Towards end-to-end security in branchless banking

Abstract

Mobile-based branchless banking has become one of the key mechanisms for extending financial services to low-income populations in the world's developing regions. One shortcoming of today's branchless banking systems is that they rely largely on network-layer services for securing transactions and do not implement any application-layer security. Recent results show that several of these systems are, in fact, not end-to-end secure. In this paper, we make the case for designing mobile-based branchless banking systems which build security into the application layer and guarantee end-to-end security to system users. We present a threat model which captures the goals of authenticated transactions in these systems and then provide recommendations for solution design based on our model's requirements.