Paper for ICCIT 2010
-
Upload
jakia-khanom -
Category
Documents
-
view
219 -
download
0
Transcript of Paper for ICCIT 2010
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 1/12
A Simple and Secure Banking Solution through
M-Wallet in context of Bangladesh
Abstract
Now-a-days billions of inhabitants of Bangladesh are connected through mobile networks. But the
commercial sectors like banking, insurance and share markets have yet not been adopted broadly in m-
commerce technology. A limited number of banks provide some sms banking facilities to their clients. In
this paper, an m-banking system is proposed through m-wallet service. The proposed system, m-wallet
means mobile wallet i.e. electronic wallet in mobile phone. This proposed wallet system provides different
types of banking services such as checking statements, summary of different accounts like current
account, card account, deposit account, loan account, utility bill account, micro payment, fund transfer,
bill payment, blocking cards, location based service, general information services and different types of
alerts to its user. The proposed system has integrated various services of different banks in a single
platform. Using this proposed wallet system; user can access their multiple bank accounts easily and
securely. Another objective of this paper is ensuring security in m-banking transactions through m-wallet.
Index terms: M-banking, M-wallet, E-banking, WAP banking, SMS banking, micro payment.
I. INTRODUCTION
Mobile banking (M-Banking) is a term used for performing balance checks, account transactions,
payments etc. via a mobile device such as a mobile phone [5]. On the other hand wallet is a pocket case
that generally made of leather which is used to keep money, credit cards, debit cards etc [13]. So mobile
wallet also known as m-wallet is an electronic wallet by which user can access their bank accounts, see the
statements, pay utility bills, micro payment, fund transfer and so on. This is one kind of m-banking where
user can enjoy m-banking services of different banks in single wallet. This m-wallet system is proposed
both in SMS and WAP because the physical world gradually becomes more and more integrated due to
the vast development of information and communication technologies. In Bangladesh the numbers of
GSM mobile subscribers are 58.36 million at the end of May 2010 while the number was 46.41 million at
the end of May 2009 [11]. In our country, not only the price of mobile sets gradually decreases but also
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 2/12
the cellular operators are providing an acceptable call rate to the subscribers. Even in rural and Chittagong
Hill Tract areas, the mobile network coverage has been made available. Day by day people accepts mobile
not only their communication device but also an information transfer media which is highly necessary for
their livelihood [1]. The price of both SMS and WAP (Per Kbytes) become cheaper than past. Now a day
every mobile operator provides WAP services to their clients at cheaper rate which was completely
unbelievable few years ago. Mobile internet takes an important part among the mobile users. Now
everybody can easily browse the whole world using their mobile phone. On the other hand, most of the
developed foreign countries have already implemented the m-banking system successfully. By this, their
people can easily check their different bank accounts, fund transfer from one to another account, credit
transfer, bill payment, buy tickets in bus, train and airlines, book hotels and also enjoy so many services
[10]. Now it’s our turn to serve our people through m-wallet.
II. EXISTING SYSTEM
In Bangladesh, several private banks have introduced the facilities of online banking, phone banking and
at last SMS banking with too limited services. For example, Standard Chattered Bank Ltd, IFIC Bank Ltd,
Islamic Bank Ltd provides informative services to their clients [2]. These systems are built according to
Bank-focused business model where specific bank provides account related informative services. No
transactional service is included yet. All services are given via SMS. In 2008, a paper based on sms based
m-banking was published in ICCIT [2]. At first that model tries to implement the real time system using
mobile phone modem that is not the permanent solution for m-banking because mobile phones that
include GSM modem can’t give the long run service. A GSM modem can handle maximum 6 sms per
minute. So the system will be collapsed when more and more service requests come per minute and
modem fails to deliver services to the users. The architecture given on that model is impractical due to
several reasons. First, the overall architecture has no layers. Though it follows server-client architecture,
the application server of the system is in one PC. As a result there is no load balancing and system will
become slow in handling huge amount client requests. Second, the registration process that the model
offered was not secured because user sends their account number and password via SMS for registration
and this SMS is saved in the sim and mobile phone. If the password is registered and user forgets to
remove the sms from both sim and mobile phone then user’s password will easily be hacked, which is
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 3/12
very much harmful specially for balance transfer and other short banking transactions. Third, the request
which is sent to the server is not encrypted so in the transmission media, there is a chance of hacking data.
Fourth, for registration that model proposed account number but not specify the account type and the
system only checks the validity of the account number. As a result if any user has different types of
account such as current, deposit, loan, card, utility bill accounts and user sends registration requests from
different mobile number using his different types of account numbers then there will be a possibility of
multiplicity of user under single account holder. Fifth, in that proposed model, when user sends account
number and password to the bank server for registration, the bank server only validates the account
number but doesn’t validate mobile number from where the request has been sent, either this mobile
number is owed by the user or not. As a result, if user claims that the registered mobile number for m-
banking services isn’t owed by him or any other different cases then bank will fall in trouble. Sixth, user
creates their password in the registration module of that model, but no exception handling was described
when the sender password was already exists or created by another user. Mass users are non-IT people and
they have very limited knowledge in creating secure and strong password. Other side for banking system
needs secure and strong password. As a result users generally create ordinary passwords which are
common among the users and password already exists exception occurs that makes user bored and
dismays the user in using m-banking system. Finally, that registration module needs only account number
and password which are very much insufficient for secure m-banking registration and the major bug in
that registration module is one people can register another people account.
Users can’t access multiple bank accounts using the existing system. If any user has multiple bank
accounts and wants to get m-banking services of those banks then user has to register separately in those
banks for service and also pays fees separately for them. Banks deliver pin numbers to users. It’s difficult
for him to maintain multiple pin numbers. User also feels hazard to use m-banking services. Considering
these issues, the proposed m-wallet based m-banking system tries to solve mentioned problems, integrate
m-banking services of different banks, reduces customer’s hesitation, ensures banking transaction’s
security and improves customer’s satisfaction.
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 4/12
III. PROPOSED SYSTEM
The proposed m-wallet system follows Non-bank-led business model where bank does not come into the
focus and the telecommunication company come to the front to the client’s and provides different m-
banking services. So that mobile users can access multiple banks from single system using single gateway.
This will improve user friendliness and satisfaction. Users don’t get bored and also get much pleasure
using the proposed m-wallet system. The proposed wallet system will be implemented between
telecommunication company and banks. Here the telecom company provides the proposed m-wallet
services with the help of banks where banks stay on back end of the proposed system. At first it is
suggested that, telecom company and banks come under an agreement that they want to deliver their m-
banking services through telecom company using the proposed m-wallet service which will be an
important customer service among any other customer services such as voice service, sms service, group
sms, phonebook, chat etc. As a result the m-banking services are integrated into one wallet and user can
easily access their multiple bank accounts. Then user, who wants to enjoy this service, has to register
himself in the telecom company’s official web site. In the web site, there will be a menu for proposed m-
wallet system where a registration form exists for user registration. The m-wallet services will be available
in both SMS and WAP. It is proposed WAP service with SMS because now WAP is cheaper than SMS
and SMS has some limitations such as one SMS contains only 160 characters which price may be 50 paisa
to 1 taka in some cases. On the other hand, 1 Kbytes contains 986 characters that price is only 2 paisa and
maximum mobile operators of Bangladesh now deliver WAP service to their customers. So it’s possible to
provide more information using WAP than SMS. The proposed m-wallet system is designed according to
three-tire server-client architecture so that there is equal load balance among the layers. The proposed
system architecture is given in Figure: 1. In this proposed architecture there are three layers. The proposed
system architecture is described bellow:
(A) Data Storage:
Data Storage is one of the most important modules of the proposed m-wallet system. This module
describes how to store and retrieve data from data storage. Data storage module has three parts. They are:
(i) Main Database:
Main database is the bank’s central database which contains its all customers detail personal and account
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 5/12
information.
(ii) Proxy Database:
Proxy database is the miniature of the main database that is maintained by the telecom company. In the
Figure 1: Proposed system architecture
proposed system, proxy database is proposed because it protects and hides the main database form the
whole system. As a result the main database is totally saved from unpleasant accidents.
(iii) Data Transfer Application:
Data transfer application is an application part of data storage module which is used to create high speed
communication link among telecom’s proxy database and main databases of different banks. When any
change occurs in any bank’s database then data transmission application upgrades the proxy database with
necessary information and vice versa.
(B) Data Access Layer:
In the proposed system, data access layer is known as data web service server. It is called data web service
server because web service technology is used in this layer. Data web service server has connections with
proxy database and business logic layer which is known as m-banking server in the proposed m-wallet
system. Only data web service server can communicates with database. When requests come from m-
banking server, data web service server sends them to the proxy database. Then proxy database process
the queries and sends the query results to the data web service server. Next, data web service server
delivers result set to the business logic layer that is known as m-banking server.
(C) Business Logic Layer:
In the proposed system, business logic layer is known as m-banking server that handles requests of clients
and gives appropriate responses to clients. It has generally three parts. First one is SMS handler that
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 6/12
handles SMS requests, second is WAP handler that handles WAP requests and the third part is m-wallet
service (web part) that is included in the telecom company’s official website.
(D) Presentation Layer:
Presentation layer of the proposed m-wallet system is in client’s mobile phone as one of service items of
telecom company. This service will be activated only and only after valid proposed m-wallet system
registration.
In the proposed system architecture, it is suggested that the presentation layer, m-banking server, data web
service server and proxy database are maintained by telecom company and data transfer application and
main database are maintained by banks.
The proposed features for the proposed m-wallet system are checking current account statement, checking
card account statement, blocking stolen or lost cards, checking deposit account statement, viewing deposit
and withdraw rules, checking loan account statement, viewing loan rules, micro payment, fund transfer,
checking utility bill account statement, utility bill payment, location based service, providing general
information and alert on account activity. Here, micro payment means the transfer of money from
someone’s one type of account to another type of account such as transfer money from one’s current
account to his card account or deposit account or loan account and fund transfer means transfer an amount
of money from one’s current account to another’s current account within same bank or among different
banks.
To enjoy the proposed m-wallet system from user’s mobile phone, user has to register himself as proposed
m-wallet system account holder. The proposed registration form for account holder registration of the
proposed m-wallet system is given in the Figure: 2. At first, user must open the telecom company’s
official web site whom provides m-banking services using proposed m-wallet system. Then user will find
an option named “m-wallet” in the menu. Then user will go in the mentioned option and there user will
find a registration form for the account holder of the proposed system. In the registration form, user will
enter his mobile number of this telecom operator for enjoying the m-banking service. Then user will enter
his national id card number. It is proposed to give user’s only national id card number than passport
number or driving license number because both now a days banks and telecomm company have their
clients national id card numbers as primary keys. There is another reason of proposing it is to increase the
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 7/12
realization of importance of national id card among Bangladeshi people. Passport number or driving
license number can be proposed but they can’t be done because some people have either passport or
driving license or both. As a result they equalize these with national id card and give same priority but
Figure 2: Proposed registration form for m-wallet system
national id card has more higher priority than these. In fact, national id card is the unique id of the citizen
of Bangladesh and it is badly needed for doing anything such as for making passport, driving license,
opening bank account, buying sim card from telecom operator etc. So any other number like passport
number or driving license number lies under national id number. In future, Bangladesh government is
going to make a citizen database. As a result one can get his detail information using national id card
number. Next user will enter his valid email address, select banks from list and enter account type and
number. Then he will enter security question and answer. After submitting the registration form, the server
will check his national id card number either it exists in their client list or not, his mobile number either
the mobile number is his registered sim under the national id card number or not, either the national id
card number holder is already a m-wallet account holder or not using this mobile number or other mobile
numbers. If invalid, the registration process will be stopped and server will send an invalid notification to
the user. If valid then server will validate his email address, check his banking information under his
national id card number with the help of banks. If valid then server will register the user as proposed m-
wallet service account holder and send him positive notification and his pin number. Otherwise server will
send him negative notification.
3.1 Security Issues of Proposed System
In the proposed system, it is tried to ensure better security than any other proposed system. Now the
security issues of the proposed system are discussed layer by layer.
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 8/12
At first the discussion is started from presentation layer. In the presentation layer, an application will be
developed which is included in the telecom company’s service option. For proposed SMS services, when
user will send request to the server, the request will be encrypted and no request will save in user’s mobile
phone inbox and the responses that will come from the server also encrypted which will be decrypted by
the application and display it to the user. For proposed WAP services, every security techniques that are
used for internet security are used in the proposed m-wallet system.
In the business logic layer, the information will exchange securely with data access layer and presentation
layer. The information that will come from the presentation layer will encrypted that will be decrypted
later and send information to the data access layer as WSDL(Web Service Definition Language) which is
in XML binding format using secured SOAP protocol and vise versa. It is the web service client.
