Paper for ICCIT 2010

8/3/2019 Paper for ICCIT 2010

http://slidepdf.com/reader/full/paper-for-iccit-2010 1/12

A Simple and Secure Banking Solution through

M-Wallet in context of Bangladesh

Abstract

Now-a-days billions of inhabitants of Bangladesh are connected through mobile networks. But the

commercial sectors like banking, insurance and share markets have yet not been adopted broadly in m-

commerce technology. A limited number of banks provide some sms banking facilities to their clients. In

this paper, an m-banking system is proposed through m-wallet service. The proposed system, m-wallet

means mobile wallet i.e. electronic wallet in mobile phone. This proposed wallet system provides different

types of banking services such as checking statements, summary of different accounts like current

account, card account, deposit account, loan account, utility bill account, micro payment, fund transfer,

bill payment, blocking cards, location based service, general information services and different types of

alerts to its user. The proposed system has integrated various services of different banks in a single

platform. Using this proposed wallet system; user can access their multiple bank accounts easily and

securely. Another objective of this paper is ensuring security in m-banking transactions through m-wallet.

Index terms: M-banking, M-wallet, E-banking, WAP banking, SMS banking, micro payment.

I. INTRODUCTION

Mobile banking (M-Banking) is a term used for performing balance checks, account transactions,

payments etc. via a mobile device such as a mobile phone [5]. On the other hand wallet is a pocket case

that generally made of leather which is used to keep money, credit cards, debit cards etc [13]. So mobile

wallet also known as m-wallet is an electronic wallet by which user can access their bank accounts, see the

statements, pay utility bills, micro payment, fund transfer and so on. This is one kind of m-banking where

user can enjoy m-banking services of different banks in single wallet. This m-wallet system is proposed

both in SMS and WAP because the physical world gradually becomes more and more integrated due to

the vast development of information and communication technologies. In Bangladesh the numbers of

GSM mobile subscribers are 58.36 million at the end of May 2010 while the number was 46.41 million at

the end of May 2009 [11]. In our country, not only the price of mobile sets gradually decreases but also



the cellular operators are providing an acceptable call rate to the subscribers. Even in rural and Chittagong

Hill Tract areas, the mobile network coverage has been made available. Day by day people accepts mobile

not only their communication device but also an information transfer media which is highly necessary for

their livelihood [1]. The price of both SMS and WAP (Per Kbytes) become cheaper than past. Now a day

every mobile operator provides WAP services to their clients at cheaper rate which was completely

unbelievable few years ago. Mobile internet takes an important part among the mobile users. Now

everybody can easily browse the whole world using their mobile phone. On the other hand, most of the

developed foreign countries have already implemented the m-banking system successfully. By this, their

people can easily check their different bank accounts, fund transfer from one to another account, credit

transfer, bill payment, buy tickets in bus, train and airlines, book hotels and also enjoy so many services

[10]. Now it’s our turn to serve our people through m-wallet.

II. EXISTING SYSTEM

In Bangladesh, several private banks have introduced the facilities of online banking, phone banking and

at last SMS banking with too limited services. For example, Standard Chattered Bank Ltd, IFIC Bank Ltd,

Islamic Bank Ltd provides informative services to their clients [2]. These systems are built according to

Bank-focused business model where specific bank provides account related informative services. No

transactional service is included yet. All services are given via SMS. In 2008, a paper based on sms based

m-banking was published in ICCIT [2]. At first that model tries to implement the real time system using

mobile phone modem that is not the permanent solution for m-banking because mobile phones that

include GSM modem can’t give the long run service. A GSM modem can handle maximum 6 sms per

minute. So the system will be collapsed when more and more service requests come per minute and

modem fails to deliver services to the users. The architecture given on that model is impractical due to

several reasons. First, the overall architecture has no layers. Though it follows server-client architecture,

the application server of the system is in one PC. As a result there is no load balancing and system will

become slow in handling huge amount client requests. Second, the registration process that the model

offered was not secured because user sends their account number and password via SMS for registration

and this SMS is saved in the sim and mobile phone. If the password is registered and user forgets to

remove the sms from both sim and mobile phone then user’s password will easily be hacked, which is



very much harmful specially for balance transfer and other short banking transactions. Third, the request

which is sent to the server is not encrypted so in the transmission media, there is a chance of hacking data.

