Security Issues of Smartphones Regarding M-Commerce

Security Issues of Smartphones Regarding M-Commerce

Salva Daneshgadeh, Nazife Baykal, Bugra Karabey
DOI: 10.4018/978-1-4666-9787-4.ch103
(Individual Chapters)
No Current Special Offers

Chapter Preview



Mobile commerce was introduced in Finland with the installation of Coca-Cola SMS-enabled vending machine in 1997. Customers could make mobile payment by sending a text message to the vending machine in order to perform mobile transactions. In the same year, the SMS-based mobile banking service was also introduced by Merita Bank in Finland. Then I-mode (a Japanese company) launched the first mobile commerce platform in 1999. While most European and Asian markets had already started to use 3G in 2001, 3G was introduced in the U.S in 2003 (Niranjanamurthy, Kavyashree, Jagannath & Bhargava, 2012). As a result of which the adoption of m-commerce in North America took longer.

In general, m-commerce can be done in different ways: SMS, USSD, WAP, STK and NFC. SMS and USSD are the traditional forms of doing m-commerce. Currently, all of these technologies are available, but today’s smartphones utilize STK and NFC technologies the most (Mikesell, 2012).

  • SMS: The one-way push notification message for adverting, the wireless delivery mechanisms for downloads such as ringtones, and the two-way interaction messages such as asking the mobile operator about the remaining minutes by texting “MINUTE” to a specific number are the types of SMS-based m-commerce.

  • Unstructured Supplementary Service Data (USSD): It creates a real-time connection that allows for true session-based communications by enabling the texting between a mobile phone and an application program in the network. It also provides push notification and two-way query demands.

  • Wireless Access Protocol (WAP): Whereas WAP enables the access to the Internet by using XHTML (a variation of HTML for mobile web access), it does not enable the access to the mobile phone features.

  • SIM Application Toolkit (STK): STK is a standard for GSM which defines how the SIM card should interact with the outside world. Applications can be built on the SIM card, and they request and receive information from the SIM card. They also enable user inputs and communications with external applications. Almost all mobile operators deploy STK for many applications. Currently, the USIM Application Toolkit (USAT) is used for 3G networks.

  • Near Field Communication (NFC): NFC is a set of standards for smartphones and other wireless handheld devices which uses contactless radio communication to make money transactions and money transfers. It is usually used for micropayments; i.e. any transaction cost lower than $ 10.

Key Terms in this Chapter

Phishing: Trying to obtain sensitive information (usernames, passwords and credit card information) by masquerading as a trusted party in an electronic communication.

Eavesdropping: Listening to the private conversation of others without their allowance and in an unethical manner.

Transaction Authentication Number (TAN): A form of one-time-password which is used by online banking services to make double authentication.

Integrity: Ensuring that data remains accurate and unchanged by unauthorized people/parties during transmission.

Authorization: The process of giving someone permission/ right to do or own something.

M-commerce: Buying and selling of goods and services through wireless handheld devices such as smartphones, tablets and PDAs.

E-Commerce: Using electronic network (primary internet) for making any financial transactions such as buying and selling of goods and services.

Denial of Service Attack: Trying to make a network resource unavailable by flooding it with useless traffic.

Confidentiality: Ensuring that only authorized people can access information and data.

TapJacking: A hacking technique where a malicious application presents an unreal user interface in order to obtain user events for a hidden action in the background.

BlueSnarfing: Unauthorized access to a wireless device through a Bluetooth connection in order to obtain data which is stored in mobile phones such as contact details and financial or login information (Jamaluddin at el., 2004).

Smartphone: A mobile phone with an operating system. It provides other features such as digital camera, media player, GPS and web browsing. The later versions of smartphones also provide touchscreen capability, Wi-Fi, third-party apps, motion sensor, 3G/4G and biometric authentication features such as figure-print.

Jailbreaking/Rooting: The process of removing hardware restrictions on iOS or Android. Rooting is jailbreaking in order to customize almost anything in cellphones.

Man-in-the-middle Attack: A type of attack where an attacker places himself/herself between the sender and receiver of information and sniffs any information which is transmitted in the channel. Attacker also can alter the communication between two parties.

BlueJacking: Sending of unwanted messages over Bluetooth to Bluetooth-enabled devices ( Jamaluddin, Zotou, & Coulton, 2004 ).

Authentication: The process of verifying that someone is who he/she claims to be.

Complete Chapter List

Search this Book: