps on smartphones are transaction failures. Frequent timeouts on emerging, but are not yet in mainstream use in USSD sessions are a main source of user most MFS markets. For example, of the 300,000 frustration. Timeouts often occur when MFS clients of Bank South Pacific, only 3,000 use mobile signals are poor or when users are smartphones to access services. too slow to input data. Users who may be technophobic or functionally illiterate may Unstructured Supplementary Service not feel comfortable navigating menus or Data (USSD): The Accidental Hero of MFS inputting long data strings, such as account When USSD first arose in the 1980s, it was numbers. This has led in part to an increase not intended for customers. Rather, USSD was in over-the-counter (OTC) transactions, where created as an unobtrusive maintenance and customers gravitate to agents — the perceived testing feature allowing MNO engineers to safe haven of human-assisted transactions.20 send and receive messages over GSM networks Reliance on OTC reduces users’ active use of without interrupting customer calls. It gained MFS accounts, both as a store of value and as commercial application in the mid-1990s when a transactional base, and it limits the ability the first prepaid airtime systems were launched of service providers to build user profiles that around the world. Customers began to use ultimately provide users with richer services USSD’s distinctive combinations of star (*), such as credit, as well as having an impact pound (#),16 and numbers to recharge prepaid on anti-money laundering efforts. Some mobile airtime balances with vouchers and regulators, in response, are restricting the check their airtime and account balances.17 seamless use of OTC.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 11 In summary, USSD has been an effective EXHIBIT 2 basis for the spread of MFS so far, but it does A Primer on USSD for Mobile Financial Services have drawbacks.
Advantages of USSD As with SMS, USSD uses the mobile ••Works on all GSM handsets, regardless signaling channel inherent in SS7 of the manufacturer networks. However, instead of a ••Menus are simple and familiar to regular store-and-forward functionality customers as with SMS, USSD is session- ••Does not require customer installation based, meaning that when a user ••Data can be updated dynamically accesses a USSD service, a session ••Menus can be reconfigured and is established and the radio updated dynamically connection stays open until the ••Does not require an Internet connection user, service provider system ••Relatively fast access and response times or time-out ends it. There are two types of USSD: Disadvantages of USSD Mobile-Originated USSD (MO ••Text-based — no graphics USSD) and Network-Initiated ••Total session times are limited USSD (NI-USSD, also known as ••Users have limited time to input data “push USSD”). In MO USSD, a strings and answer menu prompts user — such as a MFS customer or ••Tree structure menus are limited agent — initiates the USSD session ••Not secure, because it is based on SS7 to conduct a transaction or inquiry. ••No data is stored on handset, so users may A typical USSD session is need to input credentials for every session executed in increments of ••Sessions may not initiate or complete if a 20 seconds lasting up to 2 minutes. MNO signal is poor. Frequent dropping of During that time, the handset sessions can erode customer confidence in cannot make or receive any voice the overall MFS ecosystem. calls, creating a potential revenue loss for the MNO, given that ••USSD access may potentially be blocked, voice calls usually cost more than non-premium-rated USSD throttled or made prohibitively expensive sessions. In NI USSD though, the USSD session is initiated by by MNOs due to bottlenecks created for a provider or MNO, usually in circumstances in which some competitive reasons, although thin SIM secondary authentication is required while the user is on a call or technology has been used to circumvent for use in providing value-added services. A call center agent at a these bottlenecks. bank for example may initiate a USSD session and ask the user to input their PIN code when prompted by a session menu, obviating the need for the user to reveal their PIN to the call center agent. STK Applications: In South Africa, small stores are using a combination of NFC Potential for Global Use and NI-USSD offered by technology provider Boloro. A customer SIM Application Toolkit (STK) is an SMS-based walks to the checkout point and indicates they want to pay via remote access and user interface introduced NFC. The cashier presents a NFC reader to the customer who taps in the 1990s and used where basic and the Boloro NFC sticker on the NFC reader. The Boloro platform feature phones predominate and smartphone triggers a NI-USSD session. The customer receives a NI-USSD penetration is low. In contrast to USSD, STK message requesting them to respond with their PIN on their technology is embedded on the SIM card and mobile phone. As soon as the correct PIN is entered, the NI-USSD menus are stored on the SIM card or phone.22 session closes.21 In both cases, data is provided to a user interface MFS providers using STK include M-PESA dynamically, with relatively fast access and response times. Kenya, Equitel Kenya and Airtel Malawi.
12 CENTER FOR FINANCIAL INCLUSION STK is implemented in three layers: In summary, STK has potential for global use, except on smartphones. 1. A software application (also called an “applet”) provided by a MNO, service Advantages of STK provider or bank ••Works on most basic and feature phones ••Does not require customer Internet access 2. A STK application programming interface ••SMS-based technology works relatively well (API) service offered by a MNO (which in poor mobile coverage areas includes encryption keys)23 ••Most communications have end-to-end encryption between the SIM card and the 3. A user interface and STK translator through MNO or service provider the STK application on the SIM card used on ••Customers can easily find STK menus on the handset their mobile phones
A SIM and STK-compatible phone is required Disadvantages of STK to host the STK application. Usually, the ••Centralized control of pricing and issuance STK will use (encrypted) SMS as a bearer for for SIMs with STK capabilities. Service communication with a host.24 On a basic phone, providers may need to implement thin SIM the STK menu may appear as one menu item technology to overcome competition-related when scrolling through the phone menus. centralized STK gateway and pricing issues. On a feature phone or smartphone, the STK ••Can be relatively expensive, as multiple usually appears as an icon on the home screen. SMSs are usually required to update menus The handset receives instructions from the on the handset and multiple messages are SIM card to perform specific functions, which required for transactions are then communicated to an application ••Encryption and decryption may slow server. STK user interface applications the transaction process, leading to are usually protected by the SIM PIN, the transaction drop-off phone lock PIN, or both. At both ends of a ••Does not work on some smartphones communication — the handset application using newer versions of the Android on the user end and the STK server on the operating system provider end — messages that contain user credentials and transaction data are encrypted. The server decrypts communications for action by the service provider.
While more secure and less vulnerable to EXHIBIT 3 interception of transaction data than USSD, STK is more expensive for a non-MNO MFS STK-Based Menu on Safaricom 26 provider to operate since multiple SMSs (and Kenya’s M-PESA accompanying MNO charges) may be required, even for simple balance inquiries. Moreover, because menus sit on SIM cards, it is harder and more expensive for providers to update them. Some service providers obtain better STK pricing through use of so-called thin SIM technology. STK is unavailable on some Android-based smartphones due to operating system restrictions.25
Photo credit IC4D Blog
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 13 EXHIBIT 4
State Bank of India Java App
State Bank of India’s use of a secure Java- based application on a feature phone to send/ receive encrypted SMS- once the link is clicked, and this removes the based transaction and need for the user to travel to an agent. The update messages.27 small amount of data required for the applet download can be provided at no cost to the customer by a MNO or service provider.31 Usually only one mobile-originated SMS and one mobile-terminated SMS is required per transaction.32 The compartmentalized design of many of these Java applets and applications means that a minimal amount of data (i.e., SMSs) is sent per transaction compared to the stream of SMSs characteristic Photo credit Afternoon Dispatch and Courier of STK access. Similarly, application updates require fewer SMSs than STK. Java applet-based transactions are also secure, using encrypted Java-Based Feature Phone Applications: SMS communications methods to enable Cheaper and Quicker Than USSD end-to-end security. Java-based applications represent a growing alternative access method for MFS using feature phones. The menus are relatively easy In summary, Java-based methods of access to use, with an icon-based user interface that may be less costly for consumers and service makes it easier for semi-literate or illiterate providers and quicker than USSD sessions or users to navigate service menus. mobile data packages in most markets, since Unlike STK applets, MNOs do not need revenue-rich voice channels are not blocked to enable Java applications to operate on as with USSD-based services. their networks, and users can interact and transact with their service provider even Advantages of Java-based Apps without mobile data.28 Users can install a ••Uses bank-grade security small application for MFS access onto a phone ••End-to-end security of transactions between either through Bluetooth or over the air using the handset and the service provider, switch WAP. 29 The Bluetooth loading method known or bank — as different from the cleartext as “sideloading” requires the customer to have characteristic of remote access through USSD a Bluetooth-enabled phone and access to a MFS ••Consent of the MNO is not required to agent, who loads the Java application onto the enable the application to operate on its phone through Bluetooth transfer — a simple network — unlike USSD and STK applets transfer of information between two devices.30 ••The user can complete transactions with the In the over-the-air method, the service provider service provider even without mobile data33 sends the user a WAP download link for the ••Because the amount of data required to set Java application through a simple SMS or up the service is small, MNOs or service through a technique known as “WAP Push.” providers can potentially offer customers the The Java app is installed onto the feature phone download for free
14 CENTER FOR FINANCIAL INCLUSION ••Icon-based menus are relatively easy to This technology is particularly well-suited use — compared to the text-based USSD for merchant or agent use, either through a access — especially for semi-literate users POS device or the merchant’s own handset. ••Only one mobile-originated SMS and one During the transaction, the merchant enters mobile-terminated SMS is typically required an amount on the POS terminal or handset on per transaction the customer’s behalf. The customer enters ••Lower transaction costs for both consumers his or her phone number and PIN. The acoustic and service providers (generally) platform then calls the customer’s phone. The customer answers the call, places the phone Disadvantages of Java-based Apps next to the terminal or agent’s handset, and ••There are fewer Java-based systems a one-time encrypted password is exchanged available for MFS on the market through the non-audible cryptosound between ••These apps do not work on most basic the two devices, completing the transaction. phones and they may not work on all A similar process exists for person-to-person feature phones transfers, as long as the parties hold their ••Systems require an integration point to phones close to each other. the transaction engine through a vendor’s This technology is used by Yes Bank proprietary server to a core banking (India), Pepele Mobile (Democratic Republic system or a switch of Congo), Netcash (Zimbabwe), MoboMoney ••The entire system may be dependent upon (India), UltraCash (India) and Alipay (China). a single technology vendor for both the The system may be especially well-suited transaction server and the Java application. to merchants in India, where there are more Depending on the agreement reached with than 20 million merchants but only one million the vendor, each of the existing service POS machines.36 providers and banks may need to agree to implement the same application from the same vendor Advantages and Disadvantages of Sound-Based Access: ••Well-suited for merchant payments Sound-Based Access: Universally ••Can be used on all types of phones Compatible and Secure, But Somewhat ••Crytpo-based calls can be a more secure Convenient and Relatively Expensive method of doing additional (so-called two- Acoustic-based access technology — also factor) transaction and ID authentication known as sound-based or Near Sound Data than the inherently insecure SS7-based SMS Transfer (NSDT) — is an alternative remote or NI-USSD access technology that aims to be MNO- ••Cost per call for transaction authorization independent.34 With this technology, the may be prohibitive for merchants and microphone of any basic phone, feature phone, customers, relative to smaller data sessions or smartphone can be used for data capture, ••Not dependent on MNO gateway permissions with the standard MNO voice channel acting ••Access may be dependent on a single as the data transporter. Thus, it can be used vendor’s proprietary solution on all phone types. Transaction data is ••Proprietary POS devices may be required encrypted through the phone’s audio channel using cryptosounds.35
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 15 Effect of MNO Coverage on the Spread of Mobile Financial Services
High quality and ubiquitous MNO coverage While much is made of the falling costs provides the lifeblood for MFS success and and rapid adoption of smartphones across evolution. Complete geographic coverage the developing world, the current paucity has strong momentum. In many or most of nationally available higher mobile data countries competitive forces push MNOs speeds remains a bottleneck. That is, while toward nationwide coverage, and regulators 2G-type mobile date coverage may be relatively add further impetus through universal service ubiquitous, high-speed 3G and higher 4G obligations.37 However, nationwide coverage mobile data coverage is not a given,39 and does not necessarily equal nationwide a gap in 3G/4G coverage is characteristic of quality of service. For example, MFS delivered many MFS markets in the developing world.40 through USSD are particularly vulnerable to The scope of 4G connections as compared to poor connections: if the signal is not strong 3G and 2G connections is limited primarily to and steady, sessions are often terminated high income economies, as shown in Exhibit 5. midstream, forcing users to start over. By Coverage is concentrated in urban and densely contrast, STK is mostly a store-and-forward populated areas, and coverage gaps show the communications technique based on SMS extent of geographic inequality of access.41 technology, which although sensitive to a poor The coverage gap, generally, is due in part signal, will in many cases, automatically re- to high infrastructure and spectrum costs for send a transaction message when the mobile 3G and 4G in many parts of the world. Part of signal is stronger.38 the problem is physics: in short, the higher Successful MFS provision requires either the frequency the MNO base station operates high quality on low-speed networks (i.e., on, the shorter its range. Hence, the 2100 MHz for USSD-based systems) or higher-speed frequency range used in most 3G deployments networks, coupled with suitable user interface has a smaller coverage area than 900 MHz and access technologies. The gap in mobile signals used for 2G-type coverage and therefore data coverage provided by MNOs in many MFS needs far more base stations per area than the markets in the developing world manifests 2G-type systems operating at 900 MHz. And itself as a concentration of high-speed mobile while 3G signals can operate at 900 MHz, not data coverage primarily in urban and more all smartphones have 900 MHz 3G capabilities: densely populated areas and along national the norm for GSM-based handsets generally is roads. Outlying and rural areas have just low- 900 MHz for 2G use and 2100 MHz for 3G use.42 speed 2G-type access. This may deter users Coverage gaps also affects phone battery life: without high-speed access from migrating the further away the base station is from the to smartphones, and even customers with handset, the more the handset must search for smartphones may not use smartphone- it, which then drains the battery much faster. based apps, which rely on higher mobile data This effort is especially true with smartphones speeds to provide an optimal user experience. trying to connect to 3G base stations operating Smartphones, on the whole, do not operate at the poor coverage 2100 MHz frequency range efficiently with narrowband 2G-type GPRS (the norm) — the phone always needs to be and EDGE bearer technologies (see Annex A). searching for a nearby base station.
16 CENTER FOR FINANCIAL INCLUSION While much is made of the falling costs and rapid adoption of smartphones across the developing world, the current paucity of nationally available higher mobile data speeds remains a bottleneck.
EXHIBIT 5
Global Connectivity Speed43
Source Facebook, 2016
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 17 Without a shift to reliable 3G coverage, users will remain unable to fully utilize the media- rich features of smartphones. Therefore, for the next several years, vendors and MNOs should cater to feature phones and USSD.
