I hate shopping online. But for a different reason

Just like every other man, shopping in store is the very worst punishment, just next after going to hell. In fact, it can be worse than going to hell if you must do that with a woman. Much worse if you have to do that with your daughter. It’s not hard to figure out: women love good things and must check them out; men want to save money so they need to get out of the store, ASAP!
Would you think shopping online should be a panacea? That would be correct as long as you ain’t a Nigerian. Shopping online in Nigeria is hard as it’s fraught with so many problems not limited to lack of trust (will they chop my money or will the items I ordered be the one that shows up?), delayed delivery (will my emergency items come after a year), or failed payments (damn, did I just get debited and it says transaction failed?).
But then, many times when the items are low risk, or I feel particularly adventurous, I still take the plunge to shop.
Searching for items to buy isn’t even that bad. Search for anything and Jumia or Konga probably have one. It’s when you want to shop that the wahala starts. You will need to create a user profile, add different addresses for delivery, etc. At these moments, I usually give up and say, darn it! Can’t be bothered.
Friction at the point of payment is a big problem for every ecommerce venture. Those who check their analytics know that the cliff is at this junction.
By the way, this isn’t a Nigerian problem but something that is plaguing merchants all over the world. However, with Amazon capturing about 44% of all ecommerce in the US in 2017, it means almost half of all shoppers have keyed in their details on Amazon once and for all and probably now have frictionless shopping. In fact, Amazon patented the 1-click shopping experience.
Different attempts have been made to simplify but this hasn’t helped anyone. So what could be done?
I have an idea but let’s come back to that later.
Years ago, every website needed to implement its own user credentials. This was painful for the websites and even much more arduous for the users. But at the same time, social media was growing like wild vines and even my mother’s grandmother was on it. Then Google and Facebook came up with social login which allows websites to authenticate users with their Google and Facebook ID. Of course, Twitter and LinkedIn did same, but it never had the type of traction that Google and Facebook had.
When your user base is over 2 billion, you are a planet to yourself. Darling, Let’s book a SpaceX ride to Planet Google (SpaceX doesn’t fly to Facebook anymore because of data breach asteroids).
What if a similar concept could be applied to shopping online? You would say that one could login to Jumia and Konga with your Google and Facebook ID but that only works for the authentication. The real pain is having to enter your addresses and card information over and over and over again.
Let’s think local for a moment. Imagine a service which Konga, Jumia, Gloo, Payporte, etc. could integrate but that allows shoppers to keep their profiles, addresses, cards, etc. so that once a customer registers once, the information is available for all ecommerce sites that support it. And supporting it could be as simple as one line of code for popular shopping engines such as Shopify, WordPress, Magento, etc.
It could be designed such that it doesn’t take away from the brand of the ecommerce company (they care about this a lot) but customers will have complete control on what is shared, who it is shared with and see the history of activities.
This would be a 1-click experience for hapless men like me.
Sitting comfortably in my armchair, I think this will significantly remove friction from shopping and should be very advantageous for smaller players who don’t have the clout of Jumia and Konga but unfortunately, experiences a steeper cliff than others.

Transforming Payments in Nigeria with Open Banking

This is the email that birthed Open Banking Nigeria. Sent just 2 minutes to midnight on June 1, 2017. Sent to those unfortunate to be my friends and so, are subjected to never-ending streams of half-baked ideas and utter madness.

It’s a very long read, so be warned!

****************************************

Good evening everyone,

At one time or the other, we all heard about how payments would be the next big deal. We have heard of big data, APIs, yeti, abominable snowman and all the rest. Unfortunately, many ideas, companies, and committees have been long on intentions but short on execution.

All of us in this email thread know what APIs can do and how payments can transform the lives of our customers, the fortunes of our companies and improve trade and transactions in the country.

However, things are not the way they should be: APIs are hard to get; tough to implement and even more difficult to integrate with.

The Challenge

There are many sides to this problem:

For the average Nigerian bank, many FinTechs are knocking on the door requesting APIs to do basic things such as payments, validating data, collections, etc. Many are developing custom APIs which don’t scale to other implementations. Keeping track of who is connected to what is a challenge. Monetization is a difficulty.

