Security Loopholes in Mobile Payment Channels

This entry is part 1 of 7 in the series Mobile Security

Usage of mobile devices is intensifying it span over the globe either it is for personal or for business activities. Users prefer to make their online transactions even also on mobile device. Even mobile technology has contributed a lot and still growing. Mobile devices are seems to be the next generation technology that young generation find it most suitable for browsing various website to buying stuff via internet. After the development of mobile devices, mobile network infrastructure and wireless bandwidth has put desktop computing on a diminishing level. All industry sectors have rapidly adopted this concept as emerging ecommerce business channel for conducting sales, customer service, and other marketing operations. Keeping pace with rising mobile technology, software vendors, service providers and various industry forums have started to implement enhanced mobile OS (window mobile 7.0, Android OS, Symbian, Blackberry OS, and Apple IOS) making it feasible to develop various mobile processing solutions for mobile commerce.

M-Commerce – An innovative concept

In m-commerce (mobile commerce) end user buy products or services from the merchants or organization and make payment through their mobile device. Mobile commerce provided an extension to ecommerce business model in an innovative way. Many business organizations use mobile channels to carry their business operations in fields of sales, services, and marketing. Mobile ecommerce system includes payment gateway services providers, organizations, transaction processing service providers, issuer bank, intermediaries, and telecom service providers. Mobile commerce success depends on technology, user knowledge, easiness with mobile channels. Here, mobile channels or interfaces are discussed through which mobile services are conducted.

Mobile Payment Channels and Security Issues

  • SMS Channel:

    A universal acceptable SMS (short message service) is an easy way to convey message to anybody. SMS allows users to send or receive text messages from mobile commerce application. However, SMS channel faces challenges from regulatory compliance and congestion problem due to bulk SMS. SMS channel supports one-time purchase so multiple transactions factor is lacking in SMS channel. To activate product or service, users require knowledge of service commands for every transaction. The other drawback is the cost of SMS channel, which is high, compared to other mobile channels.

Security Limitation: However, sending password or authentication code by SMS is not considered as a secured medium because cybercriminals can intercept SMS text message and may use it for illegal purpose.

  • USSD Channel:

    Unstructured Supplementary Service Data is a session-based service, which updates regularly its menu when user makes a request and is more secure than SMS channel. However where mobile signals are weak this channel seems fail to complete the Payment transactions. USSD command model differs from one carrier to another carrier resulting into higher cost of implementation. Because of easy to use feature, USSD can reach a wide mobile audience.

Security Limitation: Due to weak cryptographic implementation, modification of sensitive information can cause security breaches in USSD channel. Also fraudulent transactions, request or response manipulation and insecure message communication are some factors that make service providers worry.

Cheap SSL

  • Mobile web based channel:

    Mobile browser is used to approach mobile customized WAP (Wireless Application Protocol) or web applications though which customers can engage in various types of mobile business transactions. In customized WAP, it uses WML (wireless markup language) for communication between a WAP gateway and internet content. It converts content between WML and HTML and deliver the content to mobile device using WAP technology. It is easy to adopt and widely used in literate people but only challenge is network capability and level of internet usage in a specific market.

Security Limitation: WAP technology works on default WAP gateway and when data is in transition it is in decrypted form and some of the data is stored as caches. If man-in-middle attack occurs on such gateway then all confidential information could be compromised.

  • Mobile Application Channel:

    Many business organizations make their mobile application for rapid transactions and easy access of products. An application depends on mobile devices and operating system and provides rich experience to users. Because of device compatibility and intense usage plays an important role in application development. Extensive use of mobile devices open the door for mobile application that resulting into benefit for organizations.

Security Limitation: As there are, many fraud and vulnerable application available on Google and iPhone app platform that users sometime may download fake app that can place him vulnerable towards cybercriminals and as a result, cybercriminal will have control of user’s Smartphone.

  • NFC Mobile channel:

    NFC (Near Field Communication) is a short-range wireless technology standard allows electronic devices to communicate with each other. The NFC channel also needs NFC enabled POS devices at the merchant locations. NFC reader can read data from a device that is placed near to it. The NFC reader creates a magnetic field that attracts inbuilt chip of NFC enabled mobile device and via data signal; it passes the data between the reader and device. It provides a contactless mobile transaction and it is an emerging need in m-commerce that looks better from the perspective of mobile security as it requires login details for accessing payment account.

Security Limitation: In NFC mobile channel, an eaves dropping is an essential security issue because NFC works on RF waves for communication and an attacker can intercept between signals using antenna. Even attacker can modify or corrupt data transition.

Finally, we can say that in the world of rising cyber attack, Mobile commerce needs to follow some security measures. In this Mobile security series, we will discuss about Mobile payment systems to prevent fraud against credit and debit card.

Series NavigationRole of Mobile Billing Systems and digital wallets in M-Commerce >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.