1 00:00:01,480 --> 00:00:04,359 hello my name is Karen San and I am 2 00:00:04,359 --> 00:00:06,560 going to be presenting today the results 3 00:00:06,560 --> 00:00:09,160 of our study on the role of user agent 4 00:00:09,160 --> 00:00:11,719 interactions in Mobile money practices 5 00:00:11,719 --> 00:00:14,719 in Kenya and Tanzania this was work that 6 00:00:14,719 --> 00:00:17,039 was done in collaboration by researchers 7 00:00:17,039 --> 00:00:20,160 from kegi melon 8 00:00:21,680 --> 00:00:24,000 University so let's start with a quick 9 00:00:24,000 --> 00:00:26,840 motivation for studying mobile money 10 00:00:26,840 --> 00:00:28,720 Financial Services have traditionally 11 00:00:28,720 --> 00:00:30,880 been offered by Banks which has left 12 00:00:30,880 --> 00:00:32,000 many people 13 00:00:32,000 --> 00:00:34,800 unbounded in Africa and other emerging 14 00:00:34,800 --> 00:00:37,640 economies however mobile money is a 15 00:00:37,640 --> 00:00:39,800 service which is a service provided by 16 00:00:39,800 --> 00:00:42,520 Telos is transforming how millions of 17 00:00:42,520 --> 00:00:45,280 people can access various Banking and 18 00:00:45,280 --> 00:00:48,520 digital payment services mobile money is 19 00:00:48,520 --> 00:00:50,520 therefore helping to close the financial 20 00:00:50,520 --> 00:00:53,480 inclusion gaps for the unbanked many of 21 00:00:53,480 --> 00:00:55,879 whom have been from 22 00:00:55,879 --> 00:00:59,600 Africa mobile money which I will use the 23 00:00:59,600 --> 00:01:02,879 term mofo has reimagined what it means 24 00:01:02,879 --> 00:01:06,280 to be banked for example users do not 25 00:01:06,280 --> 00:01:09,840 need to have a bank account instead it's 26 00:01:09,840 --> 00:01:12,560 their phone number that acts as an 27 00:01:12,560 --> 00:01:15,560 account the services also leverages on 28 00:01:15,560 --> 00:01:20,119 the TCO infrastructure and relies on SMS 29 00:01:20,119 --> 00:01:22,880 and ussd which makes it accessible to 30 00:01:22,880 --> 00:01:25,920 feature phones which a large population 31 00:01:25,920 --> 00:01:28,280 still 32 00:01:28,439 --> 00:01:32,240 uses instead of Bank branches authorized 33 00:01:32,240 --> 00:01:34,759 third parties who are known as agents 34 00:01:34,759 --> 00:01:37,759 facilitate Last Mile access of mobile 35 00:01:37,759 --> 00:01:40,880 money agents are typically small 36 00:01:40,880 --> 00:01:43,200 businesses and shops within the 37 00:01:43,200 --> 00:01:46,560 community who often provide mobile Money 38 00:01:46,560 --> 00:01:48,719 Services in addition to their Core 39 00:01:48,719 --> 00:01:50,920 Business for example selling 40 00:01:50,920 --> 00:01:54,079 grocery agents earn a commission for 41 00:01:54,079 --> 00:01:57,280 extending mobile Money Services to the 42 00:01:57,280 --> 00:02:00,479 customers because of their accessibility 43 00:02:00,479 --> 00:02:02,680 they therefore offer a much greater 44 00:02:02,680 --> 00:02:06,439 reach that is at least 55 times that of 45 00:02:06,439 --> 00:02:10,479 banks in 20122 for example agents in 46 00:02:10,479 --> 00:02:13,160 Kenya digitized a value equating to a 47 00:02:13,160 --> 00:02:18,280 third of Kenya's GDP in just 6 48 00:02:18,519 --> 00:02:21,120 months so in essence we can think of 49 00:02:21,120 --> 00:02:24,160 mobile money as two categories of 50 00:02:24,160 --> 00:02:27,440 interactions the first is the user Momo 51 00:02:27,440 --> 00:02:30,000 interaction which you can think of as a 52 00:02:30,000 --> 00:02:33,080 adoption and the second is the user 53 00:02:33,080 --> 00:02:34,319 agent 54 00:02:34,319 --> 00:02:37,400 interaction to date the user Momo 55 00:02:37,400 --> 00:02:40,280 interaction that is adoption has 56 00:02:40,280 --> 00:02:42,599 received enormous attention and has been 57 00:02:42,599 --> 00:02:46,239 well researched in the adoption 58 00:02:46,239 --> 00:02:49,280 literature the user agent interaction 59 00:02:49,280 --> 00:02:51,760 however has not been studied much and 60 00:02:51,760 --> 00:02:54,120 especially not in the context of privacy 61 00:02:54,120 --> 00:02:56,720 and security this is particularly 62 00:02:56,720 --> 00:02:59,239 important because in addition to 63 00:02:59,239 --> 00:03:02,599 digitizing money agents end up wearing 64 00:03:02,599 --> 00:03:06,319 many other Hearts including onboarding 65 00:03:06,319 --> 00:03:09,519 which entails registering new users 66 00:03:09,519 --> 00:03:11,840 typically new users have to register 67 00:03:11,840 --> 00:03:15,360 their SIM card using an identification 68 00:03:15,360 --> 00:03:17,799 normally that would be a national ID 69 00:03:17,799 --> 00:03:21,680 card agents also end up educating new 70 00:03:21,680 --> 00:03:24,799 and old users on how to use Momo and 71 00:03:24,799 --> 00:03:27,959 ensure compliance with identity proofing 72 00:03:27,959 --> 00:03:30,799 requirements also known as know your 73 00:03:30,799 --> 00:03:34,480 customer that is kyc and kyc simply 74 00:03:34,480 --> 00:03:36,959 ensures that momu has a clear picture of 75 00:03:36,959 --> 00:03:40,640 who their customer is kyc is also 76 00:03:40,640 --> 00:03:43,319 essential in the fight against money 77 00:03:43,319 --> 00:03:47,280 laundering and anti-terrorism 78 00:03:47,280 --> 00:03:50,799 financing agents also provide customer 79 00:03:50,799 --> 00:03:56,239 support whenever users run into any 80 00:03:56,239 --> 00:03:58,640 problems so to understand the privacy 81 00:03:58,640 --> 00:04:00,360 and Security in one 82 00:04:00,360 --> 00:04:03,280 around user agent interaction we 83 00:04:03,280 --> 00:04:05,840 conducted qualitative studies in Kenya 84 00:04:05,840 --> 00:04:08,159 and Tanzania we chose these two 85 00:04:08,159 --> 00:04:10,640 countries because East Africa has been a 86 00:04:10,640 --> 00:04:13,599 Trailblazer for mobile money and so we 87 00:04:13,599 --> 00:04:16,680 interviewed 36 mobile money users in 88 00:04:16,680 --> 00:04:22,400 each country resulting in a total of 72 89 00:04:22,400 --> 00:04:25,960 users let's now take one step back so we 90 00:04:25,960 --> 00:04:28,600 can understand how mobile money Works 91 00:04:28,600 --> 00:04:30,919 before we highlight the findings of the 92 00:04:30,919 --> 00:04:34,000 study once registered a user can 93 00:04:34,000 --> 00:04:36,199 complete one of three types of 94 00:04:36,199 --> 00:04:39,360 transactions that is cashing in cashing 95 00:04:39,360 --> 00:04:44,320 out and P2P or pass to 96 00:04:45,160 --> 00:04:47,600 person let's start with the first one 97 00:04:47,600 --> 00:04:50,639 which is cashing in also called 98 00:04:50,639 --> 00:04:53,160 depositing this starts with the user 99 00:04:53,160 --> 00:04:56,639 handing physical cash to the agent the 100 00:04:56,639 --> 00:04:59,479 agent maintains a balance that is called 101 00:04:59,479 --> 00:05:03,160 a float and if the agent has sufficient 102 00:05:03,160 --> 00:05:06,280 float he will accept Alice's physical 103 00:05:06,280 --> 00:05:09,600 cash in exchange of mobile money that he 104 00:05:09,600 --> 00:05:13,880 will transfer to Alice's phone via 105 00:05:13,880 --> 00:05:18,720 SMS similar to cashing in cashing out 106 00:05:18,720 --> 00:05:21,639 which is withdrawing starts with Bob 107 00:05:21,639 --> 00:05:24,280 transferring monies from his phone to 108 00:05:24,280 --> 00:05:27,440 