Payments - Page 6 of 13 - Adedeji Olowe

Fraudsters count on banks and FinTechs not talking. It’s killing digital payments!

Fraud plagues Nigerian online transactions. Nigeria lacks centralized fraud prevention services, with the recent CBN watchlist being limited. A global fraud repository could aid but requires robust risk management and quality assurance. Collaboration is vital to combat fraud and ensure a safer digital environment.

Electronic fraud is a significant reason why many Africans especially Nigerians, including highly educated middle-class, don’t want to do transactions online or use digital products. While a lot is being done with efforts such as Two Factor Authentication, customer opt-ins, etc., frauds still go on because banks and payment providers don’t share information with each other.

Fraudsters are still having a field day because of one thing – evil thrives in darkness.

Recently one of my friends running a payment company called to find out what we could do to some people who did fraud on his platform. As a matter of practicality, I told him nothing.

Think about it, what if he went to the police? Unless the fraudsters were so brazenly sloppy, the Police probably can’t investigate to catch them. He will spend the next few months going back and forth like a poorly installed pendulum, some random arrests could be made, but in the end, just like others, nothing would happen.

So, he did what every payment company or bank has been doing since – improved his systems, licked his wounds clean and moved on with life. I’m dead sure he’s silently cursing them under his breath.

But my gut feelings told me these bad guys didn’t just start with him – they have been on this less than illusory career for long. And that is the crux of the matter.

In South Africa, the banks, payment providers, and just everyone came around to form the SAFPS (Southern African Fraud Prevention Service). If you did a bad thing and your name strolls into their list, trust me, your transactions will continue to fail, but you will know why.

International internet service providers also use large crowd-sourced databases of spammers (SPAMHAUS) where source IP addresses and domain names of spammers are logged. If you spam and your name goes there, your emails will never be delivered again (to those who use the database for filtering spams). Major companies in Nigeria, including almost all banks, use SPAMHAUS to protect their email infrastructure.

So why don’t we have the same thing in Nigeria? I am very sure if my friend had a service, he could check transactions against, the boys who scalped him may have been stopped from getting their loot. And let’s say he was their first port of call, if he reports them, they won’t be able to hurt anyone again.

The Central Bank of Nigeria (CBN) and Nigeria Electronic Fraud Forum (NEFF) did the right thing recently when the CBN watchlist was inaugurated. My banks have been sending me warning messages not to misbehave because if my name should enter that list, my own don do.

This list is limited to only banks and BVNs alone. However, we know that fraud surface area covers extend to emails, phones (those spammy BVN update alerts), IP addresses, etc. Another challenge is that many frauds happen on platforms beyond banks. For example, fraudsters routinely log into wallet systems to defraud hapless customers.

A centralized global repository of fraud information, accessible and non-partisan would go a long way to instill confidence, and just allow everyone to snore longer at night. The cost of transaction also goes down as cost attributable to fraud losses would not be overlaid on transaction fees anymore. However, without this repository and other means of squelching fraud, innovations from smart Fintechs may never reach that critical level as payers will always be frightened to go online.

If they could pull this off in South Africa, why not Nigeria? It would be to everyone’s benefit to collaborate and crowdsource information.

Nevertheless, crowdsourced fraud information comes with risks as well. What do I do if a payment provider maliciously put my name on that list and my transactions get flagged? What if someone takes them to court and asks for $1B damages for failed transactions?

A shared repository of fraud information doesn’t remove the requirements for proper risk management – which much FinTechs lack. I mean, risk management is as boring as hell, no place in the awesome sexiness of a startup. True? False! Adhering to regulations, PCI-DSS, ensuring that changes follow maker/checker processes, logging everything that moves, encryption, hashing before and after changes, etc. guarantees your neurons are used for product development, not recovery efforts.

You can’t underestimate the need for testing. Quality assurance is another major area of lack for Fintechs and this is probably responsible for 70% of the holes that the fraud lizards crawl through. Beyond normal happy path, regression, a double-blind ethical hacking can pinpoint gaps that need plugging.

Beyond all these, collaboration and information sharing will go a long way to keep the bad boys at bay; Christmas is around the corner, and everyone wants to hammer.

Is Financial Inclusion a Myth?

What if Financial Inclusion is a myth that we have created in our jaded view of what we feel is good for the world’s poor but, does not address their needs or that they do not even need? What if the real problem is that the worlds poor don’t trust these help and they see it as a means of control by the government who want information about everyone for taxation and further subjugation?

