Chen Fei,Mao Mengzhi,Li Youxing

DOI: https://doi.org/10.3969/j.issn.1674-747x.2023.03.005

2023-01-01

Abstract:From the perspective of personal biometric information processing protocols, this article conducts a systemic study of the compliance of personal biometric information protection of mainstream financial APPs in an empirical way, including“protocol consent mechanism”,“protocol independence setting”,“protocol preservability”,and“protocol clause content.”The study finds that the current financial APPs are widely faced with the problem of failing to obtain user’s consent and fully inform users of matters related to information processing, and the lack of issues that should be informed to individuals in relevant agreements, which reflect the oversight of the current information processors’ internal control and the lack of supervision. We should focus on consolidating the legal obligations of processors and supervisors, and explore the trinity of “internal control, self-regulation and supervision”for compliance.

Wei Sun,Xiangwei Kong,Dequan He,Xingang You

DOI: https://doi.org/10.1109/ISECS.2008.147

2008-01-01

Abstract:The purpose of this paper is to resolve information security problem in the mobile electronic commerce industry chain. We analyze information security based on evolutionary game theory. In this paper, we set up the information security game model with penalty parameter, calculate replicator dynamics, and analyze the evolutionary stable strategy of the game model. The result reveals that reducing the investment cost is the key factor to promote information security investment. If this condition can not be satisfied, the regulation of penalty parameter will help to promote the investment. The research method in this paper provides a new thought for the solution of information security in the mobile electronic commerce chain.

June Wei,Yuan Liu,June Lu,Milos Slaninka,Kristie Abston

DOI: https://doi.org/10.1504/ijmc.2021.114313

2021-01-01

International Journal of Mobile Communications

Abstract:This paper proposed an indexed matrix to assess information security risks' impacts on mobile social media to help organisations address security risks effectively and efficiently. It developed and integrated a static social media information security risk model and a dynamic social media information flow model in the mobile environment to investigate the potential security risks in social networks. The pattern of security risks with three levels was identified using cluster analysis. An indexed matrix is also proposed to assess the information security impacts on social media via the relative-weigh quantitative method. The results can help to develop an effective and safe way to transmit information through social media. This research is the first attempt to integrate static information security threats into the dynamic social media information flow processes to assess the information security risk levels by developing a new indexed method. The theoretical and practical implications are presented.

Jun Li,Jing Wang,Shanyong Wang,Yu Zhou

DOI: https://doi.org/10.1109/access.2019.2902905

IF: 3.9

2019-01-01

IEEE Access

Abstract:In recent years, mobile payment as an innovative payment method has triggered a payment revolution in China. Understanding and investigating the psychological elements and influence paths that affect the user's willingness to use mobile payment are of great importance. The main purpose of this study is to investigate the effects of a user's risk perception, perceived ease of use, perceived usefulness, and attitude on a user's willingness to use Alipay, by using an extended version of the technology acceptance model (TAM). The model was tested with the use of structural equation modeling (SEM), and the data was collected from 491 users in China. The results show that perceived ease of use and perceived usefulness has a significant effect on users' attitudes and intentions to use Alipay, and the risk perception has a negative effect on perceived ease of use and perceived usefulness. Meanwhile, risk perception also has a direct effect on users' attitudes and intentions to use Alipay. These results suggested that when users perceived that the risks of using Alipay are higher, they will hold a negative attitude using Alipay and less likely to use Alipay. Based on these results, the possible implications have been identified.

Feng Wang,Ge Bao Shan,Yong Chen,Xianrong Zheng,Hong Wang,Sun Mingwei,Li Haihua

DOI: https://doi.org/10.4018/jgim.2020010110

2020-01-01

Journal of Global Information Management

Abstract:Mobile payment is a new payment method offering users mobility, reachability, compatibility, and convenience. But mobile payment involves great uncertainty and risk given its electronic and wireless nature. Therefore, biometric authentication has been adopted widely in mobile payment in recent years. However, although technology requirements for secure mobile payment have been met, standards and consistent requirements of user authentication in mobile payment are not available. The flow management of user authentication in mobile payment is still at its early stage. Accordingly, this paper proposes an anonymous authentication and management flow for mobile payment to support secure transaction to prevent the disclosure of users' information and to reduce identity theft. The proposed management flow integrates transaction key generation, encryption and decryption, and matching to process users' personal information and biometric characteristics based on mobile equipment authentication carrier.

