Article: Requirements analysis of security and privacy of mobile payments - Indian context Journal: International Journal of Mobile Communications (IJMC) 2022 Vol.20 No.6 pp.639 - 658 Abstract: Mobile payments, while displaying improved adoption, are limited by security and privacy concerns. An appropriate treatment of these risks has the potential to further spur up the utility of the system. The essential step towards this is to systematically analyse the security and privacy requirements. This paper presents the outcome of a systematic risk analysis both from the perspective of reported attacks, as well as from the inherent vulnerabilities of the mobile application software. Attack probabilities, its impact, analysis of the code and permissions of the mobile payment app and its comparison with that of spyware designed to compromise privacy, have all been used in this process. Given that identity and authentication are necessary to derive the utility, and pure anonymity cannot be of help in this context, the need is to provide the necessary utility while addressing the security and privacy risks. The requirements towards security and privacy that need to be met, to design such a system has been arrived from this and presented for the mobile payment ecosystem, and the same has the potential to be used appropriately in related contexts. Inderscience Publishers - linking academia, business and industry through research

Title: Requirements analysis of security and privacy of mobile payments - Indian context

Authors: Thiruvaazhi Uloli; G. Sudha Sadasivam; R. Arthi

Addresses: Department of Information Science and Engineering, Kumaraguru College of Technology, Coimbatore, Tamil Nadu, India ' Department of Computer Science and Engineering, PSG College of Technology, Coimbatore, Tamil Nadu, India ' Department of Computer Science and Engineering, Kumaraguru College of Technology, Coimbatore, Tamil Nadu, India

Abstract: Mobile payments, while displaying improved adoption, are limited by security and privacy concerns. An appropriate treatment of these risks has the potential to further spur up the utility of the system. The essential step towards this is to systematically analyse the security and privacy requirements. This paper presents the outcome of a systematic risk analysis both from the perspective of reported attacks, as well as from the inherent vulnerabilities of the mobile application software. Attack probabilities, its impact, analysis of the code and permissions of the mobile payment app and its comparison with that of spyware designed to compromise privacy, have all been used in this process. Given that identity and authentication are necessary to derive the utility, and pure anonymity cannot be of help in this context, the need is to provide the necessary utility while addressing the security and privacy risks. The requirements towards security and privacy that need to be met, to design such a system has been arrived from this and presented for the mobile payment ecosystem, and the same has the potential to be used appropriately in related contexts.

Keywords: utility; security; privacy; digital payments; mobile payments; risk assessment.

DOI: 10.1504/IJMC.2022.125923

International Journal of Mobile Communications, 2022 Vol.20 No.6, pp.639 - 658

Accepted: 12 May 2021
Published online: 04 Oct 2022 *

Title: Requirements analysis of security and privacy of mobile payments - Indian context

Keep up-to-date