the agent's mobile money account and so 109 00:05:27,440 --> 00:05:30,400 long as the agent has sufficient flow 110 00:05:30,400 --> 00:05:33,600 he will accept the transfer and hand Bob 111 00:05:33,600 --> 00:05:35,919 the physical cash equivalent of the 112 00:05:35,919 --> 00:05:38,440 amount that he has 113 00:05:38,440 --> 00:05:40,919 transferred in personto person 114 00:05:40,919 --> 00:05:43,160 transactions agent mediation is 115 00:05:43,160 --> 00:05:46,319 typically not required Alice can simply 116 00:05:46,319 --> 00:05:49,240 initiate a transfer from her phone to 117 00:05:49,240 --> 00:05:52,160 Bob's phone via SMS or 118 00:05:52,160 --> 00:05:56,160 ussd and using Bob's phone number as a 119 00:05:56,160 --> 00:05:57,199 receiving 120 00:05:57,199 --> 00:06:00,199 account when transacting at the agents 121 00:06:00,199 --> 00:06:03,120 that is cashing in and Cashing Out users 122 00:06:03,120 --> 00:06:05,880 are required to show their ID in order 123 00:06:05,880 --> 00:06:09,639 to comply with kyc regulations which is 124 00:06:09,639 --> 00:06:12,280 know your 125 00:06:16,039 --> 00:06:18,720 customer the agent checks the physical 126 00:06:18,720 --> 00:06:21,000 ID to authenticate the customer by 127 00:06:21,000 --> 00:06:24,240 comparing the details on the ID with 128 00:06:24,240 --> 00:06:26,840 those returned from the Momo after they 129 00:06:26,840 --> 00:06:30,960 have initiated a transaction 130 00:06:32,680 --> 00:06:35,039 now that we have an understanding of how 131 00:06:35,039 --> 00:06:38,120 Momo works I will now focus on a subset 132 00:06:38,120 --> 00:06:40,479 of our findings by highlighting three 133 00:06:40,479 --> 00:06:43,400 important results first we found that 134 00:06:43,400 --> 00:06:46,199 users and agents design work arounds in 135 00:06:46,199 --> 00:06:49,479 response to challenges within the Momo 136 00:06:49,479 --> 00:06:52,400 ecosystem second whereas the choice of 137 00:06:52,400 --> 00:06:54,919 an agent had a lot to do with 138 00:06:54,919 --> 00:06:58,199 convenience we also observed that a key 139 00:06:58,199 --> 00:07:00,400 motivating factor was the need to 140 00:07:00,400 --> 00:07:03,840 mitigate any privacy and security risks 141 00:07:03,840 --> 00:07:07,639 arising from this ecosystem and third we 142 00:07:07,639 --> 00:07:10,280 found that workarounds in the long run 143 00:07:10,280 --> 00:07:12,840 introduced more privacy and security 144 00:07:12,840 --> 00:07:16,239 challenges in over 145 00:07:19,360 --> 00:07:22,360 overall let's dive into the first 146 00:07:22,360 --> 00:07:25,759 finding we observed that workarounds 147 00:07:25,759 --> 00:07:28,919 were designed by users and agents in all 148 00:07:28,919 --> 00:07:31,120 the phases of the 149 00:07:31,120 --> 00:07:33,479 transaction for example in the 150 00:07:33,479 --> 00:07:36,120 transaction execution phase the 151 00:07:36,120 --> 00:07:38,800 workarounds entailed changing the 152 00:07:38,800 --> 00:07:42,000 transaction execution process such by 153 00:07:42,000 --> 00:07:44,919 such as by involving proxies and 154 00:07:44,919 --> 00:07:48,080 modifying the role of the agent as well 155 00:07:48,080 --> 00:07:51,120 as modification of the transaction 156 00:07:51,120 --> 00:07:53,879 characteristics such as the size and the 157 00:07:53,879 --> 00:07:56,000 location of the 158 00:07:56,000 --> 00:07:59,840 transaction in the kyc phase agent and 159 00:07:59,840 --> 00:08:02,599 users collaboratively worked together to 160 00:08:02,599 --> 00:08:06,879 modify how kyc was completed as well as 161 00:08:06,879 --> 00:08:10,759 changing what was given for kyc that is 162 00:08:10,759 --> 