Security issues of in-store mobile payment
Instead of transacting with cash, cheques, or credit cards, an increasing number of consumers start using mobile devices to make in-store payment. In-store mobile payment brings new entities, such as mobile payment service provider and mobile device, into the traditional payment system. Although the...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3907 https://search.library.smu.edu.sg/permalink/f/1oap20v/TN_els_book_whole9780128122822 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-4909 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-49092019-06-07T08:01:33Z Security issues of in-store mobile payment YU, Xingjie KYWE, Su Mon LI, Yingjiu Instead of transacting with cash, cheques, or credit cards, an increasing number of consumers start using mobile devices to make in-store payment. In-store mobile payment brings new entities, such as mobile payment service provider and mobile device, into the traditional payment system. Although these two entities have access to users’ sensitive payment credentials (e.g., payment card information, payment account information), they are not reliable. For instance, mobile devices are susceptible to various external threats bearing the risk of payment credentials disclosure. To mitigate the risk, most mobile payment services replace payment credentials with non-sensitive payment tokens. The use of payment tokens introduces two new entities, Token Service Provider (TSP) and Token Requestor (TR), into in-store mobile payment. Unsurprisingly, these new entities also introduce additional security issues and challenges. This chapter focuses on the security issues related to the new entities in in-store mobile payment. We first introduce two types of mobile payment services, Payment-Token-Based (PTB) and Service-Token-Based (STB). A PTB payment service replaces a payment card information, such as Primary Account Number (PAN), with a payment token. The token is sent from a mobile device to a Point of Sale (POS) terminal as a user’s payment credential. A STB payment service replaces a user’s mobile payment service account information, such as username and password, with a service token. The mobile payment service provider verifies the service token and sends the user’s payment credential to the payment network. We propose network models for both PTB and STB payment services. 2017-03-01T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/3907 https://search.library.smu.edu.sg/permalink/f/1oap20v/TN_els_book_whole9780128122822 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University E-Commerce Finance and Financial Management Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
E-Commerce Finance and Financial Management Information Security |
| spellingShingle |
E-Commerce Finance and Financial Management Information Security YU, Xingjie KYWE, Su Mon LI, Yingjiu Security issues of in-store mobile payment |
| description |
Instead of transacting with cash, cheques, or credit cards, an increasing number of consumers start using mobile devices to make in-store payment. In-store mobile payment brings new entities, such as mobile payment service provider and mobile device, into the traditional payment system. Although these two entities have access to users’ sensitive payment credentials (e.g., payment card information, payment account information), they are not reliable. For instance, mobile devices are susceptible to various external threats bearing the risk of payment credentials disclosure. To mitigate the risk, most mobile payment services replace payment credentials with non-sensitive payment tokens. The use of payment tokens introduces two new entities, Token Service Provider (TSP) and Token Requestor (TR), into in-store mobile payment. Unsurprisingly, these new entities also introduce additional security issues and challenges. This chapter focuses on the security issues related to the new entities in in-store mobile payment. We first introduce two types of mobile payment services, Payment-Token-Based (PTB) and Service-Token-Based (STB). A PTB payment service replaces a payment card information, such as Primary Account Number (PAN), with a payment token. The token is sent from a mobile device to a Point of Sale (POS) terminal as a user’s payment credential. A STB payment service replaces a user’s mobile payment service account information, such as username and password, with a service token. The mobile payment service provider verifies the service token and sends the user’s payment credential to the payment network. We propose network models for both PTB and STB payment services. |
| format |
text |
| author |
YU, Xingjie KYWE, Su Mon LI, Yingjiu |
| author_facet |
YU, Xingjie KYWE, Su Mon LI, Yingjiu |
| author_sort |
YU, Xingjie |
| title |
Security issues of in-store mobile payment |
| title_short |
Security issues of in-store mobile payment |
| title_full |
Security issues of in-store mobile payment |
| title_fullStr |
Security issues of in-store mobile payment |
| title_full_unstemmed |
Security issues of in-store mobile payment |
| title_sort |
security issues of in-store mobile payment |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2017 |
| url |
https://ink.library.smu.edu.sg/sis_research/3907 https://search.library.smu.edu.sg/permalink/f/1oap20v/TN_els_book_whole9780128122822 |
| _version_ |
1770573901616644096 |