Literature Review on Mobile Banking
Keywords: mobile banking in india, mobile banking literature
Mobile banking is defined as a provision and availment of mobile and bank services by using telecommunication device, the services may include keep in contact with bank to administer account and access customized information (Tiwari and Bus, 2007)
Mobile banking is a channel through which a customer can interact with bank through device such as mobile and PDA ( Tommi Laukkanen, Suvi Sinkkonen, Marke Kivijärvi, Pekka Laukkanen, 2007). Mobile banking is seen as an extension to the payment system of bank which enables mobile network to extend its services in reach of customer (Gavin Troy Krugel, 2007)
Mobile banking help customer to access their banks anytime. Through mobile banking application customer can check their account details, transfer money transitions, and can pay their bills while sitting at home and offices. (Infogile Technologies, August 2007)
The continuous development and usage of mobile make people to become in habit for it and this force companies to come up with new mobile services. Some studies shows that the transaction through mobile is more secure than a connection through internet on pc. But some studies go against it and showed the security a major challenge for mobile banking (Tommi Laukkanen, Suvi Sinkkonen, Marke Kivijärvi & Pekka Laukkanen, 2007).
Some factors which nourished the mobile banking and due to which the need of mobile banking is felt are the economic development (globalization is leading to mobility), high density of mobile devices, powerful devices, high data transfer, attitude of new generation towards the use of mobile banking the need and wish for mobility is increased. Features of mobile banking includes its available anywhere, anytime, instant connectivity, pro active functionality (push and pull technology), easy access (simple authentication) ( Tiwari and Bus, 2008).
Mobile banking can provide location based services as compared to banks. Mobile banking is more secure than internet, it not only provide traditional bank services but also 3A services (anywhere, anytime and anyhow).As mobile banking is more convenient, effective and efficient which help to attract more customer (Jin, Nie, Xianling, Hu, 2008)
Banking services, delivered by means of mobile phone Informational services: report on any type of transactions to mobile phone Payment services, based on mobile phone Mobile banking can be based on different technologies SMS, WAP, GPRS/Edge/3G(Eddy Cormon,2009)
The difference between internet banking (e-banking) and mobile banking (m-banking) is that through internet bank account information is access by pc or off the mobile and through mobile banking account information is accessed by its two channels either via SMS or browser and by using mobile banking in advance era a customer get SMS alert of changes in account (Bankable Frontier Associates, 2008). Mobile banking is area in which the development can flourish and can lead to replace credit/debit card. In past 2 to 3 years mobile banking advance itself to the extent that it increase three times if we go on comparison with debit/credit cards banking (Mahesh .K. harma , Ritvik Dubey, 2009) Mobile Banking: Use of mobile device to connect to a financial institution to conduct customer self-service (CCS) includes viewing account balance, transferring funds between the accounts, paying bills or receiving accounting alerts. Mobile Payments: Use of a mobile device to make a purchase or other payment-related transaction. Payments initiated in physical or virtual worlds, and can be conducted via SMS, MMS, mobile Internet, downloadable application, and NFC chips.(Breffni McGuire and Marianne Crowe, 2008 )
From the last ten years technology has been evolving itself by inclusion or replacement of other technologies coming through as the day pass. This technology development has a great impact on banking industry. On the other hand the services of banking is also go through many changes starting from early eighties when telephone banking and computer banking took a lead and moved towards ATM and internet banking applications. As the electronic banking was on its peak along with it change bring in mobile technologies as well including SMS, WAP, 3G and 4G technologies (Tommi Laukkanen, Suvi Sinkkonen, Marke Kivijärvi & Pekka Laukkanen, 2007).
The population of Pakistan is exceed to 170 million but unfortunately there are approximately 16 million bank accounts and left behind 110 million people are without access to banks. The main focus of mobile banking is rural area, where people have 2500 branches of banks for 105 million people and 42000 subscribers per branch, Whereas mobile phone users are reached to 97 million. So that Pakistan was a good market for Mobile Banking begning. (CGAP, February 2010)
In Pakistan mobile banking is emerged and famous by the name of branchless banking. After the struggle of five years from 2005 to 2010 now Pakistan is able to make their people dreams come true and mobile banking is now on its success way. Back to march 2007 first time the policy and regulatory paper was issued by SBP on a base of branchless banking (which can provide the financial services to the people who are underserved or unbanked). (CGAP, February 2010)
Financial institutions were reluctant to make such huge and risky initial investment. SBP insist on implementation of mobile banking and advice Financial Institution and Banks to process the work flow of mobile banking otherwise the that would be permitted to the MNO’s (Mobile Network Operators) to start their own. SBP take step with Ministry of information technology (MOIT) and Tameer bank. In 2009, Telenor has launched easypaisa( First Mobile banking Platform) with the help of Tameer Bank (A microfinance bank mostly owned by Telenor). In 2010 MCB, UBL and Allied Bank has implemented the mobile banking and making it more profitable for banks and customers as well. (CGAP, February 2010)
Benefits to Customer:
Customer can access his/her account by sitting at home. he/she don’t need to at the counter of bank and answer the various questions of officers.
Mobile banking is time saving.
Mobile banking keep informing customers about his/her bank account all the time anywhere.
Utility payments can be done through M-payment customers donot need to get in line and wait for his/her turn ( Uppal, 6 jan 2010).
Benefits to Bank:
By reduction of transaction cost, banks can save big money as Government gain is Rs.12 or Rs.13out of every 100 rupees, through mobile banking this cost reduce to Rs. 2
Time saved by the bank through mobile banking can be utilize in expansion of business, marketing and sale activities etc
Banks can be benefited in a way by getting commission from cellular companies for providing services through ATM i-e prepaid talk time
Those banks that are providing these services have a competitive advantage over those who are not providing it (Uppal, 6 jan 2010).
MODELS:
According to the policy paper issued on regulatory frame work of mobile banking by SBP there is only bank – led model allowed. Non-bank model will only be allowed afterwards when players included in system get that much mature to have a limited control on a system. Bank- led model can be implemented by joint venture of Bank and cellular companies (SBP, 2007).
Mobile banking can be implemented by using One- to-One Model, One-to-many and many-to-many model (SBP, 2007).
One-to-one Model:
In this model only one bank gets in agreement with a telecom company to provide mobile banking services to the customer. The scope is limited because the services is specific to one telco customers but good service standard, greater customization and opportunity of Co-branding and Co-marketing (SBP, 2007).
One-to-many model:
In this model a bank is in agreement with many telecom companies and provides service of mobile banking to their customers and everybody who has mobile phone can reach to the mobile banking service. There are several drawbacks of this model one is the telco cannot prioritize the mobile banking SMS services in order to provide quick transactions, secondly financial institution has to bear all expense related to advert/marketing, lastly bank is responsible for the arrangement of product distribution and cash inflows and outflows (SBP, 2007).
Many-to-many Model;
In this model many banks interact with many telecom companies in order to provide services to all those customers who have bank accounts. System leads under this model require a central transaction processing system which is handled by a financial institution or a third party who had an agreement with bank. Transaction processing system must be responsible for provision of real time service, having all proves of transactions and provide daily basis reconciliation to the account holder. This model has minimum limitation and gives maximum connectivity to its customer like an ATM which can be use by the consumer for initiating another bank transaction (SBP, 2007).
In 1997 Nokia, Motorola, Ericson and phone.com came together to have a one platform for WAP application because they believed that it is critical to have a uniform standard for implementation of wireless internet universally. From that time 350 more companies join them for WAP (o.o.obe and V.F balogun, 2007).
Mobile banking can be implemented through companies other than telco such as fuel distribution companies, Pakistan post, chain stores etc by using technologies of mobiles and pc (SBP, 2007).
According to the research, number of those people who doesn’t have bank account are 4 billion in this world which is more than two third of world population consist of low and middle income countries. In Pakistan the ratio of financial outflow is even higher than inflow, the increase of inflows is become the critical component which lead to country economic development. Mostly developing countries had implemented mobile banking such as Kenya, south Africa, Philippines, Cambodia. (Syed Salim Raza, 2010)
In Kenya mobile banking is implemented by largest mobile service provider, Safaricom and launched M-PESA in 2007. With the increase of 10000 subscriptions per day, Kenya has now 7 million clients out of 38 million people. Kenya provides services of depositing and transfer of money, in order to operate M-PESA 10000 agent was hired. M-PESA is usful for those area where there is hard to reach to banks. According to study the income of Kenyan is increase to 30% since they had started mobile banking. (Syed Salim Raza, 2010)
Philippines were the first user of mobile banking is ASIA. The central bank of Philippines (BSP) has taken step towards opening of mobile banking. Further than mobile banking is supported by two biggest mobile network operators in Philippines, Global and Smart. The services provided by the smart is ‘smart money’ having 2.5 million out of 39 million subscriber and 1.2 million subscriber of Gcash services out of 23 million by Global. According to BPS, through traditional way customer was charge 2.5 or 5 % of remittances but in mobile banking this cost only less than 2% and Philippians are now charge US$ 50. (Syed Salim Raza, 2010).
Mobile banking working based on its four constituent MNO, Banks, user applications, customers. These participant help to translate the transaction initiated from customer to the format which can be understood by banking system. For the implementation of mobile banking bank use its core infrastructure with some advancement in which a user is authenticated (usually a pin) through a platform usually a phone and a server, information is extracted from a user and pass it on to the bank then bank have set of processes for a transaction once the application is done with financial transaction it is switch back to the user by an acknowledgement usually in a form of bank account reconciliation (Gavin Troy Krugel, 2007).
The technology use in mobile banking can be categories in two environments, technologies at server side and technologies at customer side. SMS, IVR, USSD2 and WAP are server side technologies, on the other hand consumer side technologies includes applications, solution and offer which is set in SIM or in user mobile such as [email protected] and J2ME (Java) (Gavin Troy Krugel, 2007).
According to the study there are different challenges faced by the mobile banking discussed by different author which relate to mobile banking through different prospects. Uniform standard is one of the most important challenge as there are many devices of different service providers and vendors are indulge. There are no uniform regulation had made for those electronic devices to work on one platform. Network security (unauthorized access), customer privacy, and clearance of liability on customer side as they go for loan because through mobile banking the subscriber has virtual account and there is financial risk involve in it. A challenge of wireless carriers and financial institution dispute, both have different responsibility with respect to mobile transaction. (VENABLE, LLP, November, 2008). The lack of interoperability among mobile operators has limited the access of mobile payment (Kopicki and Miller, 2008). Some of the challenges which include profitability, can be generated by the initial payment paid by the customer for initiating a transaction. Which would be paid by the customer if the offer of mobile banking seems attractive to him, if it’s not does so then the initial cost of banks would be a sunk cost. Interoperability, regulatory issues and security are major constraints. (Ref: Upkar Varshney, December 2002).
Financial loss seems more fearful for a customer because something passing in air is not that much secure than physical transaction. Privacy risk which relate to the theft of private information. There are many uncertainties related to customer for example they think that they may not make mistake while doing financial transaction through mobile. The loss of connection which left the transaction incomplete make customer hesitated for usage of mobile for its financial transaction. Ref: (Tommi Laukkanen, Suvi Sinkkonen, Marke Kivijärvi, Pekka Laukkanen, 2007).