In the data access layer, information that will come from business logic layer in XML format via SOAP
protocol. It is the web service provider. SOAP protocol is proposed to use because SOAP protocol uses
XML encryption, digital signature and certificates [6].
In the data storage module, proxy database is used for best database security because it protects query
injection, can filter queries coming from client end, can balance load among servers [4].
In every real time server has data failover protection. For this providers maintain primary server and
secondary server in case of data and system failover. So the proposed system will be safe in case of data or
system failure. For fund transfer process, the proposed system checks the money laundering rules of
Bangladesh.
IV. IMPLEMENTATION
The proposed system has some algorithms for different services. Among them, the algorithm of fund
transfer from one current account to another current account in same bank is given bellow:
1. User sends a request for fund transfer that contains request code, bank id, pin number, person 1 current
account number, person 2 current account number, transferable amount.
2. System receives the request and start processing for giving response.
3. System checks the whole request either it is in valid format or not and either it contains all necessary
parameters that is required for request processing.
4. If the request is invalid, system sends an error message to the user.
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 9/12
5. Otherwise, system then checks bank id and pin number.
6. If any of them (bank id or pin number) is invalid, system sends an error message to the user.
7. Otherwise, system checks the pin number either it is active or not.
8. If the pin number is inactive, system sends an error message to the user.
9. Otherwise, system checks both person 1’s current account number and person 2’s current account
number either they are valid or not.
10. If any of them is invalid, then system sends an error message to the user.
11. Otherwise, system checks both person 1’s current account number and person 2’s current account
number are active or not.
12. If any of them is inactive then system sends an error message to the user.
13. Otherwise, system checks the current balance in person 1’s current account either it is sufficient for
transfer.
14. If not sufficient, system sends an error message to the user,
15. Otherwise, then system checks the minimum and maximum transfer limit for person 1’s current
account.
16. If out of transfer limit, then system sends an error message to the user.
17. Otherwise system transfers the transferable amount from person 1’s current account to person 2’s
current account.
18. Then system notifies both person 1and person 2 that the transferable amount is successfully transferred
and request to check their current account statement.
In the proposed system, for proxy database part in the data storage module, MySQL and it’s proxy
features are used. A base engine for m-banking services using store procedures is made. A stored
procedure is a procedure that is stored in the database. A stored procedure is fast and is a proven
technology. Stored procedures are portable [3]. MySQL Proxy is a binary application standing between
one or more MySQL clients and a server [4].
In the data access layer, the database web service using SOAP protocol is used. A Data Access Layer
(DAL) is a layer of a computer program which provides simplified access to data stored in persistent
storage of some kind, such as an entity-relational database and a Web Service is a software component
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 10/12
that is described via WSDL and is capable of being accessed via standard network protocols. It can be
accessible through a web server that provides functionality through a standardized set of interfaces.
In the business logic layer different business logics and policies are applied in the system. In the business
logic layer a sms api named SMSLib [9] is used for sending and receiving sms. A GSM modem named
MobiData is used for SMS services. It is used only for testing not for real time use. SMPP (Short
Messaging Peer to Peer) protocol is proposed for SMS services in the proposed m-wallet system.
In the presentation layer, J2ME is used to develop a secured mobile application for proposed m-wallet
system that is used by the m-wallet account holders. The graphical user interface of the proposed m-wallet
given in Figure: 3. In Figure: 3, there is a list of telecom company’s services. The proposed m-wallet
service from the telecom company will be enabled after proper registration.
Figure 3: Service list of Telecom Company
Using the proposed m-wallet, the graphical user interfaces of checking current account history are given
from Figure: 4(a) to Figure: 4(f). In the Figure: 4(a), there are options for selecting type of service media
(sms or wap). After selecting the type e.g sms, the user interface given in Figure: 4(b) will appear. There is
a list of banking services. In Figure: 4(c) there is a list of account types. For checking current account,
user has to select the current account from the list given in Figure: 4(c). After selecting current account, a
form will be displayed that is given in Figure: 4(d). User will fill the form and send it to the server. The
sending process is shown in Figure: 4(e). After that, server delivers his/her current account mini statement
and the statement is given in Figure: 4(f).
