Mobile Payment Architecture
Content
201 1
Mobi Mo bile le Pa me ment nts s Arch Archit itec ectu ture re Abstract. In this paper, I described the payment choices for mobile systems. I also was motivated on researches about security of mobile systems. I included mobile payments architectures and merchant account payments on mobile systems.
Liridon Agushi South East European University Tetovo, Macedonia [email protected] [email protected]
Keywords: Mobile Payments, Secure Mobile Payment, Liridon Agushi
Table of Contents
Table of Contents ------------------------------------------------------------------------------------------------------------------------------------------------------
2
Introduction -----------------------------------------------------------------------------------------------------------------------------------------------------------------
3
•
•
•
Secure Mobile Remote Macro-Paym Macro-Payments ents ---------------------------------------------------------------------------------------------------
4
•
Managing Merchant Accounts and Mobile PhonesAsdads--PhonesAsdads---------------------------------------------------------
5
•
Analysis of current mobile techniques and security-----------------security----------------------------------------------------------
6
•
Secure Mobile Payment via Trusted Computing---Computing-------------------------------------------------------------------------------
6
Conclusions ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
•
•
8
Secure Mobile Payment via Trusted Computing---Computing-------------------------------------------------------------------------------
9
2
Introduction
Nowadays mobile systems are a large technology that is growing rapidly and the data inside the mobile systems are secure and sometimes not secure. So different applications are developed to accomplish the client needs while any of the applications might be corrupted and can cause the failure to mobile systems. Nowadays many researchers are exploring the ways to protect their systems and many work hard to harm different systems by launching different kinds of viruses while it causes failure of some systems.
3
1.0
Secure Mobile Remote Macro-Payment Macro-Payments s
By my experience Mobile payment is the reason that cellular phones are being so much developed today. While many people use many ways to pay bills with mobiles cause it is revised as a more secure system. The EU IST Secure Mobile Payment Service (SEMOPS) (SEMOPS) [4] project depicted in this paper aims at designing, developing, testing and deploying such a solution that has the potential to be a global payment service. I would take example as most payment schemes only focus on integration between communication communication and confidentially and [3] user authentication and authorization. Recently viruses attacks are harming different operating systems of mobiles, and the security to mobile phones is not much as high as at PC’s or MAC’s or other systems. Many people while making the transactions with their cell phones their security integrity may fail at some so me cases. For example: if someone send a message to a company to deliver a product. If the company is not that much popular they might change the fee for clients and the result is that the clients are damaged by the security side. A new way of paying in the last decade de cade is focused with Mobile while different mobiles from high brands made the cellular work with the technology of a PC, while mobiles have the same component as a PC. It makes easier for users to find an online store with mobile phones wherever they are, without having to find a PC(Laptop), sit on it, find a battery charger etc. Whether as much as the technology goes forward, on the other side the attackers find the weaknesses of the technology to harm the products of their concurrency. I would take an example on Iphone and a nd Android operating systems: If Iphone is wining the market by selling the products at a higher rate, then Android would start some attacks on Iphone weaknesses side due to make his product more desirable on market. Payment interactions also deliver increased customer intimacy, and as a result additional customer profitability. [4]According [4]According to a study by Microsoft partner Fiserv carried out in conjunction with SunTrust (US$179bn in assets), consumers who routinely pay their bills electronically through their financial institution have almost twice the number of products (5.34 as against 3.21) and deliver more than twice the annual profitability profitability (US$102.17 versus US$54.87) of the average retail customer.
4
1.1
Managing Merchant Accounts and Mobile Phones
Mobile web payments (WAP), The first step to make a payment for a client is to visit the source of the market online, when accessing it by a mobile phone, the user is required to download an application or directly continue browsing till the final step of the payment. However, [6] unless the mobile account is directly charged through a mobile network operator, the use of a credit/debit card or pre-registration at online payment solution such as PayPal is still required just as in a desktop environment. Mobile web payment methods are now being mandated by a number of mobile network operators.
Reference [3] - Figure 1 –General architecture of SEMOPS
5
2.0
Analysis of current mobile techniqu techniques es and security
Current systems own one security problem known as “Wap gap”. The reason of this of this security problem is cause by a WAP gateway in a security session where the messages that are sent by users might temporarily become as a clear text on a WAP gateway when the text messages are being processed. [7]From the point of view of security, this scenario has various implications. WTLS is the security protocol that will be used to secure communications to and from the mobile device, but the mobile device's session is necessarily with the WAP gateway rather than the remote host's web server. At the gateway, the secure session terminates and all encrypted material is decrypted. Should there be a requirement for a secure session for communication with the web server, it will be established by the WAP gateway on behalf of the mobile device. The WAP gateway will use TLS to establish such a secure session. While TLS is obviously a robust securityprotocol, it remains a fact that the secure session is not between the mobile device and the web server. There are actually two secure sessions in play: one between the mobile device and the WAP gateway and the other between the WAP gateway and the web server. This means that there is a security gap, in which the data is not encrypted, at the WAP gateway.