Fourth, for registration that model proposed account number but not specify the account type and the

system only checks the validity of the account number. As a result if any user has different types of

account such as current, deposit, loan, card, utility bill accounts and user sends registration requests from

different mobile number using his different types of account numbers then there will be a possibility of

multiplicity of user under single account holder. Fifth, in that proposed model, when user sends account

number and password to the bank server for registration, the bank server only validates the account

number but doesn’t validate mobile number from where the request has been sent, either this mobile

number is owed by the user or not. As a result, if user claims that the registered mobile number for m-

banking services isn’t owed by him or any other different cases then bank will fall in trouble. Sixth, user

creates their password in the registration module of that model, but no exception handling was described

when the sender password was already exists or created by another user. Mass users are non-IT people and

they have very limited knowledge in creating secure and strong password. Other side for banking system

needs secure and strong password. As a result users generally create ordinary passwords which are

common among the users and password already exists exception occurs that makes user bored and

dismays the user in using m-banking system. Finally, that registration module needs only account number

and password which are very much insufficient for secure m-banking registration and the major bug in

that registration module is one people can register another people account.

Users can’t access multiple bank accounts using the existing system. If any user has multiple bank

accounts and wants to get m-banking services of those banks then user has to register separately in those

banks for service and also pays fees separately for them. Banks deliver pin numbers to users. It’s difficult

for him to maintain multiple pin numbers. User also feels hazard to use m-banking services. Considering

these issues, the proposed m-wallet based m-banking system tries to solve mentioned problems, integrate

m-banking services of different banks, reduces customer’s hesitation, ensures banking transaction’s

security and improves customer’s satisfaction.



III. PROPOSED SYSTEM

The proposed m-wallet system follows Non-bank-led business model where bank does not come into the

focus and the telecommunication company come to the front to the client’s and provides different m-

banking services. So that mobile users can access multiple banks from single system using single gateway.

This will improve user friendliness and satisfaction. Users don’t get bored and also get much pleasure

using the proposed m-wallet system. The proposed wallet system will be implemented between

telecommunication company and banks. Here the telecom company provides the proposed m-wallet

services with the help of banks where banks stay on back end of the proposed system. At first it is

suggested that, telecom company and banks come under an agreement that they want to deliver their m-

banking services through telecom company using the proposed m-wallet service which will be an

important customer service among any other customer services such as voice service, sms service, group

sms, phonebook, chat etc. As a result the m-banking services are integrated into one wallet and user can

easily access their multiple bank accounts. Then user, who wants to enjoy this service, has to register

himself in the telecom company’s official web site. In the web site, there will be a menu for proposed m-

wallet system where a registration form exists for user registration. The m-wallet services will be available

in both SMS and WAP. It is proposed WAP service with SMS because now WAP is cheaper than SMS

and SMS has some limitations such as one SMS contains only 160 characters which price may be 50 paisa

to 1 taka in some cases. On the other hand, 1 Kbytes contains 986 characters that price is only 2 paisa and

maximum mobile operators of Bangladesh now deliver WAP service to their customers. So it’s possible to

provide more information using WAP than SMS. The proposed m-wallet system is designed according to

three-tire server-client architecture so that there is equal load balance among the layers. The proposed

system architecture is given in Figure: 1. In this proposed architecture there are three layers. The proposed

system architecture is described bellow:

(A) Data Storage:

Data Storage is one of the most important modules of the proposed m-wallet system. This module

describes how to store and retrieve data from data storage. Data storage module has three parts. They are:

(i) Main Database:

Main database is the bank’s central database which contains its all customers detail personal and account



information.

(ii) Proxy Database:

Proxy database is the miniature of the main database that is maintained by the telecom company. In the

Figure 1: Proposed system architecture

proposed system, proxy database is proposed because it protects and hides the main database form the

whole system. As a result the main database is totally saved from unpleasant accidents.

(iii) Data Transfer Application:

Data transfer application is an application part of data storage module which is used to create high speed

communication link among telecom’s proxy database and main databases of different banks. When any

change occurs in any bank’s database then data transmission application upgrades the proxy database with

necessary information and vice versa.