information science & library science

Tianqi Wang,Ting Liu,Huimin Zhu

DOI: https://doi.org/10.56397/ist.2024.01.07

2024-01-01

Abstract:As the mobile payment landscape continues to evolve rapidly, this paper examines the emerging threats and future challenges facing Alipay and the broader industry. The analysis encompasses cybersecurity innovations, regulatory landscape changes, user privacy concerns, integration with emerging technologies, global expansion challenges, competition and market saturation, technological infrastructure scalability, consumer education and trust, geopolitical risks, and social and ethical considerations. With the aim of fostering a comprehensive understanding, the paper explores how Alipay can strategically adapt to these challenges through continuous innovation, regulatory compliance, user-centric approaches, and global collaboration. The insights derived from this exploration contribute to a holistic perspective on the dynamic future of mobile payments.

Xi Li,Wei Zhu,Mingxing He

DOI: https://doi.org/10.1109/3CA.2010.5533752

2010-01-01

Abstract:Emerging electronic commerce becomes popular together with the considerable increase of mobile device. Since mobile payments will become one of the most important mobile services. However, most people do not have a fancy for remote mobile payment, or only is limited to micro-payment. The most important problem they worry about is the security of the mobile devices and the applications along with the complexity of payment process. The paper presents a secure remote payment architecture based on smart card in mobile devices that simplifies the payment process and takes a finance measure to permit a more fairly allocation of risks between merchants and consumers. Furthermore, security policies between the security properties of the payment application and the resource limitations are defined. It not only provides strong security but also makes the system open to common payment. Finally, ID-based signature mechanism has advantages over the others based on CA in terms of key distribution and scalability of increasing security level for remote mobile payment service.

Ding Long Huang,Pei Luen Patrick Rau,Gavriel Salvendy,XiaoLi Shang,Ying Liu,Xia Wang

DOI: https://doi.org/10.1177/154193120805202002

2008-01-01

Abstract:Information security is of great concern to IT users, who may hesitate or refuse to adopt IT appliances because of worries about security problems. The objective of this study was to investigate the antecedences and consequences of people's perception of information security. This study included three phases. In phase 1, a six-factor structure modeling people's perception of information security was developed through a survey study and exploratory factor analysis. In phase 2, the relations between people's perception of information security and their intention to adopt IT appliances were tested through a laboratory experiment and path analysis. Significant effects were found and a path model was developed. In phase 3, the implications of people's perception of information security for mobile phone were discussed through focus group. Mobile users' perception of mobile security in seven scenarios was summarized. Three personas of mobile security were developed.

Fei Gao,Pei-Luen Patrick Rau,Yubo Zhang

DOI: https://doi.org/10.4018/ijmhci.2017010104

2017-01-01

International Journal of Mobile Human Computer Interaction

Abstract:The rapid deployment of mobile devices and the development of mobile services and applications require to address the mobile information security from the human side. This study was aimed at identifying factors influencing people's perception of mobile information security, to investigate the impact of these factors and to facilitate related service design. A survey was conducted and analyzed with exploratory factor analysis. Five factors were identified, including perceived familiarity, perceived impact, perceived controllability, perceived awareness and perceived possibility. Thereinto, the impact of controllability, impact and familiarity on the adoption of mobile payment was investigated. Impact significantly affected the intention to use, but not the perceived security of payment systems. Control level significantly affected the intention to use and the perceived security. Familiarity was found to have an effect on neither the intention to use nor the perceived security. Related design implications for mobile payment systems were discussed.

