Saturday, January 24, 2009

M-Pesa - Legislative Safeguards Should be in Tandem with Electronic Ones

The recent announcement that the Government will introduce a Microfinance Act and regulate money transfer services is commendable. It has been acknowledged in many quarters that technology has outpaced legislation and regulation in Kenya and something needs to be done about it.

The government should however ensure that wireless money transfer providers are obligated to implement basic electronic security technologies in their networks.

There are various wireless technologies in existence today. They include Wireless Data Networks (WDNs), GSM (Global System for Mobile Communications), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), UMTS (Universal Mobile Telecommunication System) among many others.

Wireless networking technology (including GSM) has become a very popular system for mobile communication in the world. This popularity and convenience is driven by two primary factors: convenience and cost. Mobile products have consequently been embraced at an astonishing pace.

The ability to communicate, send short messages and transfer money using your mobile, independent of a ‘physical’ infrastructure, has provided us with a convenience that we never enjoyed before.

PINs which are required to access your M-Pesa account reside in the service provider’s database. This database of passwords is, needless to say, very important and should be secure.

Apart from password data, these databases also contain customer details, call records, subscriber location and transaction histories.

Will the proposed legislation obligate service providers to ensure these databases are protected using cutting edge security technologies?

Apart from electronic safeguards the proposed regulatory framework should exhaustively deal with mobile electronic evidence. The electronic transfer of money is prone to fraud and money laundering. Obtaining, preserving and presenting technical telephony evidence in a court of law is difficult and should be buttressed by adequate legislation.

We should also not develop a framework for mobile money transfer in isolation. This framework should exist under the umbrella of the wider ICT Bill.

The concept of M-Security cannot be ignored by the proposed Microfinance Act and Regulations. M-security concerns itself with the policy, technical, managerial and legislative safeguards applied to mobile systems and data to protect organizational and personal information.

M-security should therefore be part and parcel of any legislative and regulatory framework of money transfer services in Kenya.

No comments: