Securing the uncharted territory : transaction receipts in branchless banking

Abstract

Mobile-based branchless banking has become a key mech- anism for enabling financial inclusion in the developing re- gions of the world. A fundamental requirement of all branch- less banking systems is a mechanism to provide reliable ev- idence to users about the occurrence of transactions, which is implemented in the form of receipts delivered after each transaction. Existing receipt delivery mechanisms, however, provide poor security guarantees to users, which has led to multiple exploits and financial losses recently. In this paper, we present results from two studies conducted with users of a leading branchless banking service in India. Our first study explores current practice with respect to transaction receipts through interviews conducted with 67 users and 87 trans- action observations. The study reveals a desire for robust receipt delivery systems amongst users as well as a preva- lence of insecure practices, which makes users susceptible to fraud. The second study tests usability of receipt verification protocols with 30 users and finds that despite their limited education, users are able to distinguish between secure and insecure interfaces for receipt verification and 37% of them state a strong preference for the secure interface even though it is evidently less convenient.