KeyAwobrsdtsr:aTcrta:nsactonss mobile moneys traceability Mobile payment is an electronic payment made througrhelaatmedobtiole dpeavyimcee.ntAsprthoecensusemsbe(FreodfemraolbiRleespehrovnee Intsruobdsuccrtibioenrs in Ghana increases, so does the market for BmaonbkiloefmNoenweyYsoerrkv,ic1e9s9.6T)he majority of Ghanaians Thelacwkoralndyaflolromvaelr biasnwkiatncecsosuinntg. Aann iensctriemaasteedin80 percent of Ghanaians are “unbanked” - meaning they elecctornodnuicct ptahyemir etnratnsinascttriuomnsenotustsitdoe etnhheabnacnekitnhge sector Mwiothbilneopaacycmesesnttosefrivniacnec(iaMl PsSer)vcicoems.prPirsoedsuthctes ulsikee effi“cmieonbciyle minonbeuys,”intehsast ecnyacbllees sa(fAebaonrd, se2c0u0r4e).money torfanmsfoebrsilewidtehvoiuctesthseuucshe aosf Maobbainlke aPchcoonuen,t,PcDoAul,d Banhkaevres,atemchanjoorloigmypsapcetcoianlisthtsisanudnseenrvtreedprseengemuresnt of thaenpdopWuliarteiolens.s MToabbilleet,moconneynegcitvedes taonyoaneMwoibtihlea andmmobainlye pohthoenres tohveearbtihlietyyteoartsrahnasvfeer cmoonntienyu,amllyake cashTpealeycmoemnmtsuannidcactioonnductNoetthweorrfkin,anctoial trbaengsianctionas advoovceartetdhefpohrotnhee. Creuprlraecnetmlye, ntht eoref aprheyfsoiucralmcoabsihle moneytransaction; such as a purchase request, and ends a payment systems in Ghana, namely, MTN mobile andmthoeneinyt,roVdoudcatfioonneof(VmFo)recaesffhi,ciTeingto,flceaxsihblaenadndAirtel mtornaenysa.cFtioornanbeyffeacutitvheoroizpienrgatiopnayomf etnhtesse fsoyrstetmhes, cosPtreivffaeccyti,vTerarceetaaibl ilpiatyy,mCeonstt soofluTtriaonnssac(Btioann,kafnodr SimpliceixtychoafntgheeoPfrgoocoesdsseasnidnvsoerlvveicdesa.re of much interest. InteTrhneatisotundayl eSxaemttlienmedentth,e l1o9o9p8h)o.les inWtihteh cutrhreent mobTilehepauysme eonft smysotbeimles pahnodnpersoposesudcah ftrraamnseawcotiroknsto in intraodddurcetsisontheolfooeplheoclterosnsiucchpaasy:mEenntte,rinagllofbiannfkormationmoankensexMtoPfSkain fionrtmo thoef seylesctetrmonic duripnagy mreegnist,trawtiiothn, tranascaccetpiotannscceaonf eyaesairlyofbbeirdthonaes PwIiNth,oturatngsoaicntigontoal PIN dethceryepxtecde,pntioonenthteartintgheoftraanVsaaclitdioInDs naruemcbaerrriiendtootuhte thesybsatnekmin,gnohparlolv(iAsiobnorf,or20se0c4u).ritTyowothrdis deufrfiencgt,token caosnh tohuet, mnoobpirleovpishioonnef.oTrhgeuavraisnitoonr ionffoMrmPaStioins, tnoo elecptrroovniisciopnayfmorenBt ohGas ptheermreiftorneubmebeenr,densoigpnreodvtiosion for trpaonlsicfoermcletahreanmceobniluempbheorn, eainndtodaat“afuinture trawnsailtlent”ot assiesntcarlylpttheedstakeholders in minimizing problems
The world all over is witnessing an increase in electronic payment instruments to enhance the efficiency in business cycles (
Mobile payment service (MPS) comprises the use of mobile devices such as Mobile Phone, PDA, and Wireless Tablet, connected to a Mobile Telecommunication Network, to begin a transaction; such as a purchase request, and ends a transaction by authorizing payments for the exchange of goods and services.
The use of mobile phones in such transactions makes MPS a form of electronic payment, with the exception that the transactions are carried out on the mobile phone. The vision of MPS is to transform the mobile phone into a “future wallet” holding credit card, debit account information and mobile “cash” for transactions ( Bolt, W, et. al; 2008)
Electronic retail payments continuous to emerge in Ghana to substitute or decrease paper-based payments and banks in Ghana are striving hard to catch up with the new emergence
Fundamentally, these new and emerging payment systems are based on technical innovations such as card, telephone and Internet (
In Ghana, there has been the introduction of various payment systems which is to facilitate the exchange of transactions of either goods or services. Each payment system that has been introduced has its own benefits that it accrues to its users as well as the burdens that it poses on the customer, the merchant and the service providers of that payment system. In Ghana, the cash payment system which forms the bulk of the payments in the country involves carrying physical cash to make payments. Though, cash gives people instant purchasing power, which makes them rely on its use for their transactions, also has a carriage burden.
