These days, if you go shopping in any of China’s major cities, one thing that you will probably not see is people making purchases using cash, or for that matter credit cards. Whether buying a TV, a burger, or groceries, the majority of retail transactions in China are now made using a mobile phone with a cashless payment system such as WeChat Pay or Alipay. This book is part of Springer’s “Computer Communications and Networks” series, a range of textbooks aimed to quickly deliver a good grounding in particular technologies--in this case, mobile payment systems (MPSs).
The first chapter introduces the basic concepts of MPSs, provides an overview of the current state of mobile commerce, and discusses the technologies involved. The benefits and disadvantages of MPSs are covered, and the major entities that form this “ecosystem” (that is, clients, merchants, and so on) are identified. Chapter 2 reviews the type of devices currently available and the operating systems (OSs) that run on them. Interestingly, quite old and niche devices such as BlackBerry and Palm OS are included even though over 95 percent of current mobile devices use either the Android OS or Apple iOS. Security issues, including threats, attack vectors, and mobile malware, are discussed along with countermeasure defenses, and the important security differences between normal personal computers and mobile devices are highlighted.
Chapter 3 reviews and classifies mobile payment models and architectures that have appeared in the literature over the past decade. Core features of models such as micropayments and technologies such as cryptographic techniques, radio frequency identification (RFID), near field communication (NFC), session initiation protocol (SIP), and wireless application protocol (WAP) are explained and discussed. Chapter 4 focuses in more detail on the security of mobile payment transactions. It discusses common cryptographic schemes and provides a summary of the vulnerabilities, threats, and potential protection solutions. Secure sockets layer (SSL), secret key (symmetric) cryptography, public-key (asymmetric) cryptography, and elliptic-curve cryptography (ECC) schemes are explained.
In chapter 5, the authors discuss future challenges for MPSs as well as development opportunities for some of the underlying technologies. Security issues for mobile devices along with the unique challenges of mobile communication are also covered. In particular, privacy and trust issues associated with the ability to track client location and purchase history are discussed. The chapter also covers constraints imposed by the limited processing power of mobile devices, the potential for data leakage, and issues of authentication and encryption.
There is a thorough bibliography, which is not surprising for a work that is in essence a review of the current literature. The book is well laid out, illustrated with useful figures and tables, and has a good index. Overall, this is a concise and interesting explanation of the complex series of processes that are required to translate a simple tap-and-go payment into a secure mobile financial transaction.