Mobile Commerce

Outline

M-Commerce Overview Infrastructure M-Commerce Applications Mobile Payment Limitations Security in M-Commerce

Mobile Commerce: Overview

Mobile commerce (m-commerce, m-business)any e-commerce done in a wireless environment, especially via the Internet
Can be done via the Internet, private communication lines, smart cards, etc. Creates opportunity to deliver new services to existing customers and to attract new ones

Mobile commerce from the Customers point of view

The customer wants to access information, goods and services any time and in any place on his mobile device. He can use his mobile device to purchase tickets for events or public transport, pay for parking, download content and even order books and CDs. He should be offered appropriate payment methods. They can range from secure mobile micropayment to service subscriptions.

Mobile commerce from the Providers point of view

The future development of the mobile telecommunication sector is heading more and more towards value-added services. Analysts forecast that soon half of mobile operators revenue will be earned through mobile commerce. Consequently operators as well as third party providers will focus on value-added-services. To enable mobile services, providers with expertise on different sectors will have to cooperate. Innovative service scenarios will be needed that meet the customers expectations and business models that satisfy all partners involved.

Attributes of M-Commerce and Its Economic Advantages

Mobilityusers carry cell phones or other mobile devices Broad reachpeople can be reached at any time Ubiquityeasier information access in real-time Conveniencedevices that store data and have Internet, intranet, extranet connections Instant connectivityeasy and quick connection to Internet, intranets, other mobile devices, databases Personalizationpreparation of information for individual consumers Localization of products and servicesknowing where the user is located at any given time and match service to them

Mobile Computing Infrastructure

Hardware

Cellular (mobile) phones Attachable keyboard PDAs Interactive pagers Other devices
Notebooks Handhelds Smartpads

Screenphonesa telephone equipped with color screen, keyboard, email, and Internet capabilities E-mail handhelds Wirelinedconnected by wires to a network

Mobile Computing Infrastructure (cont.)

Unseen infrastructure requirements

Suitably configured wireline or wireless WAN modem Web server with wireless support Application or database server Large enterprise application server GPS locator used to determine the location of mobile computing device carrier

Mobile Computing Infrastructure

(cont.)

Software

Microbrowser Mobile client operating system (OS) Bluetootha chip technology and WPAN standard that enables voice and data communications between wireless devices over short-range radio frequency (RF) Mobile application user interface Back-end legacy application software Application middleware Wireless middleware

Mobile Computing Infrastructure

(cont.)

Networks and access

Wireless transmission media

Microwave Satellites Radio Infrared Cellular radio technology

Wireless systems

Mobile Service Scenarios

Financial Services. Entertainment. Shopping. Information Services. Payment. Advertising. And more ...

Early content and applications have all been geared around information delivery but as time moves on the accent will be on revenue generation.
Entertainment Music Games Graphics Video Communications Short Messaging Multimedia Messaging Unified Messaging e-mail Chatrooms Video - conferencing

M- commerce
Transactions Banking Broking Shopping Auctions Betting Booking & reservations Mobile wallet Mobile purse

Information News City guides Directory Services Maps Traffic and weather Corporate information Market data

Mobile Application: Financial Tool

As mobile devices become more secure

Mobile banking Bill payment services M-brokerage services Mobile money transfers Mobile micropayments

Replace ATMs and credit cards??

Financial Tool: Wireless Electronic Payment Systems

transform mobile phones into secure, selfcontained purchasing tools capable of instantly authorizing payments Types:
Micropayments Wireless wallets (m-wallet) Bill payments

Mobile Payment

the consumer must be informed of:

what is being bought, and how much to pay options to pay;

the payment must be made payments must be traceable.

Mobile Payment (cont.)

Customer requirements:

a larger selection of merchants with whom they can trade a more consistent payment interface when making the purchase with multiple payment schemes, like:

Credit Card payment Bank Account/Debit Card Payment

Merchant benefits:

brands to offer a wider variety of payment Easy-to-use payment interface development to offer a consistent payment interface to consumer and merchants

Bank and financial institution benefits

Payment via Internet Payment Provider

WAP GW/Proxy
Browsing (negotiation)
Merchant

MeP
User
GSM Security SMSC
SSL tunnel

IPP

Mobile Wallet CC/Bank

Payment via integrated Payment Server

WAP GW/Proxy
Browsing (negotiation)

Mobile Commerce Server

User
GSM Security
SMSC
SSL tunnel ISO8583 Based

Merchant

CP
CC/Bank

VPP IF Mobile Wallet

Voice PrePaid

Limitations of M-Commerce

Usability Problem
small size of mobile devices (screens, keyboards, etc) limited storage capacity of devices hard to browse sites

Technical Limitations
lack of a standardized security protocol insufficient bandwidth 3G liscenses

Limitations of M-Commerce

Technical Limitations

transmission and power consumption limitations

poor reception in tunnels and certain buildings multipath interference, weather, and terrain problems and distance-limited connections

WAP Limitations(Wireless Application Protocol)

Speed Cost Accessibility

Potential Health Hazards

Cellular radio frequecies = cancer?

No conclusive evidence yet could allow for myriad of lawsuits mobile devices may interfere with sensitive medical devices such as pacemakers

Security in M-Commerce: Environment

CA

SAT GW
(SIM)

Mobile Network
WAP1.1(+SIM where avail.)

Mobile IP Service Provider Network WAP GW

Content Aggregation

Internet
Merchant

WAP1.2(WIM)

Mobile Bank

Mobile e-Commerce Server Security and Payment

Bank (FI)

Operator centric model

New Security Risks in M-Commerce

Abuse of cooperative nature of ad-hoc networks
An adversary that compromises one node can disseminate false routing information.

Malicious domains
A single malicious domain can compromise devices by downloading malicious code

Roaming (are you going to the bad guys ?)

Users roam among non-trustworthy domains

New Security Risks (cont.)

Launching attacks from mobile devices
With mobility, it is difficult to identify attackers

Loss or theft of device

More private information than desktop computers Security keys might have been saved on the device Access to corporate systems

Bluetooth provides security at the lower layers only: a stolen device can still be trusted

New Security Risks (cont.)

Problems with Wireless Transport Layer Security (WTLS) protocol
Security Classes:

No certificates
Server only certificate (Most Common) Server and client Certificates

Re-establishing connection without re-authentication

Requests can be redirected to malicious sites

New Privacy Risks

Monitoring users private information
Offline telemarketing Who is going to read the legal jargon Value added services based on location awareness (Location-Based Services)