Secure Mobile Banking as Telecommunication Operator Service

1
Secure Mobile Banking as Telecommunication
Operator Service
ITU-T Workshop onNew challenges for
Telecommunication Security Standardizations"
Geneva, 9(pm)-10 February 2009

• Igor Milashevskiy
• Chairman of the Board
• Intervale, Russia
• E-mail intervale_at_intervale.ru

2
Mobile commerce

• Remote payments
• Internet (Brows)
• Adopted for mobile terminal
• Security
• Payment account
• Payments from Bank account
• Payments from Mobile Operator account

3
Purpose

• To provide mobile subscriber with flexible and
  secure feature, allowing to have remote access to
  his bank account and to make payments for any
  goods or services, when the mobile terminal
  serves as a payment or banking terminal and the
  wireless network is used as a transport system to
  carry transaction flow.

4
Convenient service

• At any time and any place
• While traveling
• Simple and structured interface
• Ability to personalize the menu
• High speed transactions in real time
• Few payment tools in one handset

5
Security

• Confidentiality (encoded messages between Bank
  and Client)
• Integrity of data
• Impossibility of refusal and attributing of
  authorship of transaction
• Authentication (establishment of authority of the
  payer)
• Knows something
• Owns something

6
Tools

• Payments infrastructure
• Applet Java application on SIM-card (STK
  application)
• Midlet Java application on handset
• Any mobile-based transport (SMSUSSD
  GPRS/EDGE/UMTS)

7
Intervale

• Established in 1999 (Moscow)
• Mobile Bank system
• The only live solution in CIS implementing VBV
  remote payments
• CIS leader in technology and live implementations
• Remote payment projects (ATMs, POSs, Internet,
  cash-points)
• Utilizes flexibility of Mobile Bank platform for
  supplementary revenue

8
Architecture of secure decision
Issuer Domain
Acquire Domain
Interoperability Domain

9
Components

• Issuer Mobile Access Point (iMAP)
• Supports the interface with MSP
• Carries out authentication of the client by means
  of dynamic passwords through a mobile phone
• Acquirer Mobile Access Point (aMAP)
• Supports the interface with MSP
• Gives the interface for interaction with shop
  (Merchant)

10
Components (cont.)

• Mobile Service Provider (MSP)
• Provides interaction between the application on a
  SIM-card of the client and the Emittent. Carries
  out routing of inquiries to the corresponding
  Bank-Emittent
• Merchant
• Recipient of payment

11

Applet
Triple click payment
Balance status always available

000000000000000000000000000000000000000000000 0000
BANK A 1 PAYMENTS 2 INFO on demand 3
Orders 4 Services 5 Refresh Exit
Ok
PAYMENTS 1 TOP-UP 2 Bills 3 Digital TV 4
Refresh Exit Ok
TOP-UP 1 Visa 00000 ON 2 VE 11111 ON 3 ECMC
22222 ON 4 Maestro 33333 ON 5 Refresh Exit
Ok
Add/Remove cards or recipients of payment at
any time
Remote personalization
Payment from any registered card
02.02.2014
11
12
Features of realisation

• Existing payment infrastructure is used
• Provides possibility of initiation of financial
  transaction, both by the client, and the seller
  (shop)
• Corresponds to requirements of the international
  payment systems to carrying out of remote
  financial transactions

13
Thank You !