Secure Banking/Financial Inclusion Services to the Last Mile

While the world is working overtime to include digital financial inclusion services into everyday life and in particular, including the last mile across the developing economies, there exists a large vacuum on the total delivery to the end-user, a holistic offering, and a service on a medium readily accessible and operable by the user. Detailing a few points for consideration at the last mile transaction point in the developing economies on financial inclusion:

  • The user is generally semi-illiterate/totally illiterate and has just been imparted sufficient knowledge to operate the system, sufficing his core needs.
  • The platform for access is a basic mobile device, with limited or NIL internet access.
  • The user could be banked or unbanked, but yet has the need for a digital service for reasons of accessibility/ease/economics and enabling services, which were otherwise inaccessible/unavailable.
  • The user needs the complete ecosystem available on a single interface and integrated to “play” around with the multiple debits/credits/services and use them as he needs or is comfortable with.

The underlying requirement here, blind to the user but necessary to maintain the growth in this ecosystem, is:

  • Adequate security and validation in the user access credentials.
  • Adequate security and strength in the encryption of data in the “transport” from the user terminal to the back-end processing terminal.
  • Data protection at all transaction/storage points to prevent misuse and hacking, which if let go, will just lead to a system collapse and implode on the very objective of this being set up/created.
  • Timely customer/system query redressal process and query tracking systems to build user confidence in the whole solution.

Sadly, in the last few years of active development and delivery in secure financial inclusion solutions targeting the last mile of the user base for all aspects of services, the overall attention from existing and large players to delivering a solution that actually answers and delivers the above core functionality is just missing. Even the largest of players globally are missing the point here. You can go to any part of the world and analyze services – it is almost impossible to find a solution that covers even the basics:

  • Data protection in storage/encryption and secure “transport” to the processing server.
  • Protects user validation/authorization credentials on transaction data at all points in the ecosystem.
  • A simple to use, all-encompassing UI in local languages, that lets the user/merchant/agent access and offer services at affordable commercials to the needs there.
  • Support on the terminals available at the last mile and not on devices that work in the “air-conditioned” environment of the test labs.
  • Promotes services which were unavailable, but yet are necessary to expand the ecosystem.

Some typical examples:

  • USSD is the preferred bearer for the transaction and is the most unsecured medium for any transaction. And the logic is there – we only allow low-value transactions. But what prevents a hacker from doing multiple transactions of the same value or using the transaction data and using it in another medium?
  • Just focusing on 1/2 services? What about the others? Are these not needed by the users there?
  • Customer care/redressal is in a bad state; some of the biggest players globally do not pay heed to customer complaints.

A basic question: Are we all working to “kill” or “grow” the ecosystem? What we see today is just “to make good while we can, who cares about the future? As long as I have the customers’ money in my account, I am okay.

Read some of the terms and conditions on globally acclaimed service providers – you’ll be appalled and wonder how they operate/are under regulations or even have the gall to ask customers to deposit their funds with them.

The ISO council detailed their global Mobile Financial Service standards ISO 12812 1/2/3 a few weeks ago and these were an extension of the ITU guidelines detailed in early 2016. When would we see these standards being adopted and a healthy ecosystem being built to grow and expand to a mature service offering?

Apply to Become a Contributor