For FinTechs, (I suffered this over the last few months), convincing banks to allow connectivity is met with apathy, distrust, and unbearable burden. Each bank comes with custom integration methods and codes. Many banks never allow connectivity, so the world-changing solution dies when the Xth bank joins, two years after.

For risk managers, (you know yourselves!) the new craze of FinTechs, apps, and services is a disaster waiting to happen. The surface area for which a breach can occur expands with every new connection, and nevertheless, the product managers are blaming risk + control managers for being cogs in the wheel of progress.

The CIO that wants to implement a robust ESB solution, which adequately caters for different external applications connecting with core banking solution, is faced with complicated software that is expensive to buy, implement, support and integrate. By the way, nobody else in the industry knows how the software works and so when the smart cookie who runs it resigns, the solution is abandoned after two years of never-ending implementation.

So what is the Way Forward?

I have faced this problem in almost all the dimensions possible. However, my current experience in FinTech and as an outsider looking into banking has shown me how crippling this is for banks, FinTechs, risk managers, CIOs, etc.

However, my broad experience has also demonstrated that we stand, as a country, at a junction by which this problem can be solved simply, cheaply and everyone would be a winner.

It would be an open-source, non-partisan API standard for banks and other OFIs.

Why not PSD2 or Open Banking Project (UK)

The problems banks and FinTechs currently face also plaguing everyone in Europe, and they consequently came up with EU Government backed PSD2 and industry-led Open Banking.

Ordinarily, it would have been easy to fork their project for Nigerian banks. Unfortunately, their implementation could be expensive, complicated and time-consuming for anyone to implement.

Developing what works for our environment, regulation, our level of technical maturity, etc. may have a greater chance of success than wholesale adoption of international standards.

However, references would be made to international best practices where and when it suits the local objectives.

Problems the Open API Should Solve

This initiative should solve practical problems of payment interconnectivity for different industry player:

Banks: A non-proprietary API infrastructure which any of the FinTech and other partners can connect with simply and securely. It would be easy also to monetize the connections, set limits and enforce transaction integrity

FinTechs: With every bank adopting the interface, connecting to each would be a breeze. They can focus on building amazing solutions without wasting time and effort convincing each bank for connectivity and also developing extensive custom codes for each

Risk Managers: With a single doorway that provide a consistent interface and means for managing external integrators, risks can be reduced, and threats can be easily seen and controlled

Product Managers: FinTechs are not foes but friends who can multiply a bank’s transactions and together bring new sources of revenue, especially in the new regime of low transaction fees

Industry: The Open APIs will also provide a level playing field for everyone which ultimately allows innovation to grow while preventing bigger players from stifling others because of legacy connectivities and platforms

The Open Banking API Tenets

  • Non-partisan
    It will not favor any company, groups or sector over another. Contributions shall be accepted from everyone
  • Open and free for anyone to use
    The standard shall be free for anyone to use
  • Technology agnostic
    While the interface would be standard driven, how each bank, OFI, etc. choose to implement would not be dictated
  • Simple to implement
    It would favor simplicity over gimmicks or exoteric functionalities
  • Secure
    Security would be inbuilt from grounds up to engender confidence by companies, regulators, and other stakeholders

Starting Up

While the API standard would be open and free for anyone able to contribute, we all know that it has to start with something and with some people. Each of you receiving this email has been previously approached and selected for various reasons and skill set.

A draft document outlining objectives, design, and API definitions would be developed and released for additional inputs. The final document would be robust enough to be presented to the general public for adoption.

Key areas that need help would be for API design, security, scalability and regulatory.

Conclusion

It has been a long email and thanks for reading this far. Questions, comments and other contributions are welcomed.