Implementing 3G (and 4G) nationwide If regulators make these new frequency bands becomes a major infrastructure capital cost available, or if they mandate implementation of for MNOs, which may accordingly concentrate 3G coverage (as a minimum) as part of universal 3G (and 4G) coverage mainly in densely service obligations, higher-speed mobile data populated urban areas where they ostensibly coverage will improve over time.47 MNOs may, get a better a return on investment. National however, lack the appetite to provide services on high-speed mobile data coverage may improve these new bands if spectrum auctions or mobile over time, especially if the new 700 MHz licenses costs are too high. frequency bands are made available by A potential, but partial, solution to the regulators, as these have better range than paucity of high-speed mobile data coverage the current 2100 MHz coverage, or if MNOs and associated spectrum may be the use of are mandated to implement 3G coverage LTE-U (unlicensed) mobile data technology, by national regulators as part of national which allows an MNO to provide high-speed universal service obligations.44 LTE coverage in unlicensed — that is, free for Indeed, the next arms race for MNOs and all to use — spectrum. However because of the other new entrants is at the 700 MHz and (high) frequencies it could operate on, LTE-U 800 MHz frequency ranges, which allow coverage is likely to be poor, while mass-market mobile broadband services to be offered at far availability of handsets that support LTE-U is greater coverage areas than the current 900, still a while away. 1800, 2100 MHz frequency ranges.45 The new The limited availability of high-quality, high- spectrum is part of what the International speed coverage, especially in rural areas, has Telecommunication Union (ITU) calls the profound implications for financial inclusion “digital dividend” — the amount of spectrum policy. For the next several years, vendors in the frequency band of 470–862 MHz to be and MNOs should cater to feature phones and released (or “refarmed”) as a result of the global USSD. Without a shift to reliable 3G coverage, switchover from analog to digital TV.46 Lower users will remain unable to fully utilize the frequencies generally mean there is more media-rich features of smartphones.48 This time coverage per base station, fewer base stations frame may differ from market to market, but to cover a specific area, and therefore lower within much of Sub-Saharan Africa, the Indian capital costs overall to provide higher-speed subcontinent and Latin America, USSD is likely mobile data. The propagation characteristics of to dominate until at least 2020. Until provision these frequency bands can facilitate improved gaps in high-speed mobile data are filled, basic mobile broadband coverage in rural areas for and feature phones are likely to predominate in MFS, as well as better indoor coverage in more outlying areas, resulting in less availability of densely populated areas. richer MFS products, such as credit.
18 CENTER FOR FINANCIAL INCLUSION Which Phone for Which Purpose?
Basic and Feature Phones Still Dominate the MFS Market Most BoP users in MFS markets use basic and feature phones. These models constitute Basic and Feature Phones At-A-Glance about 70 percent of the phones used in the developing world.49 Product evolution over the past few years has blurred the hard distinctions between these devices, but in general, basic phones — low-end phones — have limited features, no factory-installed or user-installable third-party applications, and very limited data connectivity (if any).50 Users can, for the most Basic Phone Characteristics Feature Phone Characteristics part, access MFS platforms through basic USSD Photo by: Ian Fuller Photo by: InDIa7 Network and STK technologies. Users’ quality of service ••Low price (range below ••Slightly larger screen size may be reduced due to poor power output and US$6) larger (median of 2.7 inches) antenna design in some of these devices. ••Small screen (1.1 to 1.3 inch) ••Low quality and low Feature phones represent a midway design ••Monochrome or low- resolution screens point, characterized by limited functionality resolution color screens ••Long battery life, 1-3 weeks and proprietary operating systems designed ••Up to 1 week battery life in standby mode either by the phone manufacturer, or as part of while in standby mode ••Factory-installed social an operating system designed by the primary ••Cannot use third party media applications component maker. They are by far the most applications ••External connectivity options common device type worldwide. In India, ••USSD version 2 and SMS for such as 2G-type GPRS/ industry data shows that despite a surge in connectivity EDGE+, and sometimes also shipments of smartphones, around 60 percent ••Some ability to use STK WiFi and Bluetooth of mobile subscribers use feature phones.51 ••Cannot use Java-based MFS ••WAP capabilities Some MFS markets show glacial increases applications ••Dual SIM capabilities54 in smartphone penetration. Adoption within ••GPRS or EDGE as ••VGA-quality camera the East African Community is 17 percent and connectivity or no IP-based ••Minimal memory storage within the Southern African Development connectivity at all (Micro SD card slots for Community it is 24 percent.52 Smartphone ••No Bluetooth memory expansion) penetration rates though are generally higher ••No WiFi ••Slower memory in parts of Asia.53 ••Incompatibility between The expiration of earlier mobile-related feature phone chipsets patents is fueling growth and reducing costs. and no universal Java MFS Many of the initial patents on basic mobile application support phone technology have expired, allowing ••Few implementations of 3G or 4G mobile data support
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 19 EXHIBIT 6
Basic and Feature Phone Use
Percentage of connections, excluding machine-to-machine 80 Sub-Saharan Africa
70 MENA
Asia Pacific 60
Latin America and Caribbean 50
North America 40 Europe
30
20
10
0 2015 2020 (PROJECTED)
Source GSMA, 2016
EXHIBIT 7
Penetration of MFS Technologies on Tigo Network, 2014
Percentage of connections by device type 90 Basic phone
80 Feature phone
Smartphone 70
Modem 60
50 Use of basic phones, feature phones, smartphones and data/Internet of things 40 modem devices on Tigo networks during 2014 in selected African countries (Ghana, Senegal, Democratic 30 Republic of Congo, Tanzania, Rwanda, and Chad) 20
10
0 GHANA SENEGAL DRC TANZANIA RWANDA CHAD
Source Tigo, 2014
20 CENTER FOR FINANCIAL INCLUSION EXHIBIT 8
Emerging Phone Brands and Their Regional Penetration55
ASIA
SUB-SAHARAN AFRICA AND MENA
LATIN AMERICA AND THE CARIBBEAN Mi-Phone (not pictured here) also operates in Sub-Saharan Africa and MENA regions.
manufacturers to add ‘smart features’ to enable Huawei, Lenovo, LG, Oppo, Samsung, Tecno, feature phones to resemble smartphones. Vivo, Xiaomi and ZTE).58 Some other newer Subsequently, mobile phone manufacturers brands that now have significant global market no longer have to pay licensing fees to former presence include AG, Blu, Doogee, Hisense, Itel, patent holders. (Devices can involve thousands Maxwest, Meizu, Micromax, M-Phone, Nubia, of patents, for example, royalties related to Oneplus, Oppo, Plum, Prestigio, Symphony, TC, internal memory storage and RAM.)56 This, Tecno, Torque, Viettel, Vivo and Yezz. In many coupled with improvements in component cases, these devices may derive from the same manufacture of all-in-one system-on-a-chip factory, with some customization of the user (SOC) technology (see Exhibit 15), has led to interface or some technical specification for a a flood of phones and tablets entering the particular brand. This manufacturing, branding market from newer manufacturers that are and distribution arrangement is typical for rapidly displacing the established brands that many electronic devices made in China. dominated the early days of modern GSM The average selling price for smartphones mobile communications.57 across Sub-Saharan Africa was US$160 in The first SOC-based mobile phones 2015, down from around US$230 in 2012.59 appeared in 2005–06, primarily from Chinese An analysis of smartphone pricing in first and Indian phone manufacturers, who now quarter of 2017 indicates that prices have represent six of the global top ten smartphone dropped even further, with some entry-level manufacturers (the top brands at the end of Android-based smartphones priced at around 2016 were Alcatel, Apple, Coolpad, Gionee, US$30 or even less.60
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 21 regularly. The GSMA estimates that while basic EXHIBIT 9 and feature phones currently represent 50 Billboard for Oppo Smartphones percent of the market, by 2020, the percentage 63 in Bali, Indonesia61 will drop to 30 percent. Considering this, MNOs, vendors and service providers need to continue to support basic phones via USSD and STK for MFS access for the foreseeable future.64 Basic phones provide primarily only voice and SMS, and feature small (1.1 to 1.3-inch) monochrome or low-resolution color screens. They may or may not use (at least) GPRS or EDGE bearer services. A basic phone cannot load any applications such as Java applications.
Basic phones are typically characterized by: ••Low price (range below US$6) Photo credit Leon Perlman ••Small (1.1 to 1.3 inch) monochrome or low-resolution color screens ••Usually up to 1 week standby time (battery life while in standby mode), which Devices are catered to specific market is ideal for places with limited electricity. segments. MFS platform vendors and service Some models launched in 2017 claim providers cater their products and services up to a month standby. towards the access mechanisms characteristic ••Cannot use third party applications of their respective markets. Thus, while users ••USSD version 2 and SMS for connectivity in the developed world use mobile payment ••Some ability to use STK and banking apps for 3G/4G smartphones, ••Cannot use Java-based MFS applications users in the developing world use slower ••GPRS or EDGE as connectivity or no (narrowband) 2G-type access mechanisms, IP-based connectivity at all primarily text-based user interfaces such ••No Bluetooth as USSD, STK, and to some extent, WAP. ••No WiFi Some MNOs are now offering Internet-based apps for smartphones in the developing Feature Phones: Growing More world, even though in many cases there is Popular and Getting Smarter no national 3G/4G mobile data coverage and Feature phones are perennially popular the smartphones in use have below-average and remain the primary means of access specifications. For example, some lack high- for most MFS-based systems in the world.65 speed 3G mobile data capabilities; touch-screen Since they operate primarily with 2G-type sizes are small and of low resolution; there connectivity, they can be used in a wide range is a lag in executing touch screen commands of geographies where high-speed 3G/4G mobile which may induce ‘fat finger’ data input data coverage is not yet available. mistakes by users (in which an error is caused Feature phones are usually low-specification by accidentally pressing the wrong key); devices, with many lacking 3G/4G access or processors are relatively slow; internal storage touch screens. However, most feature phones memory and RAM memory are minimal; and produced since 2008 have Bluetooth, WAP- battery life is limited.62 based phone browsers, an ability to install and run Java applications, and a camera. In addition Basic Phones: Still Widely Used to USSD, feature phones can usually run STK- There is a large base of basic phones installed based applications that provide secure access worldwide, with new models released to MFS platforms, such as M-PESA in Kenya.
22 CENTER FOR FINANCIAL INCLUSION EXHIBIT 10 EXHIBIT 11
Characteristics of Phone Types Needed for Various MFS Services Basic Nokia Phone67
The first four services are fundamental MFS activities.
MFS ACTIVITY BASIC FEATURE SMART
Check balances Y Y Y
Person-to-person transfer Y Y Y
Cash in/cash out Y Y Y
Pay bills Y Y Y
Secure transactions Y Y Y Photo credit Ian Fuller
Electronic Know Your Customer N Y Y verification with camera EXHIBIT 12
Agent location N Y Y Nokia 220 Feature Phone68
Interactive assistance N N Y
Change profile N N Y
Easily add beneficiaries N N Y
Online shopping N N Y
Spending dashboard N N Y
Transaction dashboard N N Y
Add funds via Visa/MasterCard N N Y Note the Facebook and Twitter applications.
Agent rating system N Y Y Photo credit InDIa7 Network One-touch transaction dispute query N N Y
NFC payment66 N Y Y
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 23 Many Chinese and Indian manufacturers feature phones already incorporate popular produce basic feature phones, and they are sold factory-installed social networking facilities in markets, small stores and online markets such as Twitter and Facebook, but do not within unsubsidized price ranges of US$7 to offer many other applications for customer $30, depending on the particular features. installation. An influx of “smarter” feature phones, e.g., supporting NFC and 3G and sold Feature phones are typically characterized by: as part of a larger phone portfolio by some ••Dual SIM capabilities69 (when dual SIM manufacturers, is emerging. phones are lacking many people purchase Due to low manufacturing costs, feature two phones) phones are affordable for low-end to mid-range ••VGA-quality camera customers who cannot afford smartphones. ••Micro SD card slots for memory expansion Like basic phones, there is a large base of ••External connectivity options such as feature phones installed worldwide, with 2G-type GPRS/EDGE+, and sometimes also new models constantly being released. All WiFi and Bluetooth stakeholders — MNOs, service providers, ••Factory-installed social media applications policymakers and regulators — must take note ••Long battery life — up to one week or even of the feature phone’s widespread prevalence, more of standby time — which is well-suited affordability, popularity and suitability for MFS, for MFS. Models launched in 2017 claim up and therefore continue to support USSD and to three weeks of battery life. STK for MFS access for the foreseeable future. ••WAP capabilities ••Screen size between 1.4–4 inches, with a Smartphones: Developing Markets median of 2.7 inches Are Slowly Embracing Them As the data show, smartphones are Drawbacks include: increasingly used on mobile networks around ••Minimal memory storage the world.73 The prices of these devices ••Slower memory have dropped considerably; a low-end entry ••Lower-quality and low resolution screens smartphone now costs around US$30 or ••Incompatibility between feature phone even less.74 Smartphone penetration will chipsets means that there is no universal significantly increase as new brands worldwide Java MFS application support, so that service sell cheaper devices using a new breed of all- providers must cater to both non-Java and in-one SOC chipsets. From a competitive policy Java-compatible feature phones. perspective, an advantage of smartphones is ••Few implementations of 3G or 4G mobile that their use of over-the-top (OTT) Internet- data support based, customer-installed MFS apps can circumvent competitive restrictions related to Feature phones sometimes operate on USSD and STK access (though net neutrality proprietary operating systems or mass-market issues may yet emerge).75 operating systems, predominantly from chip Smartphones provide the most promising manufacturers Mediatek and Spreadtrum. alternative for enhanced service offerings Despite this, not all feature phones support and integration into merchant and payment third party software. However, if they do, infrastructures. Most smartphones use a they run applications on Java or similar variant of Google’s Android operating system,76 software or are made for the proprietary and the devices allow OTT apps to be installed operating systems of the feature phone.70 for MFS and mobile banking, and NFC-based Indeed, the most common Java “application” payments to merchants. Smartphones platform across feature phones is the Java can accommodate a range of enhanced 2 Platform, Micro Edition (J2ME) software features from agent location mapping, to environment.71 However, this is not universal, identity capture and user authentication since some phone chipsets support application using built-in biometrics, which may prevent development alternatives such as Mediatek’s many users from accessing many basic and MAUI Runtime Environment (MRE).72 Many government services.
24 CENTER FOR FINANCIAL INCLUSION All stakeholders — MNOs, service providers, policymakers and regulators — must take note of the feature phone’s widespread prevalence, affordability, popularity and suitability for MFS, and therefore continue to support USSD and STK for MFS access for the foreseeable future.
