Assessment of Accreditation Issues in Mobile Banking

T. M. Nazmy, H. S. Zahloul
Faculty of computer and information sciences, Ain Shams University, Cairo
ntaymoor@yahoo.com
Abstract
Mobile banking (m-banking) involves the use of a mobile phone or another mobile device to undertake financial transactions linked to a client’s account. M-banking is one of the newest approaches to the provision of financial services through ICT. There is mounting evidence of positive social impact on poorer people and communities.
M-banking services which use channels such as text messaging/ SMS can be carried at a less cost. This paper addresses topics related to the concepts of implementing mobile banking, issues related to the trusting of the bank costumer to that technology, the use and impact of m-banking/m-payments systems, as well as security frame work of m-banking.
1. Introduction
One of the most remarkable technology stories of the past decade has been the spread of mobile phones across the developing world. Rapid spread of mobile phones means that the number of mobile users may already exceed the number of banked people in many low income countries. Mobile phones can also offer a communications channel for initiating and executing on-line financial transactions.
Electronic banking, also known as electronic funds transfer (EFT), is simply the use of electronic means to transfer funds directly from one account to another, rather than by check or cash.
The terms m-banking, m-payments and m-finance refer collectively to a set of m-commerce applications which enable people to use their mobile telephones to manipulate their bank accounts, store value on an account linked to their handset, transfer funds to people or merchants, or even access loans or insurance products [1].
Mobile banking (also known as M-Banking, m-banking, SMS Banking etc.) is a term used for performing balance checks, account transactions, payments etc. via a mobile device such as a mobile phone. Mobile banking is most often performed via SMS or the Mobile Internet but can also use special programs downloaded to the mobile device. There are now many countries that use the mobile bank technology [7-10]
Mobile (wireless) Banking would be enabled when the customer is able to access the financial institution's networks through a cellular phone or personal digital assistant (or similar device) via wireless networks provided by telecommunications companies. Wireless services can extend the reach and enhance the convenience of an institution’s banking products and services, provided the risks associated with the delivery channel can be managed/mitigated.

The provision of financial services through mobile phones, or mobile financial services (MFS), includes mobile banking (m-banking) as well as mobile payments (m-payments). Mobile banking describes only the provision of account information and transaction opportunities, while mobile payment is any transaction paid for using a mobile phone. Ultimately, underbanked consumers may benefit most from platforms that integrate both m-banking and m-payments features to provide a truly comprehensive financial services solution. The use of a mobile phone to conduct payment, and banking transactions (m-banking) is at nearly stage in a number of developing countries.

This paper will address some of the theoretical issues surrounding, unbanked models, the use and impact of m-banking/m-payments systems, m-banking services technology, security aspects, and implementation obstacles.

2. Un-banking models
Provide efficient and cost effective ways to extend financial service outreach to the un-banked communities. Provision of enabling regulatory environment by careful risk-reward balancing is necessary to use such models. These models [5]can be classified into three broad categories – Bank-Focused, Bank-Led and Nonbank-Led. Bank-focused model use non-traditional low-cost alternate delivery channels (ADCs) to provide banking services to existing banking customers. Examples include automatic teller machines (ATMs), internet banking, mobile phone banking etc. Other Models offer a significantly cheaper alternative to conventional branch-based banking by using delivery channels like retail agents, mobile phone etc. and can be used to substantially increase the financial services outreach These models can be bank-led (where customer account relationship rest with the bank and nonbank serves as the delivery channel) or Non-bank Led (where Bank does not come in picture and the Non-Bank/Telco performs all the functions).

3. Internet versus m-banking
Instant connectivity to the Internet from a mobile device is fast becoming a reality and will take off with the introduction of GPRS. This will mean faster access to the Internet than from a PC based application. It is suggested that mobile devices will become the preferred means of accessing information on the Internet [4]. The opportunity for mobile services is huge, because there are three times as many mobile phone users as those who use online PCs and they are now ready for anywhere, anytime applications that match their lifestyles. Fig. 1 shows the expected increase of using mobile banking compared to online banking.









Fig. 1 the expect increase of using mobile banking.
However there are also several factor s that may slow or constrain the progress of m- Commerce [3]. These inhibitors include the following:

• Interoperability: Due to the range of handset functionalities and operating systems, there are inherent costs associated with delivering a range of ser vices. This may deter some content providers from making the investment and carrying the overheads associated with such a ser vice [1].

Usability: The Internet provides rich content via the large screens and multimedia capabilities of PCs. The constraints imposed on the mobile handset might limit its appeal to users.

Security: The public has serious concerns about the security of the Internet. This has been a major constraint to consumer e-Commerce. This negative perception may be transferred, or potentially magnified, to the mobile arena. Mobile security technology is however emerging, like SSL in closed end-to-end systems. The SIM also provides for user authentication by leveraging of the Smart Card technology [4].

