0% found this document useful (0 votes)

763 views19 pages

Security in Next Generation Mobile Payment Systems A Comprehensive Survey

Uploaded by

shahzaib.khan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

763 views19 pages

Security in Next Generation Mobile Payment Systems A Comprehensive Survey

Uploaded by

shahzaib.khan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 19

This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3105450, IEEE Access

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2017.DOI

Security in Next Generation Mobile

Payment Systems: A Comprehensive
Survey
WAQAS AHMED1 , AAMIR RASOOL2 , ABDUL REHMAN JAVED1* , NEERAJ KUMAR3 , THIPPA
REDDY GADEKALLU4 , ZUNERA JALIL1 , NATALIA KRYVINSKA5*
1
Department of Cyber Security, Air University, Islamabad, Pakistan
2
Institute of Avionics and Aeronautics, PAF Complex, E-9, Air University, Islamabad, Pakistan
3
Department of Computer Science and Engineering, Thapar Institute of Engineering & Technology, Patiala (Pb.),India
4
School of Information Technology and Engineering, Vellore Institute of Technology, Tamil Nadu, India
5
Faculty of Management, Comenius University in Bratislava Odbojárov 10, 82005 Bratislava 25, Slovakia
Corresponding author: [email protected], [email protected]

ABSTRACT Cash payment is still king in several markets, accounting for more than 90% of the payments
in almost all the developing countries. The usage of mobile phones is pretty ordinary in this present
era. Mobile phones have become an inseparable friend for many users, serving much more than just
communication tools. Every subsequent person is heavily relying on them due to multifaceted usage and
affordability. Every person wants to manage his/her daily transactions and related issues by using his/her
mobile phone. With the rise and advancements of mobile-specific security, threats are evolving as well. In
this paper, we provide a survey of various security models for mobile phones. We explore multiple proposed
models of the mobile payment system (MPS), their technologies and comparisons, payment methods,
different security mechanisms involved in MPS, and provide analysis of the encryption technologies,
authentication methods, and firewall in MPS. We also present current challenges and future directions of
mobile phone security.

INDEX TERMS Mobile Phone, Mobile Payment Method, Online System, Transaction, Mobile Commerce,
Cyberattacks

I. INTRODUCTION Information and communication technology (ICT) is being

Cash payment is still monarch in several markets, accounting extensively used all around the world [10]. The traditional
for more than 90% of the payments in all almost all the devel- face-to-face interaction requirement for payment transactions
oping countries [1]. Nowadays, the use of mobile devices by is avoided, and remote communication is adopted. There is
people has increased tremendously. A considerable number no need for direct contact between a payer and the payee that
of people use mobile phones to perform day-to-day tasks [2]. changes the business environment and leads toward using the
These devices can be used for many tasks, such as making internet to do different transactions. This situation requires
phone calls, web surfing, emailing, gaming, and many other electronic money or digital bits; the system resembles like
tasks. traditional payment but with the usage of internet infras-
The current research in the area is focused on the usage of tructure and digital data for money transfer. There are many
mobile phone to perform payment securely. However, mobile advantages of using e-money, like the client’s anonymity or
systems face different limitations [3], [4], [5] such as low the client’s presence is not required during transactions. At
storage and computation power, due to which they cannot the same time, it also has some disadvantages, like com-
perform heavy encryption operations. Different attacks are promising of confidentiality, integrity, and availability (CIA)
reported on mobile devices due to lack of security patches [11].
such as spoofing, phishing, malware, and sniffing attacks [6], The vast development of mobile phone technology enables
[7], [8], [9]. In order to effectively design the MPS, these the growth of internet services. Internet brings the electronic
attack scenarios must be considered for safety and security. transaction systems [12] to the mobile phones and also m-

VOLUME 4, 2016 1

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3105450, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

Merchants / businesses are the

cornerstone of the whole system.
Customers plays a key role in mobile They interact with the customers
payment system and are the nucleus with business offerings in the form of
of the whole mobile payment world. products and services and gain their
They initiate the business transaction monetary benefits in return through
that results in mobile payment mobile payment system.
system’s event to trigger. MERCHANT / SELLER
CONSUMER / CUSTOMER

SERVICE PROVIDER
FIN TECH / BANKS Service providers are the backbone
They are the money regulators of the of the whole system. The whole
system and are custodian of the system runs on the communication
monetary transactions. They acts as services offered by these providers.
a bridge between consumer and They are the main custodian of CIA
seller for movement of money within Triad of data in movement as well as
mobile payment system. the mobile payment service
availability to end users.

FIGURE 1: Major Components Of MPS

commerce [13] becomes an alternative for e-commerce. As violations can still occur [6], [17]. When security violations
m-commerce is growing at a tremendous pace, it is get- occur, personal information, payment card information such
ting much more attention than e-commerce nowadays. M- as expiration date, ATM card number, security code, and
commerce has the same characteristics [14] as e-commerce transaction ID are at risk, and it can lead to fraud or illegal
with some extra advantages like Mobile Payment System usage of service. There are two methods of Mobile Payment
(MPS), that allows clients to perform transactions in real- Systems: account based payment system and token based
time by using mobile phones anywhere; all it needs is internet payment system [18].
connectivity. Another advantage is that, unlike a PC, one can
carry his/her mobile phone anywhere. Some other benefits 1) Account Based Payment System
are interoperability, speed, cost, and cross-border payments. In the account-based transaction, we need cards or informa-
Figure 2 shows a Mobile Management system. tion cards like ATM or credit card. Using this process, the
A MPS should include authentication, access control, con- amount is charged from the user’s bank account after getting
fidentiality, integrity, non-repudiation, and availability [15]. the required details or getting confirmation of the transaction
Authentication process included two steps: verification of from the user.
the user and verification of the origin. In authentication, two Risk Factor: If any misuse of card or details is done or
processes include verifying the user and the origin of the any forgery or identity theft is done, then it will affect this
source of data. Access control can grant access to an autho- system.
rized person to the payment system and block unauthorized
personnel from accessing the payment system. The informa- 2) Token Based Payment System
tion must also remain hidden to avoid passive attacks against It is a new electronic payment method based on tokens
transaction data. Availability ensures that the payment system instead of cash or credit cards. These tokens are generated by
is accessible. Integrity avoids the modification of data and any bank, service provider, or telecom company. Moreover,
non-repudiation ensures that a specific user has transmitted it is used in the same way as cash is used. By using such
the message. tokens, users can pay to any company through mobile, and
Security is essential for MPS, and many security standards those tokens will be sent to that company which they can
such as PCI DSS (Payment Card Industry Data Security encash, or the provider will pay them for each token.
Standard) [16], which was first released in 2004, is used Risk Factor: These tokens will have no worth if the user
to maintain the CIA triad. The people or merchants who has tokens in their account and the merchant does not accept
use payment cards follow PCI DSS standards but security those tokens.
2 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

FIGURE 2: Mobile Management System

A. MOTIVATION

Mobile phones’ usage is highly elevated in the current era

MOBILE PAYMENT (MP) ADOPTION IN US
compared to their usage a decade before. The number of MP USERS (IN MILLIONS) YEAR MP ADOPTION %AGE
mobile phones is higher than the number of bank accounts 18.8 2016 5.8

that exist. Due to its high usage level, most business organiza- 22.4 2017 6.9

tions, the entertainment industry, banks, the education sector, 25.9 2018 7.9

and almost all fields turn towards mobile phone adaptability. 29.1 2019 8.8

To benefit from this device, they launch their applications 31.9 2020 9.6
for the comfort of people. Almost all banks facilitate con-
34.3 2021 10.3
sumers with mobile phone applications. People use mobile
phones for shopping, transferring money, and getting various 36.3 2022 10.8

services. The maximum use of mobile devices and versatility

motivates us to focus on mobile payment systems (MPSs).
Different models of payment systems have been proposed, FIGURE 3: Proximity mobile payment adoption in the
but many limitations exist; security and privacy concerns. United States from 2016 onwards
Figure 3 shows the increased usage of MPS in the United
States from 2016 to onwards and sheds light on the adoption
B. CONTRIBUTION
rate and numbers of users (in millions) in a single glance.
This research paper aims to present an in-depth analysis and
survey of MPS. This paper makes the following contribu-
VOLUME 4, 2016 3

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

tions: TABLE 1: List of Abbreviations

1) We present an overview and discussed different compo- Abbreviation Description
MPS Mobile Payment System
nents of MPS. We present a review of the existing MPS ICT Information and Communication Technology
structure and its limitations. CIA Confidentiality, Integrity and Availability
2) We discuss and analyze the two main methods of MPS MMS Mobile Management System
PCI Payment Card Industry
included: account-based payment system and token- DSS Data Security Standard
based payment system. PTC Pakistan Telecommunication
TAM Technology Acceptance Model
3) We provide detailed history, development, and deploy- EPS Electronic Payment System
ment of MPS and discussed aspects of MPS included TE Technology Evolution
socioeconomic conditions, cost efficiency, diffusion of CPT Cart Present Transactions
SEM Structural Equation Model
mobile phones, convenience, new initiatives, heavy re- NFC Near Field Communication
strictions and regulations, limited collaboration, under- QR Quick Response
SMS Short Message Service
developed ecosystem, and security problems. MB Mobile Banking
4) We discuss key attributes of MPS, and stakeholder and MP Mobile Payments
communication entities’ roles in MPS form different MW Mobile Wallets
MC Mobile Currency
aspects. MFS Mobile Financial System
5) We demonstrate the security mechanisms involved in MNO Mobile Network Operators
DS Digital Signature
MPS. Provide analysis of the encryption technologies, CA Certificate Authority
authentication methods, and firewall in MPS. RA Register Authorities
6) We present authentication techniques (one way, two SKE Symmetric Key Encryption
PKE Public-Key Encryption
way, and multiple way authentication) in MPS. Dis- PIN Personal Identification Number
cussed the pros and cons of the mentioned techniques. MFA Multifactor Authentication
SFA Single-Factor Authentication
7) Provide analysis of the various possible attacks on MPS 2FA Two-Factor Authentication
included attacks against user privacy, attacks on authen- DDOS Distributed Denial-of-Service Attack
tication techniques, attacks on user confidentiality data, DOS Denial-of-Service Attack
OTP One Time Password
attacks on the data integrity, and attacks against MPS USSD Unstructured Supplementary Service Data
services availability. GSM Global System for Mobile
RFID Radio Frequency Identification
8) Next, we provide key challenges developers and re- QRC Quick Response Code
searchers face in implementing and deploying MPS. WAP Wireless Application Protocol
At the end of the research paper, we present different U2F Universal 2nd Factor
MAC Message Authentication Code
research directions related to MPS. SAP Secure Authentication Protocol
The rest of the paper is organized as follows: section II-A
discusses the history, development, and deployment of the
mobile payment system; section II-D discusses the generic online payments such as credit card, e-wallet, debit card, net
architecture of the M-Payment system; section VI presents banking, smart card, mobile payment, and amazon pay. The
technologies used in the M-Payment system and their com- authors also present some requirements for online payments
parison; section VII provides security aspects comparison of such as integrity and authorization, out-band authorization,
different mobile payment models; and at the end section IX password authorization, signature authorization, confiden-
provides the current challenges, future direction followed by tiality, and availability and reliability. [24] proposed a new se-
Section VIII which concludes the works. cure authentication protocol (SAP) for mobile payment. The
author used cryptography techniques for the authentication
II. RELATED WORK between server and client. The proposed technique provides
Cash payment is still monarch in several markets, accounting security to user data account and provides privacy during the
for more than 90% of the payments in all almost all the payment transaction.
developing countries [1]. Therefore, it is essential to realize This research work reviews the literature work of MP
the importance of MP acceptance. Different researchers have in the following significant areas: mobile payment system
completed several research studies on MP after the first PM (MPS): history, development, and deployment; factors lim-
transaction performed in 1997 [19], [20]. Several studies iting MP development; MPS key attributes; and MP stake-
on MP implementation have the focus to work on the user holders and entities. Table 2 presents the comparison of the
side. Considering the user’s behavior on MP is significant to existing survey papers on MP.
advance MP services to improve users acceptance intention
[21].
[22] tried to respond to certain questions related to the
security of online payment systems and presents several
ways to overwhelmed different security threats associated
with online payment systems. [23] presents different types of
4 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

