Last September we spent some time in Nairobi figuring out whether we could make offline phone payments usable. Phone payments have greatly improved the lives of millions of poor people in countries like Kenya and Bangladesh, who previously didn’t have bank accounts at all but who can now send and receive money using their phones. That’s great for the 80% who have mobile phone coverage, but what about the others?
Last year I described how we designed and built a prototype system to support offline payments, with the help of a grant from the Bill and Melinda Gates Foundation, and took it to Africa to test it. Offline payments require both the sender and the receiver to enter some extra digits to ensure that the payer and the payee agree on who’s paying whom how much. We worked as hard as we could to minimise the number of digits and to integrate them into the familar transaction flow. Would this be good enough?
Our paper setting out the results was accepted to the Symposium on Usable Privacy and Security (SOUPS), the leading security usability event. This has now started and the paper’s online; the lead author, Khaled Baqer, will be presenting it tomorrow. As we noted last year, the DigiTally pilot was a success. For the data and the detailed analysis, please see our paper:
DigiTally: Piloting Offline Payments for Phones, Khaled Baqer, Ross Anderson, Jeunese Adrienne Payne, Lorna Mutegi, Joseph Sevilla, 13th Symposium on Usable Privacy & Security (SOUPS 2017), pp 131–143
PassWindow has been used for offline administration of low-interest micropayments for microloans to poor households in rural Bangladesh (focusing on economically disempowered women). It’s an interesting precedent/ comparative study.
Search Google for “PassWindow White Paper” for more information.
I tried to post this with a link to the PassWindow white paper in the comment, but this did not work — WordPress malfunctioned when I submitted the comment.
How you settle the offline mobile payments? What if the device never again goes online?
If either device ever goes online again, the transaction is uploaded, and registered in the shadow accounts. If neither device ever goes online again, who cares? The payee doesn’t ever withdraw the money, and the payer doesn’t get to use it either.