Mobile Banking (M-Banking)

Software requirement Specification

S.S.Jain Subodh College
Jaipur-202021

Team Members:
Chanchal Garg
Anju Khandelwal
Project Guide:

INDEX
1. Introduction
1.1 Objective 05
1.2 Purpose 05
1.3 A Mobile Banking Conceptual Model 0
1.! "e#initions and Abbreviations 0$
1.5 %e#erences 0&
1. Overvie' 0&
1.$ (ools to be used 12
1.) (ec*nologies to be used 13
2. Overall Description
2.1 Product Perspective 1!
2.2 +et'ork Con#iguration 1$
2.3 ,o#t'are -eatures 1)
2.! ,ervice Overvie' 20
2.5 Bene#its 20
2. .nter#aces and Protocols 22
3. Security, Operation and Maintenance
3.1 ,calabilit/ 23
3.2 0nd1to1end ,ecurit/ 23
3.3 ,ecurit/ and Con#identialit/ o# in#or2ation 2!
3.! ,trong 21-actor Aut*entication 25
3.5 "ata .ntegrit/ 25
3. +on1%epudiation 25
3.$ Cr/ptograp*ic Operations 2
3.) (ransaction -lo' 2$
3.& Operating ,/ste2 %e3uire2ents 2)
3.10 Operation and Maintenance 2&
1. .ntroduction4

Mobile bankin 5also kno'n as M1Banking or ,M, Banking6 is a ter2 used #or
per#or2ing balance c*ecks7 account transactions7 pa/2ents7 credit applications and
ot*er banking transactions t*roug* a 2obile device suc* as a 2obile p*one or
Personal "igital Assistant 5P"A6. (*e earliest 2obile banking services 'ere o##ered
over ,M,. 8it* t*e introduction o# t*e #irst pri2itive s2art p*ones 'it* 8AP support
enabling t*e use o# t*e 2obile 'eb in 1&&&7 t*e #irst 0uropean banks started to o##er
2obile banking on t*is plat#or2 to t*eir custo2ers.
Mobile banking *as until recentl/ 520106 2ost o#ten been per#or2ed via ,M, or
t*e Mobile 8eb. Apple9s initial success 'it* .1P*one and t*e rapid gro't* o# p*ones
based on :oogle9s Android 5operating s/ste26 *ave led to increasing use o# special
client progra2s7 called apps7 do'nloaded to t*e 2obile device.
Mobile p*one usage *as spread in a ver/ broad 2anner7 beco2ing t*e #irst
co22unications tec*nolog/ to *ave 2ore users in developing countries t*an in
developed ones. 8it* 2obile co22unications alread/ as a pri2e case #or leap#rogging
traditional in#rastructure7 2obile banking 5M1Banking6 *as great potential #or e;tending
t*e provision o# #inancial services to unbanked people t*roug* a tec*nolog/ t*at is bot*
#a2iliar and 'idespread.
1.1 Ob!ective"
(*is project is ai2ed at developing 2obile banking s/ste2 t*at allo's bank custo2er
to use t*eir 2obile p*one to do banking7 pa/ing Bills etc. (*e objective o# t*is concept
note is to 2ake t*e case t*at 2obile pa/2ent s/ste2s 2erit #urt*er e;ploration #ro2
t*e M.- as a #irst step to'ards e;tending access to #inancial services to t*e poor and
t*ose living in re2ote areas.
1.2 Purpose4
(*e 2ain purpose o# t*is docu2ent is to s*o' t*e re3uire2ents o# t*e project
#$%ankin. (*e purpose o# So&t'are (e)uire#ents Speci&ication *S(S+ docu2ent
is to describe t*e bene#its associated 'it* M1Banking and increased access to better7
lo' cost #inancial services #or t*e currentl/ unbanked population include4 easier and
sa#er cas* *andling7 allo'ing #or t*e possibilit/ o# investing in asset creation or inco2e1
generating activities< reduced vulnerabilit/ to cas* #lo' s*ocks< and in general7 stronger
econo2ies b/ encouraging trade and 2arkets. .t also describes t*e design constraints
t*at are to be considered '*en t*e s/ste2 is to be designed7 and ot*er #actors
necessar/ to provide a co2plete and co2pre*ensive description o# t*e re3uire2ents
#or t*e so#t'are. (*e ,o#t'are %e3uire2ents ,peci#ication 5,%,6 captures t*e
co2plete so#t'are re3uire2ents #or t*e s/ste27 or a portion o# t*e s/ste2.