A. MOBILE PAYMENT SYSTEM (MPS): HISTORY, 3) Diffusion of Mobile Phones

DEVELOPMENT, AND DEPLOYMENT As cell phones become cheaper, financial systems are still
MPS provide several payment facilities for different kind of relatively limited, and Mobile Payments (MP) are more con-
services, products, and bills through mobile phone by using venient [38]. In most countries, individuals may have one
wireless characteristics and other features and benefits of or more cell phones. Sub-Saharan Africa has more families
a communication system [35]. Mobile devices like smart- with more cell phones than sustainable electricity or drinking
phones, smart tablets are utilized in different payment sce- water resources.
narios such as purchasing online tickets, electronic materials,
online electronic transactions, and transport fares such as 4) Convenience
paying bills and other invoices. It is also possible to purchase In advanced countries, MP is more suitable. People can pay
products physically through MPS, either from the point-of- or withdraw money without leaving their homes, which will
sale (PoS), ticketing machines, and vending machine sta- significantly save their time and cost of the expensive fees.
tions. Besides that, most electronic payment systems and However, this is not an issue in advanced countries, as ATMs
payment instruments nowadays have also been mobilized and banks are opposite [39].
[36].
The field of MPS is relatively new, and little is known about 5) New Initiatives
it. Mobile phones are more than just a payment method. In-
Non-governmental organizations and international organiza-
stead, it is a method of initiating, processing, and confirming
tions (e.g., IFC, the World Bank, GSMA, Gates Foundation)
financial transactions. Mobile payments are not only about
have proposed new initiatives to promote and facilitate MPS
using mobile devices to access online payment services.
implementation. For example, M-PESA Kenya was launched
While the mobile version of the service may have similar
and developed by Safaricom and Vodafone with help from
functionality, the design and implementation of mobile pay-
UK’s Department for International Development. Pakistan
ments are also different due to different methods and struc-
telecommunication (PTC) (Easypaisa) received a $ 6.5M
tures. Numerous factors boost MPS evolution in developing
grant from Gates Foundation in 2012. On the other side,
countries. Following are some of the factors.
many factors limit the growth of MP.

1) Socioeconomic Conditions On the other side, several factors are limiting further MP
The lack of cash alternatives is the most critical factor development.
fostering MPS growth in emerging developing economics
countries [35]. Maximum people in developing economies B. FACTORS LIMITING MP DEVELOPMENT
countries have not checked accounts and have not to debut
1) Heavy Restrictions and Regulations
or credit card. Well-developed mobile payment applications
with the advantage of low fees for money transfer services This is the most destructive factor in the development of
from one application to other make MPS attractive [36]. In mobile payments. Pressure on banks plays a key part in the
almost all countries, people move toward the mobile banking ecosystem also decreases the development of MP. Unfor-
system to save their valuable time and avoid getting robbed. tunately, compared to technological advances, most mobile
payment methods are changing slowly [36].
2) Cost Efficiency
2) Limited Collaboration
In developing countries, most online conducted transactions
In most situations, non-cooperation is an obstacle to the
are very low in terms of value, but they are very high in
ecosystem. For example, M-PESA has worked with com-
volume [37]. Introducing a new bank branch is infeasible be-
mercial banks for five years to ensure that their valuable
cause of massive initial equipment, investment requirement,
customers withdraw their money from ATMs and banks.
infrastructure, and well-trained HR included security staff.
Collaboration is very significant as most customary banks do
Bank without different branches looks appealing because it
not implement to handle MP.
utilizes local infrastructure and leverages local resources and
human resources and equipment and resources, including
3) Underdeveloped Ecosystem
agent shops and mobile phones. Mobile Payment Systems
(MPS) are reflected as valuable because of their bottom-of- Lack of standards, undeveloped infrastructure of systems,
the-pyramid, lower-class families and unbanked population. limited mobile resources, and saturated telecommunications
The fee for a usual payment transfer is almost 1% in all networks (including disruptions) prevent developing coun-
mobile payment systems. E.g., the fee for sending money tries from launching Mobile Payment Systems (MPS) [40]. In
through Wizzit and MTN in South Africa (SA) is almost some situations, interoperability concerns and a specific type
US$0.05. But earlier than the Wizzit and MTN payment of broker are needed to solve the trust problem and reduce
system, the average fee is almost US$30 to US$50 for the the chicken and egg problem.
delivery of cash.
VOLUME 4, 2016 5

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

TABLE 2: Research Literature Comparison

Ref. Proposed Outcomes
[25] To integrate Choice-Based Conjoint (CBC) and System Dynamics (SD), To collect multi-attribute preference data, a choice-based conjoint analysis methodology is used on a
the author develops an empirical data-driven simulation methodology different platform. To evaluate the effect of platform design strategies, an empirical user preference SD
to analyze several competing diffusion dynamics Mobile Payment plat- simulation model is developed with the help of an empirical user preference data model.
form.
[26] The author in this study aims to compare different factors that define From the most relevant literature review, a model is driven and used in this research that applies the
consumers’ acceptance for near field communication (NFC) and short perceived security (PS) and technology acceptance model (TAM). The results succeeded in this research
message service (SMS) as examples of means for mobile payment of work in determining the differences between the different factors that define the acceptance of the Mobile
future payment systems. Payment Systems and the intention to use level of the users.
[22] The author discussed the data security which the application user has In this research paper, the author answers specific questions related to online payments security and
shared during online payments. discussed different ways to reduce the security threats associated with online payments.
[27] The paper investigates and increases awareness associated with differ- The author conducted a detailed survey regarding all aspects of EPS after analyzing the existing research
ent electronic payment systems (EPS), including security considera- studies related to online payment systems.
tions, challenges, and advantages.
[21] The author discussed distributed systems and their regulatory compli- For instant payment systems, the author reviewed some distributed protocols to find the possibility to
ance related to this approach which is not decentralized yet. syndicate distributed systems with centralized services effectively in the mobile payment system.
[28] With the case of Mobile Payment Technology, the author focus on The novelty in this research is finding the technological evolution with the help of patent citation and social
identifying different technological trajectories in the ecosystem (tech- network analysis. The case of the Mobile Payment Technology ecosystem is analyzed quantitatively. This
nological). research aims to provide a path to develop and integrate the primary services to categorize Technology
Evolution (TE) with the help of the Mobile Payment landscape.
[29] The author focused on innovations and new attempts or dominant This survey consists of a review of its dominant system and present cart transactions (CPT). At Cambridge
systems to improve the electronic Mobile Payment System (MPS). University, several types of research are conducted to designate different attacks against authentication
methods in MPS.
[30] The research study aims to analyze and examine the effects of con- Based on the study results, theoretical effects for mobile payment consumer preference and proposed
sumers’ and consumer preferences for MPS and features of the marginal different market strategies for the dispersal of main next-generation MPS from different aspects are
usefulness of biometric and mobile payments. analyzed.
[31] The objective of the author is to analyze the factors that affect users’ To achieve the objectives of the research, a survey was completed with 180 mobile payment users. A
intention in the Mobile Payment System and the status of Near Field widespread review of scientific collected works validates the progress of interactive model that clarifies the
Communication in the transportation system. intention of near field communication MPS with the help of structural equation model (SEM). The study
results show that perceived risk, effort expectancy, service quality, and satisfaction define the persistence
aim to use MPS.
[32] The research study compares the different factors that determine To achieve the objectives, the intention to use mobile payments, a comprehensive review of literature has
consumer acceptance quick response(QR), near field communication necessary for the improvement of the behavioral model. The novelty and results of the study lie in the
(NFC), and short message service (SMS) in MPS. preparation of different behavior rendering to use given by MPS users to each planned payment application.
[33] The research study focused on the urban consumer’s perception and A convenient survey was conducted to achieve the research objective among 100 urban respondents with
attitude towards digital MPS. an interview schedule. The ranking method, independent sample t-test, one-way Enova, and percentage
analysis are used in this study.
[34] The author Review the E-MPS in E-Commerce. This study aims to analyze the available literature related to e-payment and e-commerce to underline the
possibility of e-payment and identify the research gaps, and for future studies, the methodology of previous
researchers is recommended.

4) Security Problems mains to be seen. MPS lead to the growth of new marketplace
Cybercriminals’ activities are more in advanced countries ecosystems, containing mobile operators, card operators,
concerning others countries. First, advanced countries of- retailers, service providers, banks, hardware vendors, trusted
ten lack an adequate legal framework and implementation service managers, and technology vendors. Several critical
tools to fight cybercrime. Secondly, occasionally customers regulatory issues emerged, such as electronic money and pay-
have not knowledge and attention is very little to security ment systems, consumer data protection, MPS, principles,
problems. This means that high technology is unlikely to be and confidentiality. MPS are used in developed countries
suitable for developing countries. and Asia, and Africa. Mobile payment systems are used
for interpersonal transfers (P2PT), handling small purchases,
paying bills and expenses, and purchasing specific goods or
Given the various influences that drive and delay the
services. Almost all mobile network operators that provide
development of MP, all critical factors in the ecosystem must
mobile payment systems operate in the few countries/regions
be focused on the longstanding goals of the MPS. Of course,
they are located in, thus facilitating international transactions
the utmost important objective of any MS is to improve com-
and remittances [41].
petence, conducive to financial development. In MP, it is an
alternative to financial transactions and specializes in small
payments that cannot be made in cash. However, it remains There are no separate laws for MPS in several cases,
to be seen whether the key players in the development and especially in undeveloped countries. On the other hand,
implementation of the technology are willing to make large- depending on the types of mobile, payment, retail and con-
scale commitments [41]. vergent value chain technologies described and classified
above, the program is multifaceted and extensive [41]. The
Given the various influences that drive and delay the bond structure is unmoving in its beginning but applied in
development of MP, all critical factors in the ecosystem must all areas and at all system levels. With the development of
be focused on the longstanding goals of the MPS. Of course, technological threats and economic and financial benefits,
the utmost important objective of any MS is to improve mobile payment systems began to develop. The regulatory
competence, conducive to financial development. In MP, issue of mobile payments is new for at least two reasons.
it is an alternative to financial transactions and specializes First, it summarizes the different areas of data privacy, e-
in small payments that cannot be made in cash. However, money, ICT, mobile services, e-payments, user protection,
whether the key players in developing and implementing the and information and rules and regulation. Second, there are
technology are willing to make large-scale commitments re- some specific problems with innovation, namely the inter-
6 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

pretation of electronic money and the oversight of payment card and executing transactions. Finally, the mobile currency
systems. is a currency that can use and accessed via an MP. Especially
since it allows users to run a business (e.g., money orders)
C. MOBILE PAYMENT SYSTEM KEY ATTRIBUTES without a bank account, it is extensively used among rural
All mobile payment systems provide greater convenience of inhabitants and cannot use traditional financial institutions
using mobile devices to process electronic payments [42]. [47].
However, it should be noted that because they perform many
functions in a universal payment system, mobile payment ser- D. M-PAYMENT STAKEHOLDERS AND ENTITIES
vices have different features that will affect the preferences 1) Stakeholders in MPS
and decisions of the user. Therefore, mobile payment services There are many diverse stakeholders in implementing M-
have complex features, including a combined process of Payment, including consumers/clients, merchants/providers,
merchant visits, identity verification, and payments. Table 3 mobile network operators (MNO), mobile device manufac-
presents the mobile financial system (MFS) key attribute. turers, financial institutions, banks, software, and technology
All mobile payment systems provide greater convenience of providers. The government is the stakeholder in the M-
using mobile devices to process electronic payments [42]. Payment implementation process. Each stakeholder has dif-
However, it should be noted that because they perform many ferent incentives, roles, and strategies. Sometimes these in-
functions in a universal payment system, mobile payment ser- terests and strategies between different stakeholders conflict,
vices have different features that will affect the preferences e.g., the network provider would like to maximize revenues
and decisions of the user. Therefore, mobile payment services through each m-payment transaction, whereas customers and
have complex features, including a combined process of merchants would like to minimize costs for each M-Payment
merchant visits, identity verification, and payments. It is transaction. In another study [48], the author highlights the
still significant to explain the concept of MFS, containing critical finding that mobile payment method depends on their
mobile banking (MB), mobile payments (MP), mobile wal- providers to connect the merchants and consumers to the
lets (MW), and mobile currency (MC). Considerate these degree that satisfies the stakeholders.
facilities are the main research encounter in mobile money
transfers [43]. MB mentions providing banking services
2) Communication Entities in MPS
through mobile communication devices, including financial
transactions (for example, money orders and bill payments) For the payment process, there are multiple entities (as shown
and non-financial business transactions (for example, balance in Table 4) that perform their role. In Figure 6, [49] shows the
surveys). Some researchers believe that the functions of MB entities that communicate in mobile payment process. The
and MC intersection [44]. entities can be less or more according to the protocol.
Steps that involve in M-Payment process
1) Client request to a merchant for the payment.
2) Merchant requests to the payment gateway for the trans-
SMS SERVICE
PROVIDER
action amount to be a deposit.
MOBILE PAYMENT SYSTEM

