Unit V:

Mobile Commerce Applications

Mobile Products -
◦ Mobile Banking - M-Banking Business Models, M-Banking
Technologies, M- Banking Services, Advantages & Challenges.
◦ Mobile Ticketing - Process, Applications, Advantages, Apps, M-
Ticket Providers.
Mobile Payment Systems –
◦ Characteristics, Models, Privacy & Security Issues, M-Payment
Service Providers.
Mobile Computing – Nomadic or Ubiquitous, Business
Applications of Mobile Computing, Mobile Value Added Services,
Privacy, Security & Legal Issues relating to M - Commerce.
Mobile ticketing
Mobile ticketing is the process whereby customers can order, pay for,
obtain and/or validate tickets using mobile phones. Mobile tickets
reduce the production and distribution costs connected with traditional
paper-based ticketing channels and increase customer convenience by
providing new and simple ways to purchase tickets.
Mobile tickets should not be confused with E-Tickets (electronic tickets)
which are used by airlines since 1994, they can be sent by e-mail,
printed and shown at the check-in desk at the airport to obtain a
boarding pass.
Mobile ticketing
Mobile tickets can be purchased via apps and SMS messaging, along with
more traditional avenues like over the phone or through a vendor website.
Depending on the mobile device and purchasing avenue, the ticket can be
delivered through a traditional text message, a specific mobile application,
MMS or WAP push notifications.
The provision of the model number helps to determine whether to text and
send an image barcode or alphanumeric code that is saved by the user as their
digital ticket.
The user then presents this message at the events admission where it is
scanned, the record of the purchase is confirmed and the user is allowed
access.
Multimedia Messaging Service (MMS) - sometimes called Multimedia
Messaging System - is a communications technology developed by 3GPP
(Third Generation Partnership Project) that allows users to exchange
multimedia communications between capable mobile phones and other
devices.
An extension to the Short Message Service (SMS) protocol, MMS
defines a way to send and receive, almost instantaneously, wireless
messages that include images, audio, and video clips in addition to text.
it now supports the transmission of streaming video.
Mobile Ticket App helps ticket brokers and the secondary ticket industry
sell more tickets to events throughout the United States and Canada
through iPhone Ticket Apps, Android Ticket Apps, and a Mobile Ticket
Website which supports almost all smartphones including Blackberry
and Microsoft Windows mobile devices.
Ticket Brokers can start selling more inventory today with ecommerce
and m-commerce sales on mobile devices
Push Notification
What is a Push notification?
A push notification allows an app to notify a user of new messages or
events without the need to actually open the application, similar to how
a text message will make a sound and pop up on the screen. This is a
great way for apps to interact with users in the background, whether it
be a news app, social media app, or shopping app notifying a user of an
that requires the immediate attention of an event occurring in now.
At Mobile Ticket App, a push notification is a great way to re-engage a
user to come back and use their app to find and buy tickets to the
hottest events. This is also a great way to sell extra inventory or last
minute tickets. This optional feature is available on the 2.0 Mobile
Ticket Apps.
Mobile Ticketing

The reach of mobile ticketing has extended to

sporting events, concerts, movie theaters,
nightclubs, transportation, conferences and
more.
 Applications of Mobile tickets
The greatest advantage of mobile ticketing is convenience. If you have a WAP-enabled
phone, you can buy the tickets from your phone, store them on your phone and swipe
your phone at the event. There's no waiting in line at the movies or the game, not
even to pick up your pre-ordered ticket at will call. Just walk straight to the gate.
Mobile ticketing can also help increase revenue for concert promoters and ticket
vendors. They can sell tickets right up to the minute that an event starts, because
delivery to your phone is instantaneous. They can even take advantage of "no-shows,"
selling unclaimed tickets at the last second to people who are waiting for seats.
Mobile ticketing reduces processing costs on both sides. The vendor doesn't pay for
printing and delivery fees, and neither does the customer. Plus, less paper is better for
the environment.
Mobile tickets are harder to scalp than paper tickets, and extra security measures can
be added to make fraud or theft nearly impossible. The ticket can be "locked" to the
customer's cell phone, so the message can't be forwarded. The customer's name and
even photo can be added to the ticket for confirmation at the door.
Even if a mobile ticket is lost or the text message is accidentally deleted, it's easy for
the vendor to cancel the old ticket and resend a replacement.
For now, mobile ticketing is just getting started, but it promises to be an exciting new
convenience for cell phone users everywhere.
Glitches with ticketing app

1. One commuter bought a monthly season ticket using the app, but could not access it when he
changed his handset.

2. Another commuter booked a ticket three times; the money was debited from his account
thrice, but no ticket was issued.

3. The UTS app does not work if the user is either less than 30 m away, or beyond a 2-km radius
around railway stations. No pop-up notification indicates range.

4. The app is not available on iOS, which means iPhone users cannot access it.

5. Passengers are charged extra internet handling fees by different gateways for booking tickets.

6. ATVM, CoTVM and Go India smart cards can’t be recharged via the app.

7. R-Wallet has a recharge limit of Rs 5,000 unlike ATVM, which has a limit of Rs 10,000.
The mobile ticketing in public transportation is a
form of electronic ticketing which provides an easy way to
use mobile phone as a travel card in which user can also
purchase tickets anywhere, anytime via mobile internet.
In this technique, travel card readers sense the data inside
mobile phones using RFID or similar technology to validate
the ticket.
Privacy and Security issues
The Near Filed Communication (NFC) or RFID technology is used in such
service which integrates mobile tickets and mobile payments. By using
this technology, travel card readers cannot distinguish the mobile phone
from travel card. Mobile phone works as a travel card even when battery
is depleted.
Several high-end mobile ticketing applications also allow user to access
locations, calendar, and journey planner while integrating them with
ticketing and payment system.
Users can also opt for receiving discount coupons and advertisements
based on their locations or journey route.
Though mobile ticketing makes travel stress-free, certain user privacy and
security concerns should be taken care of.
The mobile phone contains user data and because of this, privacy mechanism
and confidentiality settings are essential while exposing mobile devices to the
card readers.
Also some mobile-ticketing applications provide users with location based
services, journey planner and calendar integration making applications vulnerable
to user privacy breaches.
The payment solution and ticketing mechanism should be secured with powerful
network security techniques while preventing user information leaks.
Business modeling of mobile services is important but most of the time, security
and privacy issues are ignored while designing such models.

