Copyrights © 2013 MobiFin Proof of Concept to NAPSA

Copyrights © 2013 MobiFin Agenda Introduction Key Advantages mBanking Core Services mBanking Add On Services Interfaces Administration Solution Portfolio – mBanking Pre-requisites Security Scalability Architecture Questions and Answers

Copyrights © 2013 MobiFin Introduction Mobile Penetration has reached parallel to the population of a countries across global and in many countries greater then that too. Mobile Penetration has reached parallel to the population of a countries across global and in many countries greater then that too. Mobile has enabled users with set of services that very were never thought of. Mobile is getting smarter with greater access to data services Mobile is most frequently used and widely acceptable technological device then any other. Finance is key need of any people and it makes sense to enable Mobile with set of financial tools and features. Finance is key need of any people and it makes sense to enable Mobile with set of financial tools and features. Finance sector can utilize advantage of Mobile to penetrate all class off society.

Copyrights © 2013 MobiFin Introduction Mobile Banking solution for banked population The solution is provided to bankscustomers to avail information and transact on the move The solution is provided to bankscustomers to avail information and transact on the move The banks can retain existing customers and attract more by providing this mobile banking solution The banks can retain existing customers and attract more by providing this mobile banking solution Mobile Banking solution for un-banked population Reach out un-banked population in the rural area to expand customer base. Reach out un-banked population in the rural area to expand customer base.

Copyrights © 2013 MobiFin Key Advantage Expand financial sector reach by leveraging Mobile medium. Ease of use for financial services via various interfaces like IVR,USSD, SMS and Smart Apps. Expand Set of Services to larger sector of society. Solution Providers (Service Provider) Acquire large number of customers for their solution or services Acquire large number of customers for their solution or services Banks Expand customer base by providing basic banking facilitythrough financial inclusionto unbanked population. Penetrate unbanked customers. Expand customer base by providing basic banking facilitythrough financial inclusionto unbanked population. Penetrate unbanked customers.

Copyrights © 2013 MobiFin Key Advantage Telecom Operators Higher revenue through increased GPRS and SMS usage Higher revenue through increased GPRS and SMS usage Increase ARPU to the mobile operator. Increase ARPU to the mobile operator. Utility Organizations Prompt payment of bills enabling better cash flow Subscriber / Customers Basic banking facility made available and advantage to transact on the move.

Copyrights © 2013 MobiFin Mobile Banking Core Services Banking Services for Banked Customers Cash In From Bank Account Cash Out to Bank Account Wallet Statement Wallet Transfer Cash In From Bank Account Cash Out to Bank Account Wallet Statement Wallet Transfer Cheque Request Bank Account Statement Bank Fund Transfer Add Bank Account Remove Bank Account Cheque Request Bank Account Statement Bank Fund Transfer Add Bank Account Remove Bank Account Mobile Wallet Wallet Services Banking Services

Copyrights © 2013 MobiFin Add on Services Payment Services for Banked Customers Mobile DTH Electricity Insurance Mobile DTH Electricity Insurance Mobile Wallet Add On Bill Pay Mobile DTH Electricity Data Top UP Mobile DTH Electricity Data Top UP TopUp Bus Ticket School Fee Movie Tickets Railway Tickets Bus Ticket School Fee Movie Tickets Railway Tickets Utility Pay Merchant Payments Pay Now Wallet Transfer

Copyrights © 2013 MobiFin Customer Interface Customized Commands to operate Wallet over easy sms interface. Customized Commands to operate Wallet over easy sms interface. Mobile Wallet Interfaces SMS IVR USSD Mobile Apps Multilingual IVR System to enable customer to operate their wallets Multilingual IVR System to enable customer to operate their wallets Customized Commands and service menu over USSD interface provide faster access to Wallet services. Customized Commands and service menu over USSD interface provide faster access to Wallet services. J2ME M-Banking App for Low End Mobile Devices. Android and Iphone Apps for Smart Mobile Devices. J2ME M-Banking App for Low End Mobile Devices. Android and Iphone Apps for Smart Mobile Devices.

