Secure Mobile Money Withdraw Framework -SEMWIF

Abstract

Mobile Money businesses operate a commission-agent business model, making it easy to scale up. However, Mobile Money business processes and technologies face several security concerns, including data misappropriation, weak authentication among others, which are particularly pressing in the context of rapid adoption of mobile payment technologies in African countries like Uganda. Globally Mobile Payment Systems were first seen in 1997 Helsinki Finland with SMS-Coke and they have evolved a lot since then. Mobile Payment Systems have issues like Money Laundering, Non-compliance, fraud, among others. Weak authentication in mobile money withdrawals result in financial loss and criminal money transfer. To this end, this study investigated the evolution of payment systems, highlighting the desired security requirements for Mobile Payment Systems. Also exploring the level of security awareness and practices among Mobile Money users in Uganda. Mobile Payment Systems are classified into six types; Mobile Wallets, Mobile Internet Payments, Mobile Contactless Payments, Mobile Direct Bank Transfers, SMS Premium Payments, and Mobile Direct Carrier Billing. Financial institutions have a lot of experience with handling money and as a result, financial technology companies have a lot to learn from the banking sector. This study adopted a Pragmatic Philosophical stand, Design Science as a methodology and Abduction as a research strategy. Pragmatism views knowledge as a tool for action and seeks to create useful knowledge. The study aimed to design a framework against withdraw transaction attacks in mobile payment systems, making Design Science an appropriate choice. The study adopted a mix-research approach using both qualitative and quantitative data collection and analysis methods. To ensure a sound understanding of the issues, the study reviewed current literature, with 65% of the reviewed literature being less than 5 years old and from reputable sources like journals and peer-reviewed conference papers. Data collection methods used included document reviewing, key informant interviewing, and surveys. Respondents were selected using a purposive sampling technique. The study's findings suggest that Mobile Money services face numerous security challenges, and practical solutions are needed to improve withdrawer authentication. The study results also show that a number of security concerns exist key among them include: data theft; transaction fabrication; weak authentication on funds withdraw; and lack of transaction confidentiality as the system relies on SMS technology among others. Heavy reliance on single-factor authentication (PIN), is Weaker authentication and the limited cybersecurity training for both agents and customers is breeding Mobile Money crime. The study finds that traditional financial intitutions use multi-factor athentication to mitigate money withdraw risks with customers– a lesson for mobile money service providers for the withdraw transactions.The study designed the Secure Mobile Money Withdraw Framework – SeMWiF, composed of the Detection Protocol, Prevention Protocol and Recovery Protocol. Results show that 66% of the respondents agreed that SeMWiF enhaces withdrawer authentication through multi-factor authentication with a 57% ease of rating. Stakeholders of mobile payment systems must take appropriate and continuous security measures like; cybersecurity research, training and certification of telecom staff and Mobile Money agents, civic education, Mechanisms for compliance, Regulator guidance on Strong Customer Authentication- SCA, encryption and security mechanisms such as used in SeMWiF. Should the Secure Mobile Money Withdraw Framework-SeMWiF guidelines be implemented, mobile money stakeholders will experience greater use from enhanced security and less financial loss.