iimk - backwaters (battle for it event) active_y
DESCRIPTION
This is the winning presentation for Mobile Banking presented at Case study competition at Backwaters, IIM KTRANSCRIPT
Presented By:Team: Active Y
Rakesh Sahu([email protected])Shanu Singh([email protected])
NITIE, Mumbai
Battle For ITMobile banking project
Content
Introduction to Mobile Telephony in India Market Opportunity Technology and Channel Analysis Challenges Security Services Offered Development Roadmap Governance Model For Unity Bank Appendix
Current Mobile Growth
Total mobile subscriber touched 670 million. Mobile telephone Density ~ 56% (metro ~110%) Growth has been tremendous in recent past with monthly
growth of over 2% .
Future Mobile Growth Prediction (2014)
Gartner states that the mobile subscriber base of India is expected to reach 993 million
Mobile telephone Density is expected to be 97%
Mobile Internet Usage (IMRB Int. 2009 report)
As per Dec 2009, there were 471 mobile subscriber. 27% or approx 127 million mobile users have internet-ready
mobile devices. 9.4% or 12 million of these users have accessed the internet at
least once in last one year. With 2m active users
Future Mobile Internet Growth (IMRB)
25 million mobile Internet users by 2012, and 50 million users by 2014
Reasons For Growth
Sharp fall in the call charges 3G spectrum auctioning and reduction in the prices of 3G/GPRS
enabled handsets Growing mobile penetration into all segments of markets
Mobile Data Channel Base and Future
Source: Gartner, IMRB International & I-Cube 2009 report
QE Mar-04
QE Mar-05
QE Mar-06
QE Mar-07
QE Mar-08
QE Mar-09
QE Mar-10
0
100
200
300
400
500
600
700
Mobile Subscriber
Subscriber
Rural India
Urban India
0
50
100
150
Tele-density
Tele-density
Target Consumer Behavior
• Mobile banking is most used by subscribers falling in Rs. 1 to Rs. 2.99 Lakh income bracket followed by less than Rs 1 Lakh income bracket.
• Finding: Mobile banking is more popular among low income group of mobile users than higher income group of mobile users.
Source: Vital Analytics , August 2009 report , telecomindiaonline
• Mobile banking report: “Most popular services and income profile” (Two month ended March 2009, Urban Indian Mobile Phone Users).
• Market Positioning: ICICI bank continues to maintain its leadership extending in mobile space, 42% of all mobile banking users bank with ICICI, followed by HDFC (25.3%) and SBI.
Check Account Balance
View Last Three transaction
Status of cheques
Payment Reminders
Request a cheque book
0 10 20 30 40 50
39.97
28.15
21.06
20.92
19.11
Percentage Breakup
Market Opportunity For MobiTechInc
28%
32%
40%
Banks In India
Public SectorPrivate SectorForeign Bank
47%
16%
12%
26%
Mobile Banking Service (39 bank offer mobile service)
SMSUSSDHTTPSJ2ME
44% Banks Already offer mobile banking service
• More than 50% banks still need to implement mobile banking setup
New Setup
• Around 50% bank use highly unsecure SMS channel for mobile banking
• Opportunity to propose up-gradation to more secure channelSecurity Up-
gradation
•We propose a collaborative model with one time payment cost followed by per transaction revenue model
Build & Operate Model
OPPORTUNITY
Primary Research
Available Technology Analysis
Function SMS USSD (Preferred technology)
HTTPS(Preferred technology)
IVR J2ME
Ease of use
Support All GSM All GSM GPRS/3G Enabled with browser
All GPS Java, GPRS/3G Enabled
Cost to user
Cost to bank
Encrypted path from handset to server Only Wireless portion
Only Wireless
Browser to Bank
Only Wireless
Browser to Bank
Ubiquity
Biggest Benefit Ubiquity Ubiquity Most Secure Familiarity Mobile Appl. DB
Skills/Training Required Text Formatting
None Browsing None Application know-how
Handset side provisioning None None GPRS, Browser
None GPRS, Application
Drawback Prone to Security
Less Secure GPRS connection
Slow Appl. Download
Scalability No USSD 2 Yes Limited Scope
Yes, need reinstallation
Preferred Channel Analysis
What is it?
Capability built into GSM phones, much like the Short Message Service
It sends text between a mobile and an application program in the network
Service is integrated even in legacy GSM stack (GSM 02.90 and GSM 03.90.)
How is it different from SMS
USSD transactions occur during the session only.
Allows two-way exchange of a sequence of data
SMS, messages can be sent to a mobile phone and stored
No sequence or session is maintained
Challenge
Development of USSD application Development of interface between application and network
nodes (gateway) Interfacing with core banking system
Service opportunity
• USSD service is available with all major gsm service provider in India
• It can be accessed while roaming without extra charges.• USSD can be leveraged to reach the mass since 90% MS in
India are USSD enabled
Steps (Balance enquiry & top-up)
1. A mobile user initiates the service by dialing the USSD string defined by the service provider; for example, *#123#.
2. The USSD application receives the service request from the user and responds by sending the user a menu of options.
3. The user responds by selecting a “current balance” option.
4. The USSD application sends back details of the mobile user’s current account balance and also gives the option to top up the balance.
