The document discusses how mobile technology can enable new capabilities but must provide clear benefits to users and businesses. It notes that users will only adopt new technologies for regular activities if the old way is painful, and the new way is better. The document then outlines examples of mobile solutions for payments, ticketing, and security that provide benefits to both customers and corporations by reducing costs, increasing sales, and usability.
Strategies for Landing an Oracle DBA Job as a Fresher
Mobile Commerce meets the Real World - Mobile Ticketing
1.
2. Just because you can do something
with mobile technology -
Does not mean that
customers will want
to use it
Does not mean that
corporations will
promote it
3. Normal people will only try to use new
technology to do a regular daily activity…
…if the old way of doing
it is painful enough to
make them try
something new.
At that moment:
offer them a
better way.
4. Make a clear business case first
Must make more money
Reduce Costs
or
Increase Sales
Must pay for itself in the first year
Capital is not easy to raise right now
$$$
5. 2002
•First in-game
micropayments
2004
•First mobile viral apps
2006
•Playtech mobile casino
•750+ handsets
•6 languages
2007
•First certified mobile security
•3Kb EncryptME
•Award winning
2008
•Ticketing
•Money transfers
•Banking
• 20 currencies
• 4 alphabets
• 2 Factor Authentication
• Secure messaging
• UK Rail Ticket Standard
8. WAP / xHTML
Browser based, like on
the web
No javascript or Ajax
on most mobiles
Application
Installed on the phone
Dedicated, customised
9. Still useful without a continuous
data connection
Optimised data entry
Faster responses
Catch mistakes quicker
SMS failover from GPRS
Avoid settings, reception &
roaming problems
Cheaper + faster for the user
Send only the data
Flat rate data is still not common
10. Support the popular handsets
Not just the “easy” ones
Adapt content and graphics to
screen size
Automatic handling of handset bugs
Optimise experience for form factor
11. To Enable Payments
Credit Card Transactions
Bank Transactions
WAP and SMS alone are
not PCI/DSS secure
Why not use pSMS / Operator?
Too expensive for many industries
(cost of Operator Billing>40%; only 1% to 3% for Visa)
12. US Government Certified
British Telecom validated
IET Security Award
Latest Encryption Strength
1024bit RSA, 256bit AES
Standard Server Cryptography
Tiny 3Kb library
Works on all Java phones
Extremely fast
Secures any medium
SMS, GPRS, Bluetooth, NFC
On-phone storage
13.
14.
15.
16. Only 12% of UK rail tickets sold on the
internet – most bought at station
Over 2/3 of mobile users do not
complete registration if it’s on the web
So: Sign up the users when they need it
in a queue
in a hurry
next to a broken ticket machine
17.
18.
19. No sign-up process
no usernames
no passwords
Mostly off-line interface, SMS backup
Fast repeated regular purchases
Auto-show tickets, full screen barcodes
20. Contactless RF
Smart-Card
(Oyster, Mi-Fare)
NFC Phones
Barcodes
Self-print
Mobile
Dependant on scanning hardware
Soft rollout option with visual inspection
21. Avoid up-front capital cost of
full barcode scanner rollout
Visually inspect at launch
Staff report barcode ticket
usage levels each week
Occasional SMS or scan checks
Staged scanner rollout for
routes with significant adoption
22. RSPS3001 Approved in December 2008 as the UK standard
for self print and mobile barcode rail ticketing
23. Share self-print and
mobile barcodes
between Operators and
3rd party retailers
Public and open security
Based on PKI, standard
SSL certificates
Decentralised system -
robust
24. Any barcode scanner, online or off-line,
must support: 2D Aztec with CCD imager
Handheld
Small basic scanners for door staff
Advanced PDA based scanners for service staff
Bluetooth scanner upgrade for Avantix Mobile 2
Cash Register/EPOS Scanners
Connect via USB or as “keyboard wedge” in
between keyboard and EPOS like a normal scanner
Fixed Scanners for gates or check-outs
Retro-fit to existing gates, user places phone on
rubber face to scan
Or built in at manufacture by gate supplier
Retro-fit
Fixed / gate
scanner
EPOS Scanner
Basic Advanced
Bluetooth
25. Customer
Sign-up in the queue
(no usernames or passwords)
No queues ever again
Quicker re-purchase
Tickets same price
Corporation
Lower cost per sale
No need to expand stations (major cost)
Staged capital expense on scanners
27. Payments straight from phone
No need for explicit sign-up or passwords
Just type CVV again for future purchases
All user data entry and validation performed off-line
by application
Secure SMS for users without data settings or with
poor reception
New user can sign-up and pay in just one SMS
95% of surveyed users said:
“better than the IVR system we used until now”
28. Buy anywhere
No paper, no queues - barcode tickets
Tunnels aren’t showstoppers!
Auto-detects SMS or GPRS
1-2 SMS per ticket
Doubles the consumer uptake by removing Data issues
Quick repeat tickets
Customer loyalty and lock-in
Chiltern Railways with YourRail
User feedback: “Better than the web!”
