Making more of mobile

Hannes van Rensburg: mobile authentication is safer than online banking

Mobile banking can be more secure than online banking – but the real challenge is to move from closed circuit payments to a world in which customers of any bank can use any mobile app to send funds to any recipient, according to Hannes van Rensburg, founder and chief executive at mobile payments specialist Fundamo.

Van Rensburg created Fundamo in Cape Town, South Africa in 2000; two years later, he had launched the world’s first mobile payments service, Celpay, in Zambia. Fundamo was acquired by Visa for $110 million in 2011 and now processes more than half a billion transactions per year, according to its own figures.

“There were lots of hard sums to solve at the beginning,” he said. “It’s not as easy to make mobile payments work as you might think. But in the emerging markets, you are not held back by legacy systems. Today our biggest users are in Africa and Asia – in Bangladesh, Pakistan, Uganda and Ghana.”

Mobile payments have taken off in the developing world. In Kenya, mobile money service m-Pesa has 18 million users, while in countries such as Madagascar and Tanzania, mobile money services have been able to overtake traditional banking accounts by number of users.

However, all mobile payment systems still share a common weakness, according to van Rensburg: they are all closed-circuit systems, in which the user can only send funds to a recipient on the same service. If a Barclays Pingit customer wants to send funds to another mobile user on HSBC, for example, the transaction won’t work.

“This is a legacy situation,” he said. “It used to be that to use an ATM, you had to go to the ATM belonging to your bank. Then through Visa, the closed loops were made into open loops. It took lots of agreements, definition of liabilities and so on – but it worked. We need to do the same in mobile banking.”

Visa is currently experimenting with a system in Rwanda in which participants can send and receive funds via mobile between any provider – the first time this has been done, according to Van Rensburg. Yet the questions that need to be answered before truly interoperable banking can come to a developed market such as the UK or Germany are extensive.

“What indicator would you use to route the transaction?” he said. “What do we give each other, the telephone number? What if you use the number for two accounts? Which one should I use? Where should the registry be held? What if you say I didn’t do that transaction? Who is responsible? What about fees? Who will pay what?”

The other main concern is how to make mobile payments more secure. While in principle he believes mobile banking is inherently more secure than online banking, van Rensburg admits that the current crop of mobile banking apps are not necessarily as secure as they might be. In October 2012, NatWest customers found themselves targeted by a criminal scam that used the bank’s mobile banking app to extract funds from unwitting customers’ accounts. The incident was followed by the Eurograbber attack in December, in which criminals stole £30 million from 30,000 accounts in four European countries.

Pointing to the rise of digital signatures in Turkey and biometric innovations such as fingerprinting, Van Rensburg added that full three-factor authentication would provide the most secure kind of payment possible.

“The most secure systems are based on three cornerstones: something you have, something you know, and something you are,” he said. “Typically most payments today are two-factor: I have a card, and I know the PIN.” Online banking is increasingly becoming two factor, but not too long ago it relied on nothing more than a password. “The problem is that many mobile apps were built by the same people who designed online banking services, and therefore still use a single factor. That’s frightening. There’s a missing opportunity to make the phone itself a second and third factor of authentication, which would be much safer.”