Post on 11-Jan-2016
African Banking Technology Conference
3 April 2008
Nairobi - Kenya
Patrick Mburu
Director, ATS - Africa
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
ATS-Africa an Overview
• Advanced Technical Solutions - Africa LTD (ATS-Africa)- Incorporated in 2006
• IT solutions company, which is formed with strategic alliances in key technological solution industries.
• We specialize in providing turnkey solutions, ranging from implementation of a top of the line mobile software solutions, network and information security systems and business consulting services
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Network & Information Security Solution
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Problem: Identity Theft
• Why Security?
• Problem: Identity Fraud
• FACT: 1. Identity Fraud = 56 billion USD in 2006
2. 12% is internet related = 7 billion USD
3. Average per victim amount is 6000 USD per year
Javelin Strategy and Research & Better Business Bureau 2006 Identity Fraud Survey Report
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Problem: Managing Multiple accounts
Trade ME
Africa Demo Bank (ABD)
HSBC
AMAZON
North-shore Council
Skype
Gmail
ANZ
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Problem: Deployment
Delivery Logistics
Maintenance, replacements
End Users support
Implementation
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
The Solution
• The Next One Time Password Generation
• Cellular Authentication Token (CAT)
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Download from the Internet
No maintenance, no replacements
End users already use Cellulars
Simple initiation
No Token Costs and no Logistics Costs, No Hidden Costs
Cellular Authentication Token – NO Deployment Problem
ABD EF5D18
ID:
OTP:
SubmitSubmit
AgolaA
EF5D18
Login
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Single CAT for Multiple Accounts
Select Site Trade Me ABD HSBC AMAZON
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Security: CAT = Maximum Security
• The Cellular is protected by PIN
• CAT is protected by CAT Password
• CAT Password not kept on Cellular
• Only encrypted verification sentence is kept on Cellular
• Encryption with the Cellular unique ID (IMEI )
• After 3 minutes shuts down
•Two Factors Authentication
What you have = Cellular token
What you know = Password
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
CAT = Maximum Security
User enters a One Time Password to login
CAT Generates OTP every 60 Seconds
Hacker can not reuse old OTP
Hacker can not predict the next OTP
Hacker will look for the CAT Password on the Cellular
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Summary
Check if user exists
Check if user enabled
Encrypt entered password
Compare with saved password
Allow access
Check if user exists
Check if user enabled
Calculate required OTP
Compare with entered OTP
Allow access
Old way CAT way
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Using the CAT
CAT System
administrator end user
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Demo: Using the CAT on a Daily basis
Using the CAT
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Using the CAT – end user
Daily login
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Using the CAT – end user
Daily login
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Using the CAT – end user
Daily login
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Using the CAT – end user
Daily login
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Using the CAT – end user
Daily login
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Using the CAT – end user
Daily login
FE7C8B
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
CAT Deployment – end user
Access granted
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
• New investigations in personal security:
• CAT 4 ATM Secure Transactions
Highlights:
Credit Card owner has to register the card for OTP
Different OTPs for different Cards
The OTP Verification is done at a server side
Server can be at the ATM company or Bank or Credit Card company
Business Model
Registered Credit Cards can make OTP Verification over Internet for eCommerce
On-Going Developments
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Enter Credit Card
1
Generate OTP 2
Enter POTP 3
ATM Software
System Authentication Server
Verify OTP
4
Update Log
Query Result
Query POTP
5
Overview of Verification Process
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Mobile Banking Solution
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
Mobile Banking
• Unlike previous services, mobile banking is a mass-market tool characterized by personalized real-time or on-demand messaging
• Mobile banking enables financial institutions to cost effectively reach their entire customer base.
• ATS-Africa’s mobile banking suite constitutes a revolution in customer service relations and communications technology between financial institutions and their clients.
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
• New Opportunities:
– Drive innovative personalized services,
– Attract new clientele
– Market to their customer base – leading to lower costs, higher revenues and greater profits
Mobile Banking
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
The Solution:
• ATS-Africa, through one of the leading providers of mobile messaging solutions for financial services, has developed a comprehensive offering enabling organizations to make the most of society’s mobile evolution.
• Our end-to-end services provides banks, credit-card companies, and insurance firms what they need to maximize the power of financially-oriented mobile messaging.
• The offering includes a robust middleware platform that serves as a gateway for managing mobile messaging for operational customer care and marketing needs
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
• Secured Connectivity Layer creates a secure IT, two-way messaging channel
• Large Account Application Gateway - A robust middleware platform that serves as a gateway for the central management of organizational messaging
• Application Suite - an array of mobile banking applications such as balance notifications, automated account alerts, fraud alert, and mobile marketing
3 Tier Architecture
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
The Solutions
• m-Query: – A service that enables authorized customers to initiate MO SMS
requests for internal personal account or external financial services data.
– Launched by sending an SMS to a short code number, the application delivers an immediate SMS response to each request.
• m-Campaign: – A service enabling financial institutions to conduct and manage
mobile marketing campaigns.– Integrated with an organization’s CRM system, the solution allows
for new product and service marketing via SMS, MMS and WAP links to an entire customer base or selected customer segments.
www.ats-africa.comwww.ats-africa.com info@ats-africa.com
• m-Enterprise: – A service that enables financial organizations to send group
messages to intra-organizational segments (e.g. branch personnel) or branch customers for updating purposes (e.g. new checkbook availability).
• M-Trade:– A service that enables customers to receive periodic SMS
notifications regarding currency exchange rates, stock exchange alerts and other updates from financial data suppliers;
The Solutions
Thank you
• www.ats-africa.com info@ats-africa.com
Info@ats-africa.com
www.ats-africa.com