SlideShare a Scribd company logo

Security issues in_mobile_payment

Prof. Dr. K. Adisesha
Prof. Dr. K. Adisesha

Paper on Security issues in_mobile_payment

Technology
1 of 11
Download to read offline
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 1 Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET HOD, Dept., of Computer Science Bangalore City College Bangalore. E-mail: adisesha1@rediffmail.com Phone No.:9449081542 Abstract: Mobile e-commerce (or m-commerce) is considered a natural extension of e-commerce and represents a new way for conducting commerce. M-commerce refers to e-commerce transactions conducted through a mobile device via wireless networks. The electronic payment performed in wireless environments leads to the term mobile payment (or m-payment), which is defined as any payment transaction involving the purchase of goods or services that is completed with a wireless device. M-payments facilitate m-commerce because they let users make online purchases from their mobile devices remotely at any time. A key challenge with gaining user adoption of mobile banking and payments is the customer’s lack of confidence in security of the services. Understanding the mobile banking and payments market and ecosystem is critical in addressing the security challenges. There are new security risks introduced with mobile banking and payments that must be identified and mitigated. There are risks that have both an existing mitigation method as well as those that do not have a clear risk mitigation solution. We also here present the major security issues that must be taken into consideration when designing, implementing, and deploying secure m-payment systems. In particular, we focus on threats, vulnerabilities, and risks associated with such systems as well as corresponding protection solutions to mitigate these risks. We also discuss some of the challenges that need to be addressed in the future as m-payment systems become fully integrated with other emerging technologies such as fifth-generation mobile networks (5G) and cloud computing. Keywords: m-commerce, m-payment systems, m-payment Threats, Security 1. Introduction There doesn’t seem to be a week that something relative to mobile and/or mobile payments is not in the news. Mobile and everything mobile is the current hot area where new investments and new ideas are blossoming in the hopes of being part of the next “big thing” that generates healthy returns and wealth. Consumers are embracing mobile in their day to day lives and are more likely to forget their wallet at home than their mobile phone. With all this energy and momentum around mobile, as with any new next big thing, there are some areas of concern to consider. A key area of concern for consumers and financial service providers is the security of mobile banking and payments. There are new technologies and new entrants as well as a complex supply chain that will increase the security risks. There is no real standard for technology that has captured the market and regulations relative some of the new entrants are non-existent. Customers have increased control of their device in terms of application downloads, OS updates and personalization of their
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 2 devices. This will lead to new challenges relative to privacy and will take some time before the younger generation realizes the implications of privacy violations. Compounding the challenge is the fact that traditional security controls such as AV, firewalls, and encryption have not reached the level of maturity needed in the mobile space. As with any emerging market area, these challenges will resolve over time. Until this are matures, there are measures that can be taken relative to customer education, service process rigor, payments technology and fraud preventive and detective controls that can mitigate the security risks. 2. Definition of Mobile Payment System A mobile payment system (MPS) can be defined as any payment system that enables financial transactions to be made securely from one organization or individual to another over a mobile network (using a mobile device). While the key phases of the generic mobile payment procedure is applicable to almost all transactions, they can be categorized into several different groups or procedures based. Mobile payment procedures are categorized as location-based(remote and proximity Transactions), value-based (micro-payments, mini-payments and macro-payments), charge-based (post-paid, pre-paid and pay-now), validation-based (online mobile payment, offline mobile payment) and technology-based (single chip, dual chip, dual slot), token-based (eco in) and account-based (wireless wallets). . 3. Key Technologies 3.1. Mobile Elements In understanding the security risks of mobile banking, it is useful to understand the general hardware and system software of a mobile device. The most prevalent technology relative to mobile devices and the associate wireless carriers today is based on 2G technology (GSM/EDGE) and 3G technology (UMTS/HSPA) standards. The latest technology currently being rolled out by major carriers is Long Term Evolution (LTE) which doesn’t currently meet the requirements to be considered 4G (speeds of up to 100Mbps for a moving user and 1Gbps for a stationary user) but is being marketed as 4G. The basic components of a wireless network include the spectrum for the wireless interface, the antennas and radio processing equipment located at the base station or cell sites, and the connectivity (T1, microwave) from the cell site back to the mobile switching center that contains the voice and data processing equipment. The security elements for 3G technology include encryption on the air interface and mutual authentication between the user and the network (involving the HLR and USIM). 3.2. GSM AND GPRS SECURITY ARCHITECTURE Global System for Mobile Communications (GSM) is the most popular standard for mobile phones in the world. Figure 1 shows the basic structure of the GSM architecture; GSM provides SMS and GPRS (General Packet Radio Service) services.
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 3 Figure 1. GSM Architecture The GPRS Core network is an integrated part of the GSM network; it is layered over the underlying GSM network, with added nodes to cater for packet switching. GPRS also uses some of the existing GSM network elements; some of these include existing Base Station Subsystems (BSS), Mobile Switching Centers (MSC), Authentication Centers (AUC), and Home Location Registers (HLR). Some of the added GPRS network elements to the existing GSM network include; GPRS Support Nodes (GSN), GPRS tunneling protocol (GTP), Access points, and the (Packet Data Protocol) PDP Context. 3.2.1 Security mechanisms in the GSM network The GSM network has some security mechanism to prevent activities like Subscriber Interface Module (SIM) cloning, and stop illegally used handsets. GSM has methods to authenticate and encrypt data exchanged on the network. The GSM authentication center is used to authenticate each SIM card that attempts to connect to
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 4 the GSM network. The SIM card authentication takes place when a mobile station initially attempts to connect to the network, i.e. when a terminal is switched on. If authentication fails then no services are offered by the network operator, otherwise the (Serving GPRS Support Node) SGSN and HLR is allowed to manage the services associated with the SIM card. The authentication of the SIM depends on a shared secret key between SIM card and the AUC called Ki. This secret key is embedded into the SIM card during manufacture, and it is also securely replicated into the AUC. When the AUC authenticates a SIM, it generates a random number known as the RAND. It sends this RAND number to the subscriber. Both the AUC and SIM feed the Ki and RAND values into the A3/A8 (or operator proprietary algorithm (COMP128)) and a number known as Signed RESponse (SRES) is generated by both parties. If the SIM SRES matches the AUC SRES the SIM is successfully authenticated. Both the AUC and SIM can calculate a second secret key called Kc by feeding the Ki and the RAND value into the A5 algorithm. This would be used to encrypt and decrypt the session communications. After the SIM authentication the SGSN or HLR requests the mobile identity, this is done to make sure that the mobile station being used by the user is not black listed. The mobile returns the IMEI (International Mobile Equipment Identity) number; this number is forwarded to the EIR (Equipment Identity Register). The EIR authorizes the subscriber and responds back to the SIM with the status, if the mobile is authorized the SGSN informs the HLR and PDP Context activation begins. 3.2.3 Problems with GSM Network Problems with the A3/A8 authentication algorithm -A3 and A8 are not actually encryption algorithms, but placeholders used in algorithm COMP128 [2].COMP128 was broken by Wagner and Goldberg in less than a day. Problems with A5 algorithm: The A5 algorithm is used to prevent casual eavesdropping by encrypting communications between mobile station (handset) and BSS. Kc is the Ki and RAND value fed into the A5 algorithm. This Kc value is the secret key used with the A5 algorithm for encryption between the mobile station and BSS. There are at least three flavours of the A5 algorithm. These include A5/1 which is commonly used in western countries. The A5/1 is deemed strong encryption [3] but it was reverse engineered some time ago. A5/2 has been cracked by Wagner and Goldberg, the methodology they used required five clock cycles making A5/2 almost useless. Finally A5/0 is a form of A5 that does not encrypt data at all. All these problems with the A5 encryption algorithms prove that eavesdropping between mobile station and BSS is still possible, making GPRS over the GSM core network very insecure for mobile banking. Attack on the RAND value: When the AUC attempts to authenticate a SIM card, the RAND value sent to the SIM card can be modified by an intruder failing the authentication. This may cause a denial of service attack. 3.3 Short Message Service This service allows mobile systems and other networked devices to exchange short text messages with a maximum length of 160 characters. SMS uses the popular text-messaging standard to enable mobile application based banking. The way this works is that the customer requests for information by sending an SMS containing a service command to a pre-specified number. The
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 5 bank responds with a reply SMS containing the specific information. One of the major reasons that transaction based services have not taken off on SMS is because of concerns about security. 3.3.1 Security Problems with SMS The initial idea for SMS usage was intended for the subscribers to send non-sensitive messages across the open GSM network. Mutual authentication, text encryption, end-to-end security, nonrepudiation were omitted during the design of GSM architecture. In this section we discuss some of the security problems of using SMS. Forging Originators Address: SMS spoofing is an attack that involves a third party sending out SMS messages that appear to be from a legal sender. It is possible to alter the originator s address field in the SMS header to another alpha-numerical string. It hides the original senders address and the sender can send out hoax messages and performs masquerading attacks. SMS Encryption: The default data format for SMS messages is in plaintext. The only encryption involved during transmission is the encryption between the base transceiver station and the mobile station. End-to- end encryption is currently not available. The encryption algorithm used is A5 which is proven to be vulnerable. Therefore a more secure algorithm is needed. 3.4 Wireless application protocol/GPRS. GPRS is a mobile data service available to GSM users that enables WAP-enabled devices such as mobile phones to support services such as Internet browsing, multimedia messaging service, and Internet based communication services such as email and World Wide Web access. Mobile phones or terminals can access the internet using WAP browsers; WAP browsers can only access WAP sites. Instead of the traditional HTML, XML or XHTML, WAP sites are written in WML (Wireless Markup Language). The WAP protocol is only persistent from the client to the WAP gateway, the connection from the WAP Gateway to the Bank Server is secured by either SSL or TLS. WAP provides security of communications using the WTLS (WAP Transport Layer Security) protocol and the WIM (WAP Identity Module). WTLS provides a public-key based security mechanism similar to TLS and the WIM stores the secret keys. In order to allow the interoperability of WAP equipment and software with many different technologies WAP uses the WAP protocol suite. Figure 2 illustrates the different layers of the WAP protocol. Figure 2. WAP Protocol Suite Source from [6]
