1 / 26

Secure Branchless Banking

The Problem. Low banking access in rural areas due to:Large distancesSparse populationPoor transportMost transactions of low valueHigh cost of deliveryLow financial security ? need to store cash and take credit from alternative private sourcesAlternative channels are unscrupulous and prove

edolie
Download Presentation

Secure Branchless Banking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Secure Branchless Banking Ashlesh Sharma Lakshminarayana Subramanian Dennis Shasha

    2. The Problem Low banking access in rural areas due to: Large distances Sparse population Poor transport Most transactions of low value High cost of delivery Low financial security – need to store cash and take credit from alternative private sources Alternative channels are unscrupulous and prove to be debt traps

    4. Financial Exclusion in India Farmer households – 90 million, of which 51.4% don’t have access to any credit Only 27% get credit from formal sources Among those with income <Rs. 50K p.a. only 15% avail loans Only 40% of all Indian households have bank accounts Bank to customer ratio: 1:16000 RBI is encouraging banks to open branches in unbanked areas

    5. Barriers to Financial Inclusion Legal identity proof – voter ID, PAN Cards, BPL cards etc difficult to obtain Limited literacy + awareness Low income Terms and conditions set by banks Complicated processes Psychological & cultural barriers

    6. Measures for Inclusion Could be regulatory/ voluntary UK – Financial Inclusion Task Force – provides for no-frills banking, credit and money advice US – Community Reinvestment Act (CRA) – prohibits discrimination against small account holders (min bal=$0.10) India – Khan Commission (2004), extending banking network through business correspondents (i.e. agents appointed by banks)

    7. Branchless Banking Solutions Bank network can be enlarged through agents Consumers prefer ease of use over rich functionality – ‘no-frills banking’ Increasing (albeit slowly) mobile phone penetration in rural India UID implementation rich source for KYC Security is a key requirement of any solution Farmer-Shopkeeper-Bank (FSB) protocol to provide for secure deposits & withdrawals

    8. A Simple Rural Banking Scenario Bank assigns shopkeeper in village as its agent – acts as gateway for financial transactions Farmer needs to open account in Bank by visiting it once, deposits & withdrawals remotely using shopkeeper & mobile phone Farmer goes to shopkeeper for withdrawals & deposits. Money transfers etc can be built on this model Transaction can be carried out on shopkeeper or farmer’s mobile but SHOPKEEPER DIALS

    9. Security Protocol Requirements Transactions at bank are the same as ones that shopkeeper & farmer agree as having taken place Should prevent cheating by shopkeeper, farmer or third party Should allow people who cannot read any text except numbers to securely transact Intuitive and verifiable Scale to support large user set at low cost

    10. Shopkeeper Registration Registers as agent with bank, gets name and unique number Bank records shopkeeper’s voice-print – unique number and name Bank gives random number sequence Ns= Ns1, Ns2…….. Nsn to shopkeeper Ns is a secret between Bank and shopkeeper Contained in scratch card based check book used by shopkeeper to reveal Nsj after every transaction Check book has carbon copy to be retained by shopkeeper after every transaction

    11. Farmer Registration Opens account with bank, gets name and unique number Bank records farmer’s voice-print – unique number and name Bank gives three random number sequences or nonces X= X1, X2…….. Xn, Y= Y1, Y2…….. Yn, Z= Z1, Z2…….. Zn, to farmer Numbers are secret between Bank and farmer Contained in scratch cards When farmer needs Xi, Yi or Zi he will scratch a card to reveal them ASSUMPTION : shopkeeper & farmer can keep secrets! If numbers are stolen voice print provides a defense but is subject to dispute resolution

    12. How Farmer Withdraws Money Farmer gives Xi to shopkeeper Shopkeeper dials bank, enters Xi, farmer id, his own id and his Nsj Bank checks nonces, ids and returns Yi as voice response for farmer to verify. If it does not match, shopkeeper may not have dialled bank. If shopkeeper dials stale Xi, bank terminates transaction Farmer enters amount and Zi this adds protection layer if shopkeeper dials accomplice to steal Xi Bank gives voice response with transaction type, amount, date/time, farmer id & shopkeeper id Shopkeeper gives amount to farmer

