Security issues of in-store mobile payment
Publication Type
Book Chapter
Publication Date
3-2017
Abstract
Instead of transacting with cash, cheques, or credit cards, an increasing number of consumers start using mobile devices to make in-store payment. In-store mobile payment brings new entities, such as mobile payment service provider and mobile device, into the traditional payment system. Although these two entities have access to users’ sensitive payment credentials (e.g., payment card information, payment account information), they are not reliable. For instance, mobile devices are susceptible to various external threats bearing the risk of payment credentials disclosure. To mitigate the risk, most mobile payment services replace payment credentials with non-sensitive payment tokens. The use of payment tokens introduces two new entities, Token Service Provider (TSP) and Token Requestor (TR), into in-store mobile payment. Unsurprisingly, these new entities also introduce additional security issues and challenges. This chapter focuses on the security issues related to the new entities in in-store mobile payment. We first introduce two types of mobile payment services, Payment-Token-Based (PTB) and Service-Token-Based (STB). A PTB payment service replaces a payment card information, such as Primary Account Number (PAN), with a payment token. The token is sent from a mobile device to a Point of Sale (POS) terminal as a user’s payment credential. A STB payment service replaces a user’s mobile payment service account information, such as username and password, with a service token. The mobile payment service provider verifies the service token and sends the user’s payment credential to the payment network. We propose network models for both PTB and STB payment services.
Discipline
E-Commerce | Finance and Financial Management | Information Security
Research Areas
Cybersecurity
Publication
Handbook of blockchain, digital finance, and inclusion, Volume 2
Volume
2
Editor
David Lee Kuo Chuen and Robert H. Deng
First Page
115
Last Page
144
ISBN
9780128122822
Publisher
Academic Press
City or Country
San Diego
Citation
YU, Xingjie; KYWE, Su Mon; and LI, Yingjiu.
Security issues of in-store mobile payment. (2017). Handbook of blockchain, digital finance, and inclusion, Volume 2. 2, 115-144.
Available at: https://ink.library.smu.edu.sg/sis_research/3907
Additional URL
https://worldcat.org/isbn/9780128122822