By Rafe Mazer and Kate McKee, CGAP (www.cgap.org) for CIS Kenya
Who owns the data generated by mobile money customers’ transactions?
In January, 2016, Safaricom announced a new way for consumers to access statements for their mobile money accounts. With a simple enrollment via short code, you can now receive a detailed statement of all your M-Pesa activity each month or request a statement for the past 6 months.
The benefits to customers of this new feature extend beyond its ease of use when compared to the Self-Care option at Safaricom.co.ke. Betty Mwangi, Director – Financial Services, Safaricom, described what is driving demand for this new service:
“Every month an average of 30,000 customers visit our Retail Centres specifically seeking to receive printed M-PESA statements, as a prerequisite to accessing credit from financial institutions or for business reconciliation purposes.”
This observation has far-ranging implications and hints at a possible shift in how we view consumers’ ownership and control of their mobile money data, assuring that any and all innovations include robust and clear data security practices, since protecting data security is the most essential element of any data sharing arrangement.
Mobile moneydata has become an integral part of many new alternative scoring models and related lending services entering the Kenyan market (our latest count suggests there are more than 10 new “digital lenders” in Kenya). This fast-growing trend in turn opens up the possibility of consumers using their mobile money data to receive more credit offers and to leverage prior strong loan repayment for better pricing or terms on subsequent loans.
Is it now both timely and feasible to re-think the ownership concept for mobile money data and enable a “co-ownership model,” where consumers could leverage their own data to qualify for more attractive offers? This could offer an alternative to the current practice of complicated and often one-sided data usage agreements that consumers must sign as a condition of service but rarely read or understand. Typical service agreements give providers almost unrestricted rights to sellcustomers’ mobile money data to third parties—who then often use it to market unsolicited credit offers—while creating barriers for a customer to share data with a provider of their choice. There needs to be a shift from this practice of full provider control over consumers’ own financial data, to a more open, shared approach where consumers have some control over their data and how they and providers can use this data to offer them new products and services.
Moving from a proprietary to a co-ownership model for mobile money data – where customers have more rights over who sees their data, which data and when -- holds great potential to benefit Kenyan consumers and unleash innovations in digital finance. “Next generation” credit bureaus built on this model could result in better-balanced value between mobile money customers, their providers, and third parties. For example, as millions of Kenyans nowmake utility and other regular payments via mobile money paybill functions, a more “inclusive” credit bureau could enable the strong payers among them to seek out and qualify for more and better offers, while at the same time strengthening risk management for the lenders currently in the market. This model could also help drive competition and lower barriers to entry, as new lenders, insurers and other service providers would be able toharness this transactional data to manage risk and reach more consumers at lower cost.
Before we open the gates to a co-ownership model, however, several important principles should be put in place through a consultative process that balances interests of the various parties. We propose four principles to start the discussion.
Principle 1: Consent and usage restrictions
Most terms and conditions in the digital world seem to allow for wide sweeping rights of providers to share consumers’ data with whom they want. Many times consumers are not fully aware that this data has been sold or otherwise provided to another party, nor are they likely to have a say in whether and how the party receiving the data can then target them with direct marketing. A more pro-consumer approach would require that any sharing of mobile money data be on a per-transaction basis, limiting the use of that data to the transaction specified by the consumer. This will ensure that consumers know each time their data is being used, directly consent to that usage, and are not at risk of their data being shared and used for purposes they do not consent to.It is also important to test and develop good practices for how to communicate data usage and consent in a clear and meaningful way to consumers. CGAP research in Tanzania showed that it was possible to get across basic principles of data sharing and restricted usage via SMS, but that for many consumers it is important to have a channel to receive further information on their data rights and usage rules if they have further questions.
Principle 2: Easy processes for consumers to safely share their own data
One clear lesson from the challenging path towards mobile number portability in Kenya is that the process needs to be easy, fast, and as automated as possible. If each service provider has its own operational procedures, this will hinder consumers’ ability to port their mobile money data to others. Once the consumer requests that the data be shared with another provider there would be a simple function built in to each mobile money service (including thirdparties as well as MNOs and banks) thatcould transfer consumers’ transactional data in a standardized format. In the United Kingdom this process has already been put in place in the banking industry, where banks are required to allow consumers to share their banking information with other providers; while in Chile Destacame (www.destacame.cl) is a start-up that helps consumers leverage their utility payments to receive a credit score that they can then share as they see fit with lenders and other providers.
There are several different ways to design this process, ranging from bilateral technical integrations to a centralized third-party that stores and disseminates this information on behalf of consumers. One benefit of a centralized hub would be the potential for a single set of standardized sharing and usage agreements and related terms and conditions; limiting the risk of providers imposing terms that compromise consumer privacy, limit informed consent, or lead to unsolicited data sharing and marketing. This would also limit the potential data privacy risks that arise when third-parties develop “hacks” or workarounds to access restricted information. In the United States some third-party lenders have consumers provide their account log-in details, which they then use to gather their financial data, opening consumers up to serious data privacy and data theft risks because they could not easily share their financial data otherwise.
Principle 3: Rules for marketing of credit offers
In markets with robust and well-functioning credit bureaus, one of the risks of consumers’ histories being easily accessible is that increased information can lead to aggressive marketing of credit offers. This can lead to consumers borrowing in excessive amounts or without specific needs—succumbing to human biases such as temptation and hyperbolic discounting. Therefore any expansion of the data shared would need to be matched with provider standards and rules of conduct on marketing. For example, a good practice would be to require consumers to specifically opt in to receive product offers and marketing materials for a product or service offered by a provider or their partners. This would assure that consumers only receive the information they want to receive and not allow for unauthorized selling of their data to others who then provide unsolicited credit offers via mobile and data channels. An important area of further research is whether consumers can fully understand and benefit from agreements where they allow for ongoing marketing and communications. If this cannot be designed in a way that is easily understood and simple for consumers to revoke, then it would indicate the need for restricting marketing to a one-off basis and only when directly requested by the consumer.
Principle 4:Developing clear lines on what types of data can be shared versus kept private
We believe that opening up avenues for consumers to share and benefit from their mobile money histories is an important goal for Kenya. This does not mean that we favor forcing incumbent providers to relinquish completely all rights to data on their customer base. First, there should be certain benefits awarded to those who have built and continue to serve a loyal customer base. This includes leveraging their customers’ data beyond mobile money—e.g. demographic, voice, SMS—and strong customer relationship to engage with their consumers within their own network. Second, there is the risk that sharing all consumer data would create privacy risks for consumers if, for example, their voice and data usage was also shared for credit scoring. In fact, one third-party lender in Kenya already reviews the contents of consumers’ SMS, call logs, and contacts as part of their scoring model. Interviews with consumers by CGAP and the Omidyar Network have made clear that consumers do not always feel comfortable sharing such personal details to help achieve financial access.
To determine what data could be shared and what data it is in customers’ best interests to restrict from sharing, it is important that a diverse set of industry actors, CIS, credit bureaus, relevant regulators and data privacy experts have an open discussion and determine where the line can be drawn to enable increased control over financial information in a responsible and competitively fair manner.
There may be some challenging issues and heated debates along the way, but as the global leader in mobile money and digital credit, the time is right in Kenya for a new vision of co-ownership of financial data in Kenya. As the recent expansion of digital lending has shown, there are millions of consumers in Kenya seeking better access to financial products, and a growing number of innovative providers wishing to serve these consumers. All that is missing is a new set of standards and a centralized platform to responsibly connect consumers’ data with a wider range of providers in a responsible, transparent and secure manner.