Financial Inclusion used to be a hot buzz word, and even years after, it’s still hot enough to warm a pot of coffee. Unfortunately, I haven’t been able to understand it from a viable business model.

Nevertheless, from an altruistic angle, it makes sense to me. It is not out of place for the haves to pay for the transactions of the have-nots so they could bring them to modern living. The World Bank says “Financial Inclusion is a key enabler to reducing poverty and boosting prosperity.”
CGAP believes that Financial Inclusion is about migrating the 2 Billion working-age adults that don’t have accounts with licensed financial institutions to the formal economy where, regardless of income levels, they can have access to savings accounts, insurance, and other financial services needed to transform their lives.

But recently even that understanding of mine has been shaken so profoundly I’m asking myself if Financial Inclusion isn’t a scam.
Before you lob a hand grenade at me, hear me out.

I recently had a conversation that underscored this new position of the possibility that Financial Inclusion could be a scam. Someone asked a poignant question in a group chat – do the financially excluded really want to be financially included? If yes, do they want to be financially included in the form that is being shoved down their throats? That question has been nagging me ever since. I took the liberty to ask a few “financially excluded” people around me and their responses were shocking. They didn’t care for digital payments, wallets, bank, Bitcoin, etc. All they want is real hard cash which they can spend and treasure.

Beyond receiving money from the cities, many of their friends in the villages don’t care about money transfers and other fancy digital thingamajigs.
It is possible I’m totally wrong in all these. It is also possible that this could be a beautiful scam that sounds pretty good to our helpful alter egos.

Financial Inclusion has many challenges – education, infrastructure, cost of transactions, KYC. But something that struck me is that when the need hits the sweet spot, some of these things do catch on. For example, despite some bit of literacy requirement, elitism and cost associated with mobile phones, the usage caught on to almost everyone that only those in the deepest rock caves in Nigeria don’t have them. The numbers on NCC website speak for themselves.
As much as the internet is a luxury in Nigeria, almost everyone is on Whatsapp (it cost money to have data), and there are more Facebook active monthly users than active monthly bank accounts.

Do you think Financial Inclusion is a scam?

Where are these 37 Million Ghostpreneurs in Nigeria?

The ongoing revolution in payments, automated credits, and self-service onboarding that have fueled massive growth in digital banking over the last 3 years seems to have largely overlooked the Nigerian Micro, Small and Medium Enterprises (MSME) sector. Forget whatever anyone says, the small business owners have been left behind. Who did they offend?
At a recent event, I touted the numbers from SMEDAN that Nigeria had, as of 2013, 37,067,416 MSMEs, someone almost stoned me with her stiletto (with wicked looking pointies that could be deemed a weapon of personal destruction) because the numbers just didn’t look real.
Or are they Ghostpreneurs?
The numbers didn’t add up for me as well. Where are these companies or micro-enterprises? Finding them is hard. I mean, every bank will tell you that 7% or less of its accounts belong to non-individuals. When you look at NIBSS June 2017 figures, corporate accounts are just 6.5M out of the 98M accounts strewn across 20+ Nigerian banks. And the 98M accounts belong to about 26.5M accounts which average about 3+ accounts per individual. And by the way, over 98% of account holders have accounts with more than one bank.
Something doesn’t add up.
Of course, it was easy to see. Many of the MSMEs run their businesses with their personal accounts, so they are probably not Ghostpreneurs. So Sisi Clara Cake and Thingz, Baba Bisi Furniture Works probably run off their personal accounts with Bank A and B. Would you have thought they love it that way? Maybe not.
Until recently, opening a personal account in Nigeria was one of those rites of passage where you must pull a tooth with rusty pliers, by yourself and without anesthetics. Calling it painful and sadistic would be an exercise in understatement. The good thing is that over the last 2 years, the self-service revolution has extended from digital services to account opening.
At first, banks streamlined their account opening packages, so you won’t have to write GMAT essays just to open your Savings Account and then naturally progressed to opening accounts online. Now, practically all forward-looking banks allow you to open accounts online or via USSD. Unfortunately, what you get is a basic Tier 1 account and to upgrade to a proper account you can live with, a trip to the bank branch is still required. Alat by Wema has done a good job though – you get to open a proper account 100% online, and even your debit card is ferried to your shanty free of charge. I hope others see the light!
However, opening a business account is still an exercise in morbid self-flagellation; no bank seems to get it right. They ask you for all types of documentation, like what tribal mark your dead great grandmother had (you never met her!). They require random documents from fledgling entrepreneurs, who can barely put together their business plans. Many of these documents require pilgrimages to dens of government agencies. Ultimately, unless that account is critical, most entrepreneurs use their personal accounts to run their side gigs.
Think about it, have you ever paid your friend that does small chops as side hustle via her company account?
The lack of ease to open a business account has been a lose-lose-lose for every single stakeholder.
Not having a business account, in the company name, means a small business will never be able to scale. I mean, do you think Shell or Mobil will give you a small supply contract with a personal account? Absolutely not. Furthermore, by the time the small business eke out some semblance of progress and a business account is opened, the company is locked out of valuable business loans because the new account would not have the financial history that has been lost to the founder’s account.
The efforts of different banks, especially Diamond and Fidelity Banks (Disclosure: I worked at Fidelity Bank), would continue to be hampered if the ease of business account opening is not addressed.
The government also loses because taxes are lost when revenues for companies are sunk into individual accounts. The government is also not able to have data to track the performance of MSME initiatives, and they are not able to drive grants to sectors in dire need of one (I dey try myself, I know!)
What the MSMEs need today is a bank, beyond the rhetoric and adverts, which can automate the account opening processes. If an individual does not need to worship at a bank branch to open accounts same should also be extended to MSMEs. A startup should be able to start the process, upload all documentation and have an account opened within minutes or hours at most. There are APIs, tools and other offline services available banks to authenticate almost all documentation required for business account opening. Each director or signatory in the account would also be part of the process and can be validated as well.
I honestly believe this would happen as soon as the market for individual digital payments reaches maturity. However, between now and then, the first banks to streamline this process may have a lockdown on MSME business accounts.

Dropbox banking: The backbone for Fintechs and a probable model for banking in the future

The argument about if Fintechs and Banks are frenemies would never end. And it’s justifiably so.

Retail banks have a model of providing checking, savings, investment account services. Of course, they layer that with credit cards, personal loans, mortgages, etc. Fintech showing up on the scene means one thing, banks would be losers. There isn’t any clearer way to say it.

Think about it this way, banks earn money from these services and would want to continue that way. Fintechs showing they could do it better means they also want to gain something as well. So, any of these could happen: banks would lose, and Fintechs could gain; Fintechs and banks would gain from increased service cost and customers would pay more; Fintechs would lose, and banks would be cool.

There is also the friction that comes with who owns the customer experience. Most banks loathe to see new players sandwich between them and the customers and would prefer to control every single data point. On the flip side, when customers start to use apps for Personal Financial Management and their bank accounts, they start seeing the banks as a repository of their funds or provider of loans.

Retail banks don’t even trust Fintechs as their services tend to aggregate and disintermediate. None of the banks want to be a bucket for storage.
But wait, why not?

The traditional model makes losers out of the retail banks for Fintechs to win, maybe the only way would be to have a new type of bank, modeled from grounds up to take away the arguments of retail banks.

So imagine a bank, fully licensed but whose interaction is via APIs that Fintech and others can use to connect to it. Fintechs are the actual customers because the banks help them to hold their customers’ funds and loans in compliance with the regulation.

Dropbox was happy to become the programmatic storage for many apps, and that cemented its position in the world of cloud storage. Of course, Google Drive, Box, Microsoft OneDrive, etc. support the same approach but nothing represents personal commodity storage more than Dropbox.

A bank, fashioned after Dropbox, could have the same model and would face no pressure to compete with Fintechs but be the backbone for them. Such a bank, with no direct customer interface, would be barebones to run with the most minimal of operational overhead.

Could this be a viable model?

If this model works, then it’s possible that the future of banking will be the gradual transformation to the utility company providing services to the Fintechs who will own the customers. Nevertheless, there may not be a total elimination of the traditional model though, or one where all banks become a full-scale utility.

The harsh reality for Fintechs is that banks still own the customers’ trust for now and that counts for a lot.

Being a utility player offers no room for differentiation, and it simply becomes a case of the best bank offering ease and variety of API integration (across the various requirements of the Fintechs – Risk and Regulatory Compliance – i.e. KYC, AML, security of deposits, etc.).

