Mobile Commerce

M-Commerce Overview Infrastructure M-Commerce Applications Mobile Payment Limitations Security in M-Commerce

Outline

Mobile Commerce: Overview

Mobile commerce (m-commerce, m-business)any e-commerce done in a wireless environment, especially via the Internet
Can be done via the Internet, private communication lines, smart cards, etc. Creates opportunity to deliver new services to existing customers and to attract new ones

Mobile commerce from the Customers point of view

The customer wants to access information, goods and services any time and in any place on his mobile device. He can use his mobile device to purchase tickets for events or public transport, pay for parking, download content and even order books and CDs. He should be offered appropriate payment methods. They can range from secure mobile micropayment to service subscriptions.

Mobile commerce from the Providers point of view

The future development of the mobile telecommunication sector is heading more and more towards value-added services. Analysts forecast that soon half of mobile operators revenue will be earned through mobile commerce. Consequently operators as well as third party providers will focus on value-added-services. To enable mobile services, providers with expertise on different sectors will have to cooperate.

Innovative service scenarios will be needed that meet the customers expectations and business models that satisfy all partners involved.

Generations
1G: 1979-1992 wireless technology 2G: current wireless technology; mainly accommodates text 2.5G: interim technology accommodates graphics 3G: 3rd generation technology (2001-2005) supports rich media (video clips) 4G: will provide faster multimedia display (2006-2011)

M-Commerce Terminology

GPS: Satellite-based Global Positioning System PDA: Personal Digital Assistanthandheld wireless computer SMS: Short Message Service EMS: Enhanced Messaging Service MMS: Multimedia Messaging Service WAP: Wireless Application Protocol SmartphonesInternet-enabled cell phones with attached applications

Terminology and Standards

Attributes of M-Commerce and Its Economic Advantages

Mobilityusers carry cell phones or other mobile devices Broad reachpeople can be reached at any time Ubiquityeasier information access in real-time Conveniencedevices that store data and have Internet, intranet, extranet connections Instant connectivityeasy and quick connection to Internet, intranets, other mobile devices, databases Personalizationpreparation of information for individual consumers Localization of products and servicesknowing where the user is located at any given time and match service to them

M-Commerce Infrastructure M-Commerce Applications Mobile Payment Limitations Security in M-Commerce

Outline

Mobile Computing Infrastructure

Hardware

Cellular (mobile) phones Attachable keyboard PDAs Interactive pagers Other devices
Notebooks Handhelds Smartpads

Screenphonesa telephone equipped with color screen, keyboard, email, and Internet capabilities E-mail handhelds Wirelinedconnected by wires to a network

Mobile Computing Infrastructure (cont.)

Unseen infrastructure requirements

Suitably configured wireline or wireless WAN modem Web server with wireless support Application or database server Large enterprise application server GPS locator used to determine the location of mobile computing device carrier

Mobile Computing Infrastructure

Software Microbrowser Mobile client operating system (OS) Bluetootha chip technology and WPAN standard that enables voice and data communications between wireless devices over short-range radio frequency (RF) Mobile application user interface Back-end legacy application software Application middleware Wireless middleware

Mobile Computing Infrastructure (cont.)

Networks and access

Wireless transmission media
Microwave Satellites Radio Infrared Cellular radio technology

Wireless systems

M-Commerce Overview Infrastructure M-Commerce Applications Mobile Payment Limitations Security in M-Commerce

Outline

Financial Services.
Entertainment. Shopping. Information Services. Payment. Advertising. And more ...

Mobile Service Scenarios

Early content and applications have all been geared around information delivery but as time moves on the accent will be on revenue generation.
Entertainment Music Games Graphics Video Pornography Communications Short Messaging Multimedia Messaging Unified Messaging e-mail Chatrooms Video - conferencing

M- commerce
Transactions Banking Broking Shopping Auctions Betting Booking & reservations Mobile wallet Mobile purse Information News City guides Directory Services Maps Traffic and weather Corporate information Market data

Classes of M-Commerce Applications

Mobile Application: Financial Tool

As mobile devices become more secure

Mobile banking Bill payment services M-brokerage services Mobile money transfers Mobile micropayments

Replace ATMs and credit cards??

Financial Tool: Wireless Electronic Payment Systems transform mobile phones into secure, self-contained purchasing tools capable of instantly authorizing payments Types:

Micropayments Wireless wallets (m-wallet) Bill payments

Examples

Swedish Postal Bank Dagens Industri

Check Balances/Make Payments & Conduct some transactions Receive Financial Data and Trade on Stockholm Exchange Access balances, pay bills & transfer funds using SMS

Citibank

Mobile Applications : Marketing, Advertising, And Customer Service

Shopping

Have access to services similar to those of wire line shoppers

Shopping carts Price comparisons Order status Will be able to view and purchase products using handheld mobile devices

from Wireless Devices

Future

Mobile Applications : Marketing, Advertising, And Customer Service

Targeted Advertising
Using demographic information can personalize wireless services (barnesandnoble.com) Knowing users preferences and surfing habits marketers can send:
User-specific advertising messages Location-specific advertising messages