Copyrights © 2013 MobiFin Platform Key Modules Wallet Service Module Service Provider –Integration Module Distribution Module Customer Support Module Business Rule Module Notification Module Loyalty Program Module MIS Reports Module

Copyrights © 2013 MobiFin Mobile Banking – Enrolment Process Bank Customer Enrolment for mBanking Enrolled DataPre Data Validation Process data and Storage Server Smart Login and APP DispatchmBanking Smart Login Personalized and Printing Processed Enrolment Data BANK

Copyrights © 2013 MobiFin Mobile Banking – Basic Banking Balance Inquiry Select Check Account Balance Banking Service Check Account Balance Last 5 Transaction Request Check Book Bill Payment Utility Payment Airtime BOB A/C No AXIM A/C No. 1XXXX ICICI A/C No. 1XXXX Check Account Balance Select Check Account Balance Choose the Account Number

Copyrights © 2013 MobiFin Mobile Banking – Basic Banking Balance Inquiry Enter the Transaction PIN Choose the Account Number Check Account Balance Enter PIN Number XXXX Your Balance on Dt. 12, 2012 At 11PM GMT 3.00 is TSH Check Account Balance

Copyrights © 2013 MobiFin Mobile Banking – Basic Banking Account Statement Select the Account Number Enter the Transaction PIN Lists the first 4 transactions. Click on the transaction to view details Transaction is displayed as shown

Copyrights © 2013 MobiFin Mobile Banking – Basic Banking Money Transfer Select Money Transfer option Enter Receiver ’s Account Number Choose Account to transfer from Enter the Amount to be transferr ed Enter the Transact ion PIN Transact ion confirm ation

Copyrights © 2013 MobiFin Mobile Banking – Basic Banking Bank Integration using ISO 8583 Standard for Financial Transaction Card Originated Messages Basic Bank feature for banked customer Bank Integration using ISO 8583 Standard for Financial Transaction Card Originated Messages Basic Bank feature for banked customer API Integration To secure, encrypt and sign the transaction requests Mobile OS Integration (Encrypted) USSD driven secure Menu Access Code Integrations with all Carriers (Inbound request) USSD driven secure Menu Access Code Integrations with all Carriers (Inbound request) USSD Gateway Bulk SMS provisioning (Outbound) Access Code Integrations with all Carriers (Inbound SMS) Bulk SMS provisioning (Outbound) Access Code Integrations with all Carriers (Inbound SMS) SMSC Gateway (optional) SMSC Gateway (optional) Inbound IVR call IVR Acess Number (optional) IVR Acess Number (optional)

Copyrights © 2013 MobiFin Abstract Mobile Commerce service, also referred to as Mobile Top Up, Mobile payment, Mobile Banking, Mobile Money Transfer and Mobile wallet generally refer to payment services operated under financial regulation and perform from or via a mobile device or various end interface.mobile devicevarious end interface Mobile Commerce Service is attractive because it is a convenient approach to perform remote transaction, banking, money transfer but there are security shortfalls in the present mobile topup / banking implementations. This presentations discusses some of these security feature.

Copyrights © 2013 MobiFin Abstract MobiFIN has separate Web based administration console to manage platform which provides SSL based access only. All access to the system restricted using strong user management module which provides in depth security levels to provide restricted accesses. There are three security levels in built in to the system. (1) Partition Level (2) Roles and Access Control List level (3) Field Level Security All Changes and Modification to the system are logged in secure manner. It helps to provide detail AUDIT Trail of Any user access.

Copyrights © 2013 MobiFin Network Security MobiFin architecture is laid out three tier approach. All key entity are modularized based on their roles like Transaction management, Business Rule management, Admin management, Integration management. All of these entities are talking to each other and to third party application on fully secured channels. These channels are secured using virtual private network tunnels and SSL secured channels for public access. In Case of Public access highest level of encryption is applied to channelized data. Access to these entities is allowed based on standard business practice set by operator.

Copyrights © 2013 MobiFin Integration Security MobiFIN is highly versatile platform which needs to integrate with various third party provides to roll out new services. MobiFIN has separate entity to handle this flow and modeled as Integration Manager. All third party integration is done at this level only using following standard procedure. Network Integration over VPN API Integration using SOAP-API or ISO 8583 Transaction Security using AES method

Copyrights © 2013 MobiFin Interface Security Mobile App  MobiFIN mobile app generates unique device fingerprint for each devices on which it is getting installed. Device finger prints are universally unique and are never stored on device at any stage.  Device Finger Print is mapped against Users (Agents,Resellers,Sales) and provisioned using standard Enrollment process till that device and user login is in-active.  User is provisioned with Login and Transaction pin separately.  Login and Transaction PIN are never stored at device side.  Login and Transaction PIN are encrypted using 3DES method and never stored in decrypted form anywhere.  All app communication channel data is encrypted using unique key generated for device which provides full protection against Eavesdropping and data theft using AES encryption method.  AES is used by US Government to store all their Top Secret documents thus provides highest level of security to any point to point communication and storage of data.  Web Password are generated using user’s KYC information.  Two way Authentication and Password Generation Using user’s KYC Info via encrypted sessions o Terminal Key Generation Using KYC o User’s Authentication credential generation using Terminal Key. o Unique Authentication credential for Different UI. o User Credentials stored in device itself rather then server.

Copyrights © 2013 MobiFin Interface Security SMS  Subscriber authentication and subscriber identity confidentiality for each transaction/user.  SMS and other channels used with encryption like 3DES, SHA by mobile applications to protect data integrity and security  Integration to SMSC gateway using Industry standard Hypertext transfer protocol Secure (HTTPS) – additional security we do deploy VPN (Virtual Private Network).

Copyrights © 2013 MobiFin Interface Security WEB  All transactions over Web are on secure channel using industry standard Hypertext transfer protocol Secure (HTTPS).  Automatic inactive lockout (Session expired) - if no activity for a set time after customer logs in, the connection is dropped, locking the user out.  Web Password are generated using user’s KYC information.  Two way Authentication and Password Generation Using user’s KYC Info via encrypted sessions o Terminal Key Generation Using KYC o User’s Authentication credential generation using Terminal Key. o Unique Authentication credential for Different UI.

Copyrights © 2013 MobiFin Interface Security USSD  To Make an transaction exchange using USSD, the banks or mobile operators Connect to our network of server system over a session based ( not store –and – forward)Connection. USSD reduces risk and leaves no trace of transaction on handset from anywhere.  The sender (USSD) can be absolutely sure that they are talking with their own partner and communication via USSD is in sessions instead of an discrete intervals.

Copyrights © 2013 MobiFin Scalability and Redundancy Mobile Banking requires the all time available system to provide key services to user thus require very different system then core financial system which has fixed window of service time. MobiFIN addresses this by highly scalable module platform which has separate module for each services it enables it to achieve very high TPS and also insures high availability likes of telecom systems. MobiFIN platform works on Industry standard App and Databases servers for reliability. Redundancy can be provided at each tier, in an active- active model, and as an active –passive model, with one node serving as a standby or backup At the DB tier, SQL proxies (MySQL) – live replication of MySQL DB Supported. Geographically DR site – in order to avoid DR event with no affect to the total operation.

Copyrights © 2013 MobiFin Architecture IVR WEB Mobile App WEB Interface Firewall Secure ANI https 3DES / AES 3https Application Firewall Integration ISO 8583 Provider Bank

Copyrights © 2013 MobiFin Architecture Panamax Infotech Limited "Panamax House", Plot No. 8, Khushman Society, Nr. Subhash Circle, Memnagar, Ahmedabad Gujarat, India. Tele : Fax :