The GraphCube software platform includes a comprehensive, secure, industry-leading mobile banking portal for Bangkok Bank. Our mobile portal provides the highest level of security available in the mobile industry as well as the most advanced mobile banking portal features available. The platform includes a collection of AI tools for managing customer identity, advanced threat detection, and analytical dashboards for greater business insight.
Our portal framework consists of a web front-end client processor which allows mobile access to any device and which provides easier access for customers and better customization for Bangkok Bank.
We provide a secure web-based mobile portal based on the Microsoft® .NET platform hosted within the Bangkok Bank existing secure data center. The advantages of our proposed mobile portal platform configuration include the following:
Advanced mobile technology; industry’s best in class.
Rapid and cost effective development and mobile deployment.
Available to all mobile devices.
Integrated Arcot® RiskForte™ digital authentication security software.
Integrated back-end mobile data triple DES data encryption.
Integrated cryptographic HASH for key data elements.
Simple and convenient interface for Bangkok Bank customers.
Integrated SMS/MMS notifications to customers and Bangkok Bank administrators.
Multiple language support (Thai, English, others as requested).
Fast and interactive mobile portal updates for Bangkok Bank administrators.
Scalable robust platform for future growth and enhancements.
Support from global software leader, Microsoft®, and industry leaders GraphCube and Arcot®.
Secure and integrated Identity Access Management (IAM) processes and algorithms for threat vector deterrence, authorized user management and access, account and/or client suspension/revocation and system audit requirements.
The Bangkok Bank mobile portal is be designed to enhance existing Bualuang iBanking features and functions to provide Bangkok Bank customers with seamless and efficient banking access via the mobile channel. A proposed top-level feature layout is shown in figure #1 below. Blue colored items are mobile portal pages, other colors represent back-end security checks, processes and transaction workflow management features.
Using the .NET mobile platform for Bangkok Bank Mobile, custom content will be delivered to each customer based on the customer device mobile profile. This allows for a more rich experience for customers with Windows® Mobile, SmartPhone, BlackBerry®, iPhone®, and iPad® while also delivering complete content to customers with more standard-featured mobile devices. This dynamic content delivery is automatically processed via our .NET mobile software suite. This also allows for the seamless integration of new mobile devices that will become available to Bangkok Bank customers in the future. A sample mobile portal view for Bangkok Bank is shown in figure #2.
Mobile Portal Home Page
The Bangkok Bank mobile home page will include key information links which are helpful for all customers as well as potential customers. These links will be integrated with Bangkok Bank’s existing online portal and include the following:
Bangkok Bank rates and Forex.
Bangkok Bank products and services.
Bangkok Bank ATM and branch location finder.
Bangkok Bank key contacts (direct dial from mobile portal).
About Bangkok Bank mobile portal.
The GraphCube mobile portal software will allow Bangkok Bank authorized IT staff to easily update the information on the home page links as needed and as products and services and locations are added and modified. This allows for efficient content and information management at the Bank level.
Mobile Account Access Page
The mobile Account Access page is integrated with Bangkok Bank existing iBanking information and includes links to authorized customers' existing account information including the following:
View balances (savings, current, fixed-deposit, loan, and credit card).
View recent transactions. Track the movements of current, savings, and fixed-deposit accounts.
View credit card statements and transactions over the last three months.
View the repayment history of loan accounts to see remaining principal repaid transactions for the last twelve months.
Mobile Pay Bills Page
The mobile Pay Bills page is integrated with Bangkok Bank existing iBanking information and includes the complete list of Bangkok Bank payees. Authorized customers can perform the following functions with the mobile Pay Bills page:
View a list of payees (including credit cards) and make payments.
Schedule payment dates for recurring bills.
View payment history for individual payees.
Mobile Funds Transfer Page
The mobile Funds Transfer page is integrated with Bangkok Bank existing iBanking information and includes a list of approved beneficiaries (Bangkok Bank and other local banks) as well International Banks (SWIFT codes, account information, etc.). Authorized customers can perform the following functions with the mobile Funds Transfer page:
Transfer funds between your Bangkok Bank accounts.
Transfer funds from your account to someone else’s Bangkok Bank account.
Transfer funds to accounts at other banks.
Instantly add 3rd parties accounts.
Send an SMS message to notify funds transfer recipients.
