Omlis_[Bridging_the_gap]_The_impact_of_fraud_V002[27.05.2014]

BRIDGING THE GAPEnabling secure mobile payments:

The impact of fraud

White Paper

IPrivate & Confidential

AbstractThe purpose of this white paper is to evaluate the compelling market requirement for a ubiquitous or universally applicable encryption technology that allows direct from bank account mobile payment transactions utilizing a powerful, highly scalable enabling technology, Omlis.

Published by:

Telephone:

Email :

Address:

Omlis Ltd.

+44 (0) 845 838 1308

[email protected]

Third FloorTyne HouseNewcastle upon TyneUnited KingdomNE1 3JD

© Omlis Ltd 2014All rights reserved.

No part of this publication may be reproduced, copied, stored in an electronic retrieval system or transmitted save with written permission or in accordance with the provisions of the Copyright, Designs and Patents Act 1988.

Published by Omlis Ltd, Third Floor, Tyne House, Newcastle upon Tyne, United Kingdom, NE1 3JD. Telephone: +44 (0) 845 838 1308 Email: [email protected]

The contents of this document are private and confidential and are intended for the stated recipients only. If you are not the intended recipient, please contact the sender immediately. Any form of reproduction, dissemination, disclosure, modification or distribution of any part of this document is strictly forbidden and may be legally prohibited. If you are unsure as to whether you are breaching Copyright laws, Omlis advise the reader seeks proper legal council.

Details supplied in this document by Omlis are provided for information and in some cases represent opinion. Also while stringent efforts have been made by Omlis to ensure document accuracy; due principally to the fact that data cannot always be verified, it is possible that some errors or omissions may occur.

Given the above comments, this document should only be used as an aid, to assist the making of business decisions, and not as the sole basis for taking such decisions. Omlis cannot accept responsibility for errors, omissions or decisions made based on the content of this document.

IIPrivate & Confi dential

About the AuthorMarkus Milsted is the founder and CEO of Omlis. Working principally in the fi nancial services arena, he has successfully engineered customer and service interfaces for international banks as an experienced application development specialist.

Markus holds a degree in Business and Enterprise, a Master’s degree in Music Production, and has an extensive interest in Mathematics. As an entrepreneur and innovator his background and interests provide a unique perspective and an ‘alternative’ take on service, user and transaction processes;

“True innovation requires an objective perspective, and can only be realized through development of creative synergies, and delivered through determination and sound leadership.”

Markus Milsted, Founder & CEO

IIIPrivate & Confidential

List of AbbreviationsList of acronyms & their meanings:

SMS Short Messaging Service

NFC Near Field Communication

QR Codes Quick Response Code

BLE Bluetooth Low Energy

USSD Unstructured Supplementary Service Data

RFID Radio Frequency Identification

POS Point of Sale

EPOS Electronic Point of Sale

PSP Payment Service Provider

MSSP Merchant Solution Service Provider

MNO Mobile Network Operator

SME Small to Medium Enterprise

TtoT Terminal to Terminal

AES / AES II Advanced Encryption Standard

FQDN Find Quarantine Destroy Notify

IVPrivate & Confidential

ContentsIntroduction 1

Market definition and background 2

Different types of mobile payments 3

Market size and potential 4

The impact of fraud 5

Why contemporary encryption is a poor fit 6

Realizing market potential 7

Enabling global adoption and building trust 8

Bridging the gap 11

Getting involved 12

1Private & Confidential

IntroductionThis paper is a review of the rapidly emerging and pervasive mobile payments market and the requirement for secure ‘direct from bank’ mobile payments. Secure ‘direct from bank’ payments would allow faster, more cost efficient services and eliminate risk with fewer stakeholders and vulnerabilities. Such a system would also effectively accelerate inclusive bank adoption worldwide, and provide better support for unbanked communities.

The paper explores the principle and necessary factors to provide secure direct from bank payments, and highlights how Omlis offers a unique enabling technology, as a catalyst of change and a champion of secure mobile payments globally.