Best regards, 

Adédèjì Ọlọ́wẹ̀
www.dejiolowe.com

Customer experience is everything: How GTBank catalyzed the explosion of digital payments in Nigeria

Everyone who has played a role in payments in Nigeria can attest to the fact that the current upswing in the adoption of digital payments started around the middle of 2014 when the trio of GTBank, Fidelity, and Zenith Banks pushed out their USSD banking products.
Consequently, the number of us going to banking halls to do transactions has been falling each day precipitously. The 2017 KPMG BICSS showed that mobile banking penetration In Nigeria jumped from 20% coverage in 2015 to a vertigo-inducing 48% in 2017.
Some people, including those who talked to KPMG, call USSD Banking Mobile banking but then who cares? If customers can use a service to meet their payment and financial needs, Hallelujah!
Many reasons have been given for the sudden rise. Many experts and thought leaders (whatever that means) have adduced this as evidence of innovations from banks and Fintechs. Others feel it’s a natural progression of things.
Armchair pundits, especially my humble self, think that the ubiquity of USSD, the simplicity of use and the cost of access were significant factors for the transformation. And em, cough, the branding, and money GTBank poured behind *737# Simple Banking ensured that even the dead heard about it. It was a winner from day one.
Some even feel because of the biting and nasty recessions, tellers and customer service officers earn less to buy makeups. Nobody wants to waste money on a trip to banks just to see ugly girls. I digress.
But I was wrong. Or maybe not 100% wrong.
I was fortunate to have been a part of this game for the last five years, but I now have a contrary opinion of what made the change to happen. While I would give credence to the value of innovation in payments and other digital thingamajigs, the fundamental products being pushed weren’t inherently new (many apps wear pretty faces though with poorly applied lipsticks).
The most significant reason has been the customer experience when getting on with the services.
I have spent my life railing against sadistic banking processes that prioritizes “Control and Compliance” over customer experience. Get me right; I’m a stickler for control, processes and risk management. But many of our control and compliance procedures appear to provide cover while in fact, they hurt customer acquisition and when the real attacks come, they can’t even cover the banks’ backsides.
So how did this happen?
Before 2014, most services by banks require a visit to a branch, completing a form and hoping it gets done on the system. Usually, your password never gets to you, and the processes were just full of pain and misery.
GTBank led the pack by daring the gods of control and compliance. They designed the USSD banking process to have you input your bank account and then use your last four digits of your card number as the PIN. It was daring, maybe a little foolish but it was groundbreaking regarding customer experience.
Signups exploded. The market noticed.
Luckily the transaction types were simple, and transaction limits were truly limited. Being able to get on a digital service without worshiping an idol at the local branch was a boon.
How GTBank influenced digital payments
The rapid and immediate success of GTBank’s *737# Simple Banking made it difficult for other banks to offer something “more secure” for the onboarding process and their approach was a justification for hapless product managers to force approval of comparable products at the copycat banks. At Fidelity Bank, my “village” sense wouldn’t allow me to implement last four digits of PAN though; we settled for good ‘ole PINs.
One of the large banks waited years before launching their USSD Banking because of “risk,” but in the end, the market forced their hands to do self-service USSD and live with the risks. Unfortunately, they lost out on the massive income they could have made between 2014 and 2016.
Alat is transforming the next wave
Wema Bank, despite facing branding and perception headwinds, launched Alat Digital Bank into the market last year (2017). The Naysayers are already adding pepper and sauce to their words in anticipation of making a meal out of them – the service has been very successful. Unconfirmed figures point to about 200K users in 8 months with deposit north of N1B.
The curious thing is, Alat offers nothing more than a standard savings account with 10% interest but with everyone broke in Lagos, that can’t be the most important reason.
What Alat has done well is the ease at which anyone can open a full-fledged Tier 3 account and even have the debit card delivered (free as of the time I did mine) without touching a sheet of paper or visit a bank branch.
That ease and experience are what the other banks, who started online account opening a million years before Alat/Wema Bank, have not been able to pull off. Ask any bank how many accounts get opened online, you will be very embarrassed for their CEOs.
There are bears in the wood
I would be very foolish to say that there are no risks to self-service in banking. Banks and hapless customers get shafted by the day, and a bank that isn’t vigilant could get cleaned out.
However, the smart banks have figured out that a well-designed process flow and fraud monitoring can thwart an average fraudster. Even with SIM cloning, the most dangerous digital evil on the prowl, customers can be easily protected when intelligent backend analytics are applied to customer transactional behaviors.

