ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009 Secure Mobile Banking as Telecommunication Operator Service Igor Milashevskiy Chairman of the Board Intervale, Russia E-mail: intervale@intervale.ru Geneva, 9(pm)-10 February 2009 International Telecommunication Union Mobile commerce Remote payments Internet (Brows) Adopted for mobile terminal Security Payment account Payments from Bank account Payments from Mobile Operator account Geneva, 9(pm)-10 February 2009 International Telecommunication Union 2 Purpose To provide mobile subscriber with flexible and secure feature, allowing to have remote access to his bank account and to make payments for any goods or services, when the mobile terminal serves as a payment or banking terminal and the wireless network is used as a transport system to carry transaction flow. Geneva, 9(pm)-10 February 2009 International Telecommunication Union 3 Convenient service At any time and any place While traveling Simple and structured interface Ability to personalize the menu High speed transactions in real time Few payment tools in one handset Geneva, 9(pm)-10 February 2009 International Telecommunication Union 4 Security Confidentiality (encoded messages between Bank and Client) Integrity of data Impossibility of refusal and attributing of authorship of transaction Authentication (establishment of authority of the payer) Knows something Owns something Geneva, 9(pm)-10 February 2009 International Telecommunication Union 5 Tools Payments infrastructure Applet – Java application on SIMcard (STK application) Midlet –Java application on handset Any mobile-based transport (SMS;USSD; GPRS/EDGE/UMTS) Geneva, 9(pm)-10 February 2009 International Telecommunication Union 6 Intervale Established in 1999 (Moscow) Mobile Bank system The only live solution in CIS implementing VBV remote payments CIS leader in technology and live implementations Remote payment projects (ATMs, POSs, Internet, cash-points) Utilizes flexibility of Mobile Bank platform for supplementary revenue Geneva, 9(pm)-10 February 2009 International Telecommunication Union 7 Architecture of secure decision Issuer Domain Interoperability Domain Acquire Domain MSP Merchant Issuer Domain Start payment iMAP aMAP Payment result Issuer Bank System Geneva, 9(pm)-10 February 2009 Payment Network Acquirer Bank System International Telecommunication Union 8 Components Issuer Mobile Access Point (iMAP) Supports the interface with MSP Carries out authentication of the client by means of dynamic passwords through a mobile phone Acquirer Mobile Access Point (aMAP) Supports the interface with MSP Gives the interface for interaction with shop (Merchant) Geneva, 9(pm)-10 February 2009 International Telecommunication Union 9 Components (cont.) Mobile Service Provider (MSP) Provides interaction between the application on a SIM-card of the client and the Emittent. Carries out routing of inquiries to the corresponding BankEmittent Merchant Recipient of payment Geneva, 9(pm)-10 February 2009 International Telecommunication Union 10 Applet Balance status always available Triple click payment BANK A PAYMENTS 0000000 0000000 0000000 0000000 0000000 0000000 000 TOP-UP 1 PAYMENTS 1 TOP-UP 1 Visa 00000 ON 2 INFO on demand 2 Bills 2 VE 11111 ON 3 Orders 3 Digital TV 3 ECMC 22222 ON 4 Services 4 Refresh 4 Maestro 33333 ON 5 Refresh Exit 5 Refresh Ok Exit Ok Exit Ok 0000 Remote personalization Geneva, 9(pm)-10 February 2009 31.05.2016 Payment from any registered card Add/Remove cards or recipients of payment at any time International Telecommunication Union 11 11 Features of realisation Existing payment infrastructure is used Provides possibility of initiation of financial transaction, both by the client, and the seller (shop) Corresponds to requirements of the international payment systems to carrying out of remote financial transactions Geneva, 9(pm)-10 February 2009 International Telecommunication Union 12 Thank You ! Geneva, 9(pm)-10 February 2009 International Telecommunication Union 13