Managing near field communication (NFC) payment applications through cloud computing

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The Near Field Communication (NFC) technology is a short-range radio communication channel which enables users to exchange data between devices. NFC provides a contactless technology for data transmission between smart phones, Personal Computers (PCs), Personal Digital Assistants (PDAs) and such devices. It enables the mobile phone to act as identification and a credit card for customers. However, the NFC chip can act as a reader as well as a card, and also be used to design symmetric protocols. Having several parties involved in NFC ecosystem and not having a common standard affects the security of this technology where all the parties are claiming to have access to client’s information (e.g. bank account details). The dynamic relationships of the parties in an NFC transaction process make them partners in a way that sometimes they share their access permissions on the applications that are running in the service environment. These parties can only access their part of involvement as they are not fully aware of each other’s rights and access permissions. The lack of knowledge between involved parties makes the management and ownership of the NFC ecosystem very puzzling. To solve this issue, a security module that is called Secure Element (SE) is designed to be the base of the security for NFC. However, there are still some security issues with SE personalization, management, ownership and architecture that can be exploitable by attackers and delay the adaption of NFC payment technology. Reorganizing and describing what is required for the success of this technology have motivated us to extend the current NFC ecosystem models to accelerate the development of this business area. One of the technologies that can be used to ensure secure NFC transactions is cloud computing which offers wide range advantages compared to the use of SE as a single entity in an NFC enabled mobile phone. We believe cloud computing can solve many issues in regards to NFC application management. Therefore, in the first contribution of part of this thesis we propose a new payment model called “NFC Cloud Wallet". This model demonstrates a reliable structure of an NFC ecosystem which satisfies the requirements of an NFC payment during the development process in a systematic, manageable, and effective way

Consumer-facing technology fraud : economics, attack methods and potential solutions

The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks

On Privacy Aware Carriers for Value-Possessed e-Invoices Considering Intelligence Mining

Intelligence mining is one of the most promising technologies for effectively extracting intelligence (and knowledge) to enhance the quality of decision-making. In Taiwan, the government curtails underground economic activities and facilitates tax management via ubiquitous e-invoice information processing and intelligence mining for B2C transactions with management realized via privacy-preserved and robust consumer carriers. In this paper, we study the concept of carriers, a medium that facilitates the transfer of an e-invoice from a business to a consumer in a B2C transaction. Implementations of carriers not only depend on the underlying hardware, software, and network infrastructures that support their services, but also on consumers willingness to use them. In this paper, we review Taiwans Second Generation E-invoicing System, which is designed to promote the use of e-invoices in the consumer sector, and identify four problems that require further attention. These problems are: (1) no e-invoice data for immediate review; (2) limited readability of carriers by POS (Point of Sales); (3) lack of seamless integration into purchase behaviors; and (4) carrier traceability. We then discuss possible solutions to overcome these concerns, in hope of offering some insight into future mobile commerce based on e-invoice carriers in the cloud computing era

mFerio: The design and evaluation of a peer-to-peer mobile payment system

Ministry of Education, Singapore under its Academic Research Funding Tier

Mobile payment technologies in retail: a review of potential benefits and risks

Purpose – Retailers and suppliers are facing the challenge of reconfiguring systems to accommodate increasingly mobile customers expecting multichannel options supporting quick and secure digital payment. The purpose of this paper is to harness the learning from the implementation of self-checkout and combines it with available information relating to mobile scanning and mobile point-of-sale (MPOS). Design/methodology/approach – In review of the literature, the paper provides an overview of different modes of mobile payment systems, and a consideration of some of the benefits that they offer to retailers and their customers. The main focus, drawing upon telephone interviews with retail security professionals in Australia and New Zealand, is on anticipating and mitigating against the potential risks, vulnerabilities and impact on shrinkage. Findings – With the market being flooded with software and products, retailers are exposed to a compelling case for mobile payment, but it was found that they are not as cognisant of the potential risks. Research limitations/implications – Further research is needed on the different permutations of mobile POS and how it impacts on the customer journey and rates of internal and external theft. Practical implications – Suggestions for future empirical research on the risks and vulnerabilities that moving to mobile payment can usher in are provided. Originality/value – The paper links research from diverse fields, in particular criminology, to elucidate the potential impact of mobile technologies on retail theft and internal technological and process issues, before offering possible solutions

Secure contactless mobile financial services with near field communication

Masters of ScienceThis thesis presents the results from work with three prototypes that use Near Field Communication technology to provide secure contactless mobile nancial services on mobile phones.South Afric

Consumer-facing technology fraud: Economics, attack methods and potential solutions

The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks.N/