financial services technology consortium cmu workshop on trust and dependability in mobile,...

Financial Services Technology Consortium

CMU Workshop on Trust and Dependability in Mobile, Wireless, and Pervasive Computing Environment

Extending the Franchise of Trustto the Mobile ChannelFinancial Institutions, Mobile Finance, and the Hard Problems Ahead

Zachary TuminExecutive Director, FSTCApril 1, 2003

Trust and Dependability in Mobile, Wireless, and Pervasive Computing Environments | April 1, 2003 2


Contents (More or Less)

The Vision The Challenge The Requirements The View From Planet Earth (Banks) The Prospect



About FSTC

Consortium of leading US financial institutions and technology companies bringing forward secure, reliable, interoperable technologies in proof, test, and pilot

Active initiatives underway in: web services, disaster recovery/business continuity, voice and biometrics authentication, payments system innovation, check security and imaging

FI members include: Citigroup, JPMorgan Chase, Bank of America, Wells Fargo, National City, Fidelity, BB&T, Comerica, Zions, Huntington, Wachovia

Technology members include: IBM, Sun Microsystems, Computer Associates, Hewlett Packard, Diebold, Unisys, Sungard, Motorola

See projects, membership at: www.fstc.org...



VISION STUFF: Where We Could Be and Where We Are



The Current Landscape: Vision of the Mobile Channel for Financial Services

A fully connected world All communicate with all instantly From anywhere, to anyone or any service All types of transactions Utilizing small devices easily carried or worn Trusted, secure, reliable – just like all the other channels



The Current Landscape: Multiple Channels, All Trusted (More or Less)

The bar of perception is set high for the mobile channel, benchmarked against current trust, reliability, security in other proven channels:- Branch (Teller)- Telephone (Voice)- US Mail (Letter Carrier)- ATM (Networks)- On-Line (Web)

Can still be pretty variable across and within, but…

No surprises here: Financial institutions and consumers think they have fully documented the inventory of risk for each channel, mitigated them (FIs) and accepted them (consumers), and made their choice of comfort and convenience

Mobile????



The Current Landscape: Multiple Channels, All Trusted (More or Less)

For the consumer, trust, reliability, security = KNOWLEDGE …where your money is …how much is there …who can do what with it (no one except you) …how you can get to it and do things with it (walk, punch, surf) …what to do if there’s a problem

Not: “I think,” but: “I know” Tremors/channel confusion exist, rattle trust: e.g.: balance disparities irk,

bug, bother, but… Can mobile services – post- Dot.Com hype, just another channel – ever

come close? When? What investments should financial institutions make next?



Mobile Financial Services Taxonomy: Transactions

Account Balance Inquires and Inventory (Pull)

Transaction Initiation and Execution (Pull)

Data Message Exchange Personalized Alerts (Push) Account Service (Push and Pull) Wireless Information Synchronization Portal Information Access Aggregation Services (Push and Pull) Promotion Cross Selling (Push and

Pull) Financial Advice (Push and Pull) Bill Presentment and Payment (Pull) Loan Application/Prequalification Mobile Commerce (Push and Pull) Location Based Financial Services

(Push and Pull) E2E Marketplace

Registrations for Financial Service Credentials

Mobile Electronic Payments (mPayments)

Withdrawal of Electronic Cash to Mobile Devices

Secure Delivery of Financial Documents Financial Transaction Authorizations

(Source: FSTC and BITS)



Mobile Financial Service Taxonomy: Scenarios

Mobile User to Financial Institution Mobile User to Physical ATM or PoS Terminal Mobile User to Cyber Merchant Mobile User to Mobile User



Mobile Communications: Options for Financial Service Delivery

via Immediate Proximity Communications (RFID, infrared) via Wireless LANS (e.g., 802.11) via Public Wireless Carrier via Intermediate System (e.g. POS system) via Mobile Platforms (cars, planes, trains)



Use of the Mobile Channel: The Observed As-Is (What the FIs See)

Customers not clambering for mobile finance- Low: Fewer than 1% of leading brokerages have rolled out wireless

services- High interest by PDA users; ownership 5% of which 25% interested- Low interest by cell phone users; ownership 39% of which 5%

interested- Pagers: small ownership 7%, low interest- Experience in Britain: Of the 3MM Britons with a WAP phone, only

