With the developments of mobile communications, M-commerce has become increasingly popular in recent years. However, most M-commerce schemes ignore user anonymity during online transactions. As a result, user transactions may easily be traced by shops, banks or by Internet Service Providers (ISPs). To deal with this problem, we introduce a new anonymous mobile payment scheme in this paper. Our new scheme has the following features: (1) Password-based authentication: authentication of users is done by low-entropy password; (2) Convenience: the new scheme is designed based on near field communication (NFC)-enabled devices and is compatible with EuroPay, MasterCard and Visa (EMV-compatible); (3) Efficiency: users do not need to have their own public/private key pairs and confidentiality is achieved via symmetric-key cryptography; (4) Anonymity: users use virtual accounts in the online shopping processes, thereby preventing attackers from obtaining user information even if the transaction is eavesdropped; (5) Untraceablity: no one (even the bank, Trusted Service Manager (TSM), or the shop) can trace a transaction and link the real identity with the buyer of a transaction; (6) Confidentiality and authenticity: all the transaction is either encrypted or signed by the sender so our new scheme can provide confidentiality and authenticity. We also present the performance and the security comparison of our scheme with other schemes. The results show that our scheme is applicable and has the most remarkable features among the existing schemes.