ussd: a communication technology to potentially oust sms ... - Aricent

More documents

Recommendations

Info

This translation is normally performed by an Exchange TradedFunds (EFT) channel switch that switches transactions from thechannel to the appropriate area within the core banking system.Client-side applications refer to those applications that resideon the customer’s SIM card or mobile phone device. Client-sidetechnologies include J2ME. On the other hand, server-sideapplications are developed on a server away from customers’mobile phone or SIM card. Server-side technologies includeUSSD, IVR, SMS, and WAP.6.1.1 CRITICAL REVIEW OF SECURITY OPTIONS FORMOBILE BANKINGMobile banking brings new opportunities and new horizons, butalso comes with implicit risks to financial providers, carriers, andthe financial system. On the one hand, it holds out the prospectof adding convenience for accessing banking and paymentservices to customers. But the addition of a new channelalso brings new operational risks to providers, just as theintroduction of internet banking posed the risks a decade ago.For this reason, mobile Financial Service Providers (mFSP)seeking to enter the market have to assess their risks and developstrategies to mitigate those risks on an ongoing basis. Securityis a very sensitive issue for M-Banking, so this section comparesthe risks of using SMS and USSD messaging services.Data carried across the mobile network is protected by thestandard GSM security protocols at the communication layer.The subscriber identity is also protected across this chain. Therisk in transporting data across the GSM channel is directlydependent on the number of stoppages the data must makebefore reaching the bank.Data security with SMS bankingSMS service is deemed to be the least secured of the technologiessuggested for mobile banking because of the number of pointswhere the SMS data is available to others in a clear or unencryptedformat.The diagram below shows the entities involved across the GSMchannel in SMS banking.Base stationMSC SMSC BankFigure 8: SMS Banking GSM ChannelA customer initiates a transaction by sending an SMS to the bankusing the bank’s SMS short code. The SMS is stored on thehandset and is available to anyone who looks at the customer’sphone; hence, making it unsecure at the very first step. The SMSthen passes through the encrypted GSM communicationchannel through the base stations and terminates at the mobilenetwork operator’s SMSC. There, it is typically stored in anunencrypted form, making it unsecure at also the second step.The SMSC passes the message onto the bank’s wirelessapplication processor or mobile banking processor (which maybe a third party), where it is stored either in encrypted orunencrypted form. The third party then passes the message tothe bank across an encrypted fixed line to the bank, where it istypically stored in a secured environment.In all, there are three highly susceptive points of exposure duringthe transaction where the data is stored, making the SMS servicefar less secure.Data security with USSD bankingUnlike SMS, USSD message is not stored on customers’ mobile,making it secure at the first level. USSD opens a single sessionbetween the device and the supporting application at thenetwork operator/processor/bank.Base stationMSC USSD Gateway BankFigure 9: USSD Banking GSM ChannelThe data is also encrypted at the USSD gateway sitting at thenetwork operator/processor/bank, preventing any misuse ofthe data. This makes it secure at the second step. The end-to-endtransaction flow occurs across the encrypted GSMcommunication layer while the subscriber identity is also hidden.Hence, USSD service is safer than to SMS and other GSMtechnologies.However, there is one risk. If the GSM encryption (which is usedto carry the data within the communication layer by securedmeans) is broken, the data can be accessed–which can actuallyhappen with all GSM technologies (e.g., SMS, USSD, etc.). Toavoid this, the GSM encryption needs to be made more robust,much like how internet banking has evolved over the years.Excluding this generic threat, USSD appears to be the mostsuited technology for mobile banking application.USSD: A Communication Technology to Potentially Ouster SMS Dependency8
6.1.2 MARKET PROJECTIONS FOR M-BANKING USERSA recent report from Juniper Research gives a detailed forecastfor mobile banking users by 2011 across eight regions of theworld (Figure 10).Scalability and costs involved in using SMSThe size limit of 160 characters restricts the amount of contentinformation that can be communicated through text. A detaileddescription of any disease/medicine therefore requires two ormore messages, which means extra costs for an operator.7%5%8% 12%2%22%North AmericaSouth AmericaWestern EuropeEastern EuropeSMS delivery charges are costlier because they involve SMSCand other related transmission trunks. Also, scheduling costsof SMS are much higher because traffic at network and itsavailability versus traffic at SMSC must be taken into account.41%6.2 SPREADING AWARENESS ABOUT EPIDEMICSAND FATAL DISEASESUSSD service can be used innovatively to educate people andspread awareness about fatal, epidemic diseases such as AIDS.For many of these diseases, prevention still remains the onlyavailable cure. Taking early disease-prevention measures,educating people about their symptoms, providing anonymouscounseling, gathering data, linking patients to services, andmany other such acts can go a long way in improving thehealth of developing nations.For millions of people affected by HIV and other diseases, thereis an unmet need to circulate information regarding these diseases.Currently, this information is disseminated in numerous waysincluding print media, radio, television, newspapers, and theinternet. However, not all of these channels are accessibleto everyone; hence, using cell phones to reach the massesseems an obvious extension.The information people require varies from basic knowledgelike symptoms or prevention measures to a more detailedunderstanding of a particular disease’s course and treatment.The menu implementation of USSD can be set in a singletransaction, and the interested users can dig into the requiredinformation.3%Far East & ChinaIndian SubcontinentRest of Asia PacificAfrica & Middle EastFigure 10: Mobile Banking Users – 2011 Regional Forecast (%)Reference: Juniper Research6.2.1 SMS VERSUS USSD FOR IMPLEMENTING THE SERVICEStudies have indicated that reminding people to take theirmedicine on time can increase adherence to treatment. Thesemessages need to be timed appropriately to suit each purpose.When patients regularly skip taking their medicine, or take it atthe wrong time, the severity of their disease can increase, oftennecessitating costlier and more expensive second-line treatment.Scalability and costs involved in using USSDUSSD’s 180-character capacity per message increases thescope for content length. And because the USSD platformsends messages directly without using SMSC, it is lessexpensive than SMS.In-depth information can be provided via a menu-basedapproach using which the interested users can drill down to thedidactic content. Hence, an operator can provide handy tips ina common, free message while the cost of providing additionalinformation can be charged to the user (only if the user uses aninteractive USSD menu-based session). The messages can alsobe better timed by using USSD rather than SMS because thereis no need to account for network congestion at SMSC.Impact or AnalysisIt can be concluded from this discussion that the USSDtechnology can go a long way in improving the living conditionsof the poor.Assuming that this innovative service is offered at no extra costto customers (at least in developing and underdevelopedcountries), the analysis is done only with respect to the operatingcosts for operators/service providers.Although USSD is an efficient technology, it’s too early to deriveany conclusion on the impact and effectiveness of this servicebecause data collection from the end user is an arduous job.Many people don’t want to share information about their diseases,or register with the operator for fear it may lead to disclosure oftheir personal data.This medical care application was just an example to demonstratehow USSD can be used in broadcasting relevant messages tothe customers, especially in the health sector. There are manyother similar areas where this service can prove beneficial suchas in alerting fishermen about the rising tides and sea/weatherconditions; teaching farmers about the best seasonal crops togrow in different regions and the new innovative tools availableto improve agricultural productivity; and informing students onjob trends and career opportunities.USSD: A Communication Technology to Potentially Ouster SMS Dependency9
Page 1: USSD: A COMMUNICATIONTECHNOLOGY TOP
Page 7 and 8: The MSC connects to the HLR in the
Page 9: Requesthandled byMSCRequesthandled
Page 18: aricent.com © 2012 Aricent Group.

ussd: a communication technology to potentially oust sms ... - Aricent

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?