Your SlideShare is downloading. ×
Global Messaging 2009 - Mobile Ticketing and Payments
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Global Messaging 2009 - Mobile Ticketing and Payments

1,052
views

Published on

Talk given by Tom at the Global Messaging 2009 conference in London on 24th June 2009. It coverred the essence of what makes a good mobile service, using Masabi's UK rail work as a case study.

Talk given by Tom at the Global Messaging 2009 conference in London on 24th June 2009. It coverred the essence of what makes a good mobile service, using Masabi's UK rail work as a case study.

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,052
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
105
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Masabi have been producing downloadable mobile applications for over 7 years, and today Masabi secure mobile applications process millions of dollars worth of transactions every year
  • SMS purchase from a vending machine isn’t going to work – people use cash. The fact that the vending machine oepratopr may be able to shave a few % off vandalism repairs and reduced theft doesn’t matter to the user.
  • Source: Strategy Analytics (http://iphone.tmcnet.com/topics/iphone/articles/55332-global-handset-shipment-falls-record-rate-during-q1.htm)5800 2.6m vsiPhone 3.8mNokia about 25x sales of Apple – bad quarter for Nokia
  • TODO new screenshots
  • By ‘other payments’ => should never send credit card number over a normal text
  • Wap “https” not the same as web https
  • TODO new screenshots
  • It’s a great system, but worth considering why – need to consider the bigger picture
  • Come see me after for live demos, or to chat about building secure mobile applications form-commerce,Banking,Ticketing,Messaging,Read our blog for more details on security.blog.masabi.com
  • Transcript

    • 1. Secure Payment and Ticketing Applications
      Tom Godber - CTO Masabi
    • 2. Agenda
      Who Are Masabi
      The Mobile Experience
      Mobile Ticketing
      Taking Mobile Payments
    • 3. About Masabi
      • 20 currencies
      • 4. 4 alphabets
      • 5. 2 Factor Authentication
      • 6. Secure messaging
      • 7. UK Rail Ticket Standard
    • The Mobile Experience – All Sweetness and Light?
    • 8. Mobile Masochism
      The mobile experience is about PAIN
      Texting on a Moto…
      Pretty much anything at all onNokia’s touchscreen S60…
      User experience is becoming important
      Ex-RAZR users often won’t Moto again
      But nothing is perfect, even Steve
    • 9. Many Services Will Fail
      Good ideas are common
      Good ideas which actually work aren’t
      Given handset constraints…
      Given real world conditions…
      Compared to existing alternatives…
    • 10. Pick Your Battles
      A successful service must offer a significant advantage to the user
      An mPaymentmust be easier than cash and cards
      Just because a user can do something, doesn’t mean they will
      Offer net pain relief
    • 11. Considerations
      User probably moving
      Must be simple
      Must be resilient
      Has user got alternatives?
      Cash
      Debit/credit cards
      PC
    • 12. Connecting With The RealWorld
    • 13. UK Rail Barcodes
      Reliable, fast
      Offline scanning
      Tickets still work when Internet doesn’t!
      Open security
      PKI signatures prevent modification
      Public Key verification is cheap, easy
      Royalty free, open barcodes
      Aztec scans best on a handset screen
    • 14. UK Train Ticketing
      Phone becomes your ticket
      Today’s reality:
      Only supported on a few routes
      Eg. our National Express trial
      3-6 months:
      Train franchises start to go live
      Some rollout of barcode reading gates
    • 15. Not Just a Ticket
      UK Rail Barcode has space for other entitlements
      Eg. Free coffee
      Bundle other sales together with ticket
      Barcodes have plenty of other uses
      Remove cash from high-risk environments to reduce ‘shrinkage’
    • 16. Mobile
      Ticket
      Delivery
    • 17. Handset Support
      Chiltern Railways ticket app trial showed:
      Adopted outside young male demographic
      Often user’s first transaction with a phone
      Tickets must be supported on everything!
      Smartphones are a niche
    • 18. Not All About The iPhone
    • 19. Ticket Delivery
      SMS tickets
      Wap tickets
      Local application ticket wallet
    • 20. Pure SMS Ticketing
      Picture messaging can carry small barcodes
      3 SMS per picture is expensive
      Too small for new rail ticket barcodes
      Simple insecure 1D or 2D barcodes only
      No text details for visual inspection
      Scanner always required
      Can be forwarded and reused
    • 21. Wap Ticketing
      Wap Push with ticket URL
      User downloads ticket
      Saves image like a wallpaper
      Must trust OMA DRM
      A lot of effort to size image
      Handsets often rescale an image that is slightly too big or small
      This plays havoc with barcode scanners!
    • 22. Java Ticket Wallet
      User installs local ticket wallet
      Server sends tickets over SMS
      One encrypted binary msg/ticket Delivered directly to wallet app
      App can display ticket details and barcode
      Better barcode rendering > faster scanning
      Details readable to an inspector
    • 23. BUT
    • 24. Address Customer Needs!
      UK Rail Tickets – mainly bought in the station!
    • 25. User Needs
      Ticket delivery is an extension of online
      Fairly useful for users without printers
      BUT most train tickets not bought online
      Sell from phone
      Buy in taxi / on street / in station
      Avoid queues
    • 26.
    • 27. Mobile Payment Channels
      SMS
      Premium SMS > phone bill
      Credit card over SMS
      Payment through the browser
      Payment through a local app
    • 28. SMS
      Premium SMS payment
      Good for simple transactions
      Easy to set up, works on everything
      30-60% operator cut
      Best for low-value high-margin items
      SMS insecure for any other payment
      Messages be read on stolen phones
      Messages be read on the network
    • 29. Mobile Browser Purchase
      Wap purchase is multi-step
      Repeat page loads slow and expensive
      Requires continuous connection
      Data mis-entry becomes painful
      Limited opportunity to help user with validation etc – not like full web AJAX
      Often insecure
      Wap1 inherently insecure
      Transcoders can mess with Wap2 and the mobile web
    • 30. Mobile Browsers
      Wap security
      Wap2 security
      Inherently insecure:
      Used on older browsers, “Wap” settings
      Like the web:
      Most handsetsuse this with “Internet” settings
    • 31. Transcoders with HTTPS
      Some transcoders leave HTTPS alone
      Others will insert themselves in the connection
      Handset cannot verify end certificate
      Just like a man-in-the-middle attack!
    • 32. Java Ticket Sales App
      Ticket purchase in UK
      Aimed at repeat users
      Intelligent client
      Helps user with data entry=> minimises resends
      After 1st purchase, just enter CVV
      Submits credit card purchase with one encrypted SMS
      Good when signal strength low
      Integrated into ticket wallet
    • 33. Technology Notes
    • 34. Java (someone has to like it)
      You don’t have to be the ‘best’
      Sometimes being the only option is good enough
      NOT suitable for everything
      Remember, pick your services
      Good for:
      Recurring purchases
      Flaky connections
      Retries, SMS fallback, fat intelligent client
    • 35. Near Field Communication
      A lot like “Oyster on your phone”
      (Almost) no handset support
      Common by 2013?
      NFC already embedded on cards
      Habit: you pay with a card, why use a phone?
      Who will pay for the infrastructure?
    • 36. NFC – Not Today
      NOKIA HANDSETS
      NOKIA NFC HANDSETS
    • 37. Some Notes On Oyster
      Great in London
      Almost everyone has to usepublic transport
      Locals ‘bribed’ to adopt with lower fares
      Large government subsidies
      Not economically viable to roll out elsewhere
      Even London overground train lines required £40m subsidy to support it
    • 38. tom@masabi.com+44 7967 551670@tomgodber