Battle For ITMobile banking project Presented By: Team: Active Y Rakesh Sahu(firstname.lastname@example.org) Shanu Singh(email@example.com) NITIE, Mumbai
Content Introduction to Mobile Telephony in India Market Opportunity Technology and Channel Analysis Challenges Security Services Offered Development Roadmap Governance Model For Unity Bank Appendix
Mobile Data Channel Base and FutureCurrent Mobile Growth Mobile Subscriber Total mobile subscriber touched 670 million. 700 Mobile telephone Density ~ 56% (metro ~110%) 600 Growth has been tremendous in recent past with monthly growth of over 2% . 500 400Future Mobile Growth Prediction (2014) 300 Subscriber Gartner states that the mobile subscriber base of India is 200 expected to reach 993 million 100 Mobile telephone Density is expected to be 97% 0Mobile Internet Usage (IMRB Int. 2009 report) QE QE QE QE QE QE QE Mar-04Mar-05Mar-06Mar-07Mar-08Mar-09Mar-10 As per Dec 2009, there were 471 mobile subscriber. 27% or approx 127 million mobile users have internet-ready mobile devices. 9.4% or 12 million of these users have accessed the internet at least once in last one year. With 2m active users Tele-densityFuture Mobile Internet Growth (IMRB) 150 25 million mobile Internet users by 2012, and 50 million users 100 by 2014 50Reasons For Growth 0 Tele-density Sharp fall in the call charges Rural Urban 3G spectrum auctioning and reduction in the prices of 3G/GPRS enabled handsets India India Growing mobile penetration into all segments of markets Source: Gartner, IMRB International & I-Cube 2009 report
Target Consumer Behavior • Mobile banking is most used by subscribers falling in Rs. 1 to Rs. 2.99 Lakh income bracket followed by less than Rs 1 Lakh income bracket. • Finding: Mobile banking is more popular among low income group of mobile users than higher income group of mobile users. Request a cheque… • Mobile banking report: “Most popular 19.11 services and income profile” (Two monthPayment Reminders 20.92 ended March 2009, Urban Indian Mobile Status of cheques Phone Users). 21.06 View Last Three… 28.15 • Market Positioning: ICICI bank continues to Check Account… 39.97 maintain its leadership extending in mobile space, 42% of all mobile banking users bank with ICICI, followed by HDFC (25.3%) and 0 20 40 60 SBI. Percentage Breakup Source: Vital Analytics , August 2009 report , telecomindiaonline
Market Opportunity For MobiTechInc Banks In India 40% 28%• More than 50% banks • Around 50% bank use Public Sector still need to implement highly unsecure SMS mobile banking setup channel for mobile O Private Sector banking • Opportunity to propose P Foreign Bank up-gradation to more P 32% secure channel Security Up- ONew Setup R gradation T U • We propose a N collaborative model with one time payment I 44% Banks Already offer mobile banking service cost followed by per transaction revenue T Mobile Banking Service (39 bank offer mobile model Y service) Build & 26% Operate Model SMS 46% USSD HTTPS 12% J2ME 16% Primary Research
Available Technology AnalysisFunction SMS USSD HTTPS IVR J2ME (Preferred (Preferred technology) technology)Ease of useSupport All GSM All GSM GPRS/3G All GPS Java, Enabled with GPRS/3G browser EnabledCost to userCost to bankEncrypted path from handset to server Only Wireless Only Browser to Only Browser to portion Wireless Bank Wireless BankUbiquityBiggest Benefit Ubiquity Ubiquity Most Secure Familiarity Mobile Appl. DBSkills/Training Required Text None Browsing None Application Formatting know-howHandset side provisioning None None GPRS, None GPRS, Browser ApplicationDrawback Prone to Less Secure GPRS Slow Appl. Security connection DownloadScalability No USSD 2 Yes Limited Yes, need Scope reinstallation
Preferred Channel AnalysisUSSD(Unstructured Supplementary Service Data)Steps is it?What (Balance enquiry & top-up) Capability built into GSM the service1. A mobile user initiates phones, much like the Short Message ServiceUSSD string defined by dialing the It sends text between a mobile and an application program in by the service provider; for the network*#123#. example, Service is integrated even in legacy GSM stack (GSM 02.902. The USSD application receives the and GSM 03.90.) from the user and service request responds by sending the user aHow is itof options. from SMS menu different3. The user responds by selecting a USSD transactions occur SMS, messages can be sent “current balance” option. during the session only. to a mobile phone and4. The USSD application sends back Allows two-way exchange stored details of the mobile user’s current of a sequence of data No sequence or session is account balance and also gives the maintained option to top up the balance.5. The user selects to top up his/herChallenge account.6.Development of USSD application The application responds by asking how much creditinterface between application and network Development of to add?7.nodesmobile user responds with the The (gateway) amount to add. core banking system Interfacing with8. The USSD application responds byService opportunity sending an updatedbalance and ends the session.• USSD service is available with all major gsm service provider in India• It can be accessed while roaming without extra charges.• USSD can be leveraged to reach the mass since 90% MS in India are USSD enabled
