Page 113 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 113
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
MAP itself operates over Signalling System 7 (SS7),a communication technology used by most telecommunication
network operators around the world to allow their mobile and fixed line networks to interact, as well as for
mediating multiple voice calls used on the GSM ‘traffic’ channel. These inter-network interactions facilitate
20
the exchange of information needed to make calls and pass text messages between each other, ensure correct
billing, and allowing customers on one network to easily roam on any other GSM network in the world.
However, SS7 is not thought to be entirely secure: It was designed in the 1970s with no real authentication
and intrusion-prevention in mind. This has implications for the use of USSD and SMS in financial transactions.
21
3.3 GSM voice channel
Key to the growth of DFS in many emerging markets is the ability to effectively ‘bolt-on’ services to GSM mobile
network access mechanisms and UIs. For example, the GSM voice channel which uses the traffic channel
22
component of GSM, was the original method of access to basic transactional services offered by MNOs and
other SPs. Users could, for example, access VAS-type infotainment-type menus and general services by simply
dialling special IVR numbers linked to infotainment services provided by VAS SPs.
Other transactional mechanisms using GSM-based technology and its successors are described in further
detail below.
3.4 GSM signalling channel
3.4.1 SMS
SMS – also known as ‘text messaging’ – was designed in the 1980s to act as a data bearer for mobile network
system engineers developing and maintaining the initial version of GSM systems. From these humble beginnings,
text messaging has become a ubiquitous consumer-facing person-to-person (P2P) messaging facility.
SMS uses GSM signalling channels. The initial SMS protocol allowed users to send and receive messages of up
to 160 alpha-numeric characters. 23
A SMS sent by a user from their mobile handset is known as a mobile originating (MO)-SMS, or MO. A SMS
received by the user on their handset - whether it be from another person or from an automated machine - is
known as a mobile terminating-short message service (MT-SMS), or simply mobile terminating (MT), to indicate
that a SMS has terminated on a mobile handset.
3.4.2 USSD
USSD is a novel standard within the GSM and 3G/4G specifications. It can be used for transmitting information
over the signalling channel of mobile networks and for accessing standard services and VAS. USSD is session-
based – meaning it does not store any data on the mobile handset – and as such it can only be reliably accessed
or be consistently accessible when there is robust handset communication with a MNO base station.
24
USSD is activated either by users inputting a series of predefined star or hash/pound commands on the mobile
handset, or via a session initiated by the MNO or a SP.In both methods, the user is presented with a numbered
menu and can use the mobile keypad to respond to and to input any data required.
20 This signalling mediation allows multiple calls to efficiently take place on a known frequency without overlap.
21 For further insights into these vulnerabilities, see Perlman L (2015a) ibid; Perlman (2016) ibid; and Kurbatov, D (2016) Statistics of
Vulnerabilities in SS7 Networks and Ways to Make Them Secure; and ITU Focus Group Digital Financial Services report on Security
aspects of DFS (2017).
22 During a GSM call, speech is converted from analogue sound waves to digital data by the phone itself, and transmitted through
the mobile phone network by digital means. The digital algorithm used to encode speech signals is called a codec.
23 Security concerns relating to SS7 also transpose to SMS.
24 Poor mobile signals and substandard antennas in some mobile phones may cause USSD session initiation and sustainability
issues.
97