African Banking Technology Conference

3 April 2008

Nairobi - Kenya

Patrick Mburu

Director, ATS - Africa

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

ATS-Africa an Overview

• Advanced Technical Solutions - Africa LTD (ATS-Africa)- Incorporated in 2006

• IT solutions company, which is formed with strategic alliances in key technological solution industries.

• We specialize in providing turnkey solutions, ranging from implementation of a top of the line mobile software solutions, network and information security systems and business consulting services

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Network & Information Security Solution

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Problem: Identity Theft

• Why Security?

• Problem: Identity Fraud

• FACT: 1. Identity Fraud = 56 billion USD in 2006

2. 12% is internet related = 7 billion USD

3. Average per victim amount is 6000 USD per year

Javelin Strategy and Research & Better Business Bureau 2006 Identity Fraud Survey Report

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Problem: Managing Multiple accounts

Trade ME

Africa Demo Bank (ABD)

HSBC

AMAZON

North-shore Council

Skype

Gmail

ANZ

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Problem: Deployment

Delivery Logistics

Maintenance, replacements

End Users support

Implementation

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

The Solution

• The Next One Time Password Generation

• Cellular Authentication Token (CAT)

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Download from the Internet

No maintenance, no replacements

End users already use Cellulars

Simple initiation

No Token Costs and no Logistics Costs, No Hidden Costs

Cellular Authentication Token – NO Deployment Problem

ABD EF5D18

ID:

OTP:

SubmitSubmit

AgolaA

EF5D18

Login

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Single CAT for Multiple Accounts

Select Site Trade Me ABD HSBC AMAZON

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Security: CAT = Maximum Security

• The Cellular is protected by PIN

• CAT is protected by CAT Password

• CAT Password not kept on Cellular

• Only encrypted verification sentence is kept on Cellular

• Encryption with the Cellular unique ID (IMEI )

• After 3 minutes shuts down

•Two Factors Authentication

What you have = Cellular token

What you know = Password

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

CAT = Maximum Security

User enters a One Time Password to login

CAT Generates OTP every 60 Seconds

Hacker can not reuse old OTP

Hacker can not predict the next OTP

Hacker will look for the CAT Password on the Cellular

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Summary

Check if user exists

Check if user enabled

Encrypt entered password

Compare with saved password

Allow access

Check if user exists

Check if user enabled

Calculate required OTP

Compare with entered OTP

Allow access

Old way CAT way

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Using the CAT

CAT System

administrator end user

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Demo: Using the CAT on a Daily basis

Using the CAT

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Using the CAT – end user

Daily login

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Using the CAT – end user

Daily login

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Using the CAT – end user

Daily login

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Using the CAT – end user

Daily login

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Using the CAT – end user

Daily login

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Using the CAT – end user

Daily login

FE7C8B

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

CAT Deployment – end user

Access granted

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

• New investigations in personal security:

• CAT 4 ATM Secure Transactions

Highlights:

Credit Card owner has to register the card for OTP

Different OTPs for different Cards

The OTP Verification is done at a server side

Server can be at the ATM company or Bank or Credit Card company

Business Model

Registered Credit Cards can make OTP Verification over Internet for eCommerce

On-Going Developments

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Enter Credit Card

1

Generate OTP 2

Enter POTP 3

ATM Software

System Authentication Server

Verify OTP

4

Update Log

Query Result

Query POTP

5

Overview of Verification Process

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Mobile Banking Solution

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

Mobile Banking

• Unlike previous services, mobile banking is a mass-market tool characterized by personalized real-time or on-demand messaging

• Mobile banking enables financial institutions to cost effectively reach their entire customer base.

• ATS-Africa’s mobile banking suite constitutes a revolution in customer service relations and communications technology between financial institutions and their clients.

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

• New Opportunities:

– Drive innovative personalized services,

– Attract new clientele

– Market to their customer base – leading to lower costs, higher revenues and greater profits

Mobile Banking

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

The Solution:

• ATS-Africa, through one of the leading providers of mobile messaging solutions for financial services, has developed a comprehensive offering enabling organizations to make the most of society’s mobile evolution.

• Our end-to-end services provides banks, credit-card companies, and insurance firms what they need to maximize the power of financially-oriented mobile messaging.

• The offering includes a robust middleware platform that serves as a gateway for managing mobile messaging for operational customer care and marketing needs

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

• Secured Connectivity Layer creates a secure IT, two-way messaging channel

• Large Account Application Gateway - A robust middleware platform that serves as a gateway for the central management of organizational messaging

• Application Suite - an array of mobile banking applications such as balance notifications, automated account alerts, fraud alert, and mobile marketing

3 Tier Architecture

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

The Solutions

• m-Query: – A service that enables authorized customers to initiate MO SMS

requests for internal personal account or external financial services data.

– Launched by sending an SMS to a short code number, the application delivers an immediate SMS response to each request.

• m-Campaign: – A service enabling financial institutions to conduct and manage

mobile marketing campaigns.– Integrated with an organization’s CRM system, the solution allows

for new product and service marketing via SMS, MMS and WAP links to an entire customer base or selected customer segments.

www.ats-africa.comwww.ats-africa.com info@ats-africa.com

• m-Enterprise: – A service that enables financial organizations to send group

messages to intra-organizational segments (e.g. branch personnel) or branch customers for updating purposes (e.g. new checkbook availability).

• M-Trade:– A service that enables customers to receive periodic SMS

notifications regarding currency exchange rates, stock exchange alerts and other updates from financial data suppliers;

The Solutions

Thank you

• www.ats-africa.com info@ats-africa.com

Info@ats-africa.com

www.ats-africa.com