secure branchless banking ashlesh sharma lakshminarayana subramanian dennis shasha a presentation by...
TRANSCRIPT
Secure Branchless BankingSecure Branchless Banking
Ashlesh Sharma Lakshminarayana Subramanian Dennis Shasha
A Presentation by N. Venkatesh A Presentation by N. Venkatesh
A Paper by
at
The ProblemThe ProblemLow banking access in rural areas due to:
Large distancesLarge distancesSparse populationSparse populationPoor transportPoor transportMost transactions of low valueMost transactions of low valueHigh cost of deliveryHigh cost of delivery
Low financial security – need to store cash and take credit from alternative private sources
Alternative channels are unscrupulous and prove to be debt traps
One Common Theme: the unscrupulous money lender!!
Financial Exclusion in IndiaFinancial Exclusion in India
• Farmer households – 90 million, of which 51.4% don’t have access to any credit
• Only 27% get credit from formal sources• Among those with income <Rs. 50K p.a. only
15% avail loans• Only 40% of all Indian households have bank
accounts• Bank to customer ratio: 1:16000• RBI is encouraging banks to open branches
in unbanked areas
Barriers to Financial InclusionBarriers to Financial Inclusion
Legal identity proof – voter ID, PAN Cards, BPL cards etc difficult to obtain
Limited literacy + awareness Low income Terms and conditions set by banks Complicated processes Psychological & cultural barriers
Measures for InclusionMeasures for Inclusion• Could be regulatory/ voluntary• UK – Financial Inclusion Task Force – provides
for no-frills banking, credit and money advice• US – Community Reinvestment Act (CRA) –
prohibits discrimination against small account holders (min bal=$0.10)
• India – Khan Commission (2004), extending banking network through business correspondents (i.e. agents appointed by banks)
Branchless Banking SolutionsBranchless Banking Solutions Bank network can be enlarged through
agents Consumers prefer ease of use over rich
functionality – ‘no-frills banking’ Increasing (albeit slowly) mobile phone
penetration in rural India UID implementation rich source for KYC Security is a key requirement of any solution Farmer-Shopkeeper-Bank (FSB) protocol to
provide for secure deposits & withdrawals
A Simple Rural Banking ScenarioA Simple Rural Banking Scenario
• Bank assigns shopkeeper in village as its agent – acts as gateway for financial transactions
• Farmer needs to open account in Bank by visiting it once, deposits & withdrawals remotely using shopkeeper & mobile phone
• Farmer goes to shopkeeper for withdrawals & deposits. Money transfers etc can be built on this model
• Transaction can be carried out on shopkeeper or farmer’s mobile but SHOPKEEPER DIALS
Security Protocol RequirementsSecurity Protocol Requirements
Transactions at bank are the same as ones that shopkeeper & farmer agree as having taken place
Should prevent cheating by shopkeeper, farmer or third party
Should allow people who cannot read any text except numbers to securely transact
Intuitive and verifiable Scale to support large user set at low cost
Shopkeeper RegistrationShopkeeper Registration• Registers as agent with bank, gets name and
unique number• Bank records shopkeeper’s voice-print – unique
number and name• Bank gives random number sequence Ns= Ns1,
Ns2…….. Nsn to shopkeeper• Ns is a secret between Bank and shopkeeper• Contained in scratch card based check book
used by shopkeeper to reveal Nsj after every transaction
• Check book has carbon copy to be retained by shopkeeper after every transaction
Farmer RegistrationFarmer Registration• Opens account with bank, gets name and unique
number• Bank records farmer’s voice-print – unique number
and name• Bank gives three random number sequences or
nonces X= X1, X2…….. Xn, Y= Y1, Y2…….. Yn, Z= Z1, Z2…….. Zn, to farmer
• Numbers are secret between Bank and farmer• Contained in scratch cards• When farmer needs Xi, Yi or Zi he will scratch a card
to reveal them• ASSUMPTION : shopkeeper & farmer can keep
secrets! If numbers are stolen voice print provides a defense but is subject to dispute resolution
How Farmer Withdraws MoneyHow Farmer Withdraws Money• Farmer gives Xi to shopkeeper• Shopkeeper dials bank, enters Xi, farmer id, his own
id and his Nsj • Bank checks nonces, ids and returns Yi as voice
response for farmer to verify. If it does not match, shopkeeper may not have dialled bank. If shopkeeper dials stale Xi, bank terminates transaction
• Farmer enters amount and Zi this adds protection layer if shopkeeper dials accomplice to steal Xi
• Bank gives voice response with transaction type, amount, date/time, farmer id & shopkeeper id
