A Risk Assessment Framework for Mobile Payments

Progress in Mobile Commerce is heavily dependent upon effective and reliable payment mechanisms. Security concerns loom as a major impediment to widespread and rapid adoption, and there is accordingly an urgent need for a framework within which security issues in mobile commerce can be evaluated. This paper draws on lessons from prior payment mechanisms in order to present such a framework. It provides insights into the use of the framework by performing a test application. Implications for policy, practice and research are drawn.

[1]  Roger Clarke,et al.  The Feasibility of Consumer Device Security , 2007 .

[2]  Patrick Y. K. Chau,et al.  Octopus: an e-cash payment system success story , 2003, CACM.

[3]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[4]  Rachel L. Crowgey,et al.  The state-of-the-art of mobile payment architecture and emerging issues , 2006 .

[5]  W. Kou,et al.  Advances in Security and Payment Methods for Mobile Commerce , 2004 .

[6]  Roger Clarke,et al.  Consumer EFTS in Australia - Part II - Security issues , 1990, Comput. Law Secur. Rev..

[7]  Douglas J. Landoll,et al.  The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments , 2005 .

[8]  Roger Clarke,et al.  An introduction to consumer efts with particular reference to Australia , 1989, Comput. Law Secur. Rev..

[9]  Agnieszka Zmijewska,et al.  Evaluating wireless technologies in mobile payments - a customer centric approach , 2005, International Conference on Mobile Business (ICMB'05).

[10]  Nina Key Klaus Kreyer,et al.  Mobile Payment Procedures: Scope and Characteristics , 2003 .

[11]  Tomi Dahlberg,et al.  Past, present and future of mobile payments research: A literature review , 2008, Electron. Commer. Res. Appl..

[12]  Tom Stafford,et al.  Spyware: The Ghost in the Machine , 2004, Commun. Assoc. Inf. Syst..

[13]  Markus Jakobsson,et al.  Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[14]  K. Pousttchi Conditions for acceptance and usage of mobile payment procedures , 2003 .

[15]  Amir Herzberg,et al.  Payments and banking with mobile personal devices , 2003, CACM.

[16]  John Paynter,et al.  An Arm's Length Evaluation of Octopus , 2001 .

[17]  Thomas Peltier,et al.  Information Technology: Code of Practice for Information Security Management , 2001 .

[18]  R. Clarke Case Study - Cardomat/Migros - An Open EFT/POS System , 1992, Aust. Comput. J..

[19]  Deren Chen,et al.  Study of mobile payments system , 2003, EEE International Conference on E-Commerce, 2003. CEC 2003..

[20]  Roger Clarke,et al.  Authentication Re-visited: How Public Key Infrastructure Could Yet Prosper , 2003, Bled eConference.

[21]  E.Eugene Schultz,et al.  Mobile computing: The next Pandora's Box , 2007, Comput. Secur..

[22]  Key Pousttchi,et al.  Security issues in mobile payment from the customer viewpoint , 2006, ECIS.

[23]  Introduction to Information Security the History of Information Security , 2022 .

[24]  Stephen Rawson E-Commerce - Mobile Transactions: Mobility and Liability: The Hazards of Handhelds , 2002, Comput. Law Secur. Rev..

[25]  G. Davies,et al.  A history of money : from ancient times to the present day , 1995 .

[26]  Ioanna D. Constantiou,et al.  Critical Success Factors for Accelerating Mobile Commerce Diffusion in Europe , 2002, Bled eConference.

[27]  Nilmini Wickramasinghe,et al.  Security of a Mobile Transaction: A Trust Model , 2004, Electron. Commer. Res..

[28]  Stuart J. Barnes,et al.  Mobile Business Research, 2000-2004: Emergence, Current Status, and Future Opportunities , 2005, ECIS.

[29]  Roger Clarke A major impediment to B2C success is...the concept 'B2C' , 2006, ICEC '06.

[30]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[31]  Hans van der Heijden,et al.  Factors Affecting the Successful Introduction of Mobile Payment Systems , 2002, Bled eConference.

[32]  Roger Clarke,et al.  The Fundamental Inadequacies of Conventional Public Key Infrastructure , 2001, ECIS.