%e3uire2ents described in t*is docu2ent are derived #ro2 t*e =ision "ocu2ent
prepared #or t*e 21Banking.
1.3 A Mobile Banking Conceptual Model4
.n one acade2ic 2odel7 2obile banking is de#ined as4
Mobile Banking re#ers to provision and avail2ent o# banking1 and #inancial services 'it*
t*e *elp o# 2obile teleco22unication devices. (*e scope o# o##ered services 2a/
include #acilities to conduct bank and stock 2arket transactions7 to ad2inister accounts
and to access custo2i>ed in#or2ation.
According to t*is 2odel Mobile Banking can be said to consist o# t*ree inter1related
concepts4
Mobile Accounting
Mobile Brokerage
Mobile -inancial .n#or2ation ,ervices
Most services in t*e categories designated Accounting and Brokerage are transaction1
based. (*e non1transaction1based services o# an in#or2ational nature are *o'ever
essential #or conducting transactions 1 #or instance7 balance in3uiries 2ig*t be needed
be#ore co22itting a 2one/ re2ittance. (*e accounting and brokerage services are
t*ere#ore o##ered invariabl/ in co2bination 'it* in#or2ation services. .n#or2ation
services7 on t*e ot*er *and7 2a/ be o##ered as an independent 2odule.
1.! "e#initions and Abbreviations4
D%24
"B2 "atabase is t*e database 2anage2ent s/ste2 t*at delivers a #le;ible and cost1
e##ective database plat#or2 to build robust on de2and business applications.
,ersonal details"
"etails o# custo2er suc* as userna2e7 co2pan/7 p*one nu2ber7 address7 'ebsite7 e1
2ail address etc.
-I%"
A 2obile bro'ser7 also called a 2icro bro'ser7 2inibro'ser7 or 'ireless internet
bro'ser 58.B67 is a 'eb bro'ser designed #or use on a 2obile device suc* as a 2obile
p*one or P"A. Mobile bro'sers are opti2i>ed so as to displa/ 8eb content 2ost
e##ectivel/ #or s2all screens on portable devices. Mobile bro'ser so#t'are 2ust be
s2all and e##icient to acco22odate t*e lo' 2e2or/ capacit/ and lo'1band'idt* o#
'ireless *and*eld devices.
./M0"
?/perte;t Markup @anguage is a 2arkup language used to design static 'eb
pages.
.//,"
?/per te;t (rans#er Protocol is a transaction oriented clientAserver protocol bet'een
'eb bro'ser B a 8eb ,erver.
1SM"
:lobal ,/ste2 #or Mobile (eleco22unications
I22$ID"
.ntegrated Circuit5s6 Card C .denti#ier7 kno'n as t*e ,.M card .denti#ier
.SM"
?ost ,ecurit/ Module.
%S,"
Banking ,ervice Plat#or2
%MS"
Bank Mediation ,erver
3DES"
(riple "ata 0ncr/ption ,tandard
/2,3I,"
(rans2ission Control ProtocolA.nternet Protocol7 t*e suite o# co22unication protocols
used to connect *osts on t*e .nternet. (CPA.P uses several protocols7 t*e t'o 2ain
ones being (CP and .P.
1.5 %e#erences4

.000 ,%, -or2at.
Proble2 "e#inition 5Provided b/ .BM6.
DM@ so#t'are #or DM@ diagra2s.
1. Overvie'4
Mobile %ankin 2o#ponents"
Mobile Banking is enabled in t*e 2obile p*one t*roug* a secure applet located in t*e
enduserEs ,.M card. ,ecure trans#ers over t*e 'ireless net'ork and #inancial transaction
processing are 2anaged b/ t*e ,.M card and a distributed plat#or27 deplo/ed at t*e 2obile
operatorEs site and at t*e #inancial institution. (*e plat#or2 includes t*e #ollo'ing co2ponents4
t*e Business Mediation ,erver7 t*e Bank ,ecure Plat#or2 and t*e ?ost ,ecurit/ Module.
Additionall/7 an adaptor 2a/ be re3uired to enable co22unication over non1standard
inter#aces to bank s/ste2s.
%usiness Mediation Server 5BM,6 on t*e operatorEs side7 t*e BM, ensures co22unication
bet'een 2obile subscribers and #inancial institutions7 and routes 2obile banking transactions
e;c*anged bet'een t*e ,.M card in t*e 2obile userEs p*one and t*e B,P at t*e userEs bank.
(*e BM,4
%eceives subscribersE 2obile banking re3uests7 interprets t*e27 #or2ats and #or'ard
t*e re3uests to t*e subscribersE bank #or processing.
Maintains t*e status o# t*e re3uests.
@ogs transaction results #or auditing and billing purposes.
%eceives t*e bankEs responses and sends t*e2 to t*e ,.M.
Maintains t*e list o# #inancial institutions available on t*at operatorEs services.
%ank Secure ,lat&or# 5B,P6 on t*e #inancial institution side7 t*e B,P *andles transactions
bet'een 2obile users and t*e bankEs s/ste2s. More speci#icall/7 t*e B,P4
-acilitates co22unication bet'een bank s/ste2s and end1users.
?osts response te2plates 5pages6
Aut*enticates 2obile custo2ers.
Maintains connectivit/ bet'een t*e 'ireless teleco2 'orld and t*e banking
environ2ent.
0nsures t*at #inancial transactions and custo2er data are secure7 using t*e services o#
t*e ?ost ,ecurit/ Module7 .ost Security Module *.SM6 (*e ?,M7 a ta2per1proo#
*ard'are co2ponent7 provides state1o#1t*e1art cr/ptograp*ic #unctions to t*e B,P.
Dpon receiving a re3uest #ro2 t*e B,P7 it per#or2s cr/ptograp*ic operations7
generating transaction ke/s7 encr/pting and decr/pting sensitive in#or2ation. (*e ?,M
also 2anages t*e cr/ptograp*ic ke/s used to secure 2obile #inancial transactions. (*e
?,M is #urt*er en*anced 'it* t*e Mobile ,*ield #ir2'are #or secure business
transactions.(*e Adaptor7 re3uired onl/ '*en non1standard inter#aces to t*e bank
s/ste2s are used7 is a custo2i>able 2odule t*at translates 2essages to and #ro2 t*e
#or2at used b/ t*e bankEs back1end. (*e Adaptor sea2lessl/ insulates t*e B,P #ro2
t*e speci#ics o# t*e bank s/ste2sE inter#aces.
,everal operator1o'ned 2odules also participate in delivering t*e Mobile Banking
#unctionalities4
@in3Ds Online ,ervice :ate'a/ 5O,:6 *elps operators to o##er ,.M card1based
services to t*eir subscribers b/ connecting t*e2 to re2ote content in a session 2ode.
.n t*e conte;t o# 2obile banking7 O,: rela/s 2obile banking 2essages bet'een t*e
2obile p*one and t*e BM, and translates t*e2 #ro2 ,M, to ?((P #or2at.
@in3Ds Over1(*e1Air 5O(A6 Manager is an optional co2ponent t*at o##ers operators
t*e convenience o# re2otel/ provisioning and 2anaging ,.M cards.
A ,*ort Message ,ervice Center 5,M,C67 a standard :,M net'ork ele2ent7 delivers
,M, 2essages.
1.4 /ools to be used"
D%2 5 "atabase
E20I,SE 5 "evelop2ent (ool
(6/ION60 (OSE 5 "esign (ool
-6S 58eb ,erver
72EE 5 Application Arc*itecture
72ME 5 Mobile Application Arc*itecture
1.8 /ec9noloies to be used"
72ME"
F2M0 stands #or Fava 27 Micro 0dition. .t is a stripped1do'n version o# Fava targeted at
devices '*ic* *ave li2ited processing po'er and storage capabilities and inter2ittent
or #airl/ lo'1band'idt* net'ork connections. (*ese include 2obile p*ones7 pagers7
'ireless devices and set1top bo;es a2ong ot*ers.