IVR 3) Client request to the payment gateway for checking the

MOBILE PAYMENT deduction amount from the account.
ACCESS MODE

USSD
AGENT 4) Payment clearance is held in the payment gateway.
BANKS /
WAP
MOBILE PAYMENT
FINANCIAL 5) Payment gateway response to the client request in the
INSTITUTIONS
K-JAVA PLATFORM form of rejection or approval.
POS
6) Payment gateway response to the merchant request in
BUSINESS the form of acknowledgment receipt.
APP OPERATIONS
SUPPORT
7) Merchant gives the payment receipt to the client and
SYSTEM confirms the transaction.
FIGURE 4: Structure Of MPS Figure 5 represents the model of primitive transactions in
which the client makes payment to the merchant. The value
of the payment is subtracted from the client’s account on
While MB is primarily seen as a straight link between
the issuer’s request by the payment system, and then on the
consumers and banks [45], mobile payments are categorized
request of the acquirer, the merchant transfers/adds the value
as a service technique that affiliated service suppliers can use
from the payment gateway to its account.
deprived of the involvement of banks. Mobile payments are
common and generally refer to any payment that uses a mo-
bile terminal to confirm and authorize a payment transaction III. MOBILE PAYMENT SYSTEM SECURITY MECHANISM
[46]. Alternatively, mobile wallets are defined as progressive MPS security mechanism included: Encryption technology,
mobile applications that replace physical wallets and have authentication, and a firewall [50].
numerous functions like storing payment info and affiliation
VOLUME 4, 2016 7

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

TABLE 3: Mobile Financial System

Mobile Financial System Description
Mobile Currency MC is a currency that can be opened and used by an MP deprived of a bank account [47].
Mobile Payment MP is a payment system used by an MP to authorize, initiate and confirm a transaction [46].
Mobile Wallets MW is a mobile application that can replace physical wallets and include the following features:
The ability to store information about payments, membership cards, and membership cards, and
other marketing plans [46].
Mobile Banking MB means providing banking services via mobile phones, including financial and non-financial
transactions. Wireless device [44].

TABLE 4: Entities that involve during mobile payment process

Entities Description
Client An entity who wants the transaction
Merchant An entity that has products or services to sell. It could be a computational one (like a standard web server)
or a physical one.
Payment Gateway another entity acts as an intermediary between the acquirer/issuer on the bank’s private network side and
the client/merchant on the Internet for payment clearing purposes.
Issuer The client’s financial institution manages the client’s account and affords the electronic payment instruments
to be used by the client.
Acquirer The merchant’s financial institution manages the merchant’s account and verifies the deposited payment
instrument.

1) Symmetric Key Encryption (SKE)

SKE system uses a common key to encrypt messages, which
means both sender and receiver will hold a common key
for encryption and decryption. Before transmission of data
between both parties, the common key is shared on the
secure channel between both entities [51]. Exchanging keys
between both entities is important for encryption processes.
Short size and weak keys are easily attacked opposite to
longer keys. Symmetric encryption is still commonly used
in insecure data communication.

2) Public-Key Encryption (PKE)

PKE system is a type of asymmetric encryption because the
same key is not used to encrypt and decrypt the messages.
In the PKE system, two different keys are used, called public
FIGURE 5: Primitive transactions and private key [51].

3) Comparison between SKE and PKE

CLIENT
1 MERCHANT There are numerous differences between the SKE system and
7
5 2 the PKE system. Table 5 presents the comparison of the SKE
and PKE.
3 6
B. AUTHENTICATION
MOBILE PAYMENT GATEWAY Authentication included: Digital signature and certificate au-
4 4 thority.

ISSUER ACQUIRER 1) Digital Signature

Digital signature (DS) is a string value calculated using text
FIGURE 6: Entities involvement in M-Payment process value to a Hash value. DS is used to verify the origin of
the received text and prove whether the received text is
without any changes. To certify the availability of DS, PKI
A. ENCRYPTION TECHNOLOGY is frequently used. It suggests a complete set of security
Encryption technology included: Symmetric encryption and assurance and follows different public key encryption stan-
public-key encryption. dards for different sectors like online banking, e-banking, e-
government, and e-commerce securities [52].
8 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

TABLE 5: Comparison of Encryption Methods

Characteristics Symmetric Key Public Key
Several keys are used for encryp- The same key is used for encryption-decryption Two different keys are used for encryption and decryption.
tion, and decryption
Speed of encryption and decryption Faster than public-key encryption Slower than symmetric key encryption
Size of ciphertext Usually less than or same as the plain text More than plain text
Key exchange A big problem No issue
Key usage Used for confidentiality but not for digital signa- Used of confidentiality and digital signature as well
ture

2) Certificate Authority iris) is unlikely to be easily stolen or transferred. Previous

The Certificate Authority (CA) is a trusted organization that research has shown that the apparent advantages of biometric
publishes and manages network security public keys infras- authentication systems improved account security and the
tructure (PKI) and credentials for message encryption. As perceived pleasure and reduced cognitive load and time,
part of the PKI, the CA will use the registry for verification. which provides more excellent value to consumers [58].
Users have the right to verify the information in the digital Biometric technology has its limitations. Because of the com-
certificate provided by the applicant. Suppose RA (Register plication of high-quality images, many factors in a biometric
Authorities) verifies the applicant’s data and issue a digital system will reduce user identification accuracy [59]. Physical
certificate. Communicates users are responsible for distribut- issues like wet surfaces, dirty fingers, or scratches are famil-
ing and revoking certificates. Depending on the PKI, Upon iar illustrations that can delay biometric authentication. In
request, the certificate may contain the holder’s public key, addition, the biometric system also has some privacy issues
the certificate, the name of the certificate holder, and other related to users’ identity management. However, there is
information about the holder of the public key [53]. also an advanced "Knowledge Based" authentication method.
In the meaning of some useful security features, graphical
C. FIREWALL prompts (such as design drawings) have also been proposed
as a substitute to the above authentication methods [60]. A
The firewall can simultaneously protect the system /local
recent study found that using different e-payment authenti-
network against network-based threats. The firewall allows
cation methods will affect users’ perception of security and
access to the outside world to the local network. In most
availability of these three authentication types. Therefore, in
scenarios, a firewall is necessary because it is difficult to
this study, the method of identity verification was selected
equip all devices with different security devices. Typically,
as one of the primary resources for creating the preference
the firewall is inserted between two networks.
structure of mobile payment users [54].
IV. AUTHENTICATION METHODS IN MPS
Authentication methods are widely used to test user iden- A. TYPES OF AUTHENTICATION FACTORS
tity in mobile transactions as the user identity is required Three types of authentication factors named single-factor
to execute transactions [54]. Below are some authentica- authentication (SFA), two-factor authentication (2FA), and
tion methods: knowledge-based authentication verification, multi-factor authentication (MFA) can be understood through
object-based authentication verification, and biometric au- the definitions proposed by the research of [61] and [62].
thentication. With Knowledge-Based, users used personal They proposed that a process allowing individual users to
identification number (PIN) or password to validate their seek access from authenticating parties for attestation of their
identity [55]. This is based on well-known traditional au- personalities with the utilization of single attribute associates
thentication methods, so they have fewer security issues. Use with their identifies is termed as Single-Factor Authentication
physical tokens (such as smart cards) to perform object-based (SFA). An example of such an attribute would be the use
authentication. While objective knowledge-based methods of a PIN for unlocking cell phones. The user-friendly and
can create inexpensive and straightforward authentication straightforward nature [63] of this authentication type made it
systems for various computing applications, they can close a preferable choice for many companies; however, its vulner-
the security incident vulnerabilities. In addition, the above ability to various forms of attacks [62] made it unsuitable for
two methods are likely to be lost or forgotten by the users, application in financial institutes. [62] Defined Two-Factor
which can be an intellectual burden for application users [56]. Authentication (2FA), mentioning that users seeking requests
To overwhelmed the restrictions of the above traditional for access from authentication party through attestation of
methods, some advanced authentication systems have been their personality with two attributes are a process that comes
developed that provide consumers with helpful security [57]. under the concept of Two-Factor Authentication. These at-
Biometric methods based on user personal identity (i.e., tributes include knowing something personal or possessing
Physical Characteristics) have been effectively applied to something personal that can be associated with one’s per-
protect and verify users’ identities. Identity verification based sonality. Hence, attackers are bound to be aware of two
on human-specific biometrics (such as fingerprints, voice, or identifiers to get the same authentication as the original users
VOLUME 4, 2016 9

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

in 2FA. This particular feature of 2FA makes it acceptable Bank’s server provides another attack point for adver-
and applicable by financial institutions. However, this type saries. A distributed denial-of-service attack (DDoS) is made
remains loopholes, leaving it vulnerable to a MITM attack, in such cases to create the unavailability of a bank server to
eavesdropping, and Trojan horse attack. Furthermore, it has the mobile money user trying to make a transaction.
its limitations when considered for its effectiveness against Notification message channels where messages can be
phishing [63]. modified creates another attack point for malicious users.
For defining the third type of authentication factor named Adversaries may hack the communications channels of the
Multifactor Authentication (MFA), [62] describes that it in- notification message and make changes in the message as
volves users seeking requests for access from authentication per their requirements while sending the modified versions
parties through attestation of their personality with multiple of these messages to the intended users [72], [73].
attributes make up. Biometrics are used along with ownership
and knowledge as an attribute by MFA. MFA’s higher level of A. ATTACKS AGAINST PRIVACY
security makes it a better choice for various critical services [74] Defined privacy as the right of users to have freedom
and computing devices. Physical separation of authentication from intrusions and infringements by other users. In mobile
factors from the user device can allow MFA to be more money, privacy attacks include the compromised PINs of the
successful. The addition of biometric factors makes MFA users for illegal access to their financial assets and informa-
achieve improved identity proof resulting in more secure tion details utilized in unauthorized transactions. Stealing of
systems [63], [64]. user information can result in a problematic situation for not
only the user but also for the economy as well [74]. Illegal
V. CYBERATTACKS ON MOBILE PAYMENT SYSTEM access to the mobile money database containing the financial
Different level attacks on MPS can come from unauthorized information of users can allow attackers to update or delete
malicious users. Following are some identified attack points records using the stolen PINs.
susceptible to comprise in this regard. Moreover, a variety of user-related information can be stolen
The first attack is targeted at the users of mobile money. when an attacker gets access to mobile money database
It includes accessing the PIN of users via shoulder-surfing [74]. Personal information such as email addresses, mobile
when it is unmasked PIN of four to five digits [65]. Access to telephone numbers, NIN, and even names of users and agents
this PIN can enable attackers to make fraudulent transactions. can be compromised, failing privacy safeguards [74]. Un-
Brute force attacks can also be performed by attackers con- scrupulous insiders may end up abusing highly sensitive data
sidering the straightforwardness of the PIN [66], [67], [68] after gaining control and access in this way. Attackers can
The second type of attack involves comprising of money do so with the generation of a databank to give control and
communication channels. The hacking and controlling of access to personal information. There are situations in which
MMS traffic and manipulation of accounts for making trans- some users request the agents for assistance in performing
actions can be made possible using these points [66], [67], transactions, and they end up sharing their PINs with the
[68]. agents [75]. It raises the bar for the required level of protec-
The third type of attack is at the server of the mobile money tion to agents and mobile money users against unauthorized
app. Availability of server to both mobile money agents and access.
users is suspended when such attack is carried out at server.
As per the findings of Castle et al. [66], attackers divert fake B. ATTACKS AGAINST AUTHENTICATION
traffic to mobile money servers resulting in it being over- The identity of a user is forged by an attacker impersonating
whelmed, which eventually leads to blocked requests from an authorized user in this form of attack. According to [76]
mobile money agents and users. It can also include installing authentication attack is a crime in which the mobile money
malware on the mobile money app server for deducting some authentication process is subjected to exploitation when a
amount from wallets of mobile money agents and users for brute force attack is being carried out against the PIN.
deposition into the attacker’s account without letting these Various attacks are included in this form of attacks, such
users or agents discover the transaction [69]. as Trojan horse attack, phishing attack, social engineering
The fourth point of attachment is the IT administrator. The attack, spoofing attacks, masquerade attack, replay attacks,
administrator’s computer can be hacked by an unauthorized and impersonation attack. An attacker assumes the identity
person making it inaccessible to the administrator by chang- of a legitimate user in an impersonation attack [76], [77],
ing its credentials. Mobile money agents can be considered as [70], [71], whereas entire communication is subjected to
another attack point. The PIN of the commission agent can eavesdropping in replay attack before intercepting [78]. In
be stolen by an attacker using shoulder surfing techniques. a masquerade attack, the PIN and SIM card are acquired by
Attackers can also practice giving the wrong PIN repeatedly the users.
while making transactions to access agents’ PINs. [70] and Moreover, an attacker pretends to be a mobile system ad-
[71] Identified adversaries gave that wrong phone numbers ministrator in a spoofing attack. When users are manipulated
repeatedly to obtain the PIN of agents and use it for gaining for them to give up their personal information, a social
unauthorized access to the float accounts of agents. engineering attack is said to be launched [79]. Similarly, a
10 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

