RESEARCH OBJECTIVES AND AN OVERVIEW OF WIRELESS TECHNOLOGIES IN PAYMENT SYSTEMS Prof. U. S Pandey and Vibha Kaw Raina School of Open Learning Delhi University Email :
[email protected] B.I.T MESRA Ranchi Extension centre NOIDA Email:
[email protected]
Abstract Mobile payment refers to wireless based electronic payment for mobile commerce to support POS and payment transactions on users mobile device. According to the Mobile Payment Forum mobile payment is the process of two parties exchanging financial value using a mobile device in return for goods or services. Mobile payment has received the significant attention for its easy payment mechanism as compared to traditional payment. The scope of this paper is to explore, analyze the different entities involved in the payment systems. This paper deals with the interaction and coordination between different entities to facilitate reliability, accuracy, security of the payment systems with respect to different technologies and the research objectives of Payment Systems. Keywords: Payment systems, wireless technology, Mobile wallets, POS Introduction With the advent and the advancement of the wireless communication and mobile technologies, there is drastic growth in people’s life. With the increase in mobile device users, many applications of commerce have become mobile. Now, the mobile device helps in doing all the transactions which were once manual. One of the important and the critical application of M_Commerce is the M_Payment. It provides excellent user friendly business opportunities. Mobile payments represent opportunity for the mobile industry and for financial service companies. But, the services are broadly demanded by consumers. At present the, mobile payment applications are limited and only a small number of markets enjoy a high penetration. Mobile payment system is quite a developed area where lots of services and facilities have been provided. My area of research focuses on mobile phone based payment systems, POS payment system and mobile wallets. [1-2]The development of wireless network technology made payment an important scenario in terms of advertising and marketing activities that delivers ad’s to the mobile users. Various types of ad’s can be delivered to the different mobile devices. From the mobile payment service provider point of view my research will be focussing on P2P models and Bank centric models. And the technologies to be utilised in these areas will be RFID, NFC, and Bluetooth. While designing a payment system in association with banking systems it is important to support every payment and banking scenario, low cost for every entity (i.e. customer, merchant and banking organization),mobile device and platform independence, minimal cooperation among mobile network operators. And financial organizations, open standards and programming languages, privacy, reliability and security, simplicity, efficiency and ease of use and integration of legacy applications. Section 1 presents the details of the types of payment systems used with respect to the banking system. Section 2 presents the GSM architecture for mobile payments. Section 3 presents different technologies involved in the payment systems and the integration and co-ordination of these entities involved.
Section 4 presents the details of the security issues and the limitations of different technologies. Section 5 presents the objectives of my research. 1. Mobile Payments with reference to the Banking Systems M_Payment supports any transaction with a monetary value that is conducted through a mobile telecommunications network. A wireless payment system refers to an electronic payment system that provides wireless based electronic payment solutions to support point of sale and /or point of service payment transactions over wireless or internet through diverse mobile users devices, such as cellular telephones, smart phones or PDA’s and mobile terminals Doing financial transactions via mobile phones would eliminate the need for auxiliary payment instruments (like POS devices), while using security features of the SIM card (as a smart card) would yield to a great level of security and dependability. A mobile payment service comprises of all technologies that are offered to user as well as all tasks that the payment service provider(s) perform to commit payment transactions such as cash, credit card, or mobile phone wallet. In addition to pure mobile payment instruments, most electronic and many physical payment instruments have been “mobilized”. Payments fall broadly into two categories; payments for purchases and payments of bills/invoices. In payments for purchases mobile payments compete with or complement cash, checks, credit cards, and debit cards. In payments of Typical usage entails the user electing to make a mobile payment, being connected to a server via the mobile device to perform authentication and authorization, and subsequently being presented with confirmation of the completed transaction. While designing and developing any payment system it is important to consider some important points like communication between merchant and consumer, trust, security, ease of payment, low transaction costs in case of Credit cards. Deployment of successful mobile payment system is result of cooperation of different players, while each of them has different expectations. Bills/Invoices mobile payments typically provide access to account based payments such as money transfers, Internet banking payments, or direct debit assignments. The main players include: •
