Minaoar Hossain Tanzil has become the Managing Director of Dhaka operation of Korean Smartcard manufacturing and payment giant- Kona within just ten years of his professional life. A computer science and engineering graduate from BUET, Tanzil has started his career back in 2007 in CodeCrafters International. While working there, he had finished his MBA from IBA. After CodeCrafters, Tazil joined SSD-TECH and worked there for the next few years as the Head of Strategic Business Division. In 2013, he joined KonaSL as its Head of Payment Lab in R&D. He gradually became Chief Information Officer, Deputy Managing Director and Managing Director within the next four years here.
For the last five years, Kona Software Lab Limited (KonaSL), a company with about a 100-strong team of engineers-has ‘a sleepy presence’ in Dhaka. It hires top-notch engineersmostly from BUET, Dhaka University, conducts implementable research works and develops solutions and products that are re-shaping the ways people conduct financial transactions.
KonaSL is basically a research & development (R&D) arm of South Korean smartcard manufacturer giant Kona. But instead of remaining just a branch office of its Korea based headquarters, Kona’s Dhaka office has been dictating the larger part of the global company’s next dictum.
Minaoar Hossain Tanzil is currently heading Kona’s Dhaka operation as the Managing Director of KonaSL. He is also acting as the Group Deputy Head of R&D in Kona’s global operation. The Fintech team recently went to Kona’s office-a 10,000 square foot spic and span place on the eighth floor of iconic Police Plaza Concord at the conjunction of Niketon and Gulshanand had a conversation with Mr Tanzil about the prospect and challenges of the digital payment industry. Here is an excerpt of that conversation for our Fintech readers.
FINTECH: Can you tell us something about your professional career?
MH Tanzil: After completing my graduation in Computer Science and Engineering (CSE) from BUET, I have started my Professional career in CodeCrafters International in 2007. It was an American Company which used to develop investment rating software. While working there, I had completed my MBA from IBA in 2011. After that, I worked in SSD-TECH as the Head of Strategic Business Unit. SSD-TECH develops telecommunication software.
Grameenphone is one of its largest partners and it uses state of the art Single Interactive Voice Response (IVR) platform developed by SSD-TECH under my supervision as Tech Lead. From SSD-TECH, I joined in the Kona Software Lab Limited (KonaSL) in 2013 as the manager of Research & Development (R&D) department. Later I was made the Deputy Managing Director there and hold that incumbency for two years. In July this year, I was made the Managing Director of KonaSL.
FINTECH: What does KonaSL do? Why does it have a sleepy presence here? I mean if you consider the scenario of Bangladesh, a hundred-engineer strong software firm is considered as a large firm. Why its products are not publicized?
MH Tanzil: To understand the scope of KonaSL’s work. You first need to know about Kona. Kona is a South Korean public limited company. Like Java-which is the name of a coffee- the name of this company-Kona-too is given after the name of a coffee. Kona is the market name of a coffee (coffee Arabica) cultivated on the slopes of North and South Kona districts of Hawaii. The most popular product of the company – Java operating system based smart card was named after this coffee bean Kona. This name however was given back in 2012 as the company name whereas the company started its business operation in Korea in 1998. At the beginning, its name was Korea Electronic Banking Technology (KEBT). KEBT primarily was and still is a smartcard manufactures. It manufactures all sorts of state-of-the art chip based cards for banks including debit and credit cards.
Since the company was intricately related with the banking industry, at one point it thought of designing and developing software solution for the banks and giving them a full package of digital payment platforms. Besides, the Kona group aimed to become a global leader of FinTech so it planned to invest significant amount in R&D for developing digital payment solution.
Keeping that in mind, Kona established a research wing in Dhaka with the name KonaSL in 2012. Kona has operations in countries like USA, China, Brazil, India, Indonesia and Nigeria but it opted for opening a R&D office in Dhaka because of some reasons. The investors back in Korea were convinced that Bangladeshis are were more trustworthy, industrious and meritorious. Because of those traits (in their eyes), they had opened the office here.
Kona’s Bangladesh office is fully funded by the headquarters in Korea.In Bangladesh, KSLL is registered with Office of the Registrar of Joint Stock Companies and Firms, so it is a fully operational company in Bangladesh with cent percent foreign direct investment (FDI). Kona invests more than million US dollar per year for its Bangladesh operation.