International Funds Transfer(*).
Transfer of expenses for education overseas.
Transfer of expats' savings working in Thailand.
Transfer of money to relatives or family with permanent residency in another country.
*Note: requires approved application for beneficiary account. Once approved, the beneficiary account will be provided in the International Funds Transfer account list. The mobile portal will not include the online application form but will allow customers to send the application form to their email address.
Mobile Mutual Funds Page
The mobile Mutual Funds page is integrated with Bangkok Bank existing iBanking information and allows authorized customers to invest in mutual funds by performing the following functions with the mobile Mutual Funds page:
Purchase, redeem or switch orders for mutual funds units.
Check the status of account holder mutual funds units.
Mobile Cheque Services Page
The mobile Cheque Services page is integrated with Bangkok Bank existing iBanking information and allows authorized customers to perform the following:
Suspend your cheque payments.
View the list of cheques issued that have been returned over the last two months.
View the list of cheques deposited into your accounts that have been returned over the past two months.
Mobile Promotions Page
The mobile Promotions page allows authorized Bangkok Bank administrators to add and edit strategic bank promotions through an easy-to-use administrative web portal. The GraphCube mobile banking software can also integrate with Bangkok Banks existing online promotions, Whats New, and deliver these promotions to mobile customers. These promotions can be made available exclusively to the mobile channel if desired. Promotions can be tailored to specific customers, both registered logged in customers and general customers browsing the mobile portal. Promotions could include the following popular items:
Rewards offered to preferred selected bank mobile customers.
e-Voucher discounts for mobile-channel customers from preferred local vendors (dining, insurance, movies, airlines etc.)
Privileges to preferred mobile customers.
New offers specially targeted to mobile banking customers only (example: special flight promotions on Thai Airways or Nok air when using the Be 1st Credit Card).
Mobile My Settings Page
The mobile My Settings page allows authorized customers to modify some of their information including contact and email details as well as set their SMS notification preferences. SMS notifications can be set for bill due dates, account balance warnings, transfer status, and other items. The My Settings page also provides help menus for customers to get additional help about each of the specific mobile features.
Mobile Banking Software-Technical Details
The following chapters of this document include technical details about the GraphCube mobile banking software as well as our proposed system architecture, security, and ongoing support and enhancement services.
Mobile Banking Software Model
GraphCube recommends a leading-edge secure and comprehensive mobile banking portal and software suite for Bangkok Bank. Our recommended model includes key processes and design details to ensure a successful mobile banking portal for Bangkok Bank. Key details include the following:
Deployment of an advanced secure .NET customizable web front end mobile portal.
Integration with Arcot Corporation RiskForte™ digital authentication software.
Integration with VeriSign® 128-bit SSL digital server certificates.
Integration with Microsoft® Windows servers and SQL Server® mobile databases.
Deployment of triple DES data encryption in SQL Server® for selected mobile data.
System Independent Verification and Validation (IVV) audit by 3rd party security firm (Disys Corporation) prior to deployment.
The following sections of this proposal provide technical details about our mobile banking portal for Bangkok Bank.
Mobile Transaction Functional Details
The mobile banking module can be thought of in terms of three primary Functional Areas where the software performs a series of Functional Processes based on a given set of business rules. The functional areas include:
Customer Area (mobile devices and server connections).
Service Broker Area (mobile transaction processor; Bangkok Bank).
Financial Institution Area (Bangkok Bank server).
There are five primary Functional Processes which the mobile banking module performs. These functional processes include:
Customer Login Process.
Customer Validation & Authentication Process.
Presentation of Transaction to Customer.
Transaction Processing and Authenticity Verification.
Transaction Acceptance, Completion and Audit Creation.
Each functional area is integrated through a series of secure connections to permit a secure login and transaction process. Figure #3 below is a general diagram of these functional areas. Detailed explanations are included in the following sections.
In reference to Figure #3 , the Functional Areas and Processes for the mobile banking software are described in accordance with the corresponding numbers in the figure.
1This functional area represents the Customer Area or the main entry point for mobile users. The customer functional area refers to any mobile connection and/or wireless device connecting via the Internet. These mobile users connect to the Bangkok Bank mobile transaction server and initiate login. The mobile banking transaction server detects each connected mobile device and then delivers the most appropriate configuration for the device. There can be unlimited mobile users on the transaction server; in the event processor resources are completely consumed by overwhelming numbers of users, users are managed with load-balancing software that preserves session binding variables. Note: Session variables are encrypted by the transaction server and then bound to the connected mobile device.