phishing attack involves deceitful attempts by adversaries fraud comes from the employees of the financial institutions
for accessing personal information needed to impersonate a who are aware of the security protocols and MMS in the
legitimate user in the system [76]. Another method of com- system. MMSP employees with sufficient knowledge about
promising an authentication system involves using Trojan the organization’s security practices can be involved in the
software as a virus to access users’ personal information. insider attacks identified by [75], and [86].

C. ATTACKS AGAINST CONFIDENTIALITY E. ATTACKS AGAINST AVAILABILITY

Attacks on confidentiality involve eavesdropping on the com- When the bank server or application server is suspended for
munication channels between the application server and mo- agents and mobile money users by an adversary on purpose,
bile money users for tapping information like PIN of users an attack is assumed against availability. Services are ren-
that can be used for impersonation or in making unauthorized dered unavailable by adversaries in this type of attack using
transactions. The four types of such attacks include guess- various techniques. Mobile theft, DOS, and distributed denial
ing attacks, brute force attacks, eavesdropping, and should of service (DDoS) attacks come under this category. DDoS
surfing attacks. Attackers secretly hear the communication and DoS are launched when adversaries send fake traffic to
channels in the eavesdropping attacks by taking advantage of overwhelm servers to block legitimate traffic or requests of
the lack of security of the network communication. The plain users [76]. Such attacks aim to flood mobile money servers
text form of transmitted data is commonly vulnerable to such with so many fake requests that the server fails to receive
attacks [80], [81]. and respond to legitimate users’ actual requests, making the
For brute force attacks against confidentiality, the adversary service unavailable.
can guess the mobile money agent or user’s PIN needed [76], [67] Described mobile phone theft attacks as the type
to access the mobile money account. Despite being very of availability attack in which the mobile phone of users or
simple, such types of attacks have shown a high rate of agents is stolen, and the wallet account of SIM card is made
success [76], [77], [70], [71]. When an adversary sees mobile unavailable that can be swapped by the attacker. Service and
money PIN during authentication, a guessing attack is being data access can be lost due to phone theft attacks, as the
launched. Shoulder surfing attack also comes under the type attacker can take charge of the victim’s e-wallet account,
of attacks against confidentiality in which the adversaries resulting in its unavailability to the actual user.
acquire confidential data and PINs simply by looking over
the shoulder of the victim as they make transactions [77]. VI. TECHNOLOGIES USED IN M-PAYMENT PROCESS
[82] discussed one of the approaches that can be utilized We have also seen an M-Payment system based on the
to extract useful network information to identify the details technology used; it is classified in Figure 7. M-Payment
of the endpoint of the communication parties on the local system uses mobile technology for communication between
network. the entities involved in the payment process.
Near field communication (NFC) [88] is a communica-
D. ATTACKS AGAINST INTEGRITY tion protocol that enables the communication between two
When information of the user is accessed and modified in devices. Global system for mobile (GSM) [89] is a standard
the MMS, the integrity of user information is compromised. system for mobile communication. Radiofrequency identifi-
They can be categorized into insider attacks, salami attacks, cation (RFID) [90] uses an electromagnetic field to identify
and MITM attacks. An intruder intercepting the communica- or track tags attached to an object. Short messaging service
tion between various agents (including users) in the mobile (SMS) [91] is a text messaging service that is used for com-
money application network performs Man a middle attack. munication over the mobile phone. Quick Response Code
Sitting between the mobile money user and MMS, the at- (QR-Code) [92] is a two-dimensional matrix barcode, which
tacker makes them believe they communicate in the MITM has a label in which information is stored. Bluetooth [93]
attack. [81] and [68] Showed that an attacker could gain is a standard for wireless technology; by using this, we can
control over the entire conversations when a MITM attack is communicate to fix devices over a short period of distance.
being launched as the content of the conversation is modified Identity-based signature (IB-Signature) [94] is a type of
by the attacker at both ends. public key infrastructure (PKI) in which a publicly known
Employees of financial institutions can conduct salami at- string that represents an individual is used as a public key,
tacks and insider attacks against the financial institutions. e.g., email address, the wireless application protocol (WAP)
Like a Trojan horse, a salami attack involves installing ma- [95] is a standard protocol used in the wireless network
licious software to a financial institution system, allowing to access information. Universal 2nd Factor (U2F): It is a
adversaries to withdraw money from users’ accounts, de- standard of open authentication which provides two-factor
positing it in their accounts. Both external and internal ad- secure authentication.
versaries can launch salami attacks in which small deductions
are made to user wallets as the software allows modification 1) Reviewed Approaches
of some details in the system [83], [84], [85]. [86] and [87] This study has reviewed multiple schemes or models of
Highlighted the fact that a high degree of risk of money mobile payment systems based on different technologies or
VOLUME 4, 2016 11

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

• NFC (Near Field Communication) 1

• GSM / SMS 2
• RFID (Radio Frequency Identification) 3
• QR-Code 4
• Bluetooth 5
• U2F (Universal Second Factor) 6

FIGURE 7: Technologies used in M payment system

architectures. Paper [96] uses RFID & SIM, which enables author uses U2F technology, which is fast and much secure; it
users to use their mobile phone as ATM card/credit card. performs cryptographic functions with a single touch & gen-
By using RFID readers at ATM, users can withdraw money. erates asymmetric keys. It authenticates both the client and
Paper [97] uses Bluetooth with Java technology by which server in a reliable manner so transactions can be done se-
users can pay at POS (point of sale) by using a mobile phone. curely. Query processing over encrypted data is the solution
Java components are used here to provide encryption. Paper to tackle the extra overhead caused by the use of encryption,
[98] works on existing models; it enhances SEMOPS (Secure and such techniques result in remarkable improvements in
Mobile Payment Service) model by involving a trusted third the scenario where near real-time data processing is required
party. Papers [99], [100], [101] used GSM technology to [110].
implement a secure m-payment system. It provides low-
cost architecture by using the existing GSM mechanism.
Papers [100], [101], [102], [103] used NFC communication, 2) Analysis
which provides more speed for communication than other The overall average of technological usage of M-Payment
technologies. In [101], the proposed scheme also provides systems is depicted in Table 3. We analyzed technologies and
user anonymity and the un-linkable transaction to defend found that SMS is used in primarily m-payment systems.
against attacks. [102], [104], [105] use QR-Code, which is The use of NFC, GSM, and QR-Code is also every day in
fast and supports the buy-and-sale process easily and effi- payment schemes or models. They provide many advantages
ciently. In [103] using SMS service; mostly SMS service in like we know NFC provides faster speed, GSM provides
mobile communication is used for authentication. In [106], many already implemented services that make these models
using the SMS based authentication system and proposed implementation easy and straightforward, QR-Code is a less
the application based system in which authentication code costly and straightforward technology used in many mobile
can only be accessed by an authorized user and using IB- payment systems. U2F is much secure and reliable than QR-
Signature, which is simple and less costly, the identity of code, NFC, or Bluetooth.
an entity is used in this technology for authentication or for
granting access. Authors in [106] also use the OTP code
for securing communication; it prevents the system from VII. SECURITY ANALYSIS OF M-PAYMENT SYSTEMS
replay attack and uses a password for only one time. WAP This section presents the security analysis of M-Payments
or Bluetooth technology is used in [107] which provides fast system. Security analysis comprise of various services:
communication but over a small range of areas. It is for peer- Authentication, Mutual Authentication, Integrity, Customer
to-peer communication and less in cost. [108] uses SMS Anonymity and Non Repudiation. Figure 8 the overall ser-
for sending a notification, but for transactions purpose, it vice hierarchy of m-payment system. Below we explain each
uses unstructured supplementary service data (USSD), which services in detail
provides a more responsive service than SMS. In [109], the

12 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

TABLE 6: Comparison of reviewed papers on the basis of payment system technology, architecture, communication entity
involvement, assumption, advantages and disadvantages of solutions (I)
Ref M-Payment Architecture M-Payment Be- Provides Assumption Advantage Disadvantage
Based On Used tween
[105] RFID RFID & SIM User & POS Easy to pay service RFID readers are Flexibility, time, Some issues in security &
User & Service and ATM/Credit card installed at stations, workforce reduction, privacy in RFID Chances
provider User functionality through shopping malls, & at safety & mobility of unauthorized use are
can also deposit mobile ATM, present in case of theft or
money loss of mobile.

[107] J2EE and J2ME Java, Bluetooth Payment server & Confidentiality and MIDP application is It overcomes the API and As the number of clients
capabilities mobile clients Authentication uploaded to client’s technical limitations, as increases the delay (mil-
mobile well as security considera- liseconds) will increase
tion over Bluetooth environ-
ment

[111] Existing SEMOPS & Customer & Mer- Privacy & Non- All parties possess It introduces trusted third Difficult to implement
models trusted third chant Repudiation certificates among elements & follows new
elements each other Mechanism to achieve pri-
vacy & non-repudiation
[112] Multiple layers SMS, GSM Consumer & con- Security & High Scal- - It provides low cost and The system required to be
tent provider ability technical requirement, more simplified, improve
high scalability, and the security & application
security of digital signatures

[109] Scenario for m- NFC, QR code Customer & Mer- Speed & Security - For speed, transaction is For every new
payment mod- chant initiated by merchant be- purchase, there will
els cause he has more reliable be authentication by
& continuous connection merchant’s involvement
with 3rd party which can make him
busy and it can affect his
availability

TABLE 7: Comparison of reviewed papers based on payment system technology, architecture, communication entity involve-
ment, assumption, advantages and disadvantages of solutions (II)
Ref M-Payment Architecture Used M-Payment Be- Provides Assumption Advantage Disadvantage
Based On tween
[106] Identity Based IB Signatures and Consumer and Privacy and Security of - IBC framework is simple Higher number of crypto-
Cryptography One Time Key Merchant transferred data and less costly graphic operations
(IBC)
[100] GSM NFC and GSM Point-of-Sale Security for low value Secure channel between Re-using existing GSM se- -Short length of encryp-
(POS) and the payments, customer payment gateway and shop curity mechanisms Pay- tion key. -Merchants need
customer anonymity and ubiquitous POS ment is same as paying by to register themselves with
implementation debit or credit card. mobile operator -protocol
is complex as compared
to m-payment via SMS or
WAP

[113] SMS SMS, WAP or Blue- Payer’s or Secure M-Payment for Trusted payment gateway This scheme shares If mobile got stolen and
tooth and J2ME. Payee’s bank macro transactions -less is involved between payee’s financial data with PIN got also leaked then
encryption or decryption payer’s and payee’s banks banks only there are chances of finan-
operations cial loss