Moreover, with the advance of smartphones, ••Not all smartphones sold in developing MFS customers are in for significant user markets have 3G (or higher) capabilities, experience and user interface improvements, often because the manufacturer wants especially when compared to the fixed-menu to save on 3G chipset licensing costs text designs of USSD and STK.77 Large touch- in price-sensitive markets.80 One screen displays allow for more interesting, royalty calculation — based on total informative and interactive customer announced rates for mobile-related interfaces. Smartphones are likely to be the royalties — estimates this cost at about choice of mostly urban MFS users, where 5 percent per smartphone.81 Lack of 3G devices can easily be recharged and high- coverage, as previously explored, may lead speed mobile data access is readily available. to a sub-standard UX and drive customers Some challenges, however, may help away since most MFS and mobile banking explain the relatively slow pace of smartphone applications use rich media and require adoption in many emerging markets. Many higher-speed connectivity to operate.82 smartphones in MFS markets are of low specification, which may impede user uptake: ••Not all apps are usable across all Android versions. Design changes across ••Sizes of the newest MFS apps touch the the various Android versions are not upper limit of available storage space necessarily backwards-compatible to on devices whose RAM — the amount of previous versions, so the latest version of phone memory available — is sufficient to OTT Android-based MFS app may not work run only a few applications efficiently and on an older Android phone.83 For example, whose internal storage can only contain smartphones using the older Android a few applications. 2.3 operating system released December 2010 are no longer supported by many app ••Poor battery life is incompatible with makers today. the always-on functionality of MFS. ••Updates to apps or to the Android ••Touch screens are low resolution and system itself may be problematic. Many relatively fragile, causing frequent smartphones lack the internal memory ‘fat finger’ mistakes. capacity to be able to upgrade to the latest operating system version.84 Moreover, ••Although the UI and UX are enhanced, users because they are large files, Android in some markets may be intimidated by updates and MFS apps are expensive to the complexity.78 When such problems are download. Customers frequently bear detected, service providers should provide the associated data costs, although some training for their agents and customers on service providers and MNOs provide their the use of these apps or simplify the apps.79 MFS app download for free.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 25 EXHIBIT 13
Smartphone OTT MFS Applications: GCash, Bkash, Tigo and MTN
Tests during the course of 2016 and 2017 indicate that the latest versions of these MFS-oriented Android smartphone over-the-top (OTT) apps available on the Android Play Store from GCash, Bkash, Tigo and MTN were not compatible with a Huawei/Vodafone 858 released in 2012, nor a Samsung GT-S6500 Galaxy Mini 2 released in 2013. Most of the apps on the Android Play store checked in March 2017 required Android version 2.3 or higher and required more than 2MB of available storage space on the device to download and install.
Source Google Play Store, 2017
Hybrid “Smart Feature Phones:” An Emerging Trend EXHIBIT 14 A curious trend during the course of late 2016 Example Hybrid Smart Feature Phone is the emergence of a new hybrid phone market segment straddling in between feature phones and smartphones. These, what we term “smart A new market segment feature phones,” usually have small non- of hybrid “smart feature touch, low-resolution displays; small memory phones” is emerging in capacity; a phone keypad characteristic of the developing world. basic and feature phones; support 3G/4G; The Wellstec F18 smart and use the latest Android operating system. feature phone shown here The 3G-only versions of these hybrid phones has 4G, 256 MB storage sell for under US$25. Exhibit 14 shows one memory, a small 2.4 inch of the first of these new hybrid phones. non-touch display, and uses Android 6.0 OS.85
Photo credit Leon Perlman
26 CENTER FOR FINANCIAL INCLUSION Mobile Phone Components and Their Impact on MFS
Mobile phone prices have dropped significantly components onto a single silicon chip, has with the expiration of key patents as well as the spurred the emergence of new mobile phone emergence of system-on-a-chip components brands that use these chipsets to produce that integrate most of the critical mobile phone cheap basic, feature and smartphones (see features onto a single chip. The user experience Exhibit 15).86 SOC technology has dramatically is also enhanced by improvements in phone lowered phone production costs while display size and resolution, as well as enhanced improving performance. In addition, the battery technologies. These improvements newest processors are faster and allow for allow customers to sustain their ability to multitasking, and they extend battery life access mobile networks and MFS products and because they use less power. funds. While most basic and feature phones are At the ‘core’ of the SOC is the central robust, many of the smartphones introduced processing unit, which mediates the efficiency, into developing markets by new device feature, and performance of the device. The manufacturers are of relatively low quality more cores on a SOC, the faster they can split compared to the developed world models, but up the power needed to operate multiple designed to facilitate an affordable price entry point. In particular, their touch screens are power-hungry and reduce battery life; they are fragile; and there is often a lag time on the EXHIBIT 15 touch screens. These shortcomings limit access Phones on a System-on-a-Chip (SOC) to MFS, cause mistakes in entry, and lead to costs for users due to breakage. The message that we have emphasized repeatedly is again Mobile phones released since 2006 use system-on-a-chip underlined here: MFS based on feature phones (SOC) chips, which integrate most of the critical mobile phone are a strong alternative for the present, while components onto a single component. A SOC can contain the smartphones have some distance to travel central processing unit (CPU), some memory for processing before they will be cost-effective and robust applications, graphic processing unit (GPU), and the mobile enough to support MFS for lower-end users. radio system (2G/3G/4G, or WiFi, GPS/GLONASS or Bluetooth).87 One important development with MFS Because a single SOC is much cheaper to produce than its implications that speaks for smartphones is individual components, this has led to a surge in manufacturing, display and camera technology that can be particularly for basic and feature phones with enhanced capabilities. used for biometric-based identity capture and Among the relatively new SOC manufacturers, Mediatek authorization, which can allow for the easier and Spreadtrum dominate the market for feature phones.88 onboarding of MFS customers and increased For smartphones, the predominant manufacturers are Apple, access to government and other social services. Qualcomm, Texas Instruments, Intel, Samsung, ARM and Mediatek. It appears that some Mediatek feature phone SOCs will not System-on-a-Chip (SOC) Technology run standard Java applications used in MFS, requiring bifurcation Revolutionizes Phone Design of application development for use on feature phones. The emergence of the system-on-a-chip (SOC) concept, which incorporates a number of individual but complex mobile phone
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 27 EXHIBIT 16 EXHIBIT 17
Relative Costs of Components to Build a Mid-Range Smartphone 89 Worldwide Smartphone Sales by Operating System in Third Quarter of 2016 90
USD $200 Camera
Connectivity $180
Core electronics
$160 Display/touch panel/glass
$140 Final Assembly/test
Memory
$120 Other electric plus mechanicals
$100 Power
Sensors $80 87.5% Android (Google)
12.1% iOS (Apple) $60 0.3% Others
$40 Source Linda Sui, 2016
$20 Mobile Phone Operating Systems $0 The evolution of mobile phone operating COMPONENT COSTS systems has allowed feature phones to add additional (albeit limited) functionality, and Source Scott Adam Gordon, 2015 for smartphones, to extend the utility of these devices beyond just telecommunications and related features. For feature phones, operating applications and processes on a device, and systems have been developed based on the hence, the better the performance of the remnants of the venerable Nokia mobile phone device.91 While feature phones usually only empire, as well as proprietary yet customizable have one core, smartphones can have dual- operating systems from SOC manufacturers cores, quad-cores, hexa-cores, and even Spreadtrum and Mediatek. Most feature phone octa-cores.92 The more cores, the more the operating systems are proprietary, and do features and increase in processing power. not allow for the installation of third party The SOC and other critical components apps. New hybrid smart feature phones using make up the bulk of the phone cost. Exhibit 16 Android OS may however alter that paradigm. provides a breakdown, for example, of the costs Mediatek’s MRE and Series 30+ operating associated with the manufacture of a mid-range systems, for example, are based on the chipsets smartphone: the three most costly aspects of incorporated into the majority of feature a handset are the electronic (mainly memory) phones released since 2010.94 Some have built- components (at around 20 percent), the display in apps. Twitter and Facebook, for example, (20 percent), and the SOC (25 percent) (note that have factory-installed their applications in the battery is not very expensive).93 phones running MRE.95
28 CENTER FOR FINANCIAL INCLUSION Nokia operating systems remain from needed. Entry-level smartphones introduced Nokia’s halcyon days when its Symbian feature into many markets have very poor battery phone operating systems powered most capacity and poor usage times. phones around the world.96 There will certainly Longevity of battery life is not just measured be user defections from phones using these in standby time and milliamp hour (mAh) OSs as a result of instant messaging giant storage capacity, but also through the batteries’ WhatsApp having discontinued support for the ability to withstand real-life conditions such Nokia S40 and Nokia Symbian S60 operating as heat and constant non-standard recharge systems at the end of 2016.97 There is, however, cycles.101 Feature phones and basic phones, with support for WhatsApp on Java-based phones.98 small screens and 2G-type technology, often For smartphones, Google’s Android have standby and usage times of multiple days operating system dominates over Apple’s iOS, and weeks, while smartphone usage time is, at Microsoft’s Windows Phone, the BlackBerry best, usually less than 48 hours. Poor battery operating system, Samsung’s Tinzen, and performance may be mitigated somewhat by another Nokia-derived operating system the use by customers of a second, charged remnant, Sailfish.99 However, apps written battery, which some manufacturers include in for newer Android versions may not be the box. The trend however — especially in the compatible with older Android phones. mid-and higher-end — is towards handsets with non-removable batteries. Fake batteries, also a Mobile Phone Memory factor in these markets, pose a health hazard: Capacity Constraints they have been known to explode.102 Mobile devices have two memory types: ‘flash’ To keep prices low, many feature phones memory for storage of user information and have battery power as low as 400 mAh.103 For a applications, and random access memory smartphone to last at least a day with moderate (RAM) to facilitate the execution of apps.100 use, it needs battery power of at least 2300 Some cheaper smartphones have just 512 MB mAh. Low-end smartphones at prices below of available storage and 512 MB of RAM, not US$35 with 4-inch displays, however, tend to enough to store MFS and user-selected apps. have a battery capacity below 1300 mAh, giving Skimpy RAM capacity is detrimental to MFS them a theoretical standby time around 48 because low RAM can result in an inferior user hours, which in practice may be far less. When experience and an inability to run critical apps, a user deliberately downgrades a smartphone’s while low internal storage may prevent the 3G mobile data access to 2G-type technology, installation of some MFS-oriented apps and the battery life of the device increases over-the air upgrades of some phones. substantially.104 The awareness and technical For example, Airtel Money Uganda requires literacy to alter these settings, however, is not 1.5 MB storage space; Tigo Pesa Bolivia always available.105 requires 7.6 MB; GCash Philippines requires Improvements in battery life occur very 6.4 MB; bKash Bangladesh requires 2 MB and slowly. Usage improvements are more likely to Android 3.0; MTN Money Cote d’Ivoire requires come from more power-efficient SOC chips and 2 MB; while Zain Jordan’s app requires 4.7 more power-efficient displays. MB. These (and other) apps have to compete for storage space with factory-installed Display and Camera Technology “bloatware” — superfluous third party apps, While manufacturing innovations are improving which the manufacturer is paid to install. the performance of mobile phone displays, tradeoffs remain between performance, Battery Technology Affects cost and battery life. Predictably, for low-end Sustained MFS Use smartphones, performance is often sacrificed to An important factor for MFS is the need for cost — with direct implications for MFS. devices to have sustained access to the mobile Depending on phone type and sophistication, network operator. This requires batteries with one of several basic types of display the ability to provide reliable and long-lived technologies may be used (see Exhibit 18).106 power. Poor battery life may cut off user access Some displays may use less sensitive first to MFS systems and funds when they are most generation capacitive touch technology, rather
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 29 mobile phone displays to have biometric EXHIBIT 18 capture and authentication technologies Battery Technologies Used in Mobile Phones built-in, allowing fingerprints to be captured for e-KYC purposes and authenticated for transaction purposes by simply pressing on Most feature phones and low/mid-range smartphones use lithium the display glass. These techniques may avoid ion (Li-Ion) batteries.107 Higher-end smartphones tend to use newer complications in capture characteristic of high-capacity lithium-polymer batteries. tactile-type fingerprint capture components on phones that are usually caused by Lithium ion environmental factors. This technology allows for very high charge capacity relative to Phones with iris scanners using high- the size and weight of the battery. These batteries first appeared resolution built-in cameras are also emerging: in mobile phones in the late 1990s and have advanced for use the LYF Earth 2 Smartphone as well as the in smartphones with higher capacities. These higher capacities, (now discontinued) Samsung Galaxy Note 7 however, make lithium ion more fragile and thus require a both have iris scan features, with many others protection circuit to maintain safe operation, which in turn emerging during the course of 2017. Recognizing results in lower battery capacity when used in feature and basic the trend, the Universal Identification Authority phones. Self-discharge is less than half compared to nickel-based of India — the entity that controls the successful batteries, but they tend to discharge more if used in temperatures Aadhaar biometric-capture ID system — is above 15 degrees Celsius.108 providing application programming interfaces (APIs) — seamless technology interfaces — to Lithium polymer allow these and other iris-enabled mobile Lithium polymer (LiPo) batteries are the most advanced batteries phones to capture and verify users. available on the market, with up to 40 percent greater use capacity Manufacturing data for feature phones than nickel-based batteries. They are usually cased in plastic, shows a steady demand in shipments, making them thinner and lighter than other battery types. They suggesting strongly that the projected also do not suffer from memory effect, a battery chemistry pivot to a majority smartphone presence in artefact which reduces performance. MFS markets has not occurred. Exhibit 20 shows display panel manufacturing statistics for 2015, indicating steady demand for the shipment of display panels smaller than three inches — characteristic of feature than the newer ‘in-cell’ and ‘on-cell’ technology phones — over the course of 2015 due to where the touch sensors are embedded inside increasing demand in the feature phone the display rather than in a separate touch market. This appears to correlate with sensor layer on top of the display.109 This again findings of previous studies and in situ market may create a poor user experience. investigations showing the dominance of Overall, lower manufacturing costs allow feature phones in the developing world. for lower-cost, higher-resolution mobile phone While this may reflect a general increase displays with lower power consumption and in market size for all devices due to general hence better standby and usage times. However, growth and a need for replacement feature entry-level smartphones introduced into MFS phones, these manufacturing statistics do markets use cheaper display components that not support market projections that have consume more battery power and are easily smartphones overtaking feature phones in MFS damaged. These cheaper models may bring markets by 2020.110 Data showing feature phone further user annoyances (and impediments to distribution during the course of 2016 bolsters uptake), such as ‘fat finger’ input errors due to the view, with feature phones still showing small screens and prohibitive costs for simple robust sales. Indeed, Nokia (as part of its new repairs to cracked phone screens. brand licensing agreement with HMD Global) in One of the positive developments for MFS February 2017 released a feature phone version in this area is the advent of technology for of its venerated Nokia 3310 basic phone that biometric ID capture and authentication. was first seen 2000, and now sporting a color Technologies are emerging that will allow display and camera.
