Securing Transactions

16
Tom Godber - CTO Masabi - Co-Founder MoMo Estonia

description

A presentation on the issues encountered implementing secure mobile transactions - from user acceptance to security.

Transcript of Securing Transactions

Page 1: Securing Transactions

Tom Godber- CTO Masabi- Co-Founder MoMo Estonia

Page 2: Securing Transactions
Page 3: Securing Transactions

ESTONIAN NOT ESTONIAN

Page 4: Securing Transactions

The mobile experience is about PAIN

Texting on a Moto…

Nokia moves the S60 icons in every new handset

User experience is becomingimportant

Ex-RAZR users often don‟t Moto again

But nothing is perfect, even Steve

Page 5: Securing Transactions

Good ideas are common

Good ideas which actually work aren‟t

Given handset constraints

Given real world conditions

Compared to off-mobile alternatives

Page 6: Securing Transactions

A successful service must offer a significant advantage to the user

An mPayment must be easier than cash and cards

Just because a user can do something, doesn‟t mean they will

Offer net pain relief

Page 7: Securing Transactions

User probably moving

Must be simple

Must be resilient

Has user got alternatives?

Cash

Debit/credit cards

PC

Page 8: Securing Transactions

Lots of hype (Almost) no handset support NFC already embedded on cards

Habit: you pay with a card, why use phone?

BUT: NFC on SIM may be interesting

Launched last week in Thailand

For markets without much card use…?

Page 9: Securing Transactions

SIM Toolkit

SMS

Basic browser

AJAX browser

Installed application

Page 10: Securing Transactions

Runs on every handset

Simple UIs

Very big eg. in African banking

The operator is your customer

No potential to run “off-deck”

Only operator lets you on the SIM

Page 11: Securing Transactions

Good for simple transactions Easy to set up, works on everything

High cost

30-60% operator cut

Best for low-value high-margin items

Insecure

Can be read on stolen phones

Can be read on the network

Page 12: Securing Transactions

Wap1 was insecure with “Wap Gap”

Plain text through gateway

Very low encryption strengths

Wap2 is better

Dumb client

Data mis-entry is painful

Repeat page loads slow and expensive

Hard to store tickets etc

SMS Picture Message – little data

MMS – can be mangled

Page 13: Securing Transactions

Offers great advantages to developer

No upgrade concerns, etc

Great on your desktop PC

Fast, free, always-on data connections

Plenty of speed, memory and electricity

Overhead of XML + scripts + repeat HTTP doesn‟t matter

Users all using mouse and big screen

Does that remind you of mobile?

Page 14: Securing Transactions

You don‟t have to be the „best‟

Sometimes being the only option is good enough

NOT suitable for everything

Remember, pick your services

Good for:

Recurring purchases

Flaky connections

▪ Retries, SMS fallback, fat intelligent client

Page 15: Securing Transactions

Ticket purchase in UK

Aimed at repeat users

Intelligent client

Helps user with data entry=> minimises resends

Submits credit card purchase with one encrypted SMS

Good when signal strength low

2D barcode display for ticket

Optimised for on-screen scanning

Page 16: Securing Transactions

There is no single „best platform‟

Most topics expanded on the Masabists blog

http://blog.masabi.com/