[114] PKI QR-Code and PKI Client and mer- Additional layer of secu- Trusted third party is in- This scheme uses RSA For stronger security
chant rity for m-payment sys- volved to secure encryp- which is considered as longer key pair is required
tems tion keys and to ensure le- strongest asymmetric en- which leads to larger size
gitimate users cryption system of QR code

[115] 3G 3G, SMS and IVR Client and server Intelligent travel design by - By using this user can pay Initial connection in this
(Mobile Payment using m-payment system fines, insurance amount or system takes longer time
Platform) can query traffic violations
rules etc
[116] 2D Bar Code Point-of-Sale (POS) Advantages to Trusted third party authen- - Products can be traded Computations are little
QR 2D Bar and the customer support buy-and- tication server is used as anywhere, anytime Easy to complex
Code sale products and Certification authority use Reduce user input
services base on
2D Barcodes
[117] SMS SMS P2P Peer-to-peer It provides features like se- - Money transfer can be Huge number of differ-
curity, privacy, speed and done by transmitting mo- ent device OS and devel-
less cost bile number only opment environment may
prevent Support for all de-
vices

1) Confidentiality [111] DES and ECC are used to achieve confidentiality. In

[105] confidentiality is achieved by using AES and RSA.
In [97], confidentiality is provided by using Java components. In [112] secured end-to-end encryption is used to provide
In [98], [115] uses cryptography to provide confidentiality. confidentiality. In [118] symmetric key encryption is used to
In [106] OTP and PKI infrastructure are used to provide provide confidentiality. In [114] RSA encryption mechanism
confidentiality. In [100] GSM security mechanism is used is used to achieve the confidentiality. In [109] Asymmetric
which provide confidentiality via A5 and A8 algorithm. In cryptosystem is used to provide encryption. In [101] AES
[103], [107] confidentiality is achieved by using Symmetric is used to provide confidentiality which is a type of sym-
key cryptography to provide confidentiality. Paper [104] uses metric key cryptography. [116] provides confidentiality by
RSA encryption mechanism to provide confidentiality. In
VOLUME 4, 2016 13

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

TABLE 8: Comparison of reviewed papers on the basis of payment system technology, architecture, communication entity
involvement, assumption, advantages and disadvantages of solutions (III)
Ref M-Payment Based Architecture Used M-Payment Be- Provides Assumption Advantage Disadvantage
On tween
[118] Cryptographic Pro- CPSA Merchant and Payment mechanism ensuring Customer browses through the Customer has an option of Limited to a maximum of two
tocol Shape Ana- payment gateway accountability and un-linkable merchant website making payment using cards of gateways
lyzer (CPSA) anonymity less number of different banks
cryptographic operations
[114] Traceable Signatures Ternminal and Provides mechanism to protect Off-board terminal trusts on- It can be applied to off-line mo- -
signatures, identity- Passenger passenger’s privacy board terminal bile payment systems
based signatures,
anonymous
signatures
[108] Unstructured USSD and SMS User to Agent Secured transaction by using Mobile wallet number is same Mitigate human error and pre- Doesn’t consider confidential-
Supplementary and Agent to two layers of authentication as mobile number and there is vent cyber-frauds ity and integrity aspect
Service Data User large no. of agent points across
(USSD) the country
[109] Universal 2nd Fac- U2F, USIM User to Server Secure mutual authentication - Provides a reliable service and In registration process, it will
tor (U2F) protocol for m-payment sys- protect user’s account informa- take time since it is using
tems tion and privacy asymmetric cryptosystem

[106] NFC Wi-Fi, 4G, GSM NFC Bank to bank Enhance the security of the Mobile network operator Adds a security layer to EMV It will be failed if POS entity is
(POS) EMV(Europay, MasterCard, (MNO) is trusted by NFC and ensures confidentiality and dishonest
and Visa) exchanged messages enabled Mobile mutual authentication
[118] NFC NFC User and TSM Secure protocol which is com- TSM and Bank own their key User can perform transaction Requires a high computation
(Trusted Service patible with EMV pairs of a PKI cryptosystem without disclosing his identity. power for TSM and bank
Manager)
[116] NFC enable phone NFC and trusted third User and Mer- User anonymity - Un-linkable anonymity to user -
party chant
[119] SMS - User and bank, Secure transaction with formal - Less time take for key genera- Only for Android and Java 2
bank and gateway technique tion and encryption decryption, Micro Edition device
and scheme security is verified
by tools
[115] Application Based Mobile transaction User and Bank Application-based system that Attacker can get access to web More security than SMS based Less efficient than MTAN
authentication is comparatively more secure and SMS at the same time MTAN
number system than SMS based system

M Payment
Security

Confidentiality Authentication

One Time
Password

A Symmetric Symmetric Single Factor Multi Factor

GSM
PKI / Digital
Encryption / SMS & PIN &
RSA ECC Signatures
A5 Secret Key Account No.

Key Mobile & QR

AES / DES CPSA RFID Short Code
Management Code

FIGURE 8: M-Payment Security

encrypting the information using asymmetric keys and the thenticates the user in this scheme. In [97] authentication is
key pair stored in the secure storage [117] to protect from provided by asking for a PIN and account number. In [99]
unauthorized access. In [113] confidentiality is achieved by Control and communicating interface are used to provide
using ECC which is a type of asymmetric key cryptography. authentication. In [102] authentication is done by using NFC
enabled mobile phone and QR-code/PIN. In [100] triple
authentication mechanism is ensured by using the challenge-
2) Authentication
response protocol. In [107] authentication is provided by
In [96] authentication is performed by reading the RFID using SMS and secret key. Paper [111] ensures authentication
tag, which is embedded in the SIM card. RFID reader au-
14 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

TABLE 9: MPS technology specific categorization virtual accounts for clients whom the bank assigns. [120] pro-
Technology Papers % poses a novel approach of ensuring privacy, confidentiality,
NFC [102], [103], [101], [100], [106], [116] 28.57 and authentication using a hybrid scheme for location and
GSM [96], [99], [100], [101] 19.04
SMS [99], [100], [107], [111], [112], [108], [113], [115] 38.09
payment authentication.
RFID [96] 4.76
QR-Code [102], [104], [105] 14.28 6) Non Repudiation
Bluetooth [97], [107] 9.52
U2F [109] 4.76
In [116] Non-repudiation is ensured by using the signing
key and timestamp. In [106] IBC-Signatures are used which
ensures non-repudiation in their scheme. In [107] three fac-
by using signature schemes (DES and ECC). Paper [112] tors are used to prove non-repudiation of the client (by
uses short-codes to provide authentication. In [118] Isomor- checking the status response of the client, session key, and the
phic shapes are used for authentication. offline PIN). Paper [105] uses RSA-Digital Signature to sign
transaction information which ensures non-repudiation of
3) Mutual Authentication transactions. Papers [109], [113] use signatures to ensure the
legitimate user and non-repudiation. [101] ensures the non-
In [98], [106], [113] Payment requests are signed by signing
repudiation by hashing the transaction data with the shared
key (Digital Signatures) of both client & merchant to achieve
key. In [121], authors explore data sharing and privacy for
mutual authentication. In [104] mutual authentication is en-
patient IoT devices using block-chain. In [116], the secure
sured by using the RSA-PKI mechanism. In [105] RSA-
storage of NFC generates the key pair (public, private) for a
Digital Signature is used to provide mutual authentication.
virtual account, and a private key signs all messages during
In [114] identity-based signatures are used to achieve mutual
the transaction process, which ensures non-repudiation in
authentication. In [108] mutual authentication is achieved
their scheme.
by using Mobile Wallet number and PIN. In [109] mu-
tual authentication is provided by using Asymmetric keys, TABLE 10: Security specific categorization of reviewed re-
valid username & password. For authentication [101] uses search papers
Session-key and challenge-response authentication. To en-
Security feature Papers %
sure mutual authentication [103] uses secret key and public Confidentiality [97], [98], [100], [101], [111], 80.09
key infrastructure (PKI). In [116] authentication is provided [112], [103], [104], [105], [107],
by using digital signatures. In this scheme, mutual authenti- [106], [109], [118], [114], [116],
[113], [115]
cation is only between the user and the bank. Authentication [96], [97], [98], [99], [102], [100], 100
[101], [103], [104], [105], [107],
4) Integrity [111], [112], [108], [118], [106],
[109], [114], [116], [113], [115]
To ensure the data has not tampered during transaction [114], Integrity [100], [101], [103], [104], [105], 57.14
[113], [106], [109], [100], [101] use hash packets and verify [107], [106], [109], [114], [116],
[113], [115]
the hash. Paper [107] uses a private banking network and
Mutual Authentication [98], [101], [103], [104], [105], 57.14
secure payer confirmation to ensure integrity. In [104] in- [108], [106], [109], [114], [116],
tegrity is ensured by using QR-Code. In [105] RSA-Digital [113], [115]
signature algorithm is used to ensure integrity. [100] Achieve Customer Anonymity [98], [116], [114], [118], [112], 33.33
[100], [103]
the integrity by Message Authentication Code (MAC) that Non-Repudiation [98], [101], [105], [107], [106], 38.09
is embedded in the ciphertext. In [116], the information [109], [116], [113]
is encrypted with shared key among bank/user and signed
with user’s private key that protects the information from The overall security features provided by each paper in our
unauthorized modification. study are described in Table 10. It tells us that all the systems
we have reviewed ensure authentication, and most of them
5) Customer Anonymity also provide encryption. The main aspects considered in each
In [98] there is no need to get registered to the merchant payment system are encryption and authentication; without
or any 3rd party before or during the transaction, which these two aspects, no system can be said as secure enough.
ensures the anonymity of the client. In [100] the client’s Integrity and registration of clients or merchants have also
long-term ID is not revealed to the merchant, which ensures got much importance and value while designing any payment
the client’s anonymity. In [112] anonymity of consumer system.
is ensured because it only requires the consumer’s mobile
number or short-code provided by them-payment application VIII. CHALLENGES AND FUTURE WORK
service provider. In [118] customer’s identity is dynamic and Due to the increase in technology used worldwide to ease
updated frequently to ensure the anonymity of a customer. daily life activities, mobile payment systems also emerged
In [114] client’s anonymity is ensured by hiding session and rapidly for the same reasons. Tasks that take hours to perform
transit information. [116], [103] achieve anonymity by using by visiting the banks are now at the fingertips using smart-
VOLUME 4, 2016 15

