..:: Secure SMS ::…

A revolution in Banking and Payment Systems through the GSM networks

Overview

Computers and the Internet are surely here to stay and the impact of information technology is increasingly showing up on just any aspect of our lives. The concept of ‘e-commerce’ which was no more than mere theory a few years ago has now become reality, and more and more services are now available to us via the internet. The increasingly important role played by the conduction of business across cyber space is for each one of us to see.

The most important aspect about the growing impact of the advancements in the realm of technology on our lives lies in the fact that it has caused the world to shrink immeasurably. What used to take days and even weeks to get a message across prior to the coming in of the telephone and the telegraph services got reduced to minutes. With the coming of the World Wide Web however, this got further reduced to seconds and even fractions of it! This new development brought with it a whole new world of possibilities – today what we can do with a computer or a PDA connected to internet is just amaizing, the security protocols are strong enough to allow us to conduct "Secure Transactions" on the internet with an incredible ease. But to do so, we need to be connected to Internet, and even if boradband and wireless Internet access (Wifi, Wimax, 3G/4G, WAP, iMode...) seems to cover large areas, but nothing can come close to the GSM Network in terms of "Human Coverage". Almost every person have a GSM phone, if not 2 phones. We usually carry this device 24 hours a day and there is about no single geographic spot that is not covered by at least one GSM carrier, so in way we can say that Humans are being "connected" permanently through the GSM networks.

Now imagine if every man and woman could, through the most simple GSM Phone, carry out Financial transactions by SMS in a as secure manner as accessing their Online Banking Account... I believe, this ability, would create a REVOLUTION in Payment Systems and the Banking industries. Financial Institutions & organisations could reach 99% of the population, on 99% of the earth ! A bedouin in the middle of the Sahara could initiate a payment to his neighbour with no Internet Access Point nor any Bank in the near 1000 KMs around them...

Hypothesis

In the light of the current scenario, here’s how I propose to contribute to the cause of making M-commerce & Mobile Banking an even more pleasurable experience – by enabling security of Mobile communications without making it complicated for the end user, and without the need to have an expensive or advanced Mobile Phone. My efforts are aimed at researching on and creating a "Plug & Play" tool that will assure a minimum amount of risk when it comes to protecting client specific sensitive information and details of financial transactions. Ensuring a proper authentification of the parties involved in the transaction. And at the same time without suffering excessive Software and/or hardware requirements that takes away the user-friendliness and convenience of a Mobile based transaction.

In other words, my hypothesis will be how to build a "Plug & Play" solution for "Secure SMS" communications, that will turn the most basic Mobile Phone into a reliable and secured Payment Terminal. Thus bringing M-commerce & Mobile Banking services to the masses through the the World Widest Network which is the GSM Network and it's uncomparable coverage.

The Aim and expected result of my thesis will be to come up with a Technical Solution that will not necesitate any Hardware/Software specific requirements for a Mobile Phone.

Literature Review

My sphere of expertise lies in the designing as well as implementation of ecommerce ready websites. Having 5 years experience in this area and a lengthy satisfied clients list, my Master’s degree in International E-commerce has also helped me immensely.  In course of the long hours that I spend at work, I am constantly dealing with computers that hosts or are actively involved in the transfer of the information and sensitive data that needs to be secured. I therefore have devoted a lot of my time to researching on methods and activities related to tackling the problem of identity theft through websites that do not have adequate security measures to combat the same. There also are several other challenges that one involved in ecommerce is likely to encounter and the knowledge of these goes a long way in creating successful ecommerce websites. Appended below are brief summaries of some of the random internet articles of substance that I took inputs from.

Overview of common ecommerce challenges

• Basic Operations – Managing inventory including customer information as well as business across multiple channels and platforms along with the collection and parsing of all the data in order to understand the statistics and therefore profitability of the ecommerce venture.
• Increasing Traffic and Search Engine Optimization or SEO – Search engines do acknowledge certain legitimate means to lure traffic into your website by helping it achieve a high rank among search results. Some of these techniques are having a good percentage of the right key words pertaining to the product / service that your website is showcasing and having links to other websites in the same cadre. This is a good way to stand out among the ever-increasing crowd of competitors.
• Expansion – Managing your business in a manner so as to scale and grow is also critical. As business grows, your website usually calls for including newer features and doing away with redundant ones. Growing out of your niche area in order to diversify into new channels and marketplaces to be able to reach out to new customers is also of critical importance.
• Software/Systems Integration – Getting disparate systems such as inventory management, order processing, payment processing, and customer relationship management or CRM to communicate efficiently with each other and carry out business smoothly is often a huge challenge.

