A secure end-to-end proximity NFC-based mobile payment protocol

Abstract

Near Field Communication (NFC) is one of the fast-growing technologies related to proximity-based mobile payments. In this paper, a secure NFC-enabled payment model that can be used for peer-to-peer (P2P) payments and payer-to-merchant (P2M) payments is presented. This payment model uses elliptic curve cryptography (ECC) to encrypt customer data. The proposed protocol provides end-to-end secure communication between customer and merchant through the bank using a reader and writer application. In our proposed model, the primary objective is that the users enter the customer PIN and the amount in their own NFC devices and it is the responsibility of the acquiring bank to rechecked and validated the amount of the transaction on the merchant’s device. The proposed model is convenient to use as the customers simply need to enter information on their NFC phones and tap it onto the merchant’s NFC device. Further, the proposed approach is verified for its security features and validated for its correctness using formal methods of the theoretically proving by Burrows–Abadi–Needham (BAN) logic, and simulation by using automated validation of Internet security protocols (AVISPA), Scyther and Tamarin. Moreover, the proposed protocol provides more security attributes and incurs fewer communication costs and low computational overhead compared to existing NFC payment protocols used for real-world applications.