Security issues of in-store mobile payment
Instead of transacting with cash, cheques, or credit cards, an increasing number of consumers start using mobile devices to make in-store payment. In-store mobile payment brings new entities, such as mobile payment service provider and mobile device, into the traditional payment system. Although the...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3907 https://search.library.smu.edu.sg/permalink/f/1oap20v/TN_els_book_whole9780128122822 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | Instead of transacting with cash, cheques, or credit cards, an increasing number of consumers start using mobile devices to make in-store payment. In-store mobile payment brings new entities, such as mobile payment service provider and mobile device, into the traditional payment system. Although these two entities have access to users’ sensitive payment credentials (e.g., payment card information, payment account information), they are not reliable. For instance, mobile devices are susceptible to various external threats bearing the risk of payment credentials disclosure. To mitigate the risk, most mobile payment services replace payment credentials with non-sensitive payment tokens. The use of payment tokens introduces two new entities, Token Service Provider (TSP) and Token Requestor (TR), into in-store mobile payment. Unsurprisingly, these new entities also introduce additional security issues and challenges. This chapter focuses on the security issues related to the new entities in in-store mobile payment. We first introduce two types of mobile payment services, Payment-Token-Based (PTB) and Service-Token-Based (STB). A PTB payment service replaces a payment card information, such as Primary Account Number (PAN), with a payment token. The token is sent from a mobile device to a Point of Sale (POS) terminal as a user’s payment credential. A STB payment service replaces a user’s mobile payment service account information, such as username and password, with a service token. The mobile payment service provider verifies the service token and sends the user’s payment credential to the payment network. We propose network models for both PTB and STB payment services. |
|---|