slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
"Integrating IT into the Banking Business Model" PowerPoint Presentation
Download Presentation
"Integrating IT into the Banking Business Model"

"Integrating IT into the Banking Business Model"

118 Vues Download Presentation
Télécharger la présentation

"Integrating IT into the Banking Business Model"

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. "Integrating IT into the Banking Business Model" Master Class – Case Study 27th November 2003, Nairobi

  2. Finland?

  3. Finnish Market in Brief • Governing Authorities Ministry of Transport and Communications Finnish Communications Regulatory Agency (FiCora) • Mobile Penetration rate 75% (3.9 mil subscribers) 95% in the age group of 18-45 • GPRS services started in 2000 (practical speed upto 50 kbps) • 3G (UMTS) services to start in Q2 of 2003 • Non-Voice Revenue per User is about 11%, expected to grow to 25% in 2004 • Major Fixed line NO : Sonera, Elisa Communication, Finnet • Major Mobile NO and SO: Sonera, Radiolinja

  4. GSM Operators in Finland (62%) (30%) (4%) (as of July 2001)

  5. E-Commerce in Finland (2001) • Over 44% of Finns shop online • 1/10 of Finnish households pay their bills electronically • 65% of Finnish population uses the internet and online services • Online banking: - 42.3% of Finns use online banking. - The largest bank, Nordea (former Merita Bank), has over 1 mil internet accounts, making it the largest in Europe and the 3rd largest in the world. - Services : daily transactions, loan applications, insurance purchases, stock trading, investment funding - 50 % of Nordea’s stock transactions are done over the internet

  6. Use of Internet & Online Services by % of Population

  7. Use of Online Banking

  8. History of Mobile Payment in Finland • Sonera has developed services relating to mobile payment since 1997. • In 1997, Sonera launched the 1st application for buying soft drinks by mobile phone from vending machines. • In 2000, Sonera tested the sale of lift tickets at ski slopes that combined SMS and contact less card technology. • In 2000, Sonera launched the operator-independent mobile payment services, allowing users to pay for parking fees, restaurant bills, order chocolate and movie tickets.

  9. Vending Machines There are some 800 vending machines that operate by SMS. However, this is more of a test project, not a significant business.

  10. Parking : ‘Parkit’ Service • Mobile payment service for parking with mobile phone (SMS) launched in January 2002. • Service is offered by Payway Oy, a Sonera’s subsidiary and available at 18,000 parking places in 6 major cities in Finland and Sweden. • Billing in the phone bill (Sonera customers) or by credit card (Visa, Eurocard, Mastercard) or as a separate bill

  11. Sonera ‘Shopper’ • A pilot mobile payment service for Sonera customers • 31 shops participate in this project in the cities of the Greater Helsinki area. The shops include travel agencies, book, donut, ticket, video rental and record shops, and restaurants. • Customers register for the service either by SMS or at Sonera IN (store) • When shopping, customers order a payment identifier by SMS which is valid for a half hour. • Show the payment identifier message at the cashier on check out. • The bill is charged to credit cards (Visa and Eurocard) or Shopper account on which money is deposited beforehand

  12. Other mCommerce Applications in Finland • Car washes at 25 Shell gas stations by SMS • Electronic mobile tickets to music, sports & other happenings • SMS based premium taxi order • Mail Catalogue ordersby SMS • Helsinki City Transport tickets Name Address Phone

  13. Current Situation • Growth rate of the mobile phone penetration has slowed down. Operators need to find more attractive services to be able to continue to grow revenue • SMS has turned out to be an unexpected killer app and it’s widely used for personal communication and also for commercial services • WAP services have mostly been a disappointment - far better usability than SMS, but often too complicated to install settings and too slow to use - few services open for all operators customers

  14. Current Situation • Majority of the non-voice revenue comes from SMS. • Most of the SMS and WAP-services are enter-tainment services, very few offer real added value • Chat-services combined to tv-shows are popular • Ringtones, logos and news alert services generate revenue • GPRS, when more broadly in use, will ease up some of the problems

  15. Mobile Payment in Europe

  16. Mobey Forum • Financial industry-driven forum founded in May, 2000 • Founding members: • ABN AMRO, BNP Paribas, Deutsche Bank, HSBC, Nokia, Nordea, Santander Central Hispano, Siemens, USB • Goal: • to encourage the use of mobile technology in financial services such as payment, remote banking and brokerage • Supports dual-chip technology

  17. Mobile Electronic Transactions (MeT) • Founding members: • Ericsson, Motorola, Nokia • Goals: • to establish a framework for secure mobile transactions, the ability to buy goods and services using a mobile device • to ensure that interoperable mobile transaction solutions are developed around the world - enabling consumers to access goods and services seamlessly wherever they may be

  18. Global Open Platform • In 1999, organizations interested in issuing multiple application smart cards founded a global alliance under the leadership of Visa. • GOP adopted the Open Platform card specifications and terminal framework. • Goal: to promote global smart card use and to assure interoperability of smart card. • Interoperability issues have not been completed yet. Some core parts are still left up to vendor’s individual interpretation and left optional.

