SECURITY ISSUES IN MOBILE PAYMENT SYSTEMS
Security Issues in Mobile Payment Systems
A Research Presented to
the Faculty of the Graduate School
University of the Cordilleras
In Partial Fulfillment
of the Requirements for E-Business Security
by
MAVERICK T. CABUNOT
December 2012
Abstract
The banking industry and regular citizens all incur a high overhead in using physical cash. Electronic cash and cell phone-based payment in particular is a practical alternative to physical cash since it incurs much lower overheads and offers more convenience. Because security is of vital importance in financial transactions, it is imperative that attack paths in this application be identified and analyzed. This paper will investigate the vulnerabilities in several dimensions – in choice of hardware/software platform, in technology and in cell phone operating system.
Introduction
There are several reasons why governments and financial institutions should advocate the use of electronic payments in financial transactions. E-payment systems offer huge cost savings to the government because use of electronic cash is much cheaper than printing paper currency. According to Agarwal (2009) The widely used ATM (Automated Teller Machine) was one of the early successful experiments aimed at saving costs to the bank and at the same time providing 24 X 7 cash service to the customer. However, ATMs deal with paper currency. Furthermore, the cost of replenishing cash on ATMs and maintaining them is also high. Electronic cash and electronic payment schemes are an attractive alternative from the perspective of cost and convenience. It is expected that in the space of electronic payment systems, mobile payment schemes – those in which at least one part of the transaction is carried out using a mobile device - will soon dominate the world of electronic payments. This is, at least in part, due to the easy availability of mobile phones.
A Research Presented to
the Faculty of the Graduate School
University of the Cordilleras
In Partial Fulfillment
of the Requirements for E-Business Security
by
MAVERICK T. CABUNOT
December 2012
Abstract
The banking industry and regular citizens all incur a high overhead in using physical cash. Electronic cash and cell phone-based payment in particular is a practical alternative to physical cash since it incurs much lower overheads and offers more convenience. Because security is of vital importance in financial transactions, it is imperative that attack paths in this application be identified and analyzed. This paper will investigate the vulnerabilities in several dimensions – in choice of hardware/software platform, in technology and in cell phone operating system.
Introduction
There are several reasons why governments and financial institutions should advocate the use of electronic payments in financial transactions. E-payment systems offer huge cost savings to the government because use of electronic cash is much cheaper than printing paper currency. According to Agarwal (2009) The widely used ATM (Automated Teller Machine) was one of the early successful experiments aimed at saving costs to the bank and at the same time providing 24 X 7 cash service to the customer. However, ATMs deal with paper currency. Furthermore, the cost of replenishing cash on ATMs and maintaining them is also high. Electronic cash and electronic payment schemes are an attractive alternative from the perspective of cost and convenience. It is expected that in the space of electronic payment systems, mobile payment schemes – those in which at least one part of the transaction is carried out using a mobile device - will soon dominate the world of electronic payments. This is, at least in part, due to the easy availability of mobile phones.
References: L. Antovski and M.Gusev [2003]. M-payments. 25th International conference Information technology Interfaces ITI 2003. The Bunker. (Online) http://www.thebunker.net/resources/bluetooth. D. Kugler [2003]. Man in the Middle Attacks on Bluetooth. In Financial Cryptography '03, Long Beach. L. Carettoni, C. Merloni and S. Zanero [2007]. Studying Bluetooth Malware Propagation: The BlueBag Project. IEEE Security & Privacy. 2007, Vol. 5, 2.