-E% 2.:"
(*e ter2 -eb 2.: is associated 'it* 'eb applications t*at #acilitate participator/
in#or2ation s*aring7 interoperabilit/7 user1centered design7 and collaboration on t*e
8orld 8ide 8eb. 0;a2ples o# 8eb 2.0 include social net'orking sites7 blogs7 'ikis7
video s*aring sites7 *osted services and 'eb applications
XM0"

E;tensible Markup 0anuae 5XM06 is a 2arkup language t*at de#ines a set o#
rules #or encoding docu2ents in a #or2at t*at is bot* *u2an1readable and 2ac*ine1
readable. .t is de#ined in t*e GM@ 1.0 ,peci#ication

produced b/ t*e 83C7 and several
ot*er related speci#ications7 all gratis open standards.
72EE"
7ava 2 Enterprise Edition is a progra22ing plat#or2 part o# t*e Fava Plat#or2 #or
developing and running distributed 2ultitier arc*itecture Fava applications7 based
largel/ on 2odular so#t'are co2ponents running on an application server.
<M0"
Dni#ied Modeling @anguage 5<M06 is a standardi>ed general1purpose 2odeling
language in t*e #ield o# object1oriented so#t'are engineering.
676X"
AFAG is a group o# interrelated 'eb develop2ent 2et*ods used on t*e client1side to
create as/nc*ronous 'eb applications. 8it* Aja;7 'eb applications can send data to7
and retrieve data #ro27 a server as/nc*ronousl/ 5in t*e background6 'it*out inter#ering
'it* t*e displa/ and be*avior o# t*e e;isting page.
2.(*e Overall "escription4
2.1 Product Perspective4
Mobile Banking o##er is a co2plete #inancial services solution #or 2obile operators and
#inancial institutions. .t includes a secure ,.M applet and a distributed transactional plat#or2
t*at provide secure access #ro2 a 2obile p*one to 2obile banking7 2obile pa/2ent and
2obile 2one/ trans#er services.(*e ,ecure Applet is pre1installed on t*e ,.M card7 readil/
available to t*e end1user. (*is applet *andles4
"ispla/ing appropriate 2enus processing user responses.
,ending and receiving transaction 2essages.
0ncr/pting and decr/pting sensitive in#or2ation.
Managing transaction securit/ and con#identialit/.
Dsing 21Banking ,o#t'are t*e e##ectiveness o# Bank7 bank e2plo/ees and 21Banking
so#t'are users can be developed. (*e 21Banking so#t'are provides no. o# 'a/s #or being
connecting to t*e Bank. (*ese 'a/s includes "eposit7 'it*dra'7 pa/2ents o# bills7 balance
c*ecking and 2obile rec*arge t*roug* t*e use o# 2obile p*ones.
(*e co2plete overvie' o# t*e s/ste2 is as s*o'n in t*e overvie' diagra2 belo'4
(*e 'eb pages 5G?(M@AF,P6 are present to provide t*e user inter#ace on user side.
Co22unication bet'een client and server is provided t*roug* ?((PA?((P, protocols.
(*e client ,o#t'are is to provide t*e user inter#ace on s/ste2 user client side and #or
t*is (CPA.P protocols are used.
On t*e server side 'eb server is #or 0FB and database server is #or storing t*e
in#or2ation.
2.2 +et'ork Con#iguration 4
Mobile Banking7 an operator can provide t*e service to subscribers t*at *ave bank
accounts 'it* di##erent #inancial institutions. A bank can also c*oose to 'ork 'it* several
operators7 to provide 2obile banking services to its custo2ers7 independentl/ o# t*eir 2obile
service provider. .t is also possible #or several banks 'it* lig*t 2obile banking tra##ic to s*are a
%ank Secure ,lat&or#.
(*e ,.M card sends Mobile Banking re3uests using ,M, 5,H( protocol6 2essages.