Key Themes:

This white paper covers the following key topics:

X Market Definition and Background

X Different types of mobile payments

X The mobile payments market composition, size and potential

X The Impact of Fraud

X Current Encryption Limitations

X Realizing Market Potential

X Enabling Global Adoption and Building Trust

X The future with mobile payments powered by Omlis

2Private & Confidential

Market Definition and BackgroundThe mobile payments market represents networks and customer facing solutions for executing payment transactions, for all products or services through a portable electronic device such as a cell phone, smartphone or PDA.

Mobile payments emerged in Asia and Europe before becoming prevalent in the United States and Canada. By 1998 SMS based payments were gaining popularity, propelled by the ‘new age’ of borderless currency and the expanding global reach of the Internet. Mobile payments also enable banks and merchants operating in the fast developing countries to offer secure, low cost direct transactions across unbanked communities, empowering social change and promoting inclusive economic development. Mobile payments are already pervasive in many such emerging economies as in parts of Africa. This is great news for the mobile payments market, but often implementation highlights a key unresolved issue. There is no standard adopted security protocol, and end users are unprotected and vulnerable to significant fraud.

The market is currently dominated by ‘wallet’ based solutions, including new dedicated services and extensions to traditional credit and debit card services, indirect processing, intermediaries and stakeholders, with their associated costs and vulnerabilities. PayPal, Google and many other market entrants have achieved rapid growth. Given such an attractive and opportune target market, malevolent parties were soon to follow. Introducing innovative approaches to mobile payments, inherently attracts creative hackers, scam artists and organized crime.

Where customers are affected by fraud, payment service providers are exposed to fines from regulators, fees in corrections and a host of other chargeback costs. The greater damage is to brand integrity and loss of customer trust. Today’s market dynamic is defined by accelerating investment in mobile payment services, advanced media campaigns to create larger more engaged user bases; and increased cybercrime and mobile fraud, with the continued growth of distrust in service providers and their technology.

Omlis resolves this dynamic and offers a solution to enable all mobile payment stakeholders to deliver secure mobile payment transactions. Ensuring that all payments are recorded and reconciled in real-time, and processed from accounts where the funds reside to protect all service users from malevolent parties. According to Douglas McWilliams, executive chairman, of The Centre for Economic and Business Research (Cebr);

‘For the full potential to be unlocked, consumers need to be reassured that mobile payments are hassle-free, safe, secure and widely accepted. That will require strong cooperation across the financial services, retail and payment industries.’

3Private & Confidential

Different Types of Mobile PaymentsThe Different Types of Typical Mobile Payments Include:

At Omlis, our vision is to provide an enabling technology that provides secure direct from bank payments by:

X Financial institutions,

X Payment processors,

X Payment service providers,

X Secure network operators and mobile network operators,

X Merchants

X Customers

Omlis technology offers a payment solution that works across all applications and is highly adoptable, enabling fast, secure and convenient services regardless of pre-existing investments.

Bills

User to POS

User to Service

User to User

User to EPOS

4Private & Confidential

Market Size and PotentialThe scale of the global market opportunity forecast by reputable research providers for world-wide mobile payments transaction values vary dramatically. Gartner predicts 450 million users world-wide, and that transaction values will reach $721 billion by 2017, while Business Intelligence estimate the transaction values will reach $1.5 trillion over the same period.

Gartner estimate global transaction values in 2013 to be $235 billion, indicating that the market grew by 62% in 2012-2013 alone. Research by the Centre for Economic and Business Research (Cebr), highlights that in the UK twenty million adults will use their mobiles to pay for goods and services by the end of the decade, with the value of purchases tripling from current levels to £14.2 billion in 2018.

World Bank research estimates that 48% of the world population is not able to access basic financial services in order to save, borrow or transact. For many in emerging markets, personal finances and transaction are managed through collaborative networks of relatives, friends and neighbors who support one another. Cash is the main form of payment, and regular income is not the norm. Most importantly, many of these communities have no relationship with a bank.

Mobile payments represent an opportunity for a better, safer and more convenient future that is inclusive for people in diverse situations, offering secure convenient access to mainstream financial services.

5Private & Confi dential

The Impact of FraudThe level of fraud within mobile payments is progressively growing. Threatmetrix research highlights that today 5.85% of transactions derive from compromised devices with many specialized attacks now originating from mobile devices. Quick Heal data reports an increase of 80 to 85% in mobile malware attacks in 2012 alone. Fraud is now a recognized major constraint to the growth of a frictionless mobile payments future.

The technological constraints of current encryption, and the sheer workload that is processed by mobile phone CPU chips limits both the robustness and effectiveness of current Fraud detection and prevention solutions.

Many of the currently available systems for encrypting data that have been applied to mobile payments, are variants of well established approaches, whether prime number factorization or even something as simple as it AES/ AES II Advanced Encryption Standard.

These forms of encryption technology fundamentally fail to deliver the security and fraud protection the mobile payments market seeks. Designed and developed before the dawn of the mobile payments age, these systems are constrained by architectures that cannot optimize the extremely fl uid and dynamic real time infrastructure and security requirements of mobile payments. This creates stress on systems, extends processing and bandwidth requirements and increasingly exposes vulnerabilities.

Omlis has developed proven and powerful technology to provide a truly mobile centric encryption and service platform. Omlis software technology allows the implementation of an encryption security system using a unique mathematical capability to rationalize poly-nominal variables offering encryption codes, keys and applications that are impossible to break due to their amorphic characteristics (changing constantly in real–time). The resultant data packets reduce data scale and bandwidth demands, being typically 1/6000th of the cumulative data size of existing mobile payment encryption.

Unlike all existing solutions, Omlis provides a closed loop system with no public keys and novel randomization using real-time environmental factors. The protocols are novel, discrete and unknown, offering a new key handling methodology and delivering total security.

6Private & Confidential

Why Contemporary Encryption is a Poor FitCurrent encryption technology is recognized to have severe limitations and security vulnerabilities, and requires an immense supporting infrastructure and network, representing billions of pounds in investment from a variety of stakeholders over many years.

Current payment encryption technology typically makes high demands on telecommunication infrastructure due to the scale of data communication required. Given this, current technology restricts practical adoption in many developing countries and emerging economies.

The limitations of current encryption technology are highlighted by the growth in mobile payments and the associated demand for greater capacity in the telecommunications network. This has been one of the many reasons for resistance to implementation of mobile payments.

A new approach to encryption is required to enable secure mobile payments to deliver the convenience, trust and service necessary to maintain a reputable brand and enable mass adoption.

This New Approach Requires an Encryption Capability that will:

X Embody a high level of security

X Offer user convenience and be adaptable by consumer application developers

X Be innately compliant and suitable for regulated markets

X Be interoperable between online and mobile environments in line with market convergence

X Be capable of working with older generation mobiles as well as smart phones

X Work with existing security technologies

X Be readily adoptable by legacy systems and invested networks

X Be capable of supporting development of secure payment networks quickly and efficiently across diverse markets and geographies

Omlis has created a system that will enable secure transactions over lean infrastructure or advanced infrastructure, whilst reducing the ‘Big Data’ capacity requirements.

7Private & Confidential

Realizing Market PotentialCreating user friendly and convenient solutions has been proven to be the overwhelming priority in consumer adoption and in developing a significant user base. Often convenience can be demonstrated to have been placed as a priority over security, this creates a distrust amongst consumers and limits market adoption of mobile payments and growth. Consumers are hard to win back after a bad experience or reputational damage, and virtually impossible to negate regardless of marketing spend.

Lack of effective security is central to unlocking the potential mobile market opportunity, however the barriers to market growth are more complex. The following map considers these broader issues:

Legacy investments

Technology Conservatism

Incompatible technology strategies

Poor payment product / user

process

Lack of solutions for middle

market threats

Oligopoly

Substantial owned

infrastructure

High barriers to market entry

Restrictions and failure of current

encryption

s

Open to Attacks/ Hacks

Fear and reality of Fraud

Unknown and con�icting needs

Dislike for intrusive User Experience

TraditionalMarket Culture

Geographical differences

Conservative Market

Concern regards the ‘Internet of

things’

s

Preferences for non invasive technology

Lack of �exibility in product

design

Misinterpretation of needs

Product rejection

s

Concern for brand integrity

Open source software

o Uncon�con�con�

Ex

User Base Confusion / Lack

of Trust

Dintr

Fear of Change

Resistance in Mobile Payment

Adoption

sGed

Universal Application Restraints

y Co

Compliance and regulation changes

CConthe

Local & International Standards

Ops

Preference for local networks and providers

8Private & Confidential

Enabling Global Adoption and Building TrustOmlis provides a suite of tools that are based on novel encryption and protocols. These tools enable the creation of secure payment networks for ‘direct to bank’ application and provide, substantially more appropriate security and processes for existing networks.

Omlis technology has been innovatively developed from the ground up to meet the needs identified in this paper. Omlis technology enables an infallible highly secure mobile payment process, with dramatically reduced bandwidth and process costs, providing an opportunity to establish discrete customer technology interfaces and improve consumer trust, convenience and service usability.

With communities of stakeholders Omlis implements new, better mobile payment solutions. Our vision is to enable the rapid deployment of robust and secure ‘direct to bank’ payment solutions principally within fast emerging markets and developing economies. Omlis are actively working with local and regional operators to accelerate the adoption of mobile payments in selected markets, and to help realize significant economic and great social potential.

Securing Mobile Payments Networks and Solutions

The following section identifies the key factors that create secure mobile payments:

Establishing Trusted and Infallible Security

Research highlights the demand for a new approach to mobile payments security that resolves the host of existing vulnerabilities at both the consumer interface and throughout the complex payment gateway and network service provider processes.

Omlis offers an enabling security technology that is demonstrably more robust than existing security solutions deployed in Mobile Payments, securing highly efficient and minimized data processing, handling and transmission and verification, and delivering a system that is truly infallible.

Omlis utilizes a completely novel encryption process, to create a single unique amorphic token in real time and differentiated protocols. These Omlis protocols apply a fast and efficient four stage verification process to each transaction at point of transmission regardless of the customer facing technology being deployed. Uniquely this verification does not require any customer intervention.

Protecting Personal Devices

The Omlis secure mobile solution has a FQDN (Find Quarantine Destroy Notify) at the heart of its protocols. This protects the user base by detecting malevolent acts using advanced artificial intelligence techniques to identify any form of foul play taking place on a user’s device.

As a secondary system within Omlis, when the transaction assistant detects any malicious intent, server software in the Omlis cloud contacts the provider where the funds reside. A range of automated procedures ensure institutional notification, account security verification and immediate contact with the user who has been potentially compromised to ensure full security.

9Private & Confidential

Providing Better Privacy

Fundamental to the proposition is that service providers using Omlis can offer a secure ‘direct from bank’ solution with the assurance that bank cards and personal details will not be vulnerable.

Privacy is a strategic differentiator for Omlis partners. In recognition of the growing threat from organized device and middleman attacks, mobile malware, and resultant fraud, Omlis technology and systems include the ability to make direct on bank transactions without requiring actual bank details.

Our approach ensures that if an Omlis secured system is ever compromised the payments processing capability is automatically disabled and any malicious party attempting to decrypt the details would be permanently unable to retrieve any meaningful information.

Cultural Adaptation – Supporting Variance in Service Expression and Process

In the western economies although Chip & PIN technology is well established, there is relatively low adoption in the Americas and Asia PAC when compared to the potential of mobile payments.

Mobile payments has greater potential for mass adoption in all regions of the world as customer facing technology can be readily tailored to suite local language and culture.

Omlis technology enables the application of new and diverse customer facing technologies such as NFC and facial recognition to existing and new payment networks, as Omlis is designed to overlay existing security process, and dramatically reduce data transmission sizes and bandwidth demand.

Accommodating the ‘Mixed Handset’ Markets

Omlis secure mobile solutions have been designed to optimize and operate with second-generation handsets onwards. A majority of world’s handsets are still “feature phones”. Less than one in four handsets shipped in 2012 is a smartphone, while LTE-enabled phones represent less than 4%.

Given the significant scale of 2nd market handsets, especially in developing economies, the dominance of phones which do not support newer advancements is substantial. By 2017 3G and 4G global market share is only forecast to be 53%.

Reducing Bandwidth Demand and Dramatically Improving Operational Costs

Mobile payments bandwidth demands are increasing, with mobile data use forecast to reach 11.2 Exabytes per month globally by 2017. This exponential growth is due to a variety of factors including increasing merchant adoption, relatively large transaction data packet sizes, increasing transaction volumes and data logging of ‘Big Data’ for the different stakeholders and network operators.

