Global Messaging 2009 - Mobile Ticketing and Payments
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Global Messaging 2009 - Mobile Ticketing and Payments

  • 2,418 views
Uploaded on

Talk given by Tom at the Global Messaging 2009 conference in London on 24th June 2009. It coverred the essence of what makes a good mobile service, using Masabi's UK rail work as a case study.

Talk given by Tom at the Global Messaging 2009 conference in London on 24th June 2009. It coverred the essence of what makes a good mobile service, using Masabi's UK rail work as a case study.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,418
On Slideshare
2,346
From Embeds
72
Number of Embeds
7

Actions

Shares
Downloads
105
Comments
0
Likes
0

Embeds 72

http://blog.masabi.com 42
http://www.masabi.com 12
http://masochismtango.com 10
http://www.slideshare.net 3
http://www.linkedin.com 3
http://www.thefonecast.com 1
https://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Masabi have been producing downloadable mobile applications for over 7 years, and today Masabi secure mobile applications process millions of dollars worth of transactions every year
  • SMS purchase from a vending machine isn’t going to work – people use cash. The fact that the vending machine oepratopr may be able to shave a few % off vandalism repairs and reduced theft doesn’t matter to the user.
  • Source: Strategy Analytics (http://iphone.tmcnet.com/topics/iphone/articles/55332-global-handset-shipment-falls-record-rate-during-q1.htm)5800 2.6m vsiPhone 3.8mNokia about 25x sales of Apple – bad quarter for Nokia
  • TODO new screenshots
  • By ‘other payments’ => should never send credit card number over a normal text
  • Wap “https” not the same as web https
  • TODO new screenshots
  • It’s a great system, but worth considering why – need to consider the bigger picture
  • Come see me after for live demos, or to chat about building secure mobile applications form-commerce,Banking,Ticketing,Messaging,Read our blog for more details on security.blog.masabi.com