  19. SIM Mobile Payment Forum • Founding members: • Amex, JCB, MasterCard, Visa • Goal: • to develop methods for standardized, secure and authenticated mobile payments, using payment card accounts • Supports dual chip technology

  20. Smart Card in Mobile Payment

  21. Trends • SIM Card as the VAS-enabler after WAP’s disappointment • SIM Toolkit and SIM browser are adopted by operators as a means to increase data revenue. • Higher security required : PKI SIM • Java Card • Bigger memory • Working hard on interoperability • OTA Application Management System • Development of UICC as a way to solve interoperability between 2G GSM and 3G • Development of smart card, terminal, and handsets that are interoperable

  22. The SIM • 29% of Network Operators use 8K EEPROM SIM • 44% of Network Operators use 16K EEPROM SIM • 27% of Network Operators use 32K EEPROM SIM • 63% of Network Operators have launched SIM Application Toolkit as of 10.2000 • More than 80% of Operators have multiple SIM vendors Source: Telecom Italia Mobile, 2001

  23. SIM Application Toolkit (STK) • Normal STK - Some of the memory in the SIM card is used for STK to store applications such as electronic banking, betting, gaming, location-based services, etc. - Bank Menu (Inquiry, Transfer, Pay Bill, etc) can be created in the SIM card. When customers select Inquiry, the sub menu option will be displayed "Checking", "Saving", "Credit Card", etc. If the customer selects "Checking", the "Get Input" function from STK will prompt the customer to key-in the Account Number. - Once the customer key-in the account number and press ENTER/OK key, SIM will process the customer information and rearrange to the proper format which can be understood by bank. Then, the correct message will be sent via SMS to SMSC ,after that to the bank. Once the transaction finished, bank will then sent the confirmed message back to the customer via SMS.

  24. SIM Application Toolkit (STK) 2. SIM Toolkit with SIM browser - SIM browser is a STK application that is similar to a conventional Internet browser. The browser is stored as an executable application on the SIM card. - A URL is used by the browser application to access to the server to retrieve information, which is converted to an executable script such as menu, sub-menu and information. - Applications are stored in the servers of both Operator and content provider. As a result, the menu, sub-menu, and any information can be modified easily. - As Browser STK can interact to the content provider, it can use encryption/decryption security, suitable for mobile banking service. The transaction message will be encrypted by the key within SIM and transfer via mobile banking server directly to bank. Finally the same bank key in the bank side will decrypt that transaction message and process the rest at bank back end. - This solution is the most preferable to the bank because bank can control all the security and key management.

  25. SIM Browser : WIB • WIB complements WAP • WIB, easy and cost-efficient implementation of mobile services. USAT Interpreter, standardized across all mobile technologies (3GPP, 3GPP2, GAIT, etc.) - Infotainment services - Secure financial services - Location based services - Secure corporate services - Controlled and secured by the operator - Roaming in and between private and public networks, e.g., GSM and WLAN - Authentication of user e.g. for wireless access to VPN • SmartTrust WIB - de facto global standard 90% of market for advanced SIM clients ( 25 million SIM cards on the market)

  26. Java Card Technology & SIM Application Toolkit • Operators are turning into SIM toolkits (STKs) that do not rely on the handset • STK supports the development of smart card applications for GSM networks based on SMS as the bearer service. SIM : GSM 11.11 STK : GSM 11.14 Java Card 2.1 API : GSM 03.19 SIM OTA Management : GSM 03.48 • In Nov.1999, ETSI adopted Java Card technology for inclusion in SIM Toolkit

  27. Interoperability Issue • International use of e-purse is not possible, and international debit and credit transactions still reply on magnetic-stripe => inconvenience to customers in EU where Euro is the common currency • EMV Integrated Circuit Card Specifications for Payment Systems define smart card-based debit and credit transactions. But, topic of e-purse is not considered in this working group. A group of organizations led by Europay, Visa, and German Zentraler Kreditausschup has therefore published the Common Electronic Purse Specifications (CEPS). • Existence of standardization working groups and a standard do not always ensure the interoperability of products of different vendors, because not every implementation detail is covered in the standard. • SIM Alliance has been making efforts on smart cards interoperability for a few years without much success.

  28. Java Card Technology : Visa Open Platform • Supported by financial institutions, service providers, mobile operators, and hardware manufacturers to develop standardized solutions for secure mobile electronic commerce and an Open Platform chip that will allow financial institutions to dynamically download Visa payment applications to a mobile phone on the basis of Java Card technology.

