Mobile Commerce and Security Issues Sami S. Elkurdi School of Business, Postgraduate Studies Department Cyprus International University Lefkoşa, K.K.T.C
[email protected]
Abstract— This article intends to illustrate the m-commerce as a new sector emerging from the e-commerce platform. And On the other hand, describing the security concerns appearing during the process between the Payer/Payee transactions, and the consequences that might affect the development of the growing marketplace. At the end, expressing the suggested solutions that could be applied to overcome these security issues. Keywords- m-commerce; security; Market; customer; mobile; Privacy.
I.
INTRODUCTION
We live in a mobile world, a world where the consumer is connected and empowered. Today, nearly 90 percent of the global population, or more than 6.8 billion people, live with reach of a mobile signal, and there are more than 5.3 billion mobile connections. Out of these 5.3 billion connections, there are 3.75 billion unique mobile users. Moreover, people are not just carrying these devices; they’re also using them. More than 6 trillion text messages were sent worldwide in 2010, mobile internet use in on the rise globally, applications are being downloaded in the billions, and increasingly, these people are using their mobile devices to respond to mobile, digital, and traditional advertising. They are also using their device to interact with promotional offers and to visit the mobile web. They are also using mobile to make purchases. (i.e. via mobile commerce) II.
M-COMMERCE
Is a term that is used to refer to the growing practice of conducting financial and promotional activities with the use of a wireless handheld device. The term m-commerce is short for mobile commerce, and recognizes that the transactions may be conducted using cell phones, personal digital assistants and other hand held devices that have operate with Internet access. (Victoria 2010) A. 2 Branches of Mobile Commerce Mobile commerce, as a term, has taken on a dual meaning, describing either making online payments or purchases from a mobile device (mobile ecommerce) and using a mobile device to make payments at a physical store’s point of sale. (Armando 2013, Yazdanifard, Rashad; Elkhabir, Mohamed; 2011) Assuming that shoppers begin to use mobile digital wallets more frequently, there may be little difference in how a shopper makes a smartphone based purchase in a traditional
store or via an ecommerce site. In both cases, it could be a matter of opening the mobile digital wallet and tapping a buy button or holding a fingertip over a designated scanner. This commonality, in turn, could mean that more shoppers will shop ecommerce sites from mobile devices. B. Mobile Marketing The mobile marketing Association defines mobile marketing as: A set of practices that enables organizations to communicate and engage with their audience in an interactive and relevant manner through any mobile device or network. C. Drivers of M-commerce Widespread availability of more powerful mobile devices, the handset culture, the service economy, Vendors‟ push, the mobile workforce, increased mobility, improved price and performance, Improvement of bandwidth. (Niranjanamurthy M, Kavyashree N, Mr S.Jagannath, DR. Dharmendra Chahar 2013) III.
CHALLENGES
Today, privacy and security are a major concern for electronic technologies. M-commerce shares security concerns with other technologies in the field. Privacy concerns have been found, revealing a lack of trust in a variety of contexts, including commerce, electronic health records, e-recruitment technology and social networking, and this has directly influenced users. Security Challenges: Less processing power on devices, Slow Modular exponentiation and Primarily Checking (i.e., RSA), Crypto operations drain batteries (CPU intensive!), Less memory (keys, certs, etc. require storage) Few devices have crypto accelerators, or support for biometric authentication, No tamper resistance (memory can be tampered with, no secure storage); Primitive operating systems w/ no support for access control (Palm OS). (Niranjanamurthy M, Kavyashree N, Mr S.Jagannath, DR. Dharmendra Chahar 2013) A. Security Security has become one of the most important issues that must be resolved first to ensure success of electronic commerce (e-commerce). The low cost and wide availability of the Internet for businesses and customers has sparked a revolution in e-commerce and an e-commerce application may address one or several phases of a typical business transaction, and there exist various possibilities to model these phases. For
example, a possibility is to distinguish five phases of a business transaction. First, the merchant makes an offer for specific (information) goods or services. Secondly, according to this offer, the customer may submit the request online. Thirdly, the customer makes a payment and the merchant delivers the goods or services to the customer. The handling of the payment may involve many ways, such as online banking, post office, and cash on delivery (C.O.D) and so on.
secure Sockets Layer (SSL) protocols are secured by protocols with similar key strength. (Mallon 2010)
User/Customer Safeguards – Client-side Security Issues From the user’s point of view, client-side security is typically the major concern. In general, client-side security requires the use of traditional computer security technologies, such as proper user authentication and authorization, access control, and anti-virus protection. With regard to communication services, the client may additionally require server authentication and non-repudiation of receipt. In addition, some applications may require anonymity (e.g., anonymous browsing on the Web). (Tao, Lu; Xue, Lei; 2007). The hardest security level to implement starts with the customer. Educating customers of security policies and techniques to protect their mobile devices and personal information is challenging, to say the least. (Mallon 2010)
Physical Safeguards – Another security level starts at the data center, the physical location that maintains the security equipment and business protects these facilities from external and internal attacks. (Mallon 2010)
According to the survey held in China, security was reported by the Chinese customers as more significant inhibitor in the mobile communication than in e-commerce. And as we can see in the information world, there is sort of antivirus software and firewall software to protect the computer from being attack on the Internet. While there is little software designing for the mobile devices. And the relation between software flaws and security vulnerabilities is well understood. The daily software bugs provide ample evidence of security holes introduced by software flaws. IV.