For instance, in order to complete a transaction involving a large sum of money the buyer needs to carry a large sum of money to the point of sales, queue up as well as spend a lot of productive hours in order to make a transaction. These bottle necks and inconveniences discourage most people, waste productive hours, and put life and resources at risk. Furthermore, the awareness of insufficient security of existing mobile payment systems owing to improper protocol design resulting in lack of vital transaction security properties discourages merchant and their customers from using the electronic payment systems.
The study therefore seeks to analyse the mobile payment systems from the viewpoints of privacy, effectiveness, processes involved, traceability and transaction cost. It will also empirically examine the loopholes in the existing mobile payment systems in Ghana and design a framework to address the identified loopholes in the existing system.
(
According to (
Mobile money or mobile payment is a service in which the mobile phone is used to access financial services. According(
Experts are of the opinion that many hurdles still needed to be cleared to progress the mobile payment system into the mainstream of electronic payment. According to (
(
According to Ghana Chamber of Telecommunications, mobile money operators in Ghana have recorded 388 mobile money fraud cases in the year 2016 as against 278 in the year 2015. This therefore represents 28.35% increase in mobile money fraud cases, an indication that mobile money fraud is on the ascendancy in Ghana. Notable among the fraud cases are Anonymous calls from fraudsters, false promotion, Cash out fraud, Scam, False promotional SMS, False Cash out SMS, and Unauthorized PIN Access.
The main objective of this research is to resolve the security loopholes in the current electronic payment systems i.e. mobile payment systems in Ghana. To model the electronic payment systems (mobile money systems), we design a payment platform systems using the following development resources: netbeans, JSF, Primefaces, xampp and sqlyol. We use cisco packet tracer to track data in transit in the mobile money payment platforms. To get the perception of Ghanaian community about the Mobile money payment process, a survey design is used to establish the perception of respondents in reference to mobile payment processing systems from the viewpoints of privacy, effectiveness, processes involved, traceability and transaction cost. The research incorporates all the mobile money services providers, thus, MTN, Tigo, Airtel and Vodafone as the study population. The study therefore targeted officers directly in charge of the mobile money transaction. According to the Bank of Ghana, there are currently four (
The researchers observed that the total population of four (
Primary and secondary data constituted the sources of information for this research. Observations and interviews are used to collect the primary data. Data collected from this source focused on privacy, effectiveness, processes involved, traceability and transaction cost of the mobile money services. Secondary data on the other hand focused on registration documents and transaction charts. The tool employed for the data collection was interview. This was used to collect primary data from the officers in charge. The interview was conducted on one -on - one basis. This provided the respondents the opportunity to give a more adequate account of a peculiar phenomenon.
Microsoft office excel was then used to analyse the transaction cost vis a vis the transaction amounts. This was done in order to determine the most cost effective payment system.
Validity and Reliability of the Research Instrument
The designed framework was run several times to ensure all loopholes identified were resolved. This was done to ensure validity and reliability of the data before processing the results. Also, the researchers registered for the four mobile money services and had used them to undertake the various mobile money transactions and this gave them the first hand information through observation.
This section discussed the results of the experiment by examining the existing mobile payment processing systems and comparing it to the researcher’s framework
Privacy
Analysis of the processes involved in any transaction revealed that all the four mobile payment systems make use of PIN to safeguard the subscriber’s privacy and to link a subscriber or an agent to his or her account. , the use of the PIN has a deficiency in that the transaction PIN appears in plain figures which could be easily identified by a third party and thereby poses a threat to one’s privacy.
Traceability
It was revealed that the mobile payment systems make use of mobile phone number, transaction ID and a valid national ID card number to track or trace transaction. It was revealed that apart from token or voucher transactions, the use of a valid ID card is not enforced by the agents. This in effect could pose a difficulty during tracking or tracing of any wrong transaction for which a valid ID card number is to be used which was earlier not registered or recorded.
Analysis of both the existing mobile payment systems and the designed framework
Registration of agents
The existing mobile payment systems in Ghana lack vital security requirements. These loopholes are:
No guarantor information is provided in the existing system: The designed framework however included the information on guarantors in order to serve as surety for the agent. This surety is expected to stand in and accepts liability in case of fraud on the part of the agents.
BoG permit number is not a requirement in the existing system: The designed framework resolved this lapses by ensuring BoG permit number is provided before an agent can operate any mobile money service. .
Police permit number is not required in the existing system: The police permit number has been included in the designed framework. This is to serve as a clearance for the agent from any criminal record and therefore enhances the credibility of the agent. Further, it puts the operations of the agent under the watch of the security agency.
Subscriber’s information during transaction
A study of the subscriber’s or customers transactional processes of the existing mobile payment systems in Ghana revealed the following loopholes in the existing system.
Information on next of kin is not mandatory in the existing mobile money systems.
