A Simple and Secure Banking Solution through M-Wallet in context of Bangladesh

Abstract
Now-a-days billions of inhabitants of Bangladesh are connected through mobile networks. But the commercial sectors like banking, insurance and share markets have yet not been adopted broadly in mcommerce technology. A limited number of banks provide some sms banking facilities to their clients. In this paper, an m-banking system is proposed through m-wallet service. The proposed system, m-wallet means mobile wallet i.e. electronic wallet in mobile phone. This proposed wallet system provides different types of banking services such as checking statements, summary of different accounts like current account, card account, deposit account, loan account, utility bill account, micro payment, fund transfer, bill payment, blocking cards, location based service, general information services and different types of alerts to its user. The proposed system has integrated various services of different banks in a single platform. Using this proposed wallet system; user can access their multiple bank accounts easily and securely. Another objective of this paper is ensuring security in m-banking transactions through m-wallet. Index terms: M-banking, M-wallet, E-banking, WAP banking, SMS banking, micro payment.

I. INTRODUCTION
Mobile banking (M-Banking) is a term used for performing balance checks, account transactions, payments etc. via a mobile device such as a mobile phone [5]. On the other hand wallet is a pocket case that generally made of leather which is used to keep money, credit cards, debit cards etc [13]. So mobile wallet also known as m-wallet is an electronic wallet by which user can access their bank accounts, see the statements, pay utility bills, micro payment, fund transfer and so on. This is one kind of m-banking where user can enjoy m-banking services of different banks in single wallet. This m-wallet system is proposed both in SMS and WAP because the physical world gradually becomes more and more integrated due to the vast development of information and communication technologies. In Bangladesh the numbers of GSM mobile subscribers are 58.36 million at the end of May 2010 while the number was 46.41 million at the end of May 2009 [11]. In our country, not only the price of mobile sets gradually decreases but also

the cellular operators are providing an acceptable call rate to the subscribers. Even in rural and Chittagong Hill Tract areas, the mobile network coverage has been made available. Day by day people accepts mobile not only their communication device but also an information transfer media which is highly necessary for their livelihood [1]. The price of both SMS and WAP (Per Kbytes) become cheaper than past. Now a day every mobile operator provides WAP services to their clients at cheaper rate which was completely unbelievable few years ago. Mobile internet takes an important part among the mobile users. Now everybody can easily browse the whole world using their mobile phone. On the other hand, most of the developed foreign countries have already implemented the m-banking system successfully. By this, their people can easily check their different bank accounts, fund transfer from one to another account, credit transfer, bill payment, buy tickets in bus, train and airlines, book hotels and also enjoy so many services [10]. Now its our turn to serve our people through m-wallet.

II. EXISTING SYSTEM

In Bangladesh, several private banks have introduced the facilities of online banking, phone banking and at last SMS banking with too limited services. For example, Standard Chattered Bank Ltd, IFIC Bank Ltd, Islamic Bank Ltd provides informative services to their clients [2]. These systems are built according to Bank-focused business model where specific bank provides account related informative services. No transactional service is included yet. All services are given via SMS. In 2008, a paper based on sms based m-banking was published in ICCIT [2]. At first that model tries to implement the real time system using mobile phone modem that is not the permanent solution for m-banking because mobile phones that include GSM modem cant give the long run service. A GSM modem can handle maximum 6 sms per minute. So the system will be collapsed when more and more service requests come per minute and modem fails to deliver services to the users. The architecture given on that model is impractical due to several reasons. First, the overall architecture has no layers. Though it follows server-client architecture, the application server of the system is in one PC. As a result there is no load balancing and system will become slow in handling huge amount client requests. Second, the registration process that the model offered was not secured because user sends their account number and password via SMS for registration and this SMS is saved in the sim and mobile phone. If the password is registered and user forgets to remove the sms from both sim and mobile phone then users password will easily be hacked, which is

