Security issues of in-store mobile payment

Author

Xingjie YU
Su Mon KYWE, Singapore Management UniversityFollow
Yingjiu LI, Singapore Management UniversityFollow

Publication Type

Book Chapter

Publication Date

3-2017

Abstract

Instead of transacting with cash, cheques, or credit cards, an increasing number of consumers start using mobile devices to make in-store payment. In-store mobile payment brings new entities, such as mobile payment service provider and mobile device, into the traditional payment system. Although these two entities have access to users’ sensitive payment credentials (e.g., payment card information, payment account information), they are not reliable. For instance, mobile devices are susceptible to various external threats bearing the risk of payment credentials disclosure. To mitigate the risk, most mobile payment services replace payment credentials with non-sensitive payment tokens. The use of payment tokens introduces two new entities, Token Service Provider (TSP) and Token Requestor (TR), into in-store mobile payment. Unsurprisingly, these new entities also introduce additional security issues and challenges. This chapter focuses on the security issues related to the new entities in in-store mobile payment. We first introduce two types of mobile payment services, Payment-Token-Based (PTB) and Service-Token-Based (STB). A PTB payment service replaces a payment card information, such as Primary Account Number (PAN), with a payment token. The token is sent from a mobile device to a Point of Sale (POS) terminal as a user’s payment credential. A STB payment service replaces a user’s mobile payment service account information, such as username and password, with a service token. The mobile payment service provider verifies the service token and sends the user’s payment credential to the payment network. We propose network models for both PTB and STB payment services.

Discipline

E-Commerce | Finance and Financial Management | Information Security

Research Areas

Cybersecurity

Publication

Handbook of blockchain, digital finance, and inclusion, Volume 2

Volume

2

Editor

David Lee Kuo Chuen and Robert H. Deng

First Page

115

Last Page

144

ISBN

9780128122822

Publisher

Academic Press

City or Country

San Diego

Citation

YU, Xingjie; KYWE, Su Mon; and LI, Yingjiu. Security issues of in-store mobile payment. (2017). Handbook of blockchain, digital finance, and inclusion, Volume 2. 2, 115-144.
Available at: https://ink.library.smu.edu.sg/sis_research/3907

Additional URL

https://worldcat.org/isbn/9780128122822