Waqas Ahmed,Amir Rasool,Neeraj Kumar,Abdul RehmanJaved,Thippa Reddy Gadekallu,Zunera Jalil,Natalia Kryvinska

DOI: https://doi.org/10.48550/arXiv.2105.12097

2021-05-25

Cryptography and Security

Abstract:Cash payment is still king in several markets, accounting for more than 90\ of the payments in almost all the developing countries. The usage of mobile phones is pretty ordinary in this present era. Mobile phones have become an inseparable friend for many users, serving much more than just communication tools. Every subsequent person is heavily relying on them due to multifaceted usage and affordability. Every person wants to manage his/her daily transactions and related issues by using his/her mobile phone. With the rise and advancements of mobile-specific security, threats are evolving as well. In this paper, we provide a survey of various security models for mobile phones. We explore multiple proposed models of the mobile payment system (MPS), their technologies and comparisons, payment methods, different security mechanisms involved in MPS, and provide analysis of the encryption technologies, authentication methods, and firewall in MPS. We also present current challenges and future directions of mobile phone security.

Karoline Busse,Mohammad Tahaei,Katharina Krombholz,Emanuel von Zerschwitz,Matthew Smith,Jing Tian,Wenyuan Xu

DOI: https://doi.org/10.1109/eurospw51379.2020.00035

2020-01-01

Abstract:Payment cultures around the globe are diverse and have significant implications on security, privacy and trust. We study usable security aspects of payment cultures in four culturally distinct societies. Based on a qualitative study in Germany and Iran, we developed an online survey and deployed it in Germany, Iran, China, and the United States. The results reveal significant differences between the studied countries. For example, we found that participants from Iran and China are more comfortable with credential sharing and German participants were most accepting towards cryptocurrencies. We suggest these kinds of differences in payment culture need to be considered in the context of HCI research when evaluating current payment mechanisms or designing new ones.

Ms. Deepika Dhamija,Dr. Anu Bharti,,

DOI: https://doi.org/10.35940/ijeat.b3791.129219

2019-12-30

International Journal of Engineering and Advanced Technology

Abstract:The recent advancements in Information Technology have brought considerable changes in the way tasks are accomplished across the globe. The world has become a more connected place and a major impact as well as reason of this can be attributed to the steep rise in the usage of mobile devices. Mobile devices are being used for online payments in the form of shopping, money transfers, bill payments and what not. The majority of monetary transactions on the Internet now take place through mobile devices and therefore, mobile payment systems being wireless systems calls for an even more secure protocols and payment environment. Although the various security protocols available today boast of implementing the security requirements i.e. data confidentiality, integrity, non-repudiation, authentication and authorization, still the security of m-commerce transactions remain a major concern for mobile payment users. A number of m-commerce security techniques, models and protocols have been proposed by authors in recent past. This paper presents the recent advancements of the models and techniques authors proposed and the technologies and protocols used in these models. The paper also highlights the open areas of research in the field.

Sriramulu Bojjagani,V. N. Sastry,Chien-Ming Chen,Saru Kumari,Muhammad Khurram Khan

DOI: https://doi.org/10.1007/s12652-021-03316-4

IF: 3.662

2021-06-18

Journal of Ambient Intelligence and Humanized Computing

Abstract:Mobile payments makeup one of the fastest-growing mobile services available today and are widely used by smartphones for utility payments, bill payments, and online shopping, among other applications. Mobile payments are playing a vital role in the fast growth of online markets and are revolutionizing the supply chain of businesses and industries. Mobile payments are becoming dominant compared to conventional off-line mode payment channels and online e-channels such as ATM, e-cheque, and e-card payments. The success of e-business depends on several factors, including the type of mobile payment channel used, the associated security infrastructure, the stakeholders involved, and the m-business models adopted. In this paper, we present a systematic literature review (SLR) of mobile payments and characterize the state-of-the-art research conducted in this area, covering articles published during the past two decades, from 2000 to 2020. Following the SLR process, we examined over 350 research papers with a comprehensive and detailed inspection of the mobile payment domain's literature. Based on the analysis, we present the trends, patterns, new technologies, innovations, gaps in the existing literature, and critical challenges. The recommendations given will help identify the primary areas requiring advancement in future research on mobile payment systems.