Mobile Applications : Marketing, Advertising, And Customer Service

CRM applications
Mobile CRM Comparison shopping using Internet capable phones Voice Portals
Enhanced customer service improved access to data for employees

Mobile Portals

A customer interaction channel that aggregates content and services for mobile users.
Charge per time for service or subscription based
Example: I-Mode in Japan

Mobile corporate portal

Serves corporations customers and suppliers

Mobile Intrabusiness and Enterprise Applications

Support of Mobile Employees

by 2005 25% of all workers could be mobile employees

sales people in the field, traveling executives,

telecommuters, consultants working on-site, repair or installation employees need same corporate data as those working inside companys offices solution: wireless devices wearable devices: cameras, screen, keyboard, touch-panel display

Mobile B2B and Supply Chain Applications

mobile computing solutions enable organizations to
respond faster to supply chain disruptions by proactively adjusting plans or shifting resources related to critical supply chain events as they occur. accurate and timely information opportunity to collaborate along supply chain must integrate mobile devices into information exchanges example: telemetry integration of wireless communications, vehicle monitoring systems, and vehicle location devices
leads to reduced overhead and faster service responsiveness (vending machines)

Applications of Mobile Devices for Consumers/Industries

Personal Service Applications Mobile Gaming and Gambling Mobile Entertainment Hotels Intelligent Homes and Appliances Wireless Telemedicine Other Services for Consumers
music and video
example airport

M-Commerce Overview Infrastructure M-Commerce Applications Mobile Payment Limitations Security in M-Commerce

Outline

Mobile Payment for M-Commerce

Mobile Payment can be offered as a standalone service.

Mobile Payment could also be an important enabling service for other m-commerce services (e.g. mobile ticketing, shopping, gambling) :
It could improve user acceptance by making the services more secure and user-friendly. In many cases offering mobile payment methods is the only chance the service providers have to gain revenue from an m-commerce service.

the consumer must be informed of:

what is being bought, and how much to pay options to pay;

the payment must be made payments must be traceable.

Mobile Payment (cont.)

Mobile payments can be split into three categories- mobile content, out-of-band and proximity. Because of their expertise in the area of billing, network operators are suited to deliver - payment services for mobile content. This type of payment is sometimes referred to as in-band where the content and the payment channel are the same. An example is a chargeable WAP service over GPRS. Users will either be offered subscription or per usage payment models. For per-usage users, the nature of the technology and services means that transactions will be small, so operators need to implement low-friction micropayment. Applications that could be covered by in-band transactions included video streaming of sports highlights or video messaging.

Mobile payments
31

Out of band refers to the fact that the payment channel is separate to that used for a shopping phase. For example, a credit card holder may use their mobile device to authenticate and pay for a service they consume on the fixed line Internet or interactive TV. In order to make the wireless device suitable for authenticating payments, financial institutions are especially interested in wireless PKI, shared secret (or symmetrical key) schemes, or best of all merging with their chip card programs via dual slot or dual chip devices.

Continue
32

A promising payment application for mobile commerce is proximity transactions using the device to pay at a point of sale, vending machine, ticket machine, tolls, parking, etc. By leveraging parallel technologies, such as Bluetooth and 802.11, mobile devices can be transformed into sophisticated payment devices that can process both micro and macro payments.

Continue
33

Mobile payment types

Payment Type Example Mobile Content Out of band Proximity

Anne is on holiday, and uses her Nokia 7650 to take a photo, adds audio comment, and sends it via MMS to Robert. She is charged $1 to her prepay account

An SMS notifies Anne that U2 concert tickets have just gone on sale. From an Internet caf she browses to the ticket vendor site, books her tickets and pays with her Visa card. The payment authentication request Appears on her mobile phone via SMS, and she authenticates using a personal PIN, digitally signing the order. A receipt is sent to her phone. SMS, SIM Toolkit application, WAP Push, WPKI, Dual slot, Dual SIM, J2ME. Wallet server with SMS and wireless PKI support, Acquiring gateway

Back at home , Anne is at her photo and imagine shop; she transfers her holiday photos from her digital camera to the store computer over as Bluetooth link; the payment request is sent to telephone, also over Bluetooth, where she accepts it, and her credit card information is returned to the store point of sale device. Bluetooth 802.11b, IrDA

Technology Enablers Payment Features

EMS, MMS 2.5G (Eg. GPRS) 3G Meditation system integrated with real time stored value micropayment system

Payment Java applet on mobile phone and point of sale device.

