Abstract
With mobile payments popular around the world, payers can conduct a payment anytime and anywhere. While providing great convenience, mobile payment also brings many payment security issues. This paper is the first comprehensive review of secure mobile payment. We classify the mobile payment into TPC (third-party payment company)-led mobile payment and Bank-led mobile payment, and based on this, summarize the system structure of mobile payment. Then we discuss the mobile payment security technology framework from Tokenization, PAN (bank card primary account number) binding, and Secure Payment Authentication, respectively. Besides, this paper introduces secure technologies(hardware and software) used in these procedures, discusses and analyzes the security issues that they have been encountered, summarise open issues, and proposes future development directions. In the end, we give the discussion and comparison of popular and representative mobile payment applications, including Alipay, Wechat Pay, Apple Pay, Samsung Pay, and Google Pay.
Highlights
Since modern times, payment methods have tremendously changed remarkably
For the primary account number (PAN) binding, we focus on how a PAN is bound to the mobile phone, which can be divided into third-party trust protocol and PAN anti-leakage protocol
ORGANIZATION In conjunction with the objective mentioned above objectives, the remainder of this study is organized based on the primary research areas of mobile payment security: in Section II, we introduce the mobile payment system structure and security technology framework
Summary
Payment methods have tremendously changed remarkably. In the beginning, people paid in cash. A. CONTRIBUTION By analyzing mainstream mobile payment applications and their secure payment technologies, we divide mobile payment into TPC-led(third-party payment companies led) and Bank-led payment. In both TPC-led and Bank-led mobile payments, payment security is the most crucial requirement. Mobile payment security is divided into the Tokenization, PAN(bank card primary account number) binding, and secure payment authentication, respectively. Card emulation payment authentication: this paper first describes the authentication algorithm, and summarises its security issues encountered and points out the future research direction. It has a discussion and comparison in terms of security, usability, and availability for popular mobile payment applications.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