computer science, information systems,telecommunications, artificial intelligence

Xi Li,Wei Zhu,Mingxing He

DOI: https://doi.org/10.1109/3CA.2010.5533752

2010-01-01

Abstract:Emerging electronic commerce becomes popular together with the considerable increase of mobile device. Since mobile payments will become one of the most important mobile services. However, most people do not have a fancy for remote mobile payment, or only is limited to micro-payment. The most important problem they worry about is the security of the mobile devices and the applications along with the complexity of payment process. The paper presents a secure remote payment architecture based on smart card in mobile devices that simplifies the payment process and takes a finance measure to permit a more fairly allocation of risks between merchants and consumers. Furthermore, security policies between the security properties of the payment application and the resource limitations are defined. It not only provides strong security but also makes the system open to common payment. Finally, ID-based signature mechanism has advantages over the others based on CA in terms of key distribution and scalability of increasing security level for remote mobile payment service.

Milad Taleby Ahvanooey,Qianmu Li,Mahdi Rabbani,Ahmed Raza Rajput

DOI: https://doi.org/10.48550/arXiv.2001.09406

2020-01-26

Cryptography and Security

Abstract:Nowadays, the usage of smartphones and their applications have become rapidly increasing popular in people's daily life. Over the last decade, availability of mobile money services such as mobile-payment systems and app markets have significantly increased due to the different forms of apps and connectivity provided by mobile devices such as 3G, 4G, GPRS, and Wi-Fi, etc. In the same trend, the number of vulnerabilities targeting these services and communication networks has raised as well. Therefore, smartphones have become ideal target devices for malicious programmers. With increasing the number of vulnerabilities and attacks, there has been a corresponding ascent of the security countermeasures presented by the researchers. Due to these reasons, security of the payment systems is one of the most important issues in mobile payment systems. In this survey, we aim to provide a comprehensive and structured overview of the research on security solutions for smartphone devices. This survey reviews the state of the art on security solutions, threats, and vulnerabilities during the period of 2011-2017, by focusing on software attacks, such those to smartphone applications. We outline some countermeasures aimed at protecting smartphones against these groups of attacks, based on the detection rules, data collections and operating systems, especially focusing on open source applications. With this categorization, we want to provide an easy understanding for users and researchers to improve their knowledge about the security and privacy of smartphones.

Hosam Alamleh,Ali Abdullah S. AlQahtani,Baker Al Smadi

DOI: https://doi.org/10.48550/arXiv.2304.09468

2023-04-19

Cryptography and Security

Abstract:The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security features. This has become a major concern in the rapidly growing mobile payment market. To address these security concerns,in this paper we propose new mobile payment architecture. This architecture leverages the advanced capabilities of modern smartphones to verify various aspects of a payment, such as funds, biometrics, location, and others. The proposed system aims to guarantee the legitimacy of transactions and protect against identity theft by verifying multiple elements of a payment. The security of mobile payment systems is crucial, given the rapid growth of the market. Evaluating mobile payment systems based on their authentication, encryption, and fraud detection capabilities is of utmost importance. The proposed architecture provides a secure mobile payment solution that enhances the overall payment experience by taking advantage of the advanced capabilities of modern smartphones. This will not only improve the security of mobile payments but also offer a more user-friendly payment experience for consumers.

Oussama Tounekti,Antonio Ruiz-Martínez,Antonio F. Skarmeta Gomez,Antonio F. F. Skarmeta Gomez

