Date post: | 12-Nov-2014 |
Category: |
Economy & Finance |
Upload: | sarahn86 |
View: | 645 times |
Download: | 1 times |
Mobile Banking system security and Microfinance
By
Naser Doleh
MSIS Capstone spring 2013
Mobile Banking
Mobile Banking
• What is Mobile banking?
Is a system that allows customers of a financial institution to conduct a number of financial transactions through a mobile device such as a mobile phone. • SMS banking
Mobile Banking
• First European banks
• Implementation of Mobile banking
• Third of banks have mobile device detection
Why Banks Going Mobile
• Reasons why banks are going mobile • 1. Improve customer Service• 2. Reduce costs• 3. Increase the reactivity of the company• 4. Increase market share• 5. Improve branding
• Bank of America: 500,000 users after six months, and 1.6 million after a year (Holland, 2008)
Why Banks Going Mobile
• Mobile financial services could be more than successful in rural area
• Add real value to the lives of consumers
MODELS OF MOBILE BANKINGARCHITECTURE
• Mobile phones have three architecture alternatives when interactive with banks’ mobile banking systems. Each is further described.
1. Message Based services Model
2. Mobile Browsers Model
3. Client Application Model (app)
Message Based services Model
• Message based systems work through text messaging.
• There are two types of message systems:
SMS and MMS
Mobile Browsers Model
• The ability to access the bank’s Internet banking website from a cell phone
• Advantages:
1. Ease of use and user familiarity
2. Users don’t have to download any special software
• Disadvantages: risk of confidential information being at risk as these phones are more subject to attack
Client Application Model (app)
• Download the mobile banking software onto their phone.
• Easy to use applications to provide a variety of services
SECURITY THREATS ANDCONCERNS
• Mobile handhelds are compact, portable and easily lost or stolen
• Security requirements:
1. Confidentiality
2. Authentication
3. Integrity
4. Non-repudiation
5. Authorization
Authentication
• There are three forms of identification:
1. What you have (ex. include a debit card smart card, or your mobile device)
2. What you know (usernames, passwords or pin numbers)
3. Who you are (requires biometrics)• Another authentication technique is out-of
band communication
VPN Authentication
Encryption
• 1) Encrypt the information stored on mobile devices
• 2) Encrypt the communication so that if an attacker is able to intercept the message it’s still useless without the key.
• Advanced Encryption Standard (AES). • The OS and digital signatures
Mobile banking architecture Diagram