International Remittance And Mobile Banking


Published on

Presented on NTU, Singapore;
March 19, 2009.

International Remittance And Mobile Banking

  1. 1. International Remittance and Mobile Banking NTU, Singapore 19 March 2009 Arief Hamdani Gunawan
  2. 2. Outline <ul><li>International Remittance </li></ul><ul><ul><li>Facts and Figures </li></ul></ul><ul><ul><li>General Principles </li></ul></ul><ul><ul><li>Models </li></ul></ul><ul><li>Mobile Banking </li></ul><ul><li>m-Commerce </li></ul><ul><li>Mobile Payment </li></ul><ul><li>Challenges </li></ul>
  3. 3. World Wide Remittance
  4. 4. The General Principles for International Remittance Services (CPSS/World Bank - General principles for remittances - January 2007) <ul><li>The General Principles are aimed at the public policy objectives of achieving safe and efficient international remittance services. To this end, the markets for the services should be contestable, transparent, accessible and sound. </li></ul><ul><li>Transparency and consumer protection </li></ul><ul><li>General Principle 1. The market for remittance services should be transparent and have adequate consumer protection. </li></ul><ul><li>Payment system infrastructure </li></ul><ul><li>General Principle 2. Improvements to payment system infrastructure that have the potential to increase the efficiency of remittance services should be encouraged. </li></ul><ul><li>Legal and regulatory environment </li></ul><ul><li>General Principle 3. Remittance services should be supported by a sound, predictable, nondiscriminatory and proportionate legal and regulatory framework in relevant jurisdictions. </li></ul><ul><li>Market structure and competition </li></ul><ul><li>General Principle 4. Competitive market conditions, including appropriate access to domestic payment infrastructures, should be fostered in the remittance industry. </li></ul><ul><li>Governance and risk management </li></ul><ul><li>General Principle 5. Remittance services should be supported by appropriate governance and risk management practices. </li></ul>Committee on Payment and Settlement Systems / The World Bank
  5. 5. The General Principles for International Remittance Services (CPSS/World Bank - General principles for remittances - January 2007) <ul><li>Roles of remittance service providers and public authorities </li></ul><ul><li>A. Role of remittance service providers . </li></ul><ul><li>Remittance service providers should participate actively in the implementation of the General Principles. </li></ul><ul><li>B. Role of public authorities . </li></ul><ul><li>Public authorities should evaluate what action to take to achieve the public policy objectives through implementation of the General Principles. </li></ul>Committee on Payment and Settlement Systems / The World Bank
  6. 6. The most and least costly &quot;country corridors&quot;: (Country Corridors & Average cost in US$) <ul><li>$200 </li></ul><ul><li>Top 5 (least costly): </li></ul><ul><li>Spain to Brazil 7.45 </li></ul><ul><li>United States to El Salvador 9.17 </li></ul><ul><li>United States to Ecuador 9.39 </li></ul><ul><li>United States to Honduras 9.41 </li></ul><ul><li>Saudi Arabia to Philippines 9.56 </li></ul><ul><li>Bottom 5 (most costly): </li></ul><ul><li>Germany to China 49.30 </li></ul><ul><li>Germany to Romania 48.79 </li></ul><ul><li>South Africa to Zambia 47.02 </li></ul><ul><li>Netherlands to Indonesia 45.09 </li></ul><ul><li>Germany to Croatia 42.45 </li></ul><ul><li>$500 </li></ul><ul><li>Top 5 (least costly): </li></ul><ul><li>Spain to Brazil 7.68 </li></ul><ul><li>United States to El Salvador 11.35 </li></ul><ul><li>United States to Honduras 12.48 </li></ul><ul><li>Saudi Arabia to Philippines 13.50 </li></ul><ul><li>United States to Lebanon 13.65 </li></ul><ul><li>Bottom 5 (most costly): </li></ul><ul><li>Netherlands to Indonesia 86.41 </li></ul><ul><li>Germany to Croatia 85.66 </li></ul><ul><li>South Africa to Zambia 81.08 </li></ul><ul><li>Germany to China 76.74 </li></ul><ul><li>Netherlands to Dominican Republic 70.58 </li></ul>Cost includes the transaction fee and exchange rate margin. Only those corridors where all the necessary information was provided are featured. Corridor averages are unweighted and do not reflect the market shares of the different firms that compose the average.
