A Survey on Digital Payments Security: Recent Trends and Future Opportunities

  IJCTT-book-cover
 
         
 
© 2021 by IJCTT Journal
Volume-69 Issue-8
Year of Publication : 2021
Authors : Neha Priya, Jawed Ahmed
DOI :  10.14445/22312803/IJCTT-V69I8P107

How to Cite?

Neha Priya, Jawed Ahmed, "A Survey on Digital Payments Security: Recent Trends and Future Opportunities," International Journal of Computer Trends and Technology, vol. 69, no. 8, pp. 26-34, 2021. Crossref, https://doi.org/10.14445/22312803/IJCTT-V69I8P107

Abstract
Digital payment technologies are growing very fast in the sector of e-commerce and mobile banking. This phenomenon has brought vast population to the cyber space for online payments. However, the users are often not aware of security aspects of online transactions. The banking regulations mandate technology led security interventions by intermediaries to protect customers from cyber fraud in digital payments ecosystem. Our literature survey shows the research trend in digital payments security for the past one decade. We use a literature classification framework for systematic literature review on the theme of this work. IS security can impact digital payments across three sectors- its growth motivation, growth challenges and growth assurance respectively. We discuss the recent trends to highlight the research gaps and potential security application areas. We review the literature across several prominent IT techniques used for digital payments security and suggest future opportunities.nd suggest future opportunities.

Keywords
Cyber fraud, Digital payment, IS security, Mobile banking, Online payment, Systematic literature review.

Reference

[1] A. Bancroft, Why Digital Crime Works, in The Darknet and Smarter Crime, Palgrave Studies in Cybercrime and Cybersecurity. (2020) 197–203. https://doi.org/10.1007/978-3-030-26512-0_11.
[2] A. Bancroft, Crime Is as Smart and as Dumb as the Internet, in: The Darknet and Smarter Crime, Palgrave Studies in Cybercrime and Cybersecurity. (2020) 197–203. https://doi.org/10.1007/978-3-03026512-0_1.
[3] Jasmeet and A. Chandhok, Developments in Banking after Privatisation, Impact of Privatization on the Public Sector Banks, M.Phil (Management) thesis, Markandeshwar Institute of Management, Ambala, India, (2013). http://hdl.handle.net/10603/11205.
[4] Y. C. Shen, C. Y. Huang, C. H. Chu, and C. T. Hsu, A benefit cost perspective of the consumer adoption of the mobile banking system, Behaviour & Information Technology. 29 (5) (2010) 497–511. https://doi.org/10.1080/01449290903490658.
[5] M. Salahshour Rad, M. Nilashi, and H. Mohamed Dahlan, Information technology adoption: a review of the literature and classification, Universal Access in the Information Society. 17 (2018) 361–390. https://doi.org/10.1007/s10209-017-0534-z.
[6] J. C. Gu, S. C. Lee, and Y. H. Suh, Determinants of behavioral intention to mobile banking, Expert Systems with Applications. 36 (9) (2009) 11605–11616. https://doi.org/10.1016/j.eswa.2009.03.024.
[7] I. Bashir, and C. Madhavaiah, Consumer attitude and behavioural intention towards Internet banking adoption in India, Journal of Indian Business Research. 7 (1) (2015) 67–102. https://doi.org/10.1108/JIBR-02-2014-0013.
[8] G Gopalakrishna, G.Sivakumar, Patric Kishore, Akhilesh Tuteja, Kamlesh Bajaj, H.Krishnamurthy, Nandkumar Saravade, Abhay Gupte, B.Sambamurthy, Pavan Duggal, Sanjay Sharma, K.Ramakrishnan, and P.K.Panda Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds- Report and recommendations, Reserve Bank of India, Mumbai, (2011). https://rbidocs.rbi.org.in › PdfsPDF.
[9] P. F. Ordoñez-Ordoñez, D. D. Herrera-Loaiza, and R. Figueroa-Diaz, Vulnerabilities in Banking Transactions with Mobile Devices Android: A Systematic Literature Review, in: Botto-Tobar M., Pizarro G., Zúñiga-Prieto M., D’Armas M., Zúñiga Sánchez M. (eds) Technology Trends, CITT 2018, Communications in Computer and Information Science. 895 (2019) . https://doi.org/10.1007/978-3030-05532-5_8.
