Page 119 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 119
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
On a ‘basic’ phone, the STK menu may appear as an additional phone menu item when scrolling through basic
menus to access the phone’s features. On a feature phone or smartphone, the STK will usually manifest as
58
a specific application icon that appears on the device’s home screen.
If updates for functionality or security need to be made to the application on the SIM, a series of ‘over the air’
(OTA), binary SMSs are sent over the MNO’s network to the phone, which when joined together, will update
the STK application on the user’s SIM. This may be costly for many non-MNO DFS SPs who have to pay for all
the SMS to do a full update of the STK menu on the phone and is one of the primary reasons USSD is proffered
by non-MNO SPs.
7.3.3 USSD
USSD is both a GSM bearer technology and a DFS UI usable on all GSM and 3G/4G mobile networks, does not
require any additional installations by customers, nor does it require an IP-based data access connection by
users. As a result, USSD has been termed ‘the third universal app.’
60
59
It has been used as payment instrument and UI since the mid-1990s as the primary mechanism for loading
mobile airtime value into a user’s airtime stored value account when the first prepaid airtime systems were
launched around the world in 1996. Unlike SMS, no data sent or received during the USSD session is stored
on the mobile handset which – except for the glaring security issues identified in SS7 – makes USSD useful for
the transmission and receipt of passwords in DFS sessions.
While the USSD specification allows a USSD session of up to 600 seconds, typical allowance by MNOs for DFS
and other third-party services is up to 180 seconds, with 120 seconds being the typical maximum time allowed
for the entire USSD session by MNOs.
There is also push USSD – also known as Network Initiated USSD – which is used mostly for 2-factor
authentication in DFS. 61
7.4 Graphical interfaces
7.4.1 Overview
While text-based UIs currently predominate in DFS, the past few years have seen the emergence of graphical
and hyperlinked interfaces that provide icon-based navigation to users. The first DFS graphical UIs were
introduced in 1999 with WAP-based interfaces using time-based CSD as bearers.
7.4.2 WAP
WAP is a type of mini-Internet experience designed for small mobile phone screens. It is used for transmission
of simple web pages in primarily 2G/2.5G networks and may contain links and icons formatted especially to
be usable and visible on the small screen of the mobile phone. While it first appeared in 1999 using CSD, WAP
gained more prominence around 2001 when the first always-on IP-based GPRS networks appeared. However,
the use of WAP as a UI for DFS access has largely dissipated in favor of STK, Java apps, USSD, and smartphone
applications.
58 Most of the newer versions of the Android OS do not support STK.
59 Security concerns relating to SS7 also transpose to USSD.
60 Perrier, T et al (2015) USSD: The Third Universal App, available at http:// bderenzi. com/ Papers/ perrier- dev2015. pdf
61 The caveats noted above around SS7 security are also relevant here, although push USSD is conceptually harder to intercept
when a USSD session is initiated by an SP.
103