Volume 8, Issue 3, March – 2023 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

A Framework for Addressing Mobile Money Security

Vulnerabilities in Tanzania
Kenneth Longo Mlelwa
Information and Communication Technology Department
The Mwalimu Nyerere Memorial Academy
Dar es Salaam, Tanzania

Abstract:- The growth of mobile payments gave rise to largest mobile financial service provider in 2002. However, the
several security threats to users. These threats are first significant deployment was made by a company called
attributed to vulnerabilities due to ignorance, technical Paybox which Deutsche Bank primarily funded; Paybox
issues, inadequate regulations, information about mobile company was founded by two young Germans (Mathias
transactions, and lack of formal complaints and redress Entenmann and Eckart Ortwein). The solution was later
mechanisms. This study aimed to design a framework to deployed in other countries such as Austria, Sweden, Spain,
address security vulnerabilities in mobile money services and the UK, and in about 2003, more than a million people were
in Tanzania. The study was conducted at Airtel Airtel registered on Paybox. Gartner rated the company as the leader
Money agents and employees in Dar es Salaam, with a in the field.
sample size of 163 respondents. The results show that
77.9% of respondents said mobile money service is safe. The provision of financial services by
According to the results obtained, despite the safety of telecommunications industries without carrying cash and
mobile money services, threats and vulnerabilities were physically attached to different service providers has improved
identified. Users receive calls/SMS requests to perform and eased the life of every financial institution and end-user in
unintended transactions. Some users experience altering one way or another by serving time for other life matters and
their mobile money balance, using the public internet to fast transactions. In the past decade, mobile money services
perform a transaction, downloading apps from the have expanded rapidly, resulting in the financial inclusion of
internet, and downloading data from unknown sites are the low-income population that did not have access to
the potential cause of security vulnerability and threats to traditional financial transaction services, as elaborated by
mobile money services. The study recommends that mobile Rwiza et al., 2020.
money operators design a safe system and raise awareness
among users on security aspects. Users are to report any However, the growth of mobile payments gives rise to
receipt of a call or SMS requesting them to perform an several security vulnerabilities and later threats to users, such
unintended transaction, and stakeholders, customers, and as privacy violations, malware attacks, fraud, theft, deviations
Government cooperate in the design and implement the in the quality of services, and financial and device losses (Ali,
safe framework for mobile money service. Dida, Sam, 2020). These threats are attributed to vulnerabilities
in ignorance, technical issues, inadequate regulations,
Keywords:- Vulnerabilities, Mobile Money, Threats. inadequate information about mobile transactions, and a lack
of formal complaints and redress mechanisms.
I. INTRODUCTION
To tackle these threats, we must find the vulnerabilities
Mobile Financial Services (MFS), as provided by Mobile causing them and realize the framework to better manage the
Network Operators (MNO), are the financial services that are risks before landing on the market. Rwiza, Kissaka, and Kapis
being provided through telecommunications registered (2020) developed a methodology for evaluating security threats
subscribers' mobile devices. They include peer-to-peer in the MNO financial service model. They further nailed that;
transactions, bill payments, merchants' services for buying the security evaluation of the MNO financial service model is
goods, interoperability on banks, and transfer to other mobile still in the infancy stages in developing countries. They further
operators, and international remittance. Bångens and said that there are security vulnerabilities in the MNO financial
Söderberg (2008) defined Mobile financial services are service model in such a way that financial regulators may fail
financial transaction services provided by mobile network to track the creation of mobile money in the country.
operators through mobile phones.
II. LITERATURE REVIEW
Mobile financial systems are also known as mobile
money services or mobile money. It is a financial solution Bassole et al. (2020) conducted a study on financial
where customers or end users can perform financial applications vulnerabilities aimed at performing vulnerability
transactions through mobile phones. Mobile money services assessments, facilitating an informed assessment of the
are known as M-money services or SMS money services. They information security and privacy risks that mobile money
were started and announced in 1999, the same year Fundamo services and payment applications face in African countries,
company deployed their prototype and became the world's first

IJISRT23MAR084 www.ijisrt.com 44
Volume 8, Issue 3, March – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
and creating awareness in the research and practice
communities.

Broad penetrations of mobile phone usage and the

availability of more powerful mobile handsets and network
bandwidth have made mobile devices an attractive candidate
for value-added services. Today mobile users can carry out
essential money services and financial transactions such as
transferring money, checking balances or paying a bill or
statement, traditional money services payments, and
Government bills payments, merchant's payments. On the other
hand, payments are the exchange of money, either Electronic
Money (e-money) or physical cash, between mutually
understanding parties. For electronic payment, mobile payment
is mainly used to explain and carry the meaning of these
phenomena.

A study by the international firm Deloitte revealed that

660 million Africans would be equipped with smartphones in
Fig. 1. Vulnerabilities of mobile applications (Source Bassole
2020, against 336 million in 2016. This high penetration rate of
et al.)
smartphones in African countries will increase the
development and use of mobile applications, including
A. Security issues in mobile money services
applications related to financial transactions (Bassole et al.,
2020).
B. Vulnerabilities on the client side
The client-side refers to a mobile money services
Organizations are increasingly adopting mobile money
application installed on the user's device. There are several
services and payments as a new way of business in the 21st
interfaces, in this case, client-side applications which users can
century. Thus, mobile money services and payment security
use to access mobile financial services. These include mobile
concerns are becoming more and more pressing as phone
applications, web browsers, SIM tool Kits (STK), Interactive
penetration, and its associated bulk of malicious apps are
Voice Recorders (IVR), and Unstructured Supplementary
increasing in developing countries. Security issues in mobile
Service Data (USSD).
money services and payments procedure have already been
discussed in the literature.
These interfaces pose vulnerabilities and threats to mobile
payment services from how the functionality is made. While
Mobile computing devices (i.e., laptops, tablets, and
IVR and USSD use plain text to transfer information from the
smartphones) can cause serious harm to organizations and
subscriber handset to the server, mobile applications and web
device owners, their friends, and families because mobile
browsers use the standard HTTP(s) to exchange transactional
devices are far less secure. According to Wlosinski (2016), the
statements.
Verizon 2015 Data Breach Investigations Report1 states that
there are tens of millions of mobile devices which, due to little
Mobile computing device vulnerabilities exist in the
processing power capacity comparable to other server-side
device, the wireless connection, a user's practices, the
devices, are less secure. It imposes security vulnerability and
organization's infrastructure, and wireless peripherals (e.g.,
hence a threat to applications and financial services.
printers, keyboard, mouse), which contain software, an OS, and
a data storage device.
Positive Technologies (2020) summarizes client- and
server-side vulnerabilities in mobile money services
C. USSD, STK, and IVR vulnerabilities
applications related to faults in application code, client-server
USSD is Insecure communication as an attacker can
interaction, and implementation of security mechanisms. Their
tamper with USSD command requests and responses by
report did not consider other common security weaknesses,
conducting man-in-the-middle attacks using fake base stations.
such as failure to manage software updates.
They can also force the phone to connect using Second
Generation(2G) or Third Generation (3G), which are easier to
According to Bassole et al. (2020), Android has
decrypt the traffic and tamper it.
approximately one hundred and thirty (130) permissions,
including permissions that are at risk concerning their access to
Martins (2020) explained that signaling attacks in USSD
sensitive and personal information. Also, we can see that
are a threat as attackers can conduct attacks by sending spoofed
attackers focus on vulnerable technologies they can leverage to
requests from the roaming interfaces or even target SIM Cards
make quick and easy money. Hackers could target these mobile
with vulnerable SIM Tool Kit. If the attackers send a well-
payment apps. How do we keep our-self and our money safe
crafted binary SMS with instructions to send a USSD
while also being able to take advantage of the convenience of
command, the phone can send a USSD request from the
mobile payment apps?
victim's device, and the request will appear to be legitimate, and
the mobile money solution will process it.

IJISRT23MAR084 www.ijisrt.com 45
Volume 8, Issue 3, March – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
USSD requests are insecure in terms of authentication. It Obfuscation is to make it difficult for attackers to read and
happens when authentication controls and protocols are analyze code. Code obfuscation is a protective mechanism to
bypassed due to poor implementation or absence. For example, reduce the attack activities on a software system (Sebastian et
weak pins leave the USSD-based menu vulnerable to brute- al., 2016). Obfuscation (Data masks) can be complete
forcing and guessing attacks. Suppose the USSD menu for user (concealing all of the original data characters) or partial
authentication is not masked. In that case, an attacker can view (obscuring only some of the data characters). One example of
the end user's credentials by conducting social engineering code obfuscation is to remove file name characters at compile
attacks such as shoulder surfing, which makes authentication time. Random or single-letter names replace the names of
vulnerable and becomes a threat to financial services. classes and methods in the source. Lack of obfuscation allows
attackers to analyze the code and find important data, such as
Improper data validation in the USSD can lead to Testing-related usernames and passwords, Encryption keys and
injection attacks that leak sensitive information. An attacker parameters from which keys can be derived, and Salts for
may insert specifically crafted text in the user input to perform hashing and encryption.
malicious actions in the back-end server.
Attackers can then use this information to obtain
Broken access control occurs due to the lack of credentials and access web servers. Moreover, hackers can
appropriate access control and allows the user to access analyze the application algorithm and exploit flaws in business
unauthorized resources, such as features and information. logic. Competitors may also want to know how the application
is designed to copy new product features.
Using technology with publicly known vulnerabilities,
such as the SIM-Jacker, can pose a significant security threat to Storing sensitive information in the device is another
the apps running on the SIM Tool Kit (STK). Using binary vulnerability that can lead to threats, including taking
SMS, attackers can force the device to send malicious requests screenshots of sensitive information and storing cached
to the home network. The main Simjacker attack involves an information in the device and clients to store information like
SMS containing a specific type of spyware-like code sent to a passwords, money services information, and others. It must be
mobile phone, which then instructs the SIM Card within the encrypted if it is necessary to store sensitive data in the client-
phone to 'take over the mobile phone to retrieve and perform side device. The lack of powerful encryption in the devices is a
sensitive commands (Tutorials point, 2022). significant leaves loophole in the security of the primary
services, including MFS.
There needs to be more logging and monitoring in
conjunction with a non-existent or insufficient incident Other vulnerable components of the mobile computing
response to allow fraudulent transactions to occur. More device environment are the loaded apps. Each application can
information will be available for further investigation or even contain a vulnerability that is susceptible to exploitation. The
stopping the ongoing attacks. apps on the mobile device can have a variety of vulnerabilities,
including:
Vulnerability due to security misconfiguration occurs due
to a lack of alignment between system administrators, security Incorrect permission settings that allow access to
administrators, and other non-technical staff. Common controlled functionality such as the camera or GPS, Exposed
examples of incorrect settings are Weak passwords/PINs or internal communications protocols that pass messages
standard credentials that are easily guessed or poor error internally within the device to itself or to other applications,
handling and response. Potentially dangerous functionality that accesses the resources
or the user's personal information via internal program data
D. Mobile applications vulnerabilities calls or hard-coded instructions, Application collusion, where
Insufficient code protection leaves MFS vulnerable to two or more applications pass information to each other to
source code analysis. To exploit vulnerabilities in code, all increase the capabilities of one or both applications,
attackers need is to download the application from Google Play obfuscation, where functionality or processing capabilities are
or the App Store and then de-compile it. Alternatively, an hidden or obscured from the user, Excessive power
attacker can use the default USSD application built into the consumption of applications running continuously in the
phone. background, which drain the battery, thereby reducing system
availability, traditional software vulnerabilities such as
Deep linking is a technology that allows users to navigate insufficient editing of data entered, Structured Query Language
between applications (or sections within an application) to a (SQL) query exploitation and poor programming practices and
specific location using special links, like hyperlinks in web privacy weaknesses in configuration settings that allow access
applications (Lynch, Stewart, 2020). Insecure deep-link to the application's sensitive information (e.g., contacts,
handling is a critical vulnerability that can cause financial calendar information, user tasks, personal reminders,
losses for banks. For example, one money services application photographs, Bluetooth access)
failed to filter deep linking URLs. Attackers could take
advantage of this by loading a link to a web page containing
malicious code and interacting with the JavaScript interfaces
available in those components.

IJISRT23MAR084 www.ijisrt.com 46
Volume 8, Issue 3, March – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Below is the distribution of vulnerabilities by type of data coding, and reverse coding. Data cleaning was done by
activity the end user can use (source Positive technologies examining the collected data to identify omissions and errors
2020). and find a way to rectify them where possible. This process also
checked if the returned questionnaires' data contained therein
are accurate and consistent with other facts gathered, uniformly
entered, and well arranged to facilitate coding and data
analysis. Secondly, data coding was processed by assigning
numerals or other symbols to classes into which responses were
placed.

