Bring Smart Phone Near Your ATM

NFC and Smart Phone can significantly reduce the cost of ATM by removing half of devices. The app in the smart phone can do the authentication with no need of an EPP Device, card reader, biometric, retina. Since most of the application part will be on the Smart Phone the need a high end operating system like windows will not be need and thin processor to support android based applications can be used. 

PrivatBank in Ukraine has already implemented a similar system (headless ATM) eliminating the need of PIN Pad, Screen and other user interface

Courtesy :  http://www.nfcworld.com/2013/11/05/326710/privatbank-cuts-atm-costs-nfc/

The ATM works in conjunction with the Bank Android app which links the customer account and does the major authentication of the customer and also basic validation of fund availability which reduces the requirement for having central EFT Switch or device driving application. This will also help in reducing PIN based frauds or ATM frauds to a large extend.    

Read More

Digitization of Currencies to reduce counterfeiting of cash

Cash is the most predominant used payment instrument across the globe. Consumers choose to use cash more frequently than any other payment instrument, including debit or credit cards. In particular, cash plays a dominant role for small-value transactions, is the leading payment instrument for many types of purchases, and stands as the key alternative when other options are not available. Counterfeiting poses increasing challenges to currencies across the global. With advancement of printing technology counterfeiting has become very easy and cheap. To add to this with the help of state actors in supporting terrorism is also helping counterfeiting currencies.

Counterfeiting is a major economic problem, called “the world’s fastest growing crime wave” ……………………………………………….(Phillips, 2005).

Source RBI Report

Countries like India estimating the loss due to currency counterfeiting is still a big challenge. Some of the available statistics available in  the public domain suggest India seems to be low compare to Canada, UK, Mexico and the Euro Area which is about 40 billion pieces of notes as against 1.7 billion pieces of note in circulation in Canada.

  The counterfeiting of higher denomination is an emerging trend in the share of currency counterfeiting (Rs 500 and Rs1000). It has an effect on the Indian economy also.

In this paper I would like to discuss ways how we can prevent currency counterfeiting using   different methods

Every Currency note need to have a separate DNA / identification. Normally the serial number  identification water marks etc. But are these really very effective. Bank notes are made of heavy paper, almost always from cotton fiber for strength and durability. Some countries including Nigeria, Romania, Mexico, New Zealand, Australia and Singapore use polymers(Plastic) to improve to improve longevity and allow the inclusion of a small transparent window (a few millimeters in size) as a security feature that is difficult to reproduce using common counterfeiting techniques. Watermarks can also be made on polymer currency, for example, Australia has its coat of arms watermarked on all its plastic bills. Printed with white ink, simulated watermarks have a different reflectance than the base paper and can be seen at an angle. Because the ink is white, it cannot be photocopied or scanned. We need to evolve new ways to help currencies identify using electronic or digitize ways.

Source : Wikipedia  

1. Use of  Embedded RFID Tags : RFID tags can be embedded in the currency and have security tokens which can be authenticated by a central government system. Banks and Currency Exchangers can be provided with validation devices which can be connected with the central system to validate. Since each currency has its own DNA it would be difficult for counterfeiting. The token number can be a combination of serialnumber + date of printing (which can be only known to the central system) + denomination + some secret token. This can be done for high denomination  currencies like 500 and 1000.  

Sample Implementation

 2. Using of QR Code  or Hologram embedded in the note: This will bearing a unique encrypted "signature" whose validity can be checked electronically and signature can be verified using central system

Sample Implementation

The QR code can be a combination of same logic and can be verified using secured readers provided by government agencies / private agencies and certificated provided by the central government of RBI

It can also be a combination of both. With identification being a key for the currency it will also help the government to track the currency flow and also help in reducing black money. QR Scanner can be implemented in Mobile POS and Smart Phones to help citizen validate the currency themselves with simple mobile apps provided by RBI to validate the currency.   

. Using Digital E-Currency : Using digital currency like Bitcoin. Rupee should also have a digitize version issued by the RBI. This will save the country from printing the currency . Provide smartcard based aadhar cards which will hold the currency like rupee wallet. Making the wallet acceptable at most of the retail reduce the use of cash will also help in reducing counterfeiting. It will also help preventing fraud and misuse of Government Scheme money since the aadhar will be connected to the bank a/c. Also wallet can be implemented in the mobile in place of the aadhar card since mobile penetration is very high in the country. With Modi’s plan of Financial Inclusion Bank A/c for every citizen will help in implementing the digitization more effectively.  Digital India will also be a key driver to bring in digitization of the Indian Rupee. Using signature to transfer fund between wallet for B2C and C2C transfer will help in secured and validated transaction management. This will also help in reducing black money in the market and help us build a robust and digitized economy    

Implementing Digitization  

The Central Hub will help in Validating the Currency Token. Merchants , Banks and Citizen will use the services of the regional verification Agency to help verify the currency. The verification needs to be realtime system hence should provide only read only access. The e-currency can be implemented using the same platform for validation. Government can implement verification services using private and public partnership. The same can be used for Address and KYC verification similarly it can be also implemented on the Aadhar Verification Services. The same infrastructure can be used for Currency Token Generation using Hardware Security Devices

Some of major challenges to implement digitization of currency is the

1. Scale of economy of the currency in India

2. The acceptance of the citizen of India for usage of currency 

Read More

Using Payment Token for Mobile Wallet

Mobile payment solutions can be classified according to the type of payment method adopted to implement the solution. There are three different models available for m-payment solutions on the basis of payment method used

a) Bank account based

b) Credit card based

c) Telecommunication company billing based

Bank Account based Mobile Payment

Banks and telecommunication can collaborate to provide an m-payment solution it is a win-win situation for both industries. In this model, the bank account is linked to the mobile phone number of the customer. When the customer makes a mobile payment transaction with a merchant, the bank account of the customer is debited and the value is credited to the merchant account.

Credit Card based Mobile Payment

In the credit card based mobile payment model, the credit card number is linked to the mobile phone number of the customer. When the customer makes a payment transaction with a merchant, the credit card is charged and the value is credited to the merchant account.

Telecommunication Company Billing of Mobile Payments

Customers may make payment to merchants using his or her mobile phone and this may be charged to the mobile airtime bill of the customer. The customer then settles the bill with the telecommunication company.

 Technologies for Mobile Payments

The Mobile payments requires the mobile application and the communication medium to send and receive payment data

Mobile Wallet Applications can be classified as

Phone-based Application (J2ME/BREW)

The client mobile payment application can reside on the mobile phone of the customer. This application can be developed in Java (J2ME) for GSM mobile phones and in Binary Runtime Environment for Wireless (BREW) for CDMA mobile phones. Personalization of the phones can be done over the air (OTA).

SIM-based Application

The subscriber identity module (SIM) used in GSM mobile phones is a smart card i.e., it is a small chip with processing power and memory. The information in the SIM can be protected using cryptographic algorithms and keys. This makes SIM applications relatively more secure than client applications that reside on the mobile phone. Also, whenever the customer acquires a new handset only the SIM card needs to be moved.  If the application is placed on the phone, a new handset has to be personalized again.

Communication medium for Mobile Payments

The mobile technology landscape provides various communication possibilities for implementing mobile payments. Essentially, a GSM mobile phone may send or receive information through 3 possible channels – SMS, USSD or WAP/GPRS. The choice of the channel influences the way mobile payment schemes are implemented. Secondly, the mobile payment client application may reside on the phone or else it may reside in the subscriber identity module (SIM).

Short Message Service (SMS)

This is a text message service that enables short messages (140-160 characters) that can be transmitted from a mobile phone. Short messages are stored and forwarded by SMS centers. SMS messages have a channel of access to phone different from the voice channel SMS can be used to provide information about the status of one’s account with the bank (informational) or can be used to transmit payment instructions from the phone (transactional).

Unstructured Supplementary Services Delivery (USSD)

Unstructured Supplementary Service Data (USSD) is a technology unique to GSM. It is a capability built into the GSM standard for support of transmitting information over the signaling channels of the GSM network. USSD provides session-based communication, enabling a variety of applications. USSD is session oriented transaction-oriented technology while SMS is a store-and-forward technology. Turnaround response times for interactive applications are shorter for USSD than SMS.USSD is also non charged as compared to SMS. Both SMS and USSD does not need data plan activated and can be used on generic cheap mobile phones also 

WAP/GPRS

General Packet Radio Service (GPRS) or Data is a mobile data service available to GSM users. GPRS provides packet-switched data for GSM networks. GPRS enables services such as Wireless Application Protocol (WAP) access, Multimedia Messaging Service (MMS), and for Internet communication services such as email and World Wide Web access in mobile phones.

Near Field Communication (NFC)

NFC is the fusion of contactless smartcard (RFID) and a mobile phone. The mobile phone can be used as a contactless credit / debit card. NFC enabled phones can act as RFID tags or readers. This creates opportunity to make innovative applications especially in ticketing and couponing. This technology needs the device to support NFC communication  

Dual Chip

Usually the m-payment application is integrated into the SIM card. Normally, SIM cards are purchased in bulk by telecom companies and then customized for use before sale. If the mobile payment application service provider has to write an m-payment application in the SIM card, this has to be done in collaboration with the telecommunications operator (the owner of the SIM). To avoid this, dual chip phones have two slots one for a SIM card (telephony) and another for a payment chip card. But, customers would have to invest in dual chip mobile devices.

SIM Based Mobile Wallet

The mobile payment application software resides on the mobile phone and the card data is stored SIM with details of the customer (and his or her bank account details or credit card information)

The Customer registers the card data and the security required with  telecom operator. On confirmation this data is send to the mobile over the air (OTA) to update the SIM storage with the m-pin which is later on send to the customer as a PIN Mailer

•  User need to register with his telecom Operator for wallet
•  Telecom Operator has tie up with Acquiring Bank
•   VISA / MC act as Certificate Authority for the acquiring bank
•   If the card is on-us the acquiring bank will validate it else it will send it to the interchange for validation
•   If card details are fine the telecom operator will send a tokenized data to be updated to the mobile SIM on OTA using HSM and Payment Tokenization Server
•   The generate mPIN is also send to the User through Pin Mailer

Mobile Payment Flow using Merchant POS / Website 

Mobile Payment Flow using SMS and Merchant Mobile No 

•   Users pays on merchant NFC Pos or Merchant Site using wallet or using SMS with structured SMS data
•   Merchant application calls the api provided by the telecom to access the SIM data using certificate and the mPIN provided by the user.
•   The SIM will respond back the stored token which is send to the Telecom Wallet platform using SMS, USSD, API over the wap
•   The Mobile wallet validates the token and mpin again on the HSM and sends the card data to the acquiring bank as a sale or purchase transaction
•   After approval the response is send back to the merchant application 

Advantage of this approach

•         Highly Secured using digital certificate and mpin 
• .      Generic protocol can be used and no need of smart
• .      High Mobile penetration provide a large customer base
• .      Easy, Cheap and fast payment
• .      Zero or low cost of usage
• .      Easy integration to existing system
• .      New revenue option for telecom providers
• .      Bank can save a lot on pos machines and its operations   

Read More

Agile in Value Delivery

Agile in End to End Value Delivery 

Agile has made development faster and have frequent deployments. Business and IT operations needs stability with speed.  To bridge this gap agile need to stretch itself beyond development and deployment. Business and Development team together need to consider software as a value.

A software value chain is a series of software definition, development, deployment process and operation process.   A series of align process and tools need to work along and synchronized way to provide continuous flow of value to the customer or end user. Processes and tools need to work around the value to provide simplified development and deployment to remove unnecessary handoff and step, also accelerate the delivery of the value by implementing lean and agile principals and practices. Can agile principle be defined to operation also?

Lean and Agile have many things in common each are focused on value delivery

Legacy Dev Ops Model

Teams and Roles

Product Management : The team is responsible for define the functionalities required in the product. In tandem with the Business Operation the team strategies the requirement for the Development Team or Product Vendor for  Product Changes (using the defined Change Control  Process ).  Product Vendors have Product Owners who interact with the team and add these changes to the product log for the Agile team to define and plan Sprints

Tools Used :  Requirement Analysis and Gathering tools, Requirement Tracking and DMS tool  eg Rational, Visio, XLS, Clearcase  

Development Team: Plan and execute the sprints and publish Sprint plan for the deployment, Burn Charts for management. Weekly releases to the staging system for the UAT team to test . A group of sprint releases or one sprint release can be part of the release plan published by the Product owner to the Production and Business Operation.

Tools Used :  Version Control (SVN, CVS,GIT, Visual SourceSafe, Starteam ), ALM tools (SwiftALM, Wizible, Collabnet, Microsoft Team foundation), Continuous integration (Jenkins, Hudson )

UAT /SIT Team: The team is responsible for testing the release in the staging system for integration and system and when done provide UAT pass approval for the release team to prepare release build/ patch  for  Product team

Tools Used : Testpro, Testing Tools/ Simulators, Load runner

Release team : Is responsible for the SCM activity and release activity for both Staging and Production system. Depending on the published release plan and date the team will provide signed build and release note once a go is provided  by the SIT team in the staging server. The team publishes to the stake holders for  downtime approval.

Tools used : Continuous integration (Jenkins, Hudson ),Cruise Control,  ALM tools and PLM tools

Production Support : On downtime approval the team deploys the build or patch on the production system and runs and acceptance test with the business operation. A go-live is declared on successful deployment else it is rolled back with a failure issues logged in the incident system with severity  

Tools : Ticketing or incident management tools ( Bugzilla, Jira, Quality Center, fogbuz), PLM tools like redmine. SwiftPLM, etc

Business Operation: Responsible to provide go-live testing and also provide product changes required for Business Needs

Tools:  The product, Incident Management Tools, PLM tools to track changes status.   

Agile Process in Delivering Value in Operations

Agile team starts with a value delivery (Value Release Team). The Release is planned as a value to be delivered with the whole team. The story board is build on the value and the product log and service catalogue is build on the story board. This is the take away for the agile development   team, release team, business ops, testing team, infrastructure team and product support team.

Agile Value Model

Read More

The Java NIO advantage

The challenge was to create a SIP User Agent with support for 50 Calls per second. The current implementation used UDP and java io api’s.  The implementation worked seamlessly for 10CPS from SIPP once we reached above 10CPS there was packet loss in the UDP Datagram socket. We change the code to support worker threads but still the loss was there. This prompted us to look for using other methods like queuing or   JMS.  I came across a article published by Jakob Jenkov on IO V/s NIO http://java.dzone.com/articles/java-nio-vs-io  and the tutorial provided by http://tutorials.jenkov.com/java-nio/index.html

Java IO V/s Java NIO

The main difference between Java IO and Java NIO is

IO	NIO
Stream oriented	Buffer oriented
Blocking IO	Non blocking IO
	Selectors

The biggest difference is Java IO is stream based and NIO is buffer oriented. Java io being stream oriented can read one byte at a time . They are not cached. Hence we need to cache it in a buffer first.  Java NIO's being buffer oriented the approach different. Data is read into a buffer from which it can be processed later. You can move forth and back in the buffer as you need to. This gives you a bit more flexibility during processing. However, you also need to check if the buffer contains all the data you need in order to fully process it and, you need to make sure that when reading more data into the buffer, you do not overwrite data in the buffer you have not yet processed.

Java io is blocking which means the thread that read () or write () block until there is some data to read or write. When large chunk of messages are pumped into a UDP socket by the time worker thread reads the stream it is blocked which cause packet loss

Java IO UDP Datagram Server

UDPServer.Java

private   final int MAX_PACKET_SIZE = 2048;

private   final byte[] MAX_PACKET_ARRAY = new byte[MAX_PACKET_SIZE];

public void run()

                {

                                try

                                {

                  String value = new String();

                  rxSocket = new DatagramSocket(8080, InetAddress.getByName(localhost));

                  DatagramPacket incomingPacket = new DatagramPacket(MAX_PACKET_ARRAY,                                            MAX_PACKET_ARRAY.length);

                                               

                  while (true)

                  {

                      rxSocket.receive(incomingPacket);

                      if(incomingPacket.getLength()>0){

                        value = new String(incomingPacket.getData(), 0, incomingPacket.getLength());

                        logger.info("Message from client - "+value);

                        ProcessClientMessages pi=new ProcessClientMessages(value,sippclientthread,serverThread,serverinfoThread,incomingPacket.getAddress().getHostAddress(),incomingPacket.getPort());

                        tpes.submit(pi);

                      } 

                    }

                }catch (Exception ex) {

                                                ex.printStackTrace();

                                                logger.error("Callconnector Exception:" ,ex);

                                }

                }

The above program is to recieve the UDP packet using Java IO.

  

Java NIO UDP Server

UDPServer.Java

static int i=0;

public void run()

                {

                                try

                                {

                      String value = new String();

                          DatagramChannel channel = DatagramChannel.open( );

                          DatagramSocket socket = channel.socket( );

                          SocketAddress address = new InetSocketAddress("8080");

                          socket.bind(address);

                          ByteBuffer buffer = ByteBuffer.allocateDirect(65507);

                          byte byteArray[]=new byte[4096];

                  while (true)

                  {

                    SocketAddress client = channel.receive(buffer);

                            buffer.flip();

                            ipport=GeneralManipulation.getHostPort(client);

                            String fromIp=ipport[0];

                            String fromport=ipport[1];

                            while (buffer.hasRemaining( ))

                            { 

                                byteArray[i]=buffer.get();  

                                i=i+1;

                            }

                            i=0;

                            buffer.clear( );

                            value=new String(byteArray);

                    logger.info("str from client - "+value);

                    ProcessClientMessages pi=new ProcessClientMessages(value,sippclientthread,serverThread,serverinfoThread,fromIp,Integer.parseInt(fromport));

                    tpes.submit(pi);

                  }

                }catch (Exception ex) {

                                                ex.printStackTrace();

                                                logger.error("Callconnector Exception:" ,ex);

                                }

                }

The above is the code with java nio channel api that recieves messages on port 8080 and puts it in to the buffer and gets value from it and processes it. ByteBuffer : we allocate size to the bytebuffer and the channel which gets value will be in the buffer., (channel.receive(buffer);) then we iterate the buffer and get value from it.

Summary

NIO helps you to manage multiple channels using a single thread. If you need to connect multiple connections simultaneously using a single thread to manage all outbound connections implementing NIO server is probably an advantage  

Read More

Unix Command Sheet (Cheat Sheet)

Sysinfo : This command is used to display system information i.e cpu, memory, etc

Memory and Swap : These command give information regard physical memory and swap area
Disks, Filesystems and Devices: These commands display disk information, file system etc.
Networking  : These commands are used to display and configuring network parameters

Crash Dump : To configure display and use crash dump data 

Performance Monitoring and Diagnostics : The commands List, Monitor and trace processes



You can download the entire Cheat Sheet from the link

Read More

Tools for Managing Software Development

Software Engineering is a complex process, from modeling and design to code generation, project management, testing, deployment, change management and beyond, tools play a very important role and have become an essential part of managing Software development Process.  Tools allow repetitive, well-defined actions to be automated, reducing the cognitive load on the software engineer who is then free to concentrate on the creative aspects of the process. Tools are often design to support a particular software engineering method thus imposing a specific process. This makes adaptability to a particular tool very difficult since every organization has its own development process. It is either difficult or impossible for companies to move from set processes. We were posed with the same problem. Most of the tools were either ALM based or PLM based and the requirement was to have a single tool to match all our processes. The requirement of the tool was to fulfill the below requirement    

Software Development Tool features / aspects

Requirement Management

Defect Management and Defect Tracking

Source Code Management and Control

Code Review Process and Code Coverage

Design and Case Tool (Use Case etc)

Release and Continuous Integration (Build Automation)

Test Management and Automation

Quality Checklist

Management DashBoard

Resource Planning  and Timesheet Management

Project Management (Planning, Tracking , Cost management )

Breakdown of a typical Software Engineering Methods and Tools

Courtesy  : http://www.computer.org/portal/web/swebok/html/ch10

Typical Product Company tools and Status Data Flow 

Holistic Tool across Organization

 The  tools needs to integrate with the available below to make it a holistic tool

Continuous Integration

Link all work items to tangible, working software in the form of builds. This enables teams to measure progress in terms of working software and to identify problems sooner.

Defect Management

Triage defects and include them in the planning process to balance new work and maintenance. Leverage existing automated workflows and defect reporting, while adding the practice of agile project management.

 IDE

View and update work items directly from your IDE. Stories, defects, tasks and tests can be tracked, updated and closed without ever needing to leave the IDE.

Test Management

Monitor the quality of your projects more easily by making the latest test results visible to dashboard. Teams can leverage existing test plans and test reporting, while creating new tests based on current user stories/backlog items.

Automation Testing Tool

Source Code Management

View code changes for a story or defect quickly by integrating tool with your source code manager. This makes it easier to track down the source of a defect and perform code reviews.

Portfolio and Project Management

Transition from traditional tools and project management practices without making everyone take a “leap of faith”. Integrate with  existing project management tools to avoid the pains of duplicate entry.

Requirements Management

Leverage your existing requirements management tool by creating a two-way flow with the took that keeps your requirements documentation synchronized and traceable while adding the practice of agile project management.

Customer Relationship Management

Link support cases to agile work items. This link enables development teams to understand real customer needs and for support desk to track engineering work through to delivery.

Approach Using Open Source

Build a holistic product using open source technologies to meet the requirement. This will need to have a team of developer and leads (Toolsmiths ) who will use open source tools and modify to cater to our needs

Toolsmith 

Continuous Integration

Tracking Tool (Defect/ FR ) With Workflow 

IDE

Requirement Management

Test Management and Testing Tool

Read More