Now answering to your question-why Kona has a ‘sleepy presence here?’-I can say that KSLL actually doesn’t have a sleepy presence here. In the tech arena, industry people are already aware about its presence. May be part of the reason that common people are not aware about our presence is because as of now we haven’t introduced any of our products or solutions for the Bangladeshi market. As I said earlier that we are the R&D wing of Korea based Kona in Dhaka. We however hire the best local engineers here. The products we have developed-which is digital payment solutions-is chiefly being introduced in the Korean market. That doesn’t mean our products will not be launched in Dhaka. Of course it will be. In fact we want to introduce our solutions globally in lot other countries.
FINTECH: What sorts of payment solutions or products KonaSL have developed here?
MH Tanzil: From Kona’s Dhaka office, a new payment platform named KonaPay has been developed. KonaSL has been instrumental in developing KonaPay, from initiation, development to certification. In 2016, Kona got the Digital Banking license in Korea and started its digital banking operation there in Korea with KonaPay. So basically KonaPay has changed the operational motto of this $200 million global company. From ‘just’ a smartcard manufacturer, now the company has also become a payment platform provider.
Besides, KonaPay, there is another solution called KonaMoney. We call it digitization with limited banking system. Unlike KonaPay, in where, the transaction has to be processed through larger banking ecosystem; KonaMoney is not attached with traditional banking system. It has both a card management system and an authorization system. If any organizations want to establish an independent brand and want to use it as a local payment platform, then it can use Konamoney.
FINTECH: What does digitization of payment system mean? How secure is the platform? Can you shed some light on its operational procedure?
MH Tanzil: Digitization of payment system is a complex issue. To fully understand what lies beneath requires sophisticated technical knowledge. I can try to explain you things in as easy manners as possible.
We all use a Subscriber Information Module (SIM) card in our phone but many of us don’t know that a SIM hasa processor and because of the presence of a processor, it can work like a smartcard as well. Conceptually and theoretically, it is possible to run the application of a banking card (debit or credit card) in a SIM card. The name of this solution is Trusted Service Manager (TSM).
TSM interconnects with Mobile Network Operator (MNO) and Service Providers (SP). The main role envisaged for the TSM is to help service providers securely distribute and manage contactless services for their customers using the networks of mobile operators. However, the TSM does not participate in actual contactless transactions using Near Field Communication (NFC) devices. TSM has been gaining popularity in Europe since 2004-2005.
KonaSL started its R&D on TSM from its Bangladesh office in 2012. When we started working on TSM, there were others in the market globally who also had conducted significant R&D on TSM. There was a company named Softcard in the US and of course there was also Google Wallet. But their initiative failed globally because the banks and telecommunications were two completely different industries who couldn’t dovetail. It became hard for them to formulate a reasonable business partnership.
At the end of 2013, we have started two labs in our Bangladesh operation-one was payment lab and the other one was security lab.
In our payment lab, we conducted R&D on Host card Emulation (HCE). HCE is the term describing on-device technology that permits a phone to perform card emulation on a NFC-enabled device without relying on access to a secure element. The role of the phone Operating System (OS) in HCE is to provide two possible communication paths for NFC commands from the POS contactless reader based on the AID of the app requesting the transaction. The phone OS will use the AID passed from the phone’s NFC controller to route NFC commands to either a secure element or to a trusted app managing the host card emulation.
This new technology gained celebrity status in 2013 when Google announced support for HCE in the KitKat OS. Suddenly with HCE and cloud issuance, millions of phones could be enabled for payment with a simple app update; so it was a real game changer. Visa and MasterCard announced work on HCE specifications in the following years as well. That innovation opened an alternative path to contactless payments and other services that had no reliance on secure elements.
Meanwhile, the main task of our security lab is to develop public key infrastructure (PKI) on the top of the smartcard. The applications that we developed are all Federal Information Processing Standard (FIPS)-1402 certified. FIPS is a U.S. government computer security standard used to approve cryptographic modules. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module.
FINTECH: How the security of financial transactions is ensured in the digital platform?
MH Tanzil: Again, that’s not a topic which could be understood without strong technical knowledge. You have to know about EMV. EMV is a global standard for credit and debit payment cards based on chip card technologytaking its name from the card schemes, Europay, MasterCard, and Visa – the original card schemes that developed it.
The standard covers the processing of credit and debit card payments using a card that contains a microprocessor chip. EMV defines the global standard. They define how a mobile application can hold banking card. Unlike magnetic stripe transactions, where typically only the card’s track 2 data containing the card number and expiry date is processed, every chip card transaction contain dozens of pieces of information to be exchanged between the card, the terminal and the acquiring bank or processors host. This requires the terminal to perform many stages of complex processing, including cryptographic authentication, to successfully complete a transaction.
Now keeping the card number inside the mobile phone is very vulnerable. If you want to do online shopping, all you need is a 16 digit number and a 3 digit CVV code. If someone somehow gets your credit card number, then it’s not that hard for him/her to get that CVV number because that can be found by running a small computer code. So the most secured information is basically the 14, 15 or 16 digit numbers that appears on the primary account holder’s credit card. We call this Primary Account Number (PAN) and it shouldn’t appear in anywhere in the mobile system unless the system is secured. This is because if we keep PAN in the phone, it will get exposed to the world.
In 2014, the EMV first brought a specification which is called tokenization framework. It is basically a new security technology that replaces sensitive account information, such as the 16-digit account number, with a unique digital identifier called a token. The token allows payments to be processed without exposing actual account details that could potentially be compromised.
In November 2014, in KonaSL, we develop an app following the tokenization framework and we took it to the Cartes exhibition in Paris. Cartes exhibition is the largest exhibition for smartcards. From our Bangladesh team, eight people went there and demonstrated the functionality of the app. In the history of Kona, that was one of the most successful demonstrations among all the exhibitions.
In 2015, we were the first one to receive global certification for developing mobile application. We were among only two companies across the world which got that certification- a company from Canada being the other one. The payment and security technology on which we work, only Apple had worked on those before us in developing their Apple Pay. But Apple’s ecosystem is closed and that only works within the Apple devices network. So the rest of the world, I mean the financial and technological world don’t have access there. We first launched our KonaPay application in Korea in July 2015. We demonstrated the application in Money2020 exhibition in Las Vegas USA in October 2015 and like Paris, it also received applause there.
FINTECH:: What are the challenges of completely digitizing the payment platform in Bangladesh? I mean when we will be able to see financial transaction happening through mobile app here?
MH Tanzil: The financial transaction market is obviously changing globally. It is also slowly changing in Bangladesh. But you have to understand that the app which does financial transaction is not like any other apps. The most important part of an app that does financial transaction is its security. For developing such app, at first, you need to conduct your R&D properly. You need to measure the whole scenario from a vantage point so that you can full-proof your system. If you leave any hole, then the system will be compromised through that.
This is because when you conduct financial transaction through your mobile phone, it means, your financial data is open to the operating system (OS) of your smartphone. Now the OS used in the smartphone is called Rich OS for rich user experience. Earlier the payment system was made through a secured OS of smartcards. Now to meet up the need of delivery channel of the consumers; it has been introduced into a system that has Rich OS. The free Rich OS has better user experience but of course the security is heavily compromised here. So the first and foremost challenge is to develop security here.
Another challenge is the adoptability. A bank here can process the regular delivery channels like cash, cheque or debits and credit cards. It cannot process app as of now. Now digitization of banking is basically bringing that card facility inside of an app. So some changes have to be brought in the banking system. Similarly, when we use that app to do some transactions, some changes have to be made in the transaction system as well. All these changes have to be inter-operable. It means the app will have to be compatible with all-Visa, Mastercard and others.
In Bangladesh, we are now working with two banks. These two banks have been investing a lot on technology. We are giving technical backend support to those banks for enabling them to digitize their payment platforms.
As the country per capita income is increasing, lot of cashless & transactions need to be taken place like developed countries. Also cashless transactions has lot of advantages which you are aware of. I believe, within the next few years, due to such incremental demand market in Bangladesh will be ready and you will hear more from us by that time. ■