Date post: | 30-Dec-2015 |
Category: |
Documents |
Upload: | alexander-morris |
View: | 53 times |
Download: | 2 times |
Copyrights © 2013 MobiFin
Proof of Concept to NAPSA
Copyrights © 2013 MobiFin
Agenda
IntroductionIntroduction
Key AdvantagesKey Advantages
mBanking Core ServicesmBanking Core Services
mBanking Add On ServicesmBanking Add On Services
InterfacesInterfaces
AdministrationAdministration
Solution Portfolio – mBankingSolution Portfolio – mBanking
Pre-requisitesPre-requisites
SecuritySecurity
ScalabilityScalability
ArchitectureArchitecture
Questions and AnswersQuestions and Answers
Copyrights © 2013 MobiFin
Introduction
Mobile Penetration has reached parallel to the population of a countries across global and in many countries greater then that too.Mobile Penetration has reached parallel to the population of a countries across global and in many countries greater then that too.
Mobile has enabled users with set of services that very were never thought of.Mobile has enabled users with set of services that very were never thought of.
Mobile is getting smarter with greater access to data servicesMobile is getting smarter with greater access to data services
Mobile is most frequently used and widely acceptable technological device then any other.Mobile is most frequently used and widely acceptable technological device then any other.
Finance is key need of any people and it makes sense to enable Mobile with set of financial tools andfeatures .Finance is key need of any people and it makes sense to enable Mobile with set of financial tools andfeatures .
Finance sector can utilize advantage of Mobile to penetrate all class off society .Finance sector can utilize advantage of Mobile to penetrate all class off society .
Copyrights © 2013 MobiFin
Introduction
Mobile Banking solution for banked populationMobile Banking solution for banked population
The solution is provided tobankscustomers to availinformation and transacton the move
The solution is provided tobankscustomers to availinformation and transacton the move
The banks can retain existingcustomers and attract moreby providing this mobilebanking solution
The banks can retain existingcustomers and attract moreby providing this mobilebanking solution
Mobile Banking solution for un-banked populationMobile Banking solution for un-banked population
Reach out un-bankedpopulation in the rural areato expand customer base.
Reach out un-bankedpopulation in the rural areato expand customer base.
Copyrights © 2013 MobiFin
Key Advantage
Expand financial sector reach by leveraging Mobile medium.Expand financial sector reach by leveraging Mobile medium.
Ease of use for financial services via various interfaces like IVR,USSD, SMS and Smart Apps.Ease of use for financial services via various interfaces like IVR,USSD, SMS and Smart Apps.
Expand Set of Services to larger sector of society .Expand Set of Services to larger sector of society .
Solution Providers (Service Provider)Solution Providers (Service Provider)
Acquire large number of customers fortheir solution or services Acquire large number of customers fortheir solution or services
Banks Banks
Expand customer base by providing basic banking facilitythrough financialinclusionto unbanked population. Penetrate unbanked customers. Expand customer base by providing basic banking facilitythrough financialinclusionto unbanked population. Penetrate unbanked customers.
Copyrights © 2013 MobiFin
Key Advantage
Telecom Operators Telecom Operators
Higher revenue through increasedGPRS and SMS usage Higher revenue through increasedGPRS and SMS usage
Increase ARPU to the mobileoperator.Increase ARPU to the mobileoperator.
Utility Organizations Utility Organizations
Prompt payment of bills enabling better cash flowPrompt payment of bills enabling better cash flow
Subscriber / CustomersSubscriber / Customers
Basic banking facility made available and advantage to transact on the move.Basic banking facility made available and advantage to transact on the move.
Copyrights © 2013 MobiFin
Mobile Banking Core Services
Banking Services for Banked CustomersBanking Services for Banked Customers
Cash In From Bank Account
Cash Out to Bank Account
Wallet Statement
Wallet Transfer
Cash In From Bank Account
Cash Out to Bank Account
Wallet Statement
Wallet Transfer
Cheque Request Bank Account Statement Bank Fund Transfer Add Bank Account Remove Bank Account
Cheque Request Bank Account Statement Bank Fund Transfer Add Bank Account Remove Bank Account
Mobile WalletMobile Wallet
Wallet ServicesWallet Services Banking ServicesBanking Services
Copyrights © 2013 MobiFin
Add on Services
Payment Services for Banked CustomersPayment Services for Banked Customers
Mobile
DTH
Electricity
Insurance
Mobile
DTH
Electricity
Insurance
Mobile Wallet Add OnMobile Wallet Add On
Bill PayBill Pay
Mobile
DTH
Electricity
Data Top UP
Mobile
DTH
Electricity
Data Top UP
TopUpTopUp
Bus Ticket
School Fee
Movie Tickets
Railway Tickets
Bus Ticket
School Fee
Movie Tickets
Railway Tickets
Utility PayUtility Pay
Merchant PaymentsMerchant Payments
Pay Now
Wallet Transfer
Copyrights © 2013 MobiFin
Customer Interface
CustomizedCommands tooperate Walletover easy smsinterface.
