|The future of wireless banking|
Wireless banking is a convenience we all want to take advantage of, and one that financial institutions are eager to have implemented as soon as possible. While the pressure to implement wireless banking services is great, and its development and implementation are challenging, care needs to be taken to avoid the potential risks.
Wireless banking is revolutionizing the financial industry. It's radically transforming both services and customer expectations in societies around the globe. End users are demanding access to their money and financial information anytime, anywhere. Financial institutions know they need to move quickly to capitalize on this new trend.
By the year 2003, the number of people accessing personal account information online will grow to 40 million -- five times the 1998 rate. And the gap between wireless and landline users is narrowing fast. 100 million U.S. residents will access the Web in 2003 using wireless devices. That's not far off the 155 million who will connect via the more traditional PC/landline route. In Europe, the situation will be even more marked, with 90% of companies surveyed planning sites accessible to the projected 219 million wireless users -- one-third of the European population.
Not every financial institution, though, will find it easy to keep pace with the changes demanded. There are connectivity issues, protocol challenges, and a constant flood of new devices onto the market. Large institutions may find keeping pace especially difficult. For data managers, the challenge will be to deliver data effectively across every platform, protocol, browser, and service provider. In the meantime, B2B, B2C, B2G, and B2E are now being recognized as vertical online markets, and wireless is about to subdivide them with new services targeting new user groups. And P2P (person-to-person) and P2A (person-to-anyone) are set to play major roles as well in the financial world.
The good news is that lowered networking costs, together with improvements in wireless devices and bandwidth utilization, have made today's wireless service costs justifiable, which would not have been a year ago. To ensure the long-term viability of the investment, open systems need to be constructed that use standard protocols. Successful wireless implementation means end users who can interact with data easily and safely, independent of the network operator or handheld device.
What are the components of a wireless system?
There are several operating systems used with handheld devices:
Each handheld device demands its own ways of communicating; each requires its own gateway to communicate to the application server. Varying screen sizes give rise to varying screen layouts. Different keyboards make use of different keystrokes and navigation options. The application server must sort this all out and send each handheld device its data in a format it can utilize.
Connectivity, coverage, and gateways
Starting from the end user side, the handheld device can be any device that is used to access a local cell tower. The cell tower is responsible for delivering local geographical coverage in a certain hexagonal region. The cell tower then sends its data on to a base station.
From the base station, the data is transferred to a mobile switching center. The switching center connects all base stations together. If the user is part of the geographical network, the network system will identify his information via Home Location Register (HLR). If he's from outside the network, Visitor Location Register (VLR) will be used to track the call. This is when users end up paying big bucks for roaming.
Once the call is initiated, the device signals its identity using its electronic Serial number (ESN) and Mobile Identity Number (MIN). This information is vital for the gateway to authenticate the user. The application server then prepares data to send back to the appropriate unit to be displayed.
A packet is a collection of data prepared for transmission in a specific way. There are two types of transmission: circuit switched and packet switched. Circuit switched transmission entails a dedicated circuit for communication between two dedicated devices. Its duration is the length of the entire call. Packet switching does not require a dedicated line between the sender and recipient. This method enables the data to be divided into a number of packets and to be sent to its intended destination using different paths.
Connectivity varies from one device to another, and from one service provider to another. The most challenging issue for the wireless systems is coverage. As end users sign up with a WSP (Wireless Service Provider), they may quickly realize the limitations of the packages offered. Due to limited coverage areas, it can seem as if itís always the right plan in the wrong place.
Wireless service plans vary in options as well as cost. Common protocols a WSP can support include GSM (huge in Europe but not big in the U.S. yet), CDPD, CDMA, and Ardis -- all of which are jockeying for position.
Wireless middleware (application server engine)
XML is used to extract and deliver data; XSL can perform the transformations, using the DTD files to execute the functions agreed on in the integration and design stage. Different handheld devices will have different screen templates. The application server should track the user's sign-in on the device being used in order for data to be presented correctly. The screen templates can be XML documents which conform to DTD files. The screen templates are used only to define screen layouts. They are device specific.
Transcoding -- is it magic?
Once a request from a handheld device is initiated, the application server intercepts the request to identify the device type and capture the content. Using several logical processes, the application server engine processes the data into an XML document, which can be communicated to the backend system via the API connection. The result is then transcoded (processed) using XSL stylesheets and reformatted for the handheld device that made the initial request. The process can quickly get complex, depending on the number of handheld devices supported and the type of services offered by the financial institution. Therefore, products like IBMís WebSphere can be valuable tools to build a robust financial system in a short time. The WebSphere application server handles data dynamically and adapts it to the handheld device. It is also capable of running multiple applications and requests, and can be easily integrated into the backend system. The WebSphere engine selects the correct screen template, formats the data for the handheld device, and delivers the data requested. XSL is used for data transformation definitions, where the API will exchange messages between the backend system and the application server. XSL and XSLT stylesheets are mainly used to manage the presentation of the data, whereas XML handles the data itself.
User IDs and handheld device IDs are stored in the database at the application server level. Once a login request is received, the application server accesses the database. The middleware database is used to prepare and format the data for the device requesting the login. The application server will also compare the registered device ID to the user ID for additional security verification. The application server communicates with the gateway server for the specific device that initiates the request. The gateway then pushes the information to the handheld device based on the connectivity platform being used (e.g., CDPD, SMS, Mobitex, or CDMA).