Transcript

  • 1. Secure Payment and Ticketing Applications
    Tom Godber - CTO Masabi
  • 2. Agenda
    Who Are Masabi
    The Mobile Experience
    Mobile Ticketing
    Taking Mobile Payments
  • 3. About Masabi
    • 20 currencies
    • 4. 4 alphabets
    • 5. 2 Factor Authentication
    • 6. Secure messaging
    • 7. UK Rail Ticket Standard
  • The Mobile Experience – All Sweetness and Light?
  • 8. Mobile Masochism
    The mobile experience is about PAIN
    Texting on a Moto…
    Pretty much anything at all onNokia’s touchscreen S60…
    User experience is becoming important
    Ex-RAZR users often won’t Moto again
    But nothing is perfect, even Steve
  • 9. Many Services Will Fail
    Good ideas are common
    Good ideas which actually work aren’t
    Given handset constraints…
    Given real world conditions…
    Compared to existing alternatives…
  • 10. Pick Your Battles
    A successful service must offer a significant advantage to the user
    An mPaymentmust be easier than cash and cards
    Just because a user can do something, doesn’t mean they will
    Offer net pain relief
  • 11. Considerations
    User probably moving
    Must be simple
    Must be resilient
    Has user got alternatives?
    Cash
    Debit/credit cards
    PC
  • 12. Connecting With The RealWorld
  • 13. UK Rail Barcodes
    Reliable, fast
    Offline scanning
    Tickets still work when Internet doesn’t!
    Open security
    PKI signatures prevent modification
    Public Key verification is cheap, easy
    Royalty free, open barcodes
    Aztec scans best on a handset screen
  • 14. UK Train Ticketing
    Phone becomes your ticket
    Today’s reality:
    Only supported on a few routes
    Eg. our National Express trial
    3-6 months:
    Train franchises start to go live
    Some rollout of barcode reading gates
  • 15. Not Just a Ticket
    UK Rail Barcode has space for other entitlements
    Eg. Free coffee
    Bundle other sales together with ticket
    Barcodes have plenty of other uses
    Remove cash from high-risk environments to reduce ‘shrinkage’
  • 16. Mobile
    Ticket
    Delivery
  • 17. Handset Support
    Chiltern Railways ticket app trial showed:
    Adopted outside young male demographic
    Often user’s first transaction with a phone
    Tickets must be supported on everything!
    Smartphones are a niche
  • 18. Not All About The iPhone
  • 19. Ticket Delivery
    SMS tickets
    Wap tickets
    Local application ticket wallet
  • 20. Pure SMS Ticketing
    Picture messaging can carry small barcodes
    3 SMS per picture is expensive
    Too small for new rail ticket barcodes
    Simple insecure 1D or 2D barcodes only
    No text details for visual inspection
    Scanner always required
    Can be forwarded and reused
  • 21. Wap Ticketing
    Wap Push with ticket URL
    User downloads ticket
    Saves image like a wallpaper
    Must trust OMA DRM
    A lot of effort to size image
    Handsets often rescale an image that is slightly too big or small
    This plays havoc with barcode scanners!
  • 22. Java Ticket Wallet
    User installs local ticket wallet
    Server sends tickets over SMS
    One encrypted binary msg/ticket Delivered directly to wallet app
    App can display ticket details and barcode
    Better barcode rendering > faster scanning
    Details readable to an inspector
  • 23. BUT
  • 24. Address Customer Needs!
    UK Rail Tickets – mainly bought in the station!
  • 25. User Needs
    Ticket delivery is an extension of online
    Fairly useful for users without printers
    BUT most train tickets not bought online
    Sell from phone
    Buy in taxi / on street / in station
    Avoid queues
  • 26.
  • 27. Mobile Payment Channels
    SMS
    Premium SMS > phone bill
    Credit card over SMS
    Payment through the browser
    Payment through a local app
  • 28. SMS
    Premium SMS payment
    Good for simple transactions
    Easy to set up, works on everything
    30-60% operator cut
    Best for low-value high-margin items
    SMS insecure for any other payment
    Messages be read on stolen phones
    Messages be read on the network
  • 29. Mobile Browser Purchase
    Wap purchase is multi-step
    Repeat page loads slow and expensive
    Requires continuous connection
    Data mis-entry becomes painful
    Limited opportunity to help user with validation etc – not like full web AJAX
    Often insecure
    Wap1 inherently insecure
    Transcoders can mess with Wap2 and the mobile web
  • 30. Mobile Browsers
    Wap security
    Wap2 security
    Inherently insecure:
    Used on older browsers, “Wap” settings
    Like the web:
    Most handsetsuse this with “Internet” settings
  • 31. Transcoders with HTTPS
    Some transcoders leave HTTPS alone
    Others will insert themselves in the connection
    Handset cannot verify end certificate
    Just like a man-in-the-middle attack!
  • 32. Java Ticket Sales App
    Ticket purchase in UK
    Aimed at repeat users
    Intelligent client
    Helps user with data entry=> minimises resends
    After 1st purchase, just enter CVV
    Submits credit card purchase with one encrypted SMS
    Good when signal strength low
    Integrated into ticket wallet
  • 33. Technology Notes
  • 34. Java (someone has to like it)
    You don’t have to be the ‘best’
    Sometimes being the only option is good enough
    NOT suitable for everything
    Remember, pick your services
    Good for:
    Recurring purchases
    Flaky connections
    Retries, SMS fallback, fat intelligent client
  • 35. Near Field Communication
    A lot like “Oyster on your phone”
    (Almost) no handset support
    Common by 2013?
    NFC already embedded on cards
    Habit: you pay with a card, why use a phone?
    Who will pay for the infrastructure?
  • 36. NFC – Not Today
    NOKIA HANDSETS
    NOKIA NFC HANDSETS
  • 37. Some Notes On Oyster
    Great in London
    Almost everyone has to usepublic transport
    Locals ‘bribed’ to adopt with lower fares
    Large government subsidies
    Not economically viable to roll out elsewhere
    Even London overground train lines required £40m subsidy to support it
  • 38. tom@masabi.com+44 7967 551670@tomgodber