Today, I will write about how international businesses are using their power and their markets strategy, while people are giving up their private communications and other vital information for simple transactions between family and friends, also when borrowing micro-credit or buying solar-cells through credit. This is all based on the Privacy International recently released report and the quotes are taken from there. It shows vital information taken from citizens who uses apps and financial services in their daily lives. Clearly, they have accessed certain freedoms for the trade with these Kenyans. The business transactions and the trade is not only making direct profits for the corporations allowing direct transactions, but also delivering services like payday loans and buying equipment. Still, it has a special price and they have to sign-up to give away certain aspects of their lives to gain this. That is what is interesting because it says something of how much of the personal space these corporations are getting from the persons they are profiting from!
“The term ‘fintech’ has been defined by PricewaterhouseCoopers (PwC) as: “a dynamic segment at the intersection of the financial services and technology sectors where technology-focused start-ups and new market entrants innovate the products and services currently provided by the traditional financial services industry.” (Privacy International, P: 10, 2017).
“Yet a change that has not been much explored is that M-Pesa also produces a vast amount of data for the telco Safaricom. Each of the millions of transactions that take place a year tell a story. They tell the story of how the small business is operating: the money they’re sending to their suppliers, the transactions that are taking place. But it tells other stories as well: the money that comes in and then is sent to the hospital. The school fees paid by the biological father, unknown to anyone except the mother, father and Safaricom. But there is also a way in which this data is known by third parties. The transmission of the content of the money transfers over M-Pesa is encrypted. However, the details of any transactions are sent, unencrypted, by plain SMS. Even if M-Pesa transactions themselves are sent via secure and encrypted means, the account information is not. The messages that someone sends for receiving or sending money include the name of the recipient (from the registration of the SIM), the amount sent, and their current balance. This facilitates the gathering of personal data by apps. The fact that the transactions can be tracked becomes a large part of the power of the lenders, as in the Kenyan example, leaves a trail via the M-Pesa SMS messages for both customer and retailer. As shall be illustrated, this is an aspect of M-Pesa of which fintechs are able to take advantage” (Privacy International, P: 29, 2017).
“From the data provided by the app, decisions are made about whether and how people repay their loans. One of the key pieces of data is to analyse the content of SMS messages for the records of M-Pesa payments. These are very valuable records to analyse; for example, if the person seeking a loan has a small business, it is a good measure of the health of the business and the money entering and leaving the business. But, according to Tala, it can also be used to analyse how people are actually using their loans, as frequently the money they receive from Tala will leave someone’s M-Pesa account immediately (for example, to pay school fees or a hospital loan, or an individual). But the analysis of the data by Tala extends beyond this, to make analyses based on data and information that are, at best, unexpected to be used for credit scoring. For example, Tala analyses call logs: their analysis has found that people who make regular calls to family are 4% more likely to repay their loan. To do this analysis, they need to know who your family is: from the content of text messages that call someone “mama”, and the pattern of calls” (Privacy International, P: 30, 2017).
“One difference from Tala is that Branch also makes use of Facebook for authentication; as discussed below, this is allowed under Facebook’s terms and conditions. Another factor that Branch uses for its decision-making is the behaviour of your friends, and their repayment patterns for Branch loans. How does Branch know who your friends are? They have a refer-a-friend feature (as does Tala), which is one source of this data. But they can also see your Facebook friends, and your call log to know who is contacted regularly” (Privacy International, P: 31, 2017).
“The data that M-Kopa gathers from the device via the SIM is information like location (using cell data, not GPS), the charge level in the battery, and what devices are plugged in. They will also soon be gathering data on the television programmes watched. This specific data on programming is not data that it is planning on selling, but rather to use to develop its own services in the future. M-Kopa’s website states that, “After completing payments, customers own the product outright.” However, the customer does not own their data. The terms and conditions of a M-Kopa loan make the company’s position on data clear: “M-KOPA shall have absolute and sole ownership of … the data which is obtained by the Customer’s use of the Device.” Customers have no right to even see their own
data, apart from the provisions under Credit Reference Bureau rules. For M-Kopa, it ultimately comes down to a business decision: “If data privacy was important for the Kenyan consumer, we would do it,” states Chad Larson, the Chief Credit Officer at M-Kopa. At the same time, both M-Kopa and its investors have a viewpoint that their use of data is ethical” (Privacy International, P: 32, 2017).
Control over the data:
“A significant issue with the fintech companies in Kenya, is that they keep access to the data. They keep the data—and, in some cases analyse it, even if the user has stopped being a customer of theirs, and has deleted their app. Branch is explicit that it keeps the data even after a user uninstalls the app, and admits it is possibly doing further analysis on it, “we have that right.” Tala encourages people, even if they have been rejected for a loan, to keep the app; if they do delete it, Tala retains their data. This is so that, if the customer returns later, they can reinstall the app, go through some simple KYC checks, and be able to borrow again. M-Kopa, on the other hand, continues to collect data from the device even after the loan has been repaid” (Privacy International, P: 33, 2017).
Just as this reveals that Safaricom, the partly owned Vodacom Telecom Business have no trouble through the M-Pesa, the Cellphone Mobile-Money Transactions, that they can hold onto all information between all parts of the transactions. Like how a person send the messages of giving money to friend/family and at what point they picking up the mobile-money. This personal data is all incorporated into their apps, as they provide the services and keeps this fintech data on each of their clients.
As we see with the Tala App, which is also used to get loans. Tala analyses the personal SMS’s from the client to either give or not accept proposals for loans from their services. Tala are looking into the M-Pesa messages given to the client and are scanned by the app. To see if the client can actually be able to repay the debt possible sign-off from Tala. This proves that the Tala App is checking the credit history done with the services of M-Pesa, which is Safaricom/Vodacom. Branch another Fintech app is taking it further, they are also analyzing your behavior and who is your refer-friend on Facebook. They are clearly entitled to the private information of your networks before you get a loan. So they know exactly, who and when you contact friends and family on social media before giving you a loan. It shows how personal and how much information on app can get before you get the services needed from them.
M-Kopa are another one, who is directly saying that all information collected from their costumers are their to own and to use for later costumers. It can also be used after the usage. More of these Apps seems to do so. They are keeping this personal data even after the transactions, the loans and the purchase. This can be used to further get clients and knowledge of when the costumers need it more. So they can get them “addicted” to the services. We have no idea how they store this personal data or who they trade it with after gathering it all.
This should all be scrutinized and questioned, as it breaches with personal space collected with marketing and simple ploy to generate enough information to be able to gain the services from the companies. These companies are vultures of the costumers private space and uses it as leverage for their trade.
It is worrying how far they are taking it and how much personal information they are gathering to give them these services. Peace.
Privacy International – ‘Fintech: Privacy and Identity in the New Data-intensive Financial Sector’ (November 2017)