An interview with Naohisa Fukuda, President, Japan Communications Inc. “Secure digital ID is the bridge between cyber world and real world”

Naohisa Fukuda is the President and Member, Board of Directors at Japan Communications Inc. (JCI). Founded in 1996, JCI provides telecommunication services to business clients and has been a pioneer in the MVNO business model. Mr. Fukuda joined JCI as a Senior Vice President of Marketing in 2002. He has previously served as VP Marketing, Apple Computer, besides holding management positions at Apple Computer Japan. Mr. Fukuda graduated from the University of Tokyo in Japan; he has an MBA from Dartmouth College in the United States.

Mr. Fukuda was in Islamabad last week leading a Fintech delegation from Japan in partnership with Saffran Group Japan, which has signed an agreement with JCI to bring a Fintech platform to Pakistan. BR Research sat down with him to discuss opportunities in Pakistan’s Fintech sector:

BR Research: Starting off, what brings you to Pakistan?

Naohisa Fukuda: My Company, the Japan Communications Inc., has developed a digital platform – called Fintech Platform over Sim – that can be very helpful for secure transactions in e-commerce, banking, and various other sectors. This platform can also work with the IoT (internet of things). But at its core, this system ensures that secure digital ID is the bridge between cyber world and real world.

I am in Pakistan these days mainly as the architect and designer of this technology, and not as a business person. Japan Communications and Saffron Group, which is a Pakistan-origin group of companies based in Japan, have inked an agreement to launch this technology together in Pakistan. And that is why I am here in Pakistan, encouraged by Saffran Group’s owner and Pakistani expat Mirza Asif Baig, who feels that Pakistan really needs a Digital ID platform that is based within Pakistan.

BRR: So tell us a little more about this digital platform.

NF: First, a bit of background. Internet is very useful but the biggest problem is digital security. Problems are arising because there is a gap between growth of the Internet and the evolution of security solutions. Not only is there resistance to change among governments, security is adding to complexity for users. Therefore, a new solution is needed to secure financial transactions and digital IDs, for which we need to leverage the already-established technologies.

It is when you go into “transactions” – especially financial transactions, digital payments, and online purchases through e-commerce – that you really need digital security, because hackers can steal the key when the encryption key is distributed to set up a session. I was asked by the Japanese government five years ago to develop a secure platform and then I started developing a product platform.

I will now explain how this works with a simple question: why do we carry a number of IC plastic cards – such as debit card, credit card, employee badge, transportation card, etc.? The reason is very simple: each IC card has its own encryption key or digital ID. If a hacker tried to steal it, the IC card will be dead after three trials. That is the nature of the IC card, referred to as the Hardware Security Module. Regardless of how good the software is, you can hack it; but it is hardware that can actually prevent the hacking if the hardware is designed properly. That is why the use of IC cards is so prevalent.

However, a big problem with the plastic IC card is that you need a card reader in order to use it on the Internet. Now everyone has an IC card reader. Do you know where? It’s in our smartphones and feature phones: the sim slot. The sim card actually has the same standard – called UICC – as the plastic IC card. What it means is that the sim slot is the IC card reader. That is the main idea. And how it works is that you take the main sim card out of the sim slot of the phone, merge it with a “sub sim”, and then put it back into the phone. The “sub sim” is used as an IC card in the phone as it generates the key pair and stores the encryption key in a secure way.

BRR: How does this work for an ordinary user?

NF: There are two steps to using this process. First, you need to set it up, which involves generating the key pair (public key and private key), then you obtain a digital certificate by sending the public key to a certification authority that is KYC-compliant, then you write digital certificate onto the sub-sim, and finally you set the PIN to use sub-sim for digital signature. And second stage is about using this platform, which is very simple: users just need to input the PIN to use a secure ID and then all the future actions such as digital signing take place by programs.

BRR: So you are bringing a digital payment security solution to Pakistan.

NF: Yes, and not only payment, but my concept also encompasses security over the Internet. Let’s say that if I am using my Apple ID or any other ID over the Internet, people would assume that it is me who is using that ID. However, it is very easy for someone else to start using my ID, and that is an identity fraud as people will not know if someone else is using my ID. We need to prevent this, but that requires bridging the cyber world with the real world. Our proposal is to hold data on regulatory KYC and then allow digital transactions if it matches the particulars of the ID.

BRR: What kind of a potential do you see for such Fintech solutions in Pakistan?

NF: Pakistan has a strong system in place for fingerprints under the Nadra’s biometric identity database.  It is a good system, but it will be a difficult question to use this system to secure digital transactions. How about leveraging the fingerprint biometric ID by putting it into your secure ID in your smartphone or feature phone through the Sim? That way, the digital ID exactly matches who a person really is. And that ID cannot be stolen.

Then whatever you do over the Internet – banking, payments, purchases – those records will be kept in one big database. That financial history can also become a source of credit check for future financing. In this way, digital security can become a driving force for the economy. This is how the Japanese government is encouraging Fintech’s to operate in this space as banks are now required to open their APIs (application programming interface).

BRR: So who are the stakeholders that you have reached out to in Pakistan?

NF: We have had several meetings over the last few days. We have met the representatives at the State Bank of Pakistan, to understand whether what we are trying to bring in makes sense with the compliance and regulatory guidelines in Pakistan. We have also interacted with the telecoms sector, including the sector regulator PTA and some mobile network operators. We have also met with the BISP Chairperson, who has appreciated our idea for its utility in the microfinance sector as well.

BRR: What were the takeaways from those interactions?

NF: Both the banking and telecoms regulators have welcomed us and appreciated our idea. In fact, the Ministry of IT & Telecoms would like to be a part of it if we go ahead with a public-private partnership arrangement. We have been encouraged to find partners from the private sector, especially in the telecoms and banking sectors. Unexpectedly, we have received an amazing response.

The people we have met here, who were all high-level executives in the private sector and high-ranking officials in the government, have really impressed me with their level of understanding of digital technology and how it can drive economic growth. Each one of the executives and officials that we met understands the key issues facing this sector. I am glad that they all understood the essence of this technology. They all gave us a lot of guidance and introduced us with more people.

We are very hopeful to bring in this technology to Pakistan, in partnership with  Saffran group. Think of this technology as more like an operating system, through which many other applications can be built. The banks can use it, e-commerce sector can use it, and health sector can use it, among others.

BRR: Towards the end, Fintech is about innovative disruption but conventional banking and finance is erring on the side of risk-aversion to maintain integrity of the financial system. What kind of Fintech regulations should a developing country like Pakistan have?

NF: I believe that all of the cyber flaws come from the digital ID not matching with the real ID. So I think the KYC for digital services needs to be especially regulated to avoid the potential for mismatch. Apple, Google or Facebook cannot do it. Be it Japan or Pakistan, the digital KYC needs to be regulated and made stricter.

Digital signature technology is in the market since 1980s, and on some levels it has been adopted, mostly at enterprise level. But mass market has not adopted because this technology is so costly for individuals. However, our platform affords a very low-cost method of using the digital signature. There is a need to set up digital certification authority in a regulated way. It can be undertaken by private sector, with an audit done by government. That way, every individual will have a digital certificate that cannot be stolen.

Concluded…