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 6 3.4.1 Security problems with Current GPRS Implementations Security issues with present implementations that use WAP: The present mobile banking implementations that are using WAP have proven to be very secure, but there exist some loopholes which could lead to insecure communications. Some of these loopholes include:  There is no end-to-end encryption between client and bank server.  There is end-to-end to encryption between the client and the Gateway and between the Gateway and the Bank server.  To resolve this, the bank server could have its own Access Point Name (APN) in any of the GPRS networks. This APN would serve as the WAP Gateway for the bank. Therefore the client would be connected directly to the bank without third parties in the middle of the communication.  Public key cryptosystems key sizes offered by the WTLS standard are not strong enough to meet today’s WAP applications security requirements. Considering the low processing power of the handheld devices, the key sizes have been restricted.  Anonymous key exchange suites offered by the WTLS handshake are not considered secure. Neither client nor the server is authenticated. Banks should provide functionality to disallow this option of handshaking. Security issues associated with using the plain GPRS network: The GPRS core network is too general; it does not cater for some banking security requirements. Some of these requirements include:  Lack of account holder or bank authentication. The Bank can provide a unique APN to access the Bank server, but without this or some other authentication mechanism anyone can masquerade as the Bank. All these issues raise concerns of fabrication of either bank information or account holder information Provision of functions to avoid modification of data and ensure the integrity of data for both the account holder and the Bank.  The methods to cater for confidentiality of data between the mobile station and the bank server have proven to be weak, and the network operator can view account holder s information. This raises security issues for both the bank and account holder.  The bank cannot prove that the account holder performed a specific action and the account holder cannot prove that the bank performed a specific action.  GPRS provides session handling facilities, but does not handle Bank specific sessions; this may cause inconsistencies on the banks side raising security issues. 3.5 Other Technologies Phone-based application. The m-payment client application (residing on the consumer’s mobile phone) can be developed using the Java 2 Platform, Micro Edition for GSM-based mobile phones and the Binary Runtime Environment for Wireless for mobile phones based on code division multiple access. SIM-based application. The Subscriber Identity Module (SIM) used in GSM mobile phones is a smart card whose information can be protected using cryptographic algorithms and keys. (Smart
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 7 cards are microcomputers small enough to fit in a wallet or even a mobile phone. They have their own processors and memory for storage.) SIM applications are relatively more secure than client applications that reside on the mobile phone. RFID. This technology uses radio frequency (RF) signals to exchange data between a reader and an electronic tag attached to an object, for the purpose of ID and tracking. Voice-based payment transactions. These can be done by making a phone call to a special number and providing a credit card number. Dual chip. Dual-chip phones have two slots: one for a SIM card (telephony) and another for a payment chip card. This solution allows an m-payment application provider to develop an m-payment application in the payment chip card without collaborating with the telecommunications operator (the owner of the SIM card). Near-field communication. This short-range wireless communication standard results from the fusion of the contactless smart card (RFID) and the mobile phone. NFC does not have native encryption capabilities and therefore is vulnerable to security exploits if not properly implemented. RF signal which NFC works from has the potential to be read or intercepted up to several meters away with the proper equipment without needing line of sight. Appropriate encryption will provide adequate protection against eavesdropping. Mobile wallet. This m-payment application software on the mobile phone contains details of the customer (including bank account details and/or credit card information) that enable the customer to make payments using the mobile phone. A possible drawback to the mobile wallet and secure element solution is that a single pin unlocks all of the accounts stored in the wallet. This is in contrast to plastic cards, where each card can be set to use a different pin. Mobile wallets could thus present greater exposure to loss in the event that a mobile wallet device and its single pin are compromised 3.5.1. Security Vulnerabilities and Solutions As mentioned earlier, m-payment systems rely on underlying communication technologies (such as GSM, Bluetooth, and RFID) whose security vulnerabilities are often ignored when the security aspects of the m-payment systems are analyzed. Therefore, m-payment system designers should take a holistic view when performing a security analysis during design and implementation.18 In general, to counter potential threats, a secure m-payment system must satisfy the following transaction security properties: authentication, confidentiality, integrity, authorization, availability, nonrepudiation (ensuring that users can’t claim that a transaction occurred without their knowledge), and accountability (defined as the ability to show that the parties who engage in the system are responsible for the transaction related to them). Table 1 summarizes the types of vulnerabilities and threats and their corresponding risks in an m-payment system environment together with relevant protection solutions.
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 8 Table 1. Vulnerabilities, threats, risks, and protection solutions in m-payment systems.[1] 4. 4G Transmission in security of mobile payment. 4G fourth-generation wireless defines the stage of broadband mobile communications that supersede the third generation 3G, 4G used orthogonal frequency-division multiplexing - OFDM instead of time division multiple access - TDMA or code division multiple access – CDMA. ISP’s are increasingly marketing their services as being 4G, even when their data speeds are not as fast as the International Telecommunication Union (ITU) specifies. According to the ITU, a 4G network requires a mobile device to be able to exchange data at 100 Mbit/sec. A 3G network, on the other hand, can offer data speeds as slow as 3.84 Mbit/sec. OFDM is a type of digital modulation in which a signal is split into several narrowband channels at different frequencies. This is more
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 9 competent than TDMA, which divides channels into time slots and has multiple users take turns transmitting CDMA, which simultaneously transmits multiple signals on the same channel. Thus it pays way to support efficient encryption mechanisms in securing the mobile payment. 4.1 Cryptography – Vulnerabilities in Mobile Payment Cryptography techniques play an important role in satisfying the transaction security properties mentioned earlier. They’re essential in securing m-payments over open networks that have little or no physical security. Symmetric cryptography shares a secret between two parties (a sender and a receiver) who want to communicate safely without revealing details of the message. Symmetric cryptographic methods are suitable because of their low computational requirements. However, key management in symmetric-key operations is complex. To solve this complexity, public-key cryptography uses a pair of keys for every party: a public key (that is published) and a private key (that remains secret). Thus, it is not necessary to share a secret key between the sender and the receiver before communicating securely. However, traditional asymmetric signature schemes make the signature computations expensive and aren’t suitable or mobile devices. Moreover, to avoid impersonation attacks, for every public key, a certificate is required and must be verified by a certification authority, causing an additional information exchange (and increased delays) during each transaction. 5. Upcoming Opportunities and Challenges Mobile communication continues to evolve and improve, and new technologies offering attractive business opportunities are emerging. Solutions provided by m-payment vendors must evolve in order to support increasingly sophisticated client applications running on mobile devices. At the same time, designers must continuously adapt existing m-payment systems to allow clients to take advantage of the benefits associated with emerging technologies while simultaneously ensuring secure and reliable payment transactions. We have identified several upcoming opportunities that may provide an effective solution to the existing security issues in m-payment. 5.1 5G Technology The 5G mobile communications technology is the next generation of the existing 4G Long-Term Evolution network technology. It will enable users to transmit massive data files including high-quality digital movies practically without limitation, allowing subscribers to enjoy a wide range of services, such as 3D movies and games, real-time streaming of ultra-high-definition content, and remote medical services. 5G will enable software-defined radio and flexibility in encryption method used. Furthermore, 5G will improve latency, battery consumption, cost, and reliability, which will reduce the cost of communications over wireless networks when performing payment transactions. Heterogeneous wireless networking technologies will continue to play a fundamental role in the deployment of 5G networks. However, the disparity of security solutions used by different wireless, mobile, cellular networks makes end-to-end security solutions still a significant challenge that must be addressed to support future secure m-payment systems and applications.
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 10 5.2 Cloud Computing A cloud-based m-payment system is a type of proximity payment that stores payment credentials (used to authenticate the payment transaction) on a remote server rather than at the mobile device. To use this solution, both the consumer and the merchant must download the cloud-based application and subscribe to the service. The physical mobile phone might not be needed to complete the payment, depending on the exact solution. Consumers can access their account information in the cloud via mobile devices. In addition, payment notification can be communicated via email or SMS text messages once a cloud payment is completed. Despite the benefits offered by cloud-based m-payment systems, some security issues remain unsolved. For example, payment data and stored payment credentials in the cloud could be compromised if the cloud server is attacked. Also, payment data should not be transmitted via SMS or email because cloud platforms aren’t encrypted. Finally, data privacy remains a key concern for payment data stored in the cloud, which could share this information with other businesses without the consumer’s explicit approval. 5.3Encryption Technology Elliptic curve cryptography (ECC) is an alternative approach to public-key cryptography. It relies on the elliptic curve logarithm, which dramatically decreases the key size needed to achieve the same level of security offered in conventional public key cryptographic schemes. This allows ECC to provide similar security as RSA but using much smaller key sizes (approximately one-eighth of the key size used by RSA), which in turn significantly reduces processing overhead. Therefore, faster computations, lower power consumption and memory, and bandwidth savings are properties offered by ECC that are useful for implementing encryption on resource-constrained mobile devices. In the future, system designers should explore the possibility of incorporating ECC algorithms in existing or new m-payment systems to reap many of the benefits of ECC in mobile devices. Self-certified public-key schemes (where public-key authentication can be achieved implicitly with signature verification) are an alternative security solution for m-payment systems based on restricted communication scenarios, where an engaging party has connectivity restrictions that prevent communication with a certification authority for validating a certificate during a transaction. In those schemes, the user’s public key is derived from the signature of his or her secret key along with his or her identity, and is signed by the system authority using the system’s secret key. However, the expiration of this kind of certificate isn’t defined in all the schemes proposed in the literature and is an open problem that still must be solved. 6. Conclusion The aim of this paper is to focus on mobile payments to analyze the different factors as Negative and Positive that impact adoption of mobile payments, and to introduce the mobile payment emerging technologies and services. The key finding based on the analysis is while consumers continue to express concern over using their mobile phone to conduct banking and financial services transactions, it is a fear born more of perception than reality. There are threats, but the security controls available to mitigate risk at this level are substantial and effective. However, security practices will need to continue to evolve as more and more smart phones and technologies
Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 11 enter the market running more and more applications, creating an ever growing opportunity for security threats. References [1]Mobile Payments: Risk, Security and Assurance Issues, white paper, ISACA, Nov. 2011; www.isaca.org/Groups/Professional-English/pci-compliance/GroupDocuments/MobilePayments WP.pdf. [2] Systematic Literature Review: Security Challenges of Mobile Banking and Payments System. Md. Shoriful Islam International Journal of u- and e- Service, Science and Technology Vol. 7, No. 6 (2014), pp. 107-116 http://dx.doi.org/10.14257/ijunesst. [3] 4G and Its Future Impact: Indian Scenario -Butchi Babu Muvva, Rajkumar Maipaksana, and M. Narasimha Reddy International Journal of Information and Electronics Engineering, Vol. 2, No. 4, July 2012 [4] Determining New Security Challenges for Mobile Banking- Dr. Syed Nisar Osman International Journal of Research in Advent Technology (E-ISSN: 2321-9637) Special Issue1st International Conference on Advent Trends in Engineering, Science and Technology“ICATEST 2015”, 08 March 2015 [5]http://warse.org/pdfs/ijatcse03122012.pdf [6] A Secure Cloud-Based Nfc Mobile Payment Protocol. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 5, No. 10, 2014 [7] Cloud Backup: Cloud Backup - FAQs, April 2010, Version 1.6, https://backup.eu.businessitondemand.com [8] Security of Mobile Banking-Kelvin Chikomo, Ming Ki Chong, Alapan Arnab, Andrew Hutchison