4. Advantages of using m-banking
Fig. 2 describes the general structure of implementing m-banking, m-banking to the purpose of poverty reduction runs as follows:










Fig. 2 steps for bank services connection through a mobile.

• While poor people, by definition, have little money, they are active managers of what they have. Holding cash comes at high price to poor people because of the risk of crime in many poor countries, but they often have few alternatives to cash based services.

• In particular, appropriate financial services help poor people to access usefully large lump sums of money, which may either enable a pathway out of poverty through investment in income generating activities (such as microenterprises) or asset creation (such as housing); or may reduce vulnerability to sudden shocks to cash flow, as a result for example of illness or climate conditions.

• In many countries, poor people are forced to rely on informal financial services, which may be unsafe, or fringe formal financial products which may be expensive as well as unsafe. In other words, their exclusion from formal financial services has economic and social impacts which may exacerbate their poverty.

• The cost efficient provision of formal financial services (payments/ remittances, savings, credit or insurance) is predicated on customers having access at least to a basic transactional account, from which electronic transfers can be made (for loan installments, for example) and cash withdrawn (or deposited) as necessary.

• M-banking holds the prospect of offering a low cost, accessible transaction banking platform for currently unbanked and poorer customers. In addition, as mobile networks expand their coverage, they offer the opportunity of bringing payment and remittance services into areas without conventional banking services.

• However, not all m-banking products will be transformational in the sense of broadening access to financial services substantially at first or even at all. However, it is likely that even m-banking services which start targeted at existing banked customers may over time extend to unbanked groups.

5. Mobile financial services Technologies
Mobile financial services can be offered using a variety of technological platforms, each with advantages and disadvantages. The following discussion briefly highlights the merits and drawbacks of the best known MFS.

Many mobile users are familiar with SMS (Short Messaging System) as a method for sending text messages between phones, as well as for the purchase of post-billed data services like ring tones and downloads. Using carrier-approved short-codes, MFS users can also employ SMS to conduct basic m-banking functions and to send funds to the mobile accounts of third parties, such as fellow users, merchants, and billing agents.

Though local SMS payment is certainly technologically possible (and used extensively in many countries, little momentum seems to be building in the United States for SMS payments at point of sale. Instead, a number of SMS-based MFS platforms provide linked prepaid debit cards that enable card-based payment.

Developed by Sony and Philips in 2002, Near Field Communication (NFC) consists of a “standards-based, short-range wireless connectivity technology” that permits communication between enabled devices. For use in mobile phones, NFC tags may be attached to headset covers or incorporated directly into phone hardware. NFC is compatible with the Radio Frequency (RF) contactless standard currently used in cards, tags, and fobs, such as MasterCard’s successful PayPass product, but it also enables additional mobile functionality.

An alternative to SMS and NFC technology is to provide access to online banking and payment platforms through users’ mobile phone internet browsers. To make this possible, online content must be resized to fit small-screen cell phones, most likely through the creation of dedicated web******* The relatively slow speed of many users’ mobile-based web access may also be a significant obstacle. The final barrier is cost; mobile users connecting to the internet generally pay substantial fees for premium digital content, whether in the form of a higher monthly subscription or per-use charges.

6. M-banking securing technologies:
Among the emerged technology for secured m-mobile there are:
I-Debit card: A debit card is a plastic card sometimes called a ‘Check Card’. To debit card has a MasterCard or Visa logo and a magnetic strip on the back that allows you to pay for goods and services at stores and other businesses that accept MasterCard or Visa credit cards. The main features of this card are:
Signature-based and/or PIN based technology to safely and conveniently use anywhere Visa is accepted
Provides excellent security for internet purchases, travel and protection against identity theft
The least expensive fees in the industry
Patented Mobile Banking Features allow 24/7 banking from your phone or computer
NOT a credit card! No interest charges apply
One can Go to your account online or call Cardholder Services to activate
Notification features can alert you immediately in real-time of transaction activity on your card account
Notifications can be sent by text message to your cell phone and/or e-mail account of your choosing
Mobile Banking Services with the CBCC Visa Debit Card offer a suite of security and convenience features that blend the technologies of e-mail, text messaging and mobile phones with your card account to provide you with the ability to decide what level of account security is best for your peace of mind and lifestyle.
II- XMS Mobile Banking: XMS Mobile Banking creates a new secure channel for interaction between a bank and its customers. A Java based application installed on the phone uses digitally signed and encrypted messages for notifications, account access, funds transfers and mobile based payments. Xecure Message Service (XMS) is the name of the technology behind our mobile software that enables end-to-end security and trust in mobile messaging. It encrypts and decrypts your mobile messages as well as provides the trust elements of confidentiality, integrity, non repudiation and authentication to your mobile messages. Fig. 3 shows How Does It Work?