very much harmful specially for balance transfer and other short banking transactions. Third, the request which is sent to the server is not encrypted so in the transmission media, there is a chance of hacking data. Fourth, for registration that model proposed account number but not specify the account type and the system only checks the validity of the account number. As a result if any user has different types of account such as current, deposit, loan, card, utility bill accounts and user sends registration requests from different mobile number using his different types of account numbers then there will be a possibility of multiplicity of user under single account holder. Fifth, in that proposed model, when user sends account number and password to the bank server for registration, the bank server only validates the account number but doesnt validate mobile number from where the request has been sent, either this mobile number is owed by the user or not. As a result, if user claims that the registered mobile number for mbanking services isnt owed by him or any other different cases then bank will fall in trouble. Sixth, user creates their password in the registration module of that model, but no exception handling was described when the sender password was already exists or created by another user. Mass users are non-IT people and they have very limited knowledge in creating secure and strong password. Other side for banking system needs secure and strong password. As a result users generally create ordinary passwords which are common among the users and password already exists exception occurs that makes user bored and dismays the user in using m-banking system. Finally, that registration module needs only account number and password which are very much insufficient for secure m-banking registration and the major bug in that registration module is one people can register another people account. Users cant access multiple bank accounts using the existing system. If any user has multiple bank accounts and wants to get m-banking services of those banks then user has to register separately in those banks for service and also pays fees separately for them. Banks deliver pin numbers to users. Its difficult for him to maintain multiple pin numbers. User also feels hazard to use m-banking services. Considering these issues, the proposed m-wallet based m-banking system tries to solve mentioned problems, integrate m-banking services of different banks, reduces customers hesitation, ensures banking transactions security and improves customers satisfaction.

III. PROPOSED SYSTEM

The proposed m-wallet system follows Non-bank-led business model where bank does not come into the focus and the telecommunication company come to the front to the clients and provides different mbanking services. So that mobile users can access multiple banks from single system using single gateway. This will improve user friendliness and satisfaction. Users dont get bored and also get much pleasure using the proposed m-wallet system. The proposed wallet system will be implemented between telecommunication company and banks. Here the telecom company provides the proposed m-wallet services with the help of banks where banks stay on back end of the proposed system. At first it is suggested that, telecom company and banks come under an agreement that they want to deliver their mbanking services through telecom company using the proposed m-wallet service which will be an important customer service among any other customer services such as voice service, sms service, group sms, phonebook, chat etc. As a result the m-banking services are integrated into one wallet and user can easily access their multiple bank accounts. Then user, who wants to enjoy this service, has to register himself in the telecom companys official web site. In the web site, there will be a menu for proposed mwallet system where a registration form exists for user registration. The m-wallet services will be available in both SMS and WAP. It is proposed WAP service with SMS because now WAP is cheaper than SMS and SMS has some limitations such as one SMS contains only 160 characters which price may be 50 paisa to 1 taka in some cases. On the other hand, 1 Kbytes contains 986 characters that price is only 2 paisa and maximum mobile operators of Bangladesh now deliver WAP service to their customers. So its possible to provide more information using WAP than SMS. The proposed m-wallet system is designed according to three-tire server-client architecture so that there is equal load balance among the layers. The proposed system architecture is given in Figure: 1. In this proposed architecture there are three layers. The proposed system architecture is described bellow: (A) Data Storage: Data Storage is one of the most important modules of the proposed m-wallet system. This module describes how to store and retrieve data from data storage. Data storage module has three parts. They are: (i) Main Database: Main database is the banks central database which contains its all customers detail personal and account

information. (ii) Proxy Database: Proxy database is the miniature of the main database that is maintained by the telecom company. In the

Figure 1: Proposed system architecture

proposed system, proxy database is proposed because it protects and hides the main database form the whole system. As a result the main database is totally saved from unpleasant accidents. (iii) Data Transfer Application: Data transfer application is an application part of data storage module which is used to create high speed communication link among telecoms proxy database and main databases of different banks. When any change occurs in any banks database then data transmission application upgrades the proxy database with necessary information and vice versa. (B) Data Access Layer: In the proposed system, data access layer is known as data web service server. It is called data web service server because web service technology is used in this layer. Data web service server has connections with proxy database and business logic layer which is known as m-banking server in the proposed m-wallet system. Only data web service server can communicates with database. When requests come from mbanking server, data web service server sends them to the proxy database. Then proxy database process the queries and sends the query results to the data web service server. Next, data web service server delivers result set to the business logic layer that is known as m-banking server. (C) Business Logic Layer: In the proposed system, business logic layer is known as m-banking server that handles requests of clients and gives appropriate responses to clients. It has generally three parts. First one is SMS handler that

