Matching in Proximity Authentication and Mobile Payment EcoSystem: What Are We Missing?

Yunhui Zhuang; Alvin Chung Man Leung; James Hughes

doi:10.1007/978-3-319-62024-4_12

Matching in Proximity Authentication and Mobile Payment EcoSystem: What Are We Missing?

Yunhui Zhuang^*, Alvin Chung Man Leung, James Hughes

^*Corresponding author for this work

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 12 - Chapter in an edited book (Author) › peer-review

2 Citations (Scopus)

Abstract

During the past decade, cybersecurity threats have drawn everyone’s attention and it’s becoming a national priority in many leading countries. With the development of sophisticated mobile technology, mobile (contactless) payment insecurity, which may cause huge financial losses, is now becoming a serious threat to our daily life. During the holiday season in 2013, China’s most welcome mobile payment system provider - Alipay - lost over 20 GB worth of customer data in a security breach, which affected at least 15 million customers. Even though the company has promised to evaluate the security of the system and to take necessary measures to protect customer’s data, are we still safe with the payment? In this paper, we investigate several security vulnerabilities for Alipay wallet, which may cause individual’s personal data and financial losses. This is due to not only less regulation by authorities but also the failure of enabling secure proximity authentication during mobile payment. By going through these surprising vulnerabilities, we come up with some ideas on how to combat them and show how to enhance the mobile payment security by enabling proximity authentication before monetary transactions. © Springer International Publishing AG 2017

Original language	English
Title of host publication	Radio Frequency Identification and IoT Security
Subtitle of host publication	12th International Workshop, RFIDSec 2016, Hong Kong, China, November 30 -- December 2, 2016, Revised Selected Papers
Editors	Gerhard P. Hancke, Konstantinos Markantonakis
Place of Publication	Cham
Publisher	Springer
Pages	163-172
ISBN (Electronic)	978-3-319-62024-4
ISBN (Print)	9783319620237
DOIs	https://doi.org/10.1007/978-3-319-62024-4_12
Publication status	Published - 2017
Event	12th International Workshop on Radio Frequency Identification and IoT Security (RFIDSec 2016) - Hong Kong, China Duration: 30 Nov 2016 → 2 Dec 2016 https://rfidsec2016.org/

Publication series

Name	Lecture Notes in Computer Science
Volume	10155
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Workshop on Radio Frequency Identification and IoT Security (RFIDSec 2016)
Abbreviated title	RFIDSec 2016
Place	China
City	Hong Kong
Period	30/11/16 → 2/12/16
Internet address	https://rfidsec2016.org/

Research Keywords

Alipay wallet
Mobile payment
QR code
Security

Access Output

10.1007/978-3-319-62024-4_12

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Zhuang, Y., Leung, A. C. M., & Hughes, J. (2017). Matching in Proximity Authentication and Mobile Payment EcoSystem: What Are We Missing? In G. P. Hancke, & K. Markantonakis (Eds.), Radio Frequency Identification and IoT Security: 12th International Workshop, RFIDSec 2016, Hong Kong, China, November 30 -- December 2, 2016, Revised Selected Papers (pp. 163-172). (Lecture Notes in Computer Science; Vol. 10155). Springer . https://doi.org/10.1007/978-3-319-62024-4_12

Zhuang, Yunhui ; Leung, Alvin Chung Man ; Hughes, James. / Matching in Proximity Authentication and Mobile Payment EcoSystem : What Are We Missing?. Radio Frequency Identification and IoT Security: 12th International Workshop, RFIDSec 2016, Hong Kong, China, November 30 -- December 2, 2016, Revised Selected Papers. editor / Gerhard P. Hancke ; Konstantinos Markantonakis. Cham : Springer , 2017. pp. 163-172 (Lecture Notes in Computer Science).

@inbook{bcecc860d14f4abe8525717b3353921a,

title = "Matching in Proximity Authentication and Mobile Payment EcoSystem: What Are We Missing?",

abstract = "During the past decade, cybersecurity threats have drawn everyone{\textquoteright}s attention and it{\textquoteright}s becoming a national priority in many leading countries. With the development of sophisticated mobile technology, mobile (contactless) payment insecurity, which may cause huge financial losses, is now becoming a serious threat to our daily life. During the holiday season in 2013, China{\textquoteright}s most welcome mobile payment system provider - Alipay - lost over 20 GB worth of customer data in a security breach, which affected at least 15 million customers. Even though the company has promised to evaluate the security of the system and to take necessary measures to protect customer{\textquoteright}s data, are we still safe with the payment? In this paper, we investigate several security vulnerabilities for Alipay wallet, which may cause individual{\textquoteright}s personal data and financial losses. This is due to not only less regulation by authorities but also the failure of enabling secure proximity authentication during mobile payment. By going through these surprising vulnerabilities, we come up with some ideas on how to combat them and show how to enhance the mobile payment security by enabling proximity authentication before monetary transactions. {\textcopyright} Springer International Publishing AG 2017",

keywords = "Alipay wallet, Mobile payment, QR code, Security",

author = "Yunhui Zhuang and Leung, {Alvin Chung Man} and James Hughes",

year = "2017",

doi = "10.1007/978-3-319-62024-4_12",

language = "English",

isbn = "9783319620237",

series = "Lecture Notes in Computer Science",

publisher = "Springer ",

pages = "163--172",

editor = "Hancke, {Gerhard P.} and Konstantinos Markantonakis",

booktitle = "Radio Frequency Identification and IoT Security",

note = "12th International Workshop on Radio Frequency Identification and IoT Security (RFIDSec 2016), RFIDSec 2016 ; Conference date: 30-11-2016 Through 02-12-2016",

url = "https://rfidsec2016.org/",

}

Zhuang, Y, Leung, ACM & Hughes, J 2017, Matching in Proximity Authentication and Mobile Payment EcoSystem: What Are We Missing? in GP Hancke & K Markantonakis (eds), Radio Frequency Identification and IoT Security: 12th International Workshop, RFIDSec 2016, Hong Kong, China, November 30 -- December 2, 2016, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10155, Springer , Cham, pp. 163-172, 12th International Workshop on Radio Frequency Identification and IoT Security (RFIDSec 2016), Hong Kong, China, 30/11/16. https://doi.org/10.1007/978-3-319-62024-4_12

Matching in Proximity Authentication and Mobile Payment EcoSystem: What Are We Missing? / Zhuang, Yunhui; Leung, Alvin Chung Man; Hughes, James.
Radio Frequency Identification and IoT Security: 12th International Workshop, RFIDSec 2016, Hong Kong, China, November 30 -- December 2, 2016, Revised Selected Papers. ed. / Gerhard P. Hancke; Konstantinos Markantonakis. Cham: Springer , 2017. p. 163-172 (Lecture Notes in Computer Science; Vol. 10155).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 12 - Chapter in an edited book (Author) › peer-review

TY - CHAP

T1 - Matching in Proximity Authentication and Mobile Payment EcoSystem

T2 - 12th International Workshop on Radio Frequency Identification and IoT Security (RFIDSec 2016)

AU - Zhuang, Yunhui

AU - Leung, Alvin Chung Man

AU - Hughes, James

PY - 2017

Y1 - 2017

N2 - During the past decade, cybersecurity threats have drawn everyone’s attention and it’s becoming a national priority in many leading countries. With the development of sophisticated mobile technology, mobile (contactless) payment insecurity, which may cause huge financial losses, is now becoming a serious threat to our daily life. During the holiday season in 2013, China’s most welcome mobile payment system provider - Alipay - lost over 20 GB worth of customer data in a security breach, which affected at least 15 million customers. Even though the company has promised to evaluate the security of the system and to take necessary measures to protect customer’s data, are we still safe with the payment? In this paper, we investigate several security vulnerabilities for Alipay wallet, which may cause individual’s personal data and financial losses. This is due to not only less regulation by authorities but also the failure of enabling secure proximity authentication during mobile payment. By going through these surprising vulnerabilities, we come up with some ideas on how to combat them and show how to enhance the mobile payment security by enabling proximity authentication before monetary transactions. © Springer International Publishing AG 2017

AB - During the past decade, cybersecurity threats have drawn everyone’s attention and it’s becoming a national priority in many leading countries. With the development of sophisticated mobile technology, mobile (contactless) payment insecurity, which may cause huge financial losses, is now becoming a serious threat to our daily life. During the holiday season in 2013, China’s most welcome mobile payment system provider - Alipay - lost over 20 GB worth of customer data in a security breach, which affected at least 15 million customers. Even though the company has promised to evaluate the security of the system and to take necessary measures to protect customer’s data, are we still safe with the payment? In this paper, we investigate several security vulnerabilities for Alipay wallet, which may cause individual’s personal data and financial losses. This is due to not only less regulation by authorities but also the failure of enabling secure proximity authentication during mobile payment. By going through these surprising vulnerabilities, we come up with some ideas on how to combat them and show how to enhance the mobile payment security by enabling proximity authentication before monetary transactions. © Springer International Publishing AG 2017

KW - Alipay wallet

KW - Mobile payment

KW - QR code

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85026778026&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85026778026&origin=recordpage

U2 - 10.1007/978-3-319-62024-4_12

DO - 10.1007/978-3-319-62024-4_12

M3 - RGC 12 - Chapter in an edited book (Author)

SN - 9783319620237

T3 - Lecture Notes in Computer Science

SP - 163

EP - 172

BT - Radio Frequency Identification and IoT Security

A2 - Hancke, Gerhard P.

A2 - Markantonakis, Konstantinos

PB - Springer

CY - Cham

Y2 - 30 November 2016 through 2 December 2016

ER -

Zhuang Y, Leung ACM, Hughes J. Matching in Proximity Authentication and Mobile Payment EcoSystem: What Are We Missing? In Hancke GP, Markantonakis K, editors, Radio Frequency Identification and IoT Security: 12th International Workshop, RFIDSec 2016, Hong Kong, China, November 30 -- December 2, 2016, Revised Selected Papers. Cham: Springer . 2017. p. 163-172. (Lecture Notes in Computer Science). Epub 2017 Jul 20. doi: 10.1007/978-3-319-62024-4_12

Matching in Proximity Authentication and Mobile Payment EcoSystem: What Are We Missing?

Abstract

Publication series

Conference

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this