30 CENTER FOR FINANCIAL INCLUSION EXHIBIT 19
Display Types and Specifications Used in Mobile Phones
LCD is the predominant technology used in basic phones, AMOLED is a new technology that uses organic materials and newer types use less power. LCD is used now mostly in to allow for faster and more precise control of the monochrome or low color saturation displays in basic phones. image needed for higher definition smartphone displays with a lot of pixels.113 Many of the newer smartphones TFT-LCD is an active-matrix LCD found on low-end use a next-generation version: Super AMOLED. smartphones, basic phones and feature phones.111 Each pixel on a TFT-LCD has its own transistor on the glass itself, Display sizes range from 1 to 1.3 inches for basic phones, offering more control over the images and colors. However, from 1.4 to 4 inches for feature phones, and from 3 inches TFT-LCDs offer relatively poor viewing angles, and consume to ‘phablet’ sizes of 7 inches or higher for smartphones. more power than other display types. Display resolutions range from QQVGA (160x120) and QVGA (240x320 pixels) resolution for basic IPS-LCD is a variant of TFT-LCD, offering thinner displays phones, HVGA (320x480 pixels) resolution or less for and better viewing angles. It requires a more powerful feature phones, to WVGA (800x480 pixels) or FWVGA backlight, which while delivering more accurate colors (854x480 pixels) resolution for low-end smartphones, and allowing the screen to be viewed from a wider angle, and QHD (1440x2560 pixels) resolution or higher for consumes more power.112 higher-end smartphones.
EXHIBIT 20
Feature Phone and Smartphone Component Shipments, 2015
Display panel shipments (in thousands of units) Feature phone Smartphone 180,000
160,000
140,000
120,000
100,000
80,000
60,000
40,000
20,000
0 JAN-15 FEB-15 MAR-15 APR-15 MAY-15 JUN-15 JUL-15 AUG-15 SEP-15 OCT-15 NOV-15 DEC-15
Here, feature phones refer to those with displays of three or more inches. As evidenced in the above chart, feature phones are holding their own, despite earlier projections that smartphone growth would drive out feature phones.114
Source David Hsieh, 2016
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 31 Technology Fraud and Security
An emerging but relatively under-appreciated ••Inability to receive over-the-air updates trend in MFS is the growing problem of from MNOs or service providers to set up the counterfeit phones and components, such phone with correct mobile network settings as displays and batteries. A closely related problem is the illegal resetting of identifying ••Performance degradation, including a characteristics of stolen phones to allow for high percentage of dropped calls, failure their resale. Unwitting users who buy fake or to access the network, handover problems stolen phones may find that MFS do not work and low reliability on the devices they have paid for. The effects of fake phones on MFS customers include: ••Failed warranty and technical support ••Blocking of the handset by a regulator/ industry blacklist, preventing access to MFS-based funds EXHIBIT 21 Unique International Mobile Equipment Identity (IMEI) Verification ••Potential hazards such as battery explosions and exposure to high levels of radiation116
At the top, a genuine ••Increased incidences of malware, spyware IMEI number found on a and viruses117 sticker inside a feature phone. Inputting the There are two types of phone technology fraud. discovery code *#06# First, bad actors can reset a phone’s 15-digit will show that the original unique International Mobile Equipment Identity IMEI number has been (IMEI) number — a type of serial number — to replaced with a set of a set of zeros or a random 15-digit number.118 zeros (on the bottom). The IMEI is used to check information such as These changes hide the phone’s country of origin, manufacturer the phone’s true identity.115 and model number. Second, counterfeiters, particularly in Asia, manufacture phones that on the exterior have the look and feel of popular and expensive brands, but do not run the brand’s operating system.119 The problem is growing: these phones — often called Shanzhai, or “bandit” phones — have been estimated to make up 15 to 20 percent of the global market in terms Photo credit Leon Perlman of units sold.120 The Mobile Manufacturers Forum — a consortium of companies that
32 CENTER FOR FINANCIAL INCLUSION make mobile devices — reported that there were almost 150 million counterfeit phones EXHIBIT 22 121 sold globally in 2013. The Organization for IMEI Command Economic Co-operation and Development (OECD) estimated that the total value of internationally traded counterfeit and pirated Use of the *#06# products has increased significantly: in 2013 it code to discover reached a value of US$461 billion, equivalent to a handset’s the GDP of Austria.122 IMEI number A phone always broadcasts its IMEI number to an MNO when it connects to that network, which is checked and stored in the MNO’s Equipment Identity Register (EIR). Knowing the IMEI number allows a MNO to remotely configure the phone with correct network access settings. If an MNO cannot properly identify the phone and model, that customer Photo credit Center for Financial Inclusion may not be able to obtain network access and configuration settings generally and for MFS such that the phone may not work properly on a syndicate operating in a country. If a trend that network. emerges with thousands of these identical The only way to determine a phone’s IMEI numbers appearing, or if specific IMEI authenticity is to run an inquiry of the numbers associated with stolen or lost phones IMEI number through a national or are identified, the MNO may then blacklist international database of stolen or fake (prevent use) or graylist (monitor use) these phones, usually administered by the national phones depending on their internal policies telecommunications authority or through the or instructions from a national authority. GSMA’s international IMEI database. For users, The impact on MFS is this: if a MFS the IMEI number is revealed by typing the customer’s phone is blacklisted without notice, sequence *#06# on the handset. This number access to stored funds may be cut off. This can be provided to the police or insurance has happened in a number of countries companies if the phone is lost or stolen so that following instructions from national it can either be traced or blacklisted. MNOs authorities to MNOs to turn off en masse can block a phone from use on its network if phones with identical or zeroed IMEI numbers IMEI number is associated with a phone that (See Annex B for country examples). When has been reported lost or stolen or if the IMEI this happens, customers lose the value of number appears suspicious.123 their blocked phone, and must then purchase Suspicious IMEI numbers appear because a new phone and place their SIM card in the bad actors try to circumvent potential new phone to re-access their MFS accounts. blacklisting of a stolen or lost phone — which effectively makes their bounty unsellable — by Vulnerabilities to Bad Actors using off-the-shelf technology to easily reset A number of vulnerabilities to bad actors can the IMEI and replace it with a fake one. Tigo, potentially disrupt systems and cause data and which has MNO properties in many developing financial loss to MNOs, service providers and countries, estimates that nearly 10 percent their customers.125 These vulnerabilities occur of the device types on its networks are at both the MNO and customer levels. MNO- unidentifiable, mostly within Chad (63 percent) level vulnerabilities include Signaling System 7 and Senegal (15 percent).124 This is often a game (SS7)-based and USSD-based exploits and man- of cat and mouse: MNOs will check their EIR in-the-middle attacks using “IMSI catcher” database and oftentimes thousands of phones hacking devices. Customer-level vulnerabilities on their network will have identical 15 digital include MFS application tampering and phone IMEI numbers, usually indicating the work of number spoofing.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 33 ventilating these risks should provide an EXHIBIT 23 impetus toward appropriate planning and risk How the Signaling System 7 (SS7) Vulnerabilities mitigation. Indeed, there are often ways at both Are Made Possible the SS7 and handset levels to mitigate many of these vulnerabilities.
Most attacks on SS7 are based on designs inherent Vulnerabilities in Signaling System 7 (SS7). As in modern mobile networks that enable customer noted earlier, SS7 forms the connective tissue mobility (i.e., roaming). To facilitate roaming, a seamless of most telecommunication systems, allowing exchange of customer information between MNOs mobile and fixed line networks across the globe is required, and this is achieved with SS7 messages to seamlessly interact and, crucially, to allow exchanged between the networks.126 effortless mobile roaming across MNOs.128 The However, this means that attackers with SS7 need to facilitate roaming however creates access anywhere in the world can use inter-MNO SS7 vulnerabilities within these networks and communications to send fraudulent SS7 messages that affects the core network and base stations give them access to the core network functions of the at the extremities of the networks. SS7 attacked MNO, exposing consumer information and vulnerabilities can be exploited through Mobile facilitating potentially fraudulent financial transactions. Application Part (MAP), a core mobile phone When SS7 was introduced in 1975, it was not designed network interface component that uses SS7 with security in mind, as the only participants in and which powers USSD as one of the primary international SS7 interactions at the time were trusted customer user interfaces for MFS access. (mainly state-owned) fixed-line telecommunication MNOs must allow for the receipt of SS7 operators.127 It was thought that these trusted operators messages from external networks when a would not cause or allow security breaches. Use of SS7 mobile customer wants to roam and the foreign by bad actors today are therefore not “hacks” per se, but MNO needs to acquire consent from the home exploitations of SS7’s inherent lack of security. MNO. The constant business need of MNOs to interact with external SS7 networks makes filtering SS7 messages networks difficult, but not impossible. Many MNOs now use filtering hardware and software to block unnecessary and potentially System-wide SS7-derived vulnerabilities rogue SS7 requests from external sources. at the MNO-level can affect multiple mobile Common characteristics of SS7 attacks include: and MFS customers, and individual customers can also be targeted directly, compromising ••Attacks are based on legitimate SS7 their SIM cards, handsets and MFS accounts. messages, for example, by hijacking Customers can also introduce vulnerabilities requests to allow customers to roam. When by downloading various apps. Threats can arise networks filter SS7 messages to block from poor app design, resulting in the exposure intruders, this poses a business revenue of customer data, or from apps embedded with risk and may negatively impact the overall malware that is used to extract user data and/ quality of service. or steal balances. In addition, threats can come from viruses inadvertently downloaded from ••An attacker does not need sophisticated websites. Similarly, bad actors can emulate a equipment: a Linux-based computer and trusted caller ID and call the MFS customer publicly available software for generating to attempt to extract personal MFS and bank SS7-based packets suffice. credentials, often resulting in financial loss. It is difficult to surmise how often such ••After an initial attack using SS7 commands, risks will actually be exploited and how much the attacker can execute additional attacks financial harm will result. Nevertheless, using the same methods.129
34 CENTER FOR FINANCIAL INCLUSION EXHIBIT 24
Intrusion Vulnerabilities and Exploits in MFS and Mobile Networks130
Percentage of successful SS7 attacks, as performed by a group of security experts 100
90
80
70
60
50
40
30
20
10
0 OBTAINING STEALING HIGHJACKING TRACKING EAVESDROPPING BALANCE DATA SUBSCRIBER DATA INCOMING SMS LOCATIONS ON CONVERSATION
TYPE OF SS7 AND/OR USSD EXPLOIT The percentages indicate the most prevalent types of exploits of SS7 and USSD that have been reported globally via the ITU.
Source Dmitry Kurbatov, 2016
Insofar as it may affect MFS, this SS7-derived customer’s SMS messages and request the vulnerability is a general problem for all USSD- customer’s account balance. The attacker based mobile access systems since bad actors can even initiate a transfer of funds from the with relatively basic telecommunications target MFS customer’s account to the attacker’s skills have the potential to perform intrusive MFS account. While this risk could be mitigated attacks that can lead to customer financial loss, through two-factor authentication via a data leakage or disruption of communication one-time password (OTP) sent via cleartext services. The majority of intrusions actually SMS in parallel with a USSD-based MFS or perpetrated appear to involve theft of customer banking session, even an OTP intended for a login credentials, interception of customer customer under attack may never reach the records, and monitoring of customer calls, intended customer, or may be intercepted by SMS and data. an attacker en route.132 Using SS7 requests, a bad actor can also Because of these SS7 vulnerabilities, pose as a SMS center — the MNO core network the U.S. National Institutes of Standards component that acts as a post office for SMS and Technology has recommended that SMS messages — to obtain the international mobile not be used for any authentication purposes subscriber identity (IMSI) and even location of for financial transactions. Its recent briefing the target customer.131 The bad actor can also calls SMS “usable, but regarded as obsolete gain access via SS7 to all SS7 traffic relating and best avoided.”133 to that particular IMSI and can intercept a
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 35 MNOs and service providers need to implement risk management frameworks to anticipate, prevent, resolve and mitigate the effect of any intrusions into their systems, and regulators need to revise and update their rules to ensure clarity about roles and responsibilities.
