Mobile-based branchless banking has become one of the key mechanisms for extending financial services to disenfranchised populations in the world’s developing regions. One shortcoming of today’s branchless banking systems is that they rely largely on network-layer services for securing transactions and do not implement any application-layer security. Recent attacks on some of the most popular branchless banking systems show that these systems are, in fact, not end-to-end secure.
In this paper, we make the case for designing mobile-based branchless banking systems which build security into the application layer of the protocol and guarantee end-to-end security to system users. Our main contribution is a threat model which effectively captures the goals of end-to-end authenticated transactions in branchless banking. This model, besides incorporating the obvious external threats to a protocol, also accounts for the possibility of insider attacks—those mountable by banking agents or other human intermediaries in the system. We then provide recommendations for solution design based on the security requirements of our model and the infrastructural constraints under which branchless banking systems operate.
[This is the ACM copyrighted version that appears in HotMobile 2011. Please contact author by email if interested in the full version.]