Framework for Mobile Payment Systems in India

Abstract

This chapter introduces concepts, frameworks and possible models for introducing mobile payments in India. The introductory section defines mobile payments, outlines its characteristics and identifies the stakeholders. Ideally, mobile payments have to be simple and usable, universal, interoperable, secure, private, affordable and be available within the country wide as well as globally. There are various stakeholders in this context: the customer, the merchant, banks, mobile network operators, software and technology service providers, mobile device manufacturers and the government. The technology considerations are addressed in a technological landscape with a wide variety of possibilities for implementing mobile payments. Implementations can be based on different access channels to the mobile device such as SMS, USSD or WAP/GPRS. The relative advantages and disadvantages each of these channels for mobile payments are discussed. Generic architectures that employ these technologies are modeled. The mobile phone carrying debit or card information (Track 2) within the device can act as a payment instrument. It can be used to extend the present day card based payment systems. This requires an independent entity called as a Trusted Service Manager (TSM) who provides the necessary hardware and software for handling transactions. The TSM is an intermediary between the financial institutions (banks) and the mobile network operators (telecommunications industry). Essentially the TSM accepts the information from the customer owning a mobile and it routes the financial transaction to the bank or an inter-bank clearing and settlement system (using an electronic interface—a financial switch) or to a payment systems operator (in the case that the customer is using a credit card). Possible models for one TSM in the country or having several independent TSMs are outlined. The TSMs may commu nicate with the financial system using the ISO 8583 messaging standards. Finally, technical standards and security issues are addressed. A symmetric encryption scheme (based on Triple DES or AES) can offer confidentiality of mobile payment transactions. However, for assuring integrity, authentication and non-repudiation a PKI scheme is required. Cost wise a PKI enabled scheme would be more than twice as costly as a symmetric scheme due to overheads in digital certificate transmission. Low value transactions may use the symmetric encryption standards whereas high value transactions can be done using asymmetric encryption standards.