Investigating the Security Threats on Using M-Payment Applications in Saudi Arabia: Exploratory Study

Raed Alotaibi (1), Abdulrahman Alghamdi (2)
(1) Shaqra Community College, Shaqra University, Kingdom of Saudi Arabia
(2) College of Computing and Information Technology, Shaqra University, Kingdom of Saudi Arabia
Fulltext View | Download
How to cite (IJASEIT) :
Alotaibi, Raed, and Abdulrahman Alghamdi. “Investigating the Security Threats on Using M-Payment Applications in Saudi Arabia: Exploratory Study”. International Journal on Advanced Science, Engineering and Information Technology, vol. 12, no. 5, Sept. 2022, pp. 1950-5, doi:10.18517/ijaseit.12.5.16242.
Online banking, debit cards, credit cards and mobile payments are the most common payment types in Saudi Arabia. This study explored security threats that affect m-payment applications in Saudi Arabia by interviewing 16 IT professionals to explore their insights and opinions about those security threats. Cybersecurity threats present the biggest challenge for most mobile systems, as mobile payments can be affected by cyber-attacks and require sophisticated approaches to achieve the desired security. In our study we report on the impact of security threats on the utilization of mobile payment applications and provide evidence related to those threats and their impact on the use of mobile payment applications. Evidence was provided regarding the security threats and their impact on using mobile payment applications. Information was also provided related to security threats such as Distributed Denial-of-Service, phishing attacks and malware. Although the participants in this study demonstrated a positive attitude regarding the safety and security of mobile payments, they also highlighted the security threats that impact m-payments. The results showed that the three main threats in Saudi Arabia were Distributed Denial-of-Service (DDoS), phishing attacks and Malware (Malicious software). This study makes two contributions. The first is to theory, by filling the gap in the literature because it is the first study to explore the threats to using m-payment in Saudi Arabia. Secondly, this study contributes to practice by providing a clear picture for service providers and users about threats they may face when using m-payment.

M. Almasri and H. Alshareef, “Mobile cloud-based e-payment systems in Saudi Arabia: A case study,” in ACM International Conference Proceeding Series, 2019, pp. 5-10, doi: 10.1145/3361785.3361795.

R. Alabdan and M. M. Sulphey, “Understanding proximity mobile payment acceptance among Saudi individuals: An exploratory study,” Int. J. Adv. Comput. Sci. Appl., vol. 11, no. 4, pp. 264-270, 2020, doi: 10.14569/ijacsa.2020.0110436.

R. Alotaibi, L. Houghton, and K. Sandhu, “Exploring the Potential Factors Influencing the Adoption of M-Government Services in Saudi Arabia: A Qualitative Analysis,” Int. J. Bus. Manag., vol. 11, no. 8, p. 56, 2016, doi: 10.5539/ijbm.v11n8p56.

S. H. Liao and L. L. Yang, “Mobile payment and online to offline retail business models,” J. Retail. Consum. Serv., vol. 57, p. 102230, 2020, doi: 10.1016/j.jretconser.2020.102230.

A. Pal, T. Herath, R. De’, and H. R. Rao, “Contextual facilitators and barriers influencing the continued use of mobile payment services in a developing country: insights from adopters in India,” Inf. Technol. Dev., vol. 26, no. 2, pp. 394-420, 2020, doi: 10.1080/02681102.2019.1701969.

S. F. Verkijika, “An affective response model for understanding the acceptance of mobile payment systems,” Electron. Commer. Res. Appl., vol. 39, p. 100905, 2020, doi: 10.1016/j.elerap.2019.100905.

N. Sundaram, C. Thomas, and L. Agilandeeswari, “A review: Customers online security on usage of banking technologies in smartphones and computers,” Pertanika J. Sci. Technol., vol. 27, no. 1, pp. 1-31, 2019.

M. Wazid, S. Zeadally, and A. K. Das, “Mobile Banking: Evolution and Threats: Malware Threats and Security Solutions,” IEEE Consum. Electron. Mag., vol. 8, no. 2, pp. 56-60, 2019, doi: 10.1109/MCE.2018.2881291.

I. Ahmad, S. Iqbal, S. Jamil, and M. Kamran, “A Systematic Literature Review of E-Banking Frauds”¯: Current Scenario and Security Techniques,” Linguist. Antverp. 2021 Issue-2, vol. 2, no. June, pp. 3509 - 3517, 2021.

G. Bogdanova, T. Todorov, and G. Georgieva-Tsaneva, “Software approaches and methods to ensure the security of interactive systems,” Cybern. Inf. Technol., vol. 18, no. 5, pp. 12-20, 2018, doi: 10.2478/cait-2018-0017.

G. Bogdanova, T. Todorov, and N. Noev, “Protection of semantic organized data. Encryption of RDF graph,” Digit. Present. Preserv. Cult. Sci. Herit., vol. 4, pp. 183-188, 2017.

S. Yin, J. Sheng, T. Wang, and H. Xu, “Analysis on mobile payment security and its defense strategy,” in Advances in Intelligent Systems and Computing, 2019, vol. 773, pp. 941-946, doi: 10.1007/978-3-319-93554-6_95.

M. A. Hassan, Z. Shukur, M. K. Hasan, and A. S. Al-Khaleefa, “A review on electronic payments security,” Symmetry (Basel)., vol. 12, no. 8, pp. 1-24, 2020, doi: 10.3390/sym12081344.

M. Bosamia, “Mobile wallet payments recent potential threats and vulnerabilities with its possible security measures".”

Y. Jin, S. Wang, Y. Qu, Q. Guo, and J. Li, “Study on Security of Mobile Payment,” in Advances in Intelligent Systems and Computing, 2018, vol. 690, pp. 123-127, doi: