IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v12y2020i10p160-d418641.html
   My bibliography  Save this article

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

Author

Listed:
  • Guma Ali

    (Department of Information Technology Development and Management (ITDM), Nelson Mandela African Institution of Science and Technology (NM-AIST), Arusha 447, Tanzania)

  • Mussa Ally Dida

    (Department of Information Technology Development and Management (ITDM), Nelson Mandela African Institution of Science and Technology (NM-AIST), Arusha 447, Tanzania)

  • Anael Elikana Sam

    (Department of Communication Science and Engineering (CoSE), Nelson Mandela African Institution of Science and Technology (NM-AIST), Arusha 447, Tanzania)

Abstract

The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money.

Suggested Citation

  • Guma Ali & Mussa Ally Dida & Anael Elikana Sam, 2020. "Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures," Future Internet, MDPI, vol. 12(10), pages 1-27, September.
  • Handle: RePEc:gam:jftint:v:12:y:2020:i:10:p:160-:d:418641
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/12/10/160/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/12/10/160/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Frank Sylvio Gahapa Talom & Robertson Khan Tengeh, 2019. "The Impact of Mobile Money on the Financial Performance of the SMEs in Douala, Cameroon," Sustainability, MDPI, vol. 12(1), pages 1-17, December.
    2. Xin Luo & Richard Brody & Alessandro Seazzu & Stephen Burd, 2011. "Social Engineering: The Neglected Human Factor for Information Security Management," Information Resources Management Journal (IRMJ), IGI Global, vol. 24(3), pages 1-8, July.
    3. Muhai Li & Ming Li, 2010. "An Adaptive Approach for Defending against DDoS Attacks," Mathematical Problems in Engineering, Hindawi, vol. 2010, pages 1-15, June.
    4. Mohamed Amine Ferrag & Leandros Maglaras & Abdelouahid Derhab & Helge Janicke, 2020. "Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues," Telecommunication Systems: Modelling, Analysis, Design and Management, Springer, vol. 73(2), pages 317-348, February.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Guma Ali & Mussa Ally Dida & Anael Elikana Sam, 2021. "A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications," Future Internet, MDPI, vol. 13(12), pages 1-31, November.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Moustaka, Vaia & Theodosiou, Zenonas & Vakali, Athena & Kounoudes, Anastasis & Anthopoulos, Leonidas G., 2019. "Εnhancing social networking in smart cities: Privacy and security borderlines," Technological Forecasting and Social Change, Elsevier, vol. 142(C), pages 285-300.
    2. Claude Bernard Lontchi & Baochen Yang & Kabir Musa Shuaib, 2023. "Effect of Financial Technology on SMEs Performance in Cameroon amid COVID-19 Recovery: The Mediating Effect of Financial Literacy," Sustainability, MDPI, vol. 15(3), pages 1-15, January.
    3. Murrar, Abdullah & Paz, Veronica & Yerger, David & Batra, Madan, 2024. "Enhancing financial efficiency and receivable collection in the water sector: Insights from structural equation modeling," Utilities Policy, Elsevier, vol. 87(C).
    4. Dongyan Nan & Yerin Kim & Min Hyung Park & Jang Hyun Kim, 2020. "What Motivates Users to Keep Using Social Mobile Payments?," Sustainability, MDPI, vol. 12(17), pages 1-13, August.
    5. Alfonso Siano & Lukman Raimi & Maria Palazzo & Mirela Clementina Panait, 2020. "Mobile Banking: An Innovative Solution for Increasing Financial Inclusion in Sub-Saharan African Countries: Evidence from Nigeria," Sustainability, MDPI, vol. 12(23), pages 1-24, December.
    6. Hussain Aldawood & Geoffrey Skinner, 2019. "Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues," Future Internet, MDPI, vol. 11(3), pages 1-16, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:12:y:2020:i:10:p:160-:d:418641. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.