USSD Security.
Ok, seems like there is a lack of info on USSD security. With a growth of interest in mobile payment and banking, we really have to clear this one out. If you are not familiar with USSD, read basic facts about it here.
There are two ways for villains to sniff the data – in the air and when it is stored on servers. The thing is USSD signal itself is not encrypted when it is transferred over the air. People seem to talk a lot about it being a big security hole. But the GSM channel that carries the signal has built-in encryption, authentication, authorization and accounting protocols. It’s not like an easy thing to hack. It will cost a copious amount of cash to buy equipment which can do it. And then villains have to chase you wherever you go to trace the signal. And then you make a ten dollars transaction.
Aghh, too much hassle, right?
Imagine that bad guys had no success with your ten bucks. Then your signal arrives to operator, where data is decrypted within network. No need to panic, as operators have their own system of security. If you need you can ask for end-to-end encryption, when data is encrypted from the user to your service all the way through. Though, governments usually don’t allow operators to do it, as they are quite curious.
Now, all the aforementioned stuff applies to SMS as well. So USSD is, at least, as secure as SMS. Which is the most popular format for mobile commerce. But unlike SMS, USSD is not stored on servers for months and years to come, and it doesn’t leave traces on your mobile phone, as it is session-based.
Nobody really questions SMS, as nobody really questions security of credit cards. Well, maybe someone, but the cards are still widely used. This month a San Francisco man was sentenced to 13 years in federal prison for stealing 1.8 million bank and credit card numbers. Guess what? Banks are still there and credit cards are alive and well. It is instilled in people’s minds that they are safe, so they continue to use them. Thus finding holes in USSD is not the best idea – there are plenty of popular types of money transactions which are often hacked but still widely used.
The point is – it is useless to discuss the security of USSD out of service context. Firstly you need to define what your service is, what money is transferred. With default settings, USSD may not be secure for one million dollar transaction, hence you will have to adjust the channel for your particular needs. Remember also, that scenario for a service can provide high level of security by itself.
Follow these steps, if you are thinking of using USSD:
1. Specify the sum of money.
The level of security depends on the quantity of money involved. If your service is using micro/small payments, then standard GSM security is enough. For bigger transactions you would probably want to install additional encryption. Remember, though, better locks cost more, so count your money too.
2. Analyze network infrastructure.
Look at the whole network and see what parts of it don’t meet your security requirements. This may be the part where a signal goes from the mobile user to the operator’s server and then to your server. In this case, you can encourage users to install java applications to enhance the level of security.
If you are concerned about potential insecurity within the operator’s network, negotiate your needs with the operator. Keep in mind, that in many countries encryption/decryption of data within an operator is regulated by the government.
Finally, don’t forget about protecting your own service.
3. User experience is numero uno.
You can bury your business if clients have to go through numerous steps to install protection, such as going to different offices, buying a new SIM card, etc. Keep the balance between security and user experience. People want it simple.
4. Tell everybody how safe you are.
Make people trust your service by executing a marketing campaign, giving them guarantees, etc.
Don’t put security on the top, look at USSD from the point of business opportunity. It certainly can provide you with one.
We’ll certainly come back to this topic again later.
Real Time Updates from #RusTechDel
The Great iPad fever. Early diagnosis.
Yes. The new Apple device is announced and gadget freaks are smashing their heads against the wall. “No multitasking, no cameras, no flash, no this, no that” – these are the main symptoms on the Internet blogs right now. Some, though, are quite immune to the illness and draw sober conclusions about why iPad is cool.
So, why on Earth Apple would make such useless device (according to geeks) which costs at least half a grand? What is the audience for it? As always, Apple thinks different. And with iPad, they are probably thinking of your mom, dad, kids and maybe even your grandma and grandpa.
When it comes to user experience, seems like iPad is the best thing ever created, to get people with no knowledge about computers to the digital world. Browsing web, watching movies, emails, photos – all common tasks are executed in this device with ease and elegance. Your mom is likely to appreciate the slick and showy look of it. Using fingers to manipulate certainly adds to the appeal, as it significantly improves user experience. It is almost like in a Sci-Fi movie, i.e. cool as hell.
These people don’t need multitasking. They don’t need to read The New York Times and watch Youtube simultaneously, while looking through photos. They want just casually do one thing at a time, like reading a newspaper in the kitchen, or watching movie while on a train. And all that is without the complications of PCs.
Let’s leave aside comparison to Kindle – reading books is just one of the functions that iPad have, and it is not the main one. Though Apple is exploring the new market with iBooks, it is likely to succeed with it. iPad have this aesthetic appeal, as all the products that Apple designs. Ignoring technical characteristics, imagine, what your girlfriend would like more as a present, a bland Kindle or a trendy piece of glass with a lovely apple on the backside? And still, if she doesn’t want to read books she can enjoy other functions, which Kindle doesn’t have. And the price is not that different – but iPad is not only a book reader.
As always, Apple fans will be buying it, just because it is Apple. It may also be the first introduction to Mac OS for Windows users. They may finally follow the hype, as 499$ is not that much. And many people will buy it as addition to their home PCs and notebooks.
There is also this niche, people new to computers, which can be quite considerable. Creating services for them, one should follow the prime example – the iPad itself. Simplicity. The NY Times demonstrated the new app for reading their web site at the iPad presentation that perfectly represents this philosophy. Even inexperienced users can learn how to use it in two minutes. Easy and useful web sites and apps are likely to have big success with this market.
Bashing every new Apple device seems like a nice tradition. We, however, think that Stevie will again make loads of cash, and very much deserved, as iPad is truly an innovative gadget. Just wait and see.
Ads-n-Balance. The most valuable mobile service for delivering advertisements 24/7.
Want to send your marketing message to people with mobile phones? Worry it makes them a little bit vexed or, even more, they don’t read it at all? Wish to make ads distribution more consistent, regular, and at the same time legitimate?
Earlier we discussed that nowadays there is a lack of mobile services which have a place for effective advertising and which offer solutions to questions mentioned above. Well, as promised, we shed some light as to why Ads-n-Balance stands out from other offers in the market.
This service combines the following:
- An easy way to check balance on any mobile phone (by dialing a simple service number, e.g. *100#).
- Each balance message contains a targeted ad.
Ads-n-Balance is currently the one, if not the only one, mobile service which all users use constantly and where ad placement is not out of place. Subscribers check the balance several times a day. It means that they get your targeted message every day, all year round! Basically it’s the only legit and almost as effective as TV way of advertising on mobile phones.
The major advantage of this service is that all mobile users visit it regularly, and most importantly, they are doing it by their own will. That’s why this service is unique – it reaches broad audience and advertising is not intrusive. Much like banners on a website, ads don’t prevent user from getting valuable info.
It is currently the only mobile balance inquiry service in the world that supports targeted advertising. Targeting of ads can be:
- Geographical. You can focus your campaign on specific regions and location of the user.
- Demographic. You can deliver ads to the age group and gender of your choice.
- Behavioral (it includes: answers to the polls, preferences, and actions of subscribers). Past choices and actions can be recorded and used for a better understanding of the user needs. You can use them to aim your offers to particular people.
To put it simple, Ads-n-Balance provides a great way for unobtrusive and targeted advertising on mobile phones with the goal to reach as many consumers with mobile phones as possible. We have checked its effectiveness by advertising our Eyeline services through it. Ads demonstrate 30% response rates which are way better than those of TV and SMS.
If you want a more detailed information, contact us at info@eyeline.mobi.
Mobile phones. Is it really the right media for advertising?
Eyes of consumers are probably the most important thing for advertisers who want to know how many people they have reached last month. Such media as TV, radio, Internet and billboards give an opportunity to count. For example, advertisers know the number of viewers attracted each week by a popular reality show or a late night show. Billboard advertising provides a metric as well: Times Square Bulletin, the mecca of advertising, reaches 1.5 million people every month. The same goes for the Internet: Google Analytics and similar services provide measuring tools of the website audience and supply detailed statistics about visitors.
All of these media have three things in common:
- A guaranteed number of people reached. Advertisers have a good idea of how much money they need to spend to reach a certain number of potential consumers in particular context.
- People gather around these media because they are interested in something, be it a TV show or a web site. They don’t turn on TV to watch commercials, they just happen to be there during the breaks in the show which they enjoy watching.
- One may say – people don’t flock around billboards to enjoy reading about “Always Coca-Cola”. But every day they take a glimpse and absorb this message. As in television, radio and Internet ensures consistency of a marketing message.
The same is not true for mobile advertising. When a mobile user receives an unsolicited SMS with an ad on his/her personal mobile phone, the message it carries becomes irrelevant. The recipient no longer controls the situation as in the case of other media. He or she are not there for something they want. As a rule they become irritated and quit paying attention. Or they sue. In addition, advertisers can’t really measure the number of eyes they attract, as there is no indication whether he/she has read the message.
Besides that, how many times can you assault your subscribers with spam? Once a week maybe? A more frequent reach will drive them nuts and will likely harm your reputation. But sending your message once a week doesn’t guarantee neither that the user will notice it, nor that the message will be consistent enough to get imprinted in the consumer’s mind.
Maybe mobile marketers should concentrate on creating services that give value to mobile users? Services, to which people come on a daily basis, which are not a collection of ads but something of value to them. This way, ads will no longer annoy users, and advertisers will attract people’s eyes without being too obvious and too aggressive.
So to answer the question – are mobile phones the right media for advertising? Indeed they are, if the right approach is used.
Later we will talk about one of such services – Eyeline’s Ads-n-Balance. Stay tuned.
