Kenya’s lawmakers challenge use of ‘ultra thin’ mobile money SIM card

Out-Law News | 07 Oct 2014 | 11:30 am | 2 min. read

The planned roll out in Kenya of new mobile money transfer services using ‘ultra thin’ mobile banking SIM card technology has been challenged by parliamentarians.

The Communications Authority of Kenya (CA) and the Central Bank of Kenya (CBK) had approved the use of the technology by Finserve Africa Limited, a subsidiary of Kenya’s Equity Bank, for a one-year trial period.

However, Kenyan lawmakers have reportedly called for a review to be conducted by independent experts before the SIM technology from Taiwanese firm Taisys Technologies Co Ltd is deployed.

The chairman of the parliament's departmental committee on energy and information communications technology Jamleck Kamau said lawmakers were “still apprehensive about the security concerns raised about the technology”, according to a report by Kenyan publication The Star.

Kamau said: “We are asking the CA in the meantime to stop the roll out by Equity until the security issues which borders on privacy are addressed.”

Taisys said its patented ‘duoSIM’ can be directly attached to the surface of an existing SIM issued by a telecoms provider and placed into a mobile device. “Taisys’s duoSIM can then be used to execute mobile banking transactions, releasing the bank from the limitations of a telco-issued banking SIM. In addition, the ultra-thin duoSIM is also integrated with mobile virtual network operator mobile services, providing another layer of convenience to Kenyans’ everyday living", the company has claimed.

CA chairman Ngene Gituku said earlier this month that concerns of “possible security flaws” in the technology, raised by telecoms provider Safaricom, had been reviewed with the CBK and “it was concluded that the technology is safe for use in the country”.

According to the CBK, Safaricom had argued “that the use of the overlay SIM alongside other GSM handsets may cause interruption and interception of communication”. Additionally, the operator claimed that the technology “would likely introduce vulnerabilities in the network as well as infringing on intellectual property rights”.

However, Gituku said that, together with the CBK, the CA had held talks with Safaricom Limited and Finserve Kenya Limited. Gituku said both regulators had also sought representations from Taisys.

Gituku said. “Opinion on the use of the overlay SIM was also sought from GSMA, the association of GSM service providers and manufacturers of various products used in the provision of GSM services.”

The CBK said that during the one-year trial period, it would ask an “internationally reputable firm to conduct a security audit on all SIM cards, and in particular the use of the thin SIM in mobile transfer services, and recommend a framework for regulating the use of SIM cards in Kenya”.

The CBK said “should any vulnerability occur from the use of the Taisys thin SIM card within this one-year testing period, then operations of the SIM card in the Kenyan market will cease forthwith pending the final recommendations from the security report”.

Safaricom said it “implored” regulators to “fast track the security review and to publish the guidelines in the interests of protecting consumers and financial institutions who will remain vulnerable to the potential risks”.

In 2007, Safaricom launched the M-Pesa project in Kenya, enabling Kenyans to make low value real time retail payments using their mobile phones.