Fake Mobile Base Stations Undertake suspicious.137 An MNO, regulatory authority Man-in-the-Middle Attacks or national intelligence network can operate Bad actors can use fake MNO base stations a mobile ICC placed in a surveillance truck. called “IMSI catchers” (also known as Alternatively, a MNO or telecommunications “stingrays”) to extract customer data over the regulator can utilize a network of stationary air at the edge of a mobile network. The IMSI measurement units installed on rooftops in a catcher allows a bad actor to impersonate an specified geographical area to constantly scan MNO, connecting to the customer’s handset frequency bands for cell announcements and and capturing all data sent to and from the detect any mobile network parameters that handset. These relatively easy-to-build devices arouse suspicion. Another emerging method take advantage of SS7 vulnerabilities and of detecting fake base stations is to check for exploit the fact that the GSM A5 encryption signs (“fingerprinting”) of IMSI catcher activity technologies designed to keep information at the MNO level.138 safe over GSM networks have largely all been compromised.134 Unsecure Mobile Applications In most countries, special permissions May Compromise User Funds are required to import and operate IMSI MFS applications and user interfaces on feature catchers as they are ostensibly only to be phones or smartphones are the primary means used for law enforcement purposes. In South by which customers interact with the MFS Africa, for example, the devices fall under a ecosystem.139 Handsets and applications may category of equipment designated for national however have design deficiencies that attackers security interests and can only be bought can exploit, which may compromise access with presidential authorization.135 Despite control and authentication, data confidentiality, these ostensible precautions, commercial IMSI privacy and integrity, and service availability. catchers have made their way into the wild. Some applications are vulnerable due While originally intended for law enforcement, to the lack of PIN authentication prior to advances in technology now allow anyone to sensitive operations, such as checking one’s build an IMSI catcher for less than US$1,400. balance or paying bills online. Bad actors A classic man-in-the-middle-attack can lead can tamper with these transaction details, to loss of customer data and can compromise ultimately calling into question who performed an MNO’s systems. the transaction. Applications that do not There are currently only a few ways to support digital signatures cannot provide non- detect the presence and use of IMSI catchers.136 repudiation guarantees when transactions A number of providers have developed are performed.140 And incorrect use of key so-called “IMSI catcher catchers” that can encryption techniques by an application as it determine whether a mobile base station is communicates with other elements of the MFS
36 CENTER FOR FINANCIAL INCLUSION ecosystem can provide an attacker with the especially deploying IMSI catcher catchers means to break weak cryptography and expose and base station fingerprinting to identify sensitive information.141 fake base stations. Developers should check Within applications, lack of access control apps for data leakage and potential for amongst some applications provides an intrusion, and where market conditions allow, avenue for bad actors to modify financial Java-based applications should be used more data. Application availability is a measure of often as they are more intuitive and secure application design quality and security and if an than USSD menus. app does not perform robust input validation, One of the most important issues concerns then a bad actor can potentially perform attacks fixed liability when fraud occurs, which that may crash the application.142 providers now usually make consumers accept in their terms of conditions (T&Cs) as a binary Java-based MFS Apps Are More Secure precondition for using MFS. The T&Cs usually MFS transaction security can be solidified assign all liability to the consumer, and in case through the use of small feature phone-based of dispute, may raise the evidential burden of “applets” using the Java programming language. proof that customers need to clear to prove that Transaction and maintenance SMS messages they were not at fault in relation to loss of their are sent via SMS, which are encrypted with funds. For most MFS customers, and especially unique sets of encryption keys. The applets in the absence of neutral dispute mechanisms, mostly use bank-grade security, using this is an impossible burden. This usual encryption up to and exceeding Payment Card asymmetry in an MNO or service provider’s Industry Data Security Standard.143 T&Cs may however be affected and needs to be MNOs and service providers need to revised to reflect the fact that since exploits at implement risk management frameworks to an infrastructure and local base station level anticipate, prevent, resolve and mitigate the are known to exist, it cannot be taken as a effect of any intrusions into their systems, given then that any MFS losses should fasten and regulators need to revise and update totally onto the customer. their rules to ensure clarity about roles and Since it cannot be proven conclusively responsibilities. Specifically, MNOs and service at this stage that providers are effectively providers should assess the potential for impenetrable to intrusions that may lead to the stealth theft of funds or other financial customer loss, changes to T&Cs should instead implications due to external SS7 vulnerabilities, reflect the relative responsibilities in cases and should deploy hardware and software of technically-caused loss of MFS customer solutions that can filter rogue SS7 messages. funds. Similarly, any neutral dispute resolution All parties — MNOs, service providers, procedures and bodies should take this into commercial banks and regulators — should account when apportioning blame in case of collaborate in assessing and mitigating risks, financial loss in MFS.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 37 Competition Aspects of MFS Technology Access and Use
As the MFS ecosystem grows, key market of service issues relating to provision of these participants — MNOs, non-banks, technical services, which could negatively impact user aggregators and switches, agents and perceptions of service providers. banks — may have particular technology- For non-banks seeking to offer MFS, there related competition concerns relating to may be a competition bottleneck involving access and pricing for access channel services, access to payment infrastructures such as interoperability between MFS systems, payment switches. Access to the payments quality of service and access to big data sets. infrastructure may also be rendered While these issues may not actually breach uneconomical due to discriminatory pricing national anti-competition laws or regulations, (e.g., access to automated clearing houses that the ultimate effect may be more limited facilitate interoperable transactions between customer access to a growing array of MFS banks and non-banks or access to the national services at attractive prices. In all, the de facto ATM network). curtailing of access and effective use of critical infrastructure degrades global efforts towards Thin SIMs the achievement of full financial inclusion. While access to payment infrastructures Access to core MFS facilities, key bearer requires coordination with multiple parties, access channels and payment infrastructure some market participants are using new is often shadowed by competition-related methods to circumvent restricted or issues, due to the fact that access gatekeepers unfavorable STK and USSD access. Banks and may be controlled by entities that are often in non-banks have used “thin SIMs” (also known direct competition with the entities seeking as SIM overlay technology or “sticky SIMS”) access. In particular, even if access is made which are paper-thin plastic sheets embedded available to the necessary market participants, with a number of sticky contact points and a the business case for MFS can be made chip layered on top of a standard SIM card.145 unfeasible because of variable or uneconomical Despite their appearance, thin SIMs are wholesale access costs — a situation often full-featured SIMs which, when placed over referred to as foreclosure.144 a larger SIM, convert the handset into a dual- For third party service providers relying SIM phone, meaning that users can access on MNO communications channels, this services on both networks without physically gatekeeping or foreclosure often relates to the switching the cards.146 Users can switch technical access methods such as for USSD between networks either manually through and STK, the primary bearer services used the accompanying menu, or by inputting a for MFS access. A service provider’s inability specific short code to perform the selection. to secure one or more of these components The thin SIM listens for a specific short code, could render its ability to provide a service and if the short code belongs to a network using USSD or STK unobtainable or untenable, supported by the thin SIM, the traffic will including an inability to access USSD and STK- be directed to the alternate network which based short codes. There may also be quality can provide MFS access at cheaper USSD and
38 CENTER FOR FINANCIAL INCLUSION Since feature phones are likely to dominate MFS access for the foreseeable future, regulators should continue developing and maintaining policies on access to USSD and STK gateways at fair, reasonable and non-discriminatory terms.
STK rates. Thin SIMs work with basic phones, feature phones and smartphones. They are also MNO-agnostic, so they can work with any MNO EXHIBIT 25 operator independent of the underlying SIM Taisys-Manufactured Thin SIM card.147 Thin SIM technology is now used in a number of countries for MFS, but they are not yet widespread due to the relatively high cost of thin SIMs.148 For example:
••Kenya’s Equity Bank uses thin SIM technology for cheaper bearer services from the MNO Airtel for USSD and SMS access for the customers of its mobile virtual operator subsidiary, Equitel.149
••Yes Bank, India’s fifth largest private sector bank, launched a thin SIM payments solution for feature phones that installs a STK-based app linked to a prepaid wallet.150
••Chinese service provider F-road used thin SIM technology to expand access for over 15 million users from 1,300 banks in 27 provinces.151 A thin SIM is placed over the SIM from another MNO. Taisys manufactures There is anecdotal evidence to suggest that thin SIMs for Equitel and all of Equitel’s some regulators have applied regulatory MFS-related STK activity runs over forbearance over universal USSD access MNO Airtel.152 and pricing based on the narrative that smartphone apps and 3G/4G technologies will overtake USSD and other narrowband access Photo credit Taisys technologies. However, as emphasized here, feature phones are likely to dominate MFS access for the foreseeable future, using USSD, encrypted SMS and WAP. Regulators should continue developing and maintaining policies on access to USSD and STK gateways at fair, reasonable and non-discriminatory terms.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 39 ANNEX
Summary of Mobile Technologies and Their Use in MFS
TECHNOLOGY TYPE MOBILE TECHNOLOGY MOBILE DATA SPEEDS PRIMARY PHONES USED TYPICAL NETWORK TYPICAL PHONE GENERATION COVERAGE SCREEN SIZES
GSM, CSD 2G 9.6 kbps Basic National Small
GSM GPRS 2.5G < 115 kbps Basic; feature National Small; medium
GSM EDGE 2.75G < 237 kbps Basic; feature National Small; medium
GSM EDGE-Evolution 2.75G+ < 1.6 Mbps Basic; feature National Small; medium
UMTS W-CDMA 3G < 0.4 Mbps Smart Mostly urban, Large national roads
UMTS HSPA 3.5G < 14.4 Mbps Smart Mostly urban, Large national roads
HSPA+ 3.75G < 67.2 Mbps Smart Mostly urban Large
LTE 4G < 300 Mbps Smart Mostly urban Large
LTE Advanced 4G+ < 1000 Mbps Smart Mostly urban Large
GSM — Global System for Communication EDGE — Enhanced Data Rates HSPA — High Speed Packet Access CSD — Circuit-Switched Data UMTS — Universal Mobile Telecommunications System HSPA+ — Evolved High Speed Packet Access GPRS — General Packet Radio Service W-CDMA — Wideband Code-Division Multiple Access LTE — Long-Term Evolution
Source Leon Perlman, 2012
40 CENTER FOR FINANCIAL INCLUSION Summary of Mobile Technologies and Their Use in MFS (continued)
TECHNOLOGY TYPE RELATIVE USE IN MFS PRIMARY MFS ACCESS COST PHONE BATTERY USE TECHNICAL LITERACY USER INTERFACE REQUIRED
GSM, CSD Majority USSD; STK $-$$ Low Low
GSM GPRS Majority USSD; STK; WAP; Java $-$$ Low Medium
GSM EDGE Majority USSD; STK; WAP; Java $-$$ Low Medium
GSM EDGE-Evolution Majority USSD; STK; WAP; Java $-$$ Low Medium
UMTS W-CDMA Significant Apps $$$ High Medium
UMTS HSPA Significant Apps $$$ High Medium
HSPA+ Growing significant Apps $$$ High Medium
LTE Limited Apps $$$ Very high Medium
LTE Advanced Scarce Apps $$$ Very high Medium
GSM — Global System for Communication EDGE — Enhanced Data Rates HSPA — High Speed Packet Access CSD — Circuit-Switched Data UMTS — Universal Mobile Telecommunications System HSPA+ — Evolved High Speed Packet Access GPRS — General Packet Radio Service W-CDMA — Wideband Code-Division Multiple Access LTE — Long-Term Evolution
Source Leon Perlman, 2012
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 41 ANNEX Example Market-Level Regulatory and Industry Initiatives to Combat Fraudulent Devices
Asian, Middle Eastern, and African authorities Egypt: In 2010, the National Telecommunication are acting against fake devices and devices Regulatory Authority established the Central with reset IMEI numbers.153 Equipment Identity Register to curb fake and illegal handsets, combat handset theft and Azerbaijan: The Ministry of Communication address health and safety. As of December 2014, and Information Technologies has operated there were 3.5 million handsets with the fake its mobile devices registration system based IMEI code 13579024681122, 250,000 with cloned on the IMEI database since 2013, aimed at IMEIs, 500,000 with fake IMEIs, 350,000 with preventing the use of illegally imported an all-zero IMEI, and 100,000 without proper phones, phones with fake IMEI codes and lost IMEI codes.157 or stolen phones. All imported mobile devices must be registered within the first 30 days. Kenya: In 2011, the Communications Authority Over 13 million devices have been registered.154 (CA) issued a notice to all MNOs to phase out counterfeit handsets on their networks.158 Bangladesh: The government plans to shut Some 1.9 million counterfeit mobile phones down illegally imported and counterfeit were phased out after September 30, 2012. A mobile phones following the completion of handset verification system was established SIM registration under the new biometric SIM by the CA to enable subscribers to verify the registration system.155 validity of their phones through submitted IMEI numbers.159 In early 2017, the CA Colombia: In 2011, the Ministry of Information procured specialized equipment to trace and and Communication Technologies issued automatically block inter alia counterfeit and Decree 1630 to control the marketing and stolen phones.160 The CA will work with the sale of new and used devices and create two country’s Anti-Counterfeit Agency and Kenya centralized databases — a registry with the Bureau of Standards and the National Police IMEI numbers of devices reported stolen or lost Service to ensure national implementation.161 and a registry with a record of IMEI numbers of devices legally imported or manufactured in Malaysia: Syndicates selling fake Galaxy Note 5, the country, associated with the ID number of S7 and Galaxy Tabs have been shut down.162 the subscriber.156