00:08:15,039 in place of the user's physical 163 00:08:17,800 --> 00:08:21,319 ID we also note that the workarounds 164 00:08:21,319 --> 00:08:24,039 were motivated by challenges within the 165 00:08:24,039 --> 00:08:26,960 Momo ecosystem that were not limited to 166 00:08:26,960 --> 00:08:30,000 privacy and security but which in end 167 00:08:30,000 --> 00:08:32,039 had serious privacy and security 168 00:08:32,039 --> 00:08:34,279 implications that I will highlight later 169 00:08:34,279 --> 00:08:35,760 in this 170 00:08:35,760 --> 00:08:38,000 presentation in the transaction phase 171 00:08:38,000 --> 00:08:40,839 for example some of the motivators 172 00:08:40,839 --> 00:08:44,159 included navigating transaction costs 173 00:08:44,159 --> 00:08:47,120 seeking more convenience Network 174 00:08:47,120 --> 00:08:50,720 downtime insufficient fla security 175 00:08:50,720 --> 00:08:53,040 concerns and data 176 00:08:53,040 --> 00:08:56,000 privacy with regards to network downtime 177 00:08:56,000 --> 00:08:59,959 for example k01 said 178 00:08:59,959 --> 00:09:02,120 if there's a delay I will just have to 179 00:09:02,120 --> 00:09:04,240 leave the money with my details and 180 00:09:04,240 --> 00:09:07,640 phone number users often went ahead to 181 00:09:07,640 --> 00:09:09,760 explain that they wrote down this 182 00:09:09,760 --> 00:09:12,440 information on papers which they left 183 00:09:12,440 --> 00:09:15,240 with the agent and also left the money 184 00:09:15,240 --> 00:09:17,160 with the agent and trusted that they 185 00:09:17,160 --> 00:09:19,200 would complete the transaction into 186 00:09:19,200 --> 00:09:21,079 their account 187 00:09:21,079 --> 00:09:25,399 later TZ 32 was among those who were 188 00:09:25,399 --> 00:09:27,800 concerned about agents knowing their 189 00:09:27,800 --> 00:09:30,640 transaction details and using this 190 00:09:30,640 --> 00:09:34,079 information to perpetrate fraud I don't 191 00:09:34,079 --> 00:09:36,959 feel good because one can't know the 192 00:09:36,959 --> 00:09:39,800 agents intentions they know your 193 00:09:39,800 --> 00:09:42,040 transaction details they can tell 194 00:09:42,040 --> 00:09:45,279 someone else and then you end up being 195 00:09:45,279 --> 00:09:48,839 robbed with regards to data privacy we 196 00:09:48,839 --> 00:09:52,200 observed varied perceptions on the role 197 00:09:52,200 --> 00:09:55,600 and impact of data sharing with agents 198 00:09:55,600 --> 00:09:59,040 users like tz6 for example said they 199 00:09:59,040 --> 00:10:00,839 Trust Ed agents to keep their 200 00:10:00,839 --> 00:10:04,360 information safe while others like 201 00:10:04,360 --> 00:10:07,680 k25 mentioned that agents sometimes used 202 00:10:07,680 --> 00:10:11,200 people's IDs to register additional SIM 203 00:10:11,200 --> 00:10:13,480 cards which they sold to other 204 00:10:13,480 --> 00:10:16,440 individuals without an ID to register 205 00:10:16,440 --> 00:10:20,360 their own SIM card to use for 206 00:10:25,279 --> 00:10:29,040 M while M more users felt that kyc was 207 00:10:29,040 --> 00:10:32,320 necess necessary for security many also 208 00:10:32,320 --> 00:10:35,320 spoke of the challenges with using IDs 209 00:10:35,320 --> 00:10:36,920 for identity 210 00:10:36,920 --> 00:10:40,000 proofing with regards to kyc being 211 00:10:40,000 --> 00:10:45,680 essential for security K ke20 and 212 00:10:45,680 --> 00:10:49,360 k21 highlighted how providing an ID 213 00:10:49,360 --> 00:10:51,959 ensured that one was not feigning their 214 00:10:51,959 --> 00:10:55,040 identity and how this ensured the 215 00:10:55,040 --> 00:10:59,360 security of momo overall 216 00:10:59,360 --> 00:11:02,360 