Mobile Banking system security and Microfinance

By

Naser Doleh

MSIS Capstone spring 2013

Mobile Banking

Mobile Banking

• What is Mobile banking?

Is a system that allows customers of a financial institution to conduct a number of financial transactions through a mobile device such as a mobile phone. • SMS banking

Mobile Banking

• First European banks

• Implementation of Mobile banking

• Third of banks have mobile device detection

Why Banks Going Mobile

• Reasons why banks are going mobile • 1. Improve customer Service• 2. Reduce costs• 3. Increase the reactivity of the company• 4. Increase market share• 5. Improve branding

• Bank of America: 500,000 users after six months, and 1.6 million after a year (Holland, 2008)

Why Banks Going Mobile

• Mobile financial services could be more than successful in rural area

• Add real value to the lives of consumers

MODELS OF MOBILE BANKINGARCHITECTURE

• Mobile phones have three architecture alternatives when interactive with banks’ mobile banking systems. Each is further described.

1. Message Based services Model

2. Mobile Browsers Model

3. Client Application Model (app)

Message Based services Model

• Message based systems work through text messaging.

• There are two types of message systems:

SMS and MMS

Mobile Browsers Model

• The ability to access the bank’s Internet banking website from a cell phone

• Advantages:

1. Ease of use and user familiarity

2. Users don’t have to download any special software

• Disadvantages: risk of confidential information being at risk as these phones are more subject to attack

Client Application Model (app)

• Download the mobile banking software onto their phone.

• Easy to use applications to provide a variety of services

SECURITY THREATS ANDCONCERNS

• Mobile handhelds are compact, portable and easily lost or stolen

• Security requirements:

1. Confidentiality

2. Authentication

3. Integrity

4. Non-repudiation

5. Authorization

Authentication

• There are three forms of identification:

1. What you have (ex. include a debit card smart card, or your mobile device)

2. What you know (usernames, passwords or pin numbers)

3. Who you are (requires biometrics)• Another authentication technique is out-of

band communication

VPN Authentication

Encryption

• 1) Encrypt the information stored on mobile devices

• 2) Encrypt the communication so that if an attacker is able to intercept the message it’s still useless without the key.

• Advanced Encryption Standard (AES). • The OS and digital signatures

Mobile banking architecture Diagram