[From CGAP Technology blog, 8 May 8 2012]
Mobile money feels right for mobile network operators (MNOs): it is an extension of the basic prepaid platform and distribution networks they already operate. Mobile money does require greater surveillance against fraud and money laundering measures, but it’s all fundamentally about secure messaging.
From a telecoms regulation point of view, mobile money is another instance of a value added service and those tend to receive a light regulatory treatment. All the specific regulations that pertain to the safety and soundness of mobile money –who can issue accounts, conditions of service, data security and privacy standards, supervisory treatment, consumer protections, etc.— should be the domain of the banking regulator.
But MNO participation in retail payments presents competitive challenges which banking and telecoms operators will need to monitor closely and perhaps address jointly. The problem is that MNOs are both component suppliers and direct competitors to banks wanting to offer mobile financial services. There is a risk that MNOs transfer market power from their core market to the emerging retail mobile payments market, in such a way as to effectively shut banks out of mobile payments. In the future, most financial services can be expected to have a mobile component, so such a situation would have severe implications for competition in the financial inclusion space more broadly.
This is quite understandably spooking many banking regulators into preventing MNOs from playing directly in the payments/banking space. That’s unfortunate, the fact is that we need to enlist MNOs to push the frontiers of financial access, while guarding against any potential abuses of market power on their side. We need to allow MNOs to contest the market without dominating it.
Authorities need to identify specifically those components of mobile communication services over which MNOs have bottleneck control and which are essential for the provision of mobile financial services. One asset MNOs control is the SIM card – a smartcard which identifies every mobile user. Access to the SIM card provides benefits in terms of security, since SIM cards may contain pre-loaded security keys which can implement end-to-end data encryption from the mobile handset all the way to the transaction authorization server. Access to the SIM card might also enhance the usability of services, since the SIM card controls the on-the-phone menu onto which mobile money can be incorporated directly.
However, there is no precedent worldwide for establishing equal access rules to SIM cards, asunbundling the SIM card might have severe implications for the security of mobile networks. In any case, the problem of proprietary control over the SIM card is mitigated if banks can build an equivalent service through other means.
MNOs also control the phone’s communications (or bearer) channel. The more common channels, such as voice, SMS (the protocol underlying text messaging) and packet-data (under various flavors such as GPRS, EDGDE, 3G or HSDPA), are broadly made available by MNOs under standard commercial offers. In this case, it should be fairly easy to establish and monitor a requirement of non-discriminatory access by banks and third-party providers of mobile money services to these channels. Since the market for these bearer services is sufficiently large and lucrative for the MNOs, we can expect MNOs not to over-price their voice and SMS services or to degrade the quality of their service specifically to lock out banks from using them to construct competing mobile money services.
The challenge is with a less common bearer service called USSD (Unstructured Supplementary Service Data), which is not widely commercialized by most operators. (You may recognize it as the service you use when you are asked to dial a sequence of numbers starting with star and ending with hash after you buy a scratch card.) The session-based nature of USSD presents two strong advantages over SMS as a channel for mobile financial services: it lends itself to implementing network-based menus which makes it easier to use, and it entails no storage of messages anywhere which makes it more secure. It may also be more feasible than using voice in countries where voice tariffs are still expensive, or packet-data in countries where most people still use simple phones. For banks without access to the SIM card, USSD may be the only realistic option.
In this case, simply stating non-discriminatory access to the USSD service may not suffice as long as USSD is used primarily for banking services, since MNOs may price it specifically to preclude competition from emerging in mobile financial services. Therefore, the telecoms regulator ought to monitor USSD pricing to see if it bears a reasonable relationship with the price of alternative access channels such as voice and SMS. Moreover, an operator might be forced to offer USSD to other mobile financial service providers provided that: (i) the operator has an installed USSD capability (even if it is only used for the MNO’s own purposes, such as airtime top-ups), and (ii) the operator is offering its own mobile financial service through a proprietary channel (e.g. SIM-based) not available to others.
These actions –monitoring MNOs for potential discriminatory pricing and service quality on voice and SMS, and monitoring USSD offers to prevent undue denial of service or pricing that does not bear sufficient relationship with the pricing of other channels— fall in the first instance in the domain of the telecoms regulator, since these are purely about the channel and not higher-level financial services. Of course, the banking regulator could play a vigorous role in helping banks present their case to the telecoms regulator if they feel discriminated against, or to competition authorities if the situation warrants escalation or the telecoms regulator lacks the necessary powers to intervene.
Authorities ought to pass a clear and strong message that MNOs can play at the financial services layer if they play fairly at the communications layer. This might be expressed around a protocol or memorandum of understanding signed jointly by the banking and telecoms authorities, stating how the various authorities will work together and laying out the competition standards to which they will hold MNOs.
This regulatory vigilance will be essential until such time when everyone has a smartphone and the phone (rather than the SIM card) can perform locally all security and menu presentation services. At that point, banks will have credible options to build their own mobile financial services with minimal control by the MNOs. Banking will just be an app on your phone, which anyone can download. That competitive nirvana is now more imaginable than ever, but it is still a ways off in developing countries.