African Banking Technology Conference 3 April 2008 Nairobi - Kenya Patrick Mburu Director, ATS - Africa
Jan 11, 2016
African Banking Technology Conference
3 April 2008
Nairobi - Kenya
Patrick Mburu
Director, ATS - Africa
www.ats-africa.comwww.ats-africa.com [email protected]
ATS-Africa an Overview
• Advanced Technical Solutions - Africa LTD (ATS-Africa)- Incorporated in 2006
• IT solutions company, which is formed with strategic alliances in key technological solution industries.
• We specialize in providing turnkey solutions, ranging from implementation of a top of the line mobile software solutions, network and information security systems and business consulting services
www.ats-africa.comwww.ats-africa.com [email protected]
Network & Information Security Solution
www.ats-africa.comwww.ats-africa.com [email protected]
Problem: Identity Theft
• Why Security?
• Problem: Identity Fraud
• FACT: 1. Identity Fraud = 56 billion USD in 2006
2. 12% is internet related = 7 billion USD
3. Average per victim amount is 6000 USD per year
Javelin Strategy and Research & Better Business Bureau 2006 Identity Fraud Survey Report
www.ats-africa.comwww.ats-africa.com [email protected]
Problem: Managing Multiple accounts
Trade ME
Africa Demo Bank (ABD)
HSBC
AMAZON
North-shore Council
Skype
Gmail
ANZ
www.ats-africa.comwww.ats-africa.com [email protected]
Problem: Deployment
Delivery Logistics
Maintenance, replacements
End Users support
Implementation
www.ats-africa.comwww.ats-africa.com [email protected]
The Solution
• The Next One Time Password Generation
• Cellular Authentication Token (CAT)
www.ats-africa.comwww.ats-africa.com [email protected]
Download from the Internet
No maintenance, no replacements
End users already use Cellulars
Simple initiation
No Token Costs and no Logistics Costs, No Hidden Costs
Cellular Authentication Token – NO Deployment Problem
ABD EF5D18
ID:
OTP:
SubmitSubmit
AgolaA
EF5D18
Login
www.ats-africa.comwww.ats-africa.com [email protected]
Single CAT for Multiple Accounts
Select Site Trade Me ABD HSBC AMAZON
www.ats-africa.comwww.ats-africa.com [email protected]
Security: CAT = Maximum Security
• The Cellular is protected by PIN
• CAT is protected by CAT Password
• CAT Password not kept on Cellular
• Only encrypted verification sentence is kept on Cellular
• Encryption with the Cellular unique ID (IMEI )
• After 3 minutes shuts down
•Two Factors Authentication
What you have = Cellular token
What you know = Password
www.ats-africa.comwww.ats-africa.com [email protected]
CAT = Maximum Security
User enters a One Time Password to login
CAT Generates OTP every 60 Seconds
Hacker can not reuse old OTP
Hacker can not predict the next OTP
Hacker will look for the CAT Password on the Cellular
www.ats-africa.comwww.ats-africa.com [email protected]
Summary
Check if user exists
Check if user enabled
Encrypt entered password
Compare with saved password
Allow access
Check if user exists
Check if user enabled
Calculate required OTP
Compare with entered OTP
Allow access
Old way CAT way
www.ats-africa.comwww.ats-africa.com [email protected]
Using the CAT
CAT System
administrator end user
www.ats-africa.comwww.ats-africa.com [email protected]
Demo: Using the CAT on a Daily basis
Using the CAT
www.ats-africa.comwww.ats-africa.com [email protected]
• New investigations in personal security:
• CAT 4 ATM Secure Transactions
Highlights:
Credit Card owner has to register the card for OTP
Different OTPs for different Cards
The OTP Verification is done at a server side
Server can be at the ATM company or Bank or Credit Card company
Business Model
Registered Credit Cards can make OTP Verification over Internet for eCommerce
On-Going Developments
www.ats-africa.comwww.ats-africa.com [email protected]
Enter Credit Card
1
Generate OTP 2
Enter POTP 3
ATM Software
System Authentication Server
Verify OTP
4
Update Log
Query Result
Query POTP
5
Overview of Verification Process
www.ats-africa.comwww.ats-africa.com [email protected]
Mobile Banking Solution
www.ats-africa.comwww.ats-africa.com [email protected]
Mobile Banking
• Unlike previous services, mobile banking is a mass-market tool characterized by personalized real-time or on-demand messaging
• Mobile banking enables financial institutions to cost effectively reach their entire customer base.
• ATS-Africa’s mobile banking suite constitutes a revolution in customer service relations and communications technology between financial institutions and their clients.
www.ats-africa.comwww.ats-africa.com [email protected]
• New Opportunities:
– Drive innovative personalized services,
– Attract new clientele
– Market to their customer base – leading to lower costs, higher revenues and greater profits
Mobile Banking
www.ats-africa.comwww.ats-africa.com [email protected]
The Solution:
• ATS-Africa, through one of the leading providers of mobile messaging solutions for financial services, has developed a comprehensive offering enabling organizations to make the most of society’s mobile evolution.
• Our end-to-end services provides banks, credit-card companies, and insurance firms what they need to maximize the power of financially-oriented mobile messaging.
• The offering includes a robust middleware platform that serves as a gateway for managing mobile messaging for operational customer care and marketing needs
www.ats-africa.comwww.ats-africa.com [email protected]
• Secured Connectivity Layer creates a secure IT, two-way messaging channel
• Large Account Application Gateway - A robust middleware platform that serves as a gateway for the central management of organizational messaging
• Application Suite - an array of mobile banking applications such as balance notifications, automated account alerts, fraud alert, and mobile marketing
3 Tier Architecture
www.ats-africa.comwww.ats-africa.com [email protected]
The Solutions
• m-Query: – A service that enables authorized customers to initiate MO SMS
requests for internal personal account or external financial services data.
– Launched by sending an SMS to a short code number, the application delivers an immediate SMS response to each request.
• m-Campaign: – A service enabling financial institutions to conduct and manage
mobile marketing campaigns.– Integrated with an organization’s CRM system, the solution allows
for new product and service marketing via SMS, MMS and WAP links to an entire customer base or selected customer segments.
www.ats-africa.comwww.ats-africa.com [email protected]
• m-Enterprise: – A service that enables financial organizations to send group
messages to intra-organizational segments (e.g. branch personnel) or branch customers for updating purposes (e.g. new checkbook availability).
• M-Trade:– A service that enables customers to receive periodic SMS
notifications regarding currency exchange rates, stock exchange alerts and other updates from financial data suppliers;
The Solutions