100K signed up for WAP services- 590 millions GSM users worldwide - 30 Billion SMS messages;

projection - over 100 Billion SMS messages per month for the next two years

(Source: Gartner, Forrester)



Where We Stand/As-Is From Financial Institution’s Perspective

As far as the mobile channel is concerned:- Primary appeal is anytime, anywhere access to accounts- Lack of urgency plagues all devices- Most consumers not very interested, although they seem technologically

prepared- Most do not consider financial transactions urgent enough to execute on a

mobile device- Primary interest via traders - checking portfolios (Stock quotes #1); Low

priority: Loan and bill payments- WAMU - Use of wireless in branches

(Source: Forrester)



Factors Contributing to a Lack of Zeal for the Mobile Channel

In sum: Happiness with other channels; doubts about this one- Issues of service/connection quality - Device friendliness- Bandwidth constraints- Security holes and glitches- User expectations: criteria to use service: urgency, simplicity,

frequency- Privacy, Security - impact of losing cell phone, spoofing, ID theft- Usability - screen size- Cost of service



The Mobile Landscape From the Industry Perspective: Yet Immature

Lack of industry coordination - The necessary working arrangements between the equipment vendors, wireless carriers, software developers and financial institutions have yet to come together.

Competing technical approaches— 802.11 wireless LANs, 3G cellular, Bluetooth, and IrDA have overlapping capabilities, and increasingly compete in the marketplace.

Global scale— Financial services can no longer be restricted to national markets—just as users want their cell phones to work in every country, they will certainly expect their electronic wallets to work wherever they travel.

Immature mCommerce standards—mCommerce standards are even less well developed than eCommerce

Rapid product evolution—The pace of development in personal devices, makes it very difficult to build new mCommerce or mobile financial applications on platforms that are changing radically

Confused approaches to security— there is little industry agreement on where security functionality should reside, or who should be responsible for managing security at a systems level.

Delivering PKI services - slow to emerge … who will offer PKI services, or will there be overlapping PKI service realms?

Government impact on security developments— different governments may have radically different views on about how security gets deployed and utilized in mobile services

Jurisdictional concerns— complicated in a world where transactions can take place even while one party is traversing a border.



For Many Financial Institutions Today: Definitely a “Hold” Recommendation

Technology still immature- WAP - poor connections, difficult to use devices- GPRS impact not until 2004; low bandwidth- G2.5 available; G3 still in development - 16 times GPRS;

availability 5 years out.

Security, reliability, interoperability persist as issues No killer app No burning platform No competitive differentiation possible Unclear value proposition



The Coming Landscape

The mobile landscape will soon be changing. Service/connection quality and bandwidth will improve as GPRS networks

emerge, followed by G2.5 and G3. PDA-like mobile devices will provide greater computing capacity and ease of

use for mobile transactions. As hard drives, batteries, and global roaming capabilities expand, the promise

of anywhere/anytime computing will materialize. By 2010, for example, research firms estimate that large segments – some

say as high as 75% of European and American users – will carry wireless computing and telecommunications devices.



The Challenge Thing: What’s Possible, Practical, and Expectable



The Challenges That Remain: What will it take to get traction in mobile financial services?

Ubiquity of coverage (outdoor and indoor, rural and urban) High transmission rates (144kb/s per active end user, 300-400 kb/s for moving

(non-stationary) end-users Device agnostic (end-user) Interoperability among carriers – transparent, seamless services (application

look the same; service uninterrupted) End-to-end secure at the application level Support for mobile transactions – maintain service and session continuity Mobile apps should meet high-level wireless network performance

requirements – call blocking rate, call dropping rate, hand over failure rate, frame error rate: ALL < 1%

(Source: BITS)

Operating (Performance) Requirements for Mobile Financial Services:

Networks (Equally long list for: software and devices)



Why This is Hard: Five Pillars of Security

Authorization: Establish that the other party is authorized to use the credentials being presented – see first: registration; credentialing

Authentication: The ability for a party to utilize their credentials to confirm their authorization of a transaction – see, first: digital signatures

Integrity (message): The ability to prevent or detect modification of transactions after they have been authorized

Confidentiality (message): All financial transactions must be protected from unauthorized disclosure

Non-Repudiation: Detecting and preventing parties from denying their participation in transactions – see, first: logging, audit, forensics