Data transmissions are a significant cost to mobile payment operators and reflect substantial investments in telecommunications infrastructure and operations. Omlis have resolved the impact of scaling transactions on the demand for bandwidth, and the inequality in the nature and structure of telecommunications networks in different territories.

In contrast, existing encryption solutions increase the size of transmitted data. This innately generates greater bandwidth demand and longer payment cycles. There are various factors that interact including the packet size increases due to incumbent encryption systems, variance in network processes and volume of payment connections occurring at any time.

10Private & Confidential

A single Omlis enabled secure payment is typically 32 bytes in size, compared to the average Chip & PIN payment being 70,644 bytes. This means each Omlis payment is approximately 2700 times smaller than the average to Chip & PIN payment. If we take it that each 1 GB of bandwidth cost approximately at a current average market value of £0.08 (2013). The volume of transactions that we can procure when comparing Omlis and Chip & PIN technologies are:

Total Trans. Cost

Omlis = 33,554,432 (£0.000000002)

Chip & PIN = 15,199 (£0.000005)

Omlis creates significant operational efficiencies, speeds services and reduces service delivery costs. Omlis reduces the costly data burden and minimizes the supporting service on telecommunication networks with poorer bandwidth, removes bottlenecks and dramatically increases capacities, while improving the quality of process and customer experience.

Bridging The GapOmlis seeks to help bridge the gap between traditional and new market operators, enabling them to effectively coexist, and to challenge the current mindset and bring about innovation by creating market leading partnerships with entities who wish to enable the future. While these partnerships are built on our most important principals; we remember that innovation cannot be achieved without synergy, endeavor, determination and leadership. Below are some key factors (as described in more detail in the paper) which could be considered fundamental to improving market adoption:

X As a host of markets converge into the mobile payments and broader mobile money space, from social media to retail. There is clearly a need for a ubiquitous platform that aligns the variety of customer facing technology and new entrant services with security and operational demands of mainstream payments processing services.

X To truly unlock the social and economic potential of mobile payments a focus is required to resolve practical development and deployment of ‘direct to bank’ payment networks.

X Within the payments processing space, investment is required in establishing fault tolerant, and risk managed function between pre-existing mature invested payments infrastructure and new mobile payments gateway services.

X Synergy between traditional and new market processes must be achieved to enable mobile payments market development across broader global territories.

X Relevant contemporary standardization is needed to harmonize and align the communication protocols between mobile devices, mobile services and pre-existing services.

X Traditional encryption is a key constraint to the market. Applied to mobile payments currently used systems bring limitations to trust, security, and efficiency as well as user convenience. Such systems are also conducive to high bandwidth burden and operating costs. Without a new approach and a new concept challenging the traditional views the market will not achieve its potential.

X New payments infrastructure needs to be brought in line with regulations appropriate for mobile money. Compliance costs need to be lower to be adaptable and to avoid rogue development in this new space.

X Adapting to new market demands. The developing global market has a non-traditional mindset and will not tolerate existing ecosystem pricing and transaction charges. This is of particular relevance to larger older operators.

11Private & Confidential

Getting Involved…Omlis is engaging globally with partners to support the mobile payments revolution.

Omlis can be Deployed in Variety of Scenarios Including:

X Telecommunication network operators seeking to rationalize mobile payments data and create standardization in stakeholder transmissions.

X Banks and financial institutions exploring the potential to establish true ownership and control of ‘Direct to Bank’ payment services.

X Establishment of discrete switching in support of rapid development and deployment of merchant services and new regional payment networks.

X Payment service providers seeking to better align their offerings with the growing demands (now and in the future) for mobile payment services.

X Merchants and retailers seeking to develop safe and efficient customer facing applications.

Our technology is pervasive and a key to enabling truly secure, trusted, cost efficient mobile payments solutions. If you wish to partner or inquire about how you can use our technology, please don’t hesitate to call.

www.omlis.com

© Omlis Limited 2014Private & Confi dential

Third Floor Tyne House

Newcastle upon TyneUnited Kingdom

NE1 3JD

+44 (0) 845 838 [email protected]

V2 - 0

5.2014