Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

Ali, Guma; Dida, Mussa Ally; Sam, Anael

doi:10.3390/fi12100160

Cited by 40 publications

(79 citation statements)

References 70 publications

(305 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The implementation of a payment gateway in the system makes this service have a transaction authentication process as well as ease of data processing, where the monitoring process can be carried out in real-time, making it easier to confirm every incoming fund, make sales reports, and find out customer details. However, the security of the electronic payment system is also something that needs to be considered by applying multiple security methods [29], as well as considering factors related to its advantages and disadvantages when used [30]. In addition, the prototype that was built still only uses one e-wallet service where this limits the flexibility of users in the payment process for their transactions, as well as the trust of users who are still unfamiliar with the use of e-wallet in their transactions.…”

Section: Discussionmentioning

confidence: 99%

Prototype mobile contactless transaction system in traditional markets to support the covid-19 physical distancing program

2021

View full text Add to dashboard Cite

One way to prevent and reduce the spread of the covid-19 pandemic is through physical distancing program. This research aims to develop a prototype contactless transaction system using digital payment mechanisms and QR code technology that will be applied in traditional markets. The method used in the development of electronic market systems is a prototype approach. The application of QR code and digital payments are used as a solution to minimize money exchange contacts that are common in traditional markets. The results showed that the system built was able to accelerate and facilitate the buying and selling transaction process in traditional market environment. Alpha testing shows that all functional systems are running well. Meanwhile, beta testing shows that the user can very well accept the system that was built. The results of the study also show acceptance of the usefulness of the system being built, as well as the optimism of its users to be able to take advantage of this system both technologically and functionally, so its can be a part of the digital transformation of the traditional market to the electronic market and has become one of the solutions in reducing the spread of the current covid-19 pandemic.

show abstract

Section: Discussionmentioning

confidence: 99%

Prototype mobile contactless transaction system in traditional markets to support the covid-19 physical distancing program

2021

View full text Add to dashboard Cite

show abstract

“…However, to date, there are no strong security controls to suit all mobile money authentication security challenges. However, the existing proposed algorithms, though promising, require more work because they are vulnerable to impersonation attacks; USSD technology vulnerabilities; replay attacks; spoofing attacks; Trojan horse attacks; bruteforce attacks; shoulder-surfing attacks; MITM attacks; insider attacks; identity theft; social engineering attacks; SIM-swapping attacks; malware attacks; agent-driven fraud; and privacy attacks [8,9,11,[22][23][24][25][26]. Therefore, there is a need to develop a secure and efficient multi-factor authentication algorithm for mobile money applications where mobile money subscribers are authenticated using a PIN, OTP, and biometric fingerprints.…”

Section: Problem Statementmentioning

confidence: 99%

“…A PIN in mobile money is a numeric password that can authenticate subscribers in an electronic transaction. The PINs used in mobile money authentications are often four or five digits [11]. The PIN value as a means of authentication depends entirely on its secrecy from the moment the PIN is created until entered into the system.…”

Section: Personal Identification Number (Pin)mentioning

confidence: 99%

“…Today, most mobile money systems authenticate their subscribers using a PIN and SIM. This 2FA scheme, though promising, is weak, thus increasing the number of security challenges [8,9,11] due to the short PIN length (4 or 5 digits) used, the same PIN being used to authenticate all mobile money services, the fact that there is no expiry date for the PIN, the fact that sharing the PIN among users takes place and the fact that the PIN is entered when unmasked during verification [12,13].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications

2021

Self Cite

View full text Add to dashboard Cite

With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems.

show abstract

“…Various attacks are included in this form of attacks, such as Trojan horse attack, phishing attack, social engineering attack, spoofing attacks, masquerade attack, replay attacks, and impersonation attack. An attacker assumes the identity of a legitimate user in an impersonation attack [76], [77], [70], [71], whereas entire communication is subjected to eavesdropping in replay attack before intercepting [78]. In a masquerade attack, the PIN and SIM card are acquired by the users.…”

Section: B Attacks Against Authenticationmentioning

confidence: 99%

Security in Next Generation Mobile Payment Systems: A Comprehensive Survey

et al. 2021

View full text Add to dashboard Cite

Cash payment is still king in several markets, accounting for more than 90% of the payments in almost all the developing countries. The usage of mobile phones is pretty ordinary in this present era. Mobile phones have become an inseparable friend for many users, serving much more than just communication tools. Every subsequent person is heavily relying on them due to multifaceted usage and affordability. Every person wants to manage his/her daily transactions and related issues by using his/her mobile phone. With the rise and advancements of mobile-specific security, threats are evolving as well. In this paper, we provide a survey of various security models for mobile phones. We explore multiple proposed models of the mobile payment system (MPS), their technologies and comparisons, payment methods, different security mechanisms involved in MPS, and provide analysis of the encryption technologies, authentication methods, and firewall in MPS. We also present current challenges and future directions of mobile phone security.

show abstract

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

Cited by 40 publications

References 70 publications

Prototype mobile contactless transaction system in traditional markets to support the covid-19 physical distancing program

Prototype mobile contactless transaction system in traditional markets to support the covid-19 physical distancing program

A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications

Security in Next Generation Mobile Payment Systems: A Comprehensive Survey

Contact Info

Product

Resources

About