• •
Customer: Customer expectations include being able to pay anywhere, anytime, and in any currency ,wide availability of the new services, support for micropayments as well as macro payments and low additional charges. Mobile Network Operator: Its expectations include adding value to existing services, to increase customer loyalty, new revenue channels and to increase the revenue per user. Bank: Bank’s expectations include branding and customer loyalty, new business cases, secure payment service, minimization of frauds and to new payment methods. [3-4] Bank Payment Service Provider
Merchant
Mobile Network operator
Potential Players in Mobile Payment Service Value Chain
Security and Authentication Provider
End User
Mobile payment systems can be classified into following types: A) Account Based Payment Systems In this case, each customer is associated with the TTP i.e. bank. Account based is further of two types Pre-paid transactions and post paid transactions. In pre-paid transactions, the account is directly linked to the customer’s bank account. The customer has to maintain positive balance of the account which is debited when prepaid transactions takes place. In case of post paid transactions, the charges are accrued in the customer’s account. The customer is
then periodically billed and pays for the balance of the account to the TTP. Account Based payment systems are further classified into three categories: 1. Mobile Phone based Payment system: – This enables consumers to purchase and pay for goods or services via mobile phone. Here, each mobile phone is used as personal payment tool in connection with the remote sale. This payment works in association with the banking systems, where the bank has a relationship with the customer as well as merchant in the form of issuing bank and acquiring bank. Bank deploys mobile payment application to consumers and ensures that the POS terminals have contactless capability. Bank also offers potential value added content. 2. Smart card payment systems: - They use smart card, an embedded microcircuit, which contains memory, microprocessor and operating system for memory control. These smart cards can be used for electronic identification, electronic signatures, encryption, payment and data storage. One of the most important wireless technologies which is playing a significant role in mobile payment and banking system is NFC which is acting as a contactless card embedded in the mobile phone. 3. Credit card mobile payment system: - This type of mobile payment systems allows customers to make payments with the help of mobile devices using smart cards. The existing SET secure protocol, developed by Visa and Master card for secure transfer of credit card transactions. 4. Mobile POS (Point-of-sale) payment: - Mobile POS payment systems enable customers to purchase products on vending machines or in retail stores with mobile phones. There are two popular types of mobile POS systems. (A) Automated point-of –sale payments and (b) Attended point-of-sale payments. The first type is used by ATM machines, retail vending machines, parking meters or toll collectors and ticket machines to allow mobile users to purchase goods with the help of mobile devices. The other type of post Payment system is useful for shop counters and taxis. B) Mobile Wallets Mobile wallets are the most popular type of mobile payment option for transactions. Like e-wallets, they allow a user to store the billing and shopping information that the user can recall with one-click while shopping using a mobile device. The primary types of mobile wallet schemes in the market are client wallet and hosted wallet. Client wallets are stored on the user’s device in the form of SIM application toolkit card that resides on the phone. Since the wallet is based on the hardware therefore it is difficult to update .Hosted wallets refer to server wallets which are hosted on the server. These wallets can be self hosted wallets or third party hosted wallets. [5] M_Payment Life cycle:Payment transaction process in a mobile environment is similar to typical payment card transaction. The only difference is that the transport of payment details involves wireless service provider. WAP/HTML based browser protocol might be used or payment details might be used or payment details might be transported using technologies such as Bluetooth and infrared. Mobile payment life cycle has the following steps:1. Registration: Customer opens an account with payment service provider for payment service through a particular payment method. 