(B) Data Access Layer:

In the proposed system, data access layer is known as data web service server. It is called data web service

server because web service technology is used in this layer. Data web service server has connections with

proxy database and business logic layer which is known as m-banking server in the proposed m-wallet

system. Only data web service server can communicates with database. When requests come from m-

banking server, data web service server sends them to the proxy database. Then proxy database process

the queries and sends the query results to the data web service server. Next, data web service server

delivers result set to the business logic layer that is known as m-banking server.

(C) Business Logic Layer:

In the proposed system, business logic layer is known as m-banking server that handles requests of clients

and gives appropriate responses to clients. It has generally three parts. First one is SMS handler that



handles SMS requests, second is WAP handler that handles WAP requests and the third part is m-wallet

service (web part) that is included in the telecom company’s official website.

(D) Presentation Layer:

Presentation layer of the proposed m-wallet system is in client’s mobile phone as one of service items of

telecom company. This service will be activated only and only after valid proposed m-wallet system

registration.

In the proposed system architecture, it is suggested that the presentation layer, m-banking server, data web

service server and proxy database are maintained by telecom company and data transfer application and

main database are maintained by banks.

The proposed features for the proposed m-wallet system are checking current account statement, checking

card account statement, blocking stolen or lost cards, checking deposit account statement, viewing deposit

and withdraw rules, checking loan account statement, viewing loan rules, micro payment, fund transfer,

checking utility bill account statement, utility bill payment, location based service, providing general

information and alert on account activity. Here, micro payment means the transfer of money from

someone’s one type of account to another type of account such as transfer money from one’s current

account to his card account or deposit account or loan account and fund transfer means transfer an amount

of money from one’s current account to another’s current account within same bank or among different

banks.

To enjoy the proposed m-wallet system from user’s mobile phone, user has to register himself as proposed

m-wallet system account holder. The proposed registration form for account holder registration of the

proposed m-wallet system is given in the Figure: 2. At first, user must open the telecom company’s

official web site whom provides m-banking services using proposed m-wallet system. Then user will find

an option named “m-wallet” in the menu. Then user will go in the mentioned option and there user will

find a registration form for the account holder of the proposed system. In the registration form, user will

enter his mobile number of this telecom operator for enjoying the m-banking service. Then user will enter

his national id card number. It is proposed to give user’s only national id card number than passport

number or driving license number because both now a days banks and telecomm company have their

clients national id card numbers as primary keys. There is another reason of proposing it is to increase the



realization of importance of national id card among Bangladeshi people. Passport number or driving

license number can be proposed but they can’t be done because some people have either passport or

driving license or both. As a result they equalize these with national id card and give same priority but

Figure 2: Proposed registration form for m-wallet system

national id card has more higher priority than these. In fact, national id card is the unique id of the citizen

of Bangladesh and it is badly needed for doing anything such as for making passport, driving license,

opening bank account, buying sim card from telecom operator etc. So any other number like passport

number or driving license number lies under national id number. In future, Bangladesh government is

going to make a citizen database. As a result one can get his detail information using national id card

number. Next user will enter his valid email address, select banks from list and enter account type and

number. Then he will enter security question and answer. After submitting the registration form, the server

will check his national id card number either it exists in their client list or not, his mobile number either

the mobile number is his registered sim under the national id card number or not, either the national id

card number holder is already a m-wallet account holder or not using this mobile number or other mobile

numbers. If invalid, the registration process will be stopped and server will send an invalid notification to

the user. If valid then server will validate his email address, check his banking information under his

national id card number with the help of banks. If valid then server will register the user as proposed m-

wallet service account holder and send him positive notification and his pin number. Otherwise server will

send him negative notification.

3.1 Security Issues of Proposed System

In the proposed system, it is tried to ensure better security than any other proposed system. Now the

security issues of the proposed system are discussed layer by layer.



At first the discussion is started from presentation layer. In the presentation layer, an application will be

developed which is included in the telecom company’s service option. For proposed SMS services, when

user will send request to the server, the request will be encrypted and no request will save in user’s mobile

phone inbox and the responses that will come from the server also encrypted which will be decrypted by

the application and display it to the user. For proposed WAP services, every security techniques that are

used for internet security are used in the proposed m-wallet system.

In the business logic layer, the information will exchange securely with data access layer and presentation

layer. The information that will come from the presentation layer will encrypted that will be decrypted

later and send information to the data access layer as WSDL(Web Service Definition Language) which is

in XML binding format using secured SOAP protocol and vise versa. It is the web service client.

