The implementation technology of mobile banking has evolved from the short message method based on STK cards, to the WAP method, and the USSD method based on the signaling channel. The mobile communication network has developed to the 2.5 generation, and KJava, BREW method, even ordinary short messages, can also realize bank transactions after adopting certain business security controls. Various technologies come and go, and commercial banks are dazzled by the marketing of IT manufacturers. They wonder which technology will become the mainstream method in the future.
Short message method
The popularity of short message in China can be called a legend. People from all walks of life were not optimistic at first. However, over the past few years, not only China Mobile and China China Unicom, the two major network operators, has made a lot of money. In 2012, short message revenue exceeded 7 billion yuan. It also pushed the stock prices of the three major portals to soar like a rocket on the Nasdaq market. Driven by huge interests, people have started to think about short message applications. Suddenly looking back, they discovered that the active on-demand method of SMS can also be used to implement bank transactions. Although the implementation method is relatively primitive and requires memorizing and inputting a large string of characters, isn't this how other text messaging applications operate? Although the security level is very low and traces will be left on the mobile phone and the network operator's server, it is not a bad idea if we control it from the business aspect and only open services such as inquiry and mobile phone bill payment. What's more, its advantages are obvious. All mobile phones support short messages, and most people use short messages. If there is a convenient and effective signing process, it will be very easy to develop customers.
Short message method based on STK card
As a technology first applied to mobile banking, this method writes the menu of banking services into a specially made STK card, thus making it easier for customers to Menu-style operation, and at the same time, the STK card itself has a relatively complete identity authentication mechanism, which can effectively ensure transaction security. Its shortcomings include several aspects: First, the capacity of the STK card is limited. Usually, only one bank's application can be written into the card, and it cannot be changed. The recent OTA over-the-air download technology can update the content in the STK card. Upgrading the service is still troublesome. Second, the store-and-forward mechanism of SMS messages leaves traces of transactions on the network operator's servers. Third, there are fatal flaws in the business and business model. Although some people have proposed that the card replacement procedure can be changed to bank counters, this requires deeper cooperation between banks and network operators.
USSD method
This method may be unfamiliar to everyone. USSD is an unstructured supplementary data service for new interactive mobile data services. It is a new interactive data service based on GSM network and can be used to develop various services. USSD messages are transmitted through the Signaling No. 7 (SS7) channel and can maintain dialogue with various application services. USSD can use the existing GSM network as a transparent bearer entity, and operators can use USSD to develop corresponding services that meet the needs of local users. In this way, the USSD business can easily provide data services to mobile users, and adding new services will have little impact on the original system, maintaining the stability of the original system. The advantages of the USSD method are: first, the customer group does not need to change cards, and it is suitable for most models of GSM mobile phones; second, it is real-time online, interactive dialogue, and only requires one access for a transaction; third, the cost is low, Each visit only costs about 0.1 yuan. Its limitations are: first, the interface display is quite different for different types of mobile phones; second, the downstream information from the bank to the mobile phone cannot be end-to-end encrypted; third, this service is only available on some It is piloted in regions and has not yet spread nationwide.
WAP method
is the abbreviation of Wireless application protocol (Wireless Application Protocol), which is a combination of a series of specifications for developing Internet-like applications on mobile networks. It will enable a new generation of Wireless communication equipment can reliably access the Internet and other advanced telephone services. Since wireless network systems are different from fixed network systems, and the screens and keyboards of mobile terminals are small, WAP is not suitable for using HTML (Hypertext Markup Language). , but requires the use of specialized WML (Wireless Markup Language). Around 2000, WAP technology was once a hot spot promoted by IT manufacturers, but it quickly declined due to Internet speed and other factors.
Since 2002, the launch of China Mobile's GPRS network has improved network speed and given WAP technology new opportunities for development. WAP2.0 implements end-to-end encryption from the WAP terminal to the CP, using TLS as the end-to-end encryption algorithm. The advantages of the WAP method are: first, the bank's development volume is very small, and it only needs to develop a WML version based on online banking; second, character content browsing and real-time transactions; third, the emergence of GPRS has improved Browsing speed. Its limitations are: first, customers need to have a WAP mobile phone; second, it can only process text, has poor interactivity, and has a simple interface.
KJava method
It is a Java application specially used for embedded devices and is an extension of Java technology on wireless small terminal devices. J2ME platform technology expands the scope of use of Java technology. This versatile KJava application development platform can develop many new and powerful information products. KJava technology enables users, service providers, and device manufacturers to use rich applications at any time as needed through physical (wired) connections or wireless connections. The configuration and framework of J2ME greatly improve the flexibility of information equipment, including computing technology and application installation methods. Its advantages are: first, real-time online, interactive dialogue; second, graphical interface, very user-friendly; third, using some 1024-bit RSA authentication encryption technology and 128-bit triple DES encryption and decryption technology, which is relatively secure. higher. Its limitations are: first, KJava mobile phones are more expensive and have fewer users; second, it is impossible to achieve unified display for different models of mobile phones, and some targeted development is required for different models of mobile phones.
BREW method
Binary Runtime Environment for Wireless (wireless binary runtime environment) is a technology based on CDMA network. Users can download application software and run it on their mobile phones to realize various functions. BREW is located between the chip software system layer and the application software layer. It provides universal middleware and is directly integrated on the chip. It can be executed directly without intermediate code and only requires about 150K storage capacity in the entire system. Just like you can add and delete programs in Windows, users can download various software through their mobile phones to personalize their phones, and operators can also wirelessly download, upgrade or recycle software for users. BREW supports various encryption algorithms. Developers only need to directly call the symmetric encryption algorithm RC4, asymmetric algorithm RSA, SSL algorithm, HASH function and other basic functions directly through the API interface without re-development. The advantages and disadvantages of the BREW method are similar to those of KJava, but it is worse than the KJava method in terms of security and consistency of terminal performance. However, BREW is Qualcomm's patented technology and its openness is not as good as KJava.