Six Significant Information Security Challenges

• Secure Data Storage – E-commerce requirements such as the use of highly secure databases to store sensitive customer information is of supreme importance along with authentification protocols
• Information Security Attacks – Miscreants are continuously on the lookout for loopholes in the security system to ‘break in’ at the first chance
• Immature Information Security Market – Formal standards are yet to be established for ecommerce services and products
• Information Security Staff Shortage – Very few organizations invest in a highly qualified information security in-charge
• Government Legislation and Industry Regulations – Lack of proper laws to penalize cyber criminals without affecting the conduct of e-commerce
• Mobile Workforce and Wireless Computing – M-commerce or mobile commerce and the use of wireless technology are considered by many as the future of ecommerce

Bearing the above in mind, my approach is to find a solution by viewing the problem from a whole new angle – that of considering the technology, the law as well as the vital human component of ecommerce and analyzing their online interactions.

Research Methodology

In my research, instead of considering only the technological aspect of ecommerce, I propose to also consider the implications of the legal angle on this branch of cyber trade as well as the most important human component without which no ecommerce transaction would be possible. Here is a brief overview of the methods I intend to employ in order to conduct the research and find the proposed solutions:

1. TECHNICAL AND DEVELOPEMENTAL ASPECT
a. SERVER SIDE – The computer that hosts or is closely connected with sensitive information that needs to be secured
i. Research and study of the latest as well as former secure technologies, encryption, algorithms of programs, settings of the servers, software to be used
ii. Development of specific programs or settings to fit the security requirements for a secure payment or online banking server
iii. Implement a user friendly panel for the user and the client so that the advanced technical developments to not affect the usability
b. CLIENT SIDE – The computer of the user who is going to buy online
i. Study of the common configurations and settings of internet user’s computers
ii. Identify the most important failures or risks on client’s computer systems
iii. Collect and be able to analyze data stored about the client or taken from the computer logs of the client (where available)
iv. Enhance security measures without adding too much hassle to the potential buyer/client

2. LEGAL AND ADMINISTRATIONS
a. LEGAL SIDE
i. One can not talk about ecommerce without the legal environment and the jurisdiction where the transaction is supposed to take place especially on both sides: Server and Client side
ii. Study of the banking and insurance rules related to online payments for each specific country, national currencies and digital currencies.
iii. Study of the penal and civil laws of the country of the user and the one of the company managing the payment or online banking tool
iv. Once a fraud is identified or found, how and to what extend we can fight back and what are the probabilities to get back the money and / or the goods
v. How to analyze and be able to fight charge-backs, repudiations of payments and other malicious behaviors by the consumer himself or by the “thief”

Research Planning & Schedule

I propose to complete the research within a 3 year time frame; I intend to spend the first 2 years studying of the issue of security breaches in the sphere of ecommerce and a thorough study of the legal environment in which the online transactions take place, and the third (final) year will be spent focusing on the development of a model of the ideal secure payment system. The “GUIPAY”

Conclusion

Considering the extensive exposure to the various aspects of ecommerce that I have been fortunate to have as part of my profession, I believe that it is only fair that I contribute in what ever small way that I can to the noble cause of eradicating cyber crime and internet fraud. From my point of view and what I propose to arrive at in course of my research activities is that the solution to finding the ideal secure mode to conduct of online transactions lies in understanding and studying not just the technical/hardware/software part of ecommerce. Instead, it must ideally be combined with a proper study of the Human/Cultural aspects of each market as well as the legal environment, because eventually while it is a machine that carries the transaction, it is a human that is initiating the action of buying, paying or even cheating online. Moreover, by matching these varied behavioral patterns with the relevant legal context that accompanies the transaction it would present a better understanding of the complex processes that goes into ecommerce both before and after each transaction.

List of References

<<< I might change my list of references >>>

E-Commerce User Experience (Hardcover)
Designing Web Usability: The Practice of Simplicity, 2000; Usability Engineering, 1994: A textbook on the methods needed to make interfaces easier to use International User Interfaces, 1996 (co-editor with Elisa del Galdo); Advances in Human-Computer Interaction Vol. 5, 1995 (editor) by Jakob Nielsen
Payment Technologies for E-Commerce (Hardcover) by Weidong Kou
Payment Systems and Other Financial Transactions: Cases, Materials, and Problems (Hardcover) by Ronald J. Mann
Emanuel Law Outlines: Payment Systems (Paperback) by Lary Lawrence
Payments Law In A Nutshell (Nutshell) (Nutshell Series) (Paperback) by Steve H. Nickles, Mary Beth Matthews
Effects of outcome, process and shopping enjoyment on online consumer behaviour [HTML] (Digital) by S. Cai, Y. Xu
Crime Online (Paperback) by Yvonne Jewkes (Editor)
Web Systems Design and Online Consumer Behavior (Hardcover) by Yuan Gao (Editor)
The Psychology of the Internet (Paperback) by Patricia Wallace

Online Magazines:

http://www.zdnet.com
http://www.cio.com