Tuesday, October 9, 2012

USSD - Mobile Banking

USSD stands for Unstructured Supplementary Services Data 

Have you ever typed a code starting with an asterisk (*), number set, and hash (#) on your mobile?
If yes, then, knowingly or unknowingly, you have already been using USSD service. USSD is a communication protocol used to send text messages between a mobile phone and applications running on the network. It is a messaging service used in Global System for Mobile Communications (GSM) networks similar to SMS, where it sends data utilizing the signaling channel. However, unlike SMS which follows a store-and-forward oriented message transaction; USSD provides session-based connections. Because of its real-time and instant messaging service capability, USSD service is up to seven times faster and much cheaper than SMS for two-way transactions. It is a technology unique to GSM networks and is the standard for transmitting information over GSM Signaling Channels. USSD is as similar to speaking to someone on a phone as SMS is to sending a letter.

NEED FOR USSD

USSD is a highly cost effective and fast technology and is seven times faster in operating speed than SMS. USSD has several advantages as a bearer technology, such as:
  1. USSD provides a cost-effective and flexible mechanism for offering various interactive and non-interactive mobile services to a wide subscriber base.
  2. USSD supports menu-based applications facilitating more user interactions.
  3. USSD is neither a phone-based nor a SIM-based feature. It works on almost all GSM mobile phones (from old handsets to new smartphones)
  4. With USSD, messages can even be initiated during calls, allowing simultaneous voice and data communication.
  5. USSD allows faster communication between users and network applications because messages are sent directly to the receiver allowing an instant response.
  6. USSD services available on the home network are also accessible while roaming. Unlike SMS, there are no charges for this.
ADVANTAGES OF USSD

USSD is a highly cost effective and fast technology and is seven times faster in operating speed than SMS. USSD has several advantages as a bearer technology, such as:
  1. Cost efficient - Significantly less investment is required in the network as USSD uses existing SS7 protocols.
  2. Fast and responsive – Real-time and instant messaging service capability allows operators to provide easy to use, responsive and fast menu-driven content provision services.
  3. Interactive navigation – USSD is increasingly being adopted to develop interactive applications like mobile chatting, roaming with prepaid service, callback service, prepaid recharge, mobile banking, etc. 
  4. Reduced marketing cost – Operators can use USSD as a cost-effective way to cross-and up-sell additional services.

ELEMENTS OF USSD MOBILE NETWORK
 


 The mobile network comprises components that carry data messages between the handset and the  corresponding USSD application. Figure 2 explains the elements of the mobile network and the communication protocols they use. USSD services reside as applications in the mobile network. These applications can reside in MSC, VLR, HLR, or an independent application server that is connected through a USSD Gateway (using SMPP). If a USSD message is not destined for an application in the MSC, VLR, or HLR, a USSD handler in these nodes routes the message to the USSD Gateway using the MAP protocol based on the service code. The gateway interprets the code and routes it to the specific USSD application server to fetch the necessary information requested by the user. In response, the application sends the relevant information to the USSD Gateway, which in turn converts the message to MAP format, and then sends to the mobile terminal. Applications under the mobile operator’s control will typically reside in the GSM network (MSC, VLR, HLR), while third-party applications may reside elsewhere such as on the internet. The application can also be a hyperlink to an internet site or information stored locally in the Service Application System. In a mobile-initiated service request, a session is created between the network and the mobile terminal. This session is used for all information transfers and must be released before another session can be started. Additionally, an application in the network (residing in the MSC, VLR, HLR, or external application server) may at any time send a message to a mobile terminal. This can be a request for  information or a notification. Again, the session must be released upon completion.
 

Figure 3 shows the message flow for a network-initiated (HLR, VLR, and MSC) USSD request for a single operation.



Figure 6 shows the message flow for a mobile-initiated USSD request that failed at MSC, VLR, and HLR. It also depicts a case where an MS clears the transaction before it receives a response to the initiated USSD request.

Data security with SMS banking

SMS service is deemed to be the least secured of the technologies suggested for mobile banking because of the number of points where the SMS data is available to others in a clear or unencrypted format. The diagram below shows the entities involved across the GSM channel in SMS banking.


A customer initiates a transaction by sending an SMS to the bank using the bank’s SMS short code. The SMS is stored on the handset and is available to anyone who looks at the customer’s phone; hence, making it unsecure at the very first step. The SMS then passes through the encrypted GSM communication channel through the base stations and terminates at the mobile network operator’s SMSC. There, it is typically stored in an unencrypted form, making it unsecure at also the second step. The SMSC passes the message onto the bank’s wireless application processor or mobile banking processor (which may be a third party), where it is stored either in encrypted or unencrypted form. The third party then passes the message to the bank across an encrypted fixed line to the bank, where it is typically stored in a secured environment. In all, there are three highly susceptive points of exposure during the transaction where the data is stored, making the SMS service far less secure.

Data security with USSD banking

Unlike SMS, USSD message is not stored on customers’ mobile, making it secure at the first level. USSD opens a single session between the device and the supporting application at the network operator/processor/bank.

The data is also encrypted at the USSD gateway sitting at the network operator/processor/bank, preventing any misuse of the data. This makes it secure at the second step. The end-to-end transaction flow occurs across the encrypted GSM communication layer while the subscriber identity is also hidden. Hence, USSD service is safer than to SMS and other GSM technologies. However, there is one risk. If the GSM encryption (which is used to carry the data within the communication layer by secured means) is broken, the data can be accessed–which can actually happen with all GSM technologies (e.g., SMS, USSD, etc.). To avoid this, the GSM encryption needs to be made more robust, much like how internet banking has evolved over the years. Excluding this generic threat, USSD appears to be the most suited technology for mobile banking application.

I have referred the above information from a white paper published by Aricent Inc. You can find more information on the topic by referring to this link http://www.aricent.com/sites/www.aricent.com/files/pdf/Aricent_WhitePaper_USSD_0911.pdf.

2 comments:

  1. Great Collection! I am searching about USSD for so many days. Thanks for sharing.

    ReplyDelete
  2. Yeah!! SMPP Server Provider have been gauged and extensively utilized nationwide by multiple business units.

    ReplyDelete