• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SDP Global Summit 2012
 

SDP Global Summit 2012

on

  • 118 views

 

Statistics

Views

Total Views
118
Views on SlideShare
118
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SDP Global Summit 2012 SDP Global Summit 2012 Presentation Transcript

    • Mobile Payments SDP Global Summit Rome 12. 9. 2012 Martin Prosek, VAS Platform Development Manager Telefónica Czech Republic
    • Telefó About Telefónica Czech Republic Fixed and mobile voice and data, IPTV Operated under commercial brand O2 1
    • Telefó Telefónica Globally 2
    • BlueVia – Global APIs https://bluevia.com/
    • Introduction 01 Mobile Payments Quick Review 02 Telefónica Czech Republic Experience 03 Opportunities 04 Technical Solutions 05 Risks and their Mitigations 06 Summary/Recommendations Disclaimer: The opinions of the author expressed in this document do not necessarily state or reflect those of Telefónica company 4
    • Mobile Payments Most popular service • • • Users use it – it is convenient method how to perform purchases Developers need it – provides monetization Operators like it – gives place in the value chain and another revenue stream Mobile Network Mobile Network Operator Operator Consumer Let us do some quick review… Content Provider
    • Payments? What are the Mobile Payments? Many definitions exist… • It generally refers to payment services performed from or via a mobile device. Focus on Mobile Network Operator service • • • • Not mobile banking Not payments using credit/debit card Not payment through online payment provider Not NFC Direct to bill (D2B)
    • Experience in Telefonica CZ Today is 10th anniversay of service mJuice m-Platby • USSD based, used or cinema tickets purchase Premium SMS – 7 years old service Mobile web payments m-platba – 3 years old All these payment solutions are pre-SDP
    • Mobile Payment Methods Premium SMS – oldest one Mobile web – already established In-app payments – great for freemium InSmartphones penetration still grows… One-off payments Subscriptions/direct debit Google Android Apple iOS 200802 200806 200810 200902 200906 200910 201002 201006 201010 201102 201106
    • Limitations Transaction fees are and will be still high Limited use for intangible goods, mostly consummable on the mobile device
    • Opportunity The situation is very positive • • • • The smartphones penetration is high Users already have learned to pay for apps Operators are perceived as trusted parties and have good track of history in mobile content User experience is better than for using payment cards Mobile Payments can substitute the declining content revenues Mobile Payments can help operators to return to the value chain and stop being dumb pipe
    • Technical Solutions SDPs – standard means to expose Payment API API standards Operator Operator
    • Business Risks Repudiation • • When operator cannot prove user‘s consent user later can reject the payment Closely connected to subscribe identification Provider charging without providing service • • By mistake or technical failure Biggest problem can be fraudulent use Unclear relation to the provider • Not possible to get clear responsibility
    • Technical Risks Communication is not direct anymore Operator Operator Man-in-the-middle (M-I-M) attacks are possible Provider Provider Operator Operator Even the app itself can compromise the payment security – App-in-theApp-in-the-middle (A-I-M)* App App * Known examples: fraudulent Premium SMS sending… Provider Provider Operator Operator
    • Mitigations Possible Risk Mitigations Payment transactions and/or spend limits (per day, month…) Different security levels for different amount of payments • E.g. for purchases under 2 € lower security Security influenced design of payment authorization • • • User giving consent as directly as possible (no M-I-M) Verification of human interaction (login by username/password, PIN, captcha, mouse movements/gestures…) Alternative communication channels (SMS, USSD…), use of one-time password
    • Mitigations Possible Risk Mitigations Payment notifications (by SMS and/or e-mails) • User gets info about payment transaction everytime Offering opt-in model • Use must confirm intention to have payments enabled Best solution would be use of SIM-based transaction signing
    • Good Balance of Security and Convenience One click payments No authorization Opt-out Convenience Security Authorized payments Opt-in SIM-Toolkit based security
    • Recommendations Let the user be in control of the service security settings – provide good web selfcare Give the user access to full history of the payments – on the web selfcare MADo your best to have direct access to user (no M-I-M or A-I-M) Have clear contracts with providers stating responsibility for all cases all 17
    • Empire… Last Days of the Roman Empire… Mobile Network Operators had created „empires“ Huge revenues were funding their development But now the „empires“ are under attacks of „barbarians“ from outside (the Internet…) If operators are not acting now the position in the value chain might be lost – the „fall of empire“
    • Questions?
    • Thank you.