The GSM Association (GSMA) has reacted angrily to the claim by customer screening software specialist Datanomic Ltd. that operators "offering mobile money transfer services in emerging markets are at risk of inadvertently sponsoring terrorism, money laundering and human trafficking." In a press release issued earlier this summer, Datanomic claims that some mobile operators in emerging markets (particularly in Africa, the Middle East, and the Far East) with growing mobile money user bases are "failing to screen against sanctions and Watch Lists," and face "greater risk exposure of a sanctions breach." The company says some of these mobile operators "think they are exempt from compliance with stringent financial regulations or treat it as an afterthought."

Datanomic adds that as mobile money transfer services become more popular, few operators are even aware of the extent to which they are becoming "exposed," and may face "severe financial penalties from local and international regulators." Not all operators are aware of the rules and regulations associated with mobile banking, and are unwittingly exposing themselves to abuse and sanctions, claims the company.

It's clearly to Datanomic's advantage to highlight such concerns: On the one hand it can claim it's being a responsible citizen by alerting the sector to the potential abuse of its important and increasingly popular new mobile money services; on the other hand, it stands to (potentially) gain from highlighting such concerns, as it's trying to sell its customer screening software, which is already being used by operators in Afghanistan, Kenya, South Africa, and Tanzania, including Vodafone Group plc (NYSE: VOD). (See Vodafone Adds to M-PESA.)

So can Datanomic identify any operators that are currently failing to comply with the appropriate rules or are directly exposed to potential abuse by terrorists?

No, basically. But it says it knows of such instances.

Responding in an email to questions from Light Reading, the company's VP of marketing, Jeremy Jones, states it "would be a nice idea to demonstrate the importance of accurate and effective customer screening by 'spilling the beans' on companies that we know who either aren't prepared for their compliance obligations, or who have discovered that they've been harbouring undesirables -- or even potentially sanctioned individuals or entities -- within their customer lists."

However, those companies "do not want to promote such things to the wider press, or the regulator." Jones says he also can't name names because of non-disclosure agreements and because some operators are potential customers, and "therefore [we] don't want to rock their boat." He adds: "Getting someone to publicly admit that they've been inadvertently sponsoring terrorism would be PR disaster for any organization, and is never going to happen."

So, is this a problem identified within the carrier community? The GSM Association, which counts more than 800 mobile operators among its members, is certainly aware of the benefits of, and challenges posed by, the increasing popularity of mobile banking services, and has been helping to fund mobile money projects. (See GSMA Hands Out Mobile Money Grants, Mobile Banking to Grow, and Orange Money Expands in Africa.)

But the Association isn't impressed by Datanomic's scaremongering.

Gavin Krugel, a director at the GSMA with responsibility for mobile money strategy development, says the Datanomic announcement "got my back up." He says the Association has been working with operators around the world for four years to make sure they have the right systems in place to provide mobile banking services, and that there is "nothing behind" Datanomic's claims. "Mobile operators are well aware of the compliance requirements," he adds.

Krugel says mobile operators introducing such services have to prove they have "all the systems you'll find in any financial institution to counter any possibilities" of laundering and other illegal activities. He says the operators providing mobile banking services each have a financial institution as a partner, and need to comply with AML and CFT ("anti-money laundering" and "combating the financing of terrorism") regulations worldwide. "If anything, the bank partners would keep the mobile operators in check."

Krugel is keen to point out that there is an ongoing debate about whether mobile banking can be an inherently secure service, particularly as there are different approaches to providing the service -- for example, some have end-to-end encryption, while others have the encryption built into the SIM cards involved in transactions.

But, he concedes, it's not to say that a mobile banking service won't be compromised at some point, especially as there are now around 150 deployments and the range of services is growing. (See Operators Cash In on Mobile Payments and Positive Progress Predicted for Mobile Payments.)

But he challenges anyone to identify an example where a mobile banking service has been abused in the way suggested by Datanomics. "The only fraud I have encountered is where the agent has defrauded customers as the money has gone in and out of the system," he insists.

— Ray Le Maistre, International Managing Editor, Light Reading