E-commerce transaction validation using IMS

E-commerce transaction validation using IMS - Presentation Transcript

E-commerce transaction validation by service providers Dominique Sandraz+, Paul Serra+, Antoni Drudis+, Claude Florin* Hewlett-Packard publication authors, presenter at ICIN 07 conference + *

Web e-commerce transactions Payment Buyers Merchant Shipment Context • − Credit card and web clearing-house are widely adopted by e-commerce consumers and merchants − Mobile payment initiatives and services, using NFC, SMS, WAP, applications and IVRs Investigation of possible improvements for IMS subscribers : • − Stronger authentication to prevent identity theft − Enhanced privacy of buyer’s identity − Support of anonymous transactions − Enhanced fraud protection 2 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

Improving e-commerce security Payment Buyers Merchant Validation Shipment service − Trusted party to validate buyers and merchants transactions • Enhances validation for specific applications using speech processing • Protects from denial of service attacks, reduce order repudiation − Protection of buyer’s privacy • ID management • Anonymous transactions − Complement clearing house payment services • Micro-payments, pre-paid debits, mobile 2.0 group split-billing • Clearing-house, credit-card interface aggregation, reporting 3 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

IMS Architecture - mobile Leveraging IMS for Web transactions Payment OSA AS Merchant / Charging HTTPS clearing OCS Parlay X Buyers Web 2G SCPservice WSDL identity Rf SIP Application HSS server Sh/11 AuC Sf User interaction NE MS TANN AKA ISC/12 CM L SIP Cx/16 CC XM VX Diameter ML L Gm/hh Mw/dd Mw/dd Mr/24 PLMN P-CSCF I-CSCF S-CSCF MRF UE / Transaction validation Home Visited ISIM domain domain Note : simplified view 4 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

Payment validation Merchant Order AS XML HTTP Request Merchant DB IP Confirmation service XML HTTP Response Clearing Web browser AS Payment service Validation Validation request response WSL WSL Service provider Validation request Transaction HSS validation SMS / voice 2-3G OK Confirmation service SMS / DTMF DTMF SMS ASR Buyer interaction TTS 5 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

User authentication Merchant Order AS XML HTTP Request Merchant DB IP Confirmation service XML HTTP Response Web Clearing browser AS Payment Ordering key service Validation Validation request response WSL WSL Service provider Ordering key request - response SMS / DTMF Transaction HSS Validation request validation 2-3G PIN service SMS / voice Confirmation DTMF SMS SMS / DTMF ASR TTS 6 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

Transaction micro-payment Merchant Order AS XML HTTP Request Merchant DB IP Confirmation service XML HTTP Response Web browser Clearing Debit CDR Validation request Validation response Communities WSL Service provider WSL Prepaid Validation request Transaction HSS validation SMS / voice 2-3G OK Confirmation service SMS / DTMF DTMF SMS Buyer interaction ASR TTS Note : many users may be sharing the order in a community using split-billing 7 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

Mobile clearing house validation Merchant Order AS XML HTTP Request Merchant DB IP Confirmation service XML HTTP Response Clearing Web browser AS Payment service Payment request Payment response WSL WSL Service provider Payment request Transaction HSS validation SMS / voice 2-3G OK Confirmation service SMS / DTMF DTMF SMS ASR Buyer interaction TTS 8 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

Anonymous user validation Hiding billing and shipment addresses Merchant Order AS XML HTTP Request Merchant DB IP Confirmation service XML HTTP Response Web Warehouse browser AS Validation request Validation response Shipment Ordering key service WSL WSL Shipping Address number WSL WSL Service Ordering key request - response provider SMS / DTMF Validation request Transaction 2-3G PIN HSS validation SMS / voice Confirmation service SMS / DTMF DTMF SMS ASR Note : user is anonymous to the merchant TTS 9 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

Telecom service providers added-value • Ubiquitous service access : ~2.5 *109 mobile users − Voice interaction with low literacy consumers − SMS, WAP, … • Micro-billing and credit : > 500 *109 € / year − Users < 18 years old, with low credit, P2P and C2B − 3rd party billing for value-added services (premium SMS and voice) − Mobile commerce revenue 2006 > 25 *109 € − Split billing to mobile 2.0 communities (games, sharing) • Strong user authentication − SIM / USIM authentication 10 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

Investigation results : • An application layer to validate e-commerce transactions can be deployed over an IMS architecture • Telecom service providers can add value in specific use cases to grow Web e-commerce : − Trust, authentication − Micro-payment − Mobile clearing house validation − Anonymous transactions − Ubiquitous access 11 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com

Thank you http://www.hp.com/go/opencall

Context : mobile payment services • Discontinued initiatives − Simpay (20 countries) − Paybox (< 1M users) • Current mobile payment players − Paypal mobile (26 B$ in 2006) − Obopay, Kushcash, Paybytext, Firethorn, Clairmail, mFoundry, mobileLime, PHIRE, Cyphermint, C-Sam, Lending Club, Billeo, Yodlee, Firethorn, Monitise, Clairmail, mShift, mFoundry, iPay − GSMA • MasterCard global hub for migrant workers remittances • Pay-Buy Mobile initiative 13 October 8, 2007 E-commerce transaction validation - claude.florin@hp.com