DOI: https://doi.org/10.3390/su14137661

IF: 3.9

2022-06-23

Sustainability

Abstract:Electronic (mobile) payment systems are an important aspect of e-commerce. However, few reviews highlight the most significant findings and challenges. In this article, we have prepared a bibliometric analysis to provide a statistical overview of previously published research papers on electronic (mobile) payment systems and user preferences, with a particular emphasis on their diverse techniques and analyses, as well as comprehensive and reliable directions to reveal evolutionary nuances and highlighting emerging areas in this specific research. This study reviewed 177 scientific papers published between 2001 and November 2021 in the Web of Science (WoS) database on the subjects of electronic payment systems (EPS) and mobile payment systems (MPS), payment interface (PI), technology acceptance model (TAM), payment frameworks (PF), and user preferences (UP). The amount of studies using the abovementioned topics (EPS, MPS, TAM, PF, and UP) increases annually. Spain, China, and Malaysia are the three main countries that actively participate, and their international academic partnership is relatively close. We have compiled a list of the most relevant publications, prolific authors, institutions, and leading research topics. The articles were used to evaluate bibliometric indicators, analyze research activity, investigate the subject's evolution, and identify the most interconnected themes. The findings provide a comprehensive overview of existing thematic studies, with a notable rising trend showing the potential for future research in the field. The study provides a guideline for further research.

environmental sciences,environmental studies,green & sustainable science & technology

Dr M. Reddi Naik,Dr Kanderi Sridevi

DOI: https://doi.org/10.21276/ierj24137071931185

2024-07-15

International Education and Research Journal

Abstract:An electronic payment is defined as a payment service that utilize information and communications technologies including integrated circuitcard, cryptography and telecommunications networks. E-commerce (electronic commerce) is the buying and selling of goods and services, or the transmitting of funds or data, over an electronic network, primarily the internet. The focus of this paper is to identify and explain the issues and challenges in e-payment system and to examine the problems faced by consumers during e-payments. Electronic payments are financial transactions made without the use of paper documents such as cheques. Electronic payments include debit card, credit card, smart card, e-wallet, e-cash, electronic cheques etc. E-payment systems have received different acceptance level throughout the world; some methods of electronic payments are highly adopted while others are relatively low. This study aimed to identify the issues and challenges of electronic payment systems and offer some solutions to improve the e-payment system quality.

Sazzadur Rahaman,Gang Wang,Danfeng,Yao

DOI: https://doi.org/10.48550/arXiv.2002.02855

2020-02-07

Cryptography and Security

Abstract:The massive payment card industry (PCI) involves various entities such as merchants, issuer banks, acquirer banks, and card brands. Ensuring security for all entities that process payment card information is a challenging task. The PCI Security Standards Council requires all entities to be compliant with the PCI Data Security Standard (DSS), which specifies a series of security requirements. However, little is known regarding how well PCI DSS is enforced in practice. In this paper, we take a measurement approach to systematically evaluate the PCI DSS certification process for e-commerce websites. We develop an e-commerce web application testbed, BuggyCart, which can flexibly add or remove 35 PCI DSS related vulnerabilities. Then we use the testbed to examine the capability and limitations of PCI scanners and the rigor of the certification process. We find that there is an alarming gap between the security standard and its real-world enforcement. None of the 6 PCI scanners we tested are fully compliant with the PCI scanning guidelines, issuing certificates to merchants that still have major vulnerabilities. To further examine the compliance status of real-world e-commerce websites, we build a new lightweight scanning tool named PciCheckerLite and scan 1,203 e-commerce websites across various business sectors. The results confirm that 86% of the websites have at least one PCI DSS violation that should have disqualified them as non-compliant. Our in-depth accuracy analysis also shows that PciCheckerLite's output is more precise than w3af. We reached out to the PCI Security Council to share our research results to improve the enforcement in practice.

J. Chen,X. Peng

DOI: https://doi.org/10.4028/www.scientific.net/AMM.443.561

2013-10-01

Abstract:The payment system of wireless communication is a whole of the various types of software used by the wireless communication network, wireless payment terminals and payment terminals, which together constitute the user applications. Compared to traditional network, wireless communication network is an more open system. According to this, users personal is easier to be stolen in the transfer process and the type of attack has become more diverse and innovative. The article introduces two types attack and solutions. Fishing Wifi is a common means of attack in the wireless network nowadays. Mobile banking is a typical example too. It involves the security of payment in mobile banking which becomes the new problem within e-commerce.