handles SMS requests, second is WAP handler that handles WAP requests and the third part is m-wallet service (web part) that is included in the telecom companys official website. (D) Presentation Layer: Presentation layer of the proposed m-wallet system is in clients mobile phone as one of service items of telecom company. This service will be activated only and only after valid proposed m-wallet system registration. In the proposed system architecture, it is suggested that the presentation layer, m-banking server, data web service server and proxy database are maintained by telecom company and data transfer application and main database are maintained by banks. The proposed features for the proposed m-wallet system are checking current account statement, checking card account statement, blocking stolen or lost cards, checking deposit account statement, viewing deposit and withdraw rules, checking loan account statement, viewing loan rules, micro payment, fund transfer, checking utility bill account statement, utility bill payment, location based service, providing general information and alert on account activity. Here, micro payment means the transfer of money from someones one type of account to another type of account such as transfer money from ones current account to his card account or deposit account or loan account and fund transfer means transfer an amount of money from ones current account to anothers current account within same bank or among different banks. To enjoy the proposed m-wallet system from users mobile phone, user has to register himself as proposed m-wallet system account holder. The proposed registration form for account holder registration of the proposed m-wallet system is given in the Figure: 2. At first, user must open the telecom companys official web site whom provides m-banking services using proposed m-wallet system. Then user will find an option named m-wallet in the menu. Then user will go in the mentioned option and there user will find a registration form for the account holder of the proposed system. In the registration form, user will enter his mobile number of this telecom operator for enjoying the m-banking service. Then user will enter his national id card number. It is proposed to give users only national id card number than passport number or driving license number because both now a days banks and telecomm company have their clients national id card numbers as primary keys. There is another reason of proposing it is to increase the

realization of importance of national id card among Bangladeshi people. Passport number or driving license number can be proposed but they cant be done because some people have either passport or driving license or both. As a result they equalize these with national id card and give same priority but

Figure 2: Proposed registration form for m-wallet system

national id card has more higher priority than these. In fact, national id card is the unique id of the citizen of Bangladesh and it is badly needed for doing anything such as for making passport, driving license, opening bank account, buying sim card from telecom operator etc. So any other number like passport number or driving license number lies under national id number. In future, Bangladesh government is going to make a citizen database. As a result one can get his detail information using national id card number. Next user will enter his valid email address, select banks from list and enter account type and number. Then he will enter security question and answer. After submitting the registration form, the server will check his national id card number either it exists in their client list or not, his mobile number either the mobile number is his registered sim under the national id card number or not, either the national id card number holder is already a m-wallet account holder or not using this mobile number or other mobile numbers. If invalid, the registration process will be stopped and server will send an invalid notification to the user. If valid then server will validate his email address, check his banking information under his national id card number with the help of banks. If valid then server will register the user as proposed mwallet service account holder and send him positive notification and his pin number. Otherwise server will send him negative notification.

3.1 Security Issues of Proposed System

In the proposed system, it is tried to ensure better security than any other proposed system. Now the security issues of the proposed system are discussed layer by layer.

At first the discussion is started from presentation layer. In the presentation layer, an application will be developed which is included in the telecom companys service option. For proposed SMS services, when user will send request to the server, the request will be encrypted and no request will save in users mobile phone inbox and the responses that will come from the server also encrypted which will be decrypted by the application and display it to the user. For proposed WAP services, every security techniques that are used for internet security are used in the proposed m-wallet system. In the business logic layer, the information will exchange securely with data access layer and presentation layer. The information that will come from the presentation layer will encrypted that will be decrypted later and send information to the data access layer as WSDL(Web Service Definition Language) which is in XML binding format using secured SOAP protocol and vise versa. It is the web service client. In the data access layer, information that will come from business logic layer in XML format via SOAP protocol. It is the web service provider. SOAP protocol is proposed to use because SOAP protocol uses XML encryption, digital signature and certificates [6]. In the data storage module, proxy database is used for best database security because it protects query injection, can filter queries coming from client end, can balance load among servers [4]. In every real time server has data failover protection. For this providers maintain primary server and secondary server in case of data and system failover. So the proposed system will be safe in case of data or system failure. For fund transfer process, the proposed system checks the money laundering rules of Bangladesh.

