Today, there are two ways to search for the remote receiving payments from users of mobile devices:
- Using bank cards with acquiring;
- Mobile commerce, which allows users to pay through mobile phone account.
For a service provider, the following factors are crucial for success of remote payment acceptance:
- Safety payment authorization, supported by the possibility of using more than a single factor for user verification;
- Simple user scenarios to increase sales conversion and reduce overhead costs for operation and support;
- The ability to withstand peak loads typical of queuing systems in mobile networks.
Internet acquiring using traditional scenarios for the PC is too complex for users of mobile devices: you must enter the card number, name, CVV code. The solution may be the use of recursively transaction card, when the parameters are entered only once. In this case, additional factors are required for verification of the user to reduce the risk associated with fraud. Standard approaches based on one-time SMS passwords don’t meet the requirements for the following reasons:
- Unexpected delays during delivery of one-time passwords through SMS using standard connections in SMS store-and-forward technique. Thus sending a transactional SMS mode can cost the provider significantly more and may be impossible when connected indirectly to the operator;
- The prevalence of smartphones based on Android makes this method risky from a security standpoint because Android allows third-party applications to read all incoming SMS. This opens possibilities for mass attacks using botnets. In addition, the traditional Internet acquiring complicated for users of conventional phones.
Using the payment from the account of the phone (m-commerce) provides a simple user scenario. However, there is an issue with the integration of different operators through various proprietary API, which increases the cost of developing and maintaining mobile services.
To find a right a balance between security, ease of payment of custom scripts, scalability and ease of integration with banks and mobile operators, EYELINE developed technology called tiPay (Telephone Interactive Payments). EYELINE tiPay can use USSD/SS7 for user verification during transactions. This automatically provides at least two factor verification: the first – a PIN code requested by the user, the second – IMSI or SIM card number, which must match the one used during registration. USSD has no disadvantages of SMS described above, while it is familiar to most users of mobile networks, due to the prevalence of USSD services among operators. EYELINE tiPay is based on EYELINE Service Delivery Platform to enable the mode of peak loads, and can be easily integrated with EYELINE SharpAds for advertising and interactive marketing.
EYELINE tiPay has an open API for integration with banks, payment systems and mobile operators, as well as an API for developers and service providers.
EYELINE tiPay can serve as a platform for mobile payment systems.
Case Studies: Alpha Bank (USSD portal Alfa-Click), Beeline (direct transfers of money), the Government of Moscow (payments for parking), several projects with Gazprombank, the international payment system CopernicusGold, registered in Singapore.