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

phones and allied payment infrastructure in digital forms. history, development, and deployment of MPS. Discussed
This ease also brought some related issues, the most danger- different aspects of MPS included socioeconomic conditions,
ous of which is the threat of malicious actors hacking the Cost Efficiency, diffusion of mobile phones, convenience,
payment system to steal money. The recent hacking of block- new initiatives, heavy restrictions and regulations, limited
chain-based cryptocurrency exchanges, which were previ- collaboration, underdeveloped ecosystem, and security prob-
ously considered the most secure digital payment system, lems; the key attributes of MPS, and stakeholder and com-
rings the bells that the hackers circumvent ways to bypass the munication entities roles in MPS form different aspects. We
securities in place. This new battleground between the good discussed different security mechanisms involved in MPS.
and the bad for enhancing and ensuring the security of mobile Provide analysis of the encryption technologies, authentica-
payment systems against emerging threats is an affluent area tion methods, and firewall in MPS. All the papers suggest
to explore in the future. different techniques to provide different security aspects.
In any field, there is always the possibility of enhance- However, the main point is that keeping in check the CIA
ments and improvement. In the future, we intend to focus on triad, each payment should be made with authentication and
understanding the preferences of consumers and the reasons encryption because the future of MPS depends on its security
to utilize or not utilize a specific technology-enabled service features.
as it is vital to design viable services that generate value to
consumers and the other stakeholders of an ecosystem. The REFERENCES
usage of mobile phones is high, and it is in almost every [1] S. F. Verkijika, “An affective response model for understanding the
person’s approach. Most of the work or daily transactions or acceptance of mobile payment systems,” Electronic Commerce Research
and Applications, vol. 39, p. 100905, 2020.
communication is done through a mobile phone; that is why [2] A. R. Javed, M. O. Beg, M. Asim, T. Baker, and A. H. Al-Bayatti, “Al-
many companies introduced their services for mobile phones. phalogger: Detecting motion-based side-channel attack using smartphone
Mobile payment methods are also available nowadays, but it keystrokes,” Journal of Ambient Intelligence and Humanized Computing,
pp. 1–14, 2020.
needs more security than other mobile phone services.
[3] S. Cimato, “Design of an authentication protocol for gsm javacards,”
An increase in mobile payment solutions will increase in International Conference on Information Security and Cryptology,
the user base, which is already sufficient compared to other pp. 355–368, Springer, 2001.
traditional methods. This increase will ultimately result in a [4] S. Kungpisdan, B. Srinivasan, and P. D. Le, “A practical framework for
mobile set payment,” in Proceedings of International ESociety Confer-
load on the network infrastructure, which is the backbone ence, pp. 321–328, 2003.
of the success of such solutions. Advancement in next- [5] L. Marvel and C. Boncelet, “Authentication for low power systems,” in
generation networks and their impact on mobile payment 2001 MILCOM Proceedings Communications for Network-Centric Op-
erations: Creating the Information Force (Cat. No. 01CH37277), vol. 1,
solutions will be another research area to explore. Further to pp. 135–138, IEEE, 2001.
this, research can be done on current bottlenecks resulting [6] Y. Wang, C. Hahn, and K. Sutrave, “Mobile payment security, threats,
in lesser mobile payment solutions and remedial measures and challenges,” in 2016 second international conference on mobile and
secure services (MobiSecServ), pp. 1–5, IEEE, 2016.
using network advancements. [7] S. Deep, X. Zheng, A. Jolfaei, D. Yu, P. Ostovari, and A. Kashif Bashir,
This research has some practical and theoretical limita- “A survey of security and privacy issues in the internet of things from
tions that may provide valuable findings for future research. the layered context,” Transactions on Emerging Telecommunications
Technologies, p. e3935, 2020.
For example, we do not consider the potential impact of digi- [8] C. Iwendi, Z. Jalil, A. R. Javed, T. Reddy, R. Kaluri, G. Srivastava, and
tization on mobile payment systems, making behaviors more O. Jo, “Keysplitwatermark: Zero watermarking algorithm for software
complex than those resulting from modular reorganization protection against cyber-attacks,” IEEE Access, vol. 8, pp. 72650–72660,
2020.
alone. Our goal when choosing this project is to record dy- [9] A. Rehman Javed, Z. Jalil, S. Atif Moqurrab, S. Abbas, and X. Liu, “En-
namics that cannot be found in developed countries. We hope semble adaboost classifier for accurate and fast detection of botnet attacks
our findings can be applied to other mobile payment systems in connected vehicles,” Transactions on Emerging Telecommunications
Technologies, p. e4088, 2020.
in emerging economies. However, future comparative studies [10] M. Baza, N. Lasla, M. Mahmoud, G. Srivastava, and M. Abdallah,
using larger samples or more extreme cases will confirm “B-ride: Ride sharing with privacy-preservation, trust and fair payment
the extent to which our results can be generalized. Since all atop public blockchain,” IEEE Transactions on Network Science and
Engineering, 2019.
cases are based on mobile network operators (MNOs), future [11] R. M. Mohammad and H. Y. AbuMansour, “An intelligent model for
research on banks or third-party models will help discuss trustworthiness evaluation in semantic web applications,” in 2017 8th
mobile payment systems in the literature. International Conference on Information and Communication Systems
(ICICS), pp. 362–367, IEEE, 2017.
[12] D. Preuveneers, T. Heyman, Y. Berbers, and W. Joosen, “Feature-based
IX. CONCLUSION variability management for scalable enterprise applications: Experiences
This paper has discussed various payment schemes and their with an e-payment case,” in 2016 49th Hawaii International Conference
usage, technology, and provided security. Most payment on System Sciences (HICSS), pp. 5793–5802, IEEE, 2016.
[13] E. Turban, J. Outland, D. King, J. K. Lee, T.-P. Liang, and D. C. Turban,
methods are account-based payment systems, and their main “Mobile commerce and the internet of things,” in Electronic Commerce
focus is on security, privacy, confidentiality, and authen- 2018, pp. 205–248, Springer, 2018.
tication. We present an overview and discussed different [14] M. Hubert, M. Blut, C. Brock, C. Backhaus, and T. Eberhardt, “Accep-
tance of smartphone-based mobile shopping: Mobile benefits, customer
components of MPS. We present a detailed survey of the characteristics, perceived risks, and the impact of application context,”
existing MPS structure and its limitations; provide detailed Psychology & Marketing, vol. 34, no. 2, pp. 175–194, 2017.

16 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

[15] S. EDITION, “Cryptography and network security.” vations: Technology, Governance, Globalization, vol. 6, no. 4, pp. 81–98,
[16] “Securing the future of payments together.” Last accessed 14 May 2020. 2011.
[17] T. Depot, “The home depot reports findings in payment data breach [40] J. Liu, R. J. Kauffman, and D. Ma, “Competition, cooperation, and reg-
investigation,” 2014. ulation: Understanding the evolution of the mobile payments technology
[18] J. Téllez and S. Zeadally, Mobile Payment Systems. Springer, 2017. ecosystem,” Electronic Commerce Research and Applications, vol. 14,
[19] T. Dahlberg, J. Guo, and J. Ondrus, “A critical review of mobile payment no. 5, pp. 372–391, 2015.
research,” Electronic Commerce Research and Applications, vol. 14, [41] N. Iman, “Is mobile payment still relevant in the fintech era?,” Electronic
no. 5, pp. 265–284, 2015. Commerce Research and Applications, vol. 30, pp. 72–82, 2018.
[20] T. Dahlberg, N. Mallat, J. Ondrus, and A. Zmijewska, “Past, present [42] A. A. Ozok and J. Wei, “An empirical comparison of consumer usability
and future of mobile payments research: A literature review,” Electronic preferences in online shopping using stationary and mobile devices: re-
commerce research and applications, vol. 7, no. 2, pp. 165–181, 2008. sults from a college student population,” Electronic Commerce Research,
[21] J. Lee, M. H. Ryu, and D. Lee, “A study on the reciprocal relationship be- vol. 10, no. 2, pp. 111–137, 2010.
tween user perception and retailer perception on platform-based mobile [43] A. A. Shaikh and H. Karjaluoto, “Mobile banking adoption: A literature
payment service,” Journal of Retailing and Consumer Services, vol. 48, review,” Telematics and informatics, vol. 32, no. 1, pp. 129–142, 2015.
pp. 7–15, 2019. [44] E. L. Slade, M. D. Williams, and Y. Dwivedi, “Extending utaut2 to
[22] S. Saxena, S. Vyas, B. S. Kumar, and S. Gupta, “Survey on online explore consumer adoption of mobile payments.,” UKAIS, vol. 36, 2013.
electronic paymentss security,” in 2019 Amity International Conference [45] T. Oliveira, M. Thomas, G. Baptista, and F. Campos, “Mobile payment:
on Artificial Intelligence (AICAI), pp. 756–751, IEEE, 2019. Understanding the determinants of customer adoption and intention to
[23] A. Thangamuthu, “A survey on various online payment and billing recommend the technology,” Computers in Human Behavior, vol. 61,
techniques,” Humanities, vol. 7, no. 3, pp. 86–91, 2020. pp. 404–414, 2016.
[24] A. Saranya and R. Naresh, “Efficient mobile security for e health care [46] V. Kumar, N. Nim, and A. Sharma, “Driving growth of mwallets in
application in cloud for secure payment using key distribution,” Neural emerging markets: a retailer’s perspective,” Journal of the Academy of
Processing Letters, pp. 1–12, 2021. Marketing Science, vol. 47, no. 4, pp. 747–769, 2019.
[25] J. Wang and J.-Y. Lai, “Exploring innovation diffusion of two-sided [47] R. Glavee-Geo, A. A. Shaikh, H. Karjaluoto, and R. E. Hinson, “Drivers
mobile payment platforms: A system dynamics approach,” Technological and outcomes of consumer engagement,” International Journal of Bank
Forecasting and Social Change, vol. 157, p. 120088, 2020. Marketing, 2019.
[26] F. Liébana-Cabanillas, I. Ramos de Luna, and F. Montoro-Ríos, “Inten- [48] M. G. Nejad, T. Apanasevic, J. Markendahl, and N. Arvidsson, “Stake-
tion to use new mobile payment systems: a comparative analysis of sms holders’ expectations of mobile payment in retail: lessons from sweden,”
and nfc payments,” Economic research-Ekonomska istraživanja, vol. 30, International Journal of Bank Marketing, 2016.
no. 1, pp. 892–910, 2017. [49] J. T. Isaac and Z. Sherali, “Secure mobile payment systems,” IT Profes-
[27] M. Masihuddin, B. U. I. Khan, M. Mattoo, and R. F. Olanrewaju, “A sional, vol. 16, no. 3, pp. 36–43, 2014.
survey on e-payment systems: elements, adoption, architecture, chal- [50] J. Sun and N. Zhang, “The mobile payment based on public-key secu-
lenges and security concepts,” Indian Journal of Science and Technology, rity technology,” in Journal of Physics: Conference Series, vol. 1187,
vol. 10, no. 20, pp. 1–19, 2017. p. 052010, IOP Publishing, 2019.
[28] V. Kumar, K.-K. Lai, Y.-H. Chang, P. C. Bhatt, and F.-P. Su, “A structural [51] P. Chaudhury, S. Dhang, M. Roy, S. Deb, J. Saha, A. Mallik, S. Bal,
analysis approach to identify technology innovation and evolution path: S. Roy, M. K. Sarkar, S. Kumar, et al., “Acafp: Asymmetric key based
a case of m-payment technology ecosystem,” Journal of Knowledge cryptographic algorithm using four prime numbers to secure message
Management, 2020. communication. a review on rsa algorithm,” in 2017 8th Annual Indus-
[29] S. Solat, “Security of electronic payment systems: A comprehensive trial Automation and Electromechanical Engineering Conference (IEME-
survey,” arXiv preprint arXiv:1701.04556, 2017. CON), pp. 332–337, IEEE, 2017.
[30] M. Kim, S. Kim, and J. Kim, “Can mobile and biometric payments re- [52] J. Zhang, “A study on application of digital signature technology,” in
place cards in the korean offline payments market? consumer preference 2010 International Conference on Networking and Digital Society, vol. 1,
analysis for payment systems using a discrete choice model,” Telematics pp. 498–501, IEEE, 2010.
and Informatics, vol. 38, pp. 46–58, 2019. [53] S. F. Al-Janabi and A. K. Obaid, “Development of certificate authority
[31] F. Liébana-Cabanillas, S. Molinillo, and M. Ruiz-Montañez, “To use or services for web applications,” in 2012 International Conference on
not to use, that is the question: Analysis of the determining factors for us- Future Communication Networks, pp. 135–140, IEEE, 2012.
ing nfc mobile payment systems in public transportation,” Technological [54] O. Ogbanufe and D. J. Kim, “Comparing fingerprint-based biometrics
Forecasting and Social Change, vol. 139, pp. 266–276, 2019. authentication versus traditional authentication methods for e-payment,”
[32] I. R. de Luna, F. Liébana-Cabanillas, J. Sánchez-Fernández, and Decision Support Systems, vol. 106, pp. 1–14, 2018.
F. Muñoz-Leiva, “Mobile payment is not all the same: The adoption of [55] A. K. Jain, P. Flynn, and A. A. Ross, Handbook of biometrics. Springer
mobile payment systems depending on the technology applied,” Techno- Science & Business Media, 2007.
logical Forecasting and Social Change, vol. 146, pp. 931–944, 2019. [56] C. S. Weir, G. Douglas, T. Richardson, and M. Jack, “Usable security:
[33] M. Sumathy and K. Vipin, “Digital payment systems: Perception and User preferences for authentication methods in ebanking and the effects
concerns among urban consumers,” IJAR, vol. 3, no. 6, pp. 1118–1122, of experience,” Interacting with Computers, vol. 22, no. 3, pp. 153–164,
2017. 2010.
[34] S. Fatonah, A. Yulandari, and F. Wibowo, “A review of e-payment system [57] H. Crawford, K. Renaud, and T. Storer, “A framework for continuous,
in e-commerce,” in Journal of Physics: Conference Series, vol. 1140, transparent mobile device authentication,” Computers & Security, vol. 39,
p. 012033, IOP Publishing, 2018. pp. 127–136, 2013.
[35] S. Evans and A. Pirchio, “An empirical examination of why mobile [58] S. Byun and S.-E. Byun, “Exploring perceptions toward biometric tech-
money schemes ignite in some developing countries but flounder in most. nology in service encounters: a comparison of current users and potential
university of chicago coase-sandor institute for law & economics research adopters,” Behaviour & Information Technology, vol. 32, no. 3, pp. 217–
paper no. 723,” 2015. 230, 2013.
[36] P. Van der Boor, P. Oliveira, and F. Veloso, “Users as innovators in [59] I. M. Alsaadi, “Physiological biometric authentication systems, advan-
developing countries: The global sources of innovation and diffusion in tages, disadvantages and future development: A review,” International
mobile banking services,” Research Policy, vol. 43, no. 9, pp. 1594–1607, Journal of Scientific & Technology Research, vol. 4, no. 12, pp. 285–289,
2014. 2015.
[37] S. Dodini, A. A. Lopez-Fernandini, E. A. Merry, L. Thomas, et al., [60] A. Alzubaidi and J. Kalita, “Authentication of smartphone users using
“Consumers and mobile financial services 2016,” tech. rep., Board of behavioral biometrics,” IEEE Communications Surveys & Tutorials,
Governors of the Federal Reserve System (US), 2016. vol. 18, no. 3, pp. 1998–2026, 2016.
[38] R. Duncombe, “Researching impact of mobile phones for development: [61] M. Rouse, “Single-factor authentication (sfa),”
concepts, methods and lessons for practice,” Information technology for https://searchsecurity.techtarget.com/, 2017.
Development, vol. 17, no. 4, pp. 268–288, 2011. [62] A. Rahav, “The secret security wiki,”
[39] A. Dermish, C. Kneiding, P. Leishman, and I. Mas, “Branchless and https://doubleoctopus.com/security-wiki/ authentication/single-factor-
mobile banking solutions for the poor: a survey of the literature,” Inno- authentication/, 2018.