Fig. 3 The process of using XMS technology.
Security management of wireless-based technology solutions, although similar to other electronic delivery channels, involves unique challenges created by the current state of wireless services and wireless devices. Some of these special considerations and how XMS technology addresses all requirements of security in banking are discussed below. Financial institutions must comply with regulatory requirements and industry best practices in order to:

• Ensure the security and confidentiality of customer information;

• Protect against any anticipated threats or hazards to the security or integrity of such information; and

• Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

The elements of security that add up to ensure protection for the XMS Mobile solutions from the origin, i.e. customer’s handset to the transacting bank include:

1. Transaction Message Encryption
2. Transaction Message Integrity
3. Device Related Issues & Security Risks
a. User & Device Authentication
b. Password Security on the Device
4. Initial and Existing Users Authentication-Non Repudiation using Digital Signatures.
5. Secure Inter Bank Settlement

Encryption of wireless banking activities is essential because wireless communications can be recorded and replayed to obtain information. Encryption of wireless communications can occur in the banking application, as part of the data transmission process, or both.

In the case of XMS Mobile Banking Solutions, transaction messages are encrypted and signed in the handset/PDA using XMS Mobile application and they remain encrypted until they are decrypted at the financial institution. This level of encryption is unaffected by the data transmission encryption process.

This application-level encryption requires customers to load the XMS Mobile Banking application issued by the bank (along with its encryption/decryption protocols) on their wireless device (smart phone). XMS uses asymmetric public key cryptography in which each customer has a key pair (i.e., a unique electronic value called a public key and a mathematically-related private key).

• The private key is used to:
- encrypt (sign) a message that can only be decrypted by the corresponding public key or
- decrypt a message previously encrypted with the public key.

• The public key is used to:
-decrypt a message previously encrypted (signed) using an individual's private key or
-encrypt a message so that it can only be decrypted (read) using the intended recipient’s private key.

XMS technology adopts asymmetric encryption standards for Message Encryption and digital signing of the SMS (the first and the only solution that does that).

7. Implementation obstacles
In addition to the industry-wide barriers to successful implementation of MFS there are several specific challenges involved in providing MFS to the underbanked market: Security and Privacy: Issues of security and privacy become far more significant for consumers who depend on their phones not only for communication but also for financial services.

Regulatory Issues: Complex regulatory issues surround mobile financial services at both the state and federal levels.

Pricing: For this segment, prices must be not only competitive with existing alternatives but also transparently structured.

Accessibility: Like any other service, MFS platforms will not add significant value for consumers unless they are easy to use. The most successful products will be those that allow underbanked users to integrate MFS seamlessly into their everyday lives.
8. Conclusions
Mobile banking will provide new opportunities that are not feasible with PC Internet.
Mobile Banking presents a sizeable opportunity for banks to retain their existing, technology-savvy customer base by offering value-added, innovative services and to attract new customers from corresponding sections of the society.

There are substantial trust and ignorance barriers to be overcome in encouraging even existing banked people to use mobile phones.

.There are now more than technology to secure the process of m-banking. However, some challenges still face the mobile commerce community (e.g., security, low-display capabilities, low-power devices, limited storage). The industry is working to provide solutions to these challenges.

9. REFERENCES

[1] The ARC Group. Mobile Financial Services: From Concept to revenues. September )2000(.

[2] Batchelor, S., Scott, N., & Hearn, S. Senegal household survey: M-payment analysis. Reading, UK, (2007).

[3] Senn, J. The Emergence of m-Commerce, IEEE Computer Magazine. December. Pp. 148-150, (2001).

[4] Cracknell, D.. Electronic banking for the poor – panacea, potential and pitfalls Small Enterprise Development, 15(4), pp. 8-24. (2004)

[5] GSM Association. Global money transfer pilot uses mobile to benefit migrant workers and the unbanked. (2007).

[6] Porteous, D ., The Enabling Environment for Mobile Banking in Africa, Paper commissioned by DFID, (2006) , available via
www.bankablefrontier.com/publications.php

[7]Ray, M. Africa's 'cyber' currency. Retrieved from
http://business.iafrica.com/features/649690.htm

[8] Beck. T & A. de la Torre (2006) The Basic Analytics of Access to Finance, World Bank Working Paper, available via
http://siteresources.worldbank.org/I...AF13BECKarticl
e.pdf

[9] Ivatury, G & M. Pickens , Mobile Phone Banking and Low Income Consumers:
evidence from South Africa, CGAP, UN Foundation, Vodafone Group Foundation, (2006)
available via http://www.cgap.org/publications/mobilephonebanking.pdf

[10] Melzer, I (2006b) Exploring access to insurance in South Africa using the Access Frontier, available via
http://www.finmarktrust.org.za/accessfrontier/Documents/AF_insurance.pdf