A Secure Mobile Payment ServiceA Secure Mobile Payment ServiceStamatis KarnouskosStamatis Karnouskos

Fraunhofer FOKUSFraunhofer FOKUS

Karnouskos@fokus.fraunhofer.deKarnouskos@fokus.fraunhofer.de

András VilmosAndrás Vilmos

SafePay SystemsSafePay Systems

Vilmos@safepaysys.comVilmos@safepaysys.com

2

General Mobile Payment InfoGeneral Mobile Payment Info

• 118 million Europeans118 million Europeans, 145 million Asians145 million Asians and 22 million 22 million AmericansAmericans intend to use their mobile phone for paying small purchases (TowerGroup)

• volume of mobile business will reach $225 Billion by 2005$225 Billion by 2005 (United Nations Conference on Trade and Development )

• Mobile Internet-based mobile payment market will grow from around 5 billion Euros in 20025 billion Euros in 2002 to nearly 55 billion Euros in 55 billion Euros in 20062006 (Wireless World Forum ).

• 44% 44% of 5,600 mobile phone users on 4 continents surveyed in the February 2002 (global Mobinet study) would like to use their mobile phones for small cash transactions

• 2.5 G beyond2.5 G beyond killer application?

• Why are we not paying TODAY with our mobile phones ???

3

mPay ActorsmPay Actors

Mobile Payment

MobileNetworkOperator

FinancialSector

DeviceManufacturers

SoftwareProvider

Government(legislation,regulation)

ServiceProvider

4

SEMOPS ConsortiumSEMOPS Consortium

The largest mobile payment project of the Commission this year:

– 24 months (more than 550 MMs)

– 4 countries (15 participants)

– 6 million Euro budget

– 2 phases - research and development + demonstration

5

TasksTasks

Development of a Pan European payment service

– technology design

– technical development

– elaboration of standards

– definition of security framework

– preparation of EU conformant legal regulation

– definition of business model

Introduction of the service

– pilot operation • Hungary, Greece in 2004

– preparation of other demonstration sites

DesignDesignDevelopmentDevelopmentTestingTestingTrialTrial

6

EnvironmentEnvironment

There is no suitable payment service!. What there is, is either:•not secure•not user friendly•not recognized

Customers are distrustful.

Availability is limited.

SLOW DEVELOPMENT OF „E” AND „M” COMMERCE.

A NEW PAYMENT SERVICE CAN SUBSTANTIALLY

CHANGE THE OUTLOOK OF THE INDUSTRY.

New products and services are available.

New customers are making purchases.

New transaction types appear.

7

Merchant Merchant’s Bank

Customer Customer’s Account Manager

1. Transaction data

2. Payment request

Data Center

3. Payment notice

3. Payment notice4. Verify Payment

5. Transfer money

General SEMOPS architecture General SEMOPS architecture

1. Merchant provides transaction data to Customer.

2. Customer prepares payment request sends it to its trusted

partner (Account manager).

3. Customer’s account manager processes payment request and

forwards it through Data Center to Merchant’s bank.

4. Merchant’s bank advises merchant real time about the payment.

5. Settlement is through regular interbank procedures.

8

Evaluation of the modelEvaluation of the model

• The solution is based on the cooperation of banks and MNOs.

• It is a general model for internet and mobile payments, for all size transactions (micro, mini, macro), for different payment conditions, with global introduction.

• The whole service is decentralized, customers and merchants do not have to know each other in advance, do not pre-register with any single third party service providers. Clients of all member banks and MNO-s can transact with each other.

• The service is account based does not require any cards or any other payment instruments.

• Both customer and merchant are only communicating with their trusted partners. (Banks, MNOs)

• No sensitive information is provided by customer to merchant. Customers may even retain their anonymity. (lawful interception is possible, with the cooperation of the two payment processors.)

9

Evaluation of the model (cont.)Evaluation of the model (cont.)

• Customers individually approve each transaction with a PIN (PKI optional, according to the bank’s policy)

• After the transaction information leaves customer’s trusted partner it cannot be traced back to customer by anyone else. (There is no reason to hack communication lines or the Data Center, as there is not any valuable information available, not even for profiling.)

• Merchants are receiving real-time payment assurance from their own banks.

• Real time authorization. Banks may even elect to credit the merchant accounts also real time.

• With the exception of the new SW applications traditional banking infrastructure and processes are utilized.

• The service allows payment for anything, anytime, anywhere, with the same process. (from the same personalized menu, a couple of clicks and a PIN). Based on standard technology and homogenous rules and regulation even cross-border transactions will be possible.

10

Trust•both the customers and merchants are interacting with their trusted partners, the banks and mobile operators

Key specifics of the serviceKey specifics of the service

Speed•full automation•real time processing

Openness•account based•no centralized authentication•no entry barrier for new members (banks, MNO-s)

User friendliness•easy operation – menu selection, personalization•simple preparation

With the same process payments can be performed anywhere, in any end-device.

Security•process

•customers remain anonymous do not provide personal information to merchant•merchant receives guarantee from its own bank

•hardware and software protection•PKI: each transaction is authorized by the customer•data storage: the system does not store sensitive information (on non trusted parties)•Regulations & Standardisation

•EU conformity, Integration with state of the art technologies

11

Favourable effectsFavourable effects

Banks:•allows inexpensive entry to E- and M-business•generates new transaction revenues•allows inter-bank, bank-mobile operator cooperation•improves access to other home banking products•leverages traditional banking processes and infrastructure

Merchants:•increases collection security.•increases the number of realized transactions•opens E- and M-commerce to new clients•cost savings

Customers:•provides secure payment method in E- and M-commerce•simplifies and accelerates payment transactions•allows payments to a large number of persons, retailers, or businesses

Mobile operators:•increases transaction revenues•opens new line of business, with related new revenue sources •allows cooperation with banks and other mobile operators•increases customer loyalty•paves the way to new mobile services and applications •branding