M- COMMERCE ISSUES
Mobile commerce raises particular issues when considering the extent to which Canadian children have access to, and use, cellphones ―Parental control over minors’ commercial activities is currently being challenged in the mobile marketplace‖ ; for example, contrary to computer-based ecommerce, SMS-enabled mobile commerce transactions can be directly billed to the cellphone account, allowing children a way to shop for digital content without a parentally controlled credit card. (Office of Consumer Affairs 2010) According to the analysis of ―Mobile Commerce Report‖, teens are the primary target markets for m-commerce services. As teens are not independent in economy and must be guarded by their parents or guardians, a secure system is required to dynamically monitor and control the teens’ activities on the Internet. Unfortunately, due to the limitation of the framework, conventional firewall is not suitable for mobile networks. (QIU, Ying; ZHOU, Jianying; BAO, Feng; 2004) V.
SECURITY BEST PRACTICES
The security best practices require multiple safeguards at four levels: the physical location, network, Transaction, and the user.
Transaction – Banks and mobile operators have the flexibility to assign the level of security and user authentication required based on payment type, transaction value, number of daily transactions and son. Low risk transactions or communications can be done by SMS, for example, while higher value transactions can require a Personal Identification Number (PIN) or out-of-band authentication. (Mallon 2010) Downloadable client-based application – Mobile transaction can also ne made using a downloadable client. During these exchanges, data sent from the mobile device is secured using HTTPs, as well as security algorithms such as AES, RSA and secure Hash Algorithm. Mobile devices that do not support
VI.
SECURITY SOLUTIONS
Login by Account and Password - Traditionally, it’s the most useful way for identification and authority control, but the function is limited and not secured. When Buyer/Seller input account and password, HA will send the data to BMA/SMA, then BMA/ SMA go further to inquire for Database server to compare if the account and password is matched or not. If it does, then Buyer/Seller can login, and there will be a BA/SA for Buyer/Seller uses; it is not matched, then the login will be denied. Login by Digital Certificate -The digital certificate is the best identification tool, just like an electronic ID, it provides more solid security than traditional account and password system. Especially, it can ensure Buyer’s/ Seller’s identity to provide better protection during the transaction process. When Buyer/ Seller sends their own digital certificate to HA, it will forward the data to BMA/SMA, Then BMA/ SMA will ask Coordinator server to confirm with certificate Authority the authenticincy of the digital certificate. If it’s successful, then it will notify BMA/SMA to let this buyer/ Seller in, if not, then the login will be denied. Fingerprint Authentication - These passwords can be — perhaps — defeated more quickly than a fingerprint scanner. Thus, the argument goes, fingerprint recognition would make iPhones and similar devices more secure. In turn, shoppers — who feel more secure about using mobile devices for payments — would be more likely to store information in mobile wallets and then use those wallets to make mobile payments both online and in physical stores. In addition to the perception of increased security, fingerprint scanners would eliminate the ―chore‖ of logging in or even entering passwords or pins to make mobile payments. Simply touching the mobile device or
tapping a buy button could be enough to verify the transaction. In general, removing barriers to a purchase will encourage additional purchases, and fingerprint scanners would remove at least some steps in the mobile commerce checkout process. Voice recognition - The model is based on the basis of voice recognition. The participants of this model include the general users, a third party (voice service provider) and a specific mobile e-commerce company. First, the mobile ecommerce company receives the customer’s voice messages and then transfers the message to the third party to deal with. The model includes voice information storage, voice recognition; voice features update and secure transmission. Voice information storage. During the transactions, the mobile e-commerce company first transforms the user's voice information into digital signals and stores the digital signals in specialized voice database. Then the company will send new voice to a voice recognition system which belongs to the third party, where the voice will be denoised and the voice features will be extracted. After the third party obtaining the features of voice successfully, the features' information will be automatically sent to the mobile e-commerce company and stored in the mobile e-commerce company's voice features database for subsequent voice recognition. (Wujian, Yang; Yangkai, Wu; Guanlin, chen; 2011) REFERENCES -
Armando, Roggio. Apple Fingerprint Scanner May Boost Mobile Commerce. September 9, 2013. http://www.practicalecommerce.com/articles/58192Apple-Fingerprint-Scanner-May-Boost-MobileCommerce (accessed December 27, 2013).
-
Lei, Yi; Tang, Bingyong; Liu, Jin;. Study on the evaluaiton of communication platform in e-commerce and m-commerce. Academic report, IEEE, 2011.
-
Mallon, Diarmiud. m-commerce Security White paper: Key Security Techniques. White paper, Dublin: Sybase, 2010.
-
Niranjanamurthy M, Kavyashree N, Mr S.Jagannath, DR. Dharmendra Chahar. Analysis of E-Commerce and M-Commerce:Advantages, Limitations and Security issues. Nawalgarh (Jhunjhunu), India, June 2013.
-
Office of Consumer Affairs, Industry Canada. "Mobile Commerce:New Experiences, Emerging Consumer Issues." Consumer Trends Update, Winter 2010: 24.
-
QIU, Ying; ZHOU, Jianying; BAO, Feng;. Mobile Personal Firewall. Academic research, Singapore: Institute of Infocomm Research, 2004.
-
Tao, Lu; Xue, Lei;. "Study on Security Framework in E-Commerce." Academic report, China, 2007.
-
Victoria, Customer Affairs. Mobile commerce: opportunities and challenges for consumers, businesses, and regulators. Business report, Australia : Department of Justice, 2010.
-
Wadhava, Ashish; Mehta, Rugved; Gawade, Ashlesha;. "Mobile Commerce and Related Mobile Security Issues." International Journal of Engineering Trends and Technology (IJETT), 2013.
-
Wujian, Yang; Yangkai, Wu; Guanlin, chen;. Application of Voice Recognition for Mobile Ecommerce Security. Research, IEEE, 2011.
-
Yazdanifard, Rashad; Elkhabir, Mohamed;. "Mobile Commerce and Related Mobile Security Issues." International Conference on Software and Computer Applications. Singapore: IACSIT Press, 2011.