  7. 7. Remitting from Singapore to Indonesia     12.00   Total Average     10.00   Post office Average     10.88   MTO Average     17.50   Bank Average Apr 08, 2008 Next day. However, money can only be sent to branches of Mandiri Bank 25.00 Bank Bank Mandiri Apr 08, 2008 1-2 working days 15.00 MTO GPL Remittance Apr 08, 2008 15 minutes 12.00 MTO Western Union Apr 08, 2008 1-5 days 10.00 MTO Brunphil Express Apr 08, 2008 Same day to branches of BNI in Indonesia; 5 days to all other banks 10.00 Bank BNI (Bank Negara Indonesia) Apr 08, 2008 1-3 working days 10.00 MTO One Stop Remittance Apr 08, 2008 Next day 10.00 Post office Singapore Post (Cashome) Apr 08, 2008 Next day 10.00 MTO BTI Money Transfer Apr 08, 2008 10 minutes 10.00 MTO Ameer Tech (MG) - cash Apr 08, 2008 10 minutes 10.00 MTO Ameer Tech (MG) - account Apr 08, 2008 Next day 10.00 MTO MoneyWorld Date Transfer speed Fee (SGD) Firm type Firm name
  8. 8. Simple Model
  9. 9. Complex Model
  10. 10. Outline <ul><li>International Remittance </li></ul><ul><li>Mobile Banking </li></ul><ul><ul><li>Mobile Money </li></ul></ul><ul><ul><li>Facts and Figures </li></ul></ul><ul><ul><li>Benefit </li></ul></ul><ul><li>m-Commerce </li></ul><ul><li>Mobile Payment </li></ul><ul><li>Challenges </li></ul>
  11. 11. Mobile Money – Goes Beyond Banking High Complexity Low Complexity High Customer Value Low Customer Value Payments, Transfers and Transactions Account Management Investment Services Information Services <ul><li>Remittance / Fund Transfer </li></ul><ul><li>Micro-payment </li></ul><ul><li>Mobile Recharging </li></ul><ul><li>Commercial Payment </li></ul><ul><li>Bill Payment </li></ul><ul><li>P2P Payment </li></ul><ul><li>Virtual Wallet </li></ul><ul><li>Electronic Cash </li></ul>High Value to Unbank and Underbank
  12. 12. Priority Opportunities Payments, Transfers and Transactions Types Representative examples Remittances / Transfers M-Commerce / M-payments Point of Sales <ul><li>Mobile peer to peer money transfer </li></ul><ul><li>With or without bank account </li></ul><ul><li>Domestic or cross border </li></ul>Main Issues <ul><li>Payment of commerce transactions, using the mobile browser or specific mobile applications </li></ul><ul><li>Mobile storefront downloads e.g., beyond ringtones </li></ul><ul><li>Payment of monthly bills/statements </li></ul>Payment at Point of Sales by tapping a mobile device on a terminal • NFC (Near Field Communication)
  13. 13. Mobile Banking Subscriber Forecast 2007 – 2010 (Millions) 2007 2008 2009 2010 33.6 1.7 9.5 38.0 42.2 21.1 46.5 34.9 Mobile Internet Users Mobile Banking Users Source: Aite Group
  14. 14. Micropayment Market Survey 2007 - 2008 73% 86% 43% 34% 46% 37% Internet banking Mobile banking 2008 Internet payment 2007 Source: SHARING VISION TM , Micropayment Market Survey, 2007 - 2008
  15. 15. The Benefits of Mobile Banking <ul><li>able to enact a payment from anywhere to anyone, </li></ul><ul><li>creating a macro-economic benefit that is as yet cannot be measured, but is most certainly significant. </li></ul><ul><li>increased traffic, </li></ul><ul><li>customer retention </li></ul><ul><li>improved service offerings </li></ul><ul><li>enabling immediate transactions (meaning the unbanked become banking customers), </li></ul><ul><li>alternative to carrying cash which in turn means better cash retention </li></ul><ul><li>increased security and payment efficiencies </li></ul><ul><li>reduced dependency on ATMs and branch infrastructures (meaning lowering of operating expenditure) </li></ul>Operators Banks Users
  16. 16. Outline <ul><li>International Remittance </li></ul><ul><li>Mobile Banking </li></ul><ul><li>m-Commerce </li></ul><ul><ul><li>Overview </li></ul></ul><ul><ul><li>Infrastructure </li></ul></ul><ul><ul><li>Applications </li></ul></ul><ul><li>Mobile Payment </li></ul><ul><li>Challenges </li></ul>
  17. 17. Mobile Commerce: Overview <ul><li>Mobile commerce (m-Commerce, </li></ul><ul><li>m-Business)—any e-Commerce done in a wireless environment, especially via the Internet </li></ul><ul><ul><li>Can be done via the Internet, private communication lines, smart cards, etc. </li></ul></ul><ul><ul><li>Creates opportunity to deliver new services to existing customers and to attract new ones </li></ul></ul>