(After we’re finished with this: Reliability, Interoperability, Consumer Acceptance…)



Summing Up: The BITS Group’s Challenge

“One important consequence of the security scenario described above is that the wireless network operator should permit an end-to-end security solution to be imposed at the mobile application level. The wireless network should not expose any transaction or identifying details of the information flows for secure end-to-end mobile applications. This means that the individual customer's identity, all transaction records, all password, and all authentication and authorization sequences should pass through the wireless carrier's network intact, without decryption. It should not be possible to record and decode this confidential information, either by listening to wireless channels with commercial radio frequency scanner, by tapping into wired portions fo the network operator's core network, or by recording packet sequences or information that is stored temporarily in gateways or switches that are part of the wireless network.”



Deconstructing Authentication/Gap Analysis: As-Is

It’s been defined, particularly in consumer purchasing: PIN/Password Somewhat restrictive and device dependent High security is device dependent, the least secure PIN is not device

dependent but is insecure An interruption of the experience of online buying, etc.– disruptive Overhead of managing certificate/ people ignore/ validity disappears/fatigue

sets in/no one cares Static state—“depth of our relationship is defined by this security level for this

particular transactions”

(Source: FSTC)



Authentication: To-Be

Ubiquitous Needs to be obvious to whoever needs to know it – can’t be an assumed

activity Needs to be seamless Needs to be evolutionary, dynamic negotiation of security levels for particular

transactions, needs to grow as the relationship between the two entities grow Must cover all players within the transaction (each member of the transaction

needs to be covered in the authentication)…each party, all parties to the transaction must be authenticated

Needs to be modular Needs to be extensible



Authentication: Gap

High overhead, requires too much maintenance, everything is password dependent; I have to manage the new account relationship

Levels of trust could be communicated across parties Problems in the chain of trust; different authentications; how do you pass that

trust around; risk of illigitimate/incorrect/mis-authentication



Authentication: Action

Build a system that will be a single source authentication system that is secure Manage the scaleable distributed delegation of trust Create a protocol between that allows the negotiation of a security or trust

level for a particular transaction type Put a standard API around it …expose that to a web services API for

authentication and authorization



Authentication: Benefits

Methodology reduces cost prohibitive nature of authentication Increases reliability/interoperability of authentication Leverages existing and future authentication capability Allows delegation of authentication and authorization



Why This is Hard: Bringing the Five Pillars Together WITH Interoperability

Provides secure authentication services, accessible at the end points of the network, not built into the network

Can work over unreliable, insecure networks

Can be accessed by any number of devices, ranging from ID RF Tags, to palm devices, to PC's, to servers

Can support a number of autonomous and distributed, but trusted, authentication services that can interoperate and cooperate- the authentication services include: certifying various attributes of both personal and

corporate profiles, as well as electronic documents

Assures that the information and certification is handled, transmitted, shared and stored according to the FTC privacy principles

Imagine a Statement of Work….To Implement, Test and Validate an Authentication and Security Framework for Mobile Financial Services That:



…not finished yet: SOW continued

Where the certification of a single individual or corporation can split their attribute certification across different authentication services (e.g. enrolled college student - university; bank account – financial institution; health - doctor)

The system is robust and able to operate under denial of service attacks, viruses, system failures, etc.

That system risks and compromises are manageable

Where system is technology neutral - not dependent upon any particular authentication technology or encryption technology, but can support all current prevailing models and accommodate future technologies

(Source: FSTC)



The Promise Thing: Where FIs See This Thing Headed – Compared to Everything Else They Have To Worry About



“Although no one can predict with certainty which innovations will succeed and which will fail, certain attributes can provide insights into their likelihood of success. The innovation is more likely to succeed if:

– The channels it opens up are heavily used, is experiencing high growth, but [e.g.,payments] over the channel are not yet established.

– The innovation addresses current shortcomings.– The innovation is perceived to offer value.– The technology and business innovations are intuitive to use

and does not require behavioral change.– The technology is not overly costly or complex to

implement.

Evaluating and Comparing Competing Alternatives for FI Attention and Investment

Dan Schutzer of Citigroup/FSTC:



More…

Contact:

Zachary TuminEXECUTIVE DIRECTORFinancial Services Technology Consortium44 Wall Street, 12th Fl.New York, NY 10005www.fstc.org [email protected] V: 914-576-7629F: 978-336-8302