Communications Authority of Kenya (CA) recently licensed three Application Service Providers to offer Mobile Virtual Networks Operators services. The operators have proposed to use this mobile platform to provide various application services, including mobile money transfer.
The Authority said in a statement that the intention of licensing these services is to encourage innovation in the information and communications technology (ICT) sector that will spur competition from various market segments, particularly involving local investors
The expected competition and innovations by the Mobile Virtual Network Operators will provide consumers with varied services and value for their money while at the same time catalyzing economic development in the country.
Already, one of the MVNOs, Finserve Africa Limited, which was issued with an Application Service Provider licence, has expressed its intention to carry out the mobile payment services on its platform, using the latest technology of SIM card, commonly known as thin SIM or overlay SIM. This is a welcome development in the sector that continues to attract world-class innovations.
The move has, however, been challenged by one Mobile Network Operator, Safaricom, on account that the dual use of the overlay SIM alongside any other on GSM handsets may cause interruption and interception of communication. The operator further claim the dual use of overlay SIM may introduce vulnerabilities in the network as well as infringing on intellectual property rights.
This complaint was considered by the Authority in coordination with the Central Bank of Kenya, the regulator of mobile money transfer services. The two regulators engaged both Safaricom Limited and Finserve Kenya Limited for separate hearings on the matter. The two regulators also sought representations from Taisys SIMoME®, who is the manufacturer of the thin SIM in question. Opinion on the use of overlay SIM was also sought from GSMA, the association of GSM service providers and manufacturers of various products used in the provision of GSM services. The Authority also benchmarked with various standards organizations and regulators , who supported the intended use of the technology in Kenya.
After gathering information on the subject, the two regulators held a stakeholder conference that included participation fromSafaricom Limited, Finserve Kenya Limited, Airtel Kenya Limited Orange, Telkom Kenya Limited and Essar Telcom Limited. Others who participated at the forum were the two other MVNOs, GSMA and Taisys among others, at CA Center.
Following observations were made through this elaborate consultative process the Authority noted as follows;
That the thin SIM complies with all minimum mandatory international standards pertaining to the manufacturing of the thin SIM.
That no major complaints and particularly on interception of traffic of the primary SIM card has been reported so far.
Tests conducted on Taisys thin SIM by China National Computer Quality Supervising Test Center as well as the Bank Card Test Center of China show this particular thin SIM complies with applicable ISO and ETSI standards.
Based on the opinion of GSMA, save for the inherent vulnerabilities of all SIM cards, there are no specific and confirmed vulnerabilities arising from the use of the thin SIM.
Following on the outcome of the investigation, and findings on the subject, the Board of Directors of the Communications Authority of Kenya has decided as follows regarding the use of thin SIM card on the Kenyan market:
There is no sufficient evidence to block in the Kenyan market the entry of the thin SIM.
The Authority will allow the use of thin SIM technology under strict observation for a period of one year. During this period, only Taisys’ SIMoME® thin SIM will operate in the Kenyan market.
The Authority has began the process of hiring an internationally reputable firm to conduct a security audit on all SIM cards, and in particular the use of the thin SIM in mobile transfer services, and recommend a framework for regulating the use of SIM card in Kenya during this period.
During the one year testing period, if any vulnerability is discovered from the use of Taisys thin SIM card, then operations of the SIM card in the Kenyan market will cease forthwith pending the final recommendations from the security report.
Operators intending to use the thin SIM for mobile money transfer must obtain authorization from the Central Bank of Kenya
The Board of the Authority recognizes the importance of mobile platforms, including payment systems to be robust enough to guarantee security and sufficiently flexible to allow for seamless interconnectivity with other services within the sector. In so doing the Authority encourages innovation by market players in the industry for the benefit of Kenyans.
I am Martin Odinuwe, a logo identity designer, Graphic designer, Video editor and a professional videographer based in Abuja, Nigeria with over five years experience. I am currently a consultant with Reachout Multiservice company ltd a multimedia company in Abuja
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
