Security Analysis of Mobile Payments: Direct Carrier Billing

Thumbnail Image

Files

master_Vazquez_Torralba_Nadin_2017.pdf (5.99 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2017-08-28

Department

Major/Subject

Security and Mobile Computing

Mcode

T3011

Degree programme

Master's Degree Programme in Security and Mobile Computing (NordSecMob)

Language

en

Pages

81

Series

Abstract

Payments are a compensation for a product or a service received. The funds are transferred from one party (consumer) to another (merchant). Mobile payments are a particular form of electronic payment where a mobile device serves as the key instrument to initiate, authorize or complete a payment. The payment methods have been continuously changing to adjust to cashless trends. Seeking to reach a larger number of customers has promoted the development of different solutions to provide means of payment. With an increasing number of mobile subscribers, mobile solutions such as carrier billing, SMS-based payments, and mobile wallets are gaining importance, permeating different markets, such as public transportation, digital content, advertisements and charity. This thesis investigates and analyses mobile payment solutions. The main purpose is, primarily, to identify and describe the security protocols that occur during the payment transaction. Subsequently, to distinguish the mechanisms utilised to identify and authenticate consumers and the mechanisms providing integrity to the payment data. Additionally, to recognize the possible security threats overlooked during the design and deployment of payment solutions. The analysis and tests carried out showed opportunity areas for the service providers to improve the security level of their services. We found vulnerabilities that jeopardise the integrity and authenticity of transactions from the merchant and consumer sides. The major vulnerabilities found lead to conclude that despite the development of protocols and technologies to strengthen security, an appropriate analysis is required to design and develop secure solutions. Neglecting security requirements in exchange for simplicity could come at a high price for the parties involved in mobile payments, specially, in direct carrier billing.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Bui, Thanh

Keywords

security, direct carrier billing, payment methods, threats, mobile, forgery

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-201709046868

Collections

[dipl] Perustieteiden korkeakoulu / SCI