| Summary: | Mobile payment systems are pervasive; their design is driven by convenience and security. In this paper, we identify five common problems in existing systems: (i) specialist hardware requirements, (ii) no reader-to-user authentication, (iii) use of invisible channels, (iv) dependence on a client-server connection, and (v) no inherent fraud detection. We then propose a novel system which overcomes these problems, so as to mutually authenticate a user, a point-of-sale reader, and a verifier over a visual channel, using an embedded image token to transport information, while providing inherent unauthorised usage detection. We show our system to be resilient against replay and tampering attacks.
|
|---|