Page 19 - ITU-T Focus Group Digital Financial Services – Executive Summary
P. 19
ITU-T Focus Group Digital Financial Services
Executive summary
network downtime or system error. They may experience dishonest agents and question the safety of their
funds when agents lack sufficient liquidity to facilitate cash-out transactions. Even if they trust their local
agent(s), network downtime and agent liquidity problems may prevent them from accessing their funds when
needed. In addition, poor literacy may leave them more susceptible to fraud. The lack of high-speed mobile
data access in rural areas also leaves those with data-hungry smartphones with a poor DFS user experience.
Efforts by authorities in many markets to combat the proliferation of fake or fraudulently registered phones
also impact the reliability and safety of DFS for low-income customers. The trend by authorities to switch
off mobile phones with fraudulent or stolen international mobile equipment identity (IMEI) numbers could
deprive users of access to their DFS funds until they purchase a phone with valid IMEI numbers. In addition,
43
phones lacking proper IMEI numbers may prevent MNOs from performing over the air (OTA) remote setup
of phones for DFS use, which can impact DFS access via bearer channels and UIs such as wireless application
protocol (WAP), general packet radio service (GPRS), and enhanced data for global evolution (EDGE).
When customers face these issues, they may be unsure of where to turn for redress. For example, M-Shwari is
a DFS account that is branded and marketed by an MNO (Safaricom) but formally issued by a bank (Commercial
Bank of Africa, CBA). In cases like these, customers may be unaware of who formally issues the product and
to whom they should complain in the event of a problem. 44
One way for authorities to improve consumer confidence in DFS reliability and safety is to clearly assign
liability and responsibility among providers and consumers. For example, authorities should clarify that
DFS providers are liable to customers with respect to: (i) harm caused by acts or omissions of their agents,
employees, and third-party SPs; and (ii) loss/harm due to network issues such as network downtime. They
should hold DFS providers liable for fraud related to issues with DFS systems, platforms, staff, and agents,
while holding consumers liable for fraud due to their own negligence, such as sharing personal identification
numbers (PINs). In addition, they should regularly review provider-customer contracts to ensure compliance
with relevant laws and to identify and prohibit the use of unconscionable or unfair terms.
Consumer trust can be further strengthened through the development of effective recourse mechanisms
that are properly disclosed to consumers. Authorities should ensure that DFS providers establish free,
effective internal complaints handling mechanisms that are available in all commonly spoken languages in
the jurisdiction and accessible via multiple channels. They should also require that DFS providers use multiple
channels to inform consumers of: (i) their right to file a complaint; and (ii) the internal and external recourse
mechanisms available to them.
Authorities can also require DFS providers to take steps to improve the reliability and ensure the safety
of DFS. Telecommunication authorities should establish QoS standards for DFS networks, platforms, and
other technical elements in consultation with financial authorities and with the input of DFS providers and
other stakeholders. They should also monitor telecommunications infrastructure to identify vulnerabilities,
particularly in markets with high DFS uptake and usage. Financial authorities should ensure that DFS providers:
(i) have robust system security and policies and processes in place for fraud detection, management, and
mitigation; (ii) properly train and monitor agents; (iii) take steps to safeguard customer funds, including full
liquidity backing, isolating and ring-fencing funds, and protection against loss in the event of bank failure; (iv)
implement transaction verification measures to mitigate the risk of loss of funds due to mistaken transactions;
(v) maintain secure vendor infrastructures, payments infrastructures, and user application interfaces; and (vi)
establish and implement effective security risk management frameworks. Furthermore, authorities should
establish bilateral or multilateral MoUs to ensure proper coordination in preventing and responding to security
incidents and breaches.
43 Perlman, Leon (2017), Access at the Frontline (forthcoming).
44 In the case of M-Shwari, the terms and conditions state that customers should address complaints to CBA but should use Safa-
ricom’s retail shops to do so. See Commercial Bank of Africa, Terms and Conditions for the Opening and Use of the M-Shwari
Account, https:// www. safaricom. co. ke/ images/ Downloads/ Terms_ and_ Conditions/ M- SHWARI_ TERMS_ AND_ CONDITIONS. pdf.
13