Page 113 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 113

ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               MAP itself operates over Signalling System 7 (SS7),a communication technology used by most telecommunication

               network operators around the world to allow their mobile and fixed line networks to interact, as well as for
               mediating multiple voice calls used on the GSM ‘traffic’ channel.  These inter-network interactions facilitate
                                                                     20
               the exchange of information needed to make calls and pass text messages between each other, ensure correct
               billing, and allowing customers on one network to easily roam on any other GSM network in the world.
               However, SS7 is not thought to be entirely secure: It was designed in the 1970s with no real authentication
               and intrusion-prevention in mind.  This has implications for the use of USSD and SMS in financial transactions.
                                           21

               3.3    GSM voice channel

               Key to the growth of DFS in many emerging markets is the ability to effectively ‘bolt-on’ services to GSM mobile
               network access mechanisms and UIs. For example, the GSM voice channel  which uses the traffic channel
                                                                               22
               component of GSM, was the original method of access to basic transactional services offered by MNOs and
               other SPs. Users could, for example, access VAS-type infotainment-type menus and general services by simply
               dialling special IVR numbers linked to infotainment services provided by VAS SPs.

               Other transactional mechanisms using GSM-based technology and its successors are described in further
               detail below.


               3.4    GSM signalling channel


               3.4.1   SMS

               SMS – also known as ‘text messaging’ – was designed in the 1980s to act as a data bearer for mobile network
               system engineers developing and maintaining the initial version of GSM systems. From these humble beginnings,
               text messaging has become a ubiquitous consumer-facing person-to-person (P2P) messaging facility.

               SMS uses GSM signalling channels. The initial SMS protocol allowed users to send and receive messages of up
               to 160 alpha-numeric characters. 23

               A SMS sent by a user from their mobile handset is known as a mobile originating (MO)-SMS, or MO. A SMS
               received by the user on their handset - whether it be from another person or from an automated machine - is
               known as a mobile terminating-short message service (MT-SMS), or simply mobile terminating (MT), to indicate
               that a SMS has terminated on a mobile handset.


               3.4.2   USSD
               USSD is a novel standard within the GSM and 3G/4G specifications. It can be used for transmitting information
               over the signalling channel of mobile networks and for accessing standard services and VAS. USSD is session-
               based – meaning it does not store any data on the mobile handset – and as such it can only be reliably accessed
               or be consistently accessible when there is robust handset communication with a MNO base station.
                                                                                                   24
               USSD is activated either by users inputting a series of predefined star or hash/pound commands on the mobile
               handset, or via a session initiated by the MNO or a SP.In both methods, the user is presented with a numbered

               menu and can use the mobile keypad to respond to and to input any data required.

               20   This signalling mediation allows multiple calls to efficiently take place on a known frequency without overlap.
               21   For further insights into these vulnerabilities, see Perlman L (2015a) ibid; Perlman (2016) ibid; and Kurbatov, D (2016) Statistics of
                  Vulnerabilities in SS7 Networks and Ways to Make Them Secure; and ITU Focus Group Digital Financial Services report on Security
                  aspects of DFS (2017).
               22   During a GSM call, speech is converted from analogue sound waves to digital data by the phone itself, and transmitted through
                  the mobile phone network by digital means. The digital algorithm used to encode speech signals is called a codec.
               23   Security concerns relating to SS7 also transpose to SMS.
               24   Poor mobile signals and substandard antennas in some mobile phones may cause USSD session initiation and sustainability
                  issues.



                                                                                                       97
   108   109   110   111   112   113   114   115   116   117   118