Preferred Channel AnalysisMobile web Access (web browser application)What is it? Capability built into GPRS/EDGE/3G enabled phones It sends secured data packet between a mobile and an application program in the network Service is integrated in 2G and above compatible stackHow is it different from USSD HTTPS is used to create the USSD transactions occur secure session. during the session only. Allows multi-way exchange Allows two-way exchange Architecture of data (by scaling it up for of a sequence of data m-commerce)Challenge M-commerce Scalable futuristic architectural design Development of mobile friendly application Interfacing of application with core banking system Core BankingOpportunity Mobilr Banking• This platform is highly scalable since it uses client-server Server model with standard browser client.• Online streaming of data with end-to-end encryption• Cater to multiple needs of higher income group sophisticated mobile users Mobile Handset User Hierarchical Model
Challenges – Mobile Network Operator Side Integration of USSD Application with mobile operator network1. Operator hosted secure communication platform2. Operator hosted USSD mobile platform3. Co-branded mobile banking USSD platform serviced via the mobile operator’s network4. Mobile network operator as the issuer of the accounts5. Bank as the mobile virtual network operator (MVNO)6. Third party(MobiTechInc) hosted mobile banking platform with mobile operator interoperability7. MobiTechInc hosted mobile banking platform with bank interoperability8. MobiTechInc hosted USSD mobile banking platform with bank and operator interoperability.
Challenges - Core Banking Side Integration of USSD & HTTPS Application with core banking systemSOA Architectured Core Banking System•Reusable discrete component design in SOAhelps significantly in integration to deliveragility and flexibility•Data Abstraction layer can be used to modifythe middleware we propose to provideinterfacing to the USSD and HTTPS application Legacy Core Banking System •Middleware is designed to provide the interfacing between our application and the database of the Core banking system •Middleware is a S/W application which on run-time converts the request from application into query format /variable of the core database
Security – Risk Analysis For USSDLost or Stolen mobile Station Since no trace of transaction stored on mobile therefore no risk of loss of critical informationAir Interface Guaranteed message delivery Wireless signal is encrypted as per the MNOApplication Physical Server Safeguard USSD gateway and application will be on secure system (password protected) therefore no body can access the data at server level User SafeguardThreat Transaction limit as per RBI norm with single transaction less then INR 1000 There is no encryption of information so the channel from Introduce cumulative and account balance limits the network to the bank is open to monitoring, replay, modification and impersonation. Physical Safeguard Data center such as core banking DB need to be physically guardedThreats- Solution through 24X7 security officer and video surveillance Use secured link (VPN or SSL) to connect operator network Network Protection and core banking system Implement firewall policy Install antivirus on network systems.
Security – Risk Analysis For Mobile Web App(HTTPS)Lost or Stolen mobile Station Since no trace of transaction stored on mobile therefore no risk of loss of critical informationAir Interface Guaranteed message delivery Wireless signal is encrypted as per the SSLApplication Physical Server Safeguard HTTPS application will be on secure system (password protected) therefore no body can access the data at server level User SafeguardThreat Transaction limit as per RBI norm with single transaction less then INR 50000 Mobile device could be infected with virus since HTPPS- Introduce cumulative and account balance limits browser capability is generally present on smart phones. Physical Safeguard Data center such as core banking DB need to be physically guardedThreats- Solution through 24X7 security officer and video surveillance Installation of anti-virus software of the mobile station Network Protection device Implement firewall policy Install antivirus on network systems.
Services offered Over USSD Account Inquiry • Balance enquiry • Mini Statement Funds Transfer • With in the Bank • Max Limit is 1000 Rs. Mobile Recharge • Top up for own mobile • Top up for other mobiles Requests • Requests for cheque book • Request for m-statement
Services offered Over HTTPS Account Inquiry • Balance enquiry • Mini Statement Funds Transfer • With in the Bank • Outside the Bank • Max Limit is XXXXX Rs. Mobile Recharge • Top up for own mobile • Top up for other mobiles Requests • Requests for cheque book • Request for m-statement Demat Enquiry Service • Portfolio value • Value of holdings • Transaction status etc M – Commerce • Insurance Premium • Merchant payment etc
Development Roadmap – lifecycleMethodology - Overlapped waterfall modelProduct To Be Developed - USSD Application USSD Gateway Web Based Mobile Application (HTTPS) MiddlewareProduct Development & Testing Environment- Simulated environment for USSD testing (we propose to buy it) Simulated environment to test integration with known core banking solution • Requirement • Design Project Plan • Implementation • Testing • Human Resource Requirements • Hardware Requirements Resource Plan • Software Requirements
Governance Model For Unity Bank• Mobile Banking development and operation are handled by the IT Department of the Organization.• Organization structure is proposed in a way such that IT department can work closely with Legal, Security and Finance department for the smooth running of project