Recommended

The Fact-Finding Security Examination in NFC-enabled Mobile Payment System
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System The Fact-Finding Security Examination in NFC-enabled Mobile Payment System
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System IJECEIAES
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
M Commerce
M CommerceM Commerce
M CommerceRam Dutt Shukla
 
Pay-Cloak:Biometric
Pay-Cloak:BiometricPay-Cloak:Biometric
Pay-Cloak:Biometricijtsrd
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentStefano Maria De' Rossi
 
Mobile payment
Mobile paymentMobile payment
Mobile paymentSoftware Park Thailand
 
Best Practices in Risk Management for Mobile Payments - MRC 2011
Best Practices in Risk Management for Mobile Payments - MRC 2011Best Practices in Risk Management for Mobile Payments - MRC 2011
Best Practices in Risk Management for Mobile Payments - MRC 2011Hill Ferguson
 
Report
ReportReport
ReportMassimo Salvato
 

Recommended

The Fact-Finding Security Examination in NFC-enabled Mobile Payment System
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System The Fact-Finding Security Examination in NFC-enabled Mobile Payment System
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System IJECEIAES
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
M Commerce
M CommerceM Commerce
M CommerceRam Dutt Shukla
 
Pay-Cloak:Biometric
Pay-Cloak:BiometricPay-Cloak:Biometric
Pay-Cloak:Biometricijtsrd
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentStefano Maria De' Rossi
 
Mobile payment
Mobile paymentMobile payment
Mobile paymentSoftware Park Thailand
 
Best Practices in Risk Management for Mobile Payments - MRC 2011
Best Practices in Risk Management for Mobile Payments - MRC 2011Best Practices in Risk Management for Mobile Payments - MRC 2011
Best Practices in Risk Management for Mobile Payments - MRC 2011Hill Ferguson
 
Report
ReportReport
ReportMassimo Salvato
 
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
 
Secure mobile payment
Secure mobile paymentSecure mobile payment
Secure mobile paymentAhmed Kamel Taha
 
V4I5201553
V4I5201553V4I5201553
V4I5201553krishan8018
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsEd Pimentel
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Management Summary of Onderzoek Flexibel Gebruik van MNC's
Management Summary of Onderzoek Flexibel Gebruik van MNC's Management Summary of Onderzoek Flexibel Gebruik van MNC's
Management Summary of Onderzoek Flexibel Gebruik van MNC's Raindeer
 
Overview of Mobile Payment Systems
Overview of Mobile Payment SystemsOverview of Mobile Payment Systems
Overview of Mobile Payment SystemsAmit Naik
 
Mobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseMobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseDESMOND YUEN
 
A011140104
A011140104A011140104
A011140104IOSR Journals
 
Design of a gsm based biometric access control system
Design of a gsm based biometric access control systemDesign of a gsm based biometric access control system
Design of a gsm based biometric access control systemAlexander Decker
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPPGroup Plc
 