while many had similar sentiments most 217 00:11:02,360 --> 00:11:04,480 participants also expressed 218 00:11:04,480 --> 00:11:06,839 dissatisfaction for example the 219 00:11:06,839 --> 00:11:09,600 potential denial of service if if one 220 00:11:09,600 --> 00:11:11,800 forgot to carry their ID when they 221 00:11:11,800 --> 00:11:15,079 needed to transact participants also 222 00:11:15,079 --> 00:11:18,920 felt that checking each customer's ID 223 00:11:18,920 --> 00:11:21,880 was really not practical since agents 224 00:11:21,880 --> 00:11:27,600 facilitated many transactions in a day 225 00:11:31,600 --> 00:11:34,560 as a result of the kyc challenges we 226 00:11:34,560 --> 00:11:37,639 observed several workarounds related to 227 00:11:37,639 --> 00:11:41,079 kyc which as I mentioned before can be 228 00:11:41,079 --> 00:11:44,320 broadly categorized as changing how kyc 229 00:11:44,320 --> 00:11:48,560 was provided and what was provided for 230 00:11:48,560 --> 00:11:53,320 kyc K15 for example mentioned that they 231 00:11:53,320 --> 00:11:56,160 used a cousin's ID since they had 232 00:11:56,160 --> 00:11:58,680 registered their sim card with that ID 233 00:11:58,680 --> 00:12:00,760 this is really akin to using someone 234 00:12:00,760 --> 00:12:03,240 else's social security number and 235 00:12:03,240 --> 00:12:05,839 account as your own many other 236 00:12:05,839 --> 00:12:09,120 participants like K20 reported just 237 00:12:09,120 --> 00:12:12,320 giving the agent the ID number instead 238 00:12:12,320 --> 00:12:15,480 of the actual ID while some like 239 00:12:15,480 --> 00:12:18,480 k31 mentioned that the agents they used 240 00:12:18,480 --> 00:12:21,199 have memorized their ID numbers and so 241 00:12:21,199 --> 00:12:24,920 they do not need to provide 242 00:12:26,920 --> 00:12:30,959 that as a result of the in inherent and 243 00:12:30,959 --> 00:12:34,279 created risks we therefore observed in 244 00:12:34,279 --> 00:12:37,959 our second finding that how users chose 245 00:12:37,959 --> 00:12:41,560 agents was driven by both convenience 246 00:12:41,560 --> 00:12:44,079 and the desire to mitigate the privacy 247 00:12:44,079 --> 00:12:47,120 and security risks within the Momo 248 00:12:47,120 --> 00:12:51,079 ecosystem for example at the transaction 249 00:12:51,079 --> 00:12:54,399 execution stage participants sometimes 250 00:12:54,399 --> 00:12:57,720 modified the transaction size and the 251 00:12:57,720 --> 00:12:59,800 location where they 252 00:12:59,800 --> 00:13:01,560 transacted 253 00:13:01,560 --> 00:13:05,839 k08 said they divide the transaction to 254 00:13:05,839 --> 00:13:09,000 two maybe three times and do one 255 00:13:09,000 --> 00:13:12,000 transaction at One agent and another at 256 00:13:12,000 --> 00:13:14,720 a separate agent and they do so for 257 00:13:14,720 --> 00:13:16,920 security 258 00:13:16,920 --> 00:13:20,880 purposes TZ 33 also changed the location 259 00:13:20,880 --> 00:13:26,720 of his transactions for security reasons 260 00:13:32,959 --> 00:13:35,880 sending someone else as a proxy to 261 00:13:35,880 --> 00:13:39,480 transact threed the kyc procedures of 262 00:13:39,480 --> 00:13:43,279 authenticating the customer as a result 263 00:13:43,279 --> 00:13:44,680 like 264 00:13:44,680 --> 00:13:47,800 ke18 who said that the person he sent 265 00:13:47,800 --> 00:13:51,000 had to be known by the agent Mumu users 266 00:13:51,000 --> 00:13:53,120 tended to stick with agents who knew 267 00:13:53,120 --> 00:13:55,399 their elected proxies at least to an 268 00:13:55,399 --> 00:14:00,920 extent to facilitate proxy transactions 269 00:14:05,560 --> 00:14:09,199 our third and final