#OpenAfrica: Mobile, security & Africa’s ecommerce revolution
an #OpenAfricaMag interview. Schalk Nolte, CEO of Entersekt, talks to Open Africa about the role mobile plays in Africa’s ecommerce revolution, and the importance of banking security.
Ecommerce, in the form of online shopping and online banking, is often held up as the key to prosperity in Africa — a way of ‘leapfrogging’ past the obstacles of poor infrastructure. A vendor with a cellphone app now offers card-based transactions to clients who don’t want to carry cash; online banking does away with queues and wasted travel time; cellular communication allows vendors (such as fishers and farmers) to find out which markets most need their products, and which may be oversupplied.
But there is a flipside to this convenience: the ever-present threat of fraud. Wherever money changes hands, you’ll always find someone who wants to take it away illegally, and buyer, seller and banker are all potential targets. Banks have to balance this threat against the convenience factor of giving its clients—and its clients’ customers—access to fast and easy banking services.
Scammers are becoming more and more sophisticated, using techniques such as SIM-swapping to bypass banks’ one-time-password and notification strategies. Banks have to stay one step ahead of cyber criminals, or risk losing money and clients.
Open Africa: How big is mobile in Africa?
Schalk Nolte: Mobile is absolutely huge and enables many people entry into the formal economy for the first time. Driving past a brick wall in Salt River emblazoned with the telephone number of a house painter or handyman, you see a very simple illustration of the impact of mobile on everyday people’s lives: how did these [people] reach out to prospective customers previously?
OA: What has the uptake in smartphones been?
SN: This year is actually quite an auspicious one: it’s the first year that we will see more smartphones sold in Africa than feature phones. I think this growth has been surprising to many, especially banks and providers of services to the upwardly mobile. Application uptake on feature phone has been dismal, whereas smartphone usage is massively expanding what people use their phones to do. Banks and payments providers, among others, are playing catchup with the population at large. [Source]
OA: Why is Africa ‘mobile first’? What has driven the massive uptake?
SN: There are no real alternatives. Mobile is the only practical way of reaching all but the most financially and geographically advantaged on our continent. Mobile networks bridge Africa’s great distances and leapfrog thinly spread, government-controlled fixed-line telecommunications infrastructures. In doing so, they have brought down the costs of providing services significantly. I like using Nigeria as an example. When mobile was introduced in 2001, a country with a population of over 170m had a hundred thousand phone lines, with a waiting time of a year to obtain one. That was not so long ago, and now Nigeria has nearly one phone per person. This boom also means that innovation — and the uptake of services of all kinds — is very much centred [on] the mobile device.
OA: What is the history of mobile transactions in Africa — can you offer an overview of the growth?
SN: We see a much higher percentage of the total mobile user base taking to mobile banking or payments in sub-Saharan Africa than in most other parts of the world. Just over 2% of the world’s adult population has a mobile-money account, but 34% of adult sub-Saharan Africans do. The GSM Association estimates that there were 222m registered mobile-money accounts in the region by the end of 2015. One in three mobile connections is linked to such an account, rising to over half in East Africa. From where we stand in Nairobi, Johannesburg, or Kampala, the excitement over Apple Pay can seem puzzling. M-Pesa was launched way back in 2007! [Source]
OA: What does this massive growth mean for business?
SN: For business, mobile provides a more direct, engaging and cost-effective way to reach customers and provide existing services. Beyond that, it opens up entirely new opportunities. The mobile is a very personal device, much more so than a PC or laptop. We always have it with us. This relationship consumers have with the phone holds enormous potential.
OA: What did the massive success of M-Pesa teach companies?
SN: M-Pesa was ground-breaking for more than just the product. There would have been a long list of reasons not to launch the service, to not take the risk in an untested market. But it was launched and was a success, lauded globally. The impact of that on today’s African FinTech innovation cycle was larger than we probably imagine.
OA: Did the mobile transaction create a rush to create services/ apps that fed the demand, and how did this impact security?
SN: Mobile transacting growth was driven by both user demand, as well as industry recognising the possibilities that the technology opens up. As for security, accelerating growth comes with risk. Any new technology enjoys a short honeymoon during which fraudsters find it too unlucrative [sic] to target. As the number of vendors grows and the user base broadens, that changes. There’s the real risk that adoption will stall as fraud incidents climb and security concerns grow among users. Several countries on this continent have seen large increases in digital crime, often affecting people who can least afford it. Thankfully, governments are stepping in. Getting the regulatory balance right is, of course, important too.