In such service designs, trusted parties and security providers should be
engaged throughout the process and service provision
Mobile devices can be used just like the ordinary card even when the
battery of mobile device is depleted.

Near Field Communication (NFC) technology is the

basis of mobile ticketing. NFC is a short range technology
aimed at mobile phones which works in radius of less than 10
centimeters.
NFC is based on RFID and it has three modes of
operations: i) card emulation, ii) read/write, iii) peer-to-peer.
Mobile ticketing application allows users to purchase mobile tickets with their
mobile devices while replacing their travel cards.
Mobile ticketing integrates mobile ticketing and payment systems therefore
involving many security risks.
Apart from basic ticketing functionality, high-end mobile ticketing solution
also allows users to get several location-based, journey planner and event
management services. The
user could opt to receive advertisements relevant to his location and/or
coupons used to receive discounts at retail lo-cations near the planned route.
Other context aware in-formation may also be utilized such as indoor location
and
traffic information. Such services involve very sensitive user data operations
and to protect the privacy of user data should be the main importance.
The application runs on the cloud and stores relevant data on common cloud
servers which can be accessed using network. Such cloud mechanism also
involves user data privacy and there must be a mechanism to preserve it.
Potential privacy risks
The authentication mechanism in mobile-ticketing may lose privacy if
the information is leaked to the unauthorized third parties. Mobile-
ticketing, in this case, should ensure that no user sensitive information
should be revealed to the entities not trusted by the users.
Mobile phones contain user’s personal data in digital format which can
be copied while exposing mobile devices to the card reader. The
corresponding security and privacy protocols to verify mobile-ticketing
may also be subject to different attacks such man-in-the-middle, replay
etc.
Several privacy threats and attacks related to mobile-ticketing are described
below:
1. Location Threat:
Users carrying NFC device can be monitored and their locations can be
revealed. Also the location of NFC device itself, regardless of who is carrying,
can be disclosed with unauthorized access.
2. Preference Threat:
The mobile device could be identified uniquely if proper access mechanism is
not embedded in the device. Such information could disclose user’s device
preferences making them available
to competing forces.
3. Constellation Threat:
NFC is based on RFID technology forming a unique constellation around the
user. Adversaries can track people without necessarily knowing
their identities.
4. Transaction Threat:
User’s transaction information can be used to gather her location and time preferences.
Also several financial data could be disclosed if transactions are not protected enough
with proper network security protocols.

5. Impersonation Attack:
Unauthorized entities in mobile-ticketing can provoke this attack by faking the user
identity. Underlying protocols may fail to prevent man-in-the-middle as well as replay
attacks on the system and such attacks may lead to the impersonation.

6. Tracing Attack:
This attack can be done to acquire user sensitive information like user’s location,
behavior and preferences. When using authentication mechanism, to-ken can be
identified enabling attackers to trace user movements. If user uses payment method to
purchase online tickets, the issuer can use link token to identify user’s private
information. Also eavesdropping of wireless communication may lead to a complete
loss of user’s privacy.
Privacy Requirements Based upon privacy risk analysis in previous section,
several requirements are gathered and illustrated as below for mobile-ticketing
service:
1. Confidentiality: No unauthorized access to user-sensitive and personal
data.
2. Anonymity: Unauthorized token (NFC Tag) identification should be
impossible.
3. Location Privacy: Unauthorized tracing of user location and movements
should not be allowed.
4. Traceability: Accessing current state of NFC token should not allow tracing
previous as well as future protocol runs.
5. Authentication: No unauthorized users are allowed to
use or access system. Only valid user tokens are accepted by verifier.

6. Unforgeability: Emulation and cloning of valid tokens

or devices shall not be permitted.

7. Accountability: Provide users with accounted environment where contracts can

be negotiated and users can choose between private and public data.
Why Masabi

Masabi is the world’s leading provider of mobile ticketing solutions for

the transport industry – buy your ticket on your phone and your phone
is your ticket!
They are a fast growing company based in London, Boston, Cluj-Napoca
& New York.
Value people and try to create an environment where everyone feels
supported, challenged and inspired.
◦ Influence a global product, used all over the world
◦ Disrupt an entire industry using cutting edge technology
◦ Offices in London, New York and Cluj
◦ An evolving agile environment, mixing Scrum and Kanban
◦ A modern SaaS platform powered by Java and Javascript
 What is a QR Code?
A QR Code is a two-dimensional square barcode which can store encoded
data. Most of the time the data is a link to a website (URL).
QR code (quick response code)
When you scan a QR Code using your smartphone, you get an immediate
access to its content. The QR Code reader can then carry an action, like
opening your web browser to a specific URL. Other actions can be triggered,
like storing a business card in your smartphone's contact list or connecting to a
wireless network.
QR Code is registered trademark of DENSO WAVE INCORPORATED.