Security risk analysis and management in mobile wallet transaction: a case study of pagatech nigeria limited

Published Online December 2018 in MECS

Over the years, payment has always been an integral part of human commercial activities mostly through paper currency and face to face method. Owing to the development in computing and technology which has transformed the mode of transacting businesses, thereby making payments flexible and convenient through electronic commerce (e-commerce). Electronic commerce was designed to eliminate or reduce some of the problems in physical payment characterized by many problems and given individuals, organizations as well as banking sectors financial transactions headache [1]. Some of the problems of the traditional physical payment systems including experience of long queue at banks while making deposit or withdrawal, making a stressful and very long distance journey in order to settle payment for goods and services, and paying utility bills. With electronic payment system, customers now have access to their bank information anywhere at any time, and making financial transactions possible without paying a physical visit to banks. Mobile payment is one of the numerous payment platforms in electronic payment system operates under financial guideline for financial transactions from or through mobile phone. Reference [2] defined mobile payment as any transaction which involves the use of a mobile device such as mobile phone, Smartphone, tablet, Personal Digital Assistant (PDA) to initiate, authorize or confirm an exchange of financial value in return for goods and services. The growth in the mobile technology has made it spreads across the nations including the rural areas, and continuously improving the way people gets closer and making payments for goods and services in an efficient, faster and easier manner. Mobile payment solution has been long anticipated for since early 2000s, but recently gained much needed attention and adoption especially in the US, Europe, Asia, including some developing countries such as Kenya, Tanzania, South Africa and Nigeria. This is as a result of its benefit to improving the payment infrastructure with the ability to reduce the usage of non-cash in circulation.

With respect to the importance of payment in our lives, coupled with the increasing demands for the adoption of mobile payment by many organizations and clients, mobile wallet has emerged as one of the mobile payment solutions that leverage on the ubiquity and mobility of mobile devices and seeks to replace the use of traditional credit/debit cards with mobile phones. Mobile wallet is a digital account with the combination of hardware and software in smartphone that stores money as virtual value which can be used to perform financial transactions and payments [3]. The mobile wallet is continuing to grow due to its enormous benefits such as needless for carrying credit/debit cards around, ability to provide additional value offerings such as location based services to be delivered near the Point of Sale (POS) and the financial inclusion which makes payment to be convenient, faster and economical. With mobile wallet, people can pay money to any account using smartphone application, social media or website, and text messages. The world wide mobile payment volume is also increasing and leading to the launching of several new solutions such as Samsung Pay, Google Pay and Apple Pay digital wallet.

Pagatech Nigeria Limited is a financial service firm licensed by central bank of Nigeria, to leverage on the ubiquity of mobile phones and internet technologies and provide online payment system. Paga acts like a mobile wallet whereby users can conduct financial transactions via mobile phones or internet enabled computers or devices [4]. The essence of Paga is to ensure financial inclusiveness to all Africa irrespective of where they are at any time through seeking to include the unbanked and underbanked population in the digital banking era [5]. With Paga, customers can perform several financial services such as deposit, purchase pre-paid phone credit, pay utility and cable bills, and make payments to retailers. Interestingly, the partnership between Paga and Western Union has also added the benefit where Western Money transfers sent to users can be deposited into the users’ Paga accounts. The firm works in partnership with selected Banks, Microfinance institutions, and all Mobile Network Operators. Paga was founded in the early 2009 by Tayo Oviosu but launched publicly in the year 2011. It currently has four people as members of its board of directors with Tani as the Managing Director of Resource Plc, Tayo Oviosu as the founder and Chief Executive Officer (CEO), Tokunboh Ishmael and Yemi Lalude. Paga mission is to continue transforming lives through providing innovative and universal access to financial services [6]. Some of the Paga mobile payment (wallet) platform competitors in Nigeria including e-Transact, Pay Pal, Quick Teller, Pay U, Eazy Money, Airtel Money,

Vogue and Global Pay.

Globally, cyber-attacks have cost companies in excess of several millions of dollars in term of security breach claims and also reduced the customer confidence in organizations and patronage. Despite the enormous benefits provided by the mobile wallet platforms, there are a lot of security challenges associated with which has raised concerns among the financial and academic communities due to the networking environment through which the mobile payment system works and the risks associated with the use of information systems for various financial transactions. These security challenges are posing threats to the confidentiality, integrity and availability of the information, information system as well as mobile wallet transactions which have adverse impacts on both the service providers and the users [3].