    13. How Farmer Withdraws Money – 2 Farmer speaks his voice print, transaction type, amount, date/ time, his name and shopkeeper name Bank compares voiceprint and accepts if it matches, else it rejects transaction Farmer signs receipt containing Nsj Shopkeeper gives original receipt to farmer, retains copy Physical copy proof of the transaction

    14. How Farmer Makes Deposits Steps till handing of money same. In this case, farmer gives money to shopkeeper Shopkeeper speaks his voice print, transaction type, amount, date/time, farmer’s name, his own name In deposits, we do not need farmer to speak, shopkeeper’s voice print is to protect him against stolen nonces being used in phantom deposits Shopkeeper provides receipt to farmer containing his nonce Nsj Comment: Multiple nonces for illiterate farmers is a complex task With some modifications, protocol can provide for peer to peer transfer and utility bill payments

    15. Security Guarantee for Bank Nonces provide secure channel Voiceprint for dispute resolution (between farmer & shopkeeper) Bank cannot fake transaction as it must store voice in report of transaction Receipts provide physical evidence of transaction Shopkeeper and farmer can record the conversation with the bank

    16. Internal Threats S to B – S knows he is transacting with B since he has dialled B’s no. B knows S since he has provided Nsj F to B – B verifies F through Xi and F verifies B through voice response & Yi S to F – Bank identifies shopkeeper and farmer in its voice out message S faking withdrawal not possible – needs F’s nonces F faking deposit not possible – needs S’ nonces S & F collude – Zero sum game for bank

    17. External Threats Eavesdropping – GSM uses A5/1 7 A5/2 stream cipher. Even if nonces are known through decrypting they cannot be reused Spoofing – SIM/ IMSI can be spoofed, spoofer would still need nonces Bank cannot be spoofed since it also has to provide correct nonce Yi Detecting voice traffic and inserting fake information like amount is time consuming and has not been done before If imposter steals all three nonces (X,Y,Z) he cannot complete transaction without voiceprint There will also be no signature on receipt (Comment: many farmers may use thumbprint, shopkeeper cannot verify genuine F from bogus F) Correlating waveforms of voiceprints in frequency domains is not legally tenable

    18. Existing Solutions M-PESA (Kenya), G-Cash (Philippines), Wizzit (South Africa) Allow peer to peer money transfer, deposits, withdrawal, utility bill payments Limited or no interaction with banks Wizzit uses USSD, M-PESA uses USSD for initiating transaction, G-Cash only uses SMS. USSD more secure than SMS as it does not store data on phone but uses plain text. FSB uses voice+ nonce to create secure channel SMS use in M-PESA & G-Cash easy to use, FSB uses similar keying method Final Comment: FSB under development, could not find any subsequent work on the subject. Utility is doubtful.

    19. Developments in India IMG constituted in Nov’09 for ‘no-frills banking, submitted report in Mar’09 Key players – Banks, MSP, Post Offices, BCs, UIDAI, NPCI BC/ sub agent plays the role of shopkeeper, needs to be associated with designated base bank branch, can provide basic banking services for all banks No frills account opened by banks. Mobile is only the medium, loss of phone/ SIM will not lead to loss of money Max transaction value – 5000/day, 25000/month Transactions independent of service providers Allowed transactions – balance enquiry, deposit cash, credit under NREGS, withdraw cash, peer to peer transfers

    20. Infrastructure Components UIDAI – authentication of bio-metrics through finger print reader on micro-ATMs Banks – Core banking solutions REMIT – real time micro transactions switch for transaction routing Account Mapper – table with three attributes, UID, Bank Account No (including bank routing no.) and mobile no. Given UID/ mobile, it extracts account no INFAST – Inter-operable Infrastructure for Accounting Small Transactions – limited version of CBS to accelerate transactions Micro ATM/ Mobile PoS – with BC

    21. Pre-UID Account Opening

    22. Post-UID Account Opening

    23. Deposits using mobile

    24. Deposits using UID

    25. Withdrawals using Mobile

    26. Withdrawals using UID

More Related