Abstract: Technology advancements have reduced the cost of both a
mobile device and data connection making it affordable to all. In parallel,
mobile applications are also rising providing the quick, easy door-step
solution(s) to one’s professional and personal requirements. In the current
trend of the digital and cashless economy, mobile-based app solutions are easy
to use and ubiquitous, facilitating a wide range of banking financial services
(pay/collect money etc.) and non-financial services (cheque request, account
balance, view transaction history etc.). Mobile app revolution is also
accompanied by many known and unknown security risks. Out of the various mobile
banking applications, UPI (Unified Payment Interface) based apps are simple,
reliable, centrally certified (by NPCI (National Payment Corporation of India))
and more secured. Study of UPI apps revealed the possibility of further
security enhancements utilizing technological advancements to detect
cybercrimes and fraudulent mobile transactions. Code Shoppy This paper discusses UPI based
mobile apps (architecture, transactions, features and security issues) and
information security enhancement proposals w.r.t authentication and
authorization.
Keywords: Mobile Banking; Security;
Application Security; Information Security; UPI; USSD; Authentication;
Authorization; Encryption; Financial Service
I.INTRODUCTION
Mobile Banking
service allows end user to perform remote banking transactions (both financial
and non-financial) from his/her current location using the hand held mobile
device anywhere-anytime. A variety of technology specific mobile banking
solutions like IMPS (Immediate Payment Service), USSD (Unstructured
Supplementary Service Data), SMS (Short Messaging Service) and UPI (Unified
Payment Interface) [8] based app solutions (like BHIM (Bharat Interface for
Money), GooglePay (Tez), PhonePe and Bank specific apps like SBIPay, AxisPay,
iMobile, Mobile Money etc) are available to perform regular banking operations
(like fund transfer, cheque request etc) and other payment [14,15] operations
in m-shopping, metro card recharge, loan/credit card payment. Number of
features and security level offered, varies with every application and are
dependent on the mobile device capability, its operating system and internet
connectivity. USSD and SMS based banking operations are suited to low end
non-smart phone devices without internet connection. USSD service is offered in
association with the Mobile Network Operators (MNO’s). Though there are few
security concerns in mobile banking applications, they are still preferred by
everyone, because of its well-known advantages like fast, easy to use,
convenient to pay bills, portable, available etc. Even banks promote mobile
banking [1] as it helps to handle more customers with improved customer
services at reduced operational cost without compromising on service quality.
Banks also offer discounts, gifts etc., to promote mobile banking. Following
are some of the common terms used in mobile payment types. VPA:
Virtual Private
Address. An address of the format <mobile number>@upi [6] used to
transfer money using UPI App’s. User can create multiple VPA’s. UPI based fund
transfer uses VPA internally to look up the account number. IFSC (Indian
Financial System code): It is a eleven digit code seen in cheque leaf used to
identify the bank branches involved in money transfer. MMID: Mobile Money
Identifier. A unique seven digit code assigned to customers on registration to
avail IMPS service as a beneficiary. The paper contents have been organized in
seven sections, with Section 2 on Evolution of Money and Payment Solutions,
Section 3 on UPI Based Mobile Banking, Section 4 on Security Enhancement
proposals, Section 5 on UPI vs other Parallel System, Section 6 on Conclusion
and Section 7 on Future Scope of Work.
EVOLUTION OF MONEY AND PAYMENT
SOLUTIONS
The evolution of money started with Barter scheme (i.e mutual
exchange of goods and services) and have evolved over these years from coins to
paper and plastic money (i.e cards). Fig.1 below shows the transitions in money
evolution. Fig. 1. Transitions in Money
evolution
904 Now in 21st century, it has advanced to
currency less money transfer in the form of mobile payments and virtual
currency. Even in mobile based payments, user has multiple options to choose
from namely NEFT (National Electronics Fund Transfer), RTGS (Real Time Gross
Settlement), IMPS (Immediate Payments Service), UPI, USSD and mobile wallets.
Fig. 2 below shows the various options of mobile payment modes. Fig. 2. Mobile Payment Modes A. Mobile
Payment Modes Mobile payment modes are given below. NEFT: Used to transfer fund
from one account to another. RTGS: Scheme for instant money transfer within 30
minutes. Unlike NEFT, RTGS processes the instructions immediately without
delay. IMPS: An instant payment system to transfer funds from one account to
another using mobile. It is an initiative of NPCI. UPI: UPI is the advanced
version of IMPS. It is a mobile based payment mode where multiple mobile
accounts can be managed using a single VPA. Allows fund routing and merchant
payment. Uses UPI PIN to authenticate UPI fund transfer. It is built on IMPS
infrastructure. USSD: A mode of performing mobile banking transaction using
*99#service codes. Mobile Wallet: A secured way to carry credit/debit card
information. Allows payment at stores via mobile phones. Availability of more
than one payment mode, facilitates the user to choose an appropriate mode
depending on his/her device capability (smart/GSM phone), internet connectivity
(online/offline), known/available confidential information (i.e Account
Number/IFSC/MMID code/Mobile number/VPA and MPIN), fund transaction details
including amount, day and time (i.e weekday/weekend and time of the day). B.
Comparison of Mobile Payment Modes TABLE I below shows the comparison of
various Mobile payment options.
Comments
Post a Comment