MOBILE COMMERCE
Data Management Strategies & Technologies
DR. Abdullah Alshboul
BY
Helal Al-subagh
Abstract
Advances in e-commerce have resulted in significant progress towards strategies, requirements and developments of e-commerce applications. However, nearly all e-commerce applications envisioned and developed so far assume fixed are stationary users with wired infrastructure. A new e-commerce application that will be possible and significantly benefit from emerging wireless and mobile networks is envisioned. To allow designers, developers and researchers to strategize and create mobile commerce applications, a four level integrated framework for mobile commerce is proposed. Since there are potentially an unlimited number of mobile commerce applications, several important classes of applications such as mobile financial applications, mobile inventory management, proactive service management, product location and search and wireless re-engineering are attempted to be identified. It is discussed how to successfully define, architect and implement the necessary hardware/software infrastructure in support of mobile commerce. Also, to make mobile commerce applications a reality, networking requirements is addressed, support from wireless carriers is discussed, and some open research problems is presented.
E-commerce, or the buying and selling of goods and services on the Internet, has become a part of daily life for many people. The use of the Internet to purchase goods and services has grown along with the popularity of the Internet. Businesses are increasingly turning to the Internet to increase revenue and profits. As the Internet expands to every corner of the globe, it is becoming easier and easier to access it from a wide variety of devices. Cell phones, PDAs, and other mobile devices can now access the Internet from across the globe. Many E-commerce companies have attempted to exploit this rapidly growing segment of the Internet. E-commerce over mobile devices has now been termed M-Commerce. M-Commerce by definition is E-commerce that occurs through the use of wireless solutions such as cell phones, pocket PC's, and PDAs. It allows a user to purchase goods and services on the move, anytime, and anywhere.
In today’s E-commerce world, security has become a major issue that needs to be constantly monitored and improved. By expanding E-commerce to mobile devices it is also necessary to ensure that these devices are protected against security threats. M-Commerce faces the same security threats that E-commerce faces plus many other due to the mobile nature of the products.
This paper will discuss the security challenges and weaknesses of M-Commerce and varying ways to correct and overcome them. It will focus on security issues that arise when M-Commerce devices connect and communicate over the Internet. Security challenges, risks, and security implementations within M-Commerce will be discussed in detail. By describing the current state of security within M-Commerce this paper will show the pitfalls that need to be corrected. The paper will then propose an ideal M-Commerce system that will overcome these pitfalls and provide optimal security without degrading the new technology to the point of uselessness.
M-Commerce summary
Electronic commerce has attracted significant attention in the last few years. Advances in e-commerce have resulted in significant progress towards strategies, requirements and development of e-commerce applications. Nearly all the applications envisioned and developed so far assume fixed or stationary users with wired infrastructure, such as browser on a PC connected to the Internet using phone lines or a Local Area Network. A new e-commerce application such as Wireless e-commerce or Mobile e-commerce will benefit one to reach the consumer directly, regardless of where he is.
M-Commerce occurs through the use of wireless devices such as cell phones, pocket PC's, and PDAs. It allows a user to purchase goods and services on the move, anytime, and anywhere. M-Commerce is becoming a larger part of the Internet commerce experience. Juniper Research performed a study that predicted that by 2009, global M-Commerce revenue will exceed 88 billion dollars. A Morgan Stanley report found that in 2005 there was 19.5 billion dollars in M-Commerce transactions. These included revenue from people buying ring tones, cell phone personalization, games, and services. The following chart was obtained from that Morgan Stanley report and shows revenue generated between2004 till 2008.
Courtesy of Morgan Stanley
With this large amount of revenue potential, companies are quickly moving into the mobile marketplace. The M-Commerce marketplace includes many new customers that may not own a computer or purchase goods over the Internet. In many countries of the world it is more likely that an individual will have a cell phone then a computer with Internet connectivity. McKinsey research firm reported that in 2005 there was an estimated 85% penetration rate for mobile phone usage in Europe and a study in Asia by Data monitor reported that there were over 310 million mobile devices in Asia. The Morgan Stanley research report mentioned earlier shows that in many areas of the world the number of mobile users exceeds the number of PC users. For example in China the ratio of cell phones to computers is 3.6 to 1, in Japan its 1.1 to 1, and in the UK its 1.5 to1. The report also showed that more emails in Japan were sent by mobile phones then by PC. These scenarios are highly attractive to companies because it provides an opportunity to expand their customer bases. This means there is a potential to reach millions of new customers and expand on revenues.
