ITU-T Workshop on
“New challenges for Telecommunication
Security Standardizations"
Geneva, 9(pm)-10 February 2009
Secure Mobile Banking as
Telecommunication Operator Service
Igor Milashevskiy
Chairman of the Board
Intervale, Russia
E-mail: intervale@intervale.ru
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
Mobile commerce
Remote payments
Internet (Brows)
Adopted for mobile terminal
Security
Payment account
Payments from Bank account
Payments from Mobile Operator account
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
2
Purpose
To provide mobile subscriber with flexible
and secure feature, allowing to have
remote access to his bank account and to
make payments for any goods or services,
when the mobile terminal serves as a
payment or banking terminal and the
wireless network is used as a transport
system to carry transaction flow.
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
3
Convenient service
At any time and any place
While traveling
Simple and structured interface
Ability to personalize the menu
High speed transactions in real time
Few payment tools in one handset
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
4
Security
Confidentiality (encoded messages
between Bank and Client)
Integrity of data
Impossibility of refusal and
attributing of authorship of
transaction
Authentication (establishment of
authority of the payer)
Knows something
Owns something
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
5
Tools
Payments infrastructure
Applet – Java application on SIMcard (STK application)
Midlet –Java application on handset
Any mobile-based transport
(SMS;USSD; GPRS/EDGE/UMTS)
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
6
Intervale
Established in 1999 (Moscow)
Mobile Bank system
The only live solution in CIS implementing VBV
remote payments
CIS leader in technology and live
implementations
Remote payment projects (ATMs, POSs,
Internet, cash-points)
Utilizes flexibility of Mobile Bank platform for
supplementary revenue
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
7
Architecture of secure decision
Issuer Domain
Interoperability Domain
Acquire Domain
MSP
Merchant
Issuer Domain
Start payment
iMAP
aMAP
Payment result
Issuer
Bank
System
Geneva, 9(pm)-10 February 2009
Payment
Network
Acquirer
Bank
System
International
Telecommunication
Union
8
Components
Issuer Mobile Access Point (iMAP)
Supports the interface with MSP
Carries out authentication of the client
by means of dynamic passwords
through a mobile phone
Acquirer Mobile Access Point (aMAP)
Supports the interface with MSP
Gives the interface for interaction with
shop (Merchant)
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
9
Components (cont.)
Mobile Service Provider (MSP)
Provides interaction between the
application on a SIM-card of the client
and the Emittent. Carries out routing of
inquiries to the corresponding BankEmittent
Merchant
Recipient of payment
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
10
Applet
Balance status always available
Triple click payment
BANK A
PAYMENTS
0000000
0000000
0000000
0000000
0000000
0000000
000
TOP-UP
1 PAYMENTS
1 TOP-UP
1 Visa 00000 ON
2 INFO on demand
2 Bills
2 VE 11111 ON
3 Orders
3 Digital TV
3 ECMC 22222 ON
4 Services
4 Refresh
4 Maestro 33333 ON
5 Refresh
Exit
5 Refresh
Ok
Exit
Ok
Exit
Ok
0000
Remote personalization
Geneva, 9(pm)-10 February 2009
31.05.2016
Payment from any registered
card
Add/Remove cards or recipients of
payment at any time
International
Telecommunication
Union
11
11
Features of realisation
Existing payment infrastructure is
used
Provides possibility of initiation of
financial transaction, both by the
client, and the seller (shop)
Corresponds to requirements of the
international payment systems to
carrying out of remote financial
transactions
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
12
Thank You !
Geneva, 9(pm)-10 February 2009
International
Telecommunication
Union
13