Thanx Mwende for your 4day moderation on Security issues. Ofcourse more credit to the contributors whose insights am sure are being digested by stakeholders...feel free to make belated contributions. Today I want to introduce the second last theme before Mwende takes us through the Closure and Way forward on Monday 11th May 2009. Basically, we want to review the various "hybrid" electronic payments systems and their corresponding legal and regulatory frameworks. Hybrid electronic payment system exclude the traditional banking systmes which do have time-tested and proven legal/ regulatory frameworks. Typically they refer to emerging e-Payment systems that have been best exemplified by the MPESA/Zap phenomena. Such systems cut accross multiple industries (Banking, Telecommunication and IT) and present a huge challenge in terms of regulation/legislation. In developed economies, such systems have multiple legislation/regulation that demands that the entities involved in such ePayment services abide by strict Data Protection Acts which protect the customer data/privacy as well as other eLegislation (eCrime, eTransaction) that provides deterrence and assurance mechanism. In layman terms, consider an MPESA/ZAP User who sends value of 30,000Ksh from their mobile phone account to the parents upcountry when the following happens: 1. Disaster strikes and the electronic records are lost (whose liable?-it happened in 9/11, Tsunami, etc) 2. The Parents claim that they didnt recieve the money or worse still the sender claim they never send the money (non-repudiation issues) 3. An eCrime suspect is charged with altering ePayments records at the source (inside job/judicial issues) In general, do we have frameworks to protect consumers and businesses against such risks above and do we have investigative and judicial capacity to administer e-Crime related justice? What role should the Regulator (CCK), Banking (CBK), Police and Judiciary (NOT) have in these frameworks? Lets try and give views within today (1day)... walu.