  18. 18. Mobile commerce from the Customer‘s point of view <ul><li>The customer wants to access information, goods and services any time and in any place on his mobile device. </li></ul><ul><li>The customer can use his mobile device to purchase tickets for events or public transport, pay for parking, download content and even order books and CDs. </li></ul><ul><li>The customer should be offered appropriate payment methods. They can range from secure mobile micropayment to service subscriptions. </li></ul>
  19. 19. Mobile commerce from the Provider‘s point of view <ul><li>The future development of the mobile telecommunication sector is heading more and more towards value-added services. Analysts forecast that soon half of mobile operators‘ revenue will be earned through mobile commerce. </li></ul><ul><li>Consequently operators as well as third party providers will focus on value-added-services. To enable mobile services, providers with expertise on different sectors will have to cooperate. </li></ul><ul><li>Innovative service scenarios will be needed that meet the customer‘s expectations and business models that satisfy all partners involved. </li></ul>
  20. 20. m-Commerce Terminology <ul><li>Generations </li></ul><ul><ul><li>1G : 1979-1992 wireless technology </li></ul></ul><ul><ul><li>2G : current wireless technology; mainly accommodates text </li></ul></ul><ul><ul><li>2.5G : interim technology accommodates graphics </li></ul></ul><ul><ul><li>3G : 3 rd generation technology (2001-2005) supports rich media (video clips) </li></ul></ul><ul><ul><li>4G : will provide faster multimedia display (2006-2010) </li></ul></ul>
  21. 21. Terminology and Standards <ul><li>GPS : Satellite-based Global Positioning System </li></ul><ul><li>PDA : Personal Digital Assistant—handheld wireless computer </li></ul><ul><li>SMS : Short Message Service </li></ul><ul><li>EMS : Enhanced Messaging Service </li></ul><ul><li>MMS : Multimedia Messaging Service </li></ul><ul><li>WAP : Wireless Application Protocol </li></ul><ul><li>Smart-phones —Internet-enabled cell phones with attached applications </li></ul>
  22. 22. Attributes of m-Commerce and Its Economic Advantages <ul><ul><li>Mobility — users carry cell phones or other mobile devices </li></ul></ul><ul><ul><li>Broad reach — people can be reached at any time </li></ul></ul><ul><ul><li>Ubiquity — easier information access in real-time </li></ul></ul><ul><ul><li>Convenience — devices that store data and have Internet, intranet, extranet connections </li></ul></ul><ul><ul><li>Instant connectivity — easy and quick connection to Internet, intranets, other mobile devices, databases </li></ul></ul><ul><ul><li>Personalization — preparation of information for individual consumers </li></ul></ul><ul><ul><li>Localization of products and services — knowing where the user is located at any given time and match service to them </li></ul></ul>
  23. 23. Mobile Computing Infrastructure <ul><li>Cellular (mobile) phones </li></ul><ul><li>Attachable keyboard </li></ul><ul><li>PDAs </li></ul><ul><li>Interactive pagers </li></ul><ul><li>Other devices </li></ul><ul><ul><li>Notebooks </li></ul></ul><ul><ul><li>Handhelds </li></ul></ul><ul><ul><li>Smartpads </li></ul></ul><ul><li>Screenphones—a telephone equipped with color screen, keyboard, e-mail, and Internet capabilities </li></ul><ul><li>E-mail handhelds </li></ul><ul><li>Wirelined—connected by wires to a network </li></ul>Hardware
  24. 24. <ul><li>Unseen infrastructure requirements </li></ul><ul><ul><li>Suitably configured wireline or wireless WAN modem </li></ul></ul><ul><ul><li>Web server with wireless support </li></ul></ul><ul><ul><li>Application or database server </li></ul></ul><ul><ul><li>Large enterprise application server </li></ul></ul><ul><ul><li>GPS locator used to determine the location of mobile computing device carrier </li></ul></ul>Mobile Computing Infrastructure (cont.)