• Shopkeeper gives amount to farmer
How Farmer Withdraws Money – 2How Farmer Withdraws Money – 2• Farmer speaks his voice print, transaction
type, amount, date/ time, his name and shopkeeper name
• Bank compares voiceprint and accepts if it matches, else it rejects transaction
• Farmer signs receipt containing Nsj
• Shopkeeper gives original receipt to farmer, retains copy
• Physical copy proof of the transaction
How Farmer Makes DepositsHow Farmer Makes Deposits Steps till handing of money same. In this case, farmer
gives money to shopkeeper Shopkeeper speaks his voice print, transaction type,
amount, date/time, farmer’s name, his own name In deposits, we do not need farmer to speak,
shopkeeper’s voice print is to protect him against stolen nonces being used in phantom deposits
Shopkeeper provides receipt to farmer containing his nonce Nsj
Comment: Multiple nonces for illiterate farmers is a complex task
With some modifications, protocol can provide for peer to peer transfer and utility bill payments
Security Guarantee forSecurity Guarantee for BankBank
Nonces provide secure channel Voiceprint for dispute resolution
(between farmer & shopkeeper) Bank cannot fake transaction as it must
store voice in report of transaction Receipts provide physical evidence of
transaction Shopkeeper and farmer can record the
conversation with the bank
Internal ThreatsInternal Threats• S to B – S knows he is transacting with B since he
has dialled B’s no. B knows S since he has provided Nsj
• F to B – B verifies F through Xi and F verifies B through voice response & Yi
• S to F – Bank identifies shopkeeper and farmer in its voice out message
• S faking withdrawal not possible – needs F’s nonces
• F faking deposit not possible – needs S’ nonces• S & F collude – Zero sum game for bank
External ThreatsExternal Threats• Eavesdropping – GSM uses A5/1 7 A5/2 stream cipher.
Even if nonces are known through decrypting they cannot be reused
• Spoofing – SIM/ IMSI can be spoofed, spoofer would still need nonces
• Bank cannot be spoofed since it also has to provide correct nonce Yi
• Detecting voice traffic and inserting fake information like amount is time consuming and has not been done before
• If imposter steals all three nonces (X,Y,Z) he cannot complete transaction without voiceprint
• There will also be no signature on receipt (Comment: many farmers may use thumbprint, shopkeeper cannot verify genuine F from bogus F)
• Correlating waveforms of voiceprints in frequency domains is not legally tenable
Existing SolutionsExisting Solutions• M-PESA (Kenya), G-Cash (Philippines), Wizzit
(South Africa)• Allow peer to peer money transfer, deposits,
withdrawal, utility bill payments• Limited or no interaction with banks• Wizzit uses USSD, M-PESA uses USSD for initiating
transaction, G-Cash only uses SMS. • USSD more secure than SMS as it does not store
data on phone but uses plain text. FSB uses voice+ nonce to create secure channel
• SMS use in M-PESA & G-Cash easy to use, FSB uses similar keying method
• Final Comment: FSB under development, could not find any subsequent work on the subject. Utility is doubtful.
Developments in IndiaDevelopments in India• IMG constituted in Nov’09 for ‘no-frills banking,
submitted report in Mar’09• Key players – Banks, MSP, Post Offices, BCs, UIDAI,
NPCI• BC/ sub agent plays the role of shopkeeper, needs to
be associated with designated base bank branch, can provide basic banking services for all banks
• No frills account opened by banks. Mobile is only the medium, loss of phone/ SIM will not lead to loss of money
• Max transaction value – 5000/day, 25000/month• Transactions independent of service providers• Allowed transactions – balance enquiry, deposit cash,
credit under NREGS, withdraw cash, peer to peer transfers
Infrastructure ComponentsInfrastructure Components
• UIDAIUIDAI – authentication of bio-metrics through finger print reader on micro-ATMs
• BanksBanks – Core banking solutions• REMITREMIT – real time micro transactions switch for
transaction routing• Account MapperAccount Mapper – table with three attributes,
UID, Bank Account No (including bank routing no.) and mobile no. Given UID/ mobile, it extracts account no
• INFASTINFAST – Inter-operable Infrastructure for Accounting Small Transactions – limited version of CBS to accelerate transactions
• Micro ATM/ Mobile PoSMicro ATM/ Mobile PoS – with BC
Pre-UID Account OpeningPre-UID Account Opening
Post-UID Account OpeningPost-UID Account Opening
Deposits using mobileDeposits using mobile
Deposits using UIDDeposits using UID
Withdrawals using MobileWithdrawals using Mobile
Withdrawals using UIDWithdrawals using UID
Thank YouThank You