5. The user selects to top up his/her account.
6. The application responds by asking how much credit to add?
7. The mobile user responds with the amount to add.
8. The USSD application responds by sending an updated
balance and ends the session.
USSD(Unstructured Supplementary Service Data)
Preferred Channel Analysis
Mobile web Access (web browser application)What is it?
Capability built into GPRS/EDGE/3G enabled phones It sends secured data packet between a mobile and an
application program in the network Service is integrated in 2G and above compatible stack
How is it different from USSD
HTTPS is used to create the secure session.
Allows multi-way exchange of data (by scaling it up for m-commerce)
USSD transactions occur during the session only.
Allows two-way exchange of a sequence of data
Challenge
Scalable futuristic architectural design Development of mobile friendly application Interfacing of application with core banking system
Opportunity
• This platform is highly scalable since it uses client-server model with standard browser client.
• Online streaming of data with end-to-end encryption• Cater to multiple needs of higher income group sophisticated
mobile users
M-commerce
Core Banking
Mobilr Banking Server
Mobile Handset
User Architecture
Hierarchical Model
Challenges – Mobile Network Operator SideIntegration of USSD Application with mobile operator network
1. Operator hosted secure communication platform
2. Operator hosted USSD mobile platform3. Co-branded mobile banking USSD platform
serviced via the mobile operator’s network4. Mobile network operator as the issuer of
the accounts5. Bank as the mobile virtual network operator
(MVNO)6. Third party(MobiTechInc) hosted mobile
banking platform with mobile operator interoperability
7. MobiTechInc hosted mobile banking platform with bank interoperability
8. MobiTechInc hosted USSD mobile banking platform with bank and operator interoperability.
Challenges - Core Banking SideIntegration of USSD & HTTPS Application with core banking system
SOA Architectured Core Banking System
• Reusable discrete component design in SOA helps significantly in integration to deliver agility and flexibility
• Data Abstraction layer can be used to modify the middleware we propose to provide interfacing to the USSD and HTTPS application
Legacy Core Banking System
• Middleware is designed to provide the interfacing between our application and the database of the Core banking system
• Middleware is a S/W application which on run-time converts the request from application into query format /variable of the core database
Security – Risk Analysis For USSD
Lost or Stolen mobile Station
Since no trace of transaction stored on mobile therefore no risk of loss of critical information
Air Interface
Guaranteed message delivery Wireless signal is encrypted as per the MNO
Application Physical Server Safeguard
USSD gateway and application will be on secure system (password protected) therefore no body can access the data at server level
Threat
There is no encryption of information so the channel from the network to the bank is open to monitoring, replay, modification and impersonation.
Threats- Solution
Use secured link (VPN or SSL) to connect operator network and core banking system
User Safeguard Transaction limit as per RBI norm with single transaction less then
INR 1000 Introduce cumulative and account balance limits
Physical Safeguard Data center such as core banking DB need to be physically guarded
through 24X7 security officer and video surveillance
Network Protection Implement firewall policy Install antivirus on network systems.
Security – Risk Analysis For Mobile Web App(HTTPS)
Lost or Stolen mobile Station
Since no trace of transaction stored on mobile therefore no risk of loss of critical information
Air Interface
Guaranteed message delivery Wireless signal is encrypted as per the SSL
Application Physical Server Safeguard
HTTPS application will be on secure system (password protected) therefore no body can access the data at server level
Threat
Mobile device could be infected with virus since HTPPS-browser capability is generally present on smart phones.
Threats- Solution
Installation of anti-virus software of the mobile station device
User Safeguard Transaction limit as per RBI norm with single transaction less then
INR 50000 Introduce cumulative and account balance limits
Physical Safeguard Data center such as core banking DB need to be physically guarded
through 24X7 security officer and video surveillance
Network Protection Implement firewall policy Install antivirus on network systems.
Services offered Over USSD
Account Inquiry
• Balance enquiry• Mini Statement
Funds Transfer
• With in the Bank• Max Limit is 1000 Rs.
Mobile Recharge
• Top up for own mobile• Top up for other mobiles
Requests
• Requests for cheque book• Request for m-statement
Services offered Over HTTPS Account Inquiry
• Balance enquiry• Mini Statement
Funds Transfer
• With in the Bank• Outside the Bank• Max Limit is XXXXX Rs.
Mobile Recharge
• Top up for own mobile• Top up for other mobiles
Requests
• Requests for cheque book• Request for m-statement
Demat Enquiry Service
• Portfolio value• Value of holdings• Transaction status etc
M – Commerce
• Insurance Premium• Merchant payment etc
Development Roadmap – lifecycle
Project Plan•Requirement•Design•Implementation•Testing
Resource Plan•Human Resource Requirements•Hardware Requirements•Software Requirements
Methodology - Overlapped waterfall model
Product To Be Developed - USSD Application
USSD Gateway Web Based Mobile Application (HTTPS)
MiddlewareProduct Development & Testing Environment-
Simulated environment for USSD testing (we propose to buy it) Simulated environment to test integration with known core banking solution
Project Plan
Governance Model For Unity Bank
• Mobile Banking development and operation are handled by the IT Department of the Organization.• Organization structure is proposed in a way such that IT department can work closely with Legal, Security and Finance
department for the smooth running of project
Appendix 1
Project Plan
………. Refer: Project Plan
Appendix 2
Resource Plan
………. Refer: Resource Plan
Thanks