proof of concept to napsa n.
Skip this Video
Loading SlideShow in 5 Seconds..
Proof of Concept to NAPSA PowerPoint Presentation
Download Presentation
Proof of Concept to NAPSA

Proof of Concept to NAPSA

156 Vues Download Presentation
Télécharger la présentation

Proof of Concept to NAPSA

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Proof of Concept to NAPSA

  2. Agenda Introduction Solution Portfolio – mBanking Key Advantages Pre-requisites mBanking Core Services Security mBanking Add On Services Scalability Interfaces Architecture Administration Questions and Answers

  3. Introduction Mobile Penetration has reached parallel to the population of a countries across global and in many countries greater then that too. Mobile has enabled users with set of services that very were never thought of. Mobile is getting smarter with greater access to data services Mobile is most frequently used and widely acceptable technological device then any other. Finance is key need of any people and it makes sense to enable Mobile with set of financial tools and features . Finance sector can utilize advantage of Mobile to penetrate all class off society .

  4. Introduction Mobile Banking solution for banked population The solution is provided to bankscustomers to avail information and transact on the move The banks can retain existing customers and attract more by providing this mobile banking solution Mobile Banking solution for un-banked population Reach out un-banked population in the rural area to expand customer base.

  5. Key Advantage Expand financial sector reach by leveraging Mobile medium. Ease of use for financial services via various interfaces like IVR,USSD, SMS and Smart Apps. Expand Set of Services to larger sector of society . Solution Providers (Service Provider) Acquire large number ofcustomers for theirsolution or services Banks Expand customer base by providing basic banking facilitythrough financial inclusionto unbanked population. Penetrate unbanked customers.

  6. Key Advantage Telecom Operators Increase ARPU to the mobile operator. Higher revenue through increased GPRS and SMS usage Utility Organizations Prompt payment of bills enabling better cash flow Subscriber / Customers Basic banking facility made available and advantage to transact on the move.

  7. Mobile Banking Core Services Banking Services for Banked Customers Mobile Wallet Banking Services Wallet Services Cash In From Bank Account Cash Out to Bank Account Wallet Statement Wallet Transfer Cheque Request Bank Account Statement Bank Fund Transfer Add Bank Account Remove Bank Account

  8. Add on Services Payment Services for Banked Customers Mobile Wallet Add On Merchant Payments Bill Pay TopUp Utility Pay Mobile DTH Electricity Insurance Mobile DTH Electricity Data Top UP Bus Ticket School Fee Movie Tickets Railway Tickets Pay Now Wallet Transfer

  9. Customer Interface Mobile Wallet Interfaces SMS IVR USSD Mobile Apps Customized Commands to operate Wallet over easy sms interface. Multilingual IVR System to enable customer to operate their wallets Customized Commands and service menu over USSD interface provide faster access to Wallet services. J2ME M-Banking App for Low End Mobile Devices. Android and Iphone Apps for Smart Mobile Devices.

  10. Platform • Key Modules • Wallet Service Module • Service Provider –Integration Module • Distribution Module • Customer Support Module • Business Rule Module • Notification Module • Loyalty Program Module • MIS Reports Module

  11. Mobile Banking – Enrolment Process Bank Customer Enrolment for mBanking Enrolled Data Pre Data Validation Process data and Storage Server BANK Processed Enrolment Data Smart Login and APP Dispatch mBanking Smart Login Personalized and Printing

  12. Mobile Banking – Basic Banking Check Account Balance Banking Service Check Account Balance BOB A/C No. 123455 Last 5 Transaction AXIM A/C No. 1XXXX Request Check Book ICICI A/C No. 1XXXX Bill Payment Utility Payment Airtime Select Check Account Balance Balance Inquiry Select Check Account Balance Choose the Account Number

  13. Mobile Banking – Basic Banking Check Account Balance Check Account Balance Your Balance on Dt. 12, 2012 At 11PM GMT 3.00 is TSH - 1231421312 Enter PIN Number XXXX Balance Inquiry Enter the Transaction PIN Choose the Account Number

  14. Mobile Banking – Basic Banking Account Statement Select the Account Number Enter the Transaction PIN Lists the first 4 transactions. Click on the transaction to view details Transaction is displayed as shown

  15. Mobile Banking – Basic Banking Money Transfer Select Money Transfer option Enter Receiver’s Account Number Choose Account to transfer from Enter the Amount to be transferred Enter the Transaction PIN Transaction confirmation

  16. Mobile Banking – Basic Banking API Integration Mobile OS Integration (Encrypted) USSD Gateway SMSC Gateway (optional) IVR Acess Number (optional) Bank Integration using ISO 8583 Standard for Financial Transaction Card Originated Messages Basic Bank feature for banked customer To secure, encrypt and sign the transaction requests USSD driven secure Menu Access Code Integrations with all Carriers (Inbound request) Bulk SMS provisioning (Outbound) Access Code Integrations with all Carriers (Inbound SMS) Inbound IVR call

  17. Abstract Mobile Commerce service, also referred to as Mobile Top Up, Mobile payment, Mobile Banking, Mobile Money Transfer and Mobile wallet generally refer to payment services operated under financial regulation and perform from or via a mobile device or various end interface. Mobile Commerce Service is attractive because it is a convenient approach to perform remote transaction, banking, money transfer but there are security shortfalls in the present mobile topup / banking implementations. This presentations discusses some of these security feature.