IV. IMPLEMENTATION
The proposed system has some algorithms for different services. Among them, the algorithm of fund transfer from one current account to another current account in same bank is given bellow: 1. User sends a request for fund transfer that contains request code, bank id, pin number, person 1 current account number, person 2 current account number, transferable amount. 2. System receives the request and start processing for giving response. 3. System checks the whole request either it is in valid format or not and either it contains all necessary parameters that is required for request processing. 4. If the request is invalid, system sends an error message to the user.

5. Otherwise, system then checks bank id and pin number. 6. If any of them (bank id or pin number) is invalid, system sends an error message to the user. 7. Otherwise, system checks the pin number either it is active or not. 8. If the pin number is inactive, system sends an error message to the user. 9. Otherwise, system checks both person 1s current account number and person 2s current account number either they are valid or not. 10. If any of them is invalid, then system sends an error message to the user. 11. Otherwise, system checks both person 1s current account number and person 2s current account number are active or not. 12. If any of them is inactive then system sends an error message to the user. 13. Otherwise, system checks the current balance in person 1s current account either it is sufficient for transfer. 14. If not sufficient, system sends an error message to the user, 15. Otherwise, then system checks the minimum and maximum transfer limit for person 1s current account. 16. If out of transfer limit, then system sends an error message to the user. 17. Otherwise system transfers the transferable amount from person 1s current account to person 2s current account. 18. Then system notifies both person 1and person 2 that the transferable amount is successfully transferred and request to check their current account statement. In the proposed system, for proxy database part in the data storage module, MySQL and its proxy features are used. A base engine for m-banking services using store procedures is made. A stored procedure is a procedure that is stored in the database. A stored procedure is fast and is a proven technology. Stored procedures are portable [3]. MySQL Proxy is a binary application standing between one or more MySQL clients and a server [4]. In the data access layer, the database web service using SOAP protocol is used. A Data Access Layer (DAL) is a layer of a computer program which provides simplified access to data stored in persistent storage of some kind, such as an entity-relational database and a Web Service is a software component

that is described via WSDL and is capable of being accessed via standard network protocols. It can be accessible through a web server that provides functionality through a standardized set of interfaces. In the business logic layer different business logics and policies are applied in the system. In the business logic layer a sms api named SMSLib [9] is used for sending and receiving sms. A GSM modem named MobiData is used for SMS services. It is used only for testing not for real time use. SMPP (Short Messaging Peer to Peer) protocol is proposed for SMS services in the proposed m-wallet system. In the presentation layer, J2ME is used to develop a secured mobile application for proposed m-wallet system that is used by the m-wallet account holders. The graphical user interface of the proposed m-wallet given in Figure: 3. In Figure: 3, there is a list of telecom companys services. The proposed m-wallet service from the telecom company will be enabled after proper registration.

Figure 3: Service list of Telecom Company

Using the proposed m-wallet, the graphical user interfaces of checking current account history are given from Figure: 4(a) to Figure: 4(f). In the Figure: 4(a), there are options for selecting type of service media (sms or wap). After selecting the type e.g sms, the user interface given in Figure: 4(b) will appear. There is a list of banking services. In Figure: 4(c) there is a list of account types. For checking current account, user has to select the current account from the list given in Figure: 4(c). After selecting current account, a form will be displayed that is given in Figure: 4(d). User will fill the form and send it to the server. The sending process is shown in Figure: 4(e). After that, server delivers his/her current account mini statement and the statement is given in Figure: 4(f).