42 CENTER FOR FINANCIAL INCLUSION Nepal: The Nepal Telecommunications Tanzania: As of June 2016, the Tanzania Authority established a register of IMEI Communication Regulatory Authority reported numbers of mobile devices, integrated 630,000 blocked counterfeit phones using a into MNO databases. It has also blocked GSMA database of fake IMEI numbers with unregistered numbers that fail to comply an estimate of nearly 2 million more to be with the new regulations within the blocked by the end of the year.169 mandated timeframe.163 UAE: Dubai police seized over 60,000 Nigeria: The Nigerian Telecommunications counterfeit iPhones, Samsung Galaxy and Commission indicates that about 250 million other phones in a two-week period in 2014. To fake or reset phones were sold in the country evade detection, the phones were smuggled in 2014.164 Nearly 10 percent of the phones into the UAE in pieces before being assembled. in the country are counterfeit or have been Each component is imported separately, even reset.165 In 2016, the Standards Organisation of brand stickers.170 More broadly, authorities have Nigeria (SON) began prosecuting individuals seized a large number of counterfeit mobile who sold fake and substandard mobile phones phones, mainly fake BlackBerrys.171 and accessories. Any phone not registered with the SON will be confiscated and offenders will Uganda: A study by the Uganda be prosecuted.166 Communications Commission has estimated that about 30 percent of Uganda’s Oman: The Telecommunications Regulatory approximately 17 million mobile phones are Authority launched an automated program Chinese-made counterfeits. The government enabling consumers to identify fake mobile loses about 15 billion Ugandan shillings (about devices. Buyers can send the 15-digit IMEI US$4.1 million) in tax revenue to counterfeit number on the product’s box to the number mobile phones.172 80566, and the system will verify if the phone is registered in the GSMA database.167 Supranational initiatives: There are initiatives to create a global system for the exchange of Pakistan: The Pakistan Telecommunication unique telecommunication and ICT device Authority (PTA) implemented a complex identifiers (in line with the International procedure for importers to get a no-objection Telecommunications Union’s TDC-14 certificate from the PTA to import Chinese- Resolution 79 and PP-14 Resolution COM 5/4).173 made handsets. This has perversely led The GSMA also maintains an international to an increase in fake handsets, while IMEI database which is accessible to network decreasing the import of Chinese-made operators, device manufacturers and qualified handsets by 40 percent.168 industry parties.174
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 43 Endnotes
1 GSM Association (GSMA), State of 9 STK allows MNOs and others to store 19 This means that calculations for the Industry Report on Mobile Money, easily-discoverable menus on SIM cards transaction costs can be dynamically Decade Edition: 2006–2016 (Executive as the user interface for MFS access. generated per transaction — for example, Summary), GSMA, 2017, www.gsma.com/ 10 IVR technology allows a computer to as a percentage of revenue. Other mobilefordevelopment/wp-content/ interact with humans through the use of methods such as STK or Java applets, uploads/2016/02/GSMA_Executive_ voice and DTMF tones input via keypad. which are store-and-forward Summary_PRINT-READY-VERSION.pdf. technologies, may not necessarily 11 On the effects of technical literacy on have those capabilities built in. 2 GSM Association (GSMA), State MFS use, see Grameen Foundation, Use of of the Industry Report on Mobile Money. Mobile Financial Services Among Poor Women 20 Grameen Foundation, Use of Mobile 3 Other technologies — such as QR in Rural India and the Philippines, 2013, www. Financial Services. codes, Bluetooth Low Energy, and gsma.com/mobilefordevelopment/wp- 21 USSD may sometimes be the secondary magnetic secure transmission — were content/uploads/2014/07/Use-of-Mobile- authentication mechanism in MFS. In considered, but were found not to be Financial-Services-Among-Poor-Women- some cases, the primary authentication suitable at present for mass use in in-Rural-India-and-the-Philippines.pdf. mechanism will be through an over-the- MFS-focused countries. 12 Feature phones include most of the top (OTT) smartphone application, using 4 See GSM Association, “History,” www. features of basic phones, augmented encrypted STK or cleartext (unencrypted) gsma.com/aboutus/history. See also, Leon by features such as Bluetooth, MMS, SMS-based access to a server, with Perlman, “Legal and Regulatory Aspects WAP capabilities, and in some cases network-initiated (push) USSD serving of Mobile Financial Services,” 2012; Leon 3G capabilities. as the second-factor authenticator; this requires the user to input the answer to Perlman, “Aspects of Legal and Regulatory 13 Depending on the context and Issues in Mobile Financial Services in a challenge question whose answer only jurisdiction, a service provider could they would know. the Developing World,” Proceedings of be a third party provider such as a bank, Mobile Money Conference at the Columbia a non-bank entity, a MFI, or a MNO. 22 These commands are standard for all Institute for Tele-Information, Columbia mobile equipment and defined by the Business School, November 5, 2010. 14 Cleartext means that the SMS European Telecommunications Standards data is unencrypted when transferred. Institute and 3GPP specifications. 5 A bearer service — or just bearer — is SMSs using STK and Java technologies a telecommunications term describing are encrypted. 23 This is a simple machine code that a service that allows transmission of converts the raw messages from the information signals between network 15 Contactless payment systems are software to application-level message. interfaces. USSD, SMS, and 3G networks credit cards and debit cards, key fobs, This requires a special STK gateway at can be considered bearer technologies smart cards, or other devices, including the MNO. used in mobile financial services. smartphones and other mobile devices that use radio frequency identification 24 STK as a technology can use USSD as a 6 Internet protocol (IP) is the principal or NFC technology for making payments. bearer, but some handset manufacturers communications protocol in the Internet Bluetooth is another emerging proximity have not adequately implemented STK protocol suite for relaying data. IP communications method, but does not support for USSD. In practice, STK will delivers packets from the source host yet have significant use in MFS. almost always use SMS as a bearer. to the destination host solely based on 25 Many new smartphones do not have the IP addresses in the packet headers. 16 “Pound” is also known as “hash” in some markets. the STK ‘translator’ installed, meaning 7 High speed packet access (HSPA) that services using STK-based menu is an amalgamation of two mobile 17 USSD is now in version 2 (v2). USSD items will not appear. This may impact protocols — high speed downlink packet version 1 (v1) — which is no longer in those using remote airtime transfer as a access (HSDPA) and high speed uplink primary use, but still supported by form of foreign remittance. For example, packet access (HSUPA) — that extends MNOs — has limited features compared see the NoSTK Android smartphone app, and improves the performance of 3G to v2, although handsets first issued in which caters to smartphones lacking mobile networks utilizing the WCDMA the 1990s that use USSD v1 only have long STK functionality (https://play.google. protocols. A further improved 3rd since been discontinued or have reached com/store/apps/details?id=appinventor. Generation Partnership Project (3GPP) their useable lifespan, and are unlikely to ai_tborja.NO_STK). be used. Supplementary (or ‘quick’) codes standard — evolved high speed packet 26 Photo credit: Information and access (also known as HSPA+) — was using USSD allow users to undertake basic programming of their MNO services and Communications for Development released late in 2008, with worldwide (IC4D) Blog, http://blogs.worldbank.org/ adoption beginning in 2010. features, for example, allowing them to forward a call to a number and toggle ic4d/mobile-services-game-changer- 8 LTE is based in part on UMTS/HSPA Caller Line ID (CLI) e.g., # 31 #. greater-good. network technologies. It increases the 18 Trevor Perrier, Brian DeRenzi, and 27 Photo credit: Afternoon Dispatch capacity and speed over UMTS/HSPA by and Courier, http://afternoondc.in/ using a different radio interface together Richard Anderson, “USSD: The Third Universal App,” Proceedings of the 2015 userfiles/13-9-11-SBI-MOBILE-BANKING- with core network improvements. LTE POSTER---Eng.jpg. was developed by the 3GPP and is ACM Symposium on Computing and specified in its Release 8 document series. Development (ACM DEV 2015), 2015, 28 Except if using a WAP link for http://bderenzi.com/Papers/perrier- application download, which requires dev2015.pdf. mobile data.
44 CENTER FOR FINANCIAL INCLUSION 29 This method is similar in principle to 35 Cong Wang, et al., “PriWhisper: 45 Regulators around the world are a smartphone app, but it runs on a less Enabling Keyless Secure Acoustic beginning to auction off or sell the sophisticated type of handset operating Communication for Smartphones,” released former analog TV frequencies, system. The minimum feature phone IEEE Internet of Things Journal, 2013, including the 700 MHz, 800 MHz, and requirement for Java applications is https://eprint.iacr.org/2013/581.pdf. 2,600 MHz ranges. South Africa is Mobile Information Device Profile 2.0 and 36 Rian Boden, “Ultracash launches auctioning off the 700 MHz, 800 MHz and Connected Limited Device Configuration sound-based mobile payment service in 2,600 MHz spectra. See Natasha Odendaal, 1.1 specification, 1 MB of RAM memory, Bangalore,” NFC World, October 13, 2015, “Icasa opens auction for long-awaited and 600 kb of phone storage. Many feature www.nfcworld.com/2015/10/13/338639/ spectrum,” Engineering News, July 15, 2016, phones will have sufficient storage for ultracash-launches-sound-based-mobile- www.engineeringnews.co.za/article/ this. MIDP is a specification published for payment-service-in-bangalore/. icasa-opens-auction-for-long-awaited- the use of Java on embedded devices such spectrum-2016-07-15. In India, the as mobile phones and PDAs. CLDC is a 37 The underlying concept of regulator tried to auction off the set of standards, libraries, and virtual- universal service is to ensure that 700 MHz spectrum, but had no bidders machine features that serve as the basis telecommunications services are because the reserve price was considered for APIs targeted at devices with very accessible to the widest number of people too high. See Sunil Jain, “Trai’s limited resources. A large number of (and communities) at affordable prices. arbitrary, and inexplicable, pricing to feature phones, as well as some embedded For global universal service obligations, blame for failure of 700MHz auction,” systems, fall under this category of device. see International Telecommunications The Financial Express, October 3, 2016, See Techopedia, “Connected Limited Union (ITU), Universal Service Fund and www.financialexpress.com/economy/ Device Configuration (CLDC),”Techopedia , Digital Inclusion for All Study, June 2013, trais-arbitrary-and-inexplicable- www.techopedia.com/definition/3340/ www.itu.int/en/ITU-D/Conferences/GSR/ pricing-to-blame-for-failure-of-700mhz- connected-limited-device-configuration- Documents/ITU%20USF%20Final%20 auction/403649/. Similar auctions are cldc-java. Report.pdf. also taking place in East Africa. 30 As with the sideloading installation 38 Cartesian, “Mobile Platform Access for 46 Some markets already have phones method, on installation and on use, the USSD-based Applications (MPA-USSD) compatible with the 450 MHz frequency application on the handset will undertake (Market Assessment),” January 30, 2015, spectrum. The 450 MHz frequency band internal ‘fingerprinting,’ a self-check to www.ucc.co.ug/files/downloads/SMP_ is being used by some 115 operators in 60 ensure that the application has not been Report_Mobile_Platform_Access_USSD_ countries, primarily in Latin America and tampered with and is not ‘leaking’ data April%202015.pdf. the Caribbean and with CDMA networks. to fraudsters. A similar fingerprinting 39 3G will refer to representative coverage See Steve Costello, “LTE 450 MHz: taking confirmation is done with the server on providing broadband speeds, including the road less travelled,” Mobile World Live, every transaction. (but not technically) HSPA and 4G LTE. See April 27, 2015, www.mobileworldlive.com/ 31 Zero-rating of the data cost of an Annex A for mobile phone technologies. featured-content/home-banner/ lte-450mhz-taking-road-less-travelled. application download and/or its use 40 Ubiquitous 3G and/or 4G coverage on a mobile network is an emerging in the developed world is of course also 47 Again, this coverage may be trend worldwide. The small data cost not a given. limited if spectrum costs are too high. can be reverse-billed, so that the MFS Spectrum frequencies may be allocated service provider is charged by the MNO 41 Smartphone coverage is usually through a beauty contest, or through for the data required for the customer’s associated with urban areas, where a spectrum auction facilitated by the download. See Anne Morris, “Report: 45% there may be more disposable income government and/or national regulator. of operators now offer at least one zero- for the purchase of smartphones and In some circumstances, the new LTE-U rated app,” FierceWireless, July 15, 2014, affordability for data plans. specification may assist in augmenting www.fiercewireless.com/europe/story/ 42 Although 900 and 2100 MHz are the LTE 4G coverage. report-45-operators-now-offer-least-one- plurality of GSM-based system frequency 48 For example, the National Payments zero-rated-app/2014-07-15. use, they differ in North America and Corporation of India has planned for 32 For example, a biller can be added parts of Latin America and the Caribbean. feature phones and USSD to be the to the applet menu by sending just one 43 Facebook, State of Connectivity, 2016. primary access mechanisms to MFS. See encrypted SMS to the handset instead of 44 Again, this coverage may be limited if Chaitanya Gudipaty, “Move to cashless multiple SMSs to update the entire applet. spectrum costs are too high. Spectrum society to be driven by feature phones: 33 Except if using a WAP link frequencies may be allocated through Hota,” Moneycontrol.com, December 4, 2016, for application download, which a so-called ‘beauty contest,’ or through www.moneycontrol.com/news/economy/ requires data. a spectrum auction facilitated by the move-to-cashless-society-to-be-driven- by-feature-phones-hota_8056361.html. 34 Of course, this locks the service government and/or national regulator. provider using the acoustic technology 49 Gu Zhang, “From feature phones into the vendor platform. NSDT is the to smartphones, the road ahead,” trade name for the acoustic access service GSMA Intelligence, July 30, 2015, www. offered by Tagpay. For more information, gsmaintelligence.com/research/2015/01/ visit www.tagpay.fr. from-feature-phones-to-smartphones- the-road-ahead/456/. Similarly, in Africa, nearly 70 percent of identified users use feature phones (Millicom, in discussion with the author, 2015).