O,: translates t*ese 2essages into ?((P re3uests be#ore sending t*e2 to
t*e %MS 5Business Mediation ,erver6.
(*e %MS 5Bank ,ecure Plat#or26 #or'ards t*e ?((P re3uests to t*e B,P o#
t*e selected bank.
(*e B,P interacts 'it* t*e ?,M #or t*e cr/ptograp*ic operations.
(*e B,P co22unicates 'it* t*e bankEs s/ste2s7 possibl/ t*roug* an adaptor7
using a series o# 'eb services.
(*e bank s/ste2 5or adaptor6 responds.
B,P cip*ers t*e necessar/ in#or2ation 5using t*e ?,M6 be#ore proceeding.
(*e B,P #or'ards and #or2ats t*e response and t*en sends it to t*e BM,
(*e BM, sends t*e response to t*e O,:.
O,: co2piles t*e response and sends it to t*e ,.M using t*e ,M, c*annel.
2.3 ,o#t'are #eatures4
8it* Mobile Banking 2obile users can per#or2 t*e #ollo'ing banking
operations4
,ubscribe to t*e 2obile banking service at t*eir #inancial institution7
and cancel t*eir subscription at an/ ti2e.
Add or re2ove a bank account #ro2 a list o# available accounts
2anaged t*roug* 2obile banking.
,i2ulate transactions in order to tr/ t*e s/ste2.
=eri#/ t*e balance o# t*eir bank accounts.
=ie' t*e 2ost recent transactions on t*eir bank accounts.
accounts 2anaged t*roug* 2obile banking.
Appl/ #or and pa/ o## a credit line.
C*eck t*e a2ount o# credit available on t*eir credit cards.
Obtain cas* advances on t*eir credit cards.
C*eck t*e balance o# t*eir credit card accounts.
Pa/ t*eir credit card accounts.
%ec*arge t*eir pre1paid 2obile accounts.
Pa/ utilit/ bills7 suc* as electricit/7 .nternet and 2obile subscriptions7 or an/
ot*er bill t*at can be registered 'it* t*e #inancial institution.
Pa/ ot*er services t*roug* re#erence nu2bers #ound on t*e bills.
2.! ,ervice Overvie'4
Mobile Banking provides 2obile users 'it* eas/ and secure access to #inancial operations
#ro2 t*eir 2obile p*ones 2! *ours a da/7 $ da/s a 'eek. 8*et*er t*e/ need to pa/ a bill '*ile
a'a/ #ro2 *o2e7 to c*eck t*eir account balance at t*e super2arket7 to trans#er #unds on t*e
'a/ to t*e airport7 to rec*arge t*eir prepaid
2obile subscription account be#ore going to t*e beac* or to obtain credit online #or t*at ne'
(=7 2obile users can pick up t*e p*one and carr/ out t*e desired transaction b/ *itting a #e'
ke/s. (*e/ si2pl/ need to bro'se user1#riendl/ 2enus and respond
to service pro2pts. (*e in#or2ation t*e/ need to enter *as been scaled do'n to a 2ini2u27 in
order to si2pli#/ t*e use o# t*e application. (*is in#or2ation 2ainl/ consists o# t*eir P.+ and
t*e a2ount o# 2one/ involved in t*e transaction. A 2essage su22ari>ing t*e userEs re3uest is
t*en sent to t*e selected #inancial institution7 '*ere t*e re3uest is processed. (*e result is
displa/ed on t*e userEs 2obile screen 'it*in
seconds.
2.5 Bene#its4
Mobile p*one operators and #inancial institutions 'ill bene#it #ro2 using Mobile Banking to o##er
2obile #inancial services to t*eir custo2ers7 '*et*er t*e/ operate in saturated 2arkets '*ere
co2petition is tig*t and service di##erentiation is ke/ to attracting and retaining custo2ers7 or in
re2ote areas in need o# cost1e##ective #inancial services.
%ene&its &or Mobile Operators
8it* Mobile Banking7 operators can e;pand t*eir services port#olio7 pro2ote t*eir brands and
create strategic 2arketing di##erentiation 1 attracting ne' custo2ers.
