IMPLEMENTATION OF MOBILE PAYMENT SYSTEM

Implementation Of Mobile Payment System

Implementation Of Mobile Payment System

Introduction

There are several reasons why governments and financial institutions should advocate the use of electronic payments in financial transactions. E-payment systems offer huge cost savings to the government because use of electronic cash is much cheaper than printing paper currency(Carettoni 2007:2).

Discussion

Over the past few years, computer scientists have been witnessing the evolution of a vicious species a.k.a. Mobile malware!! The evolution of mobile viruses started with proof-of-concept worms like Cabir (25). The intention of the authors of Cabir was not to cause any financial damage to the victims but to make the world aware that it was possible to write viruses that could infect mobile devices. However, this idea was further explored by some virus writers who succeeded in writing viruses which caused the phone to malfunction (e.g. Skulls (26)) or caused financial damages to the user by sending SMS messages (e.g. Viver (21)) from his/her phone. (Barkan 2006)Currently, every week about ten mobile phone Trojans are added to antivirus databases. Going by the current trend it is clear that this threat will only increase in the future. In light of these facts, it has become very crucial for the m-payment research community to analyze the impact of such malware on the security of m-payment systems.

GSM & CDMA

In order to perform a security analysis of an e-payment scheme it is necessary to understand the underlying standards, technologies, protocols and platforms used. The two popular standards used for mobile communication are Global System for Mobile communications (GSM) and Code Division Multiple Access (CDMA). GSM based phones use a SIM (Subscriber Identification Module) card which is a detachable smart card containing the user's subscription key used to identify a user(Hassinen 2005:96). In CDMA based phones, the phone itself stores the subscription key.

SMS Based Payment Systems

A common technology for remote payment systems is SMS (Short Messaging Service) which is a low cost alternative to making calls. SMS is an attractive technology because of its ease of use and low cost. SMS based payment systems are of two types, namely, the ones which do not require a change in the device infrastructure (SIM card) and the ones which do. In the former case, the user can initiate or authorize a transaction by sending an SMS message using a standard SIM card. PayPal and SMS-Credit are examples of such SMS based systems. In the second case, a special purpose SIM card is used which is configured and programmed using the SIM Application Toolkit (SAT). (Gao 2005) SAT is a GSM standard and is used for programming the SIM so that it is able to initiate various actions.

In third generation GSM phones, the device contains a USIM (Universal SIM) in place of a SIM. USAT (Universal SAT) is used for programming the USIM. The mobile operator is responsible for providing the SIM/USIM card and the application logic as in(Fong 2005:1106). Their scheme leverages the Public Key Infrastructure (PKI) provided by ...