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 45 50 The basic or low-end appellation is 59 Darryl Linington, “Smartphone adoption 74 Author in situ research in Bangladesh, a throwback to the early days of the is accelerating as device costs decline in Colombia, El Salvador; India, Indonesia, emergence of GSM mobile technology, Africa,” IT News Africa, October 8, 2015, Jordan, Malawi, South Africa, Uganda, and where only basic functionality — such www.itnewsafrica.com/2015/10/ Tanzania; see also Ebay.com.in, Amazon. as call functions, SMS, USSD version 1 smartphone-adoption-is-accelerating- com, and Alibaba.com. Retail prices vary functionality, and a phonebook — were as-device-costs-decline-in-africa/; GSM because of local taxes and import tariffs needed (and available) to communicate. Association (GSMA), “History.” imposed by authorities. Some basic devices though could receive 60 The promise, however, of carrier 75 Net neutrality relates to the non- value added services such as ringtones subsidies for devices, increased 3G restrictive and identical access pricing via over-the-air installation. coverage as part of universal service and parameters to third party over-the- 51 The Hindu Business Line, “Feature obligations of MNOs, and lower data top (OTT) apps by telecommunications phones may see price rise on supply costs. Prices for smartphones (and other providers, usually over IP-based networks. concerns,” The Hindu Business Line, phone types) and access may, however, 76 The percentage of smartphones using July 3, 2016, www.thehindubusinessline. be affected by the increased tendency Windows Mobile, iOS, BlackBerry, Tizen, com/info-tech/feature-phones-may- by some regulators to tax mobile phone and Firefox is far less than Android. see-price-rise-on-supply-concerns/ imports and mobile phone airtime. Google, which owns Android OS, does not article8803900.ece; Chaitanya Gudipaty, 61 Photo credit: Leon Perlman. charge a licensing fee for its Android OS, “Move to cashless society.” 62 Random access memory is not but there reportedly may be other costs 52 Gu Zhang, “From feature phones to used for data storage but for running to manufacturers for using components smartphones.” applications. The more RAM available of Google’s software portfolio or for 53 See Jacob Poushter, “Smartphone on a device, the more space there testing this software. See Charles Arthur Ownership and Internet Usage Continues is to process applications, and therefore, and Samuel Gibbs, “The Hidden Costs of to Climb in Emerging Economies,” Pew the applications run much faster Building an Android Device,” The Guardian, Research Center, February 22, 2016, www. and smoother. January 23, 2014, www.theguardian.com/ pewglobal.org/2016/02/22/smartphone- technology/2014/jan/23/how-google- 63 Gu Zhang, “From Feature Phones to controls-androids-open-source. ownership-and-internet-usage-continues- Smartphones.” to-climb-in-emerging-economies/. 77 For an excellent overview of design 64 This time frame may differ from principles for smartphone user interfaces 54 That is, devices have two SIM market to market, but within Sub-Saharan card slots. (UIs) that engage customers while Africa, the Indian subcontinent, and Latin also reducing required bandwidth for 55 In Sub-Saharan Africa and the Middle America and the Caribbean, USSD is likely executing MFS transactions, see Gregory East: Tecno, Itel, Mi-Phone, Torque, to dominate until at least 2020. Chen, Alexandra Fiorillo, and Michele Gionee, Prestigio, Xiaomi, Viettel. Hisense, 65 See also, Gu Zhang, “From feature Hanouch, “Smartphones & Mobile Money: AG; in Asia: Torque, Gionee, Viettel. phones to smartphones.” Principles for UI/UX Design (1.0),” CGAP, Hisense, Symphony, Prestigio, Micromax, October 5, 2016, www.slideshare.net/ Yezz, Oneplus, Plum, TC, Oppo, Vivo, 66 Near Field Communication is a CGAP/smartphones-mobile-money- Meizu, Doogee; in Latin America and contactless payment and access principles-for-uiux-design-10. the Caribbean: Blu, Xiaomi, Prestigio, technology available in many higher-end Doogee, Maxwest. smartphones. Basic and feature phone use 78 Grameen Foundation, Use of Mobile is possible with NFC ‘stickers.’ Financial Services. 56 It has been estimated that there are over 250,000 active patents 67 Ian Fuller, Nokia Mobile Phone, Flickr, 79 See Gregory Chen, Alexandra Fiorillo, involved in the manufacture of a single December, 30, 2005, https://flic.kr/p/83eiD. and Michele Hanouch, “Smartphones & Mobile Money.” smartphone. Mike Masnick, “There 68 IndIa7 Network, Nokia 220, Flickr, are 250,000 Active Patents that Impact April 24, 2014, https://flic.kr/p/ngYWnd. 80 Ann Armstrong, Joseph J. Mueller, Smartphones,” Techdirt, October 18, 2012, and Timothy D. Syrett, “The Smartphone www.techdirt.com/blog/innovation/ 69 That is, these devices have two Royalty Stack: Surveying Royalty articles/20121017/10480520734/there- SIM card slots. Demands for the Components are-250000-active-patents-that-impact- 70 These are usually standalone Within Modern Smartphones,” 2014, smartphones-representing-one-six- applications that do not necessarily www.wilmerhale.com/uploadedFiles/ active-patents-today.shtml. In addition, integrate with other features of the phone. Shared_Content/Editorial/Publications/ as many standards-essential patents are 71 J2ME (Java 2 Platform, Micro Edition) Documents/The-Smartphone-Royalty- required to have fair, reasonable and non- is a technology developed by Oracle that Stack-Armstrong-Mueller-Syrett.pdf. discriminatory licensing, there is an arms allows programmers to use the Java 81 See Keith Mallinson, “Cumulative race to license and purchase evolving programming language and related tools Mobile-SEP Royalty Payments no More smartphone technology patents. See Juro to develop programs for mobile wireless than Around 5% of Mobile Handset Osawa, “China Smartphone Makers Snap information devices, such as basic and Revenues,” IP finance, August 19, 2015, Up Patents in Fight for Market Dominance,” feature phones. www.ip.finance/2015/08/cumulative- Wall Street Journal, June 20, 2016, www.wsj. mobile-sep-royalty-payments.html. com/articles/china-smartphone-makers- 72 MRE is implemented by SOC enlisting-patents-in-fight-for-market- manufacturer Mediatek. 82 3G handsets invariably also require dominance-1466428889. 73 Gu Zhang, “From feature phones higher-capacity batteries, and larger to smartphones;” Linda Sui, “Android and more power-hungry touch screen 57 For example, Nokia, Siemens, displays, another incremental cost. BlackBerry, NEC, Haier, Alcatel, Sagem, Captures Record 88 Percent Share of Samsung, LG, and Sony-Ericsson. Many Global Smartphone Shipments in Q3 2016,” 83 See Android Developers, “Backwards of these brands still exist to some extent, Strategy Analytics, November 2, 2016, Compatibility,” 2016, https://developer. but usually only through the licensing of www.strategyanalytics.com/ android.com/design/patterns/ the brand names by Asian mobile phone strategy-analytics/news/strategy- compatibility.html. manufacturers. Alcatel, for example, is analytics-press-releases/strategy- 84 An image of the operating manufactured by TCL. analytics-press-release/2016/11/02/ system is usually factory-installed strategy-analytics-android-captures- on the smartphone. 58 See Statista, “Smartphone shipments’ record-88-percent-share-of-global- share worldwide by vendor from smartphone-shipments-in-q3-2016#. 85 Photo credit: Leon Perlman. 1Q’15 to 4Q’16,” Statista, 2017, www. WLmhNfkrJAm. statista.com/statistics/632249/global- smartphone-market-share-by-vendor/. See also Tim Green, “10 Chinese Phone Makers Transforming the Industry,” Hot Topics, 2015, www.hottopics.ht/stories/ consumer/10-chinese-phone-makers-to- your-pocket/.
46 CENTER FOR FINANCIAL INCLUSION 86 Bonnie Cha, “Smartphones Unlocked: 95 Spreadtrum’s WRE (Windows Runtime 102 Neil J. Rubenking, “Counterfeit Understanding processors,” CNET, Environment) is a middleware platform Phones are Full of Surprising Dangers,” August 8, 2011, www.cnet.com/news/ for mid-tier devices like feature phones. PC Magazine, October 24, 2015, http://au. smartphones-unlocked-understanding- See Justin Springham, “Spreadtrum and pcmag.com/software/39360/feature/ processors/. Sohu.com partner for feature phone app counterfeit-phones-are-full-of-surprising- 87 Chris Smith, “How it Works: Systems store,” Mobile World Live, November 4, 2011, dangers; GSM Association (GSMA), on a Chip (SoC),” Android Authority, www.mobileworldlive.com/apps/news- “Beware of sub-standard mobile phone June 8, 2012, www.androidauthority. apps/spreadtrum-and-sohucom-partner- batteries and chargers,” 2013, www. com/how-it-works-systems-on-a-chip- for-feature-phone-app-store/. gsma.com/publicpolicy/beware-of-sub- soc-93587/. 96 In June 2016, Microsoft sold the standard-mobile-phone-batteries-and- series as part of its feature phone chargers; Jeremy Blum, “‘Fake’ iPhone 88 Mediatek is now Qualcomm’s largest charger cited in electrocution death competitor in smartphone SOCs. As of sale to HMD Global, after which HMD discontinued the series. See BBC News, probe,” South China Morning Post, June November 2014, over 1,500 mobile models 16, 2013, www.scmp.com/news/china/ accounting for 700 million units were “Microsoft sells Nokia feature phones business,” May 18, 2016, www.bbc.com/ article/1283818/woman-electrocuted- shipped globally in 2014, using MediaTek while-answering-iphone-may-have-been- chips. See Tim Green, “Mediatek: cheap, news/technology-36320329. Taiwanese firm Foxconn is taking ownership using-fake. However, even the Samsung S7 super fast processors will change Galaxy Note 7 battery has been known to the smartphone market forever,” Hot of a Microsoft feature phone factory in Hanoi, while Nokia has licensed the explode, leading to a massive worldwide Topics, 2014, www.hottopics.ht/stories/ recall and discontinuation of the model. consumer/get-ready-for-super-mid- brand to another Finnish firm started by former employees. See Australian Broadcasting Company market-smartphone-revolution/. (ABC), “Samsung recalls Galaxy Note7 89 Analysis of Samsung Galaxy 97 It will also discontinue support for smartphones after exploding battery Smartphone production costs. Data BlackBerry, Windows Phone 7.1, iPhone reports,” ABC, September 5, 2016, www. derived from Scott Adam Gordon, “Guess 3GS/iOS 6, Android 2.1 and Android 2.2. abc.net.au/news/2016-09-06/samsung- how Much.” Cost breakdown may be WhatsApp, “WhatsApp support for mobile recalls-galaxy-note7-smartphones-over- different for non-marquee brands, but devices,” 2016, https://blog.whatsapp. explosion-risk/7817674. are relatively the same in proportion. com/10000617/WhatsApp-support-for- mobile-devices. 103 Higher capacity is clearly better, but 90 Linda Sui, “Android Captures Record.” given current battery technologies, may 98 Deccan Chronicle, “WhatsApp will stop increase the phone’s size. 91 Most processors, though, are based working on many phones end of 2016; on reference designs from Advanced which one do you have” Deccan Chronicle, 104 This ability to change the technology RISC Machines (ARM). The new Mediatek July 14, 2016, www.deccanchronicle.com/ access method is usually through an MT6595 chip, for example, is based on the technology/mobiles-and-tabs/140716/ accessible setting in the phone’s menu. ARM ‘big.LITTLE’ architecture, with four whatsapp-will-stop-working-on-many- 105 See, for example, a report on technical high-performance Cortex-A17 and four phones-end-of-2016-which-one-do-you- literacy in India and the Philippines, energy efficient Cortex-A7 processors. An have.html. detailing why many users do not use ARM processor is one of a family of CPUs 99 There are variants to Android, such non-voice services on handsets: Grameen based on the RISC (reduced instruction Foundation, Use of Mobile Financial Services. set computer) architecture developed by as MIUI (Mi User Interface) from Chinese Advanced RISC Machines. RISC processors mobile phone manufacturer Xiaomi. 106 See generally, David Nield, “Gadget are designed to perform a smaller number In addition, from 2015, most BlackBerry tech explained: AMOLED vs. IPS of types of computer instructions so devices use the Android operating displays,” New Atlas, September 1, 2015, that they can operate at a higher speed, system. The last BlackBerry OS-based http://newatlas.com/amoled-vs-ips- performing millions of instructions device is the BlackBerry Classic, released display-technology/39196/. per second. See Margaret Rouse, “ARM in early 2015. It should also be noted 107 There are also older nickel metal processor,” WhatIs.com, January 2015, that Tizen is a Linux-based operating hydride batteries, replacing NiCad types. http://whatis.techtarget.com/definition/ system. Most of Tizen-based smartphones They do not hold as much charge as and ARM-processor. are manufactured by Samsung, for are not as light as lithium-based batteries, example, the Samsung Z1, Z2 and the 92 The only dual core feature phone and suffer from memory effect. They are Z3. In addition, the operating system seldom found in newer phone generations. currently on the market is the Samsung is an evolved continuation of the Linux Xcover B550H. Also, The MediaTek MT6595 MeeGo operating system previously 108 They are not prone to a battery SOC, for example, includes four high- developed by alliance of Nokia and chemistry artefact known as ‘memory performance and four energy efficient Intel, which itself relies on Maemo. effect,’ which simply means that the processors, LTE radios with worldwide See https://sailfishos.org/. battery will not lose capacity if it isn’t frequencies compatibility, and a 2560 x completely discharged when used. 1600 (WQXGA) display controller and a 100 This is most often dynamic random However, they tend to be more flammable 20-megapixel image signal-processor for access memory (DRAM). The flash and prone to internal short-circuits, high-quality smartphone digital camera memory can either be a removable Secure overcharging, or other malfunctions that applications, alongside WiFi, BLE and GPS. Digital (SD) memory card or an integrated can result in fires or explosive release of component of the device. 93 Scott Adam Gordon, “Guess how gases. Battery University, “Is Lithium- Much it really Costs to make a 101 Evan Dashevsky, “Why Cell ion the Ideal Battery?,” Battery University, Smartphone,” Android Pit, February 20, 2015, Phone Batteries Sometimes Explode http://batteryuniversity.com/learn/ www.androidpit.com/how-much-does- (And How to Avoid It),” PC Magazine, archive/is_lithium_ion_the_ideal_battery. it-cost-to-make-a-smartphone. September 17, 2015, www.pcmag.com/ 109 See further, Rasmus Larsen, article2/0,2817,2491375,00.asp. 94 This includes Mediatek’s Feature Phone “Touch technology in smartphones Runtime Environment (MRE), which explained,” FlatpanelsHD, September allows third party apps to be installed 19, 2012, www.flatpanelshd.com/focus. on compatible devices. Also, Nokia php?subaction=showfull&id=1348049303. Series 30+ is a feature phone operating 110 Gu Zhang, “From Feature Phones system from MediaTek that has been to Smartphones.” used in Nokia-branded mobile devices. It, however, is not the same the older Nokia S30 or S40 platforms. S30+ does not support J2ME applications. It can use built- in applications such as the Opera Mini browser, Bing Search and Skype-like chat.