Mobile wallets enable users to securely store their personal
financial information, cards (debit, credit, prepaid, gift, loyalty), vouchers,
transit tickets and more in an organized form on their smart phone. It allows
users to view the cards, choose the payment method and card for a transaction
and also enables other commerce – related features (e.g. coupons, offers,
rewards, loyalty, product information, etc). But we cannot withdraw the cash
directly from the smart phone. This paper proposes such
a system which will connect your smart phone with your account to make a
transaction and a code generated can be used to withdraw cash from the nearest
ATM machine. Payment can be done directly to the merchant’s account by using
SMS based transaction or NFC enabled devices with the help of QR code
© 2015 The
Authors. Published by Elsevier B.V.
under responsibility of scientific committee of International Conference on
Advanced Computing Technologies and Applications (ICACTA-2015).
Keywords: Mobile Wallet; ; QR
code encryption; NFC
With this dramatic
increase in cell phone usage, large companies are certainly seeing dividends
paid off in terms of investment of time, money and man power in the mobile
space. On a consumer level, making payments on a mobile device is
certainly not a time consuming endeavor. Often times, folks find that
it’s easy, they can do it anywhere, and the point of sales is usually
eliminated. In other words, they are already going to buy the product,
the mobile platform just gives them a more convenient way of doing it.
Currently, companies such as Starbucks and
Dunkin Donut’s have introduced products which allow consumers to scan their
smart phone at the register, which automatically deducts moneys from their
credit or debit card. Large corporations such as Wal-Mart, Best Buy and
Target have recently formed a group called the “Merchant Customer
Exchange.” This is basically an application designed to create coupons,
rebates and loyalty programs for these three companies. In essence, if
you make a purchase on your “mobile wallet” at one of these three stores, you
could receive incentives to buy other items at the other stores. Companies
such as 7-11, Sears, Lowe’s as well as gas giants Shell and Sunoco have joined
forces on this as well.
Under developed countries don’t have these
facilities included in their area thus stopping them from doing banking in the
easiest way. Mobile Wallet can be used but if there is no internet connection
then it is useless. This can be done by using the SMS based encryption.
Mobile wallets are a fundamental building block of
Universal Commerce1. They let consumers effortlessly make purchases and conduct
business electronically—anytime, anywhere. Furthermore, mobile wallets can
support exciting new functionality that could never be offered by a leather
wallet—including automatic loyalty point redemptions and location-based
marketing offers. Mobile wallets promise to transform much more than just
payments: they provide a customizable platform for merchants and financial
institutions to create richer customer experiences and foster deeper client
with adopting of Mobile Banking
2.1.1 Economic Challenges: The rural population in India is spread across 600,000 villages,
each with a low transaction value. Profitability can only be achieved by large
volumes, requiring significant initiative from financial institutions. Unlike
the very successful M-PESA of South Africa, whose model has been very
successful due to the lack of alternative payments in South Africa, India does
possess some infrastructure in the forms of postal payments, reasonable
transport and local governments. Therefore, any mobile banking must be
inexpensive enough to be attractive for the end-customer over existing methods.
the RBI is supportive of mobile banking in India, there are many regulations
that are being put into place.
2.1.3 Restricted to
Financial Institutions: The guidelines state that only existing financial institutions and
banks are allowed to offer mobile banking. Although the guidelines cover
Microfinance Institutions (MFIs), significant economies of scale cannot be
achieved by these due to existing large fixed costs. For a very inexpensive
solution, it would have been more effective to allow non-profit organizations
or evangelical organizations to build their own MFI without being encumbered by
large existing infrastructure.
transactions must be done only in India’s national currency, the rupee. While
this may not be a threat in the beginning, this may pose a constraint for
interoperability between Indian mobile payments and the world. Also, it
excludes providers from the lucrative remittance market in India and limits
areas from which mobile operators can be profitable.
2.1.5 Existing Account
guidelines also state that only those having a valid bank account would be
allowed mobile banking. This limits the full potential of mobile banking to
extend micro-credit and bring banking to the large number of unbanked customers
has 18 official languages which are spoken across the country. The state
governments also are dictated to correspond in their regional language for
official purposes. Additionally, two-thirds of the population in India is
illiterate, creating difficulties in deployment of mobile banking solutions.
For a pan-Indian mobile banking solution, this will be cumbersome to overcome.
3. Near Field Communication
Field Communication (NFC) is a new short-range, standards-based wireless
connectivity technology that uses magnetic field induction to enable
communication between electronic devices in close proximity 7. Based on RFID
technology, NFC provides a medium for the identification protocols that
validate secure data transfer. NFC enables users to perform intuitive, safe,
contactless transactions, access digital content and connect electronic devices simply by touching or bringing devices into close proximity.
NFC operates in a frequency range
centered on 13.56 MHz and offers a data transmission rate of up to 424 kbit/s
within a distance of approximately 10 centimetres.
In contrast to the conventional
contactless technology in this frequency range (only active-passive
communications between NFC-capable devices can be active-active (peer-to-peer)
as well as active-passive, NFC therefore represents a link to the RFID world.
NFC is backwards compatible with the widely used Smart Card infrastructure
based on ISO/IEC 14443 A (e. g. NXP’s MIFARE technology) and ISO/IEC 14443 B as
well as with the Sony FeliCa card (JIS X 6319-4). For the exchange of
information between two NFC devices, a new protocol was developed which is
defined in the standards ECMA-340 and ISO/IEC 18092. The NFC Forum was founded
in the year 2004 by NXP, Sony and Nokia to harmonize the NFC technique and to
stimulate its deployment. The NFC forum develops specifications which ensure
interoperability of NFC units and services. All of the above mentioned
standards (ISO/IEC 14443 A, B, ISO/IEC 18092 und JIS X 6319-4/FeliCa) are
included. The NFC Forum certifies NFC units compatible to its specifications
from December 2010 onwards.
3.1 NFC Operating Modes
There are three main operating modes for NFC:
emulation Mode (passive mode): the NFC device behaves like an existing
contactless card conforming to one of the legacy standards.
mode: tow NFC devices exchange information. The initiator device (polling
device) requires less power compared to the reader/writer mode because the
target (listener) uses its own power supply.
mode (active mode) : the NFC device is active and reads or writes to a
passive legacy RFID tag.
4. Push and Pull Messages
SMS banking services are operated using both push and pull messages
3. Push messages are those that the bank chooses to send out to a customer’s
mobile phone, without the customer initiating a request for the information.
Typically push messages could be either Mobile marketing messages or messages
alerting an event which happens in the customer’s bank account, such as a large
withdrawal of funds from the ATM or a large payment using the customer’s credit
Another type of push
message is One-time password (OTPs). OTPs are the latest tool used by financial
and banking service providers in the fight against cyber fraud. Instead of
relying on traditional memorized passwords, OTPs are requested by consumers
each time they want to perform transactions using the online or mobile banking
When the request is
received the password is sent to the consumer’s phone via SMS. The password is
expired once it has been used or once its scheduled life-cycle has expired.
Pull messages are those that are initiated by the customer, using a mobile
phone, for obtaining information or performing a transaction in the bank
account. Examples of pull messages for information include an account balance
enquiry, or requests for current information like currency exchange rates and
deposit interest rates, as published and updated by the bank.
The bank’s customer is empowered with the
capability to select the list of activities (or alerts) that he/she needs to be
informed. This functionality to choose activities can be done either by
integrating to the internet banking channel or through the bank’s customer
service call centre.
QR Code Encryption
Quick Response codes,
commonly abbreviated as QR codes, started out as an extension of the standard
UPC barcode commonly used in retail and production. Unlike a 1-D barcode, a QR
code is a 2-D matrix code that conveys information by the arrangement of its
dark and light elements in columns and rows 4. The data in a QR code can be
accessed by taking a picture of the QR code and processing it with a QR code
reader. The QR code itself is simply an array of bits to be identified by a
scanner. Bits are reserved for the scanner to be able to identify and orient
the image, as well as for version and format information (Figure 1). The remaining
bits are used to encode the message, and the specific amount of available space
leftover is dependent on the version of the QR code, which indicates the number
of bits per row/column, and the level of error correction, which introduces
redundancy. The most information dense QR codes used today can store just under
3,000 bytes of raw data 6.
The first security
standard for QR codes is Encrypted QR codes, or EQRs. We will propose two kinds
of EQRs: Symmetric EQRs (SEQR) and Public Key EQRs (PKEQR)5.