VOLUME 4, 2016 17

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

[63] A. Ometov, S. Bezzateev, N. Mäkitalo, S. Andreev, T. Mikkonen, and [89] A. Bhatta and A. K. Mishra, “Gsm-based commsense system to measure
Y. Koucheryavy, “Multi-factor authentication: A survey,” Cryptography, and estimate environmental changes,” IEEE Aerospace and Electronic
vol. 2, no. 1, p. 1, 2018. Systems Magazine, vol. 32, no. 2, pp. 54–67, 2017.
[64] C. Hamilton and A. Olmstead, “Database multi-factor authentication [90] Y.-C. Tsao, Q. Zhang, and Q. Zeng, “Supply chain network design
via pluggable authentication modules,” in 2017 12th International Con- considering rfid adoption,” IEEE Transactions on Automation Science
ference for Internet Technology and Secured Transactions (ICITST), and Engineering, vol. 14, no. 2, pp. 977–983, 2016.
pp. 367–368, IEEE, 2017. [91] S. Dix, I. Phau, K. Jamieson, and A. S. Shimul, “Investigating the drivers
[65] K. K. Lakshmi, H. Gupta, and J. Ranjan, “Ussd—architecture analysis, of consumer acceptance and response of sms advertising,” Journal of
security threats, issues and enhancements,” in 2017 International Con- Promotion Management, vol. 23, no. 1, pp. 62–79, 2017.
ference on Infocom Technologies and Unmanned Systems (Trends and [92] S. Mukherjee and S. Mondal, “A scheme for qr code based smart door
Future Directions)(ICTUS), pp. 798–802, IEEE, 2017. locks security system using an arm computer,” in Proceedings of the First
[66] S. Castle, F. Pervaiz, G. Weld, F. Roesner, and R. Anderson, “Let’s International Conference on Intelligent Computing and Communication,
talk money: Evaluating the security challenges of mobile money in the pp. 613–621, Springer, 2017.
developing world,” in Proceedings of the 7th Annual Symposium on [93] S. S. Hassan, S. D. Bibon, M. S. Hossain, and M. Atiquzzaman, “Security
Computing for Development, pp. 1–10, 2016. threats in bluetooth technology,” Computers & Security, vol. 74, pp. 308–
[67] B. Reaves, J. Bowers, N. Scaife, A. Bates, A. Bhartiya, P. Traynor, 322, 2018.
and K. R. Butler, “Mo (bile) money, mo (bile) problems: Analysis of [94] L. Deng, H. Huang, and Y. Qu, “Identity based proxy signature from rsa
branchless banking applications,” ACM Transactions on Privacy and without pairings.,” IJ Network Security, vol. 19, no. 2, pp. 229–235, 2017.
Security (TOPS), vol. 20, no. 3, pp. 1–31, 2017. [95] J. M. Kizza, “Security in wireless networks and devices,” in Guide to
[68] R. Mahajan, J. Saran, and A. Rajagopalan, “Mitigating emerging fraud Computer Network Security, pp. 397–427, Springer, 2017.
risks in the mobile money industry,” Deloitte: Mumbai, India, 2015. [96] M. A. Qadeer, N. Akhtar, S. Govil, and A. Varshney, “A novel scheme for
[69] F. Salahdine and N. Kaabouch, “Social engineering attacks: a survey,” mobile payment using rfid-enabled smart simcard,” in 2009 International
Future Internet, vol. 11, no. 4, p. 89, 2019. Conference on Future Computer and Communication, pp. 339–343,
[70] M. W. Buku and R. Mazer, “Fraud in mobile financial services: protecting IEEE, 2009.
consumers, providers, and the system,” tech. rep., The World Bank, 2017. [97] S. Manvi, L. Bhajantri, and M. Vijayakumar, “Secure mobile payment
[71] S. Lonie, “Fraud risk management for mobile money: An overview. system in wireless environment,” in 2009 International Conference on
2017,” 2017. Future Computer and Communication, pp. 31–35, IEEE, 2009.
[72] P. Sharma, “A contemplate on multifactor authentication,” in 2019 6th
[98] J. Liu, J. Liao, and X. Zhu, “A system model and protocol for mobile
International Conference on Computing for Sustainable Global Develop-
payment,” in IEEE International Conference on e-Business Engineering
ment (INDIACom), pp. 824–827, IEEE, 2019.
(ICEBE’05), pp. 638–641, IEEE, 2005.
[73] A. Kumari, S. Jangirala, M. Y. Abbasi, V. Kumar, and M. Alam, “Eseap:
[99] X. Zheng and D. Chen, “Study of mobile payments system,” in EEE
Ecc based secure and efficient mutual authentication protocol using
International Conference on E-Commerce, 2003. CEC 2003., pp. 24–27,
smart card,” Journal of Information Security and Applications, vol. 51,
IEEE, 2003.
p. 102443, 2020.
[100] W. Chen, G. Hancke, K. Mayes, Y. Lien, and J.-H. Chiu, “Nfc mobile
[74] L. Katusiime, “Mobile money use: The impact of macroeconomic policy
transactions and authentication based on gsm network,” in 2010 Second
and regulation,” Economies, vol. 9, no. 2, p. 51, 2021.
International Workshop on Near Field Communication, pp. 83–89, IEEE,
[75] K. McKee, M. Kaffenberger, and J. M. Zimmerman, “Doing digital
2010.
finance right: The case for stronger mitigation of customer risks,” Focus
[101] M. Al-Tamimi and A. Al-Haj, “Online security protocol for nfc mobile
Note, vol. 103, 2015.
payment applications,” in 2017 8th International Conference on Informa-
[76] G. Ali, M. Ally Dida, and A. Elikana Sam, “Evaluation of key security
tion Technology (ICIT), pp. 827–832, IEEE, 2017.
issues associated with mobile money systems in uganda,” Information,
vol. 11, no. 6, p. 309, 2020. [102] S. Nseir, N. Hirzallah, and M. Aqel, “A secure mobile payment system
[77] R. Gwahula, “Risks and barriers associated with mobile money transac- using qr code,” in 2013 5th International Conference on Computer
tions in tanzania,” 2016. Science and Information Technology, pp. 111–114, IEEE, 2013.
[78] G. Ali, M. Ally Dida, and A. Elikana Sam, “Two-factor authentication [103] S.-W. Chen and R. Tso, “Nfc-based mobile payment protocol with user
scheme for mobile money: A review of threat models and countermea- anonymity,” in 2016 11th Asia Joint Conference on Information Security
sures,” Future Internet, vol. 12, no. 10, p. 160, 2020. (AsiaJCIS), pp. 24–30, IEEE, 2016.
[79] D. Kunda and M. Chishimba, “A survey of android mobile phone authen- [104] A. T. Purnomo, Y. S. Gondokaryono, and C.-S. Kim, “Mutual authenti-
tication schemes,” Mobile Networks and Applications, pp. 1–9, 2018. cation in securing mobile payment system using encrypted qr code based
[80] F. S. G. Talom, R. K. Tengeh, et al., “The impact of mobile money on the on public key infrastructure,” in 2016 6th International Conference on
financial performance of the smes in douala, cameroon,” Sustainability, System Engineering and Technology (ICSET), pp. 194–198, IEEE, 2016.
vol. 12, no. 1, pp. 1–1, 2019. [105] T. Ma, H. Zhang, J. Qian, X. Hu, and Y. Tian, “The design and implemen-
[81] B. W. Nyamtiga, A. Sam, and L. S. Laizer, “Enhanced security model for tation of an innovative mobile payment system based on qr bar code,” in
mobile banking systems in tanzania,” Intl. Jour. Tech. Enhancements and 2015 International Conference on Network and Information Systems for
Emerging Engineering Research, vol. 1, no. 4, pp. 4–20, 2013. Computers, pp. 435–440, IEEE, 2015.
[82] W. Ahmed, F. Shahzad, A. R. Javed, F. Iqbal, and L. Ali, “Whatsapp [106] Y. Rui-xia, “Design of secure mobile payment system based on ibc,” in
network forensics: Discovering the ip addresses of suspects,” in 2021 2015 10th International Conference on Broadband and Wireless Comput-
11th IFIP International Conference on New Technologies, Mobility and ing, Communication and Applications (BWCCA), pp. 422–425, IEEE,
Security (NTMS), pp. 1–7, 2021. 2015.
[83] A. Chowdhury, “Recent cyber security attacks and their mitigation [107] H. Harb, H. Farahat, and M. Ezz, “Securesmspay: secure sms mo-
approaches–an overview,” in International conference on applications and bile payment model,” in 2008 2nd International Conference on Anti-
techniques in information security, pp. 54–65, Springer, 2016. counterfeiting, Security and Identification, pp. 11–17, IEEE, 2008.
[84] M. S. Sadekin and A. Shaikh, “Security of e-banking in bangladesh,” J. [108] M. H. Firoz and Z. Ahmed, “Defensive protocol to ensure safe mobile
Financ. Account, vol. 4, no. 1, 2016. financial transaction in current context,” in 2017 Third Asian Conference
[85] A. F. Altwairqi, M. A. AlZain, B. Soh, M. Masud, and J. Al-Amri, “Four on Defence Technology (ACDT), pp. 54–58, IEEE, 2017.
most famous cyber attacks for financial gains,” Int. J. Eng. Adv. Technol. [109] K. Fan, H. Li, W. Jiang, C. Xiao, and Y. Yang, “U2f based secure mutual
IJEAT, vol. 9, pp. 2131–2139, 2019. authentication protocol for mobile payment,” in Proceedings of the ACM
[86] N. Shaw, “The mediating influence of trust in the adoption of the mobile Turing 50th Celebration Conference-China, pp. 1–6, 2017.
wallet,” Journal of Retailing and Consumer Services, vol. 21, no. 4, [110] F. Shahzad, W. Iqbal, and F. S. Bokhari, “On the use of cryptdb for
pp. 449–459, 2014. securing electronic health data in the cloud: A performance study,” in
[87] N. Kshetri, “Cybercrime and cybersecurity in africa,” 2019. 2015 17th International Conference on E-health Networking, Application
[88] L. Tamazirt, F. Alilat, and N. Agoulmine, “Nfc-based ubiquitous moni- Services (HealthCom), pp. 120–125, 2015.
toring system for e-industry,” in 2017 Third International Conference on [111] C. Ruan, F. Xiao, and J. Luo, “Desgn and implementation of mobile
Mobile and Secure Services (MobiSecServ), pp. 1–4, IEEE, 2017. payment system for intelligent travel,” in 2014 IEEE 3rd International