2. Transaction: It is accompanied by the four steps. a) Customer indicates the desire to purchase a content using a mobile phone. b) Content provider forwards the request to the payment service provider. c) Payment Service Provider then requests the TTP for the authentication and authorization. d) Payment Service Provider informs content provider about the status of the authentication and authorization. If customer is successfully authenticated and authorised, content provider will deliver the purchased content. 3. Payment Settlement: It can take place during real time prepaid or post-paid mode. A real time payment method involves the exchange of some form of electronic currency, e.g. payment settlement directly through a bank account. In a prepaid type of settlement customers pay in advance using smart cards or electronic wallets. In the post pay mode, the payment service provider sends billing information to the TTP, which sends
the bill to the customer, receives the money back and than sends the revenue to the payment service provider. [6] Customer
Merchant
Service Request
Trusted Third Party
Payment Service Provider
Service Request
Delivery of service
Authentication & Authorization Request
Purchase Authorization Billing Payment
Life cycle of mobile payment 2. GSM architecture: The M_Payment system is designed to operate with existing GSM infrastructure. The architecture stretches from the user handset to the GSM network Service mode in between the components. It serves as a middleware to handle transactions between the subscribers, the merchants and the network operators. Each component interacts with each other to deliver the function of enabling the consumer side and the merchant side to do buying and selling over the wireless platform. There are five components, the Mobile Station (MS), Mobile Network (MN), The Short Message Service Centre (SMSC) and the unstructured Supplementary Services Data (USSD) server; both are service nodes within a GSM network and finally the Mobile Payment System. Mobile station is a transmission and receiving end of SMS. Mobile station always refers to a basic mobile phone of a customer. But in the merchant side, it could be a GSM modem inserted with a SIM. When a modem is connected to a personal computer (PC) it could be easily used as a terminal. There are two parts in a Mobile Station, namely the equipment part and radio part. Equipment part has an input device (keyboard), an output device (screen) and a CPU. The Subscriber Identity Module (normally called as SIM card) is inserted into a slot in the equipment part. The SIM card stores the IMSI (International Mobile Subscriber Identity) and the secret key Kp which is useful information to be transported during the authentication process to the wireless network. Radio part is a radio transreceiver for transmission and reception of radio signal. The GSM network is the wireless network part. In short, the radio subsystem interface with the mobile station, where at the network subsystem which is the HLR, VLR which the information and the gateway that connect to other network. And the operation sub system which includes the AUC that is responsible for the authentication and also the billing system that stores the charges record for each subscriber. [7] Mobile Mobile Payment Mobile
SIM Card
Mobile Station
Air Interface
MS HLR AuC Base SMS C
USSD Server
Overview of System Architecture
Mobile Pay DB
Mobile Pay Program
The Mobile Payment System which is intended to interface with two important service nodes exists in the GSM network system. First is the unstructured supplementary Services Data (USSD) server and second is the Short message Service Centre (SMSC). It is designed to listen to the incoming calls from the USSD server, translate and extract the information from the USSD calls. Another client gets the information and passes it to a main program. The main program controls the logic of the system, including from receiving the data, sending the request to SMSC, writing the billing record to the database, etc. The diagram below shows the general design. Mobile Payment Mobile SMPP Air Interface
USSD
Java Get
TCP/IP
SMSC
Send Client Mainform
DB
MS of Customer or Merchant
The Architecture Design
The Mobile Payment system logic is to control the flow. It is designed to listen to request sent from the merchant or the users, and to connect the SMSC for further messaging service. For the Payment authorization and user authentication, it performs the checking function and finally records the transaction log. The logic is shown below. [8] Start
User Interface
Merchant Interface
Initiate Purchase Request
Mobile payment System
Make payment authorization request
Application Request
Listen to USSD Server N
Check Merchant Validity
User Authentication
