The telecommunications regulator has demanded that Equity Bank undertake to compensate mobile phone subscribers for any losses they may incur during the one-year trial of its thin SIM, putting to test the company’s assertion that the technology is safe.
In a letter dated September 22, the Communications Authority of Kenya (CA) director- general, Francis Wangusi, asked Finserve, Equity Bank’s mobile banking services subsidiary, to commit in writing that it would compensate the regulator for any liabilities that may arise from fraudulent use of the paper-thin SIM cards.
Safaricom, which owns the M-Pesa mobile cash transfer and banking service, has opposed use of the technology arguing that embedding a SIM card on the primary SIM of a mobile subscriber exposes them to risks of fraud and loss of private information.
“Before launching the thin SIM, Finserve and Taisys Technologies (manufacturers of the thin SIM) are required to make a written undertaking indemnifying the Authority of any liabilities which may be confirmed as resulting from Taisys SIMoMe thin SIM,” reads the letter by Mr Wangusi to John Waweru, executive director and chairman of Finserve Africa Ltd.
Safaricom has warned that it will review its legal commitment to M-Pesa customers who opt to use Equity Bank’s overlay SIM cards.
Equity Bank early this year got approval from the regulator to launch telecommunications and mobile banking services through a Mobile Virtual Network Operator (MVNO) licence.
The lender will ride on mobile operator Airtel’s network to roll out the service, but it is banking on use of the thin SIMs, which are overlaid on the primary SIM cards to win Safaricom customers.
Safaricom’s M-Pesa is the biggest mobile banking service, which earned the company revenue of Sh26 billion last year.
The regulator says Equity Bank must also undertake to meet liability where there is manipulation or blocking of mobile communication including voice calls, SMS and mobile money transactions provided by the primary SIM cards.
It also wants to be absolved from any legal responsibility in the event of eavesdropping, communication interception and obtaining unauthorised access to the overlaid SIM card and changing authorisation settings.
Mr Wangusi said, the written undertaking by Finserve and Taisys is a must as it would prove that they have put in place all the security measurers required by the Authority.
In the letter, the Authority said that in addition to the written undertaking and assurance, the regulator shall suspend the operations of the thin SIM in the Kenya market in the event that the areas it has sought the indemnity are breached, pending the final recommendation of its use or otherwise.
“The written undertaking is important because if they don’t do it we will definitely know that there is something they are hiding and if they do it we also know that they have put the required security measures,” Mr Wangusi told the Business Daily in a telephone interview.
He added that, while the Authority gave an approval for a one-year trial period, it noted all the security concerns raised by Safaricom and the opinion provided by the GSMA that also promoted it to contract an international security firm to conduct a technical audit.
Mr Waweru said he could not comment on the matter since he had not seen the letter from the CA.
In an interview, Safaricom CEO Bob Collymore said Tuesday that its previous test on the thin SIM showed that when the overlay SIM is used concurrently with the primary SIM cards, it blocks functionalities of the traditional SIM cards and the user cannot to tell when they have received any SMS or M-Pesa sent to their numbers until they reboot.
“Yes the thin SIM technology has been deployed in several countries, however the key issue that we are raising here is that in those countries it has not been done in the way it is being introduced in the Kenya market,” Mr Collymore said.
He said that in countries such as China where the technology has been deployed, this has been done as a value added service such as such as mobile money transfer and roaming services and that in such scenarios the security issues squarely lie with the same provider in the event of any breach.
The model adopted in Kenya, he said, is a recipe for unprecedented legal ligations should any security breach occur and which will drag in multiple parties.
“When we raise issues of insecurity my greatest fear is that this can be perpetuated even from one disgruntled staff, so it is a matter that we are taking seriously and ought to be treated with seriousness,” said Mr Collymore.