  18. Abstract MobiFIN has separate Web based administration console to manage platform which provides SSL based access only. All access to the system restricted using strong user management module which provides in depth security levels to provide restricted accesses. There are three security levels in built in to the system . (1) Partition Level (2) Roles and Access Control List level (3) Field Level Security All Changes and Modification to the system are logged in secure manner. It helps to provide detail AUDIT Trail of Any user access.

  19. Network Security MobiFin architecture is laid out three tier approach. All key entity are modularized based on their roles like Transaction management , Business Rule management , Admin management , Integration management. All of these entities are talking to each other and to third party application on fully secured channels. These channels are secured using virtual private network tunnels and SSL secured channels for public access. In Case of Public access highest level of encryption is applied to channelized data. Access to these entities is allowed based on standard business practice set by operator.

  20. Integration Security MobiFIN is highly versatile platform which needs to integrate with various third party provides to roll out new services. MobiFIN has separate entity to handle this flow and modeled as Integration Manager. All third party integration is done at this level only using following standard procedure. Network Integration over VPN API Integration using SOAP-API or ISO 8583 Transaction Security using AES method

  21. Interface Security Mobile App • MobiFIN mobile app generates unique device fingerprint for each devices on which it is getting installed. Device finger prints are universally unique and are never stored on device at any stage. • Device Finger Print is mapped against Users (Agents,Resellers,Sales) and provisioned using standard Enrollment process till that device and user login is in-active. • User is provisioned with Login and Transaction pin separately. • Login and Transaction PIN are never stored at device side. • Login and Transaction PIN are encrypted using 3DES method and never stored in decrypted form anywhere. • All app communication channel data is encrypted using unique key generated for device which provides full protection against Eavesdropping and data theft using AES encryption method. • AES is used by US Government to store all their Top Secret documents thus provides highest level of security to any point to point communication and storage of data. • Web Password are generated using user’s KYC information. • Two way Authentication and Password Generation Using user’s KYC Info via encrypted sessions • Terminal Key Generation Using KYC • User’s Authentication credential generation using Terminal Key. • Unique Authentication credential for Different UI. • User Credentials stored in device itself rather then server.

  22. Interface Security SMS • Subscriber authentication and subscriber identity confidentiality for each transaction/user. • SMS and other channels used with encryption like 3DES, SHA by mobile applications to protect data integrity and security • Integration to SMSC gateway using Industry standard Hypertext transfer protocol Secure (HTTPS) – additional security we do deploy VPN (Virtual Private Network).

  23. Interface Security WEB • All transactions over Web are on secure channel using industry standard Hypertext transfer protocol Secure (HTTPS). • Automatic inactive lockout (Session expired) - if no activity for a set time after customer logs in, the connection is dropped, locking the user out. • Web Password are generated using user’s KYC information. • Two way Authentication and Password Generation Using user’s KYC Info via encrypted sessions • Terminal Key Generation Using KYC • User’s Authentication credential generation using Terminal Key. • Unique Authentication credential for Different UI.

  24. Interface Security USSD • To Make an transaction exchange using USSD , the banks or mobile operators Connect to our network of server system over a session based ( not store –and – forward)Connection. USSD reduces risk and leaves no trace of transaction on handset from anywhere. • The sender (USSD) can be absolutely sure that they are talking with their own partner and communication via USSD is in sessions instead of an discrete intervals.

  25. Scalability and Redundancy Mobile Banking requires the all time available system to provide key services to user thus require very different system then core financial system which has fixed window of service time. MobiFIN platform works on Industry standard App and Databases servers for reliability. MobiFIN addresses this by highly scalable module platform which has separate module for each services it enables it to achieve very high TPS and also insures high availability likes of telecom systems. At the DB tier, SQL proxies (MySQL) – live replication of MySQL DB Supported. Redundancy can be provided at each tier, in an active- active model, and as an active –passive model, with one node serving as a standby or backup Geographically DR site – in order to avoid DR event with no affect to the total operation.

  26. Architecture Interface Application Integration IVR Secure ANI Provider https WEB Firewall Firewall ISO 8583 3DES / AES Mobile App 3https Bank WEB

  27. Architecture Panamax Infotech Limited "Panamax House", Plot No. 8, Khushman Society, Nr. Subhash Circle, Memnagar, Ahmedabad - 380052 Gujarat, India. Tele : +91 79 3011 7777 Fax : +91 79 3011 7766