On Fri, May 8, 2009 at 12:17 PM, Barrack Otieno <otieno.barrack@gmail.com> wrote:
Walu, i am reliably informed that m-pesa was designed as a microfinance solution. Before we were caught by the m-pesa bug there was something called Sokotele which was a bit cumbersome because it involved queuing in a banking hall (KREP/CELTEL). The fact that these money transfer solutions rely on traditional banking system for the so called Trust accounts gives me the impression that the e-payment solutions are just a means to an end (the money stored in the bank). In this regard i propose that the Kenya Bankeres Association and the Communication Commision of Kenya should establish frameworks from a banking perspective as well as a technology perspective to manage security concerns. Some of those mpesa vibandas are unsecure yet they contain a significant amount of float. The other fact is that a good number of users from rural areas are technologically challenged and vulnerable to con men and women. I chose KBA because it is an umbrella for stakeholders in the banking sector and CCK the regulator for the technology sector


On Fri, May 8, 2009 at 8:27 AM, John Walubengo <jwalu@yahoo.com> wrote:

Thanx Mwende for your 4day moderation on Security issues. Ofcourse more credit to the contributors whose insights am sure are being digested by stakeholders...feel free to make belated contributions.

Today I want to introduce the second last theme before Mwende takes us through the Closure and Way forward on Monday 11th May 2009.  Basically, we want to review the various "hybrid" electronic payments systems and their corresponding legal and regulatory frameworks.

Hybrid electronic payment system exclude the traditional banking systmes which do have time-tested and proven legal/ regulatory frameworks. Typically they refer to emerging e-Payment systems that have been best exemplified by the MPESA/Zap phenomena. Such systems cut accross multiple industries (Banking, Telecommunication and IT) and present a huge challenge in terms of regulation/legislation.

In developed economies, such systems have multiple legislation/regulation that demands that the entities involved in such ePayment services abide by strict Data Protection Acts which protect the customer data/privacy as well as other eLegislation (eCrime, eTransaction) that provides deterrence and assurance mechanism.

In layman terms, consider an MPESA/ZAP User who sends value of 30,000Ksh from their mobile phone account to the parents upcountry when the following happens:
1. Disaster strikes and the electronic records are lost (whose liable?-it happened in 9/11, Tsunami, etc)
2. The Parents claim that they didnt recieve the money or worse still the sender claim they never send the money (non-repudiation issues)
3. An eCrime suspect is charged with altering ePayments records at the source (inside job/judicial issues)

In general, do we have frameworks to protect consumers and businesses against such risks above and do we have investigative and judicial capacity to administer e-Crime related justice? What role should the Regulator (CCK), Banking (CBK), Police and Judiciary (NOT) have in these frameworks?

Lets try and give views within today (1day)...

walu.










_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: otieno.barrack@gmail.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com



--
Barrack O. Otieno
ISSEN CONSULTING
Tel:
+254721325277
+254733206359
http://projectdiscovery.or.ke
To give up the task of reforming society is to give up ones responsibility as a free man.
Alan Paton, South Africa



--
Barrack O. Otieno
ISSEN CONSULTING
Tel:
+254721325277
+254733206359
http://projectdiscovery.or.ke
To give up the task of reforming society is to give up ones responsibility as a free man.
Alan Paton, South Africa