A Study on Cyber Attacks and Vulnerabilities in Mobile Payment Applications
Cover - CISSE Volume 7, Issue 1
PDF

Keywords

Mobile Payment
Apple Pay
Android Pay
Samsung Pay

Abstract

The end-to-end mobile purchase process depends on the decisions and actions of many stakeholders, including consumers, mobile application developers, mobile payment service providers, merchants, financial institutions like banks and credit card companies, and their respective data centers. This paper presents a detailed look at mobile payments as a sequence of transactions to better understand what is required to authenticate, authorize, verify and process them, and where security vulnerabilities lie. This analysis was accomplished by conducting in-depth research on three popular use cases – Apple Pay, Google Pay, and Samsung Pay – analyzing their respective potentials for being compromised, and suggesting opportunities where higher levels of security can be attained. While many mechanisms exist that can contribute to safeguarding mobile transactions, this analysis shows many ways known vulnerabilities and attacks still can be leveraged to exploit users’ data within popular mobile payment solutions. Approaches for improving the security of mobile payment transactions are included as way ahead recommendations.

PDF