29. People will only try to use new technology
to do a regular daily activity…
…if the old way of doing it is painful
enough to make them try something
new.
At that moment:
offer them a better way.
Editor's Notes
Masabi have been producing downloadable mobile applications for over 7 years,
and today Masabi secure mobile applications process millions of dollars worth of transactions every year
Our applications are built on three core principals –
Make the application usable and relevant to the end user, and make the default use cases quick and easy on the mobile. (I’ll show you some sides of that later)
Then, PORTABILITY to all popular handsets, including the older handsets that many developers avoid, to ensure the largest possible user-base for your service.
For Mobile commerce – security, on all phones, to modern public standards.
[The screenshots above are animated, to show useful UI widgets helping the user to select from large lists, or input Credit Card numbers correctly]
WAP and WEB services are Thin Clients ; good when you have a reliable, low latency connection.
Mobile is not like that. – inside buildings, moving vehicles and in remote locations: connections are often dropped or unavailable.
Mobile Java allows us to build FAT clients, and not just glorified mini-browsers!
Applications should provide most of the interaction while OFF-LINE and then only require an occasional connection at the end to make transactions, or get updates.
e.g. you should be able to review your bank account and create new payment instructions while on the metro, not only when stood still in good
Here are screenshots showing how you can quickly select one station from a list hundreds long, and also how to perform local validation of credit card numbers before sending to reduce the number of unecessary network connections
SMS Failover:
Many users (more than half, we reckon) cannot make network connections from Java using WAP, because they need to switch to the correct INTERNET settings.
To provide these users with an out-of-the-box instant purchase, the application can automatically detect the lack of functioning GPRS and switch to encrypted SMS instead.
Hold up 3510i or old Nokia S40 phone
When you provide transactional software for these old phones, we find that significant numbers of people use them. Can you afford to throw away 10-20% of your users?
(By way of comparison Microsoft and iPhones represent around 1% of the market)
To provide Portability, we use our own porting Framework: DevelopME
We’ve seen many mobile products that are either attractive, but high-end only; or basic-looking and available on all handsets.
Through DevelopME we are able to provide attractive apps on all Java phones.
You have to work hard to build full function applications that work on the older phones, and you can’t out-source it, or think about it late in your dev cycle – it has to be at the core of how you build everything.
It’s not just different graphics sizes and bugs, you have to build variations of UI’s that make the best use of very different input mechanisms on the different phones, and not expect the end consumer to re-learn new UI concepts that they don’t already use on their phone every day.
Standard GSM services are not secure to Financial Services or Payment Card Industry regulations.
You shouldn’t use SMS or WAP to send payment instructions, bank passwords or credit card details because too many individuals can gain access to them in transit.
(True end-to-end https is only available on the latest handsets – slow and not usable from Java or SMS.)
"The contents of SMS messages are known to the network operator's systems and personnel. Therefore, SMS is not an appropriate technology for secure communications. Most users do not realise how easy it may be to intercept“
Nick Jones, Gartner Research 2002 http://www.gartner.com/DisplayDocument?doc_cd=111720
“It would not be enough for a financial institution to provide mobile banking services relying on de-facto GSM protocol security”
Pakistan State Bank, Guidelines for Branchless Banking 2007
http://www.sbp.org.pk/bprd/2007/Guidelines-Branchless-Banking.pdf
We built EncryptME to the latest standards for new secure web services, and it is still the world’s only US Government Certified mobile java security library.
At 3kb, it can provide security on the oldest java handsets, including the black and white Nokia 6310i (show legendary retro business phone)
Most importantly, it allows SMS data to be encrypted too!
Servers can continue to use standard cryptography from Sun or Microsoft etc – they don’t need to use custom or proprietary security libraries.
We’re using on-screen barcodes to show the ticket values for reading by automatic gates, or checking by the train guards who carry hand-held scanners.
The ticket code can be transferred to the NFC element on compatible phones (like this nokia 6131) but this handset is the only mainstream GSM handset with NFC and we’ve not heard of others in the pipeline.
Even when NFC services become mainstream, you will still need a secure interface to purchase entitlements, before they get transferred to the NFC element.
75% (roughly) UK airline tickets purchased online,
Yet only 2% of heathrow express tickets bought on-line
Because people only think and act on their public transport needs as they approach the station.
Mobile can give every user their own ticket machine, that never has a queue.
Simple – simply put in your car, your credit card, and how long you want to park.
Brand new user can sign up and pay in just one secure SMS (or 0.02pence worth of data)
Extend your parking without returning to the vehicle.
Credit Card details entered just once into the application.
Users have said “easier to use the mobile purchase than web purchase” because of quick, optimised workflow.
Come see me after for live demos,
or to chat about building secure mobile applications for
m-commerce,
Banking,
Ticketing,
Messaging,
Read our blog for more details on security.
blog.masabi.com