Abstract
The widespread usage of new telecommunication technologies implies the demand on payment via Internet since the ’90s. First, these solutions were applied only by pioneer users, while average men still chose traditional payment methods such as payment by cash, cheque, or bank transfer. In the latest decade, the notable improvement of mobile communications allowed the provision of customized services. A new payment method has appeared which is called mobilepayment. Consequently, increasing number of banks provide access to their services via mobile equipment. Reliable network security is an essential prerequisite for the expansion of the rapidly growing world of electronic payment. Public key infrastructure (PKI) offers the capabilities needed to provide this security. Establishing trust in a wireless public key infrastructure (WPKI) is crucial for the success of applications that will exploit the opportunities created by handheld wireless devices. This trust is based on the reliability of the technology but also on a carefully implemented system of laws, policies, standards, and procedures. The development of trusted electronic transactions is motivated by legislation. The EU adopted a legislative framework to guarantee the security and acceptance of electronic signatures in 1999. The U.S. adopted legislation for the recognition of electronic signatures in national and global trade in June 2000 (Sievers, 2000). This article deals with mobile payment and mobile banking services and focuses particularly on the mobile side of the system. First, we introduce the technological background necessary for developing m-services, and we define the m-payment reference model. After that, the differences between chip-card and software based implementations will be presented. Finally, we conclude the article and summarize the main terms used in the article.
TopBackground
The Mobile Payment Forum (MPF) (2002) defines mobile-payment (m-payment) as the process of two parties exchanging financial value using a mobile device in return for goods or services. The trusted transactions of a mobile payment system are called mobile payment transactions. The main areas of use are the following:
- •
m-banking and m-payment, in case of performing banking and payment affairs;
- •
m-administration, when accomplishing administration tasks; and
- •
m-government, in case of arranging public administration affairs using the mobile electronic way.
The mobile device and the mobile network have two main roles in m-payment:
The user authentication means that a service provider determines the identity of a user (Kanniainen, 2001).
The digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures can be used for many purposes, such as authorizing a subsequent transaction or creating a signature of the user with properties fulfilling the requirements of electronic signature laws.
The user authorization means that a service provider ensures that the user has viewed and accepted a transaction contract (Kanniainen, 2001).
The technological background exists for developing services based on trusted mobile transactions. The bandwidth of the mobile channel is only a small fraction of that of the Internet, but user authentication, digital signature transfer, authorization control require low bandwidth from the mobile network. Even low-end mobile devices support WAP functionalities (Wireless Application Protocol Forum [WAP Forum], 2001c) and text message sending. Their SIM card implements SIM Application Toolkit (SAT) and supports the necessary cryptographic algorithms at chip-card level. These are essentials to implement client-side banking applications (Van der Merwe, 2003).
Key Terms in this Chapter
Digital Signature: An electronic signature based upon cryptographic methods of origin authentication. Usually it is appended to a message to assure the recipient of the authenticity and integrity of the message.
SIM (Subscriber Identity Module): The subscriber dependent part of the mobile equipment.
Mobile Payment: The process of two parties exchanging financial value using a mobile device in return for goods or services.
SAT (SIM Application Toolkit): A standard operational environment for applications stored on the SIM (and the third generation USIM).
Authentication: Proof of identity.
RFID: Abbreviation of Radio Frequency Identification, a transponder technology for the contactless recognition of objects.
PKI: The abbreviation of Public Key Infrastructure, a set of policies, processes, server platforms, software, and workstations used to administer certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.
Registration: A procedure where the account of the given services and the subscriber’s identity are coupled.
Mobile Transaction: Trusted transactions of a Mobile Payment system.
Smart-Phone: Voice centric mobile phone with information capability.