It would seem that Kenya’s leading mobile operator Safaricom, has recently become a staunch advocate of SIM card security. This has come in the wake of the proposal by Equity Bank to launch a mobile money service set to rival Safaricom’s M-Pesa. This has left observers wondering whether Equity’s overlay SIM technology is really a security threat, or rather more a threat to Safaricom’s dominance. Report by Gabriella Mulligan.
In April 2014, the Communications Authority of Kenya (CA) granted three new mobile virtual network operator (MVNO) licences, one to Equity Bank subsidiary, Finserve Africa Limited.
Equity Bank revealed plans to launch a mobile money service, by issuing customers with ultra-slim SIM cards – also known as overlay SIMs – which will lie on top of traditional SIM cards issued by other operators, creating a dual-SIM capability. With the new technology, customers will be able to make use of Equity Bank’s mobile money offering, but also continue using their original SIM card without migrating network.
Kenya’s mobile money market is dominated by Safaricom’s M-Pesa service – with 70% of Kenya’s adult population using M-Pesa – and the money tranferred on the service accounting for 40% of the country’s GDP.
The entry of new players, especially such established entities as Equity Bank, is certain to threaten Safaricom’s hitherto virtually unchallenged dominance.
“The M-Pesa service is a key customer retention tool for Safaricom and Equity is aware of that,” said Danson Njue, research analyst at Ovum. “Thin SIM is a disruptive technology and Equity has clearly outlined its intentions to compete in the mobile money sector,” he adds.
Safaricom immediately opposed Equity’s plans, citing a GSMA (the international Groupe Sociale Mobile Association) report to argue the overlay SIM technology would pose a security threat to customers, and asked the Communications Authority of Kenya (CA) to prevent the launch of the service.
According to the GSMA’s report, “Although the overlay SIM is capable of using security technologies … use of the technology has the potential to introduce a range of new security risks due to its ability to observe sensitive data in transit between the mobile device and the original SIM.”
The potential risks of ultra-thin SIMs, according to the GSMA and Safaricom, include the possibility for an external party to access a mobile user’s PIN details, manipulate activity and perform unauthorised activities on the mobile device.
However, the GSMA concluded these risks can be addressed by the manufacturer, and, as such, not all thin SIMs will pose these threats. Rather, it recommended overlay SIM providers take steps to mitigate the risks, and to ensure any thin SIMs used are independently verified and certified.
In September, the CA decided to allow the use of ultra-thin SIMs – initially for a one-year trial period.
“No major complaints, particularly on interception of traffic of the primary SIM card, have been reported so far. According to GSMA, save for the inherent vulnerabilities of all SIM cards, there are no specific and confirmed vulnerabilities arising from the use of the thin SIM,” said CA chairman Ngene Gituku.
During the one-year trial period, the CA will engage an independent firm to conduct a security audit on all SIM cards – particularly the use of the thin SIM in mobile money – with a view to making recommendations for regulation.
“Should any vulnerability occur from the use of thin SIM cards within this one-year testing period, then operations of the SIM card in the Kenyan market will cease forthwith pending the final recommendations from the security report,” the CA says.
The CA added that the arrival of new players onto the mobile money market will provide customers with varied services, as well as paving the way for “greater innovation”.
The dispute comes as Safaricom continues to strengthen its grip on the Kenyan market, through its recent acquisition of rival operator yuMobile, which sees Safaricom inherit yuMobile’s infrastructure including its much-sought-after spectrum.
Rival operator Orange is also rumoured to be considering an exit from Kenya, which would serve to reduce Safaricom’s competitors even further and free up over 2m subscribers for the taking.
Meanwhile, the CA appears to be making concerted efforts to counter this dwindling competition.
Equity Bank’s proposed offering may well be intended to boost the mobile money sector in Kenya – and the Bank’s profits – however, it may also serve as a tool to enforce greater competition in the market – perhaps to Safaricom’s chagrin.