3.0
Secure Mobile Payment via Tr Trusted Computing
Mobile Payments are categorized into three categories: A mobile device (representing a payment customer/user), a merchant that is related to a host and allows transaction transfers from account to account, and a financial service provider (e.g., a bank or credit card service provider). [3]To secure a payment transaction, a trusted third party (TTP) is involved to authenticate and authorize users. There are two types of e-payment applications: check-like and cash-like payments. Check-like payments require a certain amount of virtual money which is taken away from the customer before a payment is made, and the customer spends virtual money through a local area network or a micro-money (m-money) supplier. On the other hand, cash-like payments require that a customer’s account is involved in each payment pa yment transaction. Typical credit card based payments fall into this type. As cash-like payments are much more popular nowadays, we focus on this type of payment in this paper, though our solution can also be used to secure check-like payments.
6
3. 3.1 1
Secu Se cure re Mob Mobil ile e Pay Payme ment nt vi via a Trus Truste ted d Com Compu puti ting ng
Transaction Types in SEMOPS Among the mobile transactions types that SEMOPS wil willl support are: • Mobile content – (mobile applications, information, services - buy it and use it on the mobile). Key specific of these transactions is their low value. Potentially the number of the transactions can be very high, and one order can also comprise a larger number of individual transactions. Time might be a key issue for these types of purchases. • Out of band C2B – (purchase by browsing – buy it via the mobile, use it traditionally) These types of transactions are the mobile equivalent to e-commerce. In certain cases (with some highend PDAs already in the GPRS environment, but especially in 3G) convergence between “m” and “e” commerce will be completed. Consumers are browsing the merchant’s WAP or WEB site and buy products from the web-store. Time is of o f no importance to these transactions (considering that the whole payment process should not take longer than 10-15 seconds). Payments can range from mini to macro. • P2P – (money transfer between two individuals, payment for purchases made in the non-electronic environment, like catalogue sales) These payment types are very similar to traditional fund wire. One person the payer is initiating payment through its own bank to the payee. In case of the SEMOPS solution the key difference is the time needed to inform the beneficiary about the completion of the payment. Today such a notification via traditional bank systems can take a few days, while in case of the SEMOPS service this will be just a few seconds. • POS – (proximity payment in brick and mortar stores) Using mobile devices to perform payment transactions at regular stores can be achieved by establishing interaction between the phone (PDA) and the POS terminals. The most cost effective way is the installation of multi-function multi-function terminals that are able to process both the credit card payments p ayments and the new SEMOPS transactions. Key criteria of these transactions are convenience and speed. The payment process has to be simple, and from start to finish (including interaction with the cashier) should not take longer than a credit card transaction (preferably it should even be faster). Transaction values cover everything from micro to macro payment. • P2M – (payment to vending machines)
7
6.0 Conclusion
While reading different research papers I am in conclusion that mobile it is only the start of mobile application and development. In a near future the architecture of the mobile systems will change rapidly while they are growing their configurations configurations in a rapid way in comparison with P PC C or MAC systems. Whether now the technology of mobile systems is much interesting and many people use them in any way for paying bills, talk, chat, sms I hope that soon the companies are going to create a new mobile system to be related with the human body.
8
Refrences
1.
Analysis of Payment Transaction Security in Mobile Commerce Seema Nambiar, Chang-Tien
Lu Department of Computer Science Virginia Polytechnic Institute Institute and State University
Secure Mobile Payment - Architecture and Business Model of SEMOPS S. Karnouskos1, A. 2. Vilmos2, P.Hoepner1, A. Ramfos3, N. Venetakis3
3.
Secure Mobile Payment via Trusted Computing Qi Li1, Xinwen Zhang2, Jean-Pierre Seifert2,
Hulin Zhong3 1 Dept. of Computer Science, Ts Tsinghua inghua University, Beij Beijing, ing, China
4.
Mobile Payments Delivering Compelling Customer and Shareholder Value through a Complete,
Coherent Approach - A White Paper by Microsoft and M-Com
5.
An Architectural Design for Secure Mobile Remote Macro-Payments S.Britto Ramesh Kumar1
and S.Albert Rabara
6.
Wikipedia.com
9