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...Using Geographical Location as an Authentication Factor to Enhance mCommerce ...
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...CSCJournals
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengKnowledge Group
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secureUvaraj Shan
 
Report demo(1)
Report demo(1)Report demo(1)
Report demo(1)Flora Sharmin
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsAirTight Networks
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Mobile Payment Security Trends for the Future
Mobile Payment Security Trends for the FutureMobile Payment Security Trends for the Future
Mobile Payment Security Trends for the FutureFirst American Payment Systems
 
The Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments FraudThe Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments FraudVivastream
 
Mobile payments: A history of [in]security
Mobile payments: A history of [in]securityMobile payments: A history of [in]security
Mobile payments: A history of [in]securityCanadianCIO (IT World Canada)
 

More Related Content

What's hot

Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsEd Pimentel
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Management Summary of Onderzoek Flexibel Gebruik van MNC's
Management Summary of Onderzoek Flexibel Gebruik van MNC's Management Summary of Onderzoek Flexibel Gebruik van MNC's
Management Summary of Onderzoek Flexibel Gebruik van MNC's Raindeer
 
Overview of Mobile Payment Systems
Overview of Mobile Payment SystemsOverview of Mobile Payment Systems
Overview of Mobile Payment SystemsAmit Naik
 
Mobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseMobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseDESMOND YUEN
 
Design of a gsm based biometric access control system
Design of a gsm based biometric access control systemDesign of a gsm based biometric access control system
Design of a gsm based biometric access control systemAlexander Decker
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPPGroup Plc
 
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...Using Geographical Location as an Authentication Factor to Enhance mCommerce ...
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...CSCJournals
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengKnowledge Group
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secureUvaraj Shan
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsAirTight Networks
 

What's hot (18)

Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
 
Secure mobile payment
Secure mobile paymentSecure mobile payment
Secure mobile payment
 
V4I5201553
V4I5201553V4I5201553
V4I5201553
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthings
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobile
 
Management Summary of Onderzoek Flexibel Gebruik van MNC's
Management Summary of Onderzoek Flexibel Gebruik van MNC's Management Summary of Onderzoek Flexibel Gebruik van MNC's
Management Summary of Onderzoek Flexibel Gebruik van MNC's
 
Overview of Mobile Payment Systems
Overview of Mobile Payment SystemsOverview of Mobile Payment Systems
Overview of Mobile Payment Systems
 
Mobile payment-security-risk-and-response
Mobile payment-security-risk-and-responseMobile payment-security-risk-and-response
Mobile payment-security-risk-and-response
 
A011140104
A011140104A011140104
A011140104
 
Design of a gsm based biometric access control system
Design of a gsm based biometric access control systemDesign of a gsm based biometric access control system
Design of a gsm based biometric access control system
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphones
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011
 
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...Using Geographical Location as an Authentication Factor to Enhance mCommerce ...
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee Seng
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphones
 
Two aspect authentication system using secure
Two aspect authentication system using secureTwo aspect authentication system using secure
Two aspect authentication system using secure
 
Report demo(1)
Report demo(1)Report demo(1)
Report demo(1)
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
 

Viewers also liked

Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
The Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments FraudThe Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments FraudVivastream
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Introduction of boeing Autosaved)
Introduction of boeing Autosaved)Introduction of boeing Autosaved)
Introduction of boeing Autosaved)Mostafa ElGhamrawy
 
Utilization of intestines as animal casings
Utilization of intestines as animal casingsUtilization of intestines as animal casings
Utilization of intestines as animal casingsDr. IRSHAD A
 
Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Thales e-Security
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingArwa
 
Mobile Cloud Computing
Mobile Cloud ComputingMobile Cloud Computing
Mobile Cloud ComputingSimeon Oriko
 
Mobile Cloud Computing
Mobile Cloud ComputingMobile Cloud Computing
Mobile Cloud ComputingVikas Kottari
 
Mobile Payments - How is it done?
Mobile Payments - How is it done?Mobile Payments - How is it done?
Mobile Payments - How is it done?Parag Arjunwadkar
 
Mobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and SecurityMobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and SecurityJohn Paul Prassanna
 
Survey Research Methodology
Survey Research Methodology Survey Research Methodology
Survey Research Methodology irshad narejo
 
Factors affecting quality and quantity of milk in dairy cattle
Factors affecting quality and quantity of milk in dairy cattleFactors affecting quality and quantity of milk in dairy cattle
Factors affecting quality and quantity of milk in dairy cattleDr. IRSHAD A
 
IGCSE Business Studeies Unit 1 understanding business activity ppt
IGCSE Business Studeies Unit 1 understanding business activity pptIGCSE Business Studeies Unit 1 understanding business activity ppt
IGCSE Business Studeies Unit 1 understanding business activity pptIrshad Tunio
 

Viewers also liked (20)

Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
 
Mobile Payment Security Trends for the Future
Mobile Payment Security Trends for the FutureMobile Payment Security Trends for the Future
Mobile Payment Security Trends for the Future
 
The Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments FraudThe Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments Fraud
 
Mobile payments: A history of [in]security
Mobile payments: A history of [in]securityMobile payments: A history of [in]security
Mobile payments: A history of [in]security
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
Introduction of boeing Autosaved)
Introduction of boeing Autosaved)Introduction of boeing Autosaved)
Introduction of boeing Autosaved)
 
Utilization of intestines as animal casings
Utilization of intestines as animal casingsUtilization of intestines as animal casings
Utilization of intestines as animal casings
 
Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Mobile Cloud Computing
Mobile Cloud ComputingMobile Cloud Computing
Mobile Cloud Computing
 
Mobile Payments Framework
Mobile Payments FrameworkMobile Payments Framework
Mobile Payments Framework
 
Mobile Cloud Computing
Mobile Cloud ComputingMobile Cloud Computing
Mobile Cloud Computing
 
Mobile Payments - How is it done?
Mobile Payments - How is it done?Mobile Payments - How is it done?
Mobile Payments - How is it done?
 
Mobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and SecurityMobile Cloud Computing Challenges and Security
Mobile Cloud Computing Challenges and Security
 
Survey Research Methodology
Survey Research Methodology Survey Research Methodology
Survey Research Methodology
 
Ppt 1
Ppt 1Ppt 1
Ppt 1
 
Factors affecting quality and quantity of milk in dairy cattle
Factors affecting quality and quantity of milk in dairy cattleFactors affecting quality and quantity of milk in dairy cattle
Factors affecting quality and quantity of milk in dairy cattle
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
 
IGCSE Business Studeies Unit 1 understanding business activity ppt
IGCSE Business Studeies Unit 1 understanding business activity pptIGCSE Business Studeies Unit 1 understanding business activity ppt
IGCSE Business Studeies Unit 1 understanding business activity ppt
 

Similar to Security issues in_mobile_payment

Security management systemofcellular_communication
Security management systemofcellular_communicationSecurity management systemofcellular_communication
Security management systemofcellular_communicationardhita banu adji
 
Security Models in Cellular Wireless Networks
Security Models in Cellular Wireless NetworksSecurity Models in Cellular Wireless Networks
Security Models in Cellular Wireless NetworksWilliam Chipman
 
S ECURITY I SSUES A ND C HALLENGES I N M OBILE C OMPUTING A ND M - C ...
S ECURITY I SSUES A ND C HALLENGES I N M OBILE C OMPUTING A ND M - C ...S ECURITY I SSUES A ND C HALLENGES I N M OBILE C OMPUTING A ND M - C ...
S ECURITY I SSUES A ND C HALLENGES I N M OBILE C OMPUTING A ND M - C ...IJCSES Journal
 
GSM Technology and security impact
GSM Technology and security impactGSM Technology and security impact
GSM Technology and security impactAhmad Sharifi
 
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesAll the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesMEDICI admin
 
IRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS SensorIRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS SensorIRJET Journal
 
IRJET- High Security System for Money Carrying VAN to ATM’S
IRJET- High Security System for Money Carrying VAN to ATM’SIRJET- High Security System for Money Carrying VAN to ATM’S
IRJET- High Security System for Money Carrying VAN to ATM’SIRJET Journal
 