The introduction of GSM technology helped to boost the idea and implementation of mobile banking in Nigeria. Some of the challenges faced by the Nigeria are sustainability of of growth and progress, requisition of funds for marketing of mobile banking, development of promotion of IT, Security and privacy issues, Middleware issues devices, network and protocol limitation, different standards (o.o.obe and V.F balogun, 2007)
As mobile banking is a new concept that will bring some challenges and issues as well, if these issues are solved adequately it will proved to be more benefited than other technologies. Some issues including awareness about mobile banking which cover rural and urban areas, the extent of resolving the issue of security and privacy these issues can be handled very carefully and effectively but the need to take an eye of interest (uppal, 2010)
According to the survey more than 60% of users are worried about security of personal data and password protection while using mobile banking as mobile phone encryption ability is limited as compare to personal computer because of which the mobile cannot meet the demand of financial security. Various threats such as cloning and use of “magic cards” in advance era make mobile unprotected. The applications of new technologies make the bank to keep on changing the competition rule in banking industry. The most competitive challenge is how to provide the banking services to the customer which is more convenient to them, awareness among people would be a catalyst but also upgrade the business innovation and based on these services the mobile banking is the future (Zhong Wan, Weifeng Yin and Ronggao Sun, 2009).
Issues in mobile banking are demonstrated as there are large numbers of people who do not have bank accounts especially in rural areas, due to unawareness and distant factor the people don’t know about banking. There are policies, regulatory and legal, financial, security from malicious viruses, spam and malware attacks, information transfer (privacy of individual) and consumer protection, information disclosure on tariffs and services, data security, technical issues which need to be tackle. While introducing various applications for mobiles such as WAP based solutions create difficulty in uniform standards. Standards need to be address security and privacy concerns of customer as well as to promote the interoperability between different implementations. Revenue sharing agreement is another major issue between service provider, banks, content providers, other service provider such as utilities, retailer (Sanjeev Banzal, 2008).
Challenges faced by the bank during implementation of mobile banking in Bangladesh are, Difficulty in selection of right software, Huge Investment in purchasing the Software, License, inability to do interbank transaction as the national payment switch is not in place. Handling huge agent network to deliver and receive cash over the counter. Challenges for mobile operator includes, sharing network with multiple Banks and Operator, technical limitation to access other banks, breaches in data privacy, accounting errors, or fraudulent transactions could expose an operator to large liabilities and serious reputation damage, The complex delivery of financial services could distract management from its core communications business, perhaps stretching the abilities of smaller mobile operators, Additional Investment in Solutions. Challenges faced by solution providers are, most of the solution are telco led so bank do not feel safe, Huge Investment from their part as most of the Bank wants to share revenue, Some of the Banks are also not ready in terms of core banking or infrastructure for mobile baking solution. Challenges faced by government are prepare a proper guideline for the Mobile Banking system, maintaining track of all the financial transaction, setâ€up a list of services and there charges for all the mobile Banking service, Ensuring the compatibility of the software in “Bank Led” Model, Allow Inter†Bank transaction( Muntasir B. Shahariar, 2010).
In order to provide mobile banking services the service provider has faced a challenge of security and privacy of customer, service provider has to promise users a level of security, a solution for this challenge has been made by mobile service provider is PIN and pass code to authorize valid customers and encrypted data for transfer along with the threat of password or PIN stolen if a mobile phone or wireless device is lost. Cope with low price charged to the customer is a also a hidden challenge for financial institutions because mobile banking is based on the revenue sharing model but in order to attract and retain customer low price than e-banking and previous banking service must be target(Caroline Boyd, 2007).
Though mobile banking has a potential to improve saving rate and provide access to financial product but it’s still facing challenges which need to overcome includes high barrier to entry, low rate of loan repayment because of less contact with customer and regulatory issues (John Erickson, 2010).