[10] CDAC, Cyber Security Handbook for Digital Financial Transactions, in Information Security Education & Awareness, MeiTy. [Online]. Available: https://www.comprompt.co.in/financial-security/.
[11] N. T. Msweli, and T. Mawela, Enablers and Barriers for Mobile Commerce and Banking Services Among the Elderly in Developing Countries: A Systematic Review, in: Hattingh M., Matthee M., Smuts H., Pappas I., Dwivedi Y., Mäntymäki M. (eds) Responsible Design, Implementation and Use of Information and Communication Technology, I3E 2020, Lecture Notes in Computer Science. 12067 (2020). https://doi.org/10.1007/978-3-030-45002-1_27.
[12] R. Boateng, and M. Y. P. Sarpong, A Literature Review of Mobile Payments in Sub-Saharan Africa, in: Dwivedi Y., Ayaburi E., Boateng R., Effah J. (eds) ICT Unbounded, Social Impact of Bright ICT Adoption, TDIT 2019, IFIP Advances in Information and Communication Technology. 558 (2019). https://doi.org/10.1007/978-3-030-20671-0_9.
[13] Gonçalo Baptista, and Tiago Oliveira, A weight and a meta-analysis on mobile banking acceptance research, Computers in Human Behavior. 63 (2016) 480-489. https://doi.org/10.1016/j.chb.2016.05.074.
[14] Nick F. Ryman-Tubb, Paul Krause, and Wolfgang Garn, How Artificial Intelligence and machine learning research impacts payment card fraud detection: A survey and industry benchmark, Engineering Applications of Artificial Intelligence. 76 (2018) 130157. https://doi.org/10.1016/j.engappai.2018.07.008.
[15] D. Maheshwari, Payment Card Fraud Detection with Data Mining: A Review, in: Kumar A., Paprzycki M., Gunjan V. (eds) ICDSMLA 2019, Lecture Notes in Electrical Engineering. 601 (2020) . https://doi.org/10.1007/978-981-15-1420-3_164.
[16] C. V. Priscilla, and D. P. Prabha, Credit Card Fraud Detection: A Systematic Review, in: Jain L., Peng SL., Alhadidi B., Pal S. (eds) Intelligent Computing Paradigm and Cutting-edge Technologies, ICICCT 2019, Learning and Analytics in Intelligent Systems. 9 (2019). https://doi.org/10.1007/978-3-030-38501-9_29.
[17] B. Vatanasombut, M. Igbaria, A. C. Stylianou, and W. Rodgers, Information systems continuance intention of web-based applications customers: the case of online banking, Information & Management. 45 (2008) 419–428. https://doi.org/10.1016/j.im.2008.03.005.
[18] M. K. Jain, Consumer Protection in a digital Financial World – Initiatives and Beyond, in Annual Conference of Banking Ombudsman, 2019, RBI Bulletin August 2019.
[19] S. Goudarzi, W. H. Hassan, M. A. R. Baee, and S. Soleymani, The Model of Customer Trust for Internet Banking Adoption, in: Borowik G., Chaczko Z., Jacak W., ?uba T. (eds) Computational Intelligence and Efficiency in Engineering Systems, Studies in Computational Intelligence. 595 (2015). https://doi.org/10.1007/978-3-030-45002-1_27.
[20] Hannah Snyder, Literature review as a research methodology: An overview and guidelines, Journal of Business Research. 104 (2019) 333-339. https://doi.org/10.1016/j.jbusres.2019.07.039
[21] M. Eggert, and J. Alberts, Frontiers of business intelligence and analytics 3.0: a taxonomy-based literature review and research agenda, Business Research. (2020). https://doi.org/10.1007/s40685-020-00108-y.
[22] Ali Gezer, Gary Warner, Clifford Wilson, and Prakash Shrestha, A flow-based approach for Trickbot banking trojan detection, Computers & Security. 84 (2019) 179-192. https://doi.org/10.1016/j.cose.2019.03.013.
[23] Abir Mhenni, Estelle Cherrier, Christophe Rosenberger, and Najoua Essoukri Ben Amara, Double serial adaptation mechanism for keystroke dynamics authentication based on a single password, Computers & Security. 83 (2019) 151-166. https://doi.org/10.1016/j.cose.2019.02.002.
[24] Jieling Wu, Chenglian Liu, and Donald Gardner, A Study of Anonymous Purchasing Based on Mobile Payment System, Procedia Computer Science. 83 (2016) 685-689. https://doi.org/10.1016/j.procs.2016.04.152.
[25] Muhammad Shamraiz Bashir, and Muhammad Naeem Ahmed Khan, A triage framework for digital forensics, Computer Fraud & Security. 2015(3)(2015)8-18. https://doi.org/10.1016/S1361-3723(15)30018-X.
[26] Wenmin Li, Qiaoyan Wen, Qi Su, and Zhengping Jin, An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network, Computer Communications. 35 (2)(2012) 188-195. https://doi.org/10.1016/j.comcom.2011.09.003.
[27] Anthony J. Palmer, Approach for selecting the most suitable Automated Personal Identification Mechanism (ASMSA), Computers & Security. 29 (7) (2010) 785-806. https://doi.org/10.1016/j.cose.2010.03.002.
[28] Zhen Qin, Jianfei Sun, Abubaker Wahaballa, Wentao Zheng, Hu Xiong, and Zhiguang Qin, A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing, Computer Standards & Interfaces. 54 (1) (2017) 55-60. https://doi.org/10.1016/j.csi.2016.11.012.
[29] Harris Papadopoulos, Nestoras Georgiou, Charalambos Eliades, and Andreas Konstantinidis, Android malware detection with unbiased confidence guarantees, Neurocomputing. 280 (2018) 3-12. https://doi.org/10.1016/j.neucom.2017.08.072.
[30] Preeti Chandrakar, and Hari Om, A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC, Computer Communications. 110 (2017) 26-34. https://doi.org/10.1016/j.comcom.2017.05.009.
[31] Suraj Patil, Varsha Nemade, and Piyush Kumar Soni, Predictive Modelling For Credit Card Fraud Detection Using Data Analytics, Procedia Computer Science. 132 (2018) 385-395. https://doi.org/10.1016/j.procs.2018.05.199.
[32] Barbara Carminati, Elena Ferrari, and Ngoc Hong Tran, Trustworthy and effective person-to-person payments over multi-hop MANETs, Journal of Network and Computer Applications. 60 (2016) 1-18. https://doi.org/10.1016/j.jnca.2015.11.011.
[33] Glenn Benson, Shiu-Kai Chin, Sean Croston, Karthick Jayaraman, and Susan Older, Banking on interoperability: Secure, interoperable credential management, Computer Networks. 67 (2014) 235-251. https://doi.org/10.1016/j.comnet.2014.03.024.
[34] Hartini Saripan, and Zaiton Hamin, The application of the digital signature law in securing internet banking: Some preliminary evidence from Malaysia, Procedia Computer Science. 3 (2011) 248253. https://doi.org/10.1016/j.procs.2010.12.042.
[35] Mahmood Moghimi, and Ali Yazdian Varjani, New rule-based phishing detection method, Expert Systems with Applications. 53 (2016) 231-242. https://doi.org/10.1016/j.eswa.2016.01.028.
[36] Sadiq Almuairfi, Prakash Veeraraghavan, and Naveen Chilamkurti, A novel image-based implicit password authentication system (IPAS) for mobile and non-mobile devices, Mathematical and Computer Modelling. 58 (1–2) (2013) 108-116. https://doi.org/10.1016/j.mcm.2012.07.005.
[37] Roberto Saia, and Salvatore Carta, Evaluating the benefits of using proactive transformed-domain-based techniques in fraud detection tasks, Future Generation Computer Systems. 93 (2019) 18-32. https://doi.org/10.1016/j.future.2018.10.016.
[38] Mary Donnelly, Payments in the digital market: Evaluating the contribution of Payment Services Directive II, Computer Law & Security Review. 32 (6) (2016) 827-839. https://doi.org/10.1016/j.clsr.2016.07.003.
[39] Salvatore Carta, Gianni Fenu, Diego Reforgiato Recupero, and Roberto Saia, Fraud detection for E-commerce transactions by employing a prudential Multiple Consensus model, Journal of Information Security and Applications. 46 (2019) 13-22. https://doi.org/10.1016/j.jisa.2019.02.007.
