Kenya has emerged as a country highly vibrant in the fintech space of which Myriad Connect is exploring opportunities for open banking, an initiative embraced by several establishments globally.
During a recent Myriad Connect event to explore the opportunities of Open Banking in the East African market, it emerged that innovation leaders in Kenya are ahead of the curve for Open Banking with pioneering initiatives from Finserve and Equity Bank, the M-Pesa API and with the services from the likes of GT Bank to be launched soon into the market.
Open Banking drives transformation in digital financial services by empowering consumers to own and share their financial service data and to leverage this data to deliver enhanced capabilities into the marketplace.
“Open Banking enables consumers to have more choice and hence control over their finances by leveraging the power of digital,” says Richard Johnson, a specialist in the convergence of Digital Technology and Financial Services, who facilitated the session held at Radisson Blu Hotel in Nairobi.
Johnson added that Open Banking initiatives are being put in place to empower consumers to take greater control of their financial information and how and who it is being used by. By taking control of such data, he says, consumers are equipped to manage their finances better and are able to decide who they want to share their information with, in order to make it cheaper and easier to find superior products and services.
A second speaker, Rafe Mazer from FSD Kenya, shared on the analysis of the key market constraints and reforms needed to achieve information-sharing models like Open Finance in Kenya, saying:
“The fast-growing, unregulated Fintech sector should uphold information-sharing as well as banks, but needs coverage by a current mandate like Competition Authority of Kenya (CAK), or a new entity like the Financial Market Conduct Authority, proposed in 2018. Information-sharing, as it is happening in Kenya today, is not consumer led and we need a mandate and standards to be set.”
He continued, “Our conversations with financial service providers shows strong interest in information-sharing models by many of them. The industry should approach regulators to share this interest, and work with them to develop the necessary rules and information-sharing solutions to help increase competition, innovation and consumer choice.”
In addition, to enable Open Banking in Africa and ensure that any financial service transaction is securely authenticated, and any data shared is also authorised, provision of ubiquitous technology for authentication is essential.
One-Time-Password over SMS
When it comes to ubiquitous technology, one-time-password (OTP) over SMS is popular globally, for the authentication of digital financial services. However, OTP via SMS has long been considered a vulnerable channel for authenticating financial services transactions, as it does not meet strict security standards.
In 2016 the National Institute of Standards and Technology in the US identified that SMS is a risk and that OTP via SMS is not fit to secure financial services as it can be vulnerable to man-in-the-middle attacks such as SIM swap. It poses a challenge to providers using the service, as there is no audit trail, opening a door to large scale fraud through a single point of failure. Of concern is recent survey among leading financial services CIOs in Kenya that found that 87% of financial services providers deploy OTP via SMS to protect transactions- a trend for use of OTP via SMS all over the world!
Unstructured Supplementary Service Data for Authentication
Unstructured Supplementary Service Data (USSD) can be used as a ubiquitous technology to provide secure digital financial services. USSD can be used as an Out of Band Authentication (OBA) channel that is separate from the channel on which the transaction is taking place. This way, if the web browser a customer is using for online banking is compromised, for example, the fraudster will not have access to the USSD channel for authenticating the transaction. Combined with SIM swap detection services, this makes for a robust service to protect digital transactions. USSD for authentication hereby helps provide a technology that is accessible to everyone, but one that is inherently more secure than OTP over SMS.
There is significant potential for Open Banking to enable enhanced digital financial services in Kenya and help drive digital inclusion. What is also evident, is that to support this information-sharing model, security and authentication will have to be at the heart of Open Banking. So, while consumers become more financially empowered under the initiative, the consumer and their data is also protected.