2
This functional area represents the Service Broker or mobile transaction server. The Service Broker performs a critical role as the primary transaction processor/server as well as the primary security interface protecting and shielding the connected financial institution from potential security threats. Specifically, the service broker manages the following security parameters:
Customer-to-broker connection security and transaction validation.
Mobile device detection and mobile page delivery.
Session variables management and security.
Broker-to-bank secure communication (https and XML) via shared key and/or session variables.
Transaction data package verification and presentation to Security Stack.
The key function and advantage of the Service Broker model is that the transaction server is positioned as a gateway protecting the bank and manages all initial client (customer) verification, processing, page delivery, and security before any transaction is sent to the bank back-end servers. In addition, the Service Broker model keeps all client transaction processing on the transaction server thereby reducing potential intrusion threats to the financial institution.
When a transaction data package is ready to be sent to the bank for processing, the Service Broker model establishes one threaded connection via the Service Broker to the Bank by way of a multi-level security stack and shared keys & variables. This server-to-server transaction communication is more secure, more efficient, more reliable, and more flexible and scalable than a direct customer connection to the bank server. For example, instead of multiple clients accessing the bank’s servers, there is only one connection and one trusted Bank server access via the Service Broker.
3 This transaction component represents two primary processes. The first process is the establishment of encrypted binding session variables on the customer (mobile phone or device) and the Service Broker. These session variables can only be set and read by the mobile transaction server which ensures that the transaction has originated and is taking place on the bank transaction server. For high-level security, in the event a client loses or does not possess a transaction server session variable or if a session variable has become corrupted, processing for that client is stopped and the client is forced back to the start pages. This prevents unauthorized access to the payment module on the transaction server.
The second process is the forced https (SSL) customer-to-broker connection. The transaction server examines every connection and every https/XML request to ensure all requests occur over SSL; in the event an https Connection is lost or a user tries to connect without https, the client is forced back to port 443 (SSL) before any further processing or code execution can occur. Forced https (128 bit) data and transaction encryption ensures high-level security and transaction integrity on the transaction server.
4 This transaction component represents the processes whereby the transaction server and the financial institution bank server establish both of the following security exchanges:
An pre-configured hashed shared key between the Service Broker transaction server and the financial institution server.
An encrypted shared session variable which is passed between the Service Broker transaction server and the financial institution server for each client and each transaction.
The primary function of shared keys shared session variables is to ensure that all transaction communications originate from a trusted server and to ensure that communication integrity between servers has not been compromised by an unauthorized source or a man-in-the-middle (MIM) attack.
5This transaction component represents the processes whereby the transaction server creates a transaction data package for presentation to the financial institution. This data package includes various security parameters (shared server keys/variables, session parameters, device parameters, etc. ) as well as the actual transaction data (account view, funds transfer, etc.). This transaction data package is passed via secure XML over port 443 to the receiving financial institution server. The next step in the process of transaction data package transfer is arrival of the package at the Security Stack external to the Bank back-end server firewall. The package is now examined according to the Security Stack rules discussed in the next section.
Again, the advantage of having a single server-to-server connection as designed in our Service Broker configuration is that the financial institution only has to manage one trusted customer, the Service Broker, as compared to other vendors which require the financial institution to manage ALL connected customers.
6This functional area represents the interface between the Service Broker and the Financial Institution (Bangkok Bank). In Figure #3, this is referred to as the Security Stack. GraphCube has created an extremely strong 4-layer security stack. This layered configuration serves as a tactical barricade preventing entry to the Bank firewall until all four security layer conditions are met. The conditions which must be met include the following:
Layer 1: Has the transaction data package arrived encrypted via SSL on port 443?
Yes: Continue to Layer 2
No: Abort all processing. Generate exception handler, detect device IP address and device details for handler file. Send out exception handler to system administrators.
Layer 2: Does the detected IP address for the transaction data package exactly match the predefined Service Broker IP address?