,ubscribers '*o use 2obile #inancial services begin to rel/ on t*e27 2aking t*e2 a
di##erentiating #actor #or t*e operator. As a result7 Mobile Banking strengt*ens custo2er lo/alt/
and reduces c*urn and attrition rates. Mobile Banking increases operator revenue b/ boosting
tra##ic and providing subscribers 'it* instant access to airti2e purc*ase4 'it* #inancial services
at t*eir #ingertips7 2obile users 'ill rec*arge t*eir prepaid accounts 2ore readil/ and use t*eir
2obile p*ones to pa/ bills or c*eck t*eir account balance. (*anks to t*e ubi3uit/ and *ig*
penetration o# t*e 2obile device7 2obile operators are uni3uel/ positioned to pla/ an i2portant
role in t*e e;panding 2obile 2one/ trans#er and 2obile pa/2ents 2arkets.
%ene&its &or =inancial Institutions
Mobile Banking allo's #inancial institutions to en*ance custo2er satis#action and retention b/
o##ering ne'7 better services '*ile gaining a direct 2arketing c*annel #or t*eir products and
services7 '*ic* can be tailored to t*e speci#ic needs o# custo2ers. At t*e sa2e ti2e7 t*e/
attract ne' custo2ers to t*e one$on$ one bank$custo#er relations9ip. As access to 2obile
p*ones gro's 'orld'ide7 so does t*e opportunit/ to attract 2ore custo2ers and e;tend t*e
reac* o# #inancial services. B/ turning 2obile p*ones into t*eir bankEs A(Ms7 #inancial
institutions gain access to ne' 2arkets7 di##erent #ro2 t*ose traditionall/ served b/ t*eir
p*/sical branc*es. Access to banking services at an/ti2e and #ro2 an/'*ere also generates
revenue t*roug* *ig*er service usage7 and reduces operating e;penses because o# #e'er
direct teller interactions7 '*ile 2aintaining or i2proving t*e level o# service. -inancial
institutions gain anot*er i2portant bene#it b/ adding Mobile Banking to t*eir e;isting c*annels.
(*e/ 'ill be 'it* t*eir custo2ers at all ti2es7 read/ to *elp t*e27 to rec*arge a pre1paid 2obile
p*one
on a ,aturda/ nig*t7 to get a ne' MP3 pla/er via online credit #unds7 to pa/ a #orgotten bill
a#ter leaving #or a vacation7 t*e bank is ever/'*ere7 all t*e ti2e.
%ene&its &or t9e End <ser
(*e 2obile banking application4
Provides state o# t*e art securit/
%e3uires no con#iguration
.s readil/ available
.s lo' cost 5no data connection6 itEs resides on t*e ,.M7 t*e bro'sing is local.
.s device independent7 supported on A@@ p*ones #ro2 lo' to *ig*1end

2. .nter#aces and Protocols4
Mobile Banking co2ponents use standard protocols and inter#aces to e;c*ange in#or2ation
and to co22unicate 'it* ot*er net'ork ele2ents and bank s/ste2s7 t*us #acilitating t*e
integration o# Mobile Banking into t*e e;isting in#rastructure. A *ig*1level vie' o# t*e protocols
used to e;c*ange 2essages bet'een di##erent 2obile banking operator and bank co2ponents
to process a re3uest '*ic* is as #ollo's4
(*e ,.M card sends Mobile Banking re3uests using ,M, 5,H( protocol6 2essages.
O,: translates t*ese 2essages into ?((P re3uests be#ore sending t*e2 to t*e BM,.
(*e BM, #or'ards t*e ?((P re3uests to t*e B,P o# t*e selected bank.
(*e B,P interacts 'it* t*e ?,M #or t*e cr/ptograp*ic operations.
(*e B,P co22unicates 'it* t*e bankEs s/ste2s7 possibl/ t*roug* an adaptor7 using
a series o# 'eb services.
(*e bank s/ste2 5or adaptor6 responds.
B,P cip*ers t*e necessar/ in#or2ation 5using t*e ?,M6 be#ore proceeding.