CustomizedCommands tooperate Walletover easy smsinterface.
Mobile Wallet InterfacesMobile Wallet Interfaces
SMSSMS IVRIVR USSDUSSD Mobile AppsMobile Apps
Multilingual IVRSystem to enablecustomer tooperate theirwallets
Multilingual IVRSystem to enablecustomer tooperate theirwallets
CustomizedCommands andservice menu overUSSD interfaceprovide fasteraccess to Walletservices.
CustomizedCommands andservice menu overUSSD interfaceprovide fasteraccess to Walletservices.
J2ME M-BankingApp for Low EndMobile Devices.
Android andIphone Apps forSmart MobileDevices.
J2ME M-BankingApp for Low EndMobile Devices.
Android andIphone Apps forSmart MobileDevices.
Copyrights © 2013 MobiFin
Platform
Key Modules• Wallet Service Module• Service Provider –Integration Module• Distribution Module• Customer Support Module• Business Rule Module• Notification Module• Loyalty Program Module• MIS Reports Module
Copyrights © 2013 MobiFin
Mobile Banking – Enrolment Process
Bank Customer Enrolment for
mBanking
Enrolled Data Pre Data Validation
Process data and Storage
Server
Smart Login and APP
Dispatch mBanking Smart Login
Personalized and Printing
Processed Enrolment Data
BANK
Copyrights © 2013 MobiFin
Mobile Banking – Basic Banking
Balance InquiryBalance Inquiry
Select Check Account Balance
Banking Service
Check Account Balance
Last 5 Transaction
Request Check Book
Bill Payment
Utility Payment
Airtime
BOB A/C No. 123455
AXIM A/C No. 1XXXX
ICICI A/C No. 1XXXX
Check Account Balance
Select Check Account Balance
Choose the Account Number
Copyrights © 2013 MobiFin
Mobile Banking – Basic Banking
Balance InquiryBalance Inquiry
Enter the Transaction PIN
Choose the Account Number
Check Account Balance
Enter PIN Number
XXXX
Your Balance on Dt. 12, 2012 At 11PM GMT
3.00 is TSH -
1231421312
Check Account Balance
Copyrights © 2013 MobiFin
Mobile Banking – Basic Banking
Account Statement Account Statement
Select the Account Number
Enter the Transaction PIN
Lists the first 4 transactions. Click on the transaction to view details
Transaction is displayed as shown
Copyrights © 2013 MobiFin
Mobile Banking – Basic Banking
Money Transfer Money Transfer
Select Money Transfer option
Enter Receiver’s Account Number
Choose Account to transfer from
Enter the Amount to be transferred
Enter the Transaction PIN
Transaction confirmation
Copyrights © 2013 MobiFin
Mobile Banking – Basic Banking
Bank Integration using ISO 8583 Standard for Financial TransactionCard Originated Messages Basic Bank feature for banked customer
Bank Integration using ISO 8583 Standard for Financial TransactionCard Originated Messages Basic Bank feature for banked customer
API IntegrationAPI Integration
To secure, encrypt and sign the transaction requestsTo secure, encrypt and sign the transaction requestsMobile OS Integration (Encrypted)
Mobile OS Integration (Encrypted)
USSD driven secure Menu Access Code Integrations with all Carriers (Inbound request)USSD driven secure Menu Access Code Integrations with all Carriers (Inbound request)USSD GatewayUSSD Gateway
Bulk SMS provisioning (Outbound)Access Code Integrations with all Carriers (Inbound SMS)Bulk SMS provisioning (Outbound)Access Code Integrations with all Carriers (Inbound SMS)
SMSC Gateway(optional)
SMSC Gateway(optional)
Inbound IVR call Inbound IVR call IVR Acess Number(optional)
IVR Acess Number(optional)
Copyrights © 2013 MobiFin
Abstract
Mobile Commerce service, also referred to as Mobile Top Up, Mobile
payment, Mobile Banking, Mobile Money Transfer and Mobile wallet
generally refer to payment services operated under financial
regulation and perform from or via a mobile device or
various end interface.
Mobile Commerce Service is attractive because it is a convenient
approach to perform remote transaction, banking, money transfer
but there are security shortfalls in the present mobile topup / banking
implementations. This presentations discusses some of these security
feature.
Copyrights © 2013 MobiFin
Abstract
MobiFIN has separate Web based administration console to manage platform which provides SSL based access only.
All access to the system restricted using strong user management module which provides in depth security levels to provide restricted accesses.