finding suffices new 270 00:14:09,199 --> 00:14:12,800 privacy and security risks emerging from 271 00:14:12,800 --> 00:14:15,880 the different workarounds that M users 272 00:14:15,880 --> 00:14:18,680 adopted in general most of the 273 00:14:18,680 --> 00:14:21,360 workarounds thwarted any privacy and 274 00:14:21,360 --> 00:14:24,120 security measures that Mumu had put in 275 00:14:24,120 --> 00:14:26,079 place and especially 276 00:14:26,079 --> 00:14:29,199 kyc this left room for more vulnerable 277 00:14:29,199 --> 00:14:30,959 abilities such as 278 00:14:30,959 --> 00:14:35,360 repudiation for example T TZ 17 shared 279 00:14:35,360 --> 00:14:38,440 how someone who's using another person's 280 00:14:38,440 --> 00:14:41,959 SIM card may deny receiving money thus 281 00:14:41,959 --> 00:14:47,079 making P2P transactions difficult to 282 00:14:50,040 --> 00:14:52,600 authenticate another broad risk was 283 00:14:52,600 --> 00:14:55,079 related to higher chances of fraud 284 00:14:55,079 --> 00:14:59,199 because of the broken kyc 285 00:14:59,600 --> 00:15:01,680 as explained further by 286 00:15:01,680 --> 00:15:05,279 k17 the data Rich environment also made 287 00:15:05,279 --> 00:15:08,320 Momo users more vulnerable to fraud 288 00:15:08,320 --> 00:15:12,680 leading to a potential loss of their 289 00:15:13,320 --> 00:15:16,720 money in general this work highlights 290 00:15:16,720 --> 00:15:18,560 three important 291 00:15:18,560 --> 00:15:21,279 takeaways first we have seen that 292 00:15:21,279 --> 00:15:23,959 workarounds are often motivated by 293 00:15:23,959 --> 00:15:27,560 efforts to limit risk and uncertainity 294 00:15:27,560 --> 00:15:30,959 as well as to overcome challenges within 295 00:15:30,959 --> 00:15:34,759 Momo second we have seen that user work 296 00:15:34,759 --> 00:15:37,639 arounds are inconsistent with their 297 00:15:37,639 --> 00:15:40,240 security preferences especially with 298 00:15:40,240 --> 00:15:43,279 regards to kyc and this is likely 299 00:15:43,279 --> 00:15:45,480 because of the but and some 300 00:15:45,480 --> 00:15:49,120 processes and last we have seen how M 301 00:15:49,120 --> 00:15:52,120 users have varied perceptions that 302 00:15:52,120 --> 00:15:57,120 impact their data sharing with agents 303 00:16:00,079 --> 00:16:02,160 following these insights our 304 00:16:02,160 --> 00:16:04,040 recommendations are as 305 00:16:04,040 --> 00:16:07,000 follows one there is a need to design 306 00:16:07,000 --> 00:16:09,480 for privacy and security at the 307 00:16:09,480 --> 00:16:12,680 interface between agents and users 308 00:16:12,680 --> 00:16:15,160 especially given that agents continue to 309 00:16:15,160 --> 00:16:17,639 play a very important role in the 310 00:16:17,639 --> 00:16:20,759 financial inclusion of people who would 311 00:16:20,759 --> 00:16:22,480 otherwise be 312 00:16:22,480 --> 00:16:26,319 unbanked second since the importance of 313 00:16:26,319 --> 00:16:29,279 kyc cannot be underestimated 314 00:16:29,279 --> 00:16:31,519 there is a need to think about 315 00:16:31,519 --> 00:16:33,839 registration and identity proofing 316 00:16:33,839 --> 00:16:36,920 mechanisms for those who lack 317 00:16:36,920 --> 00:16:39,639 identification finally we highlight the 318 00:16:39,639 --> 00:16:42,680 need to improve the usability of momo to 319 00:16:42,680 --> 00:16:45,720 address some of the motivations for user 320 00:16:45,720 --> 00:16:48,240 workarounds with that I would like to 321 00:16:48,240 --> 00:16:50,360 thank you for listening and I encourage 322 00:16:50,360 --> 00:16:52,639 you to have a look at the paper if you 323 00:16:52,639 --> 00:16:56,680 would like to learn more