Xiaoling Xu,Jianghao Song

DOI: https://doi.org/10.1155/2021/5468397

2021-12-09

Mobile Information Systems

Abstract:To better promote the healthy and long-term development of corporate financial management, the basement is established on the perspective of artificial intelligence (AI). Initially, based on the theories of modern mobile payment (MP) and corporate financial leverage, the corresponding data set is obtained through the questionnaire method as the research data. The reliability coefficients obtained after the test are all above 0.65, indicating that the reliability and stability of the entire data are relatively good. Besides, it is also found from the data of the questionnaire that some residents believe that MP will bring harm such as information leakage. Next, a new multilevel evaluation analysis method is introduced. After evaluating the financial management risk, operation risk, and network security risk existing in enterprise MP, it is found that the financial management risk accounts for the largest proportion of the three, with a risk weight of about 0.54, and the capital risk occupies the main position in the financial management risk. Finally, through the analysis of the risks existing in the whole operation process of the enterprise, it is found that about 50% of the financial management risk of the enterprise in the market belongs to the advanced risk, about 30% of the operational operation risk belongs to the low risk, and about 20% of the network security risk belongs to the advanced risk, which indicates that the financial management risk and network security risk are the top priority of the enterprise MP risk. Although the operational operation risk belongs to the low risk, it cannot be ignored. Subsequently, feasible suggestions and opinions are put forward on these phenomena from the perspectives of the government, enterprises, and residents. Therefore, there is great reference significance for the current financial risk assessment of enterprises based on MP.

computer science, information systems,telecommunications

Xin Luo,Han Li,Jie Zhang,J.P. Shim

DOI: https://doi.org/10.1016/j.dss.2010.02.008

IF: 6.969

2010-05-01

Decision Support Systems

Abstract:The factors affecting rejection or acceptance of an emerging IT artifact such as mobile banking have piqued interest among IS researchers and remain unknown due in part to consumers' trust and risk perceptions in the wireless platform. This study extends this line of research by conjointly examining multi-dimensional trust and multi-faceted risk perceptions in the initial adoption stage of the wireless Internet platform. Results of this study indicate that risk perception, derived from eight different facets, is a salient antecedent to innovative technology acceptance. Beyond prior studies, the results also provide empirical support for employing personal trait factors in analyzing acceptance of emerging IT artifacts.

computer science, information systems, artificial intelligence,operations research & management science

Doyel Pal,Praveenkumar Khethavath,Tingting Chen,Yuan Zhang

DOI: https://doi.org/10.1002/dac.3293

2017-01-01

International Journal of Communication Systems

Abstract:Payment methods using mobile devices instead of using traditional methods (cash, credit card, etc) has been gaining popularity all over the world. The ubiquitous nature of smartphones and tablets has widened the ambit for using these devices for payments and other daily life activities. Recent advancements in mobile technology along with the convenience of mobile devices made these applications possible. Despite the worldwide user adoption of mobile applications, security is the key challenge in mobile banking and payments system. Mobile payments systems need to be very efficient and provide utmost security endlessly. State‐of‐the‐art mobile payment systems need the physical presence of a merchant agent to make a payment. In this article, we had described in detail about the design and implementation of a mobile payments application, used to make in‐store purchases and make secure payments without any physical presence of a cashier or a merchant agent. We proposed a novel privacy‐preserving and secure authentication algorithm to make mobile payments using biometrics. The analysis and experimental results show the reliability and efficiency of our proposed solution.

Tao Feng,Nicholas DeSalvo,Lei Xu,Xi Zhao,Xi Wang,Weidong Shi

DOI: https://doi.org/10.4108/icst.mobicase.2014.257767

2014-01-01

Abstract:With the rise of Internet connected mobile devices, applications have migrated from PCs to mobile computing platforms. An important aspect, payment processing, faces new security challenges from these developments. Inasmuch, these advancements demand efforts from researchers and industry to meet increasing security needs. Threats can ensue from data loss, theft from lost, stolen, or decommissioned devices, information-stealing malware, and password peeping. We propose a secure framework for sensitive session driven applications which combines biometric-based continuous and implicit tracking of user identities, and TrustZone. This framework is accomplished through monitoring fingerprint authentication logs as well as detecting events when the phone has left the user's hands, all while in TrustZone, a platform for secure computation and storage on mobile devices. This solution leverages multiple onboard sensors as well as the ARM architecture to accomplish these feats. We conducted two user-studies acquiring smartphone users' usage statistics to investigate security and usability needs of our identity-tracking solution. To monitor these subtle gestures in real-world uncontrolled environments, multi-session data collection has been conducted to iteratively improve system performance. The evaluation results have demonstrated the feasibility of this framework as a secure session-based payment system.