Unleashing the Power of Telecom Network Security.pdf
Unleashing the Power of Telecom Network Security.pdfUnleashing the Power of Telecom Network Security.pdf
Unleashing the Power of Telecom Network Security.pdfSecurityGen1
 
Strengthening Your Network Against Future Incidents with SecurityGen
Strengthening Your Network Against Future Incidents with SecurityGenStrengthening Your Network Against Future Incidents with SecurityGen
Strengthening Your Network Against Future Incidents with SecurityGenSecurityGen1
 
Telecom Resilience: Strengthening Networks through Cybersecurity Vigilance
Telecom Resilience: Strengthening Networks through Cybersecurity VigilanceTelecom Resilience: Strengthening Networks through Cybersecurity Vigilance
Telecom Resilience: Strengthening Networks through Cybersecurity VigilanceSecurityGen1
 
A survey study of title security and privacy in mobile systems
A survey study of title security and privacy in mobile systemsA survey study of title security and privacy in mobile systems
A survey study of title security and privacy in mobile systemsKavita Rastogi
 
M2 m summary for all
M2 m summary for allM2 m summary for all
M2 m summary for allTarik KUCUK
 
Mobile payment systems and services
Mobile payment systems and servicesMobile payment systems and services
Mobile payment systems and servicesSaketh guggilla
 
Protocols in Mobile Electronic Commerce
Protocols in Mobile Electronic CommerceProtocols in Mobile Electronic Commerce
Protocols in Mobile Electronic CommerceIJERA Editor
 

Similar to Security issues in_mobile_payment (20)

new Algorithm1
new Algorithm1new Algorithm1
new Algorithm1
 
Security management systemofcellular_communication
Security management systemofcellular_communicationSecurity management systemofcellular_communication
Security management systemofcellular_communication
 
B010331019
B010331019B010331019
B010331019
 
Security Models in Cellular Wireless Networks
Security Models in Cellular Wireless NetworksSecurity Models in Cellular Wireless Networks
Security Models in Cellular Wireless Networks
 
S ECURITY I SSUES A ND C HALLENGES I N M OBILE C OMPUTING A ND M - C ...
S ECURITY I SSUES A ND C HALLENGES I N M OBILE C OMPUTING A ND M - C ...S ECURITY I SSUES A ND C HALLENGES I N M OBILE C OMPUTING A ND M - C ...
S ECURITY I SSUES A ND C HALLENGES I N M OBILE C OMPUTING A ND M - C ...
 
GSM Technology and security impact
GSM Technology and security impactGSM Technology and security impact
GSM Technology and security impact
 
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesAll the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
 
Mobile cloning
Mobile cloningMobile cloning
Mobile cloning
 
IRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS SensorIRJET- ATM Security using GSM and MEMS Sensor
IRJET- ATM Security using GSM and MEMS Sensor
 
IRJET- High Security System for Money Carrying VAN to ATM’S
IRJET- High Security System for Money Carrying VAN to ATM’SIRJET- High Security System for Money Carrying VAN to ATM’S
IRJET- High Security System for Money Carrying VAN to ATM’S
 
Unleashing the Power of Telecom Network Security.pdf
Unleashing the Power of Telecom Network Security.pdfUnleashing the Power of Telecom Network Security.pdf
Unleashing the Power of Telecom Network Security.pdf
 
Strengthening Your Network Against Future Incidents with SecurityGen
Strengthening Your Network Against Future Incidents with SecurityGenStrengthening Your Network Against Future Incidents with SecurityGen
Strengthening Your Network Against Future Incidents with SecurityGen
 
Telecom Resilience: Strengthening Networks through Cybersecurity Vigilance
Telecom Resilience: Strengthening Networks through Cybersecurity VigilanceTelecom Resilience: Strengthening Networks through Cybersecurity Vigilance
Telecom Resilience: Strengthening Networks through Cybersecurity Vigilance
 
A survey study of title security and privacy in mobile systems
A survey study of title security and privacy in mobile systemsA survey study of title security and privacy in mobile systems
A survey study of title security and privacy in mobile systems
 
M2M summary for all
M2M summary for allM2M summary for all
M2M summary for all
 
M2 m summary for all
M2 m summary for allM2 m summary for all
M2 m summary for all
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
Mobile payment systems and services
Mobile payment systems and servicesMobile payment systems and services
Mobile payment systems and services
 
An analysis of the security needs
An analysis of the security needsAn analysis of the security needs
An analysis of the security needs
 
Protocols in Mobile Electronic Commerce
Protocols in Mobile Electronic CommerceProtocols in Mobile Electronic Commerce
Protocols in Mobile Electronic Commerce
 

More from Prof. Dr. K. Adisesha

Software Engineering notes by K. Adisesha.pdf
Software Engineering notes by K. Adisesha.pdfSoftware Engineering notes by K. Adisesha.pdf
Software Engineering notes by K. Adisesha.pdfProf. Dr. K. Adisesha
 
Software Engineering-Unit 1 by Adisesha.pdf
Software Engineering-Unit 1 by Adisesha.pdfSoftware Engineering-Unit 1 by Adisesha.pdf
Software Engineering-Unit 1 by Adisesha.pdfProf. Dr. K. Adisesha
 
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdfSoftware Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdfProf. Dr. K. Adisesha
 
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
Software Engineering-Unit 3 "System Modelling" by Adi.pdfSoftware Engineering-Unit 3 "System Modelling" by Adi.pdf
Software Engineering-Unit 3 "System Modelling" by Adi.pdfProf. Dr. K. Adisesha
 
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
Software Engineering-Unit 4 "Architectural Design" by Adi.pdfSoftware Engineering-Unit 4 "Architectural Design" by Adi.pdf
Software Engineering-Unit 4 "Architectural Design" by Adi.pdfProf. Dr. K. Adisesha
 
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
Software Engineering-Unit 5 "Software Testing"by Adi.pdfSoftware Engineering-Unit 5 "Software Testing"by Adi.pdf
Software Engineering-Unit 5 "Software Testing"by Adi.pdfProf. Dr. K. Adisesha
 
Computer Networks Notes by -Dr. K. Adisesha
Computer Networks Notes by -Dr. K. AdiseshaComputer Networks Notes by -Dr. K. Adisesha
Computer Networks Notes by -Dr. K. AdiseshaProf. Dr. K. Adisesha
 
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
CCN Unit-1&2 Data Communication &Networking by K. AdiaeshaCCN Unit-1&2 Data Communication &Networking by K. Adiaesha
CCN Unit-1&2 Data Communication &Networking by K. AdiaeshaProf. Dr. K. Adisesha
 
CCN Unit-3 Data Link Layer by Dr. K. Adisesha
CCN Unit-3 Data Link Layer by Dr. K. AdiseshaCCN Unit-3 Data Link Layer by Dr. K. Adisesha
CCN Unit-3 Data Link Layer by Dr. K. AdiseshaProf. Dr. K. Adisesha
 
CCN Unit-4 Network Layer by Dr. K. Adisesha
CCN Unit-4 Network Layer by Dr. K. AdiseshaCCN Unit-4 Network Layer by Dr. K. Adisesha
CCN Unit-4 Network Layer by Dr. K. AdiseshaProf. Dr. K. Adisesha
 
CCN Unit-5 Transport & Application Layer by Adi.pdf
CCN Unit-5 Transport & Application Layer by Adi.pdfCCN Unit-5 Transport & Application Layer by Adi.pdf
CCN Unit-5 Transport & Application Layer by Adi.pdfProf. Dr. K. Adisesha
 

More from Prof. Dr. K. Adisesha (20)

Software Engineering notes by K. Adisesha.pdf
Software Engineering notes by K. Adisesha.pdfSoftware Engineering notes by K. Adisesha.pdf
Software Engineering notes by K. Adisesha.pdf
 
Software Engineering-Unit 1 by Adisesha.pdf
Software Engineering-Unit 1 by Adisesha.pdfSoftware Engineering-Unit 1 by Adisesha.pdf
Software Engineering-Unit 1 by Adisesha.pdf
 
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdfSoftware Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
 
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
Software Engineering-Unit 3 "System Modelling" by Adi.pdfSoftware Engineering-Unit 3 "System Modelling" by Adi.pdf
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
 
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
Software Engineering-Unit 4 "Architectural Design" by Adi.pdfSoftware Engineering-Unit 4 "Architectural Design" by Adi.pdf
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
 
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
Software Engineering-Unit 5 "Software Testing"by Adi.pdfSoftware Engineering-Unit 5 "Software Testing"by Adi.pdf
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
 
Computer Networks Notes by -Dr. K. Adisesha
Computer Networks Notes by -Dr. K. AdiseshaComputer Networks Notes by -Dr. K. Adisesha
Computer Networks Notes by -Dr. K. Adisesha
 
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
CCN Unit-1&2 Data Communication &Networking by K. AdiaeshaCCN Unit-1&2 Data Communication &Networking by K. Adiaesha
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
 
CCN Unit-3 Data Link Layer by Dr. K. Adisesha
CCN Unit-3 Data Link Layer by Dr. K. AdiseshaCCN Unit-3 Data Link Layer by Dr. K. Adisesha
CCN Unit-3 Data Link Layer by Dr. K. Adisesha
 
CCN Unit-4 Network Layer by Dr. K. Adisesha
CCN Unit-4 Network Layer by Dr. K. AdiseshaCCN Unit-4 Network Layer by Dr. K. Adisesha
CCN Unit-4 Network Layer by Dr. K. Adisesha
 
CCN Unit-5 Transport & Application Layer by Adi.pdf
CCN Unit-5 Transport & Application Layer by Adi.pdfCCN Unit-5 Transport & Application Layer by Adi.pdf
CCN Unit-5 Transport & Application Layer by Adi.pdf
 
Introduction to Computers.pdf
Introduction to Computers.pdfIntroduction to Computers.pdf
Introduction to Computers.pdf
 
R_Programming.pdf
R_Programming.pdfR_Programming.pdf
R_Programming.pdf
 
Scholarship.pdf
Scholarship.pdfScholarship.pdf
Scholarship.pdf
 
Operating System-2 by Adi.pdf
Operating System-2 by Adi.pdfOperating System-2 by Adi.pdf
Operating System-2 by Adi.pdf
 
Operating System-1 by Adi.pdf
Operating System-1 by Adi.pdfOperating System-1 by Adi.pdf
Operating System-1 by Adi.pdf
 
Operating System-adi.pdf
Operating System-adi.pdfOperating System-adi.pdf
Operating System-adi.pdf
 
Data_structure using C-Adi.pdf
Data_structure using C-Adi.pdfData_structure using C-Adi.pdf
Data_structure using C-Adi.pdf
 
JAVA PPT -2 BY ADI.pdf
JAVA PPT -2 BY ADI.pdfJAVA PPT -2 BY ADI.pdf
JAVA PPT -2 BY ADI.pdf
 
JAVA PPT -5 BY ADI.pdf
JAVA PPT -5 BY ADI.pdfJAVA PPT -5 BY ADI.pdf
JAVA PPT -5 BY ADI.pdf
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Security issues in_mobile_payment

  • 1. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 1 Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET HOD, Dept., of Computer Science Bangalore City College Bangalore. E-mail: adisesha1@rediffmail.com Phone No.:9449081542 Abstract: Mobile e-commerce (or m-commerce) is considered a natural extension of e-commerce and represents a new way for conducting commerce. M-commerce refers to e-commerce transactions conducted through a mobile device via wireless networks. The electronic payment performed in wireless environments leads to the term mobile payment (or m-payment), which is defined as any payment transaction involving the purchase of goods or services that is completed with a wireless device. M-payments facilitate m-commerce because they let users make online purchases from their mobile devices remotely at any time. A key challenge with gaining user adoption of mobile banking and payments is the customer’s lack of confidence in security of the services. Understanding the mobile banking and payments market and ecosystem is critical in addressing the security challenges. There are new security risks introduced with mobile banking and payments that must be identified and mitigated. There are risks that have both an existing mitigation method as well as those that do not have a clear risk mitigation solution. We also here present the major security issues that must be taken into consideration when designing, implementing, and deploying secure m-payment systems. In particular, we focus on threats, vulnerabilities, and risks associated with such systems as well as corresponding protection solutions to mitigate these risks. We also discuss some of the challenges that need to be addressed in the future as m-payment systems become fully integrated with other emerging technologies such as fifth-generation mobile networks (5G) and cloud computing. Keywords: m-commerce, m-payment systems, m-payment Threats, Security 1. Introduction There doesn’t seem to be a week that something relative to mobile and/or mobile payments is not in the news. Mobile and everything mobile is the current hot area where new investments and new ideas are blossoming in the hopes of being part of the next “big thing” that generates healthy returns and wealth. Consumers are embracing mobile in their day to day lives and are more likely to forget their wallet at home than their mobile phone. With all this energy and momentum around mobile, as with any new next big thing, there are some areas of concern to consider. A key area of concern for consumers and financial service providers is the security of mobile banking and payments. There are new technologies and new entrants as well as a complex supply chain that will increase the security risks. There is no real standard for technology that has captured the market and regulations relative some of the new entrants are non-existent. Customers have increased control of their device in terms of application downloads, OS updates and personalization of their
  • 2. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 2 devices. This will lead to new challenges relative to privacy and will take some time before the younger generation realizes the implications of privacy violations. Compounding the challenge is the fact that traditional security controls such as AV, firewalls, and encryption have not reached the level of maturity needed in the mobile space. As with any emerging market area, these challenges will resolve over time. Until this are matures, there are measures that can be taken relative to customer education, service process rigor, payments technology and fraud preventive and detective controls that can mitigate the security risks. 2. Definition of Mobile Payment System A mobile payment system (MPS) can be defined as any payment system that enables financial transactions to be made securely from one organization or individual to another over a mobile network (using a mobile device). While the key phases of the generic mobile payment procedure is applicable to almost all transactions, they can be categorized into several different groups or procedures based. Mobile payment procedures are categorized as location-based(remote and proximity Transactions), value-based (micro-payments, mini-payments and macro-payments), charge-based (post-paid, pre-paid and pay-now), validation-based (online mobile payment, offline mobile payment) and technology-based (single chip, dual chip, dual slot), token-based (eco in) and account-based (wireless wallets). . 3. Key Technologies 3.1. Mobile Elements In understanding the security risks of mobile banking, it is useful to understand the general hardware and system software of a mobile device. The most prevalent technology relative to mobile devices and the associate wireless carriers today is based on 2G technology (GSM/EDGE) and 3G technology (UMTS/HSPA) standards. The latest technology currently being rolled out by major carriers is Long Term Evolution (LTE) which doesn’t currently meet the requirements to be considered 4G (speeds of up to 100Mbps for a moving user and 1Gbps for a stationary user) but is being marketed as 4G. The basic components of a wireless network include the spectrum for the wireless interface, the antennas and radio processing equipment located at the base station or cell sites, and the connectivity (T1, microwave) from the cell site back to the mobile switching center that contains the voice and data processing equipment. The security elements for 3G technology include encryption on the air interface and mutual authentication between the user and the network (involving the HLR and USIM). 3.2. GSM AND GPRS SECURITY ARCHITECTURE Global System for Mobile Communications (GSM) is the most popular standard for mobile phones in the world. Figure 1 shows the basic structure of the GSM architecture; GSM provides SMS and GPRS (General Packet Radio Service) services.
  • 3. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 3 Figure 1. GSM Architecture The GPRS Core network is an integrated part of the GSM network; it is layered over the underlying GSM network, with added nodes to cater for packet switching. GPRS also uses some of the existing GSM network elements; some of these include existing Base Station Subsystems (BSS), Mobile Switching Centers (MSC), Authentication Centers (AUC), and Home Location Registers (HLR). Some of the added GPRS network elements to the existing GSM network include; GPRS Support Nodes (GSN), GPRS tunneling protocol (GTP), Access points, and the (Packet Data Protocol) PDP Context. 3.2.1 Security mechanisms in the GSM network The GSM network has some security mechanism to prevent activities like Subscriber Interface Module (SIM) cloning, and stop illegally used handsets. GSM has methods to authenticate and encrypt data exchanged on the network. The GSM authentication center is used to authenticate each SIM card that attempts to connect to
  • 4. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 4 the GSM network. The SIM card authentication takes place when a mobile station initially attempts to connect to the network, i.e. when a terminal is switched on. If authentication fails then no services are offered by the network operator, otherwise the (Serving GPRS Support Node) SGSN and HLR is allowed to manage the services associated with the SIM card. The authentication of the SIM depends on a shared secret key between SIM card and the AUC called Ki. This secret key is embedded into the SIM card during manufacture, and it is also securely replicated into the AUC. When the AUC authenticates a SIM, it generates a random number known as the RAND. It sends this RAND number to the subscriber. Both the AUC and SIM feed the Ki and RAND values into the A3/A8 (or operator proprietary algorithm (COMP128)) and a number known as Signed RESponse (SRES) is generated by both parties. If the SIM SRES matches the AUC SRES the SIM is successfully authenticated. Both the AUC and SIM can calculate a second secret key called Kc by feeding the Ki and the RAND value into the A5 algorithm. This would be used to encrypt and decrypt the session communications. After the SIM authentication the SGSN or HLR requests the mobile identity, this is done to make sure that the mobile station being used by the user is not black listed. The mobile returns the IMEI (International Mobile Equipment Identity) number; this number is forwarded to the EIR (Equipment Identity Register). The EIR authorizes the subscriber and responds back to the SIM with the status, if the mobile is authorized the SGSN informs the HLR and PDP Context activation begins. 3.2.3 Problems with GSM Network Problems with the A3/A8 authentication algorithm -A3 and A8 are not actually encryption algorithms, but placeholders used in algorithm COMP128 [2].COMP128 was broken by Wagner and Goldberg in less than a day. Problems with A5 algorithm: The A5 algorithm is used to prevent casual eavesdropping by encrypting communications between mobile station (handset) and BSS. Kc is the Ki and RAND value fed into the A5 algorithm. This Kc value is the secret key used with the A5 algorithm for encryption between the mobile station and BSS. There are at least three flavours of the A5 algorithm. These include A5/1 which is commonly used in western countries. The A5/1 is deemed strong encryption [3] but it was reverse engineered some time ago. A5/2 has been cracked by Wagner and Goldberg, the methodology they used required five clock cycles making A5/2 almost useless. Finally A5/0 is a form of A5 that does not encrypt data at all. All these problems with the A5 encryption algorithms prove that eavesdropping between mobile station and BSS is still possible, making GPRS over the GSM core network very insecure for mobile banking. Attack on the RAND value: When the AUC attempts to authenticate a SIM card, the RAND value sent to the SIM card can be modified by an intruder failing the authentication. This may cause a denial of service attack. 3.3 Short Message Service This service allows mobile systems and other networked devices to exchange short text messages with a maximum length of 160 characters. SMS uses the popular text-messaging standard to enable mobile application based banking. The way this works is that the customer requests for information by sending an SMS containing a service command to a pre-specified number. The
  • 5. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 5 bank responds with a reply SMS containing the specific information. One of the major reasons that transaction based services have not taken off on SMS is because of concerns about security. 3.3.1 Security Problems with SMS The initial idea for SMS usage was intended for the subscribers to send non-sensitive messages across the open GSM network. Mutual authentication, text encryption, end-to-end security, nonrepudiation were omitted during the design of GSM architecture. In this section we discuss some of the security problems of using SMS. Forging Originators Address: SMS spoofing is an attack that involves a third party sending out SMS messages that appear to be from a legal sender. It is possible to alter the originator s address field in the SMS header to another alpha-numerical string. It hides the original senders address and the sender can send out hoax messages and performs masquerading attacks. SMS Encryption: The default data format for SMS messages is in plaintext. The only encryption involved during transmission is the encryption between the base transceiver station and the mobile station. End-to- end encryption is currently not available. The encryption algorithm used is A5 which is proven to be vulnerable. Therefore a more secure algorithm is needed. 3.4 Wireless application protocol/GPRS. GPRS is a mobile data service available to GSM users that enables WAP-enabled devices such as mobile phones to support services such as Internet browsing, multimedia messaging service, and Internet based communication services such as email and World Wide Web access. Mobile phones or terminals can access the internet using WAP browsers; WAP browsers can only access WAP sites. Instead of the traditional HTML, XML or XHTML, WAP sites are written in WML (Wireless Markup Language). The WAP protocol is only persistent from the client to the WAP gateway, the connection from the WAP Gateway to the Bank Server is secured by either SSL or TLS. WAP provides security of communications using the WTLS (WAP Transport Layer Security) protocol and the WIM (WAP Identity Module). WTLS provides a public-key based security mechanism similar to TLS and the WIM stores the secret keys. In order to allow the interoperability of WAP equipment and software with many different technologies WAP uses the WAP protocol suite. Figure 2 illustrates the different layers of the WAP protocol. Figure 2. WAP Protocol Suite Source from [6]
  • 6. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 6 3.4.1 Security problems with Current GPRS Implementations Security issues with present implementations that use WAP: The present mobile banking implementations that are using WAP have proven to be very secure, but there exist some loopholes which could lead to insecure communications. Some of these loopholes include:  There is no end-to-end encryption between client and bank server.  There is end-to-end to encryption between the client and the Gateway and between the Gateway and the Bank server.  To resolve this, the bank server could have its own Access Point Name (APN) in any of the GPRS networks. This APN would serve as the WAP Gateway for the bank. Therefore the client would be connected directly to the bank without third parties in the middle of the communication.  Public key cryptosystems key sizes offered by the WTLS standard are not strong enough to meet today’s WAP applications security requirements. Considering the low processing power of the handheld devices, the key sizes have been restricted.  Anonymous key exchange suites offered by the WTLS handshake are not considered secure. Neither client nor the server is authenticated. Banks should provide functionality to disallow this option of handshaking. Security issues associated with using the plain GPRS network: The GPRS core network is too general; it does not cater for some banking security requirements. Some of these requirements include:  Lack of account holder or bank authentication. The Bank can provide a unique APN to access the Bank server, but without this or some other authentication mechanism anyone can masquerade as the Bank. All these issues raise concerns of fabrication of either bank information or account holder information Provision of functions to avoid modification of data and ensure the integrity of data for both the account holder and the Bank.  The methods to cater for confidentiality of data between the mobile station and the bank server have proven to be weak, and the network operator can view account holder s information. This raises security issues for both the bank and account holder.  The bank cannot prove that the account holder performed a specific action and the account holder cannot prove that the bank performed a specific action.  GPRS provides session handling facilities, but does not handle Bank specific sessions; this may cause inconsistencies on the banks side raising security issues. 3.5 Other Technologies Phone-based application. The m-payment client application (residing on the consumer’s mobile phone) can be developed using the Java 2 Platform, Micro Edition for GSM-based mobile phones and the Binary Runtime Environment for Wireless for mobile phones based on code division multiple access. SIM-based application. The Subscriber Identity Module (SIM) used in GSM mobile phones is a smart card whose information can be protected using cryptographic algorithms and keys. (Smart
  • 7. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 7 cards are microcomputers small enough to fit in a wallet or even a mobile phone. They have their own processors and memory for storage.) SIM applications are relatively more secure than client applications that reside on the mobile phone. RFID. This technology uses radio frequency (RF) signals to exchange data between a reader and an electronic tag attached to an object, for the purpose of ID and tracking. Voice-based payment transactions. These can be done by making a phone call to a special number and providing a credit card number. Dual chip. Dual-chip phones have two slots: one for a SIM card (telephony) and another for a payment chip card. This solution allows an m-payment application provider to develop an m-payment application in the payment chip card without collaborating with the telecommunications operator (the owner of the SIM card). Near-field communication. This short-range wireless communication standard results from the fusion of the contactless smart card (RFID) and the mobile phone. NFC does not have native encryption capabilities and therefore is vulnerable to security exploits if not properly implemented. RF signal which NFC works from has the potential to be read or intercepted up to several meters away with the proper equipment without needing line of sight. Appropriate encryption will provide adequate protection against eavesdropping. Mobile wallet. This m-payment application software on the mobile phone contains details of the customer (including bank account details and/or credit card information) that enable the customer to make payments using the mobile phone. A possible drawback to the mobile wallet and secure element solution is that a single pin unlocks all of the accounts stored in the wallet. This is in contrast to plastic cards, where each card can be set to use a different pin. Mobile wallets could thus present greater exposure to loss in the event that a mobile wallet device and its single pin are compromised 3.5.1. Security Vulnerabilities and Solutions As mentioned earlier, m-payment systems rely on underlying communication technologies (such as GSM, Bluetooth, and RFID) whose security vulnerabilities are often ignored when the security aspects of the m-payment systems are analyzed. Therefore, m-payment system designers should take a holistic view when performing a security analysis during design and implementation.18 In general, to counter potential threats, a secure m-payment system must satisfy the following transaction security properties: authentication, confidentiality, integrity, authorization, availability, nonrepudiation (ensuring that users can’t claim that a transaction occurred without their knowledge), and accountability (defined as the ability to show that the parties who engage in the system are responsible for the transaction related to them). Table 1 summarizes the types of vulnerabilities and threats and their corresponding risks in an m-payment system environment together with relevant protection solutions.
  • 8. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 8 Table 1. Vulnerabilities, threats, risks, and protection solutions in m-payment systems.[1] 4. 4G Transmission in security of mobile payment. 4G fourth-generation wireless defines the stage of broadband mobile communications that supersede the third generation 3G, 4G used orthogonal frequency-division multiplexing - OFDM instead of time division multiple access - TDMA or code division multiple access – CDMA. ISP’s are increasingly marketing their services as being 4G, even when their data speeds are not as fast as the International Telecommunication Union (ITU) specifies. According to the ITU, a 4G network requires a mobile device to be able to exchange data at 100 Mbit/sec. A 3G network, on the other hand, can offer data speeds as slow as 3.84 Mbit/sec. OFDM is a type of digital modulation in which a signal is split into several narrowband channels at different frequencies. This is more
  • 9. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 9 competent than TDMA, which divides channels into time slots and has multiple users take turns transmitting CDMA, which simultaneously transmits multiple signals on the same channel. Thus it pays way to support efficient encryption mechanisms in securing the mobile payment. 4.1 Cryptography – Vulnerabilities in Mobile Payment Cryptography techniques play an important role in satisfying the transaction security properties mentioned earlier. They’re essential in securing m-payments over open networks that have little or no physical security. Symmetric cryptography shares a secret between two parties (a sender and a receiver) who want to communicate safely without revealing details of the message. Symmetric cryptographic methods are suitable because of their low computational requirements. However, key management in symmetric-key operations is complex. To solve this complexity, public-key cryptography uses a pair of keys for every party: a public key (that is published) and a private key (that remains secret). Thus, it is not necessary to share a secret key between the sender and the receiver before communicating securely. However, traditional asymmetric signature schemes make the signature computations expensive and aren’t suitable or mobile devices. Moreover, to avoid impersonation attacks, for every public key, a certificate is required and must be verified by a certification authority, causing an additional information exchange (and increased delays) during each transaction. 5. Upcoming Opportunities and Challenges Mobile communication continues to evolve and improve, and new technologies offering attractive business opportunities are emerging. Solutions provided by m-payment vendors must evolve in order to support increasingly sophisticated client applications running on mobile devices. At the same time, designers must continuously adapt existing m-payment systems to allow clients to take advantage of the benefits associated with emerging technologies while simultaneously ensuring secure and reliable payment transactions. We have identified several upcoming opportunities that may provide an effective solution to the existing security issues in m-payment. 5.1 5G Technology The 5G mobile communications technology is the next generation of the existing 4G Long-Term Evolution network technology. It will enable users to transmit massive data files including high-quality digital movies practically without limitation, allowing subscribers to enjoy a wide range of services, such as 3D movies and games, real-time streaming of ultra-high-definition content, and remote medical services. 5G will enable software-defined radio and flexibility in encryption method used. Furthermore, 5G will improve latency, battery consumption, cost, and reliability, which will reduce the cost of communications over wireless networks when performing payment transactions. Heterogeneous wireless networking technologies will continue to play a fundamental role in the deployment of 5G networks. However, the disparity of security solutions used by different wireless, mobile, cellular networks makes end-to-end security solutions still a significant challenge that must be addressed to support future secure m-payment systems and applications.
  • 10. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 10 5.2 Cloud Computing A cloud-based m-payment system is a type of proximity payment that stores payment credentials (used to authenticate the payment transaction) on a remote server rather than at the mobile device. To use this solution, both the consumer and the merchant must download the cloud-based application and subscribe to the service. The physical mobile phone might not be needed to complete the payment, depending on the exact solution. Consumers can access their account information in the cloud via mobile devices. In addition, payment notification can be communicated via email or SMS text messages once a cloud payment is completed. Despite the benefits offered by cloud-based m-payment systems, some security issues remain unsolved. For example, payment data and stored payment credentials in the cloud could be compromised if the cloud server is attacked. Also, payment data should not be transmitted via SMS or email because cloud platforms aren’t encrypted. Finally, data privacy remains a key concern for payment data stored in the cloud, which could share this information with other businesses without the consumer’s explicit approval. 5.3Encryption Technology Elliptic curve cryptography (ECC) is an alternative approach to public-key cryptography. It relies on the elliptic curve logarithm, which dramatically decreases the key size needed to achieve the same level of security offered in conventional public key cryptographic schemes. This allows ECC to provide similar security as RSA but using much smaller key sizes (approximately one-eighth of the key size used by RSA), which in turn significantly reduces processing overhead. Therefore, faster computations, lower power consumption and memory, and bandwidth savings are properties offered by ECC that are useful for implementing encryption on resource-constrained mobile devices. In the future, system designers should explore the possibility of incorporating ECC algorithms in existing or new m-payment systems to reap many of the benefits of ECC in mobile devices. Self-certified public-key schemes (where public-key authentication can be achieved implicitly with signature verification) are an alternative security solution for m-payment systems based on restricted communication scenarios, where an engaging party has connectivity restrictions that prevent communication with a certification authority for validating a certificate during a transaction. In those schemes, the user’s public key is derived from the signature of his or her secret key along with his or her identity, and is signed by the system authority using the system’s secret key. However, the expiration of this kind of certificate isn’t defined in all the schemes proposed in the literature and is an open problem that still must be solved. 6. Conclusion The aim of this paper is to focus on mobile payments to analyze the different factors as Negative and Positive that impact adoption of mobile payments, and to introduce the mobile payment emerging technologies and services. The key finding based on the analysis is while consumers continue to express concern over using their mobile phone to conduct banking and financial services transactions, it is a fear born more of perception than reality. There are threats, but the security controls available to mitigate risk at this level are substantial and effective. However, security practices will need to continue to evolve as more and more smart phones and technologies
  • 11. Security Issues In Mobile Payment Prof. K. Adisesha, BE, M.Sc. M.Tech, NET Page 11 enter the market running more and more applications, creating an ever growing opportunity for security threats. References [1]Mobile Payments: Risk, Security and Assurance Issues, white paper, ISACA, Nov. 2011; www.isaca.org/Groups/Professional-English/pci-compliance/GroupDocuments/MobilePayments WP.pdf. [2] Systematic Literature Review: Security Challenges of Mobile Banking and Payments System. Md. Shoriful Islam International Journal of u- and e- Service, Science and Technology Vol. 7, No. 6 (2014), pp. 107-116 http://dx.doi.org/10.14257/ijunesst. [3] 4G and Its Future Impact: Indian Scenario -Butchi Babu Muvva, Rajkumar Maipaksana, and M. Narasimha Reddy International Journal of Information and Electronics Engineering, Vol. 2, No. 4, July 2012 [4] Determining New Security Challenges for Mobile Banking- Dr. Syed Nisar Osman International Journal of Research in Advent Technology (E-ISSN: 2321-9637) Special Issue1st International Conference on Advent Trends in Engineering, Science and Technology“ICATEST 2015”, 08 March 2015 [5]http://warse.org/pdfs/ijatcse03122012.pdf [6] A Secure Cloud-Based Nfc Mobile Payment Protocol. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 5, No. 10, 2014 [7] Cloud Backup: Cloud Backup - FAQs, April 2010, Version 1.6, https://backup.eu.businessitondemand.com [8] Security of Mobile Banking-Kelvin Chikomo, Ming Ki Chong, Alapan Arnab, Andrew Hutchison