  29. Java Card Technology : Visa Open Platform • Goals of Visa Open Platform - Interoperability of cards, terminals, OS, SW products and bank office support systems from different vendors - Secure support of multiple applications coexisting on the card in such as way that each application provider is assigned a separate security domain - Strongest commercially feasible security, which will be evaluated using the Common Criteria - Support of existing standards such as EMV and ISO 7816 so that the card can be used in the existing ISO/EMV-compliant terminals.

  30. Technology in Mobile Payment : Dual Slot • Usage : “Payment CB sur mobile” - Since 12.2000. France Telecom, SFR and Bouygues Telecom offer the service. This is a bank-centric payment scheme which is an ‘inter-operator’ system. - Virtual POS and mail order with debit/credit card payment 1. Buyer orders goods from CB’s partner merchants by entering mobile phone number (typing it on the e-merchant web site in the card of internet or saying it over the mobile phone to the catalog sales merchant 2. Buyer receives SMS with purchase details 3. Buyers insert payment card and type the card’s PIN code

  31. Technology in Mobile Payment : Dual Slot 4. When the transaction is authorized by the bank, a confirmation message is sent by the bank via SMS to the customer’s mobile phone 5. The merchant receives payment confirmation. - As of 2001, 500,000 dual slot phones were sold and 80 merchants signed up - Average 80,000 transactions per month - Use SIM Toolkit Card of 32K • Problems : 1. Bigger handset due to a separate card reader in the handset 2. Slot is easily damaged 3. Low service usage due to security concerns of customers and little merchants. Transactions occur at only 10 merchants out of the 80.

  32. Technology in Mobile Payment :Dual Chip • Mobey Forum, GMCIG, Mobile Payment Forum, MoSign • SIM and additional IC chip with WIM module for payment applications SIM – Operator’s domain (issuer) IC chip with WIM – Bank’s domain (issuer) =>Favored by Banks. MoSign ( works on standardization of mobile signature on a separate IC chip for payment applications.

  33. Mobile Payment in Finland (EMPS) • Nokia, Nordea Bank and Visa International started a mobile e-commerce pilot project in Helsinki in 10.2001 that tested and developed the use of mobile phones in everyday e-commerce. • 150 consumers from the Helsinki metropolitan region were supplied with 150 specially manufactured mobile phones with which they can make payments in two Helsinki businesses, the Kinopalatsi movie theatre and the electronic grocery store.

  34. Mobile Payment in Finland (EMPS) • The pilot uses new dual chip technology, which means that the mobile phone includes both a SIM card and a separate chip card issued by Nordea. The latter contains a Wireless Identity Module (WIM) function enabling mobile Visa Electron payments. • The test results handed over to current forums on the development of European and global standards for e-commerce, including the Mobey Forum and the MET consortium. • Not supported by mobile operators

  35. Technology in Mobile Payment : One-chip • SIM + IC chip for payment applications in One-chip - Favored by mobile operators if the chip is issued by mobile operators - Debate over who should be the issuer • Supported by mobile operators. mSing ( works on standardization of mobile signature on the SIM card • Usage : Mobilix Open Mobile (Denmark) - Since 2H of 2001 by Orange and PBS (a financial institution) - SIM Toolkit-based SIM card using 3DES - Reload pre-paid airtime over the air - More of mobile wallet or e-purse on the mobile

  36. Technology in Mobile Payment : One-chip • Usage : Radiolinja (Finland) - Launched in March, 2002 - SIM + WIM module, owned by the mobile operator. Raiolinja acts also as CA. - WAP service (over WAP 1.2.1. browser) • Two encrypted keys; - 1 : for logging on to the service - 2 : for electronic signature - Both keys include specific PIN codes to log on the service and sign the payment transaction - Mobile phone is equipped with mobile wallet - Currently available commercial service. - Visa (Luottokunta, a Finnish credit institution) participates

  37. Technology in Mobile Payment : Non Smart Card-based • Phone Bill : Sonera – ticketing, parking, vending machine, sky lift Vodafone – m-pay • Mobile Wallet Germany – Paybox, OnPay, Street Cash, Genion M-Payment Spain – MovilPay

  38. Vodafone m-pay bill Micro Payment Up to 5 pounds

  39. Vodafone m-pay bill

  40. Other Mobile Payments in Europe • Movilpago (Spain) - Telefonica, BBVA joint-venture - Real and virtual POS. Purchases are billed on credit/debit cards or prepaid phone account - Cardholder verification and authentication through the SIM card. • Telia Payit (Sweden) - Telia, EHPT - Virtual POS. Digital goods are billed either on phonebill or a pre-paid account. Targets mainly micro payment.