Wenbo Yang,Juanru Li,Yuanyuan Zhang,Dawu Gu

DOI: https://doi.org/10.1016/j.jisa.2019.102358

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:The massive growth of smart mobile devices has attracted numerous apps to embed third-party in-app payment, which involves more sophisticated interactions between multiple participants compared to traditional payments. Therefore, such payment is error prone and could be exploited easily, leading to serious financial deceptions. To investigate current third-party mobile payment ecosystem and find potential security threats, we conduct an in-depth analysis against China–world’s largest mobile payment market. We study four mainstream third-party mobile payment cashiers, and conclude unified process models. We also summarize the security rules that must be regulated by cashiers and merchants and illustrate four types of attacks if violating these rules. Besides, we also detect seven cases of security rule violation on both Android and iOS platform. Our detection result shows that hundreds of popular apps violate at least one security rule, and hence face with various security risks, allowing attackers to consume commodities or services without purchasing them or deceiving others to pay for them. Our further investigation reveals that cashiers as well as merchants should be responsible for those vulnerable cases. We also performed proof-of-concept attacks in real world, reported these issues to all involved parties and helped them fix the vulnerabilities.

Waqas Ahmed,Amir Rasool,Neeraj Kumar,Abdul RehmanJaved,Thippa Reddy Gadekallu,Zunera Jalil,Natalia Kryvinska

DOI: https://doi.org/10.48550/arXiv.2105.12097

2021-05-25

Cryptography and Security

Abstract:Cash payment is still king in several markets, accounting for more than 90\ of the payments in almost all the developing countries. The usage of mobile phones is pretty ordinary in this present era. Mobile phones have become an inseparable friend for many users, serving much more than just communication tools. Every subsequent person is heavily relying on them due to multifaceted usage and affordability. Every person wants to manage his/her daily transactions and related issues by using his/her mobile phone. With the rise and advancements of mobile-specific security, threats are evolving as well. In this paper, we provide a survey of various security models for mobile phones. We explore multiple proposed models of the mobile payment system (MPS), their technologies and comparisons, payment methods, different security mechanisms involved in MPS, and provide analysis of the encryption technologies, authentication methods, and firewall in MPS. We also present current challenges and future directions of mobile phone security.

Shiu-Wan Hung,Min-Jhih Cheng,Yu-Jou Tung

DOI: https://doi.org/10.1108/ijbm-03-2023-0195

2024-04-17

The International Journal of Bank Marketing

Abstract:Purpose The adoption of mobile payment remains low in certain regions, highlighting the need to identify the factors that enable and inhibit its adoption. This study aims to address this gap by investigating the role of information security, loss aversion and the moderating influence of the herd effect on Inertia and behavioral intentions in the adoption of mobile payment systems. Design/methodology/approach A structural equation model was developed and tested with 332 valid questionnaires to examine the proposed hypotheses. Findings The empirical results reveal that information security plays a significant role as an enabler, while loss aversion acts as an inhibitor of mobile payment adoption. Furthermore, the study uncovers the moderating influence of the herd effect on the relationship between Inertia and behavioral intentions. Research limitations/implications This study was conducted in a specific region and may not be generalizable to other regions. Future studies could expand the sample size and scope to enhance the external validity of the findings. Practical implications This study offers practical implications for mobile payment service providers. Understanding the key enabling and inhibiting factors identified in this study can guide providers in designing and improving their services. Strengthening information security measures can help build trust among potential adopters, while offering incentives can mitigate the impact of loss aversion and encourage early adoption. Social implications The findings of this study have social implications as they contribute to promoting the adoption of mobile payment systems. Increased adoption can enhance financial inclusion and stimulate economic development. Originality/value This study provides novel insights into the enabling and inhibiting factors of mobile payment adoption and highlights the moderating role of the herd effect. By shedding light on the influence of social norms on individual behavior in the context of mobile payment adoption, this study contributes to the existing literature and advances our understanding of this phenomenon.