(*e B,P #or'ards and #or2ats t*e response and t*en sends it to t*e BM,.
(*e BM, sends t*e response to t*e O,:.
O,: co2piles t*e response and sends it to t*e ,.M using t*e ,M, c*annel.
3. ,ecurit/7 operation and Maintenance4
3.1 Scalability
Mobile Banking is scalable t*roug* *ard'are clustering. (o increase t*roug*put7 bot* BM,
and B,P can 5independentl/6 be installed in clusters 'it* a clustering engine distributing t*e
tra##ic a2ong several servers.
3.2 End$to$end Security
,ince 2obile banking transactions can be initiated #ro2 al2ost an/'*ere and transaction
details are trans2itted over unprotected net'orks7 securit/ poses t*e biggest c*allenge in
developing a success#ul solution and is likel/ to be a 2ake1it1or1break1it #actor #or 2obile
banking. 8e takes securit/ issues and concerns seriousl/. As long1ti2e leader in digital
securit/7 'e uses t*e state1o#1t*e1art securit/ tec*nolog/ to secure 2obile applications. (*e
Mobile Banking solution addresses t*e re3uire2ents o# data con#identialit/7 strong user
aut*entication7 data integrit/ as 'ell as non1repudiation7 and con#or2s to relevant standards
5suc* as PC. ",,6 establis*ed b/ #inancial organi>ations and govern2ent bodies to prevent
#raud and ot*er securit/
t*reats.
3.3 ,ecurit/ and Con#identialit/ o# .n#or2ation4
(*e Mobile Banking solution provides end1to1end securit/ and con#identialit/ o# data b/
cip*ering in#or2ation in t*e ,.M #or secure trans#er over t*e 2obile p*one7 t*e :,M net'ork7
t*e operatorEs in#rastructure and t*e connection to t*e #inancial institution. (*e in#or2ation
entered b/ t*e user is collected and encr/pted b/ t*e applet residing in t*e ta2per1proo# ,.M
card.

-or t*e *ig*est level o# securit/7 sensitive data7 suc* as P.+ and transaction details are never
stored in t*e ,.M card or t*e plat#or2. All custo2er and #inancial in#or2ation is kept e;clusivel/
at t*e bank7 '*ic* also *as t*e sole control over t*e cr/ptograp*ic ke/s used to secure
#inancial transactions.
3.! ,trong 21-actor Aut*entication4
Bank custo2ers 2ust be sure t*at no one can 2ake transactions on t*eir
be*al#7 and banks 2ust be able to veri#/ t*at custo2ers are indeed '*o
t*e/ clai2 to be. 8e respond to t*is re3uire2ent 'it* strong t'o #actor
aut*entication.
-it9 Mobile %ankin"
Dsers are re3uired to identi#/ t*e2selves to t*e bank 'it* a Mobile Banking P.+ t*at protects
access to #inancial in#or2ation and transactions. ,ecret ke/s onl/ kno'n to t*e ,.M card and
t*e bank are used to encr/pt and sign transaction data7 #urt*er proving t*e identit/ o# t*e user.
3.> Data Interity
,ince data is digitall/ signed7 an/ atte2pt to 2anipulate it 'ill be detected because t*e
signature 'ill no longer correspond to t*e signed 2essage.
3.? Non$repudiation
.n t*e conte;t o# 2obile banking7 non1repudiation re#ers to aut*enticating t*e custo2er and t*e
#inancial institution participating in a #inancial transaction 'it* *ig* degree o# certaint/ so t*at
t*e parties cannot later den/ *aving per#or2ed t*e transaction. (o ensure non1repudiation7 a
proo# 2ust be generated to s*o' t*at t*e transaction 'as per#or2ed b/ t*at part/. Mobile
Banking addresses t*is re3uire2ent t*roug* t*e use o#4
A user P.+ kno'n onl/ to t*e user and protected b/ encr/ption
A transaction con#ir2ation code sent b/ t*e bank
A transaction log t*at records t*e details o# ever/ transaction.