34

Phases of Mobile Payment Transaction

35

M-Commerce Overview Infrastructure M-Commerce Applications Mobile Payment Limitations Security in M-Commerce

Outline

Usability Problem
small size of mobile devices (screens, keyboards, etc) limited storage capacity of devices hard to browse sites

Technical Limitations
lack of a standardized security protocol insufficient bandwidth 3G licenses

Limitations of M-Commerce

Technical Limitations
transmission and power consumption limitations poor reception in tunnels and certain buildings multipath interference, weather, and terrain problems
and distance-limited connections

WAP Limitations
Speed Cost Accessibility

Limitations of M-Commerce

Potential Health Hazards

There are three main reasons why people are concerned that cell phones (also known as wireless or mobile telephones) might have the potential to cause certain types of cancer or other health problems:
Cell phones emit radiofrequency energy (radio waves), a form of non-ionizing radiation. Tissues nearest to where the phone is held can absorb this energy. The number of cell phone users has increased rapidly. As of 2010, there were more than 303 million subscribers to cell phone service in the United States, according to the Cellular Telecommunications and Internet Association. This is a nearly threefold increase from the 110 million users in 2000. Globally, the number of cell phone subscriptions is estimated by the International Telecommunications Union to be 5 billion. Over time, the number of cell phone calls per day, the length of each call, and the amount of time people use cell phones have increased. Cell phone technology has also undergone substantial changes.

Radiofrequency energy is a form of electromagnetic radiation. Electromagnetic radiation can be categorized into two types: ionizing (e.g., x-rays, radon, and cosmic rays) and non-ionizing (e.g., radiofrequency and extremely lowfrequency or power frequency) . Exposure to ionizing radiation, such as from radiation therapy, is known to increase the risk of cancer. However, although many studies have examined the potential health effects of non-ionizing radiation from radar, microwave ovens, and other sources, there is currently no consistent evidence that non-ionizing radiation increases cancer risk . The only known biological effect of radiofrequency energy is heating. The ability of microwave ovens to heat food is one example of this effect of radiofrequency energy. Radiofrequency exposure from cell phone use does cause heating; however, it is not sufficient to measurably increase body temperature. A recent study showed that when people used a cell phone for 50 minutes, brain tissues on the same side of the head as the phones antenna metabolized more glucose than did tissues on the opposite side of the brain .

For millions of years, life evolved on earth where the natural background level of radio frequency radiation has been very low. Then starting only a hundred years ago, the explosion in wireless technologies like radio, TV radar and microwave has boosted our everyday RFR exposure levels by at least ten thousand times. Our bodies - and each of the cells within them - are like antennas: exquisitely sensitive receivers AND transmitters of electro-magnetic radiation. Now, they must function in a new electro-magnetic environment that already has ten thousand times more RFR than the one in which they - and we - evolved. And today, a new wireless revolution is in progress, with the number of cell phones, communication satellites, microwave antennas and cell phone towers multiplying daily. That means even more RFR exposure for all of us.

Cell Towers are the base stations which control cell phone communication. The generic term "cell site" can also be used - to include all cell phone towers, antenna masts and other base station forms. Each cell site services one or more "cells". Different cell sites emit different amounts of radiation.
Radiation levels from a single cell site vary, depending on usage. Even maintenance issues can affect how much radiation a cell site is currently producing. Radiation around a single cell tower may not be uniform there can be hot and cold spots. But it seems that 400 meters is a safe distance for most people, and smaller distances may also be safe in some cases

Individuals differ in their response to similar levels of EMF radiation. For some people, short term effects from cell tower radiation exposure may include headaches, sleep disorders, poor memory, mental excitation, confusion, anxiety, depression, appetite disturbance and listlessness.

A human study (Kempten West) in 2007 measured blood levels of seratonin and melatonin (important hormones involved in brain messaging, mood, sleep regulation and immune system function) both before, and five months after, the activation of a new cell site.

Cell tower health effects

M-Commerce Overview Infrastructure M-Commerce Applications Mobile Payment Limitations Security in M-Commerce

Outline

WAP Architecture

Client
WML

WAP Gateway
WML Encoder

Web Server
CGI Scripts etc. WML Decks with WML-Script

WMLScript WTAI

WSP/WTP

WMLScript Compiler Protocol Adapters

HTTP

Content

Etc.

WAP: Wireless Application Protocol

Created by WAP Forum

Founded June 1997 by Ericsson, Motorola, Nokia, Phone.com 500+ member companies Goal: Bring Internet content to wireless devices

WAP

Without a secure OS, achieving security on mobile devices is almost impossible

Platform Risks

Scripting is heavily used for clientside processing to offload servers and reduce demand on bandwidth Wireless Markup Language (WML) is the equivalent to HTML, but derived from XML WMLScript is WAPs equivalent to JavaScript

Derived from JavaScript

WMLScript

Lack of Security Model

Does not differentiate trusted local code from untrusted code downloaded from the Internet. So, there is no access control!! WML Script is not type-safe.

Scripts can be scheduled to be pushed to the client device without the users knowledge
Does not prevent access to persistent storage Possible attacks:

Theft or damage of personal information

Abusing users authentication information Maliciously offloading money saved on smart cards

Risks of WMLScript

New Security Risks in M-Commerce

Abuse of cooperative nature of ad-hoc networks

An adversary that compromises one node can disseminate false routing information.
Malicious domains

A single malicious domain can compromise devices by downloading malicious code

Roaming (are you going to the bad guys ?)

Users roam among non-trustworthy domains