business

Kuo-Sui Lin

DOI: https://doi.org/10.11648/j.ajomis.20170201.12

2017-01-04

Abstract:Over the past decade, e-commerce creates exciting new opportunities for business but also brings new web application vulnerabilities and transaction security risks. A stream of news of phishing attacks, website spoofing, payment card skimming (credit /debit cards), fraud in online transactions, malware attack (malicious code attack of viruses, worms, Trojans, and bots), hacker/cracker infiltration, vandalism, identity theft and data breaches of payment card or bank details are increasingly reported. Web application security risk management, therefore, is essential for secure e-commerce online transactions, including order processing, payment transaction, banking and clearing processing. Therefore, the main purpose of this study was to propose a web application security risk management methodology to perform e-commerce web application security risk management, helping organizations understand and improve their e-commerce web application security risks. In order to achieve this purpose, the goal of this study has been two-fold: (1) How will organizations measure threat likelihood, impact consequence and severity of their e-commerce web application security risk? (2) What management methodology is required to prompt the e-commerce web application security vulnerabilities measurement and improvement? Using OWASP Top Ten Vulnerabilities as target items, the proposed management methodology is disciplined in a PDCA based ISO/IEC 27005 iterative process activities, integrating Common Criteria attack potential ratings as threat likelihood scales and the FIPS 199 impact categories as impact consequence scales to categorize severity of every e-commerce web application vulnerabilities. Following the proposed management procedure, all the critical e-commerce web application vulnerabilities can be reviewed, analyzed, prioritized and remedied effectively and efficiently, moving on again in a continuous cycle.

Computer Science,Business

Haifeng Wu,Xuan Li,Weihui Dai,Weidong Zhao

2010-01-01

Abstract:With the development of mobile network technology and mobile commerce application, mobile payment is becoming more and more important to assist mobile users to participate in the mobile commerce. Service reliability, security authtification, payment mobility is the core improblem, which should be solve with some flexible and secure measures. After deep studying traditional payment methods in electronic commerce and some technologies in 3G network, this paper introduces a new and integrated mobile payment framework, which is combined with IC chip, mobile phone and mobile internet, and then gives some improvement measures for current settlement mechanism, which is entirely around payment channel, payment carrier, security authentication. In this way, the real time processing of information flow, capital flow and logistics can be easily achieved, forming a reliable business operation for mobile users, which can bring some great convenience and profound influence for payment industry in mobile environment.

Jae Kwon Bae,Gwang Heon Hong,

DOI: https://doi.org/10.38115/asgba.2023.20.6.133

2023-12-31

The Academic Society of Global Business Administration

Abstract:In the era of digital financial innovation, the importance of financial security is being emphasized day by day as the financial sector expands its use of technologies such as the Internet of Things(IoT), Cloud, BigData, and Artificial Intelligence(AI). Financial security refers to Fintech security and involves establishing and operating an integrated security control system against cyber threats that take advantage of security vulnerabilities resulting from the introduction of innovative technologies, responding to intrusion incidents, and analyzing and assessing vulnerabilities. In particular, security risks are emerging as cloud services are utilized throughout the financial industry, and financial security control and abnormal financial transaction detection are being advanced by applying AI technology. Additionally, in the financial sector, data security and information protection are emerging as very important issues in the era of the MyData platform. As the MyData service expands, where a large number of personal information is concentrated in one place, the threat of personal information infringement due to indiscriminate information collection and service hacking is also increasing. Accordingly, it is necessary to strengthen personal information protection within the MyData service and increase awareness of cyber security and financial security. Against this background, this study first examines changes in the security environment of the financial sector (internal control and abnormal financial transaction detection) and the components of the integrated security control system. Next, we would like to derive security threats to the financial sector such as phishing and smishing using social engineering techniques, authentication information theft, Ransomware, Emotet, Soggolish, BEC, and TOAD. Lastly, in relation to cyber security policies in the financial sector, we would like to discuss countermeasures against Ransomware in the financial sector, plans to build a next-generation financial security control system, MyData information protection and information security, and the applicability of the Zero Trust model in the financial sector.

English Else

Qi Wang,Bangfeng Zong,Yong Lin,Zhuangzhuang Li,Xv Luo

DOI: https://doi.org/10.4018/joeuc.326934

2023-07-28

Journal of Organizational and End User Computing

Abstract:With the development of digitalization and Internet technology, enterprise information security is facing more and more challenges. Many enterprises have begun to adopt big data (BD) and artificial intelligence (AI) technology for risk assessment (RA) and prediction to effectively manage information security risks. This article discusses the application of BD and AI technology in enterprise information security management (ISM) and RA from two aspects. Firstly, the mobile payment signature scheme based on number theory research unit is used to improve the security of the mobile payment system. This scheme uses lattice algorithms to achieve fast key generation, signing, and verification and can resist traditional cryptographic attacks. Secondly, a set of enterprise ISM and RA system is established, including risk identification, RA, monitoring and early warning, emergency response, and other links. BD and AI technology is used to analyze internal and external data to provide accurate RA results to achieve automated RA.

information science & library science,management,computer science, information systems