Yes: Continue to Layer 3
No: Abort all processing. Attempt to set a blocking (Trash Can) variable/cookie on the referring device; set the Trash Can expiration for 365 Days. Generate exception handler, detect referring IP address and all device details for handler file. Send out exception handler to system administrators immediately. Send out SMS to system administrators mobile phones immediately. Send out message to Data Center to add referring IP address to disallowed IP addresses in Windows Console Manager. Review system access before removing IP address from disallowed IP table.
Layer 3: Does the transaction data package contain a client session variable from the Service Broker server?
Yes: Continue to Layer 4
No: Abort all processing. Generate exception handler, grab device IP address and device details for handler file. Send out exception handler to system administrators.
Layer 4: Does the transaction data package contain a Shared Server Key and Server Session Variable and if so, does this variable/key match the predefined values?
Yes: Pass the transaction to the Bank Firewall for hand-off to Bank. Include results for each of the layers above in the Data Package.
No: Abort all processing. Attempt to set a blocking (Trash Can) variable/cookie on the referring device; set the Trash Can expiration for 365 Days. Generate exception handler, detect referring IP address and all device details for handler file. Send out exception handler to system administrators immediately. Send out SMS to system administrators mobile phones immediately. Send out message to Data Center to add referring IP address to disallowed IP addresses in Windows Console Manager. Review system access before removing IP address from disallowed IP table.
If all the conditions are met in accordance with predefined rules, then the Security Stack will allow the transaction data package to pass through the stack to be presented at the Bank firewall. The Bank firewall and application rules will then make one of two decisions only:
Accept the transaction data package and process it according to Bank rules; return the predefined results to the Service Broker.
Reject the transaction data package and send message to the Service Broker that the data package was rejected; Bank will supply a predefined set of error/rejection messages for debugging purposes.
7This functional area represents the Financial Institution (Bangkok Bank) or Bank server. The primary responsibilities of the Bank in the transaction process include:
Accept or Reject the transaction data package from the Service Broker.
Validate/Authenticate the user in the data package (user ID, Password, IC/Passport, etc.).
Pass back User Authentication Package to Service Broker:
User Authenticated: No. Abort. Allow user 2 more sign in attempts.
User Authenticated: Yes. Include the following in Authentication package:
User Authentication Key (1=yes, 0=no).
User First Name and Last name.
User Account Types.
Bank transaction number; Bank Date/Time.
Web Service Process Details
Figure #4 is a diagram of the standard technical processes required for mobile transactions. Each of these steps is described in detail in the following sections.
Step 1: Customer Login Process
The first step of the mobile transaction process involves the customer login. Customer login occurs on the transaction server via a login page formatted for the connected mobile device. The login process includes a series of security filters and security checks; these checks and filters are designed to ensure the integrity of the connected device and to validate the origin of the login process. Specifically, the following parameters are validated on the connected customer and validated with the transaction server credentials:
Customer Origin: the referring page from which the customer has requested the login. This security check ensures that the login request is from the Bangkok Bank transaction server. No other origin is allowed; the login is terminated if the customer origin not via the transaction server page. This prevents page hijacking or spoofing.
Customer Session Variable: the transaction server checks the connected customer for an encrypted session variable from the transaction server. If this session variable is not present or has been corrupted, the login is terminated. This session variable check prevents page hijacking or spoofing.
A If the above security filters and checks are successfully validated, the connected customer (mobile device) is presented with the Bank login page. The login page is presented only over an SSL connection. In the event an SSL connection is not made, the client is automatically redirected to port 443 for a secure connection. The customer is also presented with a Locked Icon with the words Secure if the connection is secure. If the connection is NOT secure, the Lock Icon is open and the warning Not Secure — Stop is shown to the customer and the login button is disabled. This lock is also bound to the transaction server IP. If a secure connection cannot be established, the login process is terminated.
If all the security filters and checks for Step 1 are met, the customer login page is sent by the transaction server via an encrypted https Post method to the Bank security stack.
Step 2: Customer Validation & Authentication Process
The second step of the mobile transaction process involves three primary phases.
Phase 2: customer validation and authentication (Bank server) via Arcot® Risk-Forte™ authentication software.
Phase 3: customer authentication results pass-back to the transaction server
Phase 1 starts at the Security Stack Bank interface. The Security Stack includes the following layers and functions which serve as security filters and checks before any transaction is allowed to pass through the Bank firewall.
Port 443 Filtering: the first security stack layer includes a filter for checking to ensure that the transaction from Step 1 has been directed to port 443 (SSL) at the Bank interface. This filter is shown in Figure #4 as the green server port. If the login transaction is NOT presented to port 443, the login is terminated and sent back to the transaction server.
IP Lock: the second security stack layer includes a filter to check the IP address of the referring server for the login page. The IP Lock layer will only accept requests from the transaction server IP. Any other IP addresses are blocked and transaction processing stopped.
Session Lock: the third security stack layer includes a filter to check for the existence of an encrypted transaction server session variable. This session variable is required for the transaction and can only be set by the transaction server. If a transaction session variable is not present, the transaction processing is stopped.
Server Lock: the fourth security stack layer includes a server shared key and predefined session variable. This shared key/session variable can only be set and read by the transaction server and bank server. If a shared key/session variable is not present, transaction processing is stopped.
Bank Firewall: the final security stack layer consists of the Bank Firewall. The Bank firewall is controlled and managed by the Bank in accordance with their rules and procedures.
In order for a login to be presented to the Bank for validation and authentication, each of the above security layers must be successfully passed in accordance with predefined rules. These predefined rules are established in a written Service Agreement between the Bank and the technology vendor (GraphCube). If the transaction fails to successfully pass any of the above security layers, transaction processing is stopped and the transaction event is logged in a failed transactions table in the mobile transaction server database.
Phase 2 takes place on the Bank server and includes customer login validation and authentication. Phase 2 is a Bank process and occurs in accordance with Bank rules and regulations. The service broker is not directly involved in the Bank customer validation and authentication process except to ensure that all security layers are successfully passed at the security stack before a customer is presented to the Bank for validation and authentication.
At this phase of customer authentication, the mobile banking software invokes the Arcot® RiskForte™ authentication software according to the figure #5.
The RiskForte™ process is designed to create a real-time risk assessment profile and then determine the action allowed based on Bangkok Bank’s predefined business rules. Specifically, every transaction generates a risk score which is then evaluated against the bank business rules and the appropriate action is then processed (Approve transaction, Decline transaction, Alert Customer Service Representative-CSR and provide additional authentication). A summarized explanation of the process is provided as follows:
Customer location ID, device ID (mobile IMEI number) and user ID is evaluated based on user login history and device identification.
User transaction type and details are compared with historical transaction data for this user (Risk Model) and evaluated with the parameters collected in (1) above. A Risk Assessment score is generated for this user and this transaction.
The risk score is compared with Bangkok Bank business rules (policies and user details) and a decision is generated based on the risk score and business rules.
The decision generated in (3) authenticates the user transaction in one of three decision matrices:
Approve the transaction based on the risk score and business rules
Alert the customer service representative (CSR) and require additional authentication information from the user (security questions, etc.)
Decline the transaction based on the risk score and business rules and create an audit trail.
The above RiskForte™ process is seamless and transparent to the customer and occurs in real-time during the transaction processes.
Phase 3 involves the Bank-to-Transaction Server pass-back for the following security parameters:
Authentication status.
Customer login status.
Transaction status.
This process includes an XML SOAP data package (Web Service) post to the transaction server. The SOAP data package contents are based on the authentication status (authenticated or not-authenticated) for the customer login. Examples of standard SOAP data package elements and structure are included in Figure #6 below. An explanation of each data element is included in Table #1 below Figure #6.
For the above authenticated user SOAP data package, each of the data elements are described in further detail as follows:
In the event a customer is not authenticated, the Bank will return the following SOAP data package (figure #7) to the transaction server.
The SOAP package detailed in figure #7 includes the Authentication Status value of 0, which means that the customer login was unsuccessful. Based on predefined business rules, the non-authenticated customer may be allowed several more attempts to login. If this is the case, the transaction server will allow the customer to reenter their user ID and password. It is the policy of GraphCube to allow no more than three (3) consecutive login attempts by a customer. After the third unsuccessful login attempt, the customer is prevented from any further login. This process can be modified based on the Bank requirements. This policy is further described in the section titled Software Operational Written Agreements.
Step 3: XML Processing
The third step in the mobile transaction process involves XML processing of the SOAP data package passed to the transaction server from the Bank as detailed in Step 2. There are several initial security filters which are performed when the SOAP data package is received from the bank by a connected mobile customer.
B The first security filter involves testing the SOAP data package origination to ensure that it was passed from the Bank server IP address. If the origination IP does not match the Bank IP, transaction processing is stopped. If the origination IP is verified and matches the Bank IP, the SOAP data package is opened (parsed) by the transaction server starting with the SOAP Header as detailed below.
SOAP-Env Header:
The second security filter includes examining the SOAP Envelope Header information. If the Authentication Status element is 0, the transaction server redirects the connected mobile customer back to the login page and Step 1 starts again. The connected mobile customer is provided a message that the login failed. Three login retry attempts are allowed. After three failed attempts, the connected mobile customer is no longer allowed further login attempts. Processing is stopped for the connected device.
If the Authentication Status element is 1, each of the header element values are checked and verified. If verification passes for each of the header elements and the Customer Session in the SOAP header matches the session binding of the connected mobile customer, the processing is allowed to proceed as detailed in the following section.
SOAP-Env Body:
Once the SOAP header has been verified, the transaction server examines the data package elements in the SOAP-Env Body to ensure that all required elements are present. If any required elements are missing or there is any corruption of the elements, the transaction server creates an error log and presents the Bank IT administrators with the resulting error message. Processing is stopped upon error logging. If the examined SOAP-Env Body contains all the required elements, the connected mobile customer is directed to Step 4 for presentation of the transaction.
Step 4: Transaction Presentation
Step 4 of the wireless payment process includes displaying the parsed SOAP XML data to the connected mobile user’s device. This presentation is accomplished by the transaction server .NET compact framework software which determines the best language format to deliver to the device.
CD The presentation to the connected mobile customer includes several security filter checks. The first security filter ensures that the presentation page has originated from the transaction server IP address. The second security filter includes verifying that the connected mobile device and the SOAP data package session variables match. If both security filters are successfully passed, the transaction server begins processing the display to the connected mobile customer.
The transaction presentation includes the following elements from the SOAP envelope in addition to several transaction server elements:
Secure connection indicator. Locked if secure, unlocked if not secure. If not secure, the Confirm button is disabled and transaction processing is stopped.
Bank Logo and Bank specific notices, if any.
From Account select list
Transaction Number
Transaction Amount (if any)
Effective Date
Once the customer has reviewed the transaction details and clicked the Confirm button, the transaction is returned to the Bank for processing in Step 5.
Step 5: Transaction Processing
E The fifth step of the mobile transaction process involves processing the transaction by the Bank. The process requires several phases to complete. The first phase is the pass back of the SOAP data package from the transaction server in Step 4. The passed back SOAP data package goes through the same security filters and validation process as Step 2 with the exception that the connected mobile customer has already been authenticated. In particular, the SOAP data package is sent from the transaction server to the Security Stack at the bank and evaluated according to the following filters:
Port 443 Filtering: the first security stack layer includes a filter for checking to ensure that the transaction from Step 4 has been directed to port 443 (SSL) at the Bank interface. This filter is shown in Figure #3 as the green server port. If the login transaction is NOT presented to port 443, the login is terminated and sent back to the transaction server.
IP Lock: the second security stack layer includes a filter to check the IP address of the referring server for the login page. The IP Lock layer will only accept requests from the transaction server IP. Any other IP addresses are blocked and transaction processing stopped.
Session Lock: the third security stack layer includes a filter to check for the existence of a transaction server session variable. This session variable is required for the transaction and can only be set by the transaction server. If a transaction session variable is not present, the transaction processing is stopped.
Server Lock: the fourth security stack layer includes a predefined server shared key. This shared key can only be set and read by the transaction server and bank server. If a shared key variable is not present, transaction processing is stopped.
Bank Firewall: the final security stack layer consists of the Bank Firewall. The Bank firewall is controlled and managed by the Bank in accordance with their rules and procedures.
If the SOAP data package fails any one of the above security filters, the transaction is stopped and logged in the transaction server error log tables. If all of the above filters are successfully passed, the SOAP data package is presented to the Bank for processing.
Bank processing involves examining the contents of the SOAP data package Header and Body contents. The SOAP Envelope looks exactly the same as the SOAP Envelope from the Bank in Step 2 except that the AccountType and AccountNumber data elements have one and only one discrete data value respectively. This data value represents the Pay From account selected by the connected mobile customer.
Once the Bank has parsed and validated the SOAP data package and its contents, the bank is ready to perform its internal payment processing, in the case of a Bill Pay function for example. Generally, payment processing at the Bank level includes the following primary steps:
The Bank debits the connected mobile customer’s account
The Bank credits the Client’s (Payee) account
The Bank provides a payment status indicator and a reference number
At the completion of the Bank payment transaction process, the Bank sends the SOAP data package back to the transaction server for presentation to the connected mobile customer. The SOAP data package is processed through the same security filters as in Step 2. The SOAP data package from the bank is identical to the SOAP data package received from the transaction server in Step 4 with the exception that the PaymentStatus and BankReference data elements within the SOAP envelope body have discrete values from the Bank Payment Process. Once the SOAP data package has been sent to the transaction server, from the Bank perspective the wireless payment process is complete.
Step 6: Transaction Completion
F Step 6 of the wireless payment process includes the Transaction Completion and is the final step of the transaction process. This process includes presentation of the transaction details to the connected mobile customer. The SOAP data package is passed from the Bank to the transaction server. The SOAP data package is processed according to the same security filters as in Step 4. If the SOAP data package fails any of the security filters, the transaction is stopped and logged in the transaction server error log table. If the SOAP data package passes all the security filters, the transaction details are presented to the connected mobile customer.
Upon presentation of the transaction completion screen to the connected mobile customer, the mobile transaction payment process is complete in terms of the transaction server and the Bank. Select transaction logs are encrypted and saved for audit purposes. Session variables between the transaction server and the bank are deleted.
Software & Hardware Architecture
The GraphCube mobile banking software is written in Microsoft® .NET and runs on Windows™ web servers. The enterprise database is Microsoft® SQL Server and the server digital certificate is a 128-bit VeriSign® server certificate. Figure #8 shows the generalized architecture for our mobile transaction system.
In Figure #8, the existing mobile transaction system architecture consists of four primary application servers, each with a particular function. External to the system architecture are connected mobile devices, displayed in the diagram for reference. For the purposes of this technical proposal, the primary consideration involves the Transaction Server to Bank Processing Server interface connection. For reference, the four server components and connected mobile devices are detailed below:
Bangkok Bank Transaction Server: This server manages all mobile device connections and also communicates with the Bangkok Bank corporate server. The transaction server also is connected to an SQL server database for managing mobile transactions. The transaction server and SQL database are protected by firewalls and managed port scanning and monitoring. The transaction server includes a 128-bit VeriSign® server certificate for SSL connections.
Bangkok Bank Mobile Development Server: This server includes a development platform for the mobile banking software. Keeping the development environment inside the bank ensures a more comprehensive security matrix. The development server is protected by a firewall, IP restriction rules, and VPN connections.
Bangkok Bank Corporate Server: This server contains Bangkok Bank customer information. Interaction with this server is via only trusted transaction server connections. The bank corporate server is protected by firewalls and other bank specific security parameters.
Disaster Recovery Server: GraphCube proposes a mobile disaster recovery server for Bangkok Bank to ensure continuity of operations in the event of a production server failure. The disaster recovery server should be continuously updated with current data.
SQL Database Server: The SQL Server database resides on a separate database server for security and performance. The SQL Server is protected by firewalls and other security restrictions.
Connected Mobile Devices: This is not a server environment but rather a framework where mobile customers connect to the bank transaction server. The transaction server manages these connections through shared session bindings and delivers content to the connected devices as well as device transaction processing and generation of risk scores according to the RiskForte™ authentication software. Connected mobile devices are managed via session variables and SSL 128-bit secure connections.
Software & Hardware Hosting
For security and auditing purposes, GraphCube recommends that all mobile banking software and hardware should be located and hosted at the Bangkok Bank existing data center unless there is a compelling reason to locate the mobile banking software elsewhere. Keeping the mobile banking software together with the Bangkok Bank iBanking software at the existing data center will ensure compliance with existing Bangkok Bank security policies and procedures.
Additionally, to prevent potential breaches of security, GraphCube recommends that all development efforts for the Bangkok Bank mobile banking software should occur on-site at the Bangkok Bank existing iBanking data center.