The application server must accommodate different handheld platforms such as thin-client devices (IP-based devices), two-way paging, SMS messaging, and smart phones. It must then deliver data formatted for that specific device, end-to-end, in a reliable and secure manner.
Pushing or pulling data?
In either method, authentication must take place first. The gateway transfers the handheldís request to the application server (middleware). The application server then recognizes the device type according to its identifier. The information is sent to the backend system of the financial institution, using the API between the application server and the backend system. The application server receives the information from the backend system and reports it to the handheld unit. At this time, the data is formatted into screens appropriate to the device that requested the data. The data is passed back to the wireless server provider gateway, and then delivered to the handheld device.
Wireless application servers must be device- and network-independent
What about screen scraping?
The most effective way to build a wireless application system is to connect into the back-end system, regardless of type. It might be a mainframe, a client server, or a even Web-based system, using a direct connection via an API.
Security and wireless banking and trading
When data is flowing through a vulnerable environment, many of the available operating systems for phones and handheld devices offer little or no security. Most security violations occur within the financial institution or the service provider. Customizing wireless security is extremely difficult, especially given the limited computing power on handheld devices.
Double key secure authentication is one of the protection methods used to verify access across different systems. Double key secure means the user must authenticate two systems -- the application server (at the hosting service provider) and the financial institution. The transaction is authorized only when both locations agree.
Secure network architecture is achieved when all interaction points and data paths traveled are created using double secure keys. Itís been proven that this method can drastically reduce violations and system hacking internally and externally, because all three parties must agree.
One of the more common security systems used is PKI (Public Key Infrastructure), an encryption used for PDA and smart-phone security. PKI consists of two keys -- a public key and a private key -- used to authenticate the user and encrypt the data. In addition, the financial institution should utilize the system to monitor access logs and flag questionable connections on the application server.
Encryption is a tradeoff between speed and security. A good rule of thumb is to encrypt on a 32-bit CPU at the rate of 10 CPU clock cycles per byte. Look for the most compact software. It should run under 5,000 bytes of memory. Encryption can vary from one device to another, depending on the platform and the operating system. For additional protection, authentication can be implemented with user IDs and passwords.
Wireless banking can be risky, lengthy, and complicated to develop. APIs (interfaces) must be designed to connect to existing backend systems. Application servers must be able to accommodate all protocols and all devices. You never know which device the end user is going to use. Application servers must also be able to communicate with all gateways, such as WAP, GSM, two-way paging, etc.
Because wireless banking is still in an evolutionary stage, it's imperative to keep up with technological breakthroughs, new products, and development tools to ease the transition.
The wireless network must be both device- and network-independent. Most handheld devices have their own standards to deliver data over data channels. End users should be able to customize screens, alerts, notifications, and messaging services easily. The system should be able to send notices to users as necessary, regardless of device type. Scalability is a major issue. Selecting the right platform for the application server will dictate the tools available to work with. The wireless banking system must be an open system that can be reliably integrated with new gateways to the backend system. This is a challenge not many banking institutions should undertake on their own.
The next best thing is outsourcing the development of the project, the implementation, and the hosting. Using a third party to administer and host the system is a viable option.
Selecting the right application vendor
The road to a successful implementation
Wireless media is challenging -- many variables are not yet under control; coverage is a big hindrance; legacy systems with different topologies and different platforms make things even tougher. There will be more streamline markets demanding new ways of conducting transactions.
Wireless banking and trading is growing in leaps and bounds. Jupiter Research expects 18 million more people in the United States to become wireless subscribers this year, bringing the total number to 128 million. Moreover, the percentage of subscribers with Internet-ready wireless handsets will quadruple.
Despite millions of new users, the wireless market can expect some real challenges in the near future. "While penetration of wireless data services will gain momentum in 2001, a lack of substantial new technology deployments in the United States will stifle true innovation. Location-based services, high-speed networks, and highly sophisticated handsets will remain elusive in 2001." Wireless banking is security sensitive and it's essential to find the right balance between speed and encryption.
Accuracy, consistent availability, and reliability of services are key to a successful implementation and to the survivability of the financial institution. Geographical coverage is imperative to successful implementation. The confirmation of transactions is key in showing a level of commitment and accuracy to customers.
Wireless banking is highly dependent on bandwidth efficiency. The more efficient the bandwidth, the faster content is downloaded. End-user requirements are driving a demand for faster transmission and higher bandwidth capacity.
In order to offer an enterprise wireless solution, major consortiums must break political barriers and agree to a global communication format. They must arrive at a solution that allows access across platforms and networks regardless of device type, much like the Internet.
Financial institutions are between a rock and a hard place. They would like to extend their services to the wireless world, but they lack the resources and expertise to implement and deliver to their customers in a timely manner. Therefore, outsourcing can be a vital option for the following reasons:
Wireless banking and trading must be a virtual and global solution. Competitive forces will shape the wireless banking industry and help deliver end users what they are asking for. Wireless banking will have to reach a global standard before it can unleash its greatest potential.