Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
The Smart Cards: A Developer's Toolkit
The Smart Cards: A Developer's Toolkit
Implementing Electronic Card Payment Systems
Implementing Electronic Card Payment Systems
Securing e-business applications using smart cards
IBM Systems Journal - End-to-end security
Smart Client Deployment with ClickOnce(TM): Deploying Windows Forms Applications with ClickOnce(TM) (Microsoft .NET Development Series)
Hand-held computers can be better smart cards
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Caernarvon secure embedded operating system
ACM SIGOPS Operating Systems Review
Mobile In-store Personalized Services
ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services
Mobile electronic identity: securing payment on mobile phones
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
SmartTokens: delegable access control with NFC-Enabled smartphones
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
A Survey on Near Field Communication (NFC) Technology
Wireless Personal Communications: An International Journal
Ecosystem scenarios for cloud-based NFC payments
Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems
| Hi-index | 0.00 |
The loss of customer account information makes headlines all too often. The Payment Card Industry (PCI) Data Security Standard (DSS) has generated resistance from merchants because of its cost and complexity. Unfortunately, innovating in the Point of Sale (PoS) space is hard because the protocols have been standardized, tightly constraining new ideas. Using mobile phones as payment devices opens up some opportunities, but any solution must minimize changes in the back-end processing. This paper describes a Near Field Communication (NFC) based mobile phone payment solution in a service-oriented environment, which provides the needed data protection without requiring costly changes to the payment processing infrastructure. In the payment transaction path, a personal mobile phone is viewed as a single, user-trusted touch point. Compared to other solutions available, our approach better protects user credentials, provides better user control over the transaction, and supports both proximity and remote transactions. The prototype has been integrated with an instore kiosk application and a HP multi-channel banking platform to demonstrate its value in the retail environment.