题名

Discussion of Technology Risks Faced by Two Contemporary Mobile Payment Systems from the Perspectives of NFC and Tokenization

作者

Daniel W.K. TSE;Yiyi OUYANG

关键词

Risk ; Apple Pay ; Android Pay ; mobile payment systems ; NFC ; Secure Element ; Tokenization

期刊名称

電腦稽核

卷期/出版年月

35期(2017 / 01 / 20)

页次

50 - 59

内容语文

英文
中文摘要

Mobile payment systems are one of the key enablers in financial technology (FinTech). Because of its importance and big impact to the success of FinTech, its technology risks have to be dissected and fully understood so that the implementers can have sufficient knowledge in its risk management process. Among the numerous mobile payment systems available on the market, the research team has selected two contemporary ones for analysis. These two systems use two most popular mobile operating systems, namely, Apple's iOS and Google's Android. Apple Pay and Android Pay are two mobile payment systems equipped with different security mechanism based on those two types of operating systems. Since release of Apple Pay, NFC technology, tokenization, and Secure Element have become hot topics in m-payment ecosystem. In this paper, security of the two mobile payment systems in terms of NFC and tokenization is discussed. The conclusion would be that consistency of Apple operating system helps reduce complexity in building up security mechanism, EMVCo tokenization specification and device-centric Secure Element implementation help make responsibility division clearly among stakeholders in the mobile payment ecosystem.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Apple Inc. (2016a) Make secure purchases in stores, in apps, and now on the web. [online] Available at: http://www.apple.com/apple-pay/ [Accessed 2 December 2016].
  2. Marwaha, G. (2015) Apple Pay-An Attempt to Demystify -Take 2. [online] Available at: http://www.gmarwaha.com/blog/2015/01/03/apple-pay-an-attempt-to-demystify-take-2/ [Accessed on 8 November 2016].
  3. PCI Security Standards Council. (2011) Information Supplement: Tokenization Product Security Guidelines. [online] Available at: https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_Info_Supplement.pdf [Accessed on 13 November 2016].
  4. PCI Security Standards Council. (2015) Information Supplement: Tokenization Product Security Guidelines. [online] Available at: https://www.pcisecuritystandards.org/documents/Tokenization_Product_Security_Guidelines.pdf [Accessed on 13 November 2016].
  5. Apple Inc. (2016b) Apple Pay security and privacy overview. [online] Available at: https://support.apple.com/en-us/HT203027 [Accessed 1 December 2016
  6. Robert Triggs. (9th Sep., 2013) What is NFC & how does it work? [online] Available at: http://www.androidauthority.com/what-is-nfc-270730/ [Accessed on 10 November 2016].
  7. Perez, S. (2015) Android Pay, Google's Apple Pay Rival, Arrives Today. [online] Available at: https://techcrunch.com/2015/09/10/android-pay-googles-apple-pay-rivalgoes-live/ [Accessed 13 November 2016].
  8. NFC Forum. (2016) What Is NFC? What It Does. [online] Available at: http://nfc-forum.org/what-is-nfc/what-itdoes/[Accessed on 10 November 2016].
  9. Betters, E. (2016) Android Pay explained: How it works and where it's supported. [online] Available at: http://www.pocket-lint.com/news/135017-android-pay-explainedhow-it-works-and-where-it-s-supported [Accessed on 8 November 2016].
  10. Coskun, V.,Ozdenizci, B.,Ok, K.(2013).A survey on Near Field Communication (NFC) technology.Wireless Personal Communications,71(3),2259-2294.
  11. Díaz-Santiago, S.,María Rodríguez-Henríquez, L.,Chakraborty, D.(2016).A cryptographic study of tokenization systems.International Journal of Information Security,15(4),413-432.
  12. Kier, C.,Madlmayr, G.,Nawratil, A.,Schafferer, M.,Schanes, C.,Grechenig, T.(2015).Mobile Payment Fraud: A Practical View on the Technical Architecture and Starting Points for Forensic Analysis of New Attack Scenarios.Proceedings of the 9th International Conference on IT Security Incident Management & IT Forensics
  13. Ondrus, J.(2015).Clashing over the NFC Secure Element for Platform Leadership in the Mobile Payment Ecosystem.Proceedings of the 17th International Conference on Electronic Commerce,New York, NY:
  14. Ortiz-Yepes, D.(2016).A Review of Technical Approaches to Realizing Near-Field Communication Mobile Payments.IEEE Computer Science,14(4),54-62.
  15. Shariati, S.,Abouzarjomehri, A.,Ahmadzadegan, M.(2015).Investigating NFC Technology from The Perspective of Security, Analysis of Attacks and Existing Risk.Proceedings of the 2nd International Conference on Knowledge-Based Engineering and Innovation
  16. Vila, J.,Rodriguez R.(2015).Practical Experiences on NFC Relay Attacks with Android.RFIDsec 2015 Revised Selected Papers: Proceedings of the 11th International Workshop on Radio Frequency Identification,New York:
  17. Wang, Y.,Hahn, C.,Sutrave, K.(2016).Mobile Payment Security, Threats, and Challenges.Proceedings of the 2nd International Conference on Mobile and Secure Services
print cancel