Customer Data Handling by MMOs & Their Agents: Lessons from Uganda

Data protection risks have been shown to increase alongside the popularity of online banking and other digital financial services. DFS adoption is hindered by the possibility of risk, according to a study by CGPA that tracked the evolution of consumer risk regarding DFS. Another study conducted by the Center for Global Development (CGAP) and Microsave Consulting (MSC) provides insights into how mobile money providers and their agents can safeguard customer data and privacy. It provides a synopsis of a study done in Uganda based on secondary sources and demand and supply side interviews

Data protection risks have been shown to increase alongside the popularity of online banking and other digital financial services (DFS). DFS adoption is hindered by the possibility of risk, according to a study by CGPA that tracked the evolution of consumer risk regarding DFS.

Another study conducted by the Center for Global Development (CGAP) and Microsave Consulting (MSC) provides insights into how mobile money providers and their agents can safeguard customer data and privacy. It provides a synopsis of a study done in Uganda based on secondary sources and demand and supply side interviews.

Many agents reported taking several steps to safeguard customer data while conducting transactions. These include:

  • Avoid getting access to customer PIN
  • installing cameras in their shops,
  • serving one customer at a time,
  • Advise customers to change their PIN frequently
  • creating awareness of emerging fraud threats, data protection breaches, and safeguarding mechanisms via social media (a WhatsApp group).

Most mobile network operator (MNO) agents record customer transaction details and identification numbers on a logbook of daily transactions. Despite their efforts to keep it secure, the logbook does not ensure confidentiality, as several customers sign on the same page. Fraud, space constraints, and high illiteracy levels among customers make it more challenging to protect customer data.    

Moreover, excessive competition contributes to agent malpractice. The report identified, that agents typically comply with customer requests for remote and direct transactions charging customers UGX 1,000 ($0.26) per transaction which the Bank of Uganda does not permit.  

MNO providers have strengthened their risk management practices after the implementation of the Data Protection and Privacy Act in the country in 2019. They ensure that the processes and systems are in place to collect, store, share, and delete customer data. They also support their agents to help them follow responsible practices around data protection. Regardless, no promotional material or training content on data protection was available with agents, which resulted in a lack of standardization around communication on data protection. Furthermore, rewards/ incentives for agents who do not receive customer complaints have been discontinued.

Takeaways for providers who want to improve their data protection practices are:

  • Emphasizing data protection topics in agent training.
  • Providing more agent supervisory support as rural agents receive supervisory visits much less frequently than urban agents.
  • Raising customer awareness on consent management and how their data is stored, used, and shared.
  • Providing a communication toolbox on data protection.
  • Removing the practice of maintaining manual logbooks at agent points.

Read the full report here.

Leave a Reply

Your email address will not be published. Required fields are marked *