Improving Mobile Money Security with Two-Factor Authentication

Security is a leading factor for establishing and maintaining customer trust in mobile money services (MMSs). MMSs in Tanzania rely on the use of Personal Identification Number (PIN) as an authentication method. However, a PIN can be easily guessed, forged or misused. This paper explores security challenges in MMSs and weaknesses associated with the current Mobile Money Authentication (MMA) method. Further, the study proposes the use of two-factor authentication model as an alternative method. The proposed model combines the current approach of using PIN and adds another layer of security that uses fingerprint recognition technology. Evaluation of the proposed model shows that it mitigates security vulnerabilities that exist in the current MMA method.

[1]  I. Monitor Information Security Management Handbook , 2000 .

[2]  Ross J. Anderson,et al.  A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs , 2012, Financial Cryptography.

[3]  Paula M. C. Swatman,et al.  Identifying effectiveness criteria for Internet payment systems , 1998, Internet Res..

[4]  Helen J. Wang,et al.  Smart-Phone Attacks and Defenses , 2004 .

[5]  Sagar Acharya,et al.  Two Factor Authentication Using Smartphone Generated One Time Password , 2013 .

[6]  Patrick Traynor,et al.  [8WashJLTech&Arts0245] Privacy and Security Concerns Associated with Mobile Money Applications in Africa , 2013 .

[7]  Mrudula Sarvabhatla,et al.  A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography , 2012 .

[8]  Dinesh Goyal,et al.  Design of Improved Algorithm for Mobile Payments Using Biometrics , 2014 .

[9]  Karen A. Scarfone,et al.  Guide to Enterprise Password Management , 2009 .

[10]  P. Bajaj,et al.  Biometric mechanism for enhanced security of online transaction on Android system: A design approach , 2012, 2012 14th International Conference on Advanced Communication Technology (ICACT).

[11]  Wassim El-Hajj,et al.  Two factor authentication using mobile phones , 2009, 2009 IEEE/ACS International Conference on Computer Systems and Applications.

[12]  Professor T. Venkat Narayana Rao Authentication Using Mobile Phone as a Security Token , 2011 .

[13]  Garth Lewis,et al.  What is Multi-Factor Authentication? , 2007 .

[14]  Bruce Schneier,et al.  Two-factor authentication: too little, too late , 2005, CACM.

[15]  Shahzad Memon,et al.  Fingerprint Biometric for Identity management , 2011 .