Resuscitating privacy-preserving mobile payment with customer in complete control

Abstract

Credit/debit card payment transactions do not protect the privacy of the customer. Once the card is handed over to the merchant for payment processing, customers are "no longer in control" on how their card details and money are handled. This leads to card fraud, identity theft, and customer profiling. Therefore, for those customers who value their privacy and security of their payment transactions, this paper proposes a choice--an alternate mobile payment model called "Pre-Paid Mobile HTTPS-based Payment model". In our proposed payment model, the customer obtains the merchant's bank account information and then instructs his/her bank to transfer the money to the merchant's bank account. We utilize near field communication (NFC) protocol to obtain the merchant's bank account information into the customer's NFC-enabled smartphone. We also use partially blind signature scheme to hide the customers' identity from the bank. As a result, our payment model provides the customer with complete control on his/her payments and privacy protection from both the bank and the merchant. We emulated our proposed mobile payment model using Android SDK 2.1 platform and analyzed its execution time.