  41. Other Mobile Payments in Europe • Paybox (Germany) - Deutsche Bank - Real and virtual POS. Direct debit payments. - Card holder authentication through the SIM card. • Omnipay-Visa Mobile (Italy) - A trial in progress by partnership between Omnitel-Vodafone and Deutsche Bank in Italy - Subscribers can pay for account top-ups and other services using their mobile handset and a ‘telecode’ - Visa cardholders verify the transaction using their mobile phone by entering a ‘telecode’ in order to confirm the transaction. - Telecode is similar to a PIN but designed for use with mobile transactions only.

  42. Other Mobile Payments in Europe • Visa Movil (Spain) - A pilot that links a cardholder’s mobile telephone number and Visa card number so that the phone becomes a personal authentication device. - Partnership between Visa and 8 financial institutions - 1. Cardholder registers for the service - 2. Cardholder is given a personal telecode number, which can be used instead of a signature or PIN in remote and face-to-face transactions. - 3. Cardholder simply give the phone number to the merchant instead of the Visa card number.

  43. Other Mobile Payments in Europe • KPN Mobile’s pilot project (Netherlands) • Participants : KPN Mobile / Nokia / Interpay, financial transaction processor in NL / SWIM vendors / Merchants / Customers (120) • Used technology * PKI-enabled SWIM (Secure Wireless Identity Module) * SET (Secure Electronic Transaction), international bank standard for electronic transactions * WAP 1.2 • Pilot period : 05.2002 – 07.2002 • Feedback : The use of service is too complicated and too many steps, especially signing process • Conclusion : Climate not good for introduction as technology push

  44. Mobile Banking in Europe • Mobile banking data services have been in commercial existence since 1997. At the end of 1999 there were already more than 30 mobile banking (SMS and WAP) services in place world-wide. • Due to security concerns and technological limitations, many mobile banking services are still limited to providing account info via SMS or WAP. • Digital signatures can be implemented by using a smart card (SIM or a separate card) as the cryptographic token.

  45. Mobile Banking : Case • Nordea Bank’s WAP-based service in Finland. - All customers of the bank can get bank account balance info, pay bills, buy and sell stocks and other financial investments, and shop with their mobile phones. - Nordea Bank has its own WAP gateway and the users dial-up directly to the bank=> access to the mobile banking service is operator-independent.

  46. Mobile Banking : Case • MTN (South Africa)’s mobile banking service • Available over both WAP and SAT+2 handsets • Cooperation with ABSA, First National Bank, and Standard Bank. • Balance inquiry, transaction history, inter-account transfer, payment to 3rd parties. • A new SIM card pre-loaded with SmartTrust’s WIB is required, after which users are able to activate a new banking menu-option. The update and user account can then be carried out automatically over-the-air by SmartTrust’s OTA platform. When the bank decides to add new services, customers are notified the next time they use a banking service and can request updates for their banking menus. • SSL and 3DES encryption are used.

  47. Mobile Banking : Case • O2 (Netherlands) • Partners : Postbank (ING), Genie (WAP, WEB portal), O2 • 32K Java SWIM card • Private key (stored on WIM) (generated via a secret key) (acts as a“finger print” for the SIM). Secret key owned by bank! Public key distributed to other parties • Launch in summer 2001 with 500,000 customer base • Result : Impressive usage of m-banking 41% use Mobile Banking Over 2,100,000 account balance requests made Over 100,000 Mobile Payments made

  48. Mobile Banking : Case • Sonofon (Denmark) • Uses SIM browser (SmartTrust WIB) as the basis for a mobile banking application. The banking application uses the WIB to connect Sonofon’s sytem with Sydbank, a bank computer center for 20 banks in Denmark. • Customers can visit Sonofon’s website and download OTA new services onto the SIM. • Sonofon’s database looks up the type of SIM that an individual user has and checks with Sonofo’s billing system to validate what services are available for the customer. Then, the mobile portal displays the current configuration of services that are available to that user.

  49. Components of Sonofon’s Mobile Banking Customer’s Bank Customer Sonofon GSM Internet SIM TCP/IP SMS TCP/IP with WIB SMSC SmartTrust Wireless Internet Gateway Internet Server GSM SMS Security Transport Security (GSM 03.48) End-to-end Security (3DES) Source: Mobile Application Development with SMS and the SIM Toolkit, S.Guthery & M.Cronin, 2002

  50. Bank vs. Mobile Operators? • Arm-Twisting over the service, security and customers who may have different operators’ mobile subscription • Good example of cooperation : Barclay card and mmO2 service in the UK • Example of Bank-control : Bank holds control of the access to their own services : Nordea Bank • Example of Operator-control : Smaller banks may find it useful to be placed on an operator’s portal or even co-brand services with the mobile operator, and let the operator handle the hosting of the mobile data access and security solutions, thus being able to concentrate on their own core business : Sonofon in Denmark and Danish banks