Business,Computer Science

Qi Li,Xinwen Zhang,Jean-Pierre Seifer,Hulin Zhong

DOI: https://doi.org/10.1109/aptc.2008.24

2008-01-01

Abstract:Mobile payment (m-payment) received significant attention because it enables an easy payment mechanism and becomes an important complement to traditional payment means. However, m-payment over open devices and networks poses security challenges of a new dimension. Although many researchers address security issues in m-payment, there are still some security problems that are not well resolved, such as platform integrity and user privacy protection. In this paper, we propose a general payment architecture with Trusted Computing (TC) technologies to secure mobile payment. Using only a simple mobile payment infrastructure, a platform integrity protection solution is proposed to secure payment software downloading, application initialization, and secure payment transactions. We further propose two schemes to enhance the performance and flexibility of our solution. The first scheme provides platform attestation using an identity-based signature (IBS) algorithm instead of a traditional credential-based public-key signature algorithm within Trusted Computing Group (TCG) technologies, which fully utilizes the merits of the mobile computing infrastructure and improves the flexibility and performance of the payment solution. The second scheme provides attestation caching without sacrificing security achievements. We have implemented a real prototype system based on an emulated payment environment. Our security analysis and experimental results prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance.

Shilong Jiang,Chen Zhang,Bin Huang

DOI: https://doi.org/10.4028/www.scientific.net/AMR.756-759.3039

2013-09-01

Abstract:Online payment is apparently the key for the online transactions, so its security issue becomes the center of focus in the e-commerce development. In China, however, the information leakage, transaction fraud and other security issues have occurred so frequently that they have severely affected the customer confidence, and have become one of the major blockages in the e-commerce development. This article intends to have an in depth discussion of online payment security issues, examining current situations and problems in security technology, corporate social responsibility, and also propose appropriate strategic recommendations.

Computer Science,Business

Shaik Shakeel Ahamad

DOI: https://doi.org/10.1109/access.2021.3139065

IF: 3.9

2022-01-01

IEEE Access

Abstract:The unprecedented growth of mobile applications promoted the usage of these mobile applications for payments. The current research works in mobile payments and commerce are prone to reverse-engineering attacks and lacked transport layer protection, so these research works do not ensure security. Therefore, such attacks on Mobile Payment Applications (MPA) will be successful, which leads to severe financial loss. To address these issues, we propose a secure framework incorporating a defense-in-depth approach for Near Field Communication (NFC) based mobile payment frameworks. Our defense-in-depth approach has three levels, i.e., Defense at hardware, mobile application, and communication level. We have proposed a NFC based Secure Protocol for Mobile Transaction (NSPMT) protocol and successfully verified a mobile payment protocol with BAN (Burrows, Abadi, and Needham) logic and Scyther tool, and our proposed protocol overcome multi-protocol attack, RAM (Random Access Memory) scrapping attack, DOS (Denial Of Service), DDOS (Distributed Denial Of Service), and Phlashing attacks. Our proposed mobile Payment system overcomes the known mobile application vulnerabilities, including Heartbleed and ROBOT (Return Of Bleichenbacher’s Oracle Threat). Our proposed protocol ensures all the security properties and the energy and communication cost and computational cost are far less than the existing works in the literature. Finally, we have successfully implemented our protocol using kotlin language in Android Studio, with two Mobile Payment Applications (MPA) and POS Payment Application (PPA), Elliptic Curve Digital Signature Algorithm (ECDSA) is used and Advanced Encryption Standard (AES) with GCM (Galois/Counter Mode) mode is used for encryption and decryption of Customer Payment Data at MPA and PPA.

computer science, information systems,telecommunications,engineering, electrical & electronic

Md Anower Hossain,,Siful Islam,Md Mostafizur Rahman,Nur Uddin Mahmud Arif,,,

DOI: https://doi.org/10.69593/ajsteme.v4i03.85

2024-07-08

Abstract:This study systematically reviews the impact of online payment systems on customer trust and loyalty in e-commerce, adhering to PRISMA guidelines. The findings highlight the critical importance of security, convenience, and transparency in shaping customer perceptions and behaviors. Secure payment systems, featuring robust encryption and multi-factor authentication, are essential in protecting sensitive information and mitigating fraud risks, thereby enhancing customer confidence. Convenience, characterized by user-friendly interfaces, multiple payment options, and quick transaction processes, significantly improves the overall shopping experience and fosters customer satisfaction. Transaction transparency, through clear communication about charges, detailed receipts, and real-time tracking, is pivotal in building and maintaining trust. The review underscores the strong relationship between trust and loyalty, revealing that secure, convenient, and transparent payment systems are vital for achieving long-term customer loyalty. E-commerce platforms that prioritize these aspects can significantly enhance customer trust and loyalty, ensuring sustained success in the competitive digital marketplace. The study provides valuable insights and practical recommendations for e-commerce businesses to optimize their online payment systems and build lasting customer relationships.