Fraudsters count on banks and FinTechs not talking. It’s killing digital payments!

Electronic fraud is a significant reason why many Africans especially Nigerians, including highly educated middle-class, don’t want to do transactions online or use digital products. While a lot is being done with efforts such as Two Factor Authentication, customer opt-ins, etc., frauds still go on because banks and payment providers don’t share information with each other.
Fraudsters are still having a field day because of one thing – evil thrives in darkness.
Recently one of my friends running a payment company called to find out what we could do to some people who did fraud on his platform. As a matter of practicality, I told him nothing.
Think about it, what if he went to the police? Unless the fraudsters were so brazenly sloppy, the Police probably can’t investigate to catch them. He will spend the next few months going back and forth like a poorly installed pendulum, some random arrests could be made, but in the end, just like others, nothing would happen.
So, he did what every payment company or bank has been doing since – improved his systems, licked his wounds clean and moved on with life. I’m dead sure he’s silently cursing them under his breath.
But my gut feelings told me these bad guys didn’t just start with him – they have been on this less than illusory career for long. And that is the crux of the matter.
In South Africa, the banks, payment providers, and just everyone came around to form the SAFPS (Southern African Fraud Prevention Service). If you did a bad thing and your name strolls into their list, trust me, your transactions will continue to fail, but you will know why.
International internet service providers also use large crowd-sourced databases of spammers (SPAMHAUS) where source IP addresses and domain names of spammers are logged. If you spam and your name goes there, your emails will never be delivered again (to those who use the database for filtering spams). Major companies in Nigeria, including almost all banks, use SPAMHAUS to protect their email infrastructure.
So why don’t we have the same thing in Nigeria? I am very sure if my friend had a service he could check transactions against, the boys who scalped him may have been stopped from getting their loot. And let’s say he was their first port of call, if he reports them, they won’t be able to hurt anyone again.
The Central Bank of Nigeria (CBN) and Nigeria Electronic Fraud Forum (NeFF) did the right thing recently when the CBN watchlist was inaugurated. My banks have been sending me warning messages not to misbehave because if my name should enter that list, my own don do.
This list is limited to only banks and BVNs alone. However, we know that fraud surface area covers extend to emails, phones (those spammy BVN update alerts), IP addresses, etc. Another challenge is that many frauds happen on platforms beyond banks. For example, fraudsters routinely log into wallet systems to defraud hapless customers.
A centralized global repository of fraud information, accessible and non-partisan would go a long way to instill confidence, and just allow everyone to snore longer at night. The cost of transaction also goes down as cost attributable to fraud losses would not be overlaid on transaction fees anymore. However, without this repository and other means of squelching fraud, innovations from smart Fintechs may never reach that critical level as payers will always be frightened to go online.
If they could pull this off in South Africa, why not Nigeria? It would be to everyone’s benefit to collaborate and crowdsource information.
Nevertheless, crowdsourced fraud information comes with risks as well. What do I do if a payment provider maliciously put my name on that list and my transactions get flagged? What if someone takes them to court and asks for $1B damages for failed transactions?
A shared repository of fraud information doesn’t remove the requirements for proper risk management – which much FinTechs lack. I mean, risk management is as boring as hell, no place in the awesome sexiness of a startup. True? False! Adhering to regulations, PCI-DSS, ensuring that changes follow maker/checker processes, logging everything that moves, encryption, hashing before and after changes, etc. guarantees your neurons are used for product development, not recovery efforts.
You can’t underestimate the need for testing. Quality assurance is another major area of lack for Fintechs and this is probably responsible for 70% of the holes that the fraud lizards crawl through. Beyond normal happy path, regression, a double-blind ethical hacking can pinpoint gaps that need plugging.
Beyond all these, collaboration and information sharing will go a long way to keep the bad boys at bay; Christmas is around the corner, and everyone wants to hammer.