In the data access layer, information that will come from business logic layer in XML format via SOAP

protocol. It is the web service provider. SOAP protocol is proposed to use because SOAP protocol uses

XML encryption, digital signature and certificates [6].

In the data storage module, proxy database is used for best database security because it protects query

injection, can filter queries coming from client end, can balance load among servers [4].

In every real time server has data failover protection. For this providers maintain primary server and

secondary server in case of data and system failover. So the proposed system will be safe in case of data or

system failure. For fund transfer process, the proposed system checks the money laundering rules of

Bangladesh.

IV. IMPLEMENTATION

The proposed system has some algorithms for different services. Among them, the algorithm of fund

transfer from one current account to another current account in same bank is given bellow:

1. User sends a request for fund transfer that contains request code, bank id, pin number, person 1 current

account number, person 2 current account number, transferable amount.

2. System receives the request and start processing for giving response.

3. System checks the whole request either it is in valid format or not and either it contains all necessary

parameters that is required for request processing.

4. If the request is invalid, system sends an error message to the user.



5. Otherwise, system then checks bank id and pin number.

6. If any of them (bank id or pin number) is invalid, system sends an error message to the user.

7. Otherwise, system checks the pin number either it is active or not.

8. If the pin number is inactive, system sends an error message to the user.

9. Otherwise, system checks both person 1’s current account number and person 2’s current account

number either they are valid or not.

10. If any of them is invalid, then system sends an error message to the user.

11. Otherwise, system checks both person 1’s current account number and person 2’s current account

number are active or not.

12. If any of them is inactive then system sends an error message to the user.

13. Otherwise, system checks the current balance in person 1’s current account either it is sufficient for

transfer.

14. If not sufficient, system sends an error message to the user,

15. Otherwise, then system checks the minimum and maximum transfer limit for person 1’s current

account.

16. If out of transfer limit, then system sends an error message to the user.

17. Otherwise system transfers the transferable amount from person 1’s current account to person 2’s

current account.

18. Then system notifies both person 1and person 2 that the transferable amount is successfully transferred

and request to check their current account statement.

In the proposed system, for proxy database part in the data storage module, MySQL and it’s proxy

features are used. A base engine for m-banking services using store procedures is made. A stored

procedure is a procedure that is stored in the database. A stored procedure is fast and is a proven

technology. Stored procedures are portable [3]. MySQL Proxy is a binary application standing between

one or more MySQL clients and a server [4].

In the data access layer, the database web service using SOAP protocol is used. A Data Access Layer

(DAL) is a layer of a computer program which provides simplified access to data stored in persistent

storage of some kind, such as an entity-relational database and a Web Service is a software component



that is described via WSDL and is capable of being accessed via standard network protocols. It can be

accessible through a web server that provides functionality through a standardized set of interfaces.

In the business logic layer different business logics and policies are applied in the system. In the business

logic layer a sms api named SMSLib [9] is used for sending and receiving sms. A GSM modem named

MobiData is used for SMS services. It is used only for testing not for real time use. SMPP (Short

Messaging Peer to Peer) protocol is proposed for SMS services in the proposed m-wallet system.

In the presentation layer, J2ME is used to develop a secured mobile application for proposed m-wallet

system that is used by the m-wallet account holders. The graphical user interface of the proposed m-wallet

given in Figure: 3. In Figure: 3, there is a list of telecom company’s services. The proposed m-wallet

service from the telecom company will be enabled after proper registration.

Figure 3: Service list of Telecom Company

Using the proposed m-wallet, the graphical user interfaces of checking current account history are given

from Figure: 4(a) to Figure: 4(f). In the Figure: 4(a), there are options for selecting type of service media

(sms or wap). After selecting the type e.g sms, the user interface given in Figure: 4(b) will appear. There is

a list of banking services. In Figure: 4(c) there is a list of account types. For checking current account,

user has to select the current account from the list given in Figure: 4(c). After selecting current account, a

form will be displayed that is given in Figure: 4(d). User will fill the form and send it to the server. The

sending process is shown in Figure: 4(e). After that, server delivers his/her current account mini statement

and the statement is given in Figure: 4(f).