Urvashi Kishnani,Isabella Cardenas,Jailene Castillo,Rosalyn Conry,Lukas Rodwin,Rika Ruiz,Matthew Walther,Sanchari Das

2024-07-08

Abstract:With the growth of digital monetary transactions and cashless payments, encouraged by the COVID-19 pandemic, use of e-payment applications is on the rise. It is thus imperative to understand and evaluate the current posture of e-payment applications from three major user-facing angles: security, privacy, and usability. To this, we created a high-fidelity prototype of an e-payment application that encompassed features that we wanted to test with users. We then conducted a pilot study where we recruited 12 participants who tested our prototype. We find that both security and privacy are important for users of e-payment applications. Additionally, some participants perceive the strength of security and privacy based on the usability of the application. We provide recommendations such as universal design of e-payment applications.

Human-Computer Interaction,Cryptography and Security

Wenyuan Liu,YongAn Luo,Yali Si

DOI: https://doi.org/10.1109/ICMLC.2007.4370707

2007-01-01

Abstract:The security, of electronic transaction protocol is an important research towards pushing electronic commerce into practice, but the double-spending problem of off-line system will cause a great loss to the bank. In order to enhance the security of the e-cash system, this paper presents a multi-bank and off-line e-cash protocol based on smart card and describes the protocol in detail. The scheme solves double-spending effectively using two protective methods: the prior restraint of smart card in payment phase and the check of bank in deposit phase. Furthermore, the protocol's efficiency and security are analyzed.

Doyel Pal,Praveenkumar Khethavath,Tingting Chen,Yuan Zhang

DOI: https://doi.org/10.1002/dac.3293

2017-01-01

International Journal of Communication Systems

Abstract:Payment methods using mobile devices instead of using traditional methods (cash, credit card, etc) has been gaining popularity all over the world. The ubiquitous nature of smartphones and tablets has widened the ambit for using these devices for payments and other daily life activities. Recent advancements in mobile technology along with the convenience of mobile devices made these applications possible. Despite the worldwide user adoption of mobile applications, security is the key challenge in mobile banking and payments system. Mobile payments systems need to be very efficient and provide utmost security endlessly. State‐of‐the‐art mobile payment systems need the physical presence of a merchant agent to make a payment. In this article, we had described in detail about the design and implementation of a mobile payments application, used to make in‐store purchases and make secure payments without any physical presence of a cashier or a merchant agent. We proposed a novel privacy‐preserving and secure authentication algorithm to make mobile payments using biometrics. The analysis and experimental results show the reliability and efficiency of our proposed solution.

刘晖,李之棠,郭涛,李守鹏

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.01.035

2005-01-01

Abstract:The mechanism of the cyber-payment and how it should be performed, and controlling all these steps are implemented without compromising the system security is important. As a result, the method of off-line payment sounds like one of the best way to solve these kind of problems. After throughly analyzed all the aspects related to this method, eg. The thories, the types of risk confront it and the way to enforce it's security,conclude a set of security specifications for the off-line payment.

Zhou Yu,Chai Hongfeng,He Shuo,Liao Jian

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.10.080

2012-01-01

Abstract:In this paper the status quo of the development of mobile payment business and the importance of security compliance detection of mobile payment system are introduced.Corresponding security standards on the requirements to information system security compliance detection are studied.The emphasis of the paper is to describe the compliance detection and analysis methods from three aspects: the system logs-based,the network communication information-based and the system configuration-based.According to these,a security compliance analysis and automatic detection model for mobile payment system is designed,which improves the accuracy and compliance of the detection outcomes,and this helps the sustained secure operation of the mobile payment system.