Attackers are gaining experience in tricks and those techniques which are unknown in 1990 are become mainstreams in 2000’s such as phishing, malware, pharming such as DNS poisoning, increasing advancement in phones now threats is increased more on mobile than pc’s(Bankable Frontier Associates, 2008)
Challenge regarding m-banking to policy-makers and regulators is two-fold: Firstly, to encourage banks and mobile operators to develop solutions that are not proprietary, and secondly, to allow access to potential new entrants that can disrupt the lucrative business models of the banks and mobile operators. The key challenge is to do this while at the same time ensuring high levels of security and trust. “Just like convergence forced the integration of broadcasting and telecommunications, so mobile banking is forcing the convergence of the financial and telecommunications sectors. Unfortunately, the convergence of two such heavily regulated industries means that this potential is unlikely to be met unless policy-makers lay the ground rules for innovation. (Comninos, Esselaar, Ndiwalana & Stork, 2008)
The bigger barriers in way of mobile banking is interoperability, fraud and security ,lack of awareness and understanding of benefits can achieve from mobile banking (Mahesh .K. harma , Ritvik Dubey, 2009). The common challenge policy makers and regulators have to address is: how to formulate regulatory policy that balances the need to provide space for innovation whilst ensuring services are scaled up safely (GSMA, 2008)
There are also other manifest security challenges in delivering banking and payment services through wireless channels. Banks and other providers must implement security measures that adequately address these risks and threats regardless of the underlying network and carrier infrastructure used in delivering their services( Tony Chew, 2002)
PUBLIC KEY INFRASTRUCTURE (PKI) FOR
MOBILE BANKING
To understand the challenges of deploying PKI in
mobile banking, it is assumed that two keys are important.
One for encryption and another for decryption. Only the
decryption key must be kept secret: it is called the private
key. The corresponding encryption key call the public key
can be published.
A Public key infrastructure works as follow. Each
mobile bank user is listed in a public directory, with
his/her public key. If mobile banking user wants to send a
message to the bank server, he/she obtains bank’s public
key from the directory and uses it to encrypt the message.
The encrypted message is sent to bank application server.
Only bank server is able to decrypt this message, because
only bank knows the corresponding decryption key.
Further, mobile user can use his/her private key to digitally
sign his/her message by encrypting the message (or its
hash) with his/her private key. Although everybody can
read public-key directories, they must be protected from
falsification and abuse. Therefore,there is need arise for an
appropriate infrastructure called a public key infrastructure
(PKI). (Narendiran, Rabara, Rajendran, 2010)
In Jan 2010, for the security protection public key certificate was introduce by which the transactions made more secure than ever by using public key certificate, a special phone i-e smart phone used in which electronic signature is validate the transaction and authenticate to access the bank’s website. For this purpose application based Microsoft’s ActiveX internet explorer was necessary in order to download PKC. As mobile phone is a non- Microsoft browser and its do not support ActiveX for example iPhone , blackberry, Android, these phone do not support the designed procedure, therefore the mobile phones can’t be used for mobile banking.
In July 2010, Financial services commission extended its regulation to allow other verification methods by which a lay man can having its simple mobile phone set can use mobile banking services by introducing non-Microsoft browsers (CAU, 2010).
The major regulatory issues which set around the branchless banking some of them are; 1- the risk of failure after introduction, a high profile failure lead to failure of all branchless schemes in which a high risk involved, 2- Non-bank institution must be introduce why only trust bank and presently using model of bank led is not always successful there must be bank led model at bank because mobile operator is a trustable authority and mobile operator can provide facilities such as a transaction can be traced geographically that a bank can never provide and mobile operator can know location exactly well than banks where a money is going to transfer and where it’s going to be received.3- appropriation of KYC regulation is necessary the suitability of application of customer should be under consideration. For example, if a customer transfer $30 and other is transferring $1000, will both undergo same KYC checks? If the most basic KYC checks applied to the poorest customer and full KYC checks would be applied to the customer who reached to the Max-limit this relaxation may lead to the risk of terrorist attacks (Paul Makin and McEvoy, 2009).
