Resources
Report: User-Level Security Issues in Mobile Payments
With the rapid development of information technology, ubiquitous mobile phones, and the impact of the demonetization scheme of the Government of India, India has experienced a significant surge in the number of electronic transactions through mobile payment apps and services. However, around the world, spread of electronic banking has resulted in thousands of cybercrimes and monetary thefts by cybercriminals. The security risks related to electronic transactions through mobile payments are high due to various technological and other reasons. In this study we focus on the risks associated with Indian mobile phone based payment systems. We conducted experiments with five popular mobile payment systems in four broad categories – wallets (PayTM, FreeCharge), direct link with user’s bank (BHIM), specific bank’s app for account holders (iMobile by ICICI Bank), and basic USSD service (dialing *99#).
In our study, we evaluated the apps on the following six key security principles combining the Basel Committee’s ‘Risk Management Principles for Electronic Banking’ and the RBI norms for electronic banking transactions:
- The potential for confidentiality breaches
- The management of the transactions for subsequent repudiation
- The strength of the authentication process
- The data and transaction integrity procedures
- The extent of access and availability of services
- The procedures for maintaining privacy of customer information
We found that apps and services that were evaluated have security concerns based on one or more of the six principles. However, even while we were conducting the study, we observed that the features of the apps and services were constantly evolving and changing. Hence, we would like to add the caveat that the evaluation of the apps in this report is as observed during our study conducted between December’16 – January’17, and it is highly likely that some of the concerns presented in this report have been addressed, and perhaps new concerns have emerged.
For a detailed report on the study, please click here