3.4 2ryptorap9ic Operations
All sensitive data is encr/pted 'it* double lengt* 3"0, 512)bit6 ke/s. .n addition7 transactional
securit/ standards suc* as "erived Dni3ue Ie/ per (ransaction 5"DIP(67 s*ort1lived
transactional conte;ts and ke/ roles are used #or added protection o# #inancial transactions.
(*e cr/ptograp*ic #unctions7 including ke/ 2anage2ent7 are per#or2ed using t*e 2ost #raud1
resistant *ard'are solution7 '*ic* personali>es t*e ?,M #or Mobile Banking. (*e selected
?,M7 (*ales ?,M )0007 is certi#ied as co2pl/ing 'it* t*e 2ost stringent securit/ standard4
-.P, 1!012 @evel 3.
3.) (ransaction #lo'4
A 2obile banking transaction is initiated b/ t*e 2obile user and is co2pleted '*en t*e result is
displa/ed on t*e userEs p*one. (*e #ollo'ing e;a2ple s*o's t*e co22unication #lo' #or an
account balance re3uest.
A custo2er bro'ses Mobile Banking pages on t*e 2obile p*one and re3uests an
account balance #ro2 t*e bank b/ selecting t*e account and entering t*e P.+ to
con#ir2 t*e transaction.
(*e re3uest is encr/pted and signed in t*e ,.M and sent to t*e BM, via t*e 2obile
operatorEs net'ork t*roug* t*e ,M,C and t*e ,H( :ate'a/.
(*e BM, co22unicates 'it* t*e B,P at t*e bank.
(*e B,P decr/pts in#or2ation related to t*e transaction 5t*e account67 translates t*e
P.+7 translates t*e re3uest and sends it to t*e bank s/ste2 #or processing.
8*en t*e B,P obtains t*e re3uested in#or2ation it sends t*e response back to t*e
BM,.
(*e BM, sends t*e response to t*e ,H( gate'a/ '*ic* #or2ats and #or'ards it to t*e
,.M card in t*e 2obile p*one.
(*e response is decr/pted in t*e ,.M card and presented to t*e user.
(*e 2obile user sees t*e result o# *er or *is re3uest on t*e p*one displa/.
3.@ Operatin Syste# (e)uire#ents
(*e Mobile Banking plat#or2 so#t'are runs on standard D+.G or @inu; servers #reeing t*e
operator and t*e #inancial institution #ro2 t*e *ig* cost o# purc*asing and 2aintaining
proprietar/ operating s/ste2s. .t can also be used on Microso#t 8indo's $AGP7 Opera7 Mo>illa
-ire#o; and :oogle c*ro2e.
3.10 Operation and Maintenance4
(*e Mobile Banking plat#or2 re3uires 2ini2al 2aintenance7 2ostl/ consisting o# veri#/ing
s/ste2 logs regularl/. (*e 2aintenance o# t*e plat#or2 servers7 t*e %"BM, and t*e ?,M is
as speci#ied b/ t*e 2anu#acturers o# t*ose products.
Mobile 6ccount Manae#ent
(*e standard version o# Mobile Banking does not include an/ 2obile account 2anage2ent or
billing #unctionalit/7 since di##erent operators and banks use di##erent account 2anage2ent
2et*ods and7 o#ten7 proprietar/ bill ing s/ste2s. Mobile Banking does *o'ever allo' t*e
operator to con#igure t*e BM, 'it* (P"A codes #or billable and
non1billable ,M, 2essages. Additionall/7 'e can develop custo2 2obile account
2anage2ent #unctionalities tailored to t*e needs o# #inancial institutions or operators.
Storae o& <ser In&or#ation
All t*e banking records are kept in t*e #inancial institutionEs s/ste2s7 outside o# Mobile
Banking. ?o'ever7 t*e Mobile Banking application needs custo2er in#or2ation suc* as t*e
M,.,"+7 .CC1."7 client and operator ." re3uired b/ t*e B,P to process 2obile transactions.
(*is data is stored in a relational database o'ned b/ t*e #inancial institution. Mobile Banking
re3uires a speci#ic %"BM,7 but its ad2inistration is le#t to t*e #inancial institution.