YY
Connect to SMSC
Input PIN N
Check Customer validity
Transaction Succeed
Y Transaction Succeed
Connect to SMSC
Mobile Payment System Logic
End
Fail
3. Wireless technologies used for payment systems: There are already a variety of wireless technologies used for mobile payments such as Bluetooth, IrDA, FID and NFC. All of these wireless technologies are used in order to meet the demands of data transfer from business and personal perspectives .In order to be widely used payment systems is basically, the integration of different entities which include customer, merchant and bank. In order to make these entities work in a cordial way , the technology has to play an important role where not only wireless communication, but other technologies has also to be clubbed to make efficient and effective working of payment systems. Open technologies, in conjunction with standardized interfaces, offer flexibility, adaptability and continuous extendibility. [9]The third (3G) and fourth generation (4G) or beyond 3G communication technologies, in combination with short range wireless technologies like Bluetooth, NFC, RFID constitute the technological background for the development of payment systems via mobile devices.2G and 2.5 G are still the most widely used communication systems in the world.3G systems came to overcome the limitations and inefficiencies of the previous ones. A 3G wireless network supports numerous heterogeneous links, providing high data transmission rates and guaranteed quality of service (QoS).Almost anywhere connections provided by multi-mode mobile device, increase the value and usability of mobile financial services. Personalized and location based services are some of the main enhancements of 3G.Research community is currently studying the fourth generation (4G) mobile network communications.4G offers advanced services as well as higher reliability, security and higher date rates with adaptive interfaces. The key features of the emerging 4G networks are ubiquitous computing, interaction of different wireless communication technologies capabilities. [3]The main characteristics of these technologies are as follows: Bluetooth research began in 1994, and the standard for the Bluetooth was developed by Special Interest group (SIG). Bluetooth operates at the speed of 2.4 GHz industrial, scientific and medical (ISM) frequency band. Bluetooth provides adhoc connections between different electronic devices Such as mobile phones, laptops and so on. Bluetooth operates at a short distance up to 10 meters. By increasing the transmission power to 100mW, the range can be extended to 100m.Bluetooth can be implanted in mobile payment systems for data transfer and other functionalities. The reason, being that it offers low power consumption. Bluetooth uses (FHSS) Frequency Hopping Spread spectrum method to avoid interference. It helps payment systems reliable services. In 2001, Ericsson cooperated with Euro Card AB in Sweden to test the Bluetooth based Payment system. There are some limitations in Bluetooth technology where security is a major concern for wireless applications and is difficult to configure. [10] Infrared Data Association: IR is based on infrared light to set up wireless communication channel. The IrDA was established in 1993. IrDA is point to point communication between devices. Many electronic appliances, such as electronic device remote controls, PDA’s and laptops, use infrared. Infrared is another competitive player for mobile payment systems. In South Korea, the Harex InfoTech provides a mobile payment system called ZOOP. It combines mobile device and a wireless technology to create mobile wallet that allows consumers to make payment s via IrDA mobile devices. Infrared has some limitations. It cannot penetrate through walls. It limits the performance of the applications. [9] Radio Frequency Identifications: RFID is an old technology which has been there since Second World War. RFID uses electromagnetic fields that are coupled with radio frequency. RFID is one of the potential players for mobile payment systems. RFID can be used as contactless cards which can be fitted in the mobile device. FID provides high speed reading and writing of data. Moreover, FID can operate under a variety of conditions such as ice, fog and so on. Nokia and MasterCard have tested new retail payments using mobile payments based on mobile phones in the U.S .However, there are some issues in RFID in terms of security hat too in terms of privacy. [11-13] Near Field Communications: NFC is an open global infrastructure for easy access to wireless services and at anywhere and at any time. NFC offers convenient connections for various types of electronic devices. It has a built in security mechanism which makes it ideal for payment and financial applications. NFC works with 13.56MHz frequency band and is compatible with RFID. NFC can be implemented with RFID for different reasons. It provides very low power consumption, it offers great security mechanisms for applications and lastly, NFC device is easy to