A business organization like mobile wallet service provider who deploys technologies for the provision of financial services needs to ensure the security and privacy of their information, systems and network. Failure of a business organization to safeguard its information resources from any information or cyber security incidents may have high adverse impact on the business, employees, customers and the business associates. It is actually believed that no business can be completely secure, but it is reasonable to implement a program that balances the security with the needs and capability of the business. Therefore, it becomes imperative for businesses such as mobile wallet providers to analyze the vulnerabilities in its system through risk management process in order to minimize or reduce the impact of the security incidents [7].

The mobile payment system stakeholders can be broadly categorized into two, service providers and service customers. The extensive literature review shows that there are few research works that focus on investigating the vulnerabilities in the mobile wallet system that pose threat to the security and privacy of mobile payment customers’ information and the likelihood of attacks on the payment platforms based on the security measures currently put in place by the mobile wallet service providers in Nigeria. The aim of this research work is to analyze the security risks in mobile wallet transactions using Pagatech Nigeria Limited customers as a case study for the purpose of understanding the most important information used by users for financial transactions and the likelihood of attacks on those information types. The outcome of the research furnishes the mobile wallet service providers with the knowledge of the impact of each customer’s information components and the risks associated with the platform in order to prioritize their information or cyber security efforts.

The remaining chapter is organized thus: section 2 provides a review of related works while chapter 3 describes the method used for this paper. Chapter 4 presents the data analysis and results of the finding, chapter 5 concludes the work, while chapter 6 presents some recommendation and acknowledgement.

• II.    Literature Review

Mobile technology has been described as the best innovation ever for mankind, due to the way it is influencing lives of ordinary people and still continue to create opportunities with different dimensions to businesses and individuals [8]. The trend in the mobile technology has witnessed the emergence of mobile device as an inevitable component in the payment system. Mobile device can now be used to initiate or complete financial transactions in a manner that do not requires physical presence of individual at banks or moving about with paper currency as they can now make payment for goods and services through mobile payment platform [9]. Mobile payment can be defined as any transaction which involves the use of a mobile device such as mobile phone, Smartphone, tablet, Personal Digital Assistant (PDA) to initiate, authorize or confirm an exchange of financial value in return for goods and services [2]. In other words, it is a payment for products as services between parties for which a mobile device plays a key role in the realization of the payment.

The recent studies show that there is tremendous improvement in the acceptance of mobile payment method in both advanced and emerging economies. This has led to the emergence of different mobile payment methods especially mobile wallet [3]. Reference [3] defines mobile wallet as virtual platform that stores digital value in form of wallet out of which you can make money transactions and pay for goods and services just like traditional paper money. The recent trend in the mobile payment including Apple Pay, Google Pay, Pay Pal, Airtel Money, Quick Teller, e-transact, easy money, Paga, Pay U, Global Pay. This mobile payment technology has a combination of software and hardware on a certain device and seek to replace the use of traditional credit/debit cards with mobile phones.

Mobile payment can be categorized into two based on the technologies used to deliver them which are either remote or proximity payment [10]. In a remote mobile payment system customers are required to register for a service usually involves downloading of application and then use it on their mobile devices to pay for items. Customers may have some values stored in a prepaid account (digital wallet) or draw funds directly from a linked banked account. For instance, payment service provides like Google, Pay Pal, and Go Pago use a cloudbased remote payment to for their services. On the other hand, Proximity payment system requires customers to present a credit/debit card, mobile phone, or tablet at the point of payment in order to complete the transaction. This payment method is facilitated by Near Field Communication (NFC) which is often referred to as “Contactless Payment” [2].

Many stakeholders are involving in the mobile payment ecosystem such as “merchants”, “customers”, “mobile network operators”, “payment service providers”, “device manufacturers” and “financial institutions”, but can be broadly categorized as mobile payment customers and mobile payment service providers. Basically, there are different stakeholders that play active role in mobile payment (wallet) ecosystem [11]. Mobile payment business model can be categorized as; (1) operator centric model, which is coordinated by network operator to customers with NFC enabled mobile devices; Bank centric model is usually overseen by banks (2) peer-to-peer model enables providers to take advantage of the existing online applications to complete transaction without POS infrastructure required (3) Collaboration model is a n ideal model that allows several stakeholders focus on their core competencies. It involves mobile operators, banks, trusted third-party who are responsible for the management of mobile payment system.

The review of related works shows that despite the enormous benefits of information system in ensuring works are performed faster, efficiently and convenient, there exist lot of security risks that affect both business and its customers which usually leads to huge loss.