Mobile network operators world-wide are rapidly exploiting the latest SIM card technology to support the delivery of value-added functions such as online information. However, the technology is capable of much more and some operators have already begun to work with partners to deliver sophisticated financial services, with mobile banking being the initial target. Mobile e-commerce is close behind, with the prospect of dual-slot phones combining the currently independent smart card standards of SIM and payment chip cards.

SIM card (subscriber identity module) technology has been one factor behind the success of GSM. Originally the SIM was used as an ID and security device, but its role and influence on services has grown dramatically with developments that started with Phase 2 of the GSM specification. At first these developments were fairly simple, such as personalising the phone to the user by adding useful functions like a directory. Now, with the Phase 2+ specification, the SIM offers an extra layer of programmable intelligence that is being used as to realise mobile value-added services.

SIM Toolkit

The commands provided in the SIM Toolkit (STK) specification of GSM Phase 2+ allow the SIM to run application programs independently, interacting with the handset’s user interface as dictated by the application. This has become extremely popular with operators because it allows the display and keypad of standard handsets to be customised for specific value-added services, and provides a mechanism for storing and using any specific parameters required by a service.

Moreover, it is all achieved with a standard and very low cost item of hardware, which may be programmed under a relatively fast and well understood development cycle that can be as short as a few weeks.

SIM Toolkit applications typically allow operators to exploit the data communications potential of GSM, providing a means to increase the use of airtime. More important is the way that operators can develop applications to create services with a unique brand identity, so minimising churn.

In practice, SIM Toolkit commands provide a simple, menu-driven access to services that enhance the ergonomics and performance of a terminal that has a relatively simple user interface. Most of the early value-added services have been related to information on demand, but the target for many operators is to support payments and highvalue transactions, therefore generating extra revenue through commission. This aim can be achieved by developing an application that runs purely on the SIM, something that several operators have already achieved. A second approach is to write a SIM Toolkit application that supports transactions performed on an additional card, such as an e-purse, plugged into a second slot.

To date, the first SIM-based financial applications have typically been similar to simple home banking, such as checking balances and transferring money between different accounts in the same bank. However, the trend is towards more sophistication and it is likely that soon there will be mass-market SIM-based phones that can be used for e-commerce applications, such as buying stocks and shares as well as retail goods.

Asian operators have been at the forefront of the developments in mobile banking. The first mobile SIM card banking application in the region came from the Hong Kong mobile network operator ‘SUNDAY?and its partner, Chase Manhattan Card Company, in late 1998. Schlumberger SIMera cards allow customers to remotely check their credit card account, transfer money, and order and pay for certain goods available through the operator’s own value-added service range. Two other Hong Kong operators have since launched mobile banking services.

At present, SIM Toolkit applications have only been introduced by a relatively small minority of GSM operators, but it is believed that the vast majority will introduce the technology within the next couple of years. Any that remain isolated from this trend will probably still be operating in developing economies where the overwhelming demand is for basic voice services.

Security

One of the underlying reasons behind the attractiveness of SIM technology as an enabler for financial transactions is its inherent security. SIMs started life as security devices, to provide a unique means of identifying individual subscribers; they use encryption and intrinsic computational capability to store secret information that is never divulged externally in clear form. This is combined with the intrinsic security of GSM communication links to form an invaluable combination for financial applications.

Another facet of the attraction is the highly standardised nature of GSM throughout the world and the enormous user base that already far outnumbers Internet customers. Internet for mobile terminals is also on its way through the WAP specification, which also features smart card security.

Flexibility

With the SIM Toolkit, adding a new banking or commerce application to a SIM card is relatively easy, but taking this approach means that the operator has to define and implement its own payment standards. Smart cards are also finding an equally important role in the financial sector as a means of protecting against fraud, as well as for supporting multiple financial applications. However, one current problem is that the card standard that has emerged in the financial world (EMV: Europay, MasterCard, Visa) is incompatible with SIM cards.

However, because of a revision to the SIM Toolkit, the SIM specification recognises the value of other cards and provides a mechanism for linking to them: the result is that handset developers have created mobile phones with dual card slots. This still requires a SIM Toolkit application, to act as a ‘secure facilitator?between the SIM and the second card, and also to provide an ergonomic interface for the user.

A major benefit of this approach is to allow the mobile phone to gain access to standard smart financial applications such as the e-purse, which is already on trial or in use in numerous countries. In addition to remote payment, the e-purse can be recharged remotely, allowing banks to expand their business without investing in new ATMs. All that is necessary for recharging is a simple application on the SIM that recognises the card and extracts the relevant information in preparation for on-line banking transactions. Schlumberger has already developed example applets to speed deployment of this type of application, and has recently demonstrated the technology with both Visa Open Platform and Multos payment cards.

Open platforms

Although the SIM Toolkit standardises the way that the card can be used, SIM cards are still being developed using proprietary technology: each manufacturer uses their own development tools to create masks for their own preferred range of chips. The need for factory personalisation of SIMs still restricts the speed of supply, and the ultimate flexibility of the platform. Another development that deserves consideration in the drive towards mobile banking and commerce is the introduction of open SIM platforms.

The first step has been to bring the benefits of the Java software environment to GSM SIMs. The standard JavaCard API (application programming interface) eliminates the proprietary approach to programming SIMs. Instead, programmers from the mainstream software development community, using commercially available development tools, can develop applications. The resulting Java-compatible SIMs can run a number of sophisticated application programs independently, and several operators in the Asia-Pacific (such as FarEastone, Orange and SUNDAY) have already publicly signed up for this technology based on SIMera cards from Schlumberger. One of the world’s largest credit card companies also supports the JavaCard standard. Although we are still seeing the launch of Phase 2+ applications based on proprietary SIMs, ETSI has now incorporated Java Card interoperability into its specifications and future ‘multi service?cards will almost certainly be based on Java technology.

The second major element required to implement a working multi-application SIM card solution is the provision of host software and servers to distribute and manage GSM-based value-added applications. In moving on from factory personalisation of SIMs, an end-to-end solution to application management can include three other types of distribution channel, allowing applications to be put into the field more rapidly:

• Over-the-air customisation (OTAC) remotely upgrades or deletes applications directly onto the SIM card
• Downloading of new applets can be undertaken via certified point-of-sale terminals such as ATMs
• Customers can manage remote applications on their PC through the Web. A range of servers offering these capabilities (known as Aremis) is available from Schlumberger.

The future

Operators and customers have long viewed smart card technology with great confidence, and its inherent security is underpinning the trend towards over-the-air financial transactions.

The emergence of SIMs as a complementary programmable tool that can exploit and customise the advanced features of modern handsets quickly and economically is now providing operators and their partners with a means of delivering a very wide range of new services. Complementary developments such as the provision of higher-level operating system and programming environments (such as Java-compatibility) can only help the situation, and it is likely that there will be a strong move in this direction.

Jean Claude Deturche, Smart Cards Marketing, Vice President, Schlumberger Test & Transactions-Asia, Hong Kong, China