Figure 4(a): Front page

Figure 4(b): List of services

Figure 4(c): List of account types

Figure 4(d): Form of checking Figure 4(e): Sending request Figure 4(f): Mini statement of current account statement current account 4.1 Experimental Results & Comparative Study
The proposed system has been tested layer by layer. The success and failure rate of each layer is given in Table I where as the success and failure rate of previously proposed sms based m-banking system is given in Table II [2]. The success rate and failure rate are measured using the following equations: Success Rate = (Total no of Success / Total no of sample input)*100) % Failure Rate = (100 Success Rate) % Accuracy Rate = (100 Failure Rate) % From Table I and Table II, it is seen that the average success rate of the proposed m-wallet system is 97.10% where the success rate of the previously proposed sms based m-banking system is 93.18%. The success rates of every layer of the proposed m-wallet system are also higher than the success rates of every module of the previously proposed sms based m-banking system.

TABLE I: Success and Failure Rate of M-Wallet system

Layers Data Storage Data Web service Server M-Banking Server Presentation Layer Average Success Rate 96.55 % 97.48 % 96.97 % 97.39 % 97.10 % Success Rate 90.78 % 91.58 % 95.89 % 94.66 % 93% 93.18 % Failure Rate 3.45 % 2.52 % 3.03 % 2.61 % 2.90 % Failure Rate 9.22 % 8.42 % 4.11 % 5.34 % 7% 6.82 %

TABLE II: Success and Failure Rate of SMS based m-banking system
Modules Interfacing Module SMS Technology Adoption SMS Banking Registration Module Service Generation Module Data Failover Module Average

V. CONCLUSION
Though SMS banking in Bangladesh has just been started but this telecom integration with banking is not yet in full motion. So in this paper, an idea is discussed to develop a secured SMS and WAP based mobile

banking system for 24 hours banking, which helps customers stay on top of any recent changes made in their current, deposit, loan, cards, utility bill account through SMS and WAP. One of most attractive feature of the proposed m-wallet system is that user can access their multiple bank accounts, securely transfer money from one account to another of same bank without attending the bank physically and also securely transfer fund form ones current account to another of same bank and different banks. The limitation of the proposed m-wallet is the network speed between the data transfer application and proxy database and it will be overcome properly by implementing data mining techniques efficiently.

REFERENCES
[1] Md. Mahfuz Ashraf, Shusmita Haque, Short messaging service as a Business to Customer marketing tool: A proposed model in context of Bangladesh, ICCIT-2005, IUT, Dhaka, Pages 1202-1207. [2] Md. Subrun Jamil, Fouzia Ashraf Mousumi1, Short Messaging Service (SMS) Based m-Banking System in context of Bangladesh, ICCIT-2008, KUET, Khulna, Bangladesh. [3] Peter Gulutzan, MySQL 5.0 Stored Procedures, MySQL 5.0 New Features Series Part 1, A MySQL Technical White Paper, March 2005 [4] Giuseppe Maxia, Getting Started with MySQL Proxy, 7th December 2007 [5] Mobile banking, available at: http://en.wikipedia.org/wiki/M-banking, accessed on: 16thJanuary, 2010 [6] Real SOAP Security by Matt Powell, Microsoft Corporation, 21st November 2001, available at: http://msdn.microsoft.com/en- us/library/aa480522.aspx accessed on: 19th February, 2010 [7] Exposing a Database as a Web Service, available at: http://www.developer.com [8] SMS Tutorial, available at http://www.developershome.com /sms, accessed on: 21st February, 2010 [9] SMS API for java platform, available at: http://www.smslib.org accessed on: 21st February, 2010 [10] Existing foreign services, available at: http://www.c-sam.com, accessed on: 21st February, 2010 [11] Mobile Phone Subscribers in Bangladesh, available at: http://www.btrc.gov.bd/newsandevents/mobile_phonesubscribers, accessed on: 19th May, 2010 [12] Grameenphone internet packages, available at: http://www.grameenphone.com /index.php?id=227, accessed on: 7th April, 2010 [13] Wallet from Wikipedia, the free encyclopedia, available at: http://en.wikipedia.org/wiki/Wallet, accessed on: 7th April, 2010