OA: What trends have you discerned in the mobile transaction sector in Africa?
SN: Sophisticated market players, from venture capital firms to financial services product developers, are coming in, which means good things for the consumer in terms of pricing and the services on offer. Africa is really at the forefront of mobile transacting globally, and we have a big role to play with regards to how the ecosystem develops.
OA: Are there some regions that are more at risk than others?
SN: Not really. Fraud can be surprisingly simple. Many sophisticated attacks are just slight variations of what we have seen elsewhere before. It is cyclical, and geographically agile. The main point is to ensure that you stay ahead of the fraud curve instead of playing catch-up.
OA: What do brands/businesses need to take into account when introducing mobile payments, from a security perspective?
SN: Security is a core building block — the foundation, really — of any good product and cannot merely be bolted on at the end as an afterthought. That said, your focus on security should not distract from usability. The two must be balanced to achieve success. Entersekt, as an example, has managed to make mobile and internet banking more secure while making it easier to use.
OA: How secure is secure? What levels of security are secure?
SN: It’s all relative: “secure” describes the level of protection suitable for the particular application and the risk appetite of the service provider.
OA: Please offer insights and anecdotes of recent big mobile transaction breaches.
SN: In South Africa, there’s been a big increase in attacks that target the internet and mobile channel simultaneously. The internet channel is breached through a standard phishing attack while the second factor — an SMS one-time password — is intercepted through a SIM-swap attack or mobile malware. The big news stories here have mainly focused on wealthy people who lost hundreds of thousands of rands and have articulate spokespeople. But mobile malware, man-in-the-middle attacks, and SIM swaps are prevalent across Africa. In places with inadequate government oversight, consumers are left to judge for themselves the reliability of mobile services or, when things go wrong, fight for compensation on their own. Their stories are rarely told.
OA: What kind of damage does a mobile security breach do to a brand, to its customer base, and to the mobile transaction industry as a whole?
SN: Mobile is very powerful and provides a channel that is many times cheaper than any other way of servicing the customer. But owing to the personal nature of the device, it also brings risks. Reputational damage is a particularly big threat to businesses because consumers are, rightly, very slow to forgive and forget data breaches and theft. I still meet many people who will not transact on their phone because they read a scare story somewhere. Mobile can be very secure — more so than working on a PC — but most people are not in a position to assess the technology or parse news items for the truth about where and how breaches happen. That’s fine, but it does mean that the onus is heavily on businesses to stay ahead of the cyber criminals if they want to gain customers.
OA: Who are the people or groups that breach security? What do you know about them?
SN: It’s global and it’s extremely sophisticated in its organisation. Personal data, software, code — it all has a price, packaged for anyone from large syndicates to lone ne’er-do-wells. Like any trend, many of the scams spread across the globe in waves. We see attacks in Australia in 2016 that popped up in Europe in 2012. Security is unfortunately very reactive. Security professionals often ignore threats that are not yet in play in their country or industry. This means that fraudsters have a long time to exploit a vulnerability before that hole is closed globally and they have to find another.
OA: What does the future hold in terms of mobile security? What do businesses/brands need to know?
SN: The mobile ecosystem is complex and some of the cyber criminals out there are amazingly inventive, so security requirements change constantly. It really is an arms race. You have to choose a security partner (or partners) that will keep abreast of the threats as they emerge. There is no point in backing a vendor who is already behind the fraud curve — they are very likely to keep you there! Go with technology leaders who have a record of innovation.
Schalk Nolte (@schalk_nolte) holds a bachelor’s degree in electronic engineering from the University of Stellenbosch. He spent 10 years working for GSM operators in Africa and the Pacific, with a focus on technology and network deployment and on building the teams to get it done. He joined Entersekt in July 2009 as CEO, bringing his mobile telephony experience to bear on mobile financial services.
This feature first ran in Open Africa, the definitive guide to business, branding and marketing in Africa, brought to you by Ornico in partnership with GIBS Business School, with MarkLives.com as its official media partner. Download the entire publication free of charge (registration required).