Figure 4(a): Front page Figure 4(b): List of services Figure 4(c): List of account types
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 11/12
Figure 4(d): Form of checking Figure 4(e): Sending request Figure 4(f): Mini statement of current account statement current account
4.1 Experimental Results & Comparative Study
The proposed system has been tested layer by layer. The success and failure rate of each layer is given in
Table I where as the success and failure rate of previously proposed sms based m-banking system is given
in Table II [2]. The success rate and failure rate are measured using the following equations:
Success Rate = (Total no of Success / Total no of sample input)*100) %
Failure Rate = (100 – Success Rate) %
Accuracy Rate = (100 – Failure Rate) %
From Table I and Table II, it is seen that the average success rate of the proposed m-wallet system is
97.10% where the success rate of the previously proposed sms based m-banking system is 93.18%. The
success rates of every layer of the proposed m-wallet system are also higher than the success rates of
every module of the previously proposed sms based m-banking system.
TABLE I: Success and Failure Rate of M-Wallet system
TABLE II: Success and Failure Rate of SMS based m-banking system
Modules Success Rate Failure Rate
Interfacing Module 90.78 % 9.22 %
SMS Technology Adoption 91.58 % 8.42 %
SMS Banking Registration Module 95.89 % 4.11 %Service Generation Module 94.66 % 5.34 %
Data Failover Module 93% 7%
Average 93.18 % 6.82 %
V. CONCLUSION Though SMS banking in Bangladesh has just been started but this telecom integration with banking is not
yet in full motion. So in this paper, an idea is discussed to develop a secured SMS and WAP based mobile
Layers Success Rate Failure Rate
Data Storage 96.55 % 3.45 %
Data Web service Server 97.48 % 2.52 %
M-Banking Server 96.97 % 3.03 %
Presentation Layer 97.39 % 2.61 %
Average 97.10 % 2.90 %
8/3/2019 Paper for ICCIT 2010
http://slidepdf.com/reader/full/paper-for-iccit-2010 12/12
banking system for 24 hours banking, which helps customers stay on top of any recent changes made in
their current, deposit, loan, cards, utility bill account through SMS and WAP. One of most attractive
feature of the proposed m-wallet system is that user can access their multiple bank accounts, securely
transfer money from one account to another of same bank without attending the bank physically and also
securely transfer fund form one’s current account to another of same bank and different banks. The
limitation of the proposed m-wallet is the network speed between the data transfer application and proxy
database and it will be overcome properly by implementing data mining techniques efficiently.
REFERENCES
[1] Md. Mahfuz Ashraf, Shusmita Haque, “Short messaging service as a Business to Customer marketing
tool: A proposed model in context of Bangladesh”, ICCIT-2005, IUT, Dhaka, Pages 1202-1207.
[2] Md. Subrun Jamil, Fouzia Ashraf Mousumi1, “Short Messaging Service (SMS) Based m-Banking
System in context of Bangladesh”, ICCIT-2008, KUET, Khulna, Bangladesh.
[3] Peter Gulutzan, “MySQL 5.0 Stored Procedures, MySQL 5.0 New Features Series – Part 1”, A
MySQL® Technical White Paper, March 2005
[4] Giuseppe Maxia, “Getting Started with MySQL Proxy”, 7th
December 2007
[5] Mobile banking, available at: http://en.wikipedia.org/wiki/M-banking, accessed on: 16th
January, 2010
[6] “Real SOAP Security” by Matt Powell, Microsoft Corporation, 21st November 2001, available at:
http://msdn.microsoft.com/en- us/library/aa480522.aspx accessed on: 19th February, 2010
[7] “Exposing a Database as a Web Service”, available at: http://www.developer.com
[8] SMS Tutorial, available at http://www.developershome.com /sms, accessed on: 21st
February, 2010
[9] SMS API for java platform, available at: http://www.smslib.org accessed on: 21st February, 2010
[10] Existing foreign services, available at: http://www.c-sam.com, accessed on: 21st
February, 2010
[11] Mobile Phone Subscribers in Bangladesh, available at:
http://www.btrc.gov.bd/newsandevents/mobile_phonesubscribers , accessed on: 19th
May, 2010
[12] Grameenphone internet packages, available at: http://www.grameenphone.com /index.php?id=227,
accessed on: 7th
April, 2010
[13] Wallet from Wikipedia, the free encyclopedia, available at: http://en.wikipedia.org/wiki/Wallet,
accessed on: 7th
April, 2010