Security Risk Analysis and Management in mobile wallet transaction: A Case study of Pagatech Nigeria Limited

Full Text (PDF, 935KB), PP.21-33

Views: 0 Downloads: 0

Author(s)

Musbau D. Abdulrahaman 1,* John K. Alhassan 1 Joseph A. Ojeniyi 1 Shafii M. Abdulhamid 1

1. Federal University of Technology, Minna, Minna, Niger state, Ngeria

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2018.12.03

Received: 30 Sep. 2018 / Revised: 10 Oct. 2018 / Accepted: 18 Oct. 2018 / Published: 8 Dec. 2018

Index Terms

Security Risk Analysis, Electronic Payment, Mobile Payment, Mobile Wallet transaction, Risk Management, Information System Security

Abstract

Mobile wallet is a payment platform that stores money as a value in a digital account on mobile device which can then be used for payments with or without the need for the use credit/debit cards. The cases of cyber-attacks are on the rise, posing threats to the confidentiality, integrity and availability of information systems including the mobile wallet transactions. Due to the adverse impacts of cyber-attacks on the mobile payment service providers and the users, as well as the risks associated with the use of information systems, performing risk management becomes imperative for business organizations. This research work focuses on the assessment of the vulnerabilities associated with mobile wallet transactions and performs an empirical risk management in order to derive the security priority level needed to ensure the security and privacy of the users of mobile wallet platforms. Based on the extensive literature review, a structured questionnaire was designed and administered to the mobile wallet users who are Paga student customers via the internet. A total number of 52 respondents participated in the research and their responses were analyzed using descriptive statistics. The results of the analysis show that mobile wallet Login details are the most important part of customer information that need to be highly protected as their compromise is likely to affect others. Also, customers’ information such as Mobile Wallet Account Number, Registered Phone Number, Linked ATM Card details, and Linked ATM Card PIN among others are also plausible to attacks. Hence, different security priority levels were derived to safeguard each of the components and possible security tools and mechanisms are recommended. The study also revealed that there are vulnerabilities from the mobile wallet users end that also pose threat to the security of the payment system and customers’ transaction which need to be properly addressed. This research work will enable the mobile payment service providers focus on their services and prioritize the security solutions for each user’s information types or components base on the risks associated with their system and help in taking an inform security related decisions.

Cite This Paper

Musbau D. Abdulrahaman, John K. Alhassan, Joseph A. Ojeniyi, Shafii M. Abdulhamid, "Security Risk Analysis and Management in mobile wallet transaction: A Case study of Pagatech Nigeria Limited", International Journal of Computer Network and Information Security(IJCNIS), Vol.10, No.12, pp.21-33, 2018. DOI:10.5815/ijcnis.2018.12.03

Reference

[1]Felix, N. E., & Gideon, K. E. (2012). Electronic Retail Payment System: User Acceptability and Payment Problems in Nigeria. Arabian Journal of Business and Management Review, 1(6), 18–35.
[2]Taylor, E. (2016). Mobile payment technologies in retail: a review of potential benefits and risks. International Journal of Retail and Distribution Management, 44(2), 159–177. https://doi.org/10.1108/IJRDM-05-2015-0065.
[3]Bosamia, M. (2018). Mobile Wallet Payments Recent Potential Threats and Vulnerabilities with its possible security Measures, (April).
[4]Paga (2018). Getting Started. Retrieved from https://mypaga.atlassian.net/wiki/spaces/PFBRA/pages/1573201/Getting+started [Accessed on August 10, 2018]
[5]Investopedia (2018). Paga. Retrieved from https://www.investopedia.com/terms/p/paga.asp [Accessed on August 10, 2018]
[6]Bloomberg (2018). Company Overview of Pagatech Limited. Retrived from https://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=129149971 [Accessed on August 10, 2018]
[7]Paulsen, C., & Toth, P. (2016). Small Business Information Security: The Fundamentals. https://doi.org/10.6028/NIST.IR.7621r1
[8]Agwu, E. M., & Carter, A.-L. (2014). Mobile Phone Banking in Nigeria: Benefits, Problems and Prospects. International Journal of Business and Commerce, 3(6), 50–70. https://doi.org/10.1080/08874417.2015.11645781
[9]Thakur, R., & Srivastava, M. (2014). Adoption readiness, personal innovativeness, perceived risk and usage intention across customer groups for mobile payment services in India, 24(3), 369–392. https://doi.org/10.1108/IntR-12-2012-0244
[10]Slade, E. L. (2015). Slade, E. L., Dwivedi , Y . K., Piercy, N. C., & Williams, M. D. (2015). Modeling Consumers’ Adoption Intentions of Remote Mobile Payments in the United Kingdom: Extending UTAUT with Innovativeness, Risk, and University of Bristol - Explor, 32, 860–873. https://doi.org/10.1002/mar.20823
[11]Ba, J. (2012). Analysis of Security Risks in Mobile Payments. A Case Study Using DNAT Acknowledgement.
[12]Salmela, H. (2014). Analysing business losses caused by information systems risk: A business process analysis approach, (April). https://doi.org/10.1057/palgrave.jit.2000122
[13]Yang, Q., Pang, C., Liu, L., Yen, D. C., & Tarn, J. M. (2015). Computers in Human Behavior Exploring consumer perceived risk and trust for online payments: An empirical study in China’s younger generation. COMPUTERS IN HUMAN BEHAVIOR, 50, 9–24. https://doi.org/10.1016/j.chb.2015.03.058
[14]Yang, Y. (2015). Understanding perceived risks in mobile payment acceptance. https://doi.org/10.1108/IMDS-08-2014-0243
[15]Yusuf, S., & Lee, J. (2015). Technology Adoption: A conjoint analysis of consumers’ preference on future online banking services. Information Systems, 1–15. https://doi.org/10.1016/j.is.2015.04.006