The biggest benefit that M-Commerce provides to consumers is mobility. There is no need to be sitting at an office desk or at a home PC to perform M-Commerce. Customers can be on the beach, in a car, or hundreds of other locations and connect to the Internet. As long as their mobile device network is in range then M-Commerce transactions can be made. In order to meet these demands, cell phone companies across the world are continually upgrading their networks and increasing the speed and bandwidth of these networks.
European and Asian cell phone companies have utilized high bandwidth cell services for many years. This technology is often referred to as 3G. American cell phone companies are beginning to bring 3G to the US. A few examples of these are AT&T’s Broadband Connect (HSDPA), Sprint PCS Wireless High Speed Data (EV-DO), and Verizon Wireless Broadband Access EV-DO. These upgrades to cell services allow users to access more and more types of high bandwidth Internet content. The ability to access a wide variety of Internet sites opens a whole new business model. The evolving technology allows people to make productivity out of otherwise idle time. People can buy movie tickets, make financial transactions such as purchasing stocks or checking a bank balance, read email, or purchase other goods. And with these increased cell services people now expect to be connected at any time, any place, without being tied to an office or home computer.
As can be seen from the statistics and scenarios mentioned above, M-Commerce has enormous potential to generate revenue and allow new people to access the Internet. But along with the potential it also has a large amount of risk, limitations, and challenges. In the near future a great deal of money and data will be transferred utilizing M-Commerce systems. And as always seems to be the case, someone will try and exploit the system and steal this money and information. For this reason it is necessary to ensure that current and future mobile devices that will be utilizing within M-Commerce implement security mechanisms. M-Commerce faces the same security threats that e-commerce faces plus many others due to the mobile nature of the products. Will discuss the challenges and weaknesses of M-Commerce and then will present security mechanisms that currently exist. The paper will close by discussing methods to improve current systems for the future and what should be contained in an optimal and secure M-Commerce security protocol.
Mobile Advertising
Mobile advertising is also a very important class of mobile commerce applications. Using demographic information collected by wireless service providers and information on the current location of mobile users, much targeted advertising can be done. The advertising messages sent to the user can be location-sensitive and can inform a user about various on-going specials (shops, malls and restaurants) in surrounding areas as shown in figure. This type of advertising can be performed using Short Messaging Service (SMS) or by using short paging messages to mobile users. The messages can be sent to all users located in a certain area, a user-specific message can be sent independent of the user current location. Since the services need the current location information of a user, a third party may be needed to provide location services. However this may require a sharing of revenues between the network service provider and location service provider. As more wireless bandwidth becomes available, content rich advertising involve audio, pictures and video clips can be produced for individual users with specific needs, interests, and inclinations. It is also possible that direct advertising to users may be performed without much control from the wireless service providers. Mobile Inventory Management (MIM) This class of application involves location tracking of goods, services and even people. The tracking of goods may help service providers in determining the time of delivery to customer, thus improving customer service and obtaining a competitive edge over other business. One very interesting application is rolling inventory-which may involve multiple trucks carrying a large amount of inventory while on move. Whenever a store needs certain goods/items, it can locate a truck (preferably in nearby area) and just-in-time delivery of goods can be performed. The rolling inventory and delivery application can reduce the amount of inventory space and cost for both vendors and stores and may reduce the time between when an order is placed and the goods are delivered. Location tracking of components can be broken into two components: indoor and outdoor. Indoor tracking can be performed by a chipset (TX/RX) and location information may be transmitted over a satellite or cellular/PCS system to the component supplier where such information is needed. Product Location and Search (PLS) this class of application includes locating an item in a particular area or location. This is concerned with finding an item with certain specifications and whether it is available in a specified area or not. Potentially, there could be multiple places where such an item or items of similar attributes are located. Currently many people are going to several stores to find an item (certain brand/size of TV, VCR or an automobile) and compare prices and features. Using a mobile device and centralized/distributed database containing information on products, a user should be able to find the exact location of the store where a certain item is located. After that the user can buy online using a browser on his/her mobile devise. In the case of multiple stores/vendors carrying an item desired by a user, they could compete to get customer by real time manipulation of prices or by offering instant discounts. From the technological point of view, a mobile user can send a query message to a centralized location (shown in figure), which in turn can interface several different stores/dealers and decide if the item is available or not.
M-Commerce Security Challenges
M-Commerce, like E-commerce, faces formidable security hurdles. As identity theft, phishing, and other attacks on the Internet become more prevalent, consumer trust in Internet technologies seems to be falling. In order for M-Commerce to be successful the security weaknesses and concerns need to be addressed and solved. The key to widespread usage of M-Commerce is to gain the trust of users so that they will be willing to perform transaction on their mobile devices. As previously mentioned M-Commerce has the same security problems that occur within e-commerce plus it has its own set of unique challenges. M-Commerce has the problem of viruses and malware, data theft, Denial of Service attacks, phishing, insecure default settings, inexperienced users and sniffing that seem to affect all Internet technologies. M-Commerce also has some unique problems such as limited computer power, loss or theft of the mobile device, varying standards, the broadcast nature of wireless transmissions, immature technologies, lack of authentication, and weak device operating systems. In order to reach its full potential these challenges and weaknesses must be addressed.
M-Commerce has two major security challenges that differentiate it from normal Internet commerce. The first challenge is that the devices are small and portable which can result in loss or theft of the device. Mobile devices are by design small and portable. While this is good for day to day usability and convenience it is not a good then when it comes to security. Modern mobile devices contain more and more sensitive information. In recent years there has been an abundance of instances where companies have lost personal data by losing laptops or backup tapes. This same type of incident could occur with a mobile device. Mobile devices often contain phone book entries, journal entries, calendars, etc. that can contain valuable personal or corporate information. In a corporate setting the theft of this data could lead to financial losses or loss of a company’s trade secrets. Today Pocket PCs and Smart Phones can contain full documents or spreadsheets that could contain sensitive data. Loss of this data could harm an individual or company more than just the disclosure of a phone book or date book. The challenge with mobile devices is that we need to be able to protect the sensitive data on the phone even if it is lost or stolen.
The second challenge is that mobile devices are not as powerful as modern computers. This makes security a challenge because the same security mechanisms that may work on a desktop or laptop PC may not work on a mobile device. The capabilities of Mobile devices often lag behind PCs because they typically lack in processor power, memory, storage space, display capabilities, and input capabilities. This causes problems when trying to use PC security protocols on a mobile device. For example many encryption standards used on the Internet today use a large amount of processing power to perform the mathematical computations required by cryptography. Mobile devices may not have the processing power necessary to perform these computations and therefore certain types of encryption may not be able to be used. Mobile Devices are becoming more and more powerful but they will always be a step or two behind the power of PCs. Because of this lag there will probably always be protocols and standards that function on a PC that cannot be used on a mobile device.
M-Commerce Security Weaknesses
The challenges listed in the previous section cause many weaknesses within M-Commerce systems. These weaknesses are lack of user awareness, limited computing power, possible loss or theft of device, incomplete authentication schemes, the use of wireless transmissions, vulnerable operating systems, and the use of unsecured technologies.
User Awareness: A major security weakness that occurs in both e-commerce and M-Commerce is the lack of user awareness. The typical user is not aware that their actions have security implications. A typical user will not worry about securing their phone through a locking mechanism, or they will not ensure that transactions are secure before proceeding. This can lead to the spread of viruses or the leaking of sensitive data.
A possible solution for overcoming the lack of user awareness is to have the wireless carriers offer security training or provide a security awareness pamphlet when a user purchases a mobile device. There will always be people who refuse to read a pamphlet or pay attention to security training but the more people that are away of the risks the more likely the risks will be reduced. Also, the mobile device manufacturers should be held responsible for making the devices a secure as possible by default. Currently many security features are either disabled by default or are set to the lowest security setting. If manufacturers set their device security defaults to a secure setting then users will always have some level of protection even if they decide not to further configure the phone.
Limited Computing Power: As mentioned in the previous section, mobile devices do not have the same computing abilities as PCs. Mobile devices by nature need to be small and portable for functionality and therefore cannot contain the same technology as larger PCs. A major disadvantage of not having the same computer power is that certain security related tasks require heavy processing in order to be accomplished successfully. The lack of CPU power makes some of these tasks impractical within a mobile device. The best example of this is encryption. A powerful processor is required to perform the complex mathematical calculations that are used in modern encryption schemes. Performing complex mathematical calculations on a mobile device can overwhelm the devices processor and cause the device to function extremely slow and possibly crash the system. In order to get encryption to work properly on these devices manufactures are required to either rework existing encryption algorithms to function on the slower processor or remove the encryption all together.