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 47 111 There is now also super LCD used 120 Jeremy Millard, et al., Study on 131 An IMSI is the serial number of the in some smartphone displays. Super internationalisation and fragmentation of subscriber SIM card. The IMSI is sent LCD differs from a regular LCD in that value chains and security of supply, European as rarely as possible, to avoid it being it does not have an air gap between the Commission, February 17, 2012, http://ec. identified and tracked. Instead, the outer glass and the display element, europa.eu/DocsRoom/documents/393/ temporary mobile subscriber identity which produces less glare, lower power attachments/1/translations/en/ is the identity that is most commonly consumption, and improved outdoor renditions/pdf. sent between the mobile phone and visibility. Some manufactures are using 121 Neil J. Rubenking, “Counterfeit the MNO, and is randomly assigned. SLCD because of the expense and lack Phones.” An attacker, for example, would send of production capacity of AMOLED a specific ‘update location’ request displays. Super LCD has been succeeded 122 OECD/EUIPO, Trade in Counterfeit and message directly to the customer’s MNO by the newer super LCD2 displays. See Pirated Goods: Mapping the Economic Impact, via SS7. See Cellusys, SS7 Vulnerabilities, MobileBurn, What is “Super LCD”?,” OECD, April 18, 2016, www.oecd.org/gov/ 2016, www.cellusys.com/thank-you/ss7- MobileBurn.com, www.mobileburn.com/ risk/trade-in-counterfeit-and-pirated- vulnerabilities/?source=Ibn. goods-9789264252653-en.htm. definition.jsp?term=S-LCD. See further, 132 See, for example, the massive Liane Cassavoy, “What is TFT-LCD? 123 The model is specified in the IMEI breach of the supposedly secure instant Definition of TFT-LCD,” Lifewire, October number through a type allocation code messaging application, Telegram, by 31, 2016, http://cellphones.about.com/od/ (TAC), the initial eight-digit portion of hackers. Vulnerability in Telegram’s and phoneglossary/g/What-Is-Tft-Lcd.htm. the 15-digit IMEI codes used to uniquely other apps using one-time passwords 112 Liane Cassavoy, “What is an IPS-LCD? identify phones. The TAC identifies a via SMS lies in their use of one-time Definition of IPS-LCD,” Lifewire, October 31, particular model (and often revision) passwords via cleartext SMS text 2016, http://cellphones.about.com/od/ of the handset. If the TAC does not messages to activate new devices. When phoneglossary/g/What-Is-An-Ips-Lcd.htm. correspond to the code for a specific users want to log on to Telegram from model, then the MNO or service provider a new phone, the company sends them 113 There are variants many of AMOLED, cannot determine what type of handset usually named by the manufacturer. For authorization codes via SMS, which can be is being used, it may not be able to send intercepted. With these codes hackers can example, there is active matrix versus the correct over-the-air configuration passive matrix AMOLED. With passive add new devices to a person’s account, and/or update settings to the handset. enabling them to read chat histories AMOLED, a complex grid system is used to It’s also worth noting that with control individual pixels, where integrated as well as new messages. See Joseph blacklisting, the MNO will block a phone Menn and Yeganeh Torbati, “Exclusive: circuits control a charge sent down each on its stolen phone database from being column or row. Super AMOLED is a term Hackers accessed Telegram messaging able to operate on its network. With gray accounts in Iran,” Reuters, August 2, 2016, for an AMOLED display with an integrated listing, the MNO will monitor the use of digitizer: the layer that detects touch is www.reuters.com/article/us-iran-cyber- the phone, with a view to catching the telegram-exclusive-idUSKCN10D1AM. For integrated into the screen, rather than holder of the stolen phone. overlaid on top of it. This makes the more data on interception of messages screen lighter and thinner. See also OLED- 124 Data supplied by Tigo. This lacuna is by an attacker, see Tobias Engel, SS7: Info, “Super AMOLED: Introduction and largely due to the fake/reset IMEI numbers Locate. Track. Manipulate, 2014, http://berlin. Basics,” OLED-Info, www.oled-info.com/ that prevent proper identification of the ccc.de/~tobias/31c3-ss7-locate-track- super-amoled. device characteristics. manipulate.pdf. 114 Gu Zhang, “From feature phones to 125 For more on security aspects of 133 See Paul A. Grassi, et al., NIST smartphones;” David Hsieh, “Low-End mobile networks and MFS and the risks Special Publication 800–63B Digital Identity Smartphone and Feature Phone therein, see Leon Perlman, “Legal and Guidelines: Authentication and Lifecycle Display Shortage Driving Up Prices and Regulatory Aspects.” Management (Draft), National Institute of Standards and Technology (NIST), U.S. Shipments,” IHS Markit, February 3, 2016, 126 The ability to send SS7 messages http://blog.ihs.com/low-end-smartphone- Department of Commerce, https://pages. is called global title, which is usually nist.gov/800-63-3/sp800-63b.html. and-feature-phone-display-shortage- the purview of fixed line and mobile driving-up-price-and-shipments. telecommunications licensees. However, 134 Jaikumar Vijayan, “Researchers 115 Photo credit: Leon Perlman. many licensees allow third parties to use PC to crack encryption for next-gen use their global title, for example, to send GSM networks,” Computerworld, January 116 Radiation output is measured bulk SMSs via a MNO’s SMS center. 14, 2010, www.computerworld.com/ as specific absorption rates. Lower article/2522701/security0/researchers- rates are better. 127 See Larry Loeb, “SS7 Vulnerability use-pc-to-crack-encryption-for-next- Isn’t a Flaw–It Was Designed That gen-gsm-networks.html. 117 Catalin Cimpanu, “24 Chinese Android Way,” SecurityIntelligence, April 16, 2016, Smartphone Models Come with Pre- https://securityintelligence.com/ss7- 135 Shaun Swingler, “Meet The Grabber: Installed Malware,” Softpedia, September 4, vulnerability-isnt-a-flaw-it-was-designed- How government and criminals can spy 2015, http://news.softpedia.com/news/24- that-way/. on you (and how to protect yourself),” chinese-android-smartphones-models- Daily Maverick, September 1, 2016, come-with-pre-installed-malware-490930. 128 Data based on Leon Perlman, www.dailymaverick.co.za/article/2016- shtml#ixzz4KAgwE0WC. “Legal and Regulatory Aspects.” 09-01-meet-the-grabber-how-government- 118 The IMEI code style must correspond 129 See further, Dmitry Kurbatov, and-criminals-can-spy-on-you-and-how- to the code specified by the GSMA “Statistics of Vulnerabilities in SS7 to-protect-yourself/. document DG06 (TW.06)–IMEI Allocation Networks and Ways to Make Them 136 See Leon Perlman (ITU-T Focus and Approval Guidelines. See GSM Secure,” Proceedings of the ITU Group on Digital Financial Services), Association (GSMA), “IMEI Allocation and Workshop of “SS7 Security,” International Competition Aspects of Digital Financial Approval Guidelines,” GSMA, July 29, 2011, Telecommunications Union (ITU), June 29, 2016, Services (Focus Group Technical Report), www.gsma.com/newsroom/wp-content/ www.itu.int/en/ITU-T/Workshops-and- International Telecommunications Union uploads/2012/06/TS.06-v6.0.pdf. Seminars/201606/Documents/Abstracts_ (ITU), March 2017, www.itu.int/en/ITU-T/ and_Presentations/S2P2_Dmitry_ focusgroups/dfs/Documents/201703/ 119 In Bangladesh, for example, a popular Kurbatov.pdf. fraud is to encase a fake BlackBerry ITU_FGDFS_Report-Competition-Aspects- with an original BlackBerry casing. For 130 Dmitry Kurbatov, “Statistics of of-DFS.pdf. further understanding on counterfeit Vulnerabilities.” 137 Dabrowski, et al., “IMSI-Catch Me phones see Mobile Manufacturers Forum If You Can: IMSI-Catcher-Catchers,” (MMF), “Counterfeit and Substandard Proceedings of the 2014 Annual Computer Mobile Phones: A Resource Guide for Security Applications Conference Governments,” www.itu.int/en/ITU- (ACSAC), www.sba-research.org/ T/C-I/Documents/WSHP_counterfeit/ wp-content/uploads/publications/ Contributions/Contribution-001-MMF.pdf. DabrowskiEtAl-IMSI-Catcher-Catcher- ACSAC2014.pdf.
48 CENTER FOR FINANCIAL INCLUSION 138 See Kevin Butler, et al. (ITU-T Focus 147 It also has a patented secure, 161 Implementation of the system was, Group on Digital Financial Services), encrypted SMS technology. however, halted by court order. See Security Aspects of Digital Financial Services 148 See Michele Hanouch and Greg Rachael Mburu, “Blow to Communications (DFS) (Focus Group Technical Report), Chen, “Promoting Competition in Authority as court suspends deployment International Telecommunications Union Mobile Payments: The Role of USSD,” of ‘spyware,’” Capital News, February 20, (ITU), January 2017, www.itu.int/en/ITU-T/ CGAP, February 2015, www.cgap.org/ 2017, www.capitalfm.co.ke/news/2017/02/ studygroups/2017-2020/09/Documents/ publications/promoting-competition- blow-to-communications-authority-as- ITU_FGDFS_SecurityReport.pdf. mobile-payments-role-ussd. court-suspends-deployment-of-spyware/. 139 See also Lynn M. Batten, Veelasha 149 In the case of Equitel in Kenya, use 162 Bernama, “Cops Expose Gang Selling Moonsamy, and Moutaz Alazab, of the shortcode *247# will divert the Fake Samsung H-Phones In S’wak,” “Smartphone Applications, Malware and session to use the Airtel network. See Free Malaysia Today, June 23, 2016, Data Theft,” Computational Intelligence, Equitel, “Get Activated,” 2016, www. www.freemalaysiatoday.com/category/ Cyber Security and Computational Models, equitel.com/my-phone/get-activated. nation/2016/06/23/cops-expose-gang- December 19, 2015, https://link.springer. selling-fake-samsung-h-phones-in-swak/. com/chapter/10.1007/978-981-10-0251-9_2. 150 Sneha Jha, “Yes Bank to launch SIM sleeve payments solution for feature 163 Prahlad Rijal, “NTA’s IMEI Registration 140 A study of smartphone-based phones,” ETCIO.com, April 12, 2016, Plan Set to Face Delays,” Kathmandu Post, systems found that some applications http://cio.economictimes.indiatimes.com/ May 8, 2016, http://kathmandupost. are vulnerable due to the lack of PIN news/mobility/yes-bank-to-launch-sim- ekantipur.com/news/2016-05-08/ authentication prior to performing sleeve-payments-solution-for-feature- ntas-imei-registration-plan-set-to-face- sensitive operations such as acquiring phones/51780748. The transactions delays.html. financial balance information or paying currently offered are P2P fund transfers, 164 Metronaija, “250 Million Fake Phones bills. On mobile banking, mobile money, person-to-account (P2A) fund transfers Sold In Nigeria Yearly — NCC,” Nairaland and mobile payment app security, see using NEFT and IMPS, balance checking, Forum, September 11, 2015, www. Kyle Butler, et al., “Mo(bile) Money, payments to merchant for small and large nairaland.com/2591713/250-million-fake- Mo(bile) Problems: Analysis of Branchless value purchases and payment of bills; top- phones-sold. Banking Applications in the Developing ups, and recharges. World,” Proceedings of the USENIX 165 Franklin Alli, “Telecom companies Security Symposium (SECURITY), 2015, 151 It handles more than 5 billion RMB to switch-off fake phones from www.cise.ufl.edu/~traynor/papers/reaves- daily transactions. See CGAP Microfinance networks — SON,” Vanguard, August 8, 2014, usenix15a.pdf. Gateway, “Shanghai F-road Wins 1st Prize www.vanguardngr.com/2014/08/ in Wall Street Journal’s Financial Inclusion telecom-companies-switch-fake-phones- 141 The GSM encryption is known to be Challenge,” CGAP, February 3, 2016, networks-son/. vulnerable to attack. See GSM Association www.microfinancegateway.org/ 166 Anna Okon, “SON to Prosecute (GSMA), “Security Algorithms,” GSMA, announcement/shanghai-f-road-wins- www.gsma.com/aboutus/leadership/ Substandard Phone Sellers,” The Punch, 1st-prize-wall-street-journals-financial- May 26, 2016, http://punchng.com/son- committees-and-groups/working-groups/ inclusion-challenge. fraud-security-group/security-algorithms. prosecute-substandard-phone-sellers/. 152 Photo credit: Taisys, www.taisys. 167 Erik Prins, “Oman launches 142 Kyle Butler, et al., “Mo(bile) Money;” com/solution. Kevin Butler, et al. (ITU-T Focus Group programme for identifying fake mobile on Digital Financial Services), “Security 153 Joackim Bwana, “Sh5.2m Fake devices,” Times of Oman, April 13, 2016, Aspects of Digital Financial Services (DFS) Samsung phones Seized in Mombasa,” The http://timesofoman.com/article/81469/ (Focus Group Technical Report).” Standard, July 2, 2016, www.standardmedia. Oman/Government/Oman-launches- co.ke/article/2000207238/sh5-2m-fake- programme-for-identifying-fake- 143 Payment card industry data security samsung-phones-seized-in-mombasa. mobile-devices. standard (PCI DSS) is a proprietary information security standard for 154 Dmytro Protsenko, “Regulatory 168 Abrar Hamza, “Import of Chinese organizations that handle branded credit Procedures and Solutions for Protecting mobile phones drops by 40%,” Daily Times, cards from the major card schemes the Market Against Counterfeit/ May 24, 2016, http://dailytimes.com.pk/ including Visa, MasterCard, American Substandard Terminal Equipment business/24-May-16/import-of-chinese- Express, Discover and JCB. in Ukraine,” Proceedings of ITU mobile-phones-drops-by-40. Conference on Combating Counterfeit 169 BBC News, Tanzania ‘Cuts Off 630,000’ 144 This could be the result, for example, and Substandard ICT Devices, November of the abuse of a market participant Fake Phones, June 17, 2016, www.bbc.com/ 17-18, 2014, www.itu.int/en/ITU- news/world-africa-36558056. who has what is termed significant T/C-I/Documents/WSHP_counterfeit/ market power. The OECD says an MNO Presentations%20and%20Abstracts/S1P1- 170 Dana Moukhallati, “60,000 Fake is presumed to have significant market Dmytro-Protsenko.ppt. Phones Seized in Dubai since Start of power if it has more than 25 percent of August,” The National, August 25, 2014, a telecommunications market in the 155 Staff Reporter, “Illegal, Fake Mobile www.thenational.ae/uae/courts/60000- geographic area in which it is allowed to Phones Will Be Shut Down: Tarana,” fake-phones-seized-in-dubai-since-start- operate. See OECD, “Significant Market NewsBangladesh.com, January 26, 2016, of-august. Power (SMP),” OECD Glossary of Statistical www.newsbangladesh.com/english/ Terms, https://stats.oecd.org/glossary/ details/10989. 171 Afkar Abdullah, “Fake Mobile Market detail.asp?ID=6755. See also, Leon (ITU-T Thrives in Ajman and Sharjah,” Khaleej 156 Dmytro Protsenko, “Regulatory Times, July 8, 2016, www.khaleejtimes. Focus Group on Digital Financial Services), Procedures.” Competition Aspects of Digital Financial com/nation/sharjah/fake-mobile-market- Services (Focus Group Technical Report). 157 Dmytro Protsenko, “Regulatory thrives-in-ajman-and-sharjah. Procedures.” 145 The technology was developed in 172 Dmytro Protsenko, “Regulatory China by Shanghai-based tech company 158 The Communications Authority was Procedures.” F-Road in 2005, primarily as a mobile previously known as the Communications 173 International Telecommunications phone solution to support multi-operator Commission of Kenya. Union (ITU), “Resolution 79: The role access, designed to avoid roaming fees. 159 Dmytro Protsenko, “Regulatory of telecommunications/information Digitech and Taisys have in recent years Procedures.” and communication technologies in developed their own technology. Taisys 160 Edwin Okoth, “Big Brother could start combating and dealing with counterfeit recently prevailed in a patent suit over tapping your calls, texts from next week,” telecommunication/information and the technology. All Africa, February 17, 2017, http://allafrica. communication devices,” The World 146 The thin SIM supports GSMA/3GPP/ com/stories/201702170088.html. Telecommunication Development ETSI standards, making it compatible Conference, 2014, www.itu.int/en/ITU- with all standard devices from older T/C-I/Documents/WSHP_counterfeit/ feature phones to the latest smartphones. WTDC-14-RESOLUTION%2079.docx. 174 See https://imeidb.gsma.com/imei/ login.jsp.
TECHNOLOGY INEQUALITY: OPPORTUNITIES AND CHALLENGES FOR MOBILE FINANCIAL SERVICES 49 The Center for Financial Inclusion at Accion (CFI) is an action-oriented think tank working toward full global financial inclusion. Constructing a financial inclusion sector that reaches everyone with quality services will require the combined efforts of many actors. CFI contributes to full inclusion by collaborating with sector participants to tackle challenges beyond the scope of any one actor, using tools that include research, convening, capacity building, and communications. www.centerforfinancialinclusion.org www.cfi-blog.org