There are three security levels in built in to the system . (1) Partition Level (2) Roles and Access Control List level (3) Field Level Security
All Changes and Modification to the system are logged in secure manner. It helps to provide detail AUDIT Trail of Any user access.
Copyrights © 2013 MobiFin
Network Security
MobiFin architecture is laid out three tier approach. All key entity are modularized based on their roles like Transaction management , Business Rule management , Admin management , Integration management.
All of these entities are talking to each other and to third party application on fully secured channels. These channels are secured using virtual private network tunnels and SSL secured channels for public access.
In Case of Public access highest level of encryption is applied to channelized data.
Access to these entities is allowed based on standard business practice set by operator.
Copyrights © 2013 MobiFin
Integration Security
MobiFIN is highly versatile platform which needs to integrate with various third party provides to roll out new services.
MobiFIN has separate entity to handle this flow and modeled as Integration Manager.
All third party integration is done at this level only using following standard procedure.
Network Integration over VPN
API Integration using SOAP-API
or ISO 8583
Transaction Security using AES method
Copyrights © 2013 MobiFin
Interface Security
Mobile App Mobile App
MobiFIN mobile app generates unique device fingerprint for each devices on which it is getting installed. Device finger prints are universally unique and are never stored on device at any stage.
Device Finger Print is mapped against Users (Agents,Resellers,Sales) and provisioned using standard Enrollment process till that device and user login is in-active.
User is provisioned with Login and Transaction pin separately. Login and Transaction PIN are never stored at device side. Login and Transaction PIN are encrypted using 3DES method and never stored in decrypted form
anywhere. All app communication channel data is encrypted using unique key generated for device which provides
full protection against Eavesdropping and data theft using AES encryption method. AES is used by US Government to store all their Top Secret documents thus provides highest level of
security to any point to point communication and storage of data. Web Password are generated using user’s KYC information. Two way Authentication and Password Generation Using user’s KYC Info via encrypted sessions
o Terminal Key Generation Using KYC o User’s Authentication credential generation using Terminal Key.o Unique Authentication credential for Different UI.o User Credentials stored in device itself rather then server.
Copyrights © 2013 MobiFin
Interface Security
SMSSMS
Subscriber authentication and subscriber identity confidentiality for each transaction/user. SMS and other channels used with encryption like 3DES, SHA by mobile applications to
protect data integrity and security Integration to SMSC gateway using Industry standard Hypertext transfer protocol Secure
(HTTPS) – additional security we do deploy VPN (Virtual Private Network).
Copyrights © 2013 MobiFin
Interface Security
WEBWEB
All transactions over Web are on secure channel using industry standard Hypertext transfer protocol Secure (HTTPS).
Automatic inactive lockout (Session expired) - if no activity for a set time after customer logs in, the connection is dropped, locking the user out.
Web Password are generated using user’s KYC information. Two way Authentication and Password Generation Using user’s KYC Info
via encrypted sessionso Terminal Key Generation Using KYC o User’s Authentication credential generation using Terminal Key.o Unique Authentication credential for Different UI.
Copyrights © 2013 MobiFin
Interface Security
USSDUSSD
To Make an transaction exchange using USSD , the banks or mobile operators Connect to our network of server system over a session based ( not store –and – forward)Connection. USSD reduces risk and leaves no trace of transaction on handset from anywhere.
The sender (USSD) can be absolutely sure that they are talking with their own partner and communication via USSD is in sessions instead of an discrete intervals.
Copyrights © 2013 MobiFin
Scalability and Redundancy
Mobile Banking requires the all time available system to provide key services to user thus require very different system then core financial system which has fixed window of service time.
MobiFIN addresses this by highly scalable module platform which has separate module for each services it enables it to achieve very high TPS and also insures high availability likes of telecom systems.
MobiFIN platform works on Industry standard App and Databases servers for reliability.
Redundancy can be provided at each tier, in an active- active model, and as an active –passive model, with one node serving as a standby or backup
At the DB tier, SQL proxies (MySQL) – live replication of MySQL DB Supported.
Geographically DR site – in order to avoid DR event with no affect to the total operation.
Copyrights © 2013 MobiFin
Architecture
IVR
WEB
Mobile App
WEB
InterfaceInterface
Fire
wal
lFi
rew
all
Secure ANI
Secure ANI
httpshttps
3DES / AES 3DES / AES
3https3https
Application Application
Fire
wal
lFi
rew
all
IntegrationIntegration
ISO 8583ISO 8583
Provider
Bank
Copyrights © 2013 MobiFin
Architecture
Panamax Infotech Limited"Panamax House", Plot No. 8, Khushman Society, Nr. Subhash
Circle, Memnagar, Ahmedabad - 380052 Gujarat, India.
Tele : +91 79 3011 7777 Fax : +91 79 3011 7766
www.panamaxmobifin.com