Figure 4(a): Front page Figure 4(b): List of services Figure 4(c): List of account types



Figure 4(d): Form of checking Figure 4(e): Sending request Figure 4(f): Mini statement of current account statement current account

4.1 Experimental Results & Comparative Study

The proposed system has been tested layer by layer. The success and failure rate of each layer is given in

Table I where as the success and failure rate of previously proposed sms based m-banking system is given

in Table II [2]. The success rate and failure rate are measured using the following equations:

Success Rate = (Total no of Success / Total no of sample input)*100) %

Failure Rate = (100 – Success Rate) %

Accuracy Rate = (100 – Failure Rate) %

From Table I and Table II, it is seen that the average success rate of the proposed m-wallet system is

97.10% where the success rate of the previously proposed sms based m-banking system is 93.18%. The

success rates of every layer of the proposed m-wallet system are also higher than the success rates of

every module of the previously proposed sms based m-banking system.

TABLE I: Success and Failure Rate of M-Wallet system

TABLE II: Success and Failure Rate of SMS based m-banking system

Modules Success Rate Failure Rate

Interfacing Module 90.78 % 9.22 %

SMS Technology Adoption 91.58 % 8.42 %

SMS Banking Registration Module 95.89 % 4.11 %Service Generation Module 94.66 % 5.34 %

Data Failover Module 93% 7%

Average 93.18 % 6.82 %

V. CONCLUSION Though SMS banking in Bangladesh has just been started but this telecom integration with banking is not

yet in full motion. So in this paper, an idea is discussed to develop a secured SMS and WAP based mobile

Layers Success Rate Failure Rate

Data Storage 96.55 % 3.45 %

Data Web service Server 97.48 % 2.52 %

M-Banking Server 96.97 % 3.03 %

Presentation Layer 97.39 % 2.61 %

Average 97.10 % 2.90 %



banking system for 24 hours banking, which helps customers stay on top of any recent changes made in

their current, deposit, loan, cards, utility bill account through SMS and WAP. One of most attractive

feature of the proposed m-wallet system is that user can access their multiple bank accounts, securely

transfer money from one account to another of same bank without attending the bank physically and also

securely transfer fund form one’s current account to another of same bank and different banks. The

limitation of the proposed m-wallet is the network speed between the data transfer application and proxy

database and it will be overcome properly by implementing data mining techniques efficiently.

REFERENCES

[1] Md. Mahfuz Ashraf, Shusmita Haque, “Short messaging service as a Business to Customer marketing

tool: A proposed model in context of Bangladesh”, ICCIT-2005, IUT, Dhaka, Pages 1202-1207.

[2] Md. Subrun Jamil, Fouzia Ashraf Mousumi1, “Short Messaging Service (SMS) Based m-Banking

System in context of Bangladesh”, ICCIT-2008, KUET, Khulna, Bangladesh.

[3] Peter Gulutzan, “MySQL 5.0 Stored Procedures, MySQL 5.0 New Features Series – Part 1”, A

MySQL® Technical White Paper, March 2005

[4] Giuseppe Maxia, “Getting Started with MySQL Proxy”, 7th

December 2007

[5] Mobile banking, available at: http://en.wikipedia.org/wiki/M-banking, accessed on: 16th

January, 2010

[6] “Real SOAP Security” by Matt Powell, Microsoft Corporation, 21st November 2001, available at:

http://msdn.microsoft.com/en- us/library/aa480522.aspx accessed on: 19th February, 2010

[7] “Exposing a Database as a Web Service”, available at: http://www.developer.com

[8] SMS Tutorial, available at http://www.developershome.com /sms, accessed on: 21st

February, 2010

[9] SMS API for java platform, available at: http://www.smslib.org accessed on: 21st February, 2010

[10] Existing foreign services, available at: http://www.c-sam.com, accessed on: 21st

February, 2010

[11] Mobile Phone Subscribers in Bangladesh, available at:

http://www.btrc.gov.bd/newsandevents/mobile_phonesubscribers , accessed on: 19th

May, 2010

[12] Grameenphone internet packages, available at: http://www.grameenphone.com /index.php?id=227,

accessed on: 7th

April, 2010

[13] Wallet from Wikipedia, the free encyclopedia, available at: http://en.wikipedia.org/wiki/Wallet,

accessed on: 7th

April, 2010

Date post:	06-Apr-2018
Category:	Documents
Upload:	jakia-khanom
View:	219 times
Download:	0 times

Paper for ICCIT 2010

Documents