[40] Stuart Dobbie, Challenge of biometric security for banks, Biometric Technology Today. 2020 (3) (2020) 5-7. https://doi.org/10.1016/S0969-4765(20)30037-0.
[41] Alex G. C. de Sá, Adriano C.M. Pereira, and Gisele L. Pappa, A customized classification algorithm for credit card fraud detection, Engineering Applications of Artificial Intelligence. 72 (2018) 21-29. https://doi.org/10.1016/j.engappai.2018.03.011.
[42] Ugo Fiore, Alfredo De Santis, Francesca Perla, Paolo Zanetti, and Francesco Palmieri, Using generative adversarial networks for improving classification effectiveness in credit card fraud detection, Information Sciences. 479 (2019) 448-455. https://doi.org/10.1016/j.ins.2017.12.030.
[43] Nalin Asanka, Gamagedara Arachchilage, and Steve Love, Security awareness of computer users: A phishing threat avoidance perspective, Computers in Human Behavior. 38 (2014) 304-312. https://doi.org/10.1016/j.chb.2014.05.046.
[44] T. Souvignet, J. Hatin, F. Maqua, D. Tesniere, P. L. Ãger, and R. Hormi Ãre, Payment card forensic analysis: From concepts to desktop and mobile analysis tools, Digital Investigation. 11 (3) (2014) 143-153. https://doi.org/10.1016/j.diin.2014.06.006.
[45] Obi Ogbanufe, and Dan J. Kim, Comparing fingerprint-based biometrics authentication versus traditional authentication methods for e-payment, Decision Support Systems. 106 (2018) 1-14. https://doi.org/10.1016/j.dss.2017.11.003.
[46] P. Dijesh, Suvanam Sasidhar Babu, and Yellepeddi Vijayalakshmi, Enhancement of e-commerce security through asymmetric key algorithm, Computer Communications. 153 (2020) 125-134. https://doi.org/10.1016/j.comcom.2020.01.033
[47] Jun Song, Fan Yang, and Lizhe Wang, Secure authentication in motion: A novel online payment framework for drive-thru Internet, Future Generation Computer Systems. 76 (2017) 146-158. https://doi.org/10.1016/j.future.2016.06.011.
[48] Nicole S. van der Meulen, You`ve been warned: Consumer liability in Internet banking fraud, Computer Law & Security Review. 29 (6) (2013) 713-718. https://doi.org/10.1016/j.clsr.2013.09.007.
[49] Mark Noctor, PSD2: Is the banking industry prepared?, Computer Fraud & Security. 2018 (6) (2018) 9-11. https://doi.org/10.1016/S1361-3723(18)30053-8.
[50] Vaishnavi Nath Dornadula, and S Geetha, Credit Card Fraud Detection using Machine Learning Algorithms, Procedia Computer Science. 165 (2019) 631-641. https://doi.org/10.1016/j.procs.2020.01.057.
[51] Mohamad Badra, and Rouba Borghol Badra, A Lightweight Security Protocol for NFC-based Mobile Payments, Procedia Computer Science. 83 (2016) 705-711. https://doi.org/10.1016/j.procs.2016.04.156.
[52] Saad M. Darwish, and Ahmed M. Hassan, A model to authenticate requests for online banking transactions, Alexandria Engineering Journal. 51 (3) (2012) 185-191. https://doi.org/10.1016/j.aej.2012.02.005.
[53] Yuanxin Li, and Darina Saxunov, A perspective on categorizing Personal and Sensitive Data and the analysis of practical protection regulations, Procedia Computer Science. 170 (2020) 1110-1115. https://doi.org/10.1016/j.procs.2020.03.060.
[54] Johannes Jurgovsky, Michael Granitzer, Konstantin Ziegler, Sylvie Calabretto, Pierre-Edouard Portier, Liyun He-Guelton, and Olivier Caelen, Sequence classification for credit-card fraud detection, Expert Systems with Applications. 100 (2018) 234-245. https://doi.org/10.1016/j.eswa.2018.01.037.
