Chapter 6 - Security Issues of In-Store Mobile Payment

Abstract

In recent years, various mobile services have been introduced for in-store payment. While most in-store mobile payment services demonstrate desirable usability, they raise many security issues. In this chapter, we survey the security issues related to in-store mobile payment and their respective solutions. We start by proposing network models for in-store mobile payment services. After that, we identify four new entities in in-store mobile payment, which do not exist in traditional card payment. They include token service provider, token requestor, mobile payment service provider, and mobile device. We highlight the security issues of these entities. First, token service provider and token requestor should be secure against the disclosure of users' credentials and the misuse of payment tokens, which may lead to fraud transactions. Second, mobile payment service provider should ensure the reliability of its in-store mobile payment services. Third, mobile device should prevent illegitimate users accessing mobile payment services and prevent malicious apps modifying transaction details (e.g., balance and merchant ID). After analyzing the security issues and existing solutions, we explore the design space of in-store mobile payment and provide suggestions to thwart payment fraud.