Abstract
The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money.
Highlights
The exponential demand for mobile money services is radically transforming the lives of the large unbanked population in sub-Saharan Africa
The advent of mobile money has enhanced the standard of living of the unbanked population in developing countries
As much as it offers a wide range of services and benefits, mobile money has experienced increases in attacks against the current 2FA scheme
Summary
In sub-Saharan Africa, MMS has spread at a remarkable speed and extends many benefits such as convenience, reliability, speed, flexibility, and affordability [2] It settles domestic financial matters, avoids security hazards of carrying hard cash, and eliminates standing in long queues at banks [3]. In Uganda, mobile money payment systems such as MTN Uganda, Airtel, UTL, Africell, M-Cash, Ezeey Money, and Micropay have a combined network of approximately 200,857 agents who act as intermediaries [4,5,6]. These MMSs provide services ranging from sending and receiving the money to checking account balances [7,8]. Mobile money agents and users interact with the MMS using the unstructured supplementary service data (USSD) protocol interface that has a main menu and short message service (SMS) sent by the telecommunication company for notification purposes
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