use and establish connections. NFC supports peer-to-peer communications, which is its main drawback in terms of mobile payment systems. [14-15] 4. Security: In order to make M_Payments the most widespread and acceptable to consumers and to merchants, it is important to maintain security with respect to different entities and players. The important dimensions of security are Privacy, confidentiality, non-repudiation, integration, and authentication. As per the general framework privacy has to be maintained for consumers there should be no financial loss. For Businesses customer Authentication is important. Authentication identifies author of the transactions .The integrity assures that the message has not been altered in transit. Non repudiation refers that non denial of any transaction and confidentiality refers to the message cannot be read by anyone. There are different technological solutions for maintaining these dimensions of security, e.g. GSM/CDMA maintains security for confidentiality at transport layer. Authentication and non repudiation can be guaranteed by WPKI. 5. Objectives of my research: In this paper I have discussed the working and the functioning of different entities in M_Payment systems. The objectives of my research are: a) To analyse and enhance payments done with the help of mobile devices at POS terminals and the success and trustworthiness of mobile wallets used. The usability and enhancement of the mobile wallets designed and developed. b) To design and develop the technological solutions with reference to NFC, Bluetooth and RFID tags. c) To utilise and integrate the above mentioned objectives with p2p models and Bank centric models. Conclusion: Mobile payments are important applications in M_Commerce.Today, a number of competing mobile payment solutions is available in the marketplace. In this paper, the fundamental concepts of payment systems have been discussed, along with its technology. But, the importance of technology infrastructure has always been there. A sophisticated technology infrastructure is needed to satisfy the needs of every player in the payment systems. So, the emphasis is on the integration of different players and entities for the enhancement of systems available. References: 1. 1. Jerry Gao, Jacky Cai, Kiran Patel, Simon Shim,” A Wireless Payment Systems”, IEEE Proceedings of the Second International Conference on Embedded Software and Systems 2005,0-7695-2512-1/05. 2. U.Varshney and R.Vetter,”Emerging mobile and Wireless Networks”. Communications of ACM vol43, no6, pp 73-81, 2000. 3. Apostolos Kousaridas, George Parissis, Theodore Apostolopoulos, “An open financial Services architecture based on the use of intelligent mobile devices”. Electronic Commerce Research and Applications 7 (2008) 232-246. 4. Tomi Dahelberg, Nina Millat,” Mobile Payment Market and Research Past, Present and Future”, Proceedings of Helsinki Mobility Round table. Sprouts: Working Papers on Information Systems, 6(48). http://sprouts’aisnet.org/6-48 5. Jerry Geo, Vijay Kulkarni, HImanshu Ranavat, Lee Chang,”A 2D Barcode-Based Mobile Payment Systems” IEEE 2009 Third International Conference on Multimedia and Ubiquitous Engineering. 6. Nambiar and Lu, “M-Payment Solutions and M_Commerce Fraud Management” M_Payment Solutions. 7. McKitterick,D.,Dowling,J.,2003.State of art Review of Mobile Payment technology.Department of Computer Science,Trinity College,Dublin,Technical R,eport Page 10. 8. Henry Ho,Simon Fong,Zhuang Yan,”User Acceptance Testing of Mobile Payment In Various Scenarios”IEEE 2008 International Conference on e-Business Engineering.Pp 341-348. 9. Jiajun Jim Chen and Carl Adams,” Short-Range wireless Technologies with Mobile Payment Systems. Sixth International Conference on Electronic Commerce ACM1-58113-930-6/04/10.
10. Sojen Pradhan, Elaine Lawrence,” Bluetooth as an enabling Technology in Mobile Transactions”, IEEE
11. 12.
13. 14.
Proceedings of International Conference on Information Technology: Coding and Computing 0-7695-23153/05. Landt,J:, (2001) The History of RFID. AIM [online]. Available from www.aimglobal.org/technologies/rfid/resources.pdf 10.Geethapriya Vankataramani and Srividya Gopalan,” Mobile Phone based RFID architecture for secure electronic Payments using RFID credit cards”2007 Second International Conference on Availability,Reliability,Security.0-7695-2775-2/07. Ian Angelle and Jain Kietzmann,” End of Cash”, communications of ACM 2006 Vol.49, No.12. Eamonn O’Neill,Peter Thompson, Stavros Garzonis and Andrew Warr,”Reach out and Touch: using NFC and 2D Barcodes for service discovery and interaction with mobile devices.”Proceedings of the 5th International Pervasive 2007 Conference pp.19-36.
15. W. Chen, G.P. Hancke and K.E. Mayes, Y. Lien, J-H. Chiu,”NFC Mobile Transactions and Authentication Based on GSM Network”.Second International Workshop on NFC.