Those regulation that have been used for traditional banking can’t be used for mobile banking because the risks of traditional bank and risks of mobile banking can’t be equal so there is a need to develop more regulation for mobile banking, there are some areas in which the regulator attention is more require for example, making legal anti money transaction, agency rule, fullfilment cost of regulation, Foreign exchange controls, Payment regulation for non-banks, i.e. mobile operators (GSMA,2008)
The regulation against risk of fraud, loss of privacy of customer and even for loss of service for the establishment of trust among the customer and it’s the most necessary element for the development of mobile banking. A legal framework needed which give authority to receive or send payments in electronic form. The Regulations also require for the Banks to take corrective actions and result proof measures to provide protection against violation terms and conditions of licensing including power to suspend or withdraw the license and if is there any violation done enforce financial penalty or regulate compensation. In order to formulate regulation the bank is eligible for issuance of rules, regulation and guidelines and directions for paper based payment items and the instruments used to complete the transactions and for presentation of electronic check. Moreover, the regulation is set by the bank to recognize new payment tools for the protection of interest of customer by ensuring security, integration, reliability of the payment system. In bank of India, the guidelines are only formulate by the reserve bank of India and it specifies that only those bank who have physical presence in India will be licensed and supervised and will be allowed to offer mobile banking in India. Services shall be restricted only to customers of banks and holders of debit/credit cards issued as per Reserve Bank of India guidelines. SBP issued a policy paper on Mobile ( Rasheda Sultana, 2009)
The development of mobile banking require some rules and regulation to be implemented for the protection of consumer, promote secure transactions, encourage economic stability. In regulation, clearly define those activities and institutional arrangements for mobile banking that directly focus on licensing, regulation and management by financial authority. It is require by those who are offering mobile banking to clearly expose prices and services offered by them along with it ensure fair dealing and data protection for all consumer. It is also require that mobile banking facilitator supervise risks of fraud and illegal activities under the rules of Know Your customer (KYC) (CAU, 2010)
Banking which elaborately discusses models of mobile banking and associated risks. SBP recommends bank-based model with the scope of introducing non-bank-based model at later stage ( Rasheda Sultana, 2009)
Financial crisis highlights need to make customer protection, financial access and financial stability mutually reinforcing Technological advances in mobile banking necessitate regulations that are flexible enough to accommodate innovation and customer demand yet stringent enough to protect customer privacy. The clarification of issues help banks and telecom companies to assess the risk involved in providing mobile banking in better way (CAU, 2010)
A major issue that come arise while using mobile banking is to know your customer, new customer identity evertime verified whenever he have to use the service. In Kenya, identification is proved through national id card and M-PESA service which rely on id card authentication and it goes perfect. Some development in regulation allowed that only a bank can offer mobile banking services because of the reason that mobile operator due to its lack of perception and recognition power, do not know how to apply same regulatory environment to the non- bank to some extent. As the security, protection (end to end encryption) can be done only by the mobile operators since the SIM in under control of mobile operator. There are two ways to resolve this issue one is to relax the SIM control, there will be a time reach in near future that the SIM will be public utility and some control rights would be taken away from mobile operator and given to the third parties, second is relaxation of security As the implementation of mobile banking solely on mobile operator is not possible, it can be operated with comprehensive security and suitable control on appropriate reporting of maximum number of customers, transaction size and enhanced server based control. The regulator will have access to the necessary levels (Paul Makin and McEvoy, 2009)
In order to achieve success in fulfillment of regulation and implementation of regulation, the regulator have to keep in mind that regulation must be apply in a proportionate manner to ensure safe and sound mobile money transfer. The regulation must benefit customers by rise in competition which reduce the price and improve the quality of service. The regulation must allow to be with the new mobile coming up for money transfer services. Financial regulation has to be developed through a consultative approach with the mobile industry to ensure it closely tracks market development without becoming a regulatory barrier (GSMA, 2008)
With respect to completing a mobile banking transaction, a mobile carrier’s legal obligation also differs in fundamental ways from a financial institution’s. The mobile carrier’s obligation to verify the origination and termination of a telecommunications transmission is mainly to ensure that a call is completed, and, that customers are accurately billed for the service. To the extent that a transmission is not completed, regardless of the content of that transmission, the liability of a telecommunications carrier is extremely limited as a matter of law. Under longstanding common law precedents and statutory law, for the most part a customer is entitled to no more than a refund for the cost of a “failed” communications, even if that communication happens to involve digital transfers of very large sums of money(
Frederick M. Joyce, 2010)
Mobile banking has two security segments; one is called handset zone user’s zone and other is mobile operator zone. Data security issues in mobile banking for example hackers, malware, viruses attacks etc some of the security issues that occur in mobile banking is as follow; Information leakage, loss and alteration can be happen in mobile banking as the technology is based on wireless devices, the information is transferred from one end to another end by using radio waves modulation and demodulation. When the rays passes from the air there are many other rays with which the interference of respective wave can be happen by which information may be leaked, loss and distort or it can be intercepted hackers can extract the information by installing devices on electromagnetic devices or may delete, modify or add in information which can damage the purpose of legitimate user which is initiated by him.
