A Study on Cyber Attacks and Vulnerabilities in Mobile Payment Applications


  • Oriel Rivers Norfolk State University
  • Yen-Hung (Frank) Hu Norfolk State University
  • Mary Ann Hoppa Norfolk State University


Mobile Payment, Apple Pay, Android Pay, Samsung Pay


The end-to-end mobile purchase process depends on the decisions and actions of many stakeholders, including consumers, mobile application developers, mobile payment service providers, merchants, financial institutions like banks and credit card companies, and their respective data centers. This paper presents a detailed look at mobile payments as a sequence of transactions to better understand what is required to authenticate, authorize, verify and process them, and where security vulnerabilities lie. This analysis was accomplished by conducting in-depth research on three popular use cases – Apple Pay, Google Pay, and Samsung Pay – analyzing their respective potentials for being compromised, and suggesting opportunities where higher levels of security can be attained. While many mechanisms exist that can contribute to safeguarding mobile transactions, this analysis shows many ways known vulnerabilities and attacks still can be leveraged to exploit users’ data within popular mobile payment solutions. Approaches for improving the security of mobile payment transactions are included as way ahead recommendations.