In SEQRs we use a
symmetric encryption scheme where both the reader and the writer of the EQR
share a secret key. The encryption scheme is extremely straightforward: encrypt
the bits of the message using AES block cipher with the shared secret key. In PKEQRs
we use the RSA public key encryption scheme combined with AES, using a public
RSA key to encrypt the AES key and including the encrypted key in the message.
The only thing to note with these two methods is that the error correction bits
should correct errors on the encrypted message, not the message itself, in
order to avoid leaking information of the original message.
6. Proposed System
Mobile Wallets implemented till now
provide the facility of transferring money from one account to another. Despite
of using many encryption techniques, still there are some security issues
existing. To overcome the security issues and to do the transaction on the go
and offline, we propose this system which includes encryption techniques and
generating QR codes for security purpose, NFC technology for instant transfer
and offline service for payment. Following are the steps:
Subscriber Download m-wallet app in his smart phone.
Recharge his/her account by paying case to m-wallet
agent (just like recharge) or by transferring fund via net banking. Account
detail will be stored on cloud server.
needs to press update button in app to reflect new balance. Updating can be
done through internet or SMS where m-wallet app will send subscriber ID, device
ID, and user password through encrypted SMS and in return account detail and
encrypted key will be received from cloud server.
When subscriber wants to pay ‘X’ amount to merchant
he/she will press pay button and enter amount.
Based on last
update if amount is there m-wallet app will generate encrypted QR code with
latest key and deduct ‘x’ amount locally.
Merchant can scan this QR- code from mobile screen
using simple mobile camera. This QR code information will be sent to server
using MMS or internet push messaging service similar to whatsapp.
Server will verify key and
transaction detail, It will credit ‘x’ amount to merchants M-wallet by debiting
from user account and send updated info to both user and merchant.
This method does not require internet from consumer
side as it relies on SMS. Merchant side can also rely on SMS but we suggest
using push messaging using internet to do speedy transaction. In entire
transaction consumer just need to press pay and enter amount and merchant will
just scan QR code so transaction will complete within few second.
Merchant can transfer M-wallet amount to another
bank or use M-wallet amount to buy from some other merchant.
M-Wallet can now be used
for doing the payment on the go and this can be done with the collaboration of
strong technologies such as QR code and NFC. QR code generation is done by
encrypting the code by a key and then generating the QR code thereby increasing
the security. NFC enables two devices to quickly communicate with each other
without any delay. This ensures that the transaction won’t be delayed and the
results can be validated.
and Reference heading should be left justified, bold, with the first letter
capitalized but have no numbers. Text below continues as normal.
Appendix A. An example appendix
Authors including an appendix section should do so before References
section. Multiple appendices should all have headings in the style used above.
They will automatically be ordered A, B, C etc.
Example of a sub-heading within an
There is also the option to
include a subheading within the Appendix if you wish.
Vishal Goyal, Dr. U. S. Pandey and Sanjay
Batra, “Mobile Banking in India: Parctices, Challenges and Security
Issues”,International Journal of Advanced Trends in Computer Science and
Engineering, ISSN No. 2278 -3091, Volume 1, No.2, May – June 2012.
Rohde and Schwarz, “Near Field Communication
(NFC) Technology and Measurements”, Roland Minihold – 06-2011 1MA182_5e.
THE IMPACT OF PUSH AND
PULL MOBILE TECHNOLOGY ON BUSINESS DEVELOPMENT IN AFRICA, Erastus Thoronjo
0722330660 (Elite Research Consultant LTD).
QR Code Essentials. DENSO ADC. 2011. Web. 14 May 2014.
Kevin Peng, Harry Sanabria, Derek Wu and Charlotte Zhu, “Security
Overview of QR codes”, Massachusetts Institute of Technology, 6.857 Computer
and Network Security.
Kieseberg, Peter, M. Leithner, M. Mulazzani, L. Munroe, S.
Schrittwieser, M. Sinha, and E. Weippl. (2010). QR Code Security. Proceedings
of the 8th International Conference on Advances in Mobile Computing and
Multi-media, MoMM ’10. New York, NY, USA. ACM, pp 430-435.
Josef Langer, Michael Roland
“Anwendung und Technik von Nearfield Communication (NFC)”, Springer Verlag