Instability of communication channels and mobile devices lead to incomplete transaction. The poor coverage causes to information incomplete sometime if a user is continuously changing its surrounding and passing from region of stronger to poor coverage, wireless signals may disturb which lead to delay in information causes the transaction incomplete or data loss. Denial of service attack in which attackers send messages in huge amount to mobile phones by taking control of gateway, attacker change the process of completing services by interfering into mobile banking service system. By sending many messages at a time make the system slow down and even paralyze and legitimate user may not be able to access the mobile banking system or accept the service response.
The major threat for mobile operation is the attack of viruses which mainly damage the functionality of mobile system, consume phone electricity and eliminate the record of the mobiles. The possibility of virus attacks on mobile banking is far greater than the internet banking or network banking. Virus on mobile phone can contaminate the wireless system along with fixed network terminal. It’s very difficult to install antivirus in mobile system. The virus of mobile can be transferred from one device to other and can infect the whole system even it is transferrable Bluetooth where it place a file including virus when connect to the near mobile phone Bluetooth (Jin , Nie, Xianling, Hu, 2008)
Security threats to the mobile banking are related to the presently computer networks and internet background. These include interference attack, denial of service attacks, viruses, worms, Trojan horses, identity theft and other forms of malicious or fraudulent acts (Tony Chew, 2002)
The security issued which is faced during the implementation of mobile banking through WAP are, no end to end encryption between client and bank server and there is no end to end encryption between client and gateway. To resolve this problem bank server should have its own access point name in any of GPRS network and this access point work as a WAP gateway for the bank. There will be no third party included bank must have directly connected to the client. Data confidentiality is a big issue for which the method is very weak which proved to be the problem for banks and raises security issues. There are some action which is performed by the bank which cant be seen by the account holder and some actions which are performed by the account holder which can’t be asses by the bank. GPRS provide session handling facilities but does not provide bank side session handling facility which create inconsistency on the bank side and it is a security threat as well (Narendiran, Rabara, Rajendran, 2010)
As mobile banking can be conducted in two modes by using WAP and SMS techniques, the security short comings of SMS
In this subsection we discuss the security short comings of the SMS banking
service. During the conception of the GSM system the SMS service
was designed for subscribers to send non-sensitive messages across the GSM
network. Security considerations in terms of mutual authentication, data
confidentiality, end to end security and non-repudiation were omitted with
regard to the SMS service.
2.5.1.1 Message Spoofing
In this attack the adversary sends out SMS messages that appear to be from
a legitimate sender by forging the originators address [31]. By altering the
originators address field in the SMS message header to another alpha numeric
string an adversary can perform masquerading attacks.
2.5.1.2 SMS Encryption
The default data format for SMS messages is plaintext. The GSM system
offers encryption only between the mobile phone and the Base transmission
station end to end security is currently not available. Besides the A5 algorithm
used has been proved vulnerable [31].
2.5.1.3 SMS Service Centre Attack.
The storage of copies of SMS messages at the SMS centre server hosted by the
mobile network service provider also provides a point of vulnerability to the
SMS banking service. Since the message is in plaintext then any personnel
who have access to the service providers SMS centre server can easily view sensitive details(Abunyang Emmanuel, 2007)
Order Now