This is a loophole which may lead to loss of funds in the event of the death of a subscriber A study of the existing system shows that if the next of kin information is not provided, the transaction/registration process goes on Since the mobile money is a financial transaction, information on next of kin is vital to ensure that funds are not lost in the event of a death of a mobile account holder The researcher therefore designed a framework to make information on next of kin a mandatory field as a prerequisite as provided in figure 43
43 mandatory Next of Kin FormsThis is a loophole which may lead to loss of funds in the event of the death of a subscriber. A study of the existing system shows that if the next of kin information is not provided, the transaction/registration process goes on. Since the mobile money is a financial transaction, information on next of kin is vital to ensure that funds are not lost in the event of a death of a mobile account holder. The researcher therefore designed a framework to make information on next of kin a mandatory field as a prerequisite as provided in figure 4.3.
PIN is not encrypted in the existing system
The PIN number entered during the transaction process was not encrypted thereby compromising the security of the payment platform. The captured PIN could therefore be used to the subscriber’s disadvantage and leading to payment fraud
The designed framework encrypts the transaction PIN in order to protect the privacy of the subscriber as well as not exposing the confidential details to a third party.
PIN encrypted: Entering of secret word is not available in the current system
The existing system does not make provision for a secret word to be asked and properly answered before token cash out transaction is accessed. This therefore
could make it possible for anyone who accidentally gets accessed to the token code to effect a transaction even though the token is not being intended for him. The designed framework makes it mandatory for a secret word to be provided by a subscriber or a non-subscriber and properly answered by a person making token cash out. This prevents fraudulent cash out, and also ensures that the right person makes out the cash out. This is illustrated in figure shown below, an interface of the proposed framework.
Interception of data in transit
In the event of such interception, data is lost leading to loss of funds and loss of confidence and thereby posing serious transactional threat, credibility and traceability problems There is therefore the need for the data in transit to be encrypted until a confirmation or feedback is received that the data reaches the intended destination Figure 46 shows direct message generated by the existing system without encryption 6 non – encrypted message In the event of such interception, data is lost leading to loss of funds and loss of confidence and thereby posing serious transactional threat, credibility and traceability problems. There is therefore the need for the data in transit to be encrypted until a confirmation or feedback is received that the data reaches the intended destination.
No encryption of data
This is evident in the fact that, when a sender makes mobile money transaction, no feedback is received by the sender to confirm whether the transaction is for the intended recipient before the message is finally delivered.
Figure 4.7 is an interface of the proposed framework that encrypted the data in transit such that even if the data is intercepted by a third party, no meaning could be made of it. In the figure 4.7, an amount of GH¢50.00 is to be transferred from the recipient to the sender. The virtual account of the sender contains an amount of GH¢400.00 whilst that of the recipient contains no amount, thus GH¢0.00. Before the transaction is effected, the senders details are being verified and both the senders and recipients accounts are being encrypted (arrowed black and green respectively) to ensure data in transit is not intercepted. After the sender confirms and is certain of the intended recipient, both the senders as well as the recipient accounts are being decrypted (arrowed blue and red respectively) to allow the data to be accessed. Even though the current systems prompts a sender of the intended person to send the data to, sending the data at that instant could pose serious security threat to the data since between the time of identifying the recipient and sending the data, interception could take place. It is therefore expedient and safer to encrypt the data before sending to the recipient and a feedback or message is resend to the sender to further confirm the recipient before final approval for the data to be decrypted. This is to ensure that even if the data in transit is intercepted, no meaning could be made out of it. The recipient now receives a plain message of the amount sent after the sender decrypts the data. In effect, the senders virtual account is debited with GH¢50.00 (arrowed black) leaving the real account to be GH¢350.00. On the other hand, the real account of the recipient is credited with the GH¢50.00 (arrowed green) being transferred and the transaction is completed.
A mobile payment is an electronic payment made through a mobile device. Mobile money gives anyone with a mobile phone the ability to transfer money, make cash payments and conduct other financial transactions over the phone. Currently, there are four mobile money service providers in Ghana, namely, MTN mobile money, VF cash, Tigo cash and Airtel money. For an effective operation of these systems, Privacy, traceability, cost of transaction, and simplicity of the processes involved are of much interest. The study therefore examined the loopholes in the current mobile money systems and a framework has been designed to resolve the loopholes.
The following loopholes have been identified, thus, Entering of information on next of kin into the system during registration is not mandatory, the current system accepts year of birth as PIN, transactional PIN is decrypted, entering of a Valid ID number into the system is not mandatory, the system does not make provision for security word or question during token cash out.
Recommendations from the study
The following recommendations from the study are worthwhile and this is expected to strengthen the mobile payment system in Ghana and also help to secure the funds of customers.
The current mobile payment system should makes it mandatory for information on next of kin to be entered during registration.
The current mobile payment system should not accept year of birth as PIN.
The current mobile payment system should make the transactional PIN encrypted.
The current mobile payment system should make it mandatory for a valid ID number to be entered during withdrawals.
The current mobile payment system should make provision for a security word during token cash out.
The mobile money operators should improve on the efficiency of their networks to ensure reliability and also serve their customers better.
Training should be encouraged in risk management and mobile phones security in mobile money.