Formal analysis of card-based payment systems in mobile devices

To provide card holder authentication while they are conducting an electronic transaction using mobile devices, VISA and MasterCard independently proposed two electronic payment protocols: Visa 3D Secure and MasterCard Secure Code. The protocols use pre-registered passwords to provide card holder authentication and Secure Socket Layer/ Transport Layer Security (SSL/TLS) for data confidentiality over wired networks and Wireless Transport Layer Security (WTLS) between a wireless device and a Wireless Application Protocol (WAP) gateway. The paper presents our analysis of security properties in the proposed protocols using formal method tools: Casper and FDR2. We also highlight issues concerning payment security in the proposed protocols.

A method of fraud & intrusion detection for e-payment systems in mobile

The need for paying with mobile devices has urged the development of payment systems for mobile electronic commerce. In this paper we have considered two important abuses in electronic payments systems for detection. The fraud, which is an intentional deception accomplished to secure an unfair gain, and an intrusion which are any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. Most of the available fraud and intrusion detection systems for e-payments are specific to the systems where they have been incorporated. This paper proposes a generic model called as Activity-Event-Symptoms(AES) model for detecting fraud and intrusion attacks which appears during payment process in the mobile commerce environment. The AES model is designed to identify the symptoms of fraud and intrusions by observing various events/transactions occurs during mobile commerce activity. The symptoms identification is followed by computing the suspicion factors for event attributes, and the certainty factor for a fraud and intrusion is generated using these suspicion factors. We have tested the proposed system by conducting various case studies, on the in-house established mobile commerce environment over wired and wire-less networks test bed.

Towards economic and monetary union: changing trends in payment systems for new european members

The objective of this paper is precisely to study the evolution of payment systems within the accession countries between 1996 and 2003 and compare them with those of the E.U. and the Eurozone countries

From Cash to Electronic Payments: Microeconomic, Macroeconomic, and Policy Aspects of Retail Payment Systems

This dissertation explores three aspects of the economics and policy issues surrounding retail payments (low-value frequent payments): the microeconomic aspect, by measuring costs associated with retail payment instruments; the macroeconomic aspect, by quantifying the impact of the use of electronic rather than paper-based payment instruments on consumption and GDP; and the policy aspect, by identifying barriers that keep countries stuck with outdated payment systems, and recommending policy interventions to move forward with payments modernization. Payment system modernization has become a prominent part of the financial sector reform agenda in many advanced and developing countries. Greater use of electronic payments rather than cash and other paper-based instruments would have important economic and social benefits, including lower costs and thereby increased economic efficiency and higher incomes, while broadening access to the financial system, notably for people with moderate and low incomes. The dissertation starts with a general introduction on retail payments. Chapter 1 develops a theoretical model for measuring payments costs, and applies the model to Guyana—an emerging market in the midst of the transition from paper to electronic payments. Using primary survey data from Guyanese consumers, the results of the analysis indicate that annual costs related to the use of cash by consumers reach 2.5 percent of the country’s GDP. Switching to electronic payment instruments would provide savings amounting to 1 percent of GDP per year. Chapter 2 broadens the analysis to calculate the macroeconomic impacts of a move to electronic payments. Using a unique panel dataset of 76 countries across the 17-year span from 1998 to 2014 and a pooled OLS country fixed effects model, Chapter 2 finds that on average, use of debit and credit cards contribute USD 16.2 billion to annual global consumption, and USD 160 billion to overall annual global GDP. Chapter 3 provides an in-depth assessment of the Albanian payment cards and remittances market and recommends a set of incentives and regulations (both carrots and sticks) that would allow the country to modernize its payment system. Finally, the conclusion summarizes the lessons of the dissertation’s research and brings forward issues to be explored by future research in the retail payments area.

A Study on the Success Potential of Multiple Mobile Payment Technologies

Payment systems all over the world have grown into a complicated web of solutions. This is more challenging in the case of mobile based payment systems. Mobile based payment systems are many and consist of different technologies providing different services. The diffusion of these various technologies in a market is uncertain. Diffusion theorists, for example Rogers, and Davis suggest how innovation is accepted in markets. In the case of electronic payment systems, the tale of Mondex vs Octopus throws interesting insights on diffusion. Our paper attempts to understand the success potential of various mobile payment technologies. We illustrate what we describe as technology breadth in mobile payment systems using data from payment systems all over the world (n=62). Our data shows an unexpected superiority of SMS technology, over other technologies like NFC, WAP and others. We also used a Delphi based survey (n=5) with experts to address the possibility that SMS will gain superiority in market diffusion. The economic conditions of a country, particularly in developing countries, the services availed and characteristics of the user (for example number of un-banked users in large populated countries) may put SMS in the forefront. This may be true more for micro payments using the mobile.

European payment system and monetary union

We make a comparative study of payment systems for E.U. -fifteen countries for the 1996-2002 period. Special attention is paid to the introduction of the new European single currency. The overall trend in payments is for a move from cash to noncash payment instruments, although electronic instruments are not widely used yet. We find a significant impact from the introduction of the new banknotes and coins on card use

Comparative Study of Digital Rights Management Systems for Music and Text Files

Digital Rights Management Systems (DRMS) are seen by content providers as the appropriate tool to, on the one hand, fight piracy and, on the other hand, monetize their assets. Although these systems claim to be very powerful and include multiple protection technologies, there is a lack of understanding about how such systems are currently being implemented and used by content providers. The aim of this paper is twofold. First, it provides a theoretical basis through which we present shortly the seven core protection technologies of a DRMS. Second, this paper provides empirical evidence that the seven protection technologies outlined in the first section of this paper are the most commonly used technologies. It further evaluates to what extent these technologies are being used within the music and print industry. It concludes that the three main Technologies are encryption, password, and payment systems. However, there are some industry differences: the number of protection technologies used, the requirements for a DRMS, the required investment, or the perceived success of DRMS in fighting piracy.

Factors affecting e-payment adoption in Nigeria

For e-commerce to be successful, an efficient e-payment system is the key. The use of formal payment systems also enhances the ability to execute and manage monetary policies, which is essential for a country’s financial sector. Although Nigeria is a regional leader, the usage of e-Payments is still very low despite its many benefits and also attempts by the financial authorities. This therefore calls for an urgent need to investigate the factors that affect individual’s intention to adopt e-payment in Nigeria so that steps can be fashioned out to improve the situation. A survey was conducted to get individual perceptions of e-payments through the use of questionnaires designed based on the theoretical model developed. The results showed that awareness, knowledge of benefits, ease of use, reliability, trust and security, acceptability, accessibility and social influence are the main factors that influence individuals’ intention to adopt e-payments.

Enhancing security of linux-based android devices

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.

Monitoring android for collaborative anomaly detection : a first architectural draft

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways, e.g. for payment systems or assisting the lives of elderly or disabled people. Security threats for these devices become more and more dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level and where third-party developers first time have the opportunity to develop kernel-based low-level security tools. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS, holding the greatest market share among all smartphone OSs, was even closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners privacy. Since signature-based approaches mainly detect known malwares, anomaly-based approaches can be a valuable addition to these systems. They base on mathematical algorithms processing data that describe the state of a certain device. For gaining this data, a monitoring client is needed that has to extract usable information (features) from the monitored system. Our approach follows a dual system for analyzing these features. On the one hand, functionality for on-device light-weight detection is provided. But since most algorithms are resource exhaustive, remote feature analysis is provided on the other hand. Having this dual system enables event-based detection that can react to the current detection need. In our ongoing research we aim to investigates the feasibility of light-weight on-device detection for certain occasions. On other occasions, whenever significant changes are detected on the device, the system can trigger remote detection with heavy-weight algorithms for better detection results. In the absence of the server respectively as a supplementary approach, we also consider a collaborative scenario. Here, mobile devices sharing a common objective are enabled by a collaboration module to share information, such as intrusion detection data and results. This is based on an ad-hoc network mode that can be provided by a WiFi or Bluetooth adapter nearly every smartphone possesses.

Helsingin seudun ruuhkamaksut yritysnäkökulmasta

Congestion of traffic is one of the biggest challenges for urban cities in global perspective. Car traffic and traffic jams are causing major problems and the congestion is predicted to worsen in the future. The greenhouse effect has caused a severe threat to the environment globally. On the other hand from the point of view of companies and other economic parties time and money has been lost because of the congestion of traffic. This work studies some possible traffic payment systems for the Helsinki Metropolitan area introducing three optional models and concentrating on the point of view of the economic parties. Central part of this work is formed by a research questionnaire, which was conducted among companies located in the Helsinki area and where more than 1000 responses were gained. The study researches the approaches of the respondents to the area s current traffic system, its development and urban congestion pricing and the answers are analyzed according to the size, industry and location of the companies. The economic aspect is studied by economic theory of industrial location and by emphasizing the meaning of smoothly running traffic for the economic world. Chapter three presents detailed information about traffic congestion, how today s car-centered society has been formed, what concrete things congestion means for economic life and how traffic congestion can be limited. Theoretically it is examined how urban traffic payment systems are working using examples from London and Stockholm where successful traffic payment experiences exist. The literature review analyzes urban development, increasing car traffic and Helsinki Metropolitan area on a structural point of view. The fourth chapter introduces a case study, which concentrates on Helsinki Metropolitan area s different structures, the congestion situation in Helsinki and the introduction of the traffic payment system clarification. Currently the region is experiencing a phase where big changes are happening in the planning of traffic. The traffic systems are being unified to consider the whole region in the future. Also different advices for the increasing traffic congestion problems are needed. Chapter five concentrates on the questionnaire and theme interviews and introduces the research findings. The respondents overall opinion of the traffic payments is quite skeptical. There were some regional differences found and especially taxi, bus and cargo and transit enterprises shared the most negative opinion. Economic parties were worried especially because of the traffic congestion is causing harm for the business travel and the employees traveling to and from work. According to the respondents the best option from the traffic payment models was the ring model where the payment places would be situated inside the Ring Road III. Both the company representatives and other key decision makers see public transportation as a good and powerful tool to decrease traffic congestion. The only question, which remains, is where to find investors willing to invest in public transportation if economic representatives do not believe in pricing the traffic by for example traffic payment systems.