  25. 25. Mobile Computing Infrastructure (cont.) <ul><li>Software </li></ul><ul><ul><li>Micro browser </li></ul></ul><ul><ul><li>Mobile client operating system (OS) </li></ul></ul><ul><ul><li>Bluetooth—a chip technology and WPAN standard that enables voice and data communications between wireless devices over short-range radio frequency (RF) </li></ul></ul><ul><ul><li>Mobile application user interface </li></ul></ul><ul><ul><li>Back-end legacy application software </li></ul></ul><ul><ul><li>Application middleware </li></ul></ul><ul><ul><li>Wireless middleware </li></ul></ul>
  26. 26. Mobile Computing Infrastructure (cont.) <ul><li>Networks and access </li></ul><ul><ul><li>Wireless transmission media </li></ul></ul><ul><ul><ul><li>Microwave </li></ul></ul></ul><ul><ul><ul><li>Satellites </li></ul></ul></ul><ul><ul><ul><li>Radio </li></ul></ul></ul><ul><ul><ul><li>Infrared </li></ul></ul></ul><ul><ul><ul><li>Cellular radio technology </li></ul></ul></ul><ul><ul><li>Wireless systems </li></ul></ul>
  27. 27. Mobile Service Scenarios <ul><li>Financial Services. </li></ul><ul><li>Entertainment. </li></ul><ul><li>Shopping. </li></ul><ul><li>Information Services. </li></ul><ul><li>Payment. </li></ul><ul><li>Advertising. </li></ul><ul><li>And more ... </li></ul>
  28. 28. Early content and applications have all been geared around information delivery but as time moves on the accent will be on revenue generation. <ul><li>Entertainment </li></ul><ul><ul><li>Music </li></ul></ul><ul><ul><li>Games </li></ul></ul><ul><ul><li>Graphics </li></ul></ul><ul><ul><li>Video </li></ul></ul><ul><li>Communications </li></ul><ul><ul><li>Short Messaging </li></ul></ul><ul><ul><li>Multimedia Messaging </li></ul></ul><ul><ul><li>Unified Messaging </li></ul></ul><ul><ul><li>e-mail </li></ul></ul><ul><ul><li>Chat rooms </li></ul></ul><ul><ul><li>Video - conferencing </li></ul></ul><ul><li>Transactions </li></ul><ul><ul><li>Banking </li></ul></ul><ul><ul><li>Broking </li></ul></ul><ul><ul><li>Shopping </li></ul></ul><ul><ul><li>Auctions </li></ul></ul><ul><ul><li>Betting </li></ul></ul><ul><ul><li>Booking & reservations </li></ul></ul><ul><ul><li>Mobile wallet </li></ul></ul><ul><ul><li>Mobile purse </li></ul></ul><ul><li>Information </li></ul><ul><ul><li>News </li></ul></ul><ul><ul><li>City guides </li></ul></ul><ul><ul><li>Directory Services </li></ul></ul><ul><ul><li>Maps </li></ul></ul><ul><ul><li>Traffic and weather </li></ul></ul><ul><ul><li>Corporate information </li></ul></ul><ul><ul><li>Market data </li></ul></ul>m-Commerce
  29. 29. Mobile Application: Financial Tool <ul><li>As mobile devices become more secure </li></ul><ul><ul><ul><li>Mobile banking </li></ul></ul></ul><ul><ul><ul><li>Bill payment services </li></ul></ul></ul><ul><ul><ul><li>m-Brokerage services </li></ul></ul></ul><ul><ul><ul><li>Mobile money transfers </li></ul></ul></ul><ul><ul><ul><li>Mobile micro payments </li></ul></ul></ul><ul><li>Replace ATM’s and credit cards?? </li></ul>
  30. 30. Financial Tool: Wireless Electronic Payment Systems <ul><li>“transform mobile phones into secure, self-contained purchasing tools capable of instantly authorizing payments…” </li></ul><ul><li>Types: </li></ul><ul><ul><li>Micro payments </li></ul></ul><ul><ul><li>Wireless wallets (m-Wallet) </li></ul></ul><ul><ul><li>Bill payments </li></ul></ul>
  31. 31. Examples <ul><li>Swedish Postal Bank </li></ul><ul><ul><li>Check Balances/Make Payments & Conduct some transactions </li></ul></ul><ul><li>Dagens Industri </li></ul><ul><ul><li>Receive Financial Data and Trade on Stockholm Exchange </li></ul></ul><ul><li>Citibank </li></ul><ul><ul><li>Access balances, pay bills & transfer funds using SMS </li></ul></ul>
  32. 32. Mobile Applications : Marketing, Advertising, and Customer Service <ul><li>Shopping from Wireless Devices </li></ul><ul><ul><li>Have access to services similar to those of wireline shoppers </li></ul></ul><ul><ul><ul><li>Shopping carts </li></ul></ul></ul><ul><ul><ul><li>Price comparisons </li></ul></ul></ul><ul><ul><ul><li>Order status </li></ul></ul></ul><ul><ul><li>Future </li></ul></ul><ul><ul><ul><li>Will be able to view and purchase products using handheld mobile devices </li></ul></ul></ul>
  33. 33. Mobile Applications : Marketing, Advertising, And Customer Service <ul><li>Targeted Advertising </li></ul><ul><ul><li>Using demographic information can personalize wireless services ( </li></ul></ul><ul><ul><li>Knowing users’ preferences and surfing habits marketers can send: </li></ul></ul><ul><ul><ul><li>User-specific advertising messages </li></ul></ul></ul><ul><ul><ul><li>Location-specific advertising messages </li></ul></ul></ul>
  34. 34. Mobile Applications : Marketing, Advertising, And Customer Service <ul><li>CRM applications </li></ul><ul><ul><li>MobileCRM </li></ul></ul><ul><ul><li>Comparison shopping using Internet capable phones </li></ul></ul><ul><ul><li>Voice Portals </li></ul></ul><ul><ul><ul><li>Enhanced customer service improved access to data for employees </li></ul></ul></ul>
  35. 35. Mobile Portals <ul><li>“A customer interaction channel that aggregates content and services for mobile users.” </li></ul><ul><ul><li>Charge per time for service or subscription based </li></ul></ul><ul><ul><ul><li>Example: I-Mode in Japan </li></ul></ul></ul><ul><ul><li>Mobile corporate portal </li></ul></ul><ul><ul><ul><li>Serves corporations customers and suppliers </li></ul></ul></ul>
  36. 36. Mobile Intrabusiness and Enterprise Applications <ul><li>Support of Mobile Employees </li></ul><ul><ul><ul><li>by 2005 25% of all workers could be mobile employees </li></ul></ul></ul><ul><ul><ul><ul><li>sales people in the field, traveling executives, telecommuters, consultants working on-site, repair or installation employees </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>need same corporate data as those working inside company’s offices </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>solution: wireless devices </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>wearable devices: cameras, screen, keyboard, touch-panel display </li></ul></ul></ul></ul></ul>
  37. 37. Mobile B2B and Supply Chain Applications <ul><li>“ mobile computing solutions enable organizations to respond faster to supply chain disruptions by proactively adjusting plans or shifting resources related to critical supply chain events as they occur.” </li></ul><ul><ul><li>accurate and timely information </li></ul></ul><ul><ul><li>opportunity to collaborate along supply chain </li></ul></ul><ul><ul><li>must integrate mobile devices into information exchanges </li></ul></ul><ul><ul><li>example: “telemetry” integration of wireless communications, vehicle monitoring systems, and vehicle location devices </li></ul></ul><ul><ul><ul><li>leads to reduced overhead and faster service responsiveness (vending machines) </li></ul></ul></ul>
  38. 38. Applications of Mobile Devices for Consumers/Industries <ul><li>Personal Service Applications </li></ul><ul><ul><li>example airport </li></ul></ul><ul><li>Mobile Gaming and Gambling </li></ul><ul><li>Mobile Entertainment </li></ul><ul><ul><li>music and video </li></ul></ul><ul><li>Hotels </li></ul><ul><li>Intelligent Homes and Appliances </li></ul><ul><li>Wireless Telemedicine </li></ul><ul><li>Other Services for Consumers </li></ul>
  39. 39. Outline <ul><li>International Remittance </li></ul><ul><li>Mobile Banking </li></ul><ul><li>m-Commerce </li></ul><ul><li>Mobile Payment </li></ul><ul><ul><li>Overview </li></ul></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>Architectures </li></ul></ul><ul><li>Challenges </li></ul>
  40. 40. Mobile Payment for m-Commerce <ul><li>Mobile Payment can be offered as a stand-alone service. </li></ul><ul><li>Mobile Payment could also be an important enabling service for other m-commerce services (e.g. mobile ticketing, shopping, gambling…) : </li></ul><ul><ul><li>It could improve user acceptance by making the services more secure and user-friendly. </li></ul></ul><ul><ul><li>In many cases offering mobile payment methods is the only chance the service providers have to gain revenue from an m-Commerce service. </li></ul></ul>
  41. 41. Mobile Payment (cont.) <ul><li>the consumer must be informed of: </li></ul><ul><ul><li>what is being bought, and </li></ul></ul><ul><ul><li>how much to pay </li></ul></ul><ul><ul><li>options to pay; </li></ul></ul><ul><li>the payment must be made </li></ul><ul><li>payments must be traceable. </li></ul>
  42. 42. Mobile Payment (cont.) <ul><li>Customer requirements : </li></ul><ul><ul><li>a larger selection of merchants with whom they can trade </li></ul></ul><ul><ul><li>a more consistent payment interface when making the purchase with multiple payment schemes, like: </li></ul></ul><ul><ul><ul><li>Credit Card payment </li></ul></ul></ul><ul><ul><ul><li>Bank Account/Debit Card Payment </li></ul></ul></ul><ul><li>Merchant benefits: </li></ul><ul><ul><li>brands to offer a wider variety of payment </li></ul></ul><ul><ul><li>Easy-to-use payment interface development </li></ul></ul><ul><li>Bank and financial institution benefits </li></ul><ul><ul><li>to offer a consistent payment interface to consumer and merchants </li></ul></ul>
  43. 43. Smart Money/G-Cash <ul><li>Smart money </li></ul><ul><ul><li>Allows users to make purchases, pay and receive domestic payments and to receive remittances by loading or transferring money from a bank account into a mobile phone or reloading a pre-paid card electronically </li></ul></ul><ul><li>G-Cash </li></ul><ul><ul><li>Uses Cash-in and Cash-out Centers via mobile phone </li></ul></ul><ul><ul><li>Cash-in and Cash-out Outlets accredited to convert actual money to electronic money </li></ul></ul>
  44. 44. <ul><li>Rural Bankers Association of the Philippines – Microenterprise Access to Banking Services (MABS) entered into a joint project with Globe Telecom thru the Text A Payment Project (TAP). </li></ul><ul><li>Allows micro loan clients to pay loan amortization using G-Cash platform thru SMS or texting </li></ul><ul><li>Lowers transaction costs and increase productivity of clients </li></ul>“Text A Payment”
  45. 45. Payment via Internet Payment Provider WAP GW/Proxy SSL tunnel Mobile e-Payment Server GSM Security SMS-C Browsing (negotiation) Mobile Wallet CC/Bank Dispatcher Grabber User Merchant
  46. 46. Payment via Integrated Payment Server WAP GW/Proxy ISO8583 Based CP Mobile Commerce Server GSM Security SMS-C Browsing (negotiation) CC/Bank Mobile Wallet Voice Pre-Paid VPP IF SSL tunnel User Merchant
  47. 47. Outline <ul><li>International Remittance </li></ul><ul><li>Mobile Banking </li></ul><ul><li>m-Commerce </li></ul><ul><li>Mobile Payment </li></ul><ul><li>Challenges </li></ul><ul><ul><li>Limitations </li></ul></ul><ul><ul><li>Security Aspects </li></ul></ul><ul><ul><li>Risk </li></ul></ul>
  48. 48. Limitations of m-Commerce <ul><li>Usability Problem </li></ul><ul><ul><ul><li>small size of mobile devices (screens, keyboards, etc) </li></ul></ul></ul><ul><ul><ul><li>limited storage capacity of devices </li></ul></ul></ul><ul><ul><ul><li>hard to browse sites </li></ul></ul></ul><ul><li>Technical Limitations </li></ul><ul><ul><ul><li>lack of a standardized security protocol </li></ul></ul></ul><ul><ul><ul><li>insufficient bandwidth </li></ul></ul></ul><ul><ul><ul><li>3G licenses </li></ul></ul></ul>
  49. 49. Limitations of m-Commerce <ul><li>Technical Limitations… </li></ul><ul><ul><ul><li>transmission and power consumption limitations </li></ul></ul></ul><ul><ul><ul><ul><li>poor reception in tunnels and certain buildings </li></ul></ul></ul></ul><ul><ul><ul><ul><li>multi-path interference, weather, and terrain problems and distance-limited connections </li></ul></ul></ul></ul><ul><li>WAP Limitations </li></ul><ul><ul><ul><li>Speed </li></ul></ul></ul><ul><ul><ul><li>Cost </li></ul></ul></ul><ul><ul><ul><li>Accessibility </li></ul></ul></ul>
  50. 50. Limiting Technological Factors <ul><li>Mobile Devices </li></ul><ul><li>Battery </li></ul><ul><li>Memory </li></ul><ul><li>CPU </li></ul><ul><li>Display Size </li></ul><ul><li>Networks </li></ul><ul><li>Bandwidth </li></ul><ul><li>Interoperability </li></ul><ul><li>Cell Range </li></ul><ul><li>Roaming </li></ul><ul><li>Localization </li></ul><ul><li>Upgrade of Network </li></ul><ul><li>Upgrade of Mobile </li></ul><ul><li>Devices </li></ul><ul><li>Precision </li></ul><ul><li>Mobile Middleware </li></ul><ul><li>Standards </li></ul><ul><li>Distribution </li></ul><ul><li>Security </li></ul><ul><li>Mobile Device </li></ul><ul><li>Network </li></ul><ul><li>Gateway </li></ul>
  51. 51. Security in m-Commerce: Environment WAP1.2 (WIM) (SIM) Operator centric model CA Bank (FI) Merchant Shopping Content Aggregation Internet SAT GW WAP GW Mobile Network Mobile Bank WAP1.1 (+SIM where avail.) Security and Payment Mobile e-Commerce Server Mobile IP Service ProviderNetwork
  52. 52. WAP Architecture Web Server Content CGI Scripts etc. WML Decks with WML-Script WAP Gateway WML Encoder WMLScript Compiler Protocol Adapters Client WML WML-Script WTAI Etc. HTTP WSP/WTP
  53. 53. Comparison between Internet and WAP Technologies HTML JavaScript HTTP TLS - SSL TCP/IP UDP/IP Wireless Application Protocol Wireless Application Environment (WAE) Session Layer (WSP) Security Layer (WTLS) Transport Layer (WDP) Other Services and Applications Transaction Layer (WTP) SMS USSD CSD IS-136 CDMA CDPD PDC-P Etc.. Bearers:
  54. 54. WAP Risks <ul><li>WAP Gap </li></ul><ul><ul><li>Claim : WTLS protects WAP as SSL protects HTTP </li></ul></ul><ul><ul><li>Problem : In the process of translating one protocol to another, information is decrypted and re-encrypted </li></ul></ul><ul><ul><li>Solution : Doing decryption/re-encryption in the same process on the WAP gateway </li></ul></ul><ul><li>Wireless gateways as single point of failure </li></ul>
  55. 55. Platform Risks <ul><li>Without a secure OS, achieving security on mobile devices is almost impossible </li></ul><ul><li>Learned lessons: </li></ul><ul><ul><li>Memory protection of processes </li></ul></ul><ul><ul><li>Protected kernel rings </li></ul></ul><ul><ul><li>File access control </li></ul></ul><ul><ul><li>Authentication of principles to resources </li></ul></ul><ul><ul><li>Differentiated user and process privileges </li></ul></ul><ul><ul><li>Sandboxes for untrusted code </li></ul></ul><ul><ul><li>Biometric authentication </li></ul></ul>
  56. 56. WMLScript <ul><li>Scripting is heavily used for client-side processing to offload servers and reduce demand on bandwidth </li></ul><ul><li>Wireless Markup Language (WML) is the equivalent to HTML, but derived from XML </li></ul><ul><li>WMLScript is WAP’s equivalent to JavaScript </li></ul><ul><ul><li>Derived from JavaScript™ </li></ul></ul>
  57. 57. WMLScript (cont.) <ul><li>Integrated with WML </li></ul><ul><ul><li>Reduces network traffic </li></ul></ul><ul><li>Has procedural logic, loops, conditionals, etc </li></ul><ul><li>Optimized for small-memory, small-CPU devices </li></ul><ul><li>Bytecode-based virtual machine </li></ul><ul><li>Compiler in network </li></ul><ul><li>Works with Wireless Telephony Application (WTA) to provide telephony functions </li></ul>
  58. 58. Risks of WML Script <ul><li>Lack of Security Model </li></ul><ul><li>Does not differentiate trusted local code from untrusted code downloaded from the Internet. So, there is no access control!! </li></ul><ul><li>WML Script is not type-safe. </li></ul><ul><li>Scripts can be scheduled to be pushed to the client device without the user’s knowledge </li></ul><ul><li>Does not prevent access to persistent storage </li></ul><ul><li>Possible attacks: </li></ul><ul><ul><li>Theft or damage of personal information </li></ul></ul><ul><ul><li>Abusing user’s authentication information </li></ul></ul><ul><ul><li>Maliciously offloading money saved on smart cards </li></ul></ul>
  59. 59. Bluetooth <ul><li>Bluetooth is the codename for a small, low-cost, short range wireless technology specification </li></ul><ul><li>Enables users to connect a wide range of computing and telecommunication devices easily and simply, without the need to buy, carry, or connect cables. </li></ul><ul><li>Bluetooth enables mobile phones, computers and PDAs to connect with each other using short-range radio waves, allowing them to &quot;talk&quot; to each other </li></ul><ul><li>It is also cheap </li></ul>
  60. 60. Bluetooth Security <ul><li>Bluetooth provides security between any two Bluetooth devices for user protection and secrecy </li></ul><ul><ul><li>mutual and unidirectional authentication </li></ul></ul><ul><ul><li>encrypts data between two devices </li></ul></ul><ul><ul><li>Session key generation </li></ul></ul><ul><ul><ul><li>configurable encryption key length </li></ul></ul></ul><ul><ul><ul><li>keys can be changed at any time during a connection </li></ul></ul></ul><ul><ul><li>Authorization (whether device X is allowed to have access service Y) </li></ul></ul><ul><ul><ul><li>Trusted Device: The device has been previously authenticated, a link key is stored and the device is marked as “trusted” in the Device Database. </li></ul></ul></ul><ul><ul><ul><li>Untrusted Device: The device has been previously authenticated, link key is stored but the device is not marked as “trusted” in the Device Database </li></ul></ul></ul><ul><ul><ul><li>Unknown Device: No security information is available for this device. This is also an untrusted device. </li></ul></ul></ul><ul><ul><li>automatic output power adaptation to reduce the range exactly to requirement, makes the system extremely difficult to eavesdrop </li></ul></ul>
  61. 61. Security Risks in m-Commerce <ul><li>Abuse of cooperative nature of ad-hoc networks </li></ul><ul><ul><li>An adversary that compromises one node can disseminate false routing information. </li></ul></ul><ul><li>Malicious domains </li></ul><ul><ul><li>A single malicious domain can compromise devices by downloading malicious code </li></ul></ul><ul><li>Roaming (are you going to the bad guys ?) </li></ul><ul><ul><li>Users roam among non-trustworthy domains </li></ul></ul>
  62. 62. Security Risks (cont.) <ul><li>Launching attacks from mobile devices </li></ul><ul><ul><li>With mobility, it is difficult to identify attackers </li></ul></ul><ul><li>Loss or theft of device </li></ul><ul><ul><li>More private information than desktop computers </li></ul></ul><ul><ul><li>Security keys might have been saved on the device </li></ul></ul><ul><ul><li>Access to corporate systems </li></ul></ul><ul><ul><li>Bluetooth provides security at the lower layers only: a stolen device can still be trusted </li></ul></ul>
  63. 63. Security Risks (cont.) <ul><li>Problems with Wireless Transport Layer Security (WTLS) protocol </li></ul><ul><ul><li>Security Classes: </li></ul></ul><ul><ul><ul><li>No certificates </li></ul></ul></ul><ul><ul><ul><li>Server only certificate (Most Common) </li></ul></ul></ul><ul><ul><ul><li>Server and client Certificates </li></ul></ul></ul><ul><ul><li>Re-establishing connection without re-authentication </li></ul></ul><ul><ul><li>Requests can be redirected to malicious sites </li></ul></ul>
  64. 64. Privacy Risks <ul><li>Monitoring user’s private information </li></ul><ul><li>Offline telemarketing </li></ul><ul><li>Who is going to read the “legal jargon” </li></ul><ul><li>Value added services based on location awareness (Location-Based Services) </li></ul>
  65. 65. Thank You [email_address]
  66. 66. Questions <ul><li>Assume there remittance, payment and POS are still developing (current condition); Will u take mobile wallet offering as the ‘default’? </li></ul><ul><li>Assume there are remittance, payment and POS; Will u take mobile wallet offering as the ‘default’? </li></ul><ul><li>Assume the ‘conventional bank’ is need more administration (time and fee) for remittance, payment and limited POS; Will u leave ‘conventional bank’ and take mobile banking offering as the ‘default’? </li></ul>