What is likely to happen is more of a gradual acceptance of the Fintechs services as options for customers in areas where the banks may not have the capabilities. For example, Santander is selling SME lending via Kabbage or providing Personal Financial Management via Meniga, the ultimate Fintech bank that will provide an integrated suite of all the customers’ required financial services may just not be on the horizon yet.

But it will be interesting to see how this pans out for the future of banking.

#Note
Contributions from Ladi Asuni

Online Banking without Offline Annoyance

The drumbeat for payments and all things digital has been beating loud and long (and annoying, almost like a banshee!). At face value, this seems to be one thing customers and banks can agree about.
Banks don’t want customers in the branches anymore (because it cost more to serve them in-branch) and customers don’t even want to go to the branches to do transactions. It cost more to get there; the tellers aren’t as pretty as before; you could spend the last years of your life stuck in traffic and lastly; woe betide you if your favorite branch got robbed, a junior thief could use your pot belly for target practice.
Unfortunately, while it seems there is an agreement, almost every bank seems to struggle with getting customers online.
Many issues are to blame.
The processes are designed by sadists who don’t understand what customers want or able to even let the customers know what needs to be done online.
Even when the processes can be decrypted by the CIA and NSA, it mostly involves a trip to the banking hall.
But then, good news is, sadists are getting a change of heart and banks are seeing the light. Hallelujah.
Curiosity killed the cat
In the age where Zenith, Wema, etc. let you open an account with your USSD code, I was wondering if these banks won’t let me have internet banking without seeing their shops. So huddling with a friend, we trolled banks to find out the current processes of getting customers to register for Internet banking (hey, we didn’t touch mobile, don’t beef!) and whoa, we have an intriguing result.
Summary
Out of the 21 banks surveyed, 57% or 12 of them allow you to start and end your registration for online banking. However, most would want you to view just your balances. You must still ferry your backside to a branch to get token.
Of the lot that really understand the perspective of the customer, 50% of them allow you to complete the end-to-end enrollment and start doing transactions without any branch visit. Kudos to their product management team – you guys have balls!
Full Data

Bank	End-to-end self-enrollment?	Self-enrollment allows transactions?	Authentication method
Access Bank	Yes	No	Valid account number to register; an activation code is sent to registered email and mobile number via SMS
Diamond Bank	No	Not applicable	Download and fill form and submit at branch
Ecobank	Yes	Yes	Valid account number to get OTP via SMS
FCMB	Yes	Yes	Use valid account number, use Debit card information to validate
Fidelity Bank	Yes	Yes	Use account number to get OTP, fill online form, use debit card information to validate, download a token app and start doing transactions.
First Bank	No	Not applicable	Call FirstContact to begin registration or visit a branch
Guaranty Trust Bank	No	Not applicable	Download and fill form and then submit at branch for activation
Heritage Bank	No	Not applicable	Register online, print and take to branch for activation
Jaiz Islamic Bank	No	Not applicable	Download and fill form and then submit at branch for activation
Keystone Bank	No	Not applicable	Download and fill form and then submit at branch for activation
Providus Bank	Yes		Use valid customer ID, OTP sent via SMS
Skye Bank	No	Not applicable	Register online, print and take to branch for activation
Stanbic IBTC	Yes	Yes	Use valid account number and phone number; set up secret questions, OTP is sent via SMS
Standard Chartered	Yes	Yes	Use Standard Chartered ATM, Debit or Credit card information to validate to get OTP sent via SMS, alternatively get Temporary ID (Received via Email) Temporary Password (Received by SMS)
Sterling Bank	Yes	No	User valid account number and Phone number
SunTrust Bank	Yes		User customer number, identification number, e.g., Passport or National ID card, date of birth and branch name
Union Bank	Yes	No	Use valid account number to get OTP via SMS
United Bank for Africa	Yes	Yes	Use Valid account number, use Debit card information to validate, use OTP to consummate instant transactions
Unity Bank	No	Not applicable	Download and fill form and submit at branch
Wema Bank	Yes	No	Use valid account number
Zenith Bank	No	Not applicable	Download, complete, and submit request form at any branch or via email

TGIF but one last thing
I know the stories won’t hit the headlines but banks still get shafted, once in a while, by fraud. However, I’m very sure that the ease of onboarding, the rapidly ramping revenue from transactions and even the demand for modern banking would force everyone to be at parity within the next 2 years. Mark my word, time would come when the last bank to get onboard self-enrollment would be beaten up by the horde of irate customers.