a secure mobile payment service stamatis karnouskos fraunhofer fokus [email protected]...
TRANSCRIPT
A Secure Mobile Payment ServiceA Secure Mobile Payment ServiceStamatis KarnouskosStamatis Karnouskos
Fraunhofer FOKUSFraunhofer FOKUS
[email protected]@fokus.fraunhofer.de
András VilmosAndrás Vilmos
SafePay SystemsSafePay Systems
[email protected]@safepaysys.com
2
General Mobile Payment InfoGeneral Mobile Payment Info
• 118 million Europeans118 million Europeans, 145 million Asians145 million Asians and 22 million 22 million AmericansAmericans intend to use their mobile phone for paying small purchases (TowerGroup)
• volume of mobile business will reach $225 Billion by 2005$225 Billion by 2005 (United Nations Conference on Trade and Development )
• Mobile Internet-based mobile payment market will grow from around 5 billion Euros in 20025 billion Euros in 2002 to nearly 55 billion Euros in 55 billion Euros in 20062006 (Wireless World Forum ).
• 44% 44% of 5,600 mobile phone users on 4 continents surveyed in the February 2002 (global Mobinet study) would like to use their mobile phones for small cash transactions
• 2.5 G beyond2.5 G beyond killer application?
• Why are we not paying TODAY with our mobile phones ???
3
mPay ActorsmPay Actors
Mobile Payment
MobileNetworkOperator
FinancialSector
DeviceManufacturers
SoftwareProvider
Government(legislation,regulation)
ServiceProvider
4
SEMOPS ConsortiumSEMOPS Consortium
The largest mobile payment project of the Commission this year:
– 24 months (more than 550 MMs)
– 4 countries (15 participants)
– 6 million Euro budget
– 2 phases - research and development + demonstration
5
TasksTasks
Development of a Pan European payment service
– technology design
– technical development
– elaboration of standards
– definition of security framework
– preparation of EU conformant legal regulation
– definition of business model
Introduction of the service
– pilot operation • Hungary, Greece in 2004
– preparation of other demonstration sites
DesignDesignDevelopmentDevelopmentTestingTestingTrialTrial
6
EnvironmentEnvironment
There is no suitable payment service!. What there is, is either:•not secure•not user friendly•not recognized
Customers are distrustful.
Availability is limited.
SLOW DEVELOPMENT OF „E” AND „M” COMMERCE.
A NEW PAYMENT SERVICE CAN SUBSTANTIALLY
CHANGE THE OUTLOOK OF THE INDUSTRY.
New products and services are available.
New customers are making purchases.
New transaction types appear.
7
Merchant Merchant’s Bank
Customer Customer’s Account Manager
1. Transaction data
2. Payment request
Data Center
3. Payment notice
3. Payment notice4. Verify Payment
5. Transfer money
General SEMOPS architecture General SEMOPS architecture
1. Merchant provides transaction data to Customer.
2. Customer prepares payment request sends it to its trusted
partner (Account manager).
3. Customer’s account manager processes payment request and
forwards it through Data Center to Merchant’s bank.
4. Merchant’s bank advises merchant real time about the payment.
5. Settlement is through regular interbank procedures.
8
Evaluation of the modelEvaluation of the model
• The solution is based on the cooperation of banks and MNOs.
• It is a general model for internet and mobile payments, for all size transactions (micro, mini, macro), for different payment conditions, with global introduction.
• The whole service is decentralized, customers and merchants do not have to know each other in advance, do not pre-register with any single third party service providers. Clients of all member banks and MNO-s can transact with each other.
• The service is account based does not require any cards or any other payment instruments.
• Both customer and merchant are only communicating with their trusted partners. (Banks, MNOs)
• No sensitive information is provided by customer to merchant. Customers may even retain their anonymity. (lawful interception is possible, with the cooperation of the two payment processors.)
9
Evaluation of the model (cont.)Evaluation of the model (cont.)
• Customers individually approve each transaction with a PIN (PKI optional, according to the bank’s policy)
• After the transaction information leaves customer’s trusted partner it cannot be traced back to customer by anyone else. (There is no reason to hack communication lines or the Data Center, as there is not any valuable information available, not even for profiling.)
• Merchants are receiving real-time payment assurance from their own banks.
• Real time authorization. Banks may even elect to credit the merchant accounts also real time.
• With the exception of the new SW applications traditional banking infrastructure and processes are utilized.
• The service allows payment for anything, anytime, anywhere, with the same process. (from the same personalized menu, a couple of clicks and a PIN). Based on standard technology and homogenous rules and regulation even cross-border transactions will be possible.
10
Trust•both the customers and merchants are interacting with their trusted partners, the banks and mobile operators
Key specifics of the serviceKey specifics of the service
Speed•full automation•real time processing
Openness•account based•no centralized authentication•no entry barrier for new members (banks, MNO-s)
User friendliness•easy operation – menu selection, personalization•simple preparation
With the same process payments can be performed anywhere, in any end-device.
Security•process
•customers remain anonymous do not provide personal information to merchant•merchant receives guarantee from its own bank
•hardware and software protection•PKI: each transaction is authorized by the customer•data storage: the system does not store sensitive information (on non trusted parties)•Regulations & Standardisation
•EU conformity, Integration with state of the art technologies
11
Favourable effectsFavourable effects
Banks:•allows inexpensive entry to E- and M-business•generates new transaction revenues•allows inter-bank, bank-mobile operator cooperation•improves access to other home banking products•leverages traditional banking processes and infrastructure
Merchants:•increases collection security.•increases the number of realized transactions•opens E- and M-commerce to new clients•cost savings
Customers:•provides secure payment method in E- and M-commerce•simplifies and accelerates payment transactions•allows payments to a large number of persons, retailers, or businesses
Mobile operators:•increases transaction revenues•opens new line of business, with related new revenue sources •allows cooperation with banks and other mobile operators•increases customer loyalty•paves the way to new mobile services and applications •branding