18 VOLUME 4, 2016

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

Conference on Cloud Computing and Intelligence Systems, pp. 547–552,

IEEE, 2014.
[112] B. Singh and K. Jasmine, “Comparative study on various methods and
types of mobile payment system,” in 2012 International Conference on
Advances in Mobile Network, Communication and Its Applications,
pp. 143–148, IEEE, 2012.
[113] S. Bojjagani and V. Sastry, “A secure end-to-end sms-based mobile bank-
ing protocol,” International journal of communication systems, vol. 30,
no. 15, p. e3302, 2017.
[114] J. Kang and D. Nyang, “A privacy-preserving mobile payment system for
mass transit,” IEEE Transactions on Intelligent Transportation Systems,
vol. 18, no. 8, pp. 2192–2205, 2017.
[115] W. A. Khan, Y. Saleem, G. A. Shah, and A. Farooq, “Modified mobile
transaction authentication number system for 2-layer security,” in 2016
International Conference on Intelligent Systems Engineering (ICISE),
pp. 89–93, IEEE, 2016.
[116] J. N. Luo, M. H. Yang, and S.-Y. Huang, “An unlinkable anonymous
payment scheme based on near field communication,” Computers &
Electrical Engineering, vol. 49, pp. 198–206, 2016.
[117] G. Platform, “The trusted execution environment: Delivering enhanced
security at a lower cost to the mobile market,” White Paper February,
2011.
[118] V. Sureshkumar, R. Anitha, N. Rajamanickam, and R. Amin, “A
lightweight two-gateway based payment protocol ensuring accountability
and unlinkable anonymity with dynamic identity,” Computers & Electri-
cal Engineering, vol. 57, pp. 223–240, 2017.
[119] S. Bojjagani and V. Sastry, “Ssmbp: A secure sms-based mobile banking
protocol with formal verification,” in 2015 IEEE 11th International
Conference on Wireless and Mobile Computing, Networking and Com-
munications (WiMob), pp. 252–259, IEEE, 2015.
[120] D. Lavanya, R. Ramaprabha, B. Thangapandian, and K. Gunaseelan,
“Novel privacy preserving authentication scheme based on physical layer
signatures for mobile payments,” SN Computer Science, vol. 2, no. 2,
pp. 1–11, 2021.
[121] G. Srivastava, R. M. Parizi, A. Dehghantanha, and K.-K. R. Choo,
“Data sharing and privacy for patient iot devices using blockchain,” in
International Conference on Smart City and Informatization, pp. 334–
348, Springer, 2019.

VOLUME 4, 2016 19

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/

Advanced Cyber Security in Mobile Payments
No ratings yet
Advanced Cyber Security in Mobile Payments
18 pages
08 - Chapter 2 PDF
No ratings yet
08 - Chapter 2 PDF
28 pages
Future of Mobile Payment Systems
No ratings yet
Future of Mobile Payment Systems
13 pages
Secure Mobile Payment Architecture Enabling Multi-Factor Authentication
No ratings yet
Secure Mobile Payment Architecture Enabling Multi-Factor Authentication
6 pages
A Research Paper On Study of Mobile Payment and Secuity in India
No ratings yet
A Research Paper On Study of Mobile Payment and Secuity in India
11 pages
Wa0017.
No ratings yet
Wa0017.
18 pages
Mobile Payment Architecture
100% (1)
Mobile Payment Architecture
9 pages
Mobile Payment Systems - Secure Network Architectures and Protocols
100% (1)
Mobile Payment Systems - Secure Network Architectures and Protocols
142 pages
Mobile Payment Systems Overview
No ratings yet
Mobile Payment Systems Overview
26 pages
Mobile Payments: Methods and Technologies
No ratings yet
Mobile Payments: Methods and Technologies
4 pages
Advances in Security and Payment Methods For Mobile Commerce
No ratings yet
Advances in Security and Payment Methods For Mobile Commerce
364 pages
Secure Mobile Payment Systems
No ratings yet
Secure Mobile Payment Systems
78 pages
Lecture 5 - M-Payment
No ratings yet
Lecture 5 - M-Payment
32 pages
BBA Study: Paytm Wallet Perception
No ratings yet
BBA Study: Paytm Wallet Perception
45 pages
Customer Perception of Paytm Wallet
No ratings yet
Customer Perception of Paytm Wallet
42 pages
10 - Chapter 3 Security in M Commerce
No ratings yet
10 - Chapter 3 Security in M Commerce
39 pages
Chapter 2 RRL
No ratings yet
Chapter 2 RRL
6 pages
Types of EP
No ratings yet
Types of EP
21 pages
Unit 4 Ques With Answers
No ratings yet
Unit 4 Ques With Answers
5 pages
NP Content
No ratings yet
NP Content
51 pages
Electronic Payment Systems
No ratings yet
Electronic Payment Systems
8 pages
Secure Mobile Payment Overview
No ratings yet
Secure Mobile Payment Overview
18 pages
E Payment Systems
No ratings yet
E Payment Systems
8 pages
Security of Mobile Payments
No ratings yet
Security of Mobile Payments
26 pages
Topic 4 - Payment in B2C E-Commerce
No ratings yet
Topic 4 - Payment in B2C E-Commerce
39 pages
05b Electronic Payment System-Part4-Chap12-Book
No ratings yet
05b Electronic Payment System-Part4-Chap12-Book
36 pages
Mobile Payment Systems Disruption Insights
No ratings yet
Mobile Payment Systems Disruption Insights
22 pages
Technology Challenges in Mobile Payment
No ratings yet
Technology Challenges in Mobile Payment
28 pages
Characteristics of Electronic Payment Systems
No ratings yet
Characteristics of Electronic Payment Systems
49 pages
Ecomm - Unit-2
No ratings yet
Ecomm - Unit-2
45 pages
Future of Mobile Payments
100% (1)
Future of Mobile Payments
6 pages
Electronic Payment Sistems
No ratings yet
Electronic Payment Sistems
31 pages
A Disruption Analysis in The Mobile Payment Market
No ratings yet
A Disruption Analysis in The Mobile Payment Market
10 pages
Mobile Wallet Security Insights
No ratings yet
Mobile Wallet Security Insights
8 pages
Mobile Wallet Security Threats Analysis
No ratings yet
Mobile Wallet Security Threats Analysis
8 pages
The Final Report - 2
No ratings yet
The Final Report - 2
22 pages
Mobile Wallet Payments Recent Potential Threats An
No ratings yet
Mobile Wallet Payments Recent Potential Threats An
8 pages
LESSON 1.5. Mobile Payments and Internet Payments
No ratings yet
LESSON 1.5. Mobile Payments and Internet Payments
6 pages
Transaction Flow in Card Payment Systems Using Mobile Agents
No ratings yet
Transaction Flow in Card Payment Systems Using Mobile Agents
14 pages
The Study of Electronic Payment Systems
No ratings yet
The Study of Electronic Payment Systems
4 pages
Securing Micropayments in Mobile Commerce
No ratings yet
Securing Micropayments in Mobile Commerce
3 pages
Online Payment Adoption in Indore
No ratings yet
Online Payment Adoption in Indore
28 pages
Unit - V
No ratings yet
Unit - V
9 pages
Secure Credits For Micro Payments Scheme Using Encrypted Techniques
No ratings yet
Secure Credits For Micro Payments Scheme Using Encrypted Techniques
4 pages
June 2022 Vol 2 Issue I - JJ - 2204
No ratings yet
June 2022 Vol 2 Issue I - JJ - 2204
9 pages
Electronic Payment Systems-Final
No ratings yet
Electronic Payment Systems-Final
105 pages
E-Payment Systems: Adoption and Security
No ratings yet
E-Payment Systems: Adoption and Security
19 pages
Unit-III: Types of Electronic Payment Systems
No ratings yet
Unit-III: Types of Electronic Payment Systems
8 pages
Mobile Payment Security Overview
No ratings yet
Mobile Payment Security Overview
22 pages
Electronic Payment Systems-Final
No ratings yet
Electronic Payment Systems-Final
105 pages
It.b.tech IV Year II Sem Ecommerce (R15a0571) Notes-32-49
No ratings yet
It.b.tech IV Year II Sem Ecommerce (R15a0571) Notes-32-49
18 pages
Fatonah 2018 J. Phys. Conf. Ser. 1140 012033
No ratings yet
Fatonah 2018 J. Phys. Conf. Ser. 1140 012033
8 pages
Mobile Payments: Risks & Regulations
No ratings yet
Mobile Payments: Risks & Regulations
9 pages
Mobile Payment Systems Overview
No ratings yet
Mobile Payment Systems Overview
14 pages
E-COMMERCE - Unit-2
No ratings yet
E-COMMERCE - Unit-2
19 pages
E Commerce
No ratings yet
E Commerce
25 pages
Fintech Mobile Money-4
No ratings yet
Fintech Mobile Money-4
22 pages
Final Account BBA
100% (1)
Final Account BBA
37 pages
Go Green: Switch to Digi E-Bill
No ratings yet
Go Green: Switch to Digi E-Bill
4 pages
National Steering Committee Minutes
No ratings yet
National Steering Committee Minutes
15 pages
Statement 1 2025
No ratings yet
Statement 1 2025
2 pages
Affidavit of Adverse Claim - Bautista
No ratings yet
Affidavit of Adverse Claim - Bautista
2 pages
Omni-Request Form - Updated
No ratings yet
Omni-Request Form - Updated
2 pages
CRM Strategy for NBP's Growth
100% (1)
CRM Strategy for NBP's Growth
12 pages
CRM 5
No ratings yet
CRM 5
2 pages
Bank of America Class Action Suit
No ratings yet
Bank of America Class Action Suit
146 pages
Evolution of India's Insurance Industry
No ratings yet
Evolution of India's Insurance Industry
70 pages
RTGS and NEFT Payment
No ratings yet
RTGS and NEFT Payment
1 page
Canara Bank Ilc
No ratings yet
Canara Bank Ilc
4 pages
Branch Banking
No ratings yet
Branch Banking
22 pages
M. Sc. Physics - 07.11.22
No ratings yet
M. Sc. Physics - 07.11.22
24 pages
Finacle - D
No ratings yet
Finacle - D
5 pages
Overview of Payment Banks in India
No ratings yet
Overview of Payment Banks in India
10 pages
Customer Satisfaction in Philippine Banks
No ratings yet
Customer Satisfaction in Philippine Banks
33 pages
Global Hotel Card
No ratings yet
Global Hotel Card
2 pages
An Investigation Into Payment Trends and Behaviour-UK-1997-2007
No ratings yet
An Investigation Into Payment Trends and Behaviour-UK-1997-2007
189 pages
Distance Assignment - 1
No ratings yet
Distance Assignment - 1
5 pages
Defin508 International Banking and Forex Management
No ratings yet
Defin508 International Banking and Forex Management
188 pages
International Payment Negotiation Guide
No ratings yet
International Payment Negotiation Guide
56 pages
Global Currency Reset Insights
No ratings yet
Global Currency Reset Insights
14 pages
CV - GF Apr'10 - Noref
No ratings yet
CV - GF Apr'10 - Noref
3 pages
BMIH Credit Card Auth Form
No ratings yet
BMIH Credit Card Auth Form
1 page
Swift 2002 Annual Report
No ratings yet
Swift 2002 Annual Report
53 pages
Cryptocurrencies Simply Explained PDF
100% (10)
Cryptocurrencies Simply Explained PDF
80 pages
Thesis Guide: Standard Chartered Bank Insights
100% (3)
Thesis Guide: Standard Chartered Bank Insights
7 pages
A Presentation On Role of Information Technology in Finance and Banking
No ratings yet
A Presentation On Role of Information Technology in Finance and Banking
22 pages
NCVT Partner Application Form
No ratings yet
NCVT Partner Application Form
6 pages