Page 200 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition

P. 200

ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition

6 SIM toolkit access

6.1 Overview

SIM Toolkit (STK) is a popular SMS-based remote access and UI GSM technology used to provide DFS and
related services to markets where basic and feature phones are the plurality. It is currently one of the most
extensively and globally used mobile interfaces in DFS, other than USSD.
137
A specialized SIM to host the STK application and STK-compatible phone is required. The STK technology is
embedded on the SIM card, allowing special applications for DFS and banking services to be accessed by the
subscriber using custom menus stored on the SIM card. On a ‘basic’ phone, the STK menu may appear as
138
an additional phone menu item when scrolling through basic menus to access the phone’s features. On a
139
feature phone or smartphone, the STK will usually manifest as a specific application icon that appears on the
device’s home screen. 140

The STK will usually uses SMS as a bearer for communication with a host, encrypting the (usually) cleartext
141
SMS to/from the handset and STK server.
STK is implemented in three layers:

• A software application provided by a SP/bank
• SIM Toolkit Application Programming Interface (API) gateway service offered by a MNO that include the
required encryption keys, and
142
• Customer User Interface and STK ‘translator’ via the STK SIM card on handset

The handset will receive instructions from the SIM card to perform specific functions, which are then
143
communicated to an application server, usually but not always transiting a dedicated STK server housed at
the MNO which acts as a translator of encrypted communications for transit to the SP.
144

137 As with USSD, STK is especially prevalent in developing nations where entry-level phones are mostly used.
138 These commands are standard for all mobile equipment and defined by ETSI and 3rd Generation Partnership Project (3GPP)
specifications.
139 One popular STK application is a Wireless Internet Browser (WIB). The WIB is downloaded onto the SIM card before distribution
and appears on the subscriber's telephone menu as a range of services. The WIB communicates with a server at the MNO, which
then connects it to other servers offering the services.
140 Many new smartphones do not have the STK ‘translator’ installed, meaning that services using STK-based menu items will not
appear. This may impact those doing remote airtime transfer as a form of foreign remittance. Thereto, see the NoSTK Android
smartphone app, which caters for smartphones without STK functionality. Available at https:// goo. gl/ fEg0PN .
141 STK as a technology can use USSD as a bearer, but it is very dependent on the STK implementation on the particular handset.
Some handset manufacturers have not adequately implemented STK support for USSD however. In practice though, STK will
almost always use only SMS as a bearer.
142 This is a simple machine code that converts the raw messages from the software to application-level message. This requires a
special STK gateway at the MNO.
143 The STK UI applications are usually protected by either the SIM PIN, phone lock PIN, or both. The applications are not visible
when the phone is locked, when there are no SIM applications in the SIM, or when the phone does not have the physical SIM
card.
144 The MNO will then transmit the information on to a SP or bank who may be the ultimate provider of services.

176

195 196 197 198 199 200 201 202 203 204 205