IV. RESULTS

It was revealed that 77.9% of respondents) believe that

mobile money is safe. The rest believe otherwise, and this is
because mobile money is vulnerable to some threats and
attacks.
Some actions make MM service to be vulnerable. These
include downloading the mobile APP, downloading data from
the internet, receiving the wrong confirmation MM message
Fig. 2. Vulnerability by type (source Positive technologies related to the transaction, and not confirming the recipient
2020). details before the transaction.

III. METHODOLOY Nowadays, mobile money users have been experiencing

receipt of calls or messages asking them to perform unintended
This study employed the mixed design of both qualitative mobile money transactions. Furthermore, most of the
and quantitative. The study used a quantitative approach in respondents in this study experienced such a thing.
identifying and examining the vulnerabilities and proposing its
framework for Mobile Money services. The approach was used The study further discovered that there are threats
because the study aimed at determining the relationship identified mainly by the respondents as they highly affect the
between security vulnerabilities [independent variables] and use of MM services. These threats are in Table 2, Table 3, and
the framework to be designed (a dependent or outcome Figure 4.4. It was revealed that downloading data from the
variable). Some features of quantitative research have been internet, use of public wireless internet, and mobile app
adopted to complement descriptive research. A qualitative misbehavior are the biggest threats to MMT. Users should
approach was used to analyze and process secondary data. avoid using the public internet when performing mobile money
transactions, which may lead to security attacks. The study
A. Sampling, data collection and data processing found that there is a possibility for mobile money balances to
The sample design was done before the data collection. be altered. Thus, users should refrain from using the public
Kothari (2004) defines sample design as a definite plan for internet to transact.
obtaining a sample from a given population. It refers to the
technique or procedure the researcher would adopt to select A dangerous threat examined and found to exist is that
sample items. This involves the identification of the target mobile money transactions can be exposed to the internet
population, determining the size of the sample, and choosing a without the user's concern. This is shown in Table 2 that 14%
sampling method used for data collection based on the adopted of respondents agree with this threat. The respondents found
research design. that their mobile money transactions were exposed with no
concerns. A few respondents have mentioned such a case, but
Data processing was done to prepare collected raw data on the other hand, most of the respondents said they did not
for smooth analysis. Data processing includes data cleaning, find such an experience.

TABLE I. THREATS CAUSED BY THE SECURITY VULNERABILITY

Downloading data from the internet can be Frequency (%) Valid %
a severe problem for MM trans
No 56 34.4 34.4
Not sure 36 22.1 22.1
Yes 71 43.6 43.6
Source: Field data, 2022

IJISRT23MAR084 www.ijisrt.com 47
Volume 8, Issue 3, March – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Table II shows that 82.2% of respondents did not find their MM transaction exposed anywhere.

TABLE II.OTHER MOBILE MONEY THREATS CAUSED BY THE SECURITY VULNERABILITY

MM balance can be altered Frequency (%) Valid %
No 65 39.9 39.9
Not sure 31 19.0 19.0
Yes 67 41.1 41.1
MMT fails due to application misbehavior Frequency (%) Valid %
No 33 20.2 20.2
Not sure 17 10.4 10.4
Yes 113 69.3 69.3
MMT is exposed to the internet or anywhere without your concerns Frequency (%) Valid %
No 134 82.2 82.2
Not sure 6 3.7 3.7
Yes 23 14.1 14.1
Source: Field data, 2022

100
53.4%
90
80
70
No. of respondents

60 30.7%
50
40
30
20 9.2%
6.7%
10
0
I don't know No Not sure Yes
Fig. 3. Responses to the question; is Public internet risk to the mobile transaction?

A. Mobile Money framework to address a security vulnerability

The study believes that mobile money should be designed in a way that privacy will be highly maintained. The study found that
those respondents with confidence in using mobile money transactions agree that there is privacy in using mobile money services.
The results in Table 4 show that of respondents who have seen MMT as the safe platform, 71.6% of them said that MM services have
privacy. Moreover, Table 5 shows that 55.8% of respondents said "yes" to privacy in using mobile money services.

TABLE III. CROSS-TAB FOR MMT SAFE* THERE IS PRIVACY IN MM SERVICES

MM Services are private. Total
No Not Sure Yes
MMT Safe No 21(58.3%) 11(30.6%) 4 (11.1%) 36(22.1%)
Yes 21(16.5%) 15(11.8%) 91(71.6%) 127(77.9%)
Total 42 26 95 163(100%)
Source: Field data, 2022

The study revealed that mobile money services should be safe and ensure the privacy of the users' transactions. The study further
revealed that the users need to confirm the recipient details before initialing the transaction. The results show that several people must
confirm the recipient detail before initiating the transaction. Table 5 shows that 14.1% of respondents must confirm the recipient
details. However, a large number of the respondents (81.6%) do confirm the recipient details.

IJISRT23MAR084 www.ijisrt.com 48
Volume 8, Issue 3, March – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
TABLE IV. FRAMEWORK TO ADDRESS SECURITY VULNERABILITIES
Framework Frequency (%) Valid %
privacy to your mobile money
services
No 42 25.8 25.8
Not sure 30 18.4 18.4
Yes 91 55.8 55.8
Usually, confirm the recipient before
initiating MM trans.
No 23 14.1 14.1
Not sure 7 4.3 4.3
Yes 133 81.6 81.6
Source: Field data, 2022

The study also examined the ways to be used to protect mobile money service users. The study found that, among other things,
there should be the responsiveness of all stakeholders. There should be responsiveness between customers and all stakeholders in the
mobile money, awareness between customers and all stakeholders in the mobile money, awareness of all stakeholders, and awareness
between customers and all stakeholders in the mobile money.

These ways could make a framework to address the vulnerabilities and helps mobile money transaction services users. The
results in Table 6 show that 36.8% of respondents said that all stakeholders should be responsive and shared responsiveness between
customers and all stakeholders in mobile money. Furthermore, 33.2% of respondents said there should be aware of all stakeholders
and shared awareness between customers and all stakeholders in the mobile money services.

TABLE V. WAYS TO PROTECT MOBILE MONEY SERVICES.

Means Frequency (%) Valid %
Any other: 5 3.1 3.1
Awareness of all stakeholders 13 8.0 8.0
Awareness of all stakeholders; The Government's awareness 2 1.2 1.2
Awareness of all stakeholders; The government awareness; Shared awareness 8 4.9 4.9
between customers and all stakeholders in the mobile money
Awareness of all stakeholders; The government awareness; Shared awareness 5 3.1 3.1
between customers and all stakeholders in the mobile money; Any other:
Customer awareness 9 5.5 5.5
Customer responsiveness 11 6.7 6.7
Responsiveness of all stakeholders 25 15.3 15.3
Shared awareness between customers and all stakeholders in the mobile 41 25.2 25.2
money
Shared responsiveness between customers and all stakeholders in the mobile 35 21.5 21.5
money
The government awareness 7 4.3 4.3
The government awareness; Shared awareness between customers and all 1 .6 .6
stakeholders in the mobile money
The government responsiveness 1 .6 .6
Source: Field data, 2022

B. Framework to address Vulnerabilities. From exposure, analysis is done, which can be done by
In mobile money services, one must be exposed when the customer, company, or Government regarding the kind of
performing mobile money transactions. Mobile money exposure. Customer needs awareness which, with the current
transaction exposure is a state of not having protection on technology, can be obtained easily. This awareness includes
performing a financial transaction. Depending on the weight of security, vulnerabilities, and impacts of the threats or risks.
the exposure, vulnerabilities can be formed. From the study, Service providers also need awareness of the business loss,
these exposures can relate to receiving a message or a call to financial losses, and government penalties they may incur if a
perform an unintended transaction that is coming randomly. loss is caused by vulnerabilities in the company. This includes
This can also be contributed by performing a transaction using service or application misconfigurations and service settings
the public internet or performing a transaction in public as this ignorance which might result in mobile money services losses,
lets hackers, shoulder surfing, see the details of the which may lead to brand ruining. Government regulators must
transactions. be aware of all the losses which customers and companies
might incur, which may lead to revenue loss and customer
disturbances.

IJISRT23MAR084 www.ijisrt.com 49
Volume 8, Issue 3, March – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Threat analysis can be handled to find how much the money services is an essential concern for the successful
impact will be, which might lead to mitigation, coping, or loss, operation of MM services.
and how they can be avoided to improve mobile money
security. Vulnerability solution options can be looked upon in In this study, there is an indication that the mobile money
trying to eliminate the vulnerability or reduce an impact. A service is safe in Tanzania. Most of the respondents (77.9%)
preventive solution begins with an appraisal of the potential said so.
threat, which then triggers preventive actions to mitigate or
prevent undesirable consequences. This process is referred to The security vulnerabilities and threats identified by the
as the coping appraisal process (Monda, 2020). Mitigation study are; downloading the mobile APP, downloading data
would happen if the used option gave a positive solution from the internet, receiving wrong confirmation mobile money
concerning time. If an option provided is wrong or partial, the message related to the transaction, not confirming the recipient
impact will increase the threat of mobile financial loss to details before the transaction, receiving a call or message
customers, service providers, and the Government. However, asking MM user to perform unintended mobile money
sometimes the option can be neutral due to experience and transaction and use of public wireless internet and mobile apps
existing exposure environment, which can lead to coping or misbehavior.
resilience. This means that a customer can recover effectively
from loss if the impact is not significant and the vulnerability RECOMMENDATIONS
is dealt with externally.
First, the study recommends that mobile money users
All three aspects (exposure, potential vulnerability choose safe approaches to using the mobile money service.
analysis, and threat analysis) of the framework can be done on They should avoid situations that may risk the transaction made
a mobile money environment to assist customers, service by mobile money, such as avoiding using the same password
providers, and Government as a regulator to meet harmony in for a long time, avoiding performing the transaction openly/in
the mobile financial services sector. This can only be achieved public, and not showing the password of mobile money. This
by involving all stakeholders collaborating, to which 65% of all will help them to remain safe when using mobile money
respondents agreed. The Vulnerability assessment approach services.
(identification, analysis, and controlling) can be followed in
this framework shown in Figure 4.5, in which 50.9% of Secondly, mobile money operators such as Mpesa, Tigo
respondents agreed on that. Pesa, Airtel Money, HaloPesa, and the like should implement
a safe environment for mobile money users.

Thirdly, mobile money users should report any security

vulnerability or threat to the authority. For instance, when a call
or SMS asking the users to perform an unintended transaction
is received, users should immediately report it to the authorities
and regulations. The study also recommends to the users that
confirming the recipient or service name details is mandatory
as it will avoid the threat and risk of theft.

Fourthly, the study recommends that stakeholders,

customers, and Government cooperate in the design and
implement the safe framework for mobile money service. Also,
the awareness between customers, stakeholders, and shared
awareness between customers and all stakeholders in mobile
money should be considered.

Lastly, the study recommends that further studies be

carried out to prevent security vulnerabilities and threats to
mobile money services. It should also focus on different types
of users, including regular citizens, not just employees and
Fig. 4. Framework design mobile money agents.

V. CONCLUSIONS AND RECOMMENDATIONS REFERENCES

The study aimed to design a framework to address [1]. Bångens, S. (2008). "Mobile money services –Financial
security vulnerabilities in mobile money in Tanzania. Mobile Services for the Unbanked?” Swedish Program for ICT
money service in Tanzania is safe, as chapter four findings in Developing Regions, SPIDER [Online] URL:
show. However, the study realized the presence of security https://spidercenter.org/wp-
vulnerability and threats to mobile money. Security is the major content/blogs.dir/362/files/2016/11/Spider-ICT4D-
component of digital financial services, specifically Mobile Series-2-Mobile-money services-financial-services-for-
Money services. Therefore, the security aspect of mobile the-unbanked.pdf [Accessed on]: 18/11/2021

IJISRT23MAR084 www.ijisrt.com 50
Volume 8, Issue 3, March – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
[2]. Bassolé et al., (2020) "Vulnerability Analysis in Mobile [15]. Positive Technologies, (2020). "Vulnerabilities and
money services and Payment Applications on Android in threats in mobile banks” [Online] [accessed
African Countries" ICST Institute for Computer URL]: https://www.ptsecurity.com/ww-
Sciences, Social Informatics and Telecommunications en/solutions/financial/, accessed on 16/Mar/2022.
Engineering 2020 Published by Springer Nature [16]. Rumanyika, (2015). "Obstacles towards adoption of
Switzerland AG 2020. All Rights Reserved J. P. R. Thorn mobile money services in Tanzania: a review”
et al. (Eds.): Interpol 2020, LNICST 321, pp. 164–175, International Journal of Information Technology and
2020. URL: https://doi.org/10.1007/978-3-030-51051- Business Management, v35(1)
0_12. [Online]URL:http://dspace.cbe.ac.tz:8080/xmlui/bitstre
[3]. Dhillon, (2007). "Principles of Information Systems am/handle/123456789/269/1%20rumaniyaka%20.pdf?s
Security: Text and Cases ."John Wiley & Sons Inc. equence=1&isAllowed=y [accessed on]: 18 November
[4]. Didier, Gouayon, Yaya and Oumrouu 2020, 2021.
“Vulnerability Analysis in Mobile money services and [17]. Rwiza, K., Kapis, (2020). “A Methodology for
Payment Applications on Android in African Countries," Evaluating Security in MNO Financial Service Model,"
[Online] [ Accessed URL]: https://doi.org/10.1007/978- 2020 IST-Africa Conference (IST-Africa).
3-030-51051-0_12, [accessed on] 15/03/2022. [18]. Sebastian and others, (2016). “A Study & Review on
[5]. Jiow, Mwagwabi, and Low-Lim (2021). Effectiveness of Code Obfuscation.” [Online] [access URL]
protection motivation theory based: Password hygiene DOI: 10.1109/STARTUP.2016.7583913 [Accessed on]
training program for youth media literacy education. 27/03/2022.
Journal of Media Literacy Education, 13(1), 67-78. [19]. Tutorialspoint, (2022). "What is a Simjacker attack?”
https://doi.org/10.23860/JMLE-2021-13-1-6. [Online] [accessed URL]
[6]. Kabir (2016) "Introduction to research" [Online] https://www.tutorialspoint.com/what-is-simjacker
[accessed URL]: attack#:~:text=At%20its%20most%20basic%20level,re
https://www.researchgate.net/publication/325846733_I ceive%20and%20conduct%20sensitive%20orders.
NTRODUCTION_TO_RESEARCH [access on]: [Accessed on] 29/03/2022.
18/11/2021. [20]. Wlosinski, (2016). "Mobile Computing Device Threats,
[7]. Lynch, S. (2020). "Deep Links." [online],[Accessed Vulnerabilities and Risk Are Ubiquitous," ISACA
URL] DOI://10.1007/978-1-4842-6700-4_6 [accessed JOURNAL, [online] [Accessed
on] 26/03/2022 . URL]: https://www.isaca.org/resources/isaca-
[8]. Martin, (2020). "Mobile Security” [Online] [accessed journal/issues/2016/volume-4/mobile-computing-
URL]: https://medium.com/josue-martins/ussd-top-10- device-threats-vulnerabilities-and-risk-are-ubiquitous,
security-risk-for-mobile-payments-bcd64d0a34dc, [accessed on] 15/03/2022.
[accessed on] 29/03/2022. [21]. Wodo, S., Błaśkiewicz (2021) "Security issues of
[9]. Mazhar and others, (2014) “An Investigation of Factors electronic and mobile money services" Conference: 18th
Affecting Usage and Adoption of Internet & Mobile International Conference on Security and Cryptography:
money services In Pakistan” International Journal of SECRYPT 2021 [Online]:
Accounting and Financial Reporting (2014), V4(2). DOI:10.5220/0010466606310638 (accessed on)
[10]. Momani, A. (2020). The Unified Theory of Acceptance 14/06/2022.
and Use of Technology: A New Approach in Technology
Acceptance. International Journal of Sociotechnology
and Knowledge Development. 12. 79–98.
10.4018/IJSKD.2020070105.
[11]. Nayak, Nath and Goel, (2014). “A study of adoption
Behavior of Mobile money services by Indian
Consumers ."International journal of research in
Engineering & Technology.2(3). March 2014. 209-222.
[12]. Marathon, (2006). Fighting poverty from the street. A
Survey of Street Food Vendors in Bangkok.
[13]. NTIGWIGWA(2019). Factors that Contribute to
Cybercrime in Mobile Money Services in Tanzania: A
Case of Kibaha Town (Doctoral dissertation, Mzumbe
University).
[14]. Nyamtiga, S., Laizer (2013) "Security Perspectives For
USSD Versus SMS In Conducting Mobile Transactions"
INTERNATIONAL JOURNAL OF TECHNOLOGY
ENHANCEMENTS AND EMERGING
ENGINEERING RESEARCH, VOL 1, ISSUE 3 ISSN
2347-4289.

IJISRT23MAR084 www.ijisrt.com 51