Next Article in Journal
The Value of Simple Heuristics for Virtualized Network Function Placement
Previous Article in Journal
Expectations and limitations of Cyber-Physical Systems (CPS) for Advanced Manufacturing: A View from the Grinding Industry
Open AccessReview

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

1
Department of Information Technology Development and Management (ITDM), Nelson Mandela African Institution of Science and Technology (NM-AIST), Arusha 447, Tanzania
2
Department of Communication Science and Engineering (CoSE), Nelson Mandela African Institution of Science and Technology (NM-AIST), Arusha 447, Tanzania
*
Author to whom correspondence should be addressed.
Future Internet 2020, 12(10), 160; https://doi.org/10.3390/fi12100160
Received: 9 August 2020 / Revised: 13 September 2020 / Accepted: 18 September 2020 / Published: 24 September 2020
The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money. View Full-Text
Keywords: two-factor; authentication scheme; authentication; mobile money; the mobile money system; mobile banking; threat models; countermeasures two-factor; authentication scheme; authentication; mobile money; the mobile money system; mobile banking; threat models; countermeasures
Show Figures

Figure 1

MDPI and ACS Style

Ali, G.; Ally Dida, M.; Elikana Sam, A. Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures. Future Internet 2020, 12, 160.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop