Journal of Applied Science and Engineering, Vol.

24, No 4, Page 687-692 687

Mobile Payment Using Blockchain Security

Murad Obaid1* , Musbah Aqel1 , and Mahmoud Obaid2
1 Department of Management Information Systems Cyprus International University, Lefkosa, Northern Cyprus, Mersin 10, Turkey
2 Department of Computer System Engineering, Arab American University, Jenin - Palestine
* Corresponding author. E-mail: [email protected]

Received: Feb. 16, 2021; Accepted: Mar. 22, 2021

Blockchain has become one of the most common methods for securing transfer data through decentralized
peer-to-peer systems and has received extensive attention in recent years. Blockchain is an immutable ledger
that allows the execution of a transaction in a secure and decentralized manner. This sophisticated but secure
mechanism has an excellent reputation and has increased its customer base. Despite substantial attention, the
blockchain system has many challenges that must be ad-dressed. This paper proposes a solution that provides a
standard framework for mobile payments using blockchain technology. We further discuss security-related
issues and attempt to determine the potential pitfalls with which such mechanisms can be exploited. We also
investigate how popular currencies such as Bitcoin utilize security arrangements for safe transactions via mobile
devices.

Keywords: Blockchain, Mobile Payment, Private Blockchain, Banking Blockchain, Blockchain Security
http://dx.doi.org/10.6180/jase.202108_24(4).0025

1. Introduction tions [2]. The two terms “Blockchain” and “Distributed

ledger technology” are actually interchangeable [19].
Blockchain technology, as a cryptographic-based dis- Blockchain is a revolutionizing technology. First imple-
tributed ledger, provides trusted transactions through third mented in digital cryptocurrency, blockchain is an impor-
parties in the network [1, 2]. Bitcoin blockchain was intro- tant part of its functionality [3].
duced in 2008 [3], and many blockchain systems, such
In previous years, we could exchange information to
as Ethereum [4, 5], have public and private accessibility.
make monetary transfers using the internet. All of these
Blockchain popularity has increased globally and has had
transactions were performed by a trusted intermediary.
a substantial impact on the world [6]. It has been com-
These third parties were responsible for making transac-
mercially dependent [7], impacted world currencies [8],
tions in a secure environment. Currently, the blockchain
and affected the proliferation of financially focused cyber-
eliminates any central authority or 3rd party between a
attacks [9], such as ransom ware [10] and denial of services
financial institution and a data exchange by using all fea-
(DoS) [11].
tures and characteristics of the blockchain: a decentralized,
The main feature of blockchain technology is its attrac- digital ledger, cryptographically secured, non-reputable,
tive flexibility for many business fields, such as banking time-stamped, irrevocable, auditable, distributed, trans-
[12], logistics [13], smart contracts [14, 15], the medicine in- parent and verifiable. Suppose we have N users in a net-
dustry [16] and cyber security [17, 18].Every member gets work; they share data and make a transaction. They use
an updated copy of the encrypted ledger, which enables a protocol known as a consensus algorithm instead of us-
them to validate any new transaction. Primarily, blockchain ing an intermediary. This protocol creates interplay trust
technology is a distributed database of records or public and allows peer-to-peer transactions. To facilitate this, the
ledgers of all transactions, digital events, and operations blocks build a blockchain system using network users and
shared among stakeholders. This highly secured system a protocol such as proof of work, hashed and with digital
contains a specific, correct record of all previous transac- signatures[20]. Each block has a set of transactions signed
688 Murad Obaid et al.

by the owner digitally and verified by the reset users before of internet users and online commerce. Financial institu-
being added to the block [20], as shown in Fig. 1. tions need to reap their benefits in the future and learn
from these new technologies since cryptocurrencies have
earned a remarkable reputation in the eyes of various con-
trol boards and governing bodies. Fig. 2, shown below,
describes how the proposed solution works.
Customer A, who belongs to bank A (no geographic
limits), wants to send money to customer B, who belongs
Fig. 1. Structures of Blockchain. to bank B. Customer A uses his or her mobile application to
initiate the transaction, which includes defining the receiver
mobile number and the amount of fiat currency and the cur-
2. Trends and Related Research rency type. Any node that receives the request first (called
the issuer) checks for customer eligibility (blacklist, ML,
The author in [17] explains the challenges with the use of fraud) creates the block and broadcasts the details to every
security in centralized applications and gives us a compre- node in the network. The issuer node sends three-digit
hensive study of blockchain methods for a security services codes to the sender’s mobile phone for security verification.
application in different areas of authentication, confidential- The sender enters his or her bank PIN code concatenated
ity, access control, and integrity assurance in the distributed with the three digits that were received from the issuer. The
network. acquirer bank checks for PIN validation by connecting to
There are a large number of research areas that can ap- its own Hardware Security Model (HSM) system response
ply a blockchain to avoid centralized entities, such as the and sends the validation message to all nodes.
cloud [21], Internet of Things (IoT), and Bigdata [22]. [23] The acquirer bank performs the exchange of fiat money
Researchers believe that blockchains have characteristics (transaction amount plus commission) with the digital
that will be used within banking, but there is still a shortage money (Ethereum or other digital currency) at the current
of suitable uses of blockchains within modern society. rate, and the blockchain transfers the money to the receiver
The blockchain could eliminate third parties, decrease bank (beneficiary) after changing the digital money to fiat
costs, and increase profits for the banking industry [24]. money in the beneficiary’s currency. The blockchain di-
Privet blockchain enables transactions that are faster vides the commission based on the commission policies
and more secure. This technology will reshape the banking and transfers the money to parties’ accounts. All the nodes
process and reduce costs. will validate the transaction, and the block will be closed
The author in [25] explains that blockchain technology and added to the blockchain transactions.
is trusted due to its trans-parency and its feature of making
Messages sent to both sender and receiver mobile
information publicly available while also confirming its
phones report transaction success; whenever any fail oc-
integrity.
curs in the middle of the process, everything is rolled back,
This paper [26] outlines some of the problems that are
and a message will be sent to the receiver about the failed
changing financial services due to rapid technological ad-
transaction.
vances.
Our schema tries to eliminate most of the security vul-
According to [24], the blockchain has assumed the most
nerabilities by using different security arrangements under
important role in the financial inclusion process.
the standard and implied security laws.
In [27], the author explores how and why blockchain
The sending customer must know his or her PIN code
has become the puppet of the financial technology sector.
that is initiated by this customer’s bank HSM on a high-
level security model. This PIN code is requested only by
3. Proposed Solution Framework the customer bank ecosystem, the customer must have a
This section explicitly details the proposed system in more mobile phone and mobile SIM card. Multiple separated
details. parts for authentication and process flow exist as follows.
The process is initiated by any node on the chain. The
3.1. Overview transaction is created in all parts (blockchain nodes). The
As payments are a great source of revenue for financial PIN code is requested by the customer’s owner bank us-
institutions, they expand the use of digital currencies (cryp- ing an additional PIN SMS backend, which means that the
tocurrency) to satisfy the needs for all the new generation message will be sent to the sender who must have a mo-
 Journal of Applied Science and Engineering, Vol. 24, No 4, Page 687-692 689

Fig. 2. New mobile payment using blockchain framework.

bile phone with a SIM card and additional PIN code. The words is essential because of their existence as a primary
PIN code authentication is done by the sender bank HSM, means for authentication. Our algorithm has the potential
which is encrypted in a highly secure model. The customer to detect and block such attempts; therefore, there is no
eligibility is done by any node in the internal ecosystem, chance of obtaining the original password in the case when
all transaction information flow will be encrypted, the cus- hashing is deployed to accomplish such a task. Addition-
tomer banking system does final authentication, and none ally, the hackers need the following components merely
of the other parties will be involved in this part. to initiate the transaction: the mobile phone device; the
All parties are connected by a private network with se- SIM card with the same number; the PIN code, which is
cure VPN. To hack the system, the hacker would need to in the customer’s mind and on the hashing server; the au-
communicate with at least 3 parties, the sender bank, the thenticate application installed on the mobile phone; and
receiver bank and the operator at the same time, and also the application password. Since all of this information is
have the system behavior, transaction workflow, encryp- divided and physically stored in many locations, it is very
tion keys, sender mobile phone and the PIN code, which difficult if not impossible to acquire them all.
is certainly very difficult if not impossible: The encryption Each node on the blockchain can get the transaction
will be done using LMK that will include a mobile IME as initiated by the customer, check for eligibility and create
well as the mobile account number. the block for this transaction. Each node (bank) has to
validate each transaction to be an authorized transaction.
3.2. Process Security The final authorization for security reasons and transac-
The blockchain will work on the Ethereum blockchain as tion legality must be taken from the customer account ac-
a private network for our banking solution; this is one of quirer. The sender bank debits the customer account by
the most robust, secured blockchains. The application on the amount of the transaction plus commission by fiat cur-
the mobile phone will encrypt the transaction text using rency (equal to the digital currency exchange), and the fiat
the AES-256 algorithm using the LMK. Protection of pass- currency is exchanged to digital currency (via blockchain
690 Murad Obaid et al.

Fig. 3. The Functionality of the Proposed Solution.

) and transferred to the receiver bank. The blockchain blockchain security is that it considers pseudo-secrecy. As a
deducts the commission and exchanges the digital money result, Bitcoin clients do not need to provide their personal
for the receiver’s fiat currency and transfers the money information for any kind of transaction. The blockchain
to the receiver bank account. All the nodes authorize the domain has numerous security protocols that are utilized
transaction, the block is closed, and the commission will be to authenticate transactions. However, when the role of
distributed based on the related policy, with every benefi- authorities is considered in such transactions, they must
ciary receiving the prescribed rate. rely on the legal process. However, these blockchain smart-
phones allow users to manage their passwords and other
sensitive information. Along with that, the upgraded ver-
4. Discussion
sion of blockchain wallets also has the same potential in
The secondary research method is deployed in this research terms of providing security to the data because of the high-
to obtain the relevant information. Information is collected end encryption system. A considerable number of people
from various trusted resources, research papers, and stud- do not use cryptocurrency often enough, which can make
ies to identify the significant points. Then, the collected them concerned about such security issues; thus, they do
information is analyzed to improve the overall effective- not buy specific equipment to secure their digital transac-
ness of the research. tions. To further improve security-related situations, de-
Governing bodies of various countries emphasize im- centralized applications are considered a potential solution.
proving the security of the present banking and financial The dynamic mechanisms of such applications allow the
systems and putting much effort into making all such ac- user to keep all the related data information private. This
tivities transparent. The emergence of the cashless econ- does not mean that users cannot access the data, but it sim-
omy is enhancing the insecurity of online transactions. In ply means that the mechanism saves all the information
this context, the performance of the blockchain is quite ex- from unauthorized attempts.
traordinary. Furthermore, another concern regarding the
 Journal of Applied Science and Engineering, Vol. 24, No 4, Page 687-692 691

Fig. 4. Security Aspects in the Proposed Solution.

The most notable thing about the blockchain, which can blockchain, especially when the role of mobile phones is
make the governments adopt this highly advanced pay- considered. Though this emerging next-generation technol-
ment system, is that all exchanges within a network are ogy has managed to receive massive attention, a significant
recog-nizable. The main reason for such agreements is to literature gap can be seen. In this paper, the present mar-
avoid the cases in which users attempt to avoid taxes ille- ket scenario of digital currencies is analyzed by keeping
gally because of the privacy blockchain provides to them. the main focus on the security of transactions using digital
This literature gap is also considered a limitation of the currencies. To explain it more carefully, we deployed a sec-
current research paper. Moreover, the key findings of this ondary research method and therefore analyzed existing
research paper are as follows: information in the same domain.

1. Inadequacy of safe and reliable software and hardware

to secure the blockchain payments via mobile phones.
References
2. Limited scope for the technology to earn the trust of
[1] Tomaso Aste, Paolo Tasca, and Tiziana Di Matteo.
governments to categorize a blockchain as standard
Blockchain technologies: The foreseeable impact on
currency.
society and industry. computer, 50(9):18–28, 2017.
[2] Zibin Zheng, Shaoan Xie, Hongning Dai, Xiangping
5. Conclusion Chen, and Huaimin Wang. An overview of blockchain
From the above information, it can be concluded that al- technology: Architecture, consensus, and future trends.
though blockchain has attained a remarkable level of pop- In 2017 IEEE international congress on big data (BigData
ularity, government authorities and ordinary people still congress), pages 557–564. IEEE, 2017.
do not consider it a safe means of transactions. Apart from [3] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic
these issues, the lack of secure and reliable hardware and cash system. Technical report, Manubot, 2019.
software also serves as an obstacle. For this study, we ob- [4] G Wood. Ethereum: a secure decentralised generalised
served that there is a lack of literature in the domain of the transaction ledger [jelektronnyj resurs]. 32 c. gavwood.
692 Murad Obaid et al.

com: official site URL: https://gavwood. com/paper. pdf data [19] Marcella Atzori. Blockchain technology and decentral-
obrashhenija, 3, 2019. ized governance: Is the state still necessary? Available
[5] Vitalik Buterin et al. A next-generation smart contract at SSRN 2709713, 2015.
and decentralized application platform. white paper, [20] Deepak Puthal, Nisha Malik, Saraju P Mohanty, Elias
3(37), 2014. Kougianos, and Chi Yang. The blockchain as a decen-
[6] Morgen E Peck. Blockchains: How they work and why tralized security framework [future directions]. IEEE
they’ll change the world. IEEE spectrum, 54(10):26–35, Consumer Electronics Magazine, 7(2):18–21, 2018.
2017. [21] Chi Yang, Deepak Puthal, Saraju P Mohanty, and Elias
[7] Jørgen Svennevik Notland. Cryptocurrency as money. Kougianos. Big-sensing-data curation for the cloud is
[8] Shi Chen, Cathy Yi-Hsuan Chen, Wolfgang Karl Härdle, coming: A promise of scalable cloud-data-center miti-
Teik Ming Lee, and Bobby Ong. Econometric analysis gation for next-generation iot and wireless sensor net-
of a cryptocurrency index for portfolio investment. In works. IEEE Consumer Electronics Magazine, 6(4):48–56,
Handbook of Blockchain, Digital Finance, and Inclusion, 2017.
Volume 1, pages 175–206. Elsevier, 2018. [22] Deepak Puthal, Rajiv Ranjan, Surya Nepal, and Jinjun
[9] Kim-Kwang Raymond Choo. Cryptocurrency and Chen. Iot and big data: An architecture with data flow
virtual currency: Corruption and money launder- and security issues. In Cloud infrastructures, services,
ing/terrorism financing risks? In Handbook of digital and IoT systems for smart cities, pages 243–252. Springer,
currency, pages 283–307. Elsevier, 2015. 2017.
[10] Sajad Homayoun, Ali Dehghantanha, Marzieh Ah- [23] Stefan K Johansen. A comprehensive literature review
madzadeh, Sattar Hashemi, and Raouf Khayami. Know on the blockchain as a technological enabler for innova-
abnormal, find evil: frequent pattern mining for ran- tion. Dept. of Information Systems, Mannheim University,
somware threat hunting and intelligence. IEEE transac- Germany, pages 1–29, 2018.
tions on emerging topics in computing, 8(2):341–351, 2017. [24] Tejal Shah and Shalilak Jani. Applications of
[11] Opeyemi Osanaiye, Haibin Cai, Kim-Kwang Ray- blockchain technology in banking & finance. Parul
mond Choo, Ali Dehghantanha, Zheng Xu, and Mqhele CUniversity, Vadodara, India, 2018.
Dlodlo. Ensemble-based multi-filter feature selec- [25] Stefan Seebacher and Ronny Schüritz. Blockchain tech-
tion method for ddos detection in cloud computing. nology as an enabler of service systems: A structured
EURASIP Journal on Wireless Communications and Net- literature review. In International Conference on Exploring
working, 2016(1):1–10, 2016. Services Science, pages 12–23. Springer, 2017.
[12] Martin Arnold. Five ways banks are using blockchain. [26] Lawrence J Trautman. Is disruptive blockchain tech-
Financial Times, 16, 2017. nology the future of financial services? 2016.
[13] Bernard Marr. How blockchain will transform the [27] Ittay Eyal. Blockchain technology: Transforming liber-
supply chain and logistics industry. Retrieved February, tarian cryptocurrency dreams to finance and banking
22:2018, 2018. realities. Computer, 50(9):38–49, 2017.
[14] Reza M Parizi, Ali Dehghantanha, et al. Smart contract
programming languages on blockchains: An empirical
evaluation of usability and security. In International
Conference on Blockchain, pages 75–91. Springer, 2018.
[15] R Aitken. Smart contracts on the blockchain: Can
businesses reap the benefits. Forbes, 2017.
[16] K Megget. Securing the supply chain. 2018.
[17] Tara Salman, Maede Zolanvari, Aiman Erbad, Raj
Jain, and Mohammed Samaka. Security services using
blockchains: A state of the art survey. IEEE Communica-
tions Surveys & Tutorials, 21(1):858–880, 2018.
[18] Paul J Taylor, Tooska Dargahi, Ali Dehghantanha,
Reza M Parizi, and Kim-Kwang Raymond Choo. A
systematic literature review of blockchain cyber secu-
rity. Digital Communications and Networks, 6(2):147–156,
2020.