[55] Christian J. DâOrazio, and Kim-Kwang Raymond Choo, A technique to circumvent SSL/TLS validations on iOS devices, Future Generation Computer Systems. 74 (2017) 366-374. https://doi.org/10.1016/j.future.2016.08.019.
[56] Se-Hak Chun, Wooje Cho, and Ramanath Subramanyam, Transaction security investments in online marketplaces: An analytical examination of financial liabilities, Decision Support Systems. 92 (2016) 91-102. https://doi.org/10.1016/j.dss.2016.09.015.
[57] Véronique Van Vlasselaer, Cristián Bravo, Olivier Caelen, Tina Eliassi-Rad, Leman Akoglu, Monique Snoeck, and Bart Baesens, APATE: A novel approach for automated credit card transaction fraud detection using network-based extensions, Decision Support Systems. 75 (2015) 38-48. https://doi.org/10.1016/j.dss.2015.04.013.
[58] Yue Liu, Consumer protection in mobile payments in China: A critical analysis of Alipay`s service agreement, Computer Law & Security Review. 31 (5) (2015) 679-688. https://doi.org/10.1016/j.clsr.2015.05.009.
[59] Fabrizio Carcillo, Andrea Dal Pozzolo, Yann-AÃ Le Borgne, Olivier Caelen, Yannis Mazzer, and Gianluca Bontempi, SCARFF: A scalable framework for streaming credit card fraud detection with spark, Information Fusion. 41 (2018) 182-194. https://doi.org/10.1016/j.inffus.2017.09.005.
[60] Stephen Mason, Electronic banking and how courts approach the evidence, Computer Law & Security Review. 29 (2) (2013) 144-151. https://doi.org/10.1016/j.clsr.2013.01.003.
[61] Priya Saravanan, and Selvakumar Subramanian, A Framework for Detecting Phishing Websites using GA based Feature Selection and ARTMAP based Website Classification, Procedia Computer Science. 171 (2020) 1083-1092. https://doi.org/10.1016/j.procs.2020.04.116.
[62] Abdulrahman Alhothaily, Arwa Alrawais, Chunqiang Hu, and Wei Li, One-Time-Username: A Threshold-based Authentication System, Procedia Computer Science. 129 (2018) 426-432. https://doi.org/10.1016/j.procs.2018.03.019.
[63] Nalin Asanka, Gamagedara Arachchilage, and Steve Love, A game design framework for avoiding phishing attacks, Computers in Human Behavior. 29 (3) (2013) 706-714. https://doi.org/10.1016/j.chb.2012.12.018.
[64] Sundeuk Kim, Hyun-Taek Oh, and Young-Gab Kim, Certificate sharing system for secure certificate distribution in mobile environment, Expert Systems with Applications. 44 (2016) 67-77. https://doi.org/10.1016/j.eswa.2015.09.003.
[65] Soon-Nyean Cheong, Huo-Chong Ling, and Pei-Lee Teh, Secure Encrypted Steganography Graphical Password scheme for Near Field Communication smartphone access control system, Expert Systems with Applications. 41 (7) (2014) 3561-3568. https://doi.org/10.1016/j.eswa.2013.10.060.
[66] Maria-Dolores Cano, and Gines Domenech-Asensi, A secure energyefficient m-banking application for mobile devices, Journal of Systems and Software. 84 (11) (2011) 1899-1909. https://doi.org/10.1016/j.jss.2011.06.024.
[67] Sriramulu Bojjagani, and V.N. Sastry, A secure end-to-end proximity NFC-based mobile payment protocol, Computer Standards & Interfaces. 66 (2019) 103348. https://doi.org/10.1016/j.csi.2019.04.007.
[68] R. Malathi, and R. Jeberson Retna Raj, An Integrated Approach of Physical Biometric Authentication System, Procedia Computer Science. 85 (2016) 820-826. https://doi.org/10.1016/j.procs.2016.05.271.
[69] Okan Engin Basar, Gulfem Alptekin, Hasan Can Volaka, Mustafa Isbilen, and Ozlem Durmaz Incel, Resource Usage Analysis of a Mobile Banking Application using Sensor-and-Touchscreen-Based Continuous Authentication, Procedia Computer Science. 155 (2019) 185-192. https://doi.org/10.1016/j.procs.2019.08.028.
[70] Tae Hyun Kim, ChangKyun Kim, and IlHwan Park, Side channel analysis attacks using AM demodulation on commercial smart cards with SEED, Journal of Systems and Software. 85 (12) (2012) 28992908. https://doi.org/10.1016/j.jss.2012.06.063.
[71] Gholam Ali Montazer, and Sara Arab Yarmohammadi, Detection of phishing attacks in Iranian e-banking using a fuzzy–rough hybrid system, Applied Soft Computing. 35 (2015) 482-492. https://doi.org/10.1016/j.asoc.2015.05.059.
[72] Haowei Su, Xiaoli Wen, and Dabi Zou, A Secure Credit Recharge Scheme for Mobile Payment System in Public Transport, IERI Procedia. 4 (2013) 303-308. https://doi.org/10.1016/j.ieri.2013.11.043
[73] Mark Cornett, Can liveness detection defeat the m-commerce hackers?, Biometric Technology Today. 2015 (10) (2015) 9-11. https://doi.org/10.1016/S0969-4765(15)30157-0.
[74] Shikha Badhani, and Sunil K. Muttoo, CENDroid—A clusterensemble classifier for detecting malicious Android applications, Computers & Security. 85 (2019) 25-40. https://doi.org/10.1016/j.cose.2019.04.004.
[75] Satoshi Ono, Takeru Maehara, and Kazunari Minami, Coevolutionary design of a watermark embedding scheme and an extraction algorithm for detecting replicated two-dimensional barcodes, Applied Soft Computing. 46 (2016) 991-1007. https://doi.org/10.1016/j.asoc.2015.11.001.
[76] Chin-Ling Chen, and Jyun-Jie Liao, A fair online payment system for digital content via subliminal channel, Electronic Commerce Research and Applications. 10 (3) (2011) 279-287. https://doi.org/10.1016/j.elerap.2010.09.001.
[77] Jen-Ho Yang, and Pei-Yu Lin, A mobile payment mechanism with anonymity for cloud computing, Journal of Systems and Software. 116 (2016) 69-74. https://doi.org/10.1016/j.jss.2015.07.023.
[78] Khaleel Ahmad, and Md Shoaib Alam, E-commerce Security through Elliptic Curve Cryptography, Procedia Computer Science. 78 (2016) 867-873. https://doi.org/10.1016/j.procs.2016.05.549.
[79] Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero, BankSealer: A decision support system for online banking fraud analysis and investigation, Computers & Security. 53 (2015) 175-186. https://doi.org/10.1016/j.cose.2015.04.002.
[80] Jesús Téllez Isaac, and Sherali Zeadally, An Anonymous Secure Payment Protocol in a Payment Gateway Centric Model, Procedia Computer Science. 10 (2012) 758-765. https://doi.org/10.1016/j.procs.2012.06.097.
[81] Jia Ning Luo, Ming Hour Yang, and Szu-Yin Huang, An Unlinkable Anonymous Payment Scheme based on near field communication, Computers & Electrical Engineering. 49 (2016) 198-206. https://doi.org/10.1016/j.compeleceng.2015.08.007.
[82] SK Hafizul Islam, and G.P. Biswas, A more efficient and secure IDbased remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem, Journal of Systems and Software. 84 (11) (2011) 1892-1898. https://doi.org/10.1016/j.jss.2011.06.061.
[83] Arpita Mazumdar, and Debasis Giri, On-line Electronic Payment System using signcryption, Procedia Technology. 6 (2012) 930-938. https://doi.org/10.1016/j.protcy.2012.10.113.
[84] Yongjian Liao, Yichuan He, Fagen Li, and Shijie Zhou, Analysis of a mobile payment protocol with outsourced verification in cloud server and the improvement, Computer Standards & Interfaces. 56 (2018) 101-106. https://doi.org/10.1016/j.csi.2017.09.008.
[85] Venkatasamy Sureshkumar, R. Anitha, N. Rajamanickam, and Ruhul Amin, A lightweight two-gateway based payment protocol ensuring accountability and unlinkable anonymity with dynamic identity, Computers & Electrical Engineering. 57 (2017) 223-240. https://doi.org/10.1016/j.compeleceng.2016.07.014.