Written by: Khaled Baqer, C.S. PhD candidate at the University of Cambridge - UK
Mobile payments, especially in less developed countries, enable a range of services such as regular payments, remittances, tax collection, and welfare benefits. Sending remittances was the ‘killer app’: someone working in the capital sending funds to their family in a remote village; this is a much safer alternative to carrying or sending cash which can be lost or stolen. The financial services provided to the poorest demographics through mobile payments, therefore, have been transformative in bridging the gap for those who were previously neglected by traditional financial systems because of their inability to satisfy identity requirements (many don’t have official IDs), proof of residence (many don’t have permanent addresses or bills to prove their residence), or other requirements aimed at suppressing money laundering and enforcing know-your-customer requirements.
Mobile payments work by sending requests to a central service operator (server) to process requests and debit or credit customer accounts accordingly, and confirm transaction to the sender and receiver. These requests are usually sent through regular messages (SMS). The mobile payment system does not work when there is no network to send and receive SMS. Therefore, current financial inclusion efforts stop where the mobile payment network does. This leaves the poorest people in sparsely populated areas, without network coverage, unable to reap the benefits of mobile payments.
My thesis advisor, Professor Ross Anderson, and I, along with colleagues at the Computer Laboratory (University of Cambridge), as well as industry consultants, started thinking about what more could be achieved to alleviate problems related to unreliable networks. Our focus shifted towards improving resilience: to be able to operate payment systems without depending on unreliable networks, for systems to operate correctly when the service operator is offline, and be able to seamlessly continue online operations when the network is restored. The goal is to rely less on the network as an enabler to process payments, and to reduce transactions fees. Our long-term goal is to assist financial inclusion efforts to alleviate poverty, by introducing resilience to many payments systems used in less developed countries (there are about 200 of these systems and this number is steadily growing, with about 20 or so that have achieved serious scale).
The main trigger for this project was a call for proposals sent out by the Bill & Melinda Gates Foundation, requesting ideas to increase the uptake for mobile payments especially for merchants. We aimed to reduce (or completely eliminate) transaction fees to motivate using funds in their electronic form (called float) rather than converting float into physical currencies. Transaction fees may constitute a fraction of the transaction’s total amount, but for the poorest demographics this fraction in a non-negligible amount, especially if they are living on $1 or $2 a day, and the fees are tens of cents per transaction. The bottom billion (as the poorest demographics are called) are still not well served by the efforts aimed at financial inclusion because of obstacles related to constrained technology and a substantial cost to participating which is a barrier for entry.
We developed a prototype offline payment system, DigiTally, which lets users make offline payments by copying short strings of digits from one mobile handset to another. Offline payments are already used for electricity, both in prepayment meters and pay-as-you-go solar, which two of the project researchers helped establish in South Africa; our aim is to extend them into a general-purpose payment system, to increase service resilience in the face of network congestion or outage, and provide service to currently excluded areas.
One of our early design goals was to avoid, as much as possible, introducing unfamiliar technologies that require a learning curve or are costly to replace. It is important to note, therefore, that the engineering challenge pertaining to DigiTally, and similar systems focused on financial inclusion, is that they must work with, and perhaps use, constrained technologies such as feature phones (if you’re old enough, recall the Nokia 3310, for example) which are non-smartphones without means of communicating with other phones, without cameras, and with limited options for configuration and programmability (you can’t exactly download an app from the App Store). Therefore, we programmed the SIMs themselves to contain our program code and sensitive cryptographic keys to do the necessary operations in a tamper-proof secure environment; that’s where the DigiTally code lives.
Feature phones, and many smartphones, have a single SIM slot. This is usually occupied by the service operator’s SIM; we don’t have access to program that SIM. We can overcome this restriction by using overlay SIMs, which are stuck on top of a regular SIM. The combined structure, comprised of the overlay SIM with the regular SIM, can be inserted into the single SIM slot. This gives the customer access to virtually two SIM cards (and, therefore, two menus) in their phones: one of those menus contains the DigiTally app. Customers can use DigiTally by selecting menu entries on their phones, and can then send or receive funds offline — DigiTally does not require any network or data transmissions. This program code in the (overlay) SIM does the heavy lifting, and the customers exchange 8-digit codes back and forth (verbally or visually) to complete transactions. If devices are able to communicate with each other directly, then the code exchange can be automated.
We collaborated with researchers from Strathmore University (Nairobi, Kenya), and I made the trip to evaluate the prototype and visit rural areas of Kenya in August-September 2016. Our paper summarising the results of a pilot study was accepted to the Symposium on Usable Privacy and Security (SOUPS), the leading security usability event, which I presented at SOUPS 2017 in Santa Clara, California in July 2017.