2. Feb. 17, 2014
Mobile Banking
• Mobile Phone User base
• MB Stakeholders & Concerns
• MB Developments &
Regulations
• MB Models, Methods and Types
• Mobile Communication
Technologies
• IMPS, AEPS, Mobile Wallet, NFC
Based Mobile Payments
2
3. Feb. 17, 2014
Mobile Banking (MB)
(Banking Services through a Mobile Phone)
3
Information Based
Services
Payment Transaction
Services
• Balance enquiry
• Account opening
•Statement of account
•Check book request
•Issue of Debit/credit card
•PIN/Password change
•ATM Location
•Complaints
•IFSC Code etc.
• Fund Transfer Instruction
•Term deposit Instruction
• Issue of draft
• Standing instruction for
periodic payments
•Utility bill payments
•Loans request
•Foreign Exchange delivery
etc.
4. 4Feb. 17, 2014
Advantages of Mobile Banking to a User
(1)Provides freedom from physical human interference due to straight
through automated electronic processing,
(2)Provides privacy to do banking transactions,
(3)Provides flexibility to operate any time round the clock and from
anywhere across the globe even during travel by flight, sea and road,
(4)Provides Convenience to avoid un-necessary travel to go to a
branch or ATM thereby saving time,
(5)Transaction cost is minimum compared to banking through branch,
internet, ATM, POS and Banking Correspondent (BC) etc,
(6)Provides confidence as the source of initiation of a payment
instruction and confirmation of completion of payment transaction
happen at one’s own trusted mobile device,
(7)Enhances reliability on the Bank on account of quick, real time
confirmation of transactions and least number of failures.
(8)Provides choice to use as per the available communication
channels at a place and features supported by the mobile device.
5. Feb. 17, 2014
Mobile Phone User’s Concerns
• Ownership
• Awareness
• Mobile Phone Features
• Cost
• Service providers
• Registration
• Security
• Language compatibility
• Support
• Complaints 5
6. Feb. 17, 2014
Mobile Banking Developments
• RBI’s Operative Guidelines for Banks on
Mobile Banking ( 2008, 2010, 2011)
• MPFI’s Interoperability Standards for
Mobile Payments (2009, 2010)
• IMG Report on Delivery of Basic Financial
Services using Mobile Phones (2010 )
• UIDAI-IBA Micro ATM Standards for FI
(2010)
• MPFI’s Discussion Paper on Security for
Mobile Payments (2011)
• Launch of IMPS (2010), Merchant
Payments, NEFT, AEPS (2012).
• Mobile Banking Security Lab,IDRBT,2012, 6
7. Feb. 17, 2014 7
Mobile Payment (MP)
( Models, Methods & Types )
MP Models : Bank Centric, Telecom Operator Centric,
Application Provider Centric, Hybrid
MP Methods :
Push method : Payer (Customer-x) initiates the payment
instruction for debiting his/her account to pay to the
beneficiary (Customer –y )
Pull method : Payee (Beneficiary-y) initiates the payment
request for crediting his/her account from customer-x
MP Types :
Type 1: The necessary details of both payer and payee
including the name, mobile number, bank name, bank
account number, MPP Id, and the amount must be entered
for each transaction.
Type 2: The only details that need to be entered are the
mobile numbers of the 2nd party, MMID # and the amount.
7
8. 8Feb. 17, 2014
Classification of Mobile Payments
Based on
Value
Micro
Payments
Based on
Charging
Method
Based on
Location
Based on the
validation of the
tokens exchanged
Macro
Payments
Mini
Payments Proximity
Payments
Remote
Payments
Pre-paid
Post-paid Online
Payments
Offline
Payments
(ex: e-coins)
9. Feb. 17, 2014
Enabling Mobile
Technologies
User
Interface
Platforms
Security
enablers
Transport
Short-
range
Long-
range
GSM
GPRS
RFID
Bluetooth
Infrared
3G
SAT
Java ME
Android,
i-OS,
Blackberry,
Simbian,
Windows
CE etc
Voice
SMS
USSD
WAPMicro
SD
Card
USIM
SIM
4G
NFC
9
10. Feb. 17, 2014
Bank – A
(ISSUER)
Bank –B
(ACQUIRER)
Payment Gateway
(NPCI)
Settlement
(RBI)
Interbank (Immediate)
Mobile Payment Service
(IMPS)
Payer-X Payee- Y
10
11. BC Micro ATM ATM /
Merchant PoS
Bank A Bank B
Payment Gateway
(NPCI)
Biometric
Authentication
( UIDAI )
Settlement
(RBI)
Customer
Mobile based Financial Inclusion,
P2M IMPS and
Mobile Wallet Payments
Feb. 17, 2014 11
12. MP bearer channels of wireless medium :
•IVRS : Interactive Voice Response System
•SMS : Short Message Service
•USSD : Un-structured Supplementary Service Data
•GPRS : General Packet Radio service
•WAP : Wireless Application Protocol
•WiFi : Wireless Fidelity
•RFID : Radio Frequency Identification
•NFC : Near Field Communication
•Bluetooth
•WiMax : Wireless Interoperability of Mobile
Access
•LTE : Long Term Evolution etc.
Feb. 17, 2014 12
13. Feb. 17, 2014
Security
• Basic Properties of Security
• Security Policy & Access Control
Models
• Security Enforcement
– Technology, Business, Regulatory & Legal
Control
• Technology : Cryptology
– Cryptography & Cryptanalysis
» Encryption & Decryption
» Symmetric key ( Password, m-Pin )
» Asymmetric key (PKI , WPKI )
• Layers of OSI Model
13
14. Feb. 17, 2014
Mobile Banking Security
• Authentication
– User, Device, Application, Transaction
– Direct, Indirect
– Factors : You Know (UK), You Have (UH), You Are (UR)
– One Way, Mutual
• End to End Security between Source (S)
and Destination (D)
– Mobile Phone (S) and Telco (T)
– Mobile Phone (S) and Mobile Payment Provider (D)
– Mobile Phone (S) and Bank Server (S)
– Mobile Phone (S) to Mobile Phone (D)
– MPP to Bank : SSL / TCP
– Bank to NPCI : SSL/TCP
• Security Standard: Device level, Application
level, Communication Level 14
15. Some reported attacks on
Mobile Phones
• Phishing
• Botnet
• Fake Player
• Trojan horse
• Bluejacking
(Symbian )
• BlueBug
• BlueSnarfing
• BluePrinting
•Cabir (First in 2004 )
•Comwar
•Skulls
•Windows CE virus
Feb. 17, 2014 15
16. Feb. 17, 2014
Security Concerns on
• Display, Personal Data, Folders and
Applications on the MP
• Channels supported by the MP
• Storing Confidential Information on
the MP and Privacy Protection
• Installation, activation and use of
critical Applications on the MP
• Changing the Mobile Phone / SIM /
Micro SD Card ( MNP, MAP)
16
17. Feb. 17, 2014
Security Concerns on
• Protecting MP from side channel
attacks
• Differentiable Services with varied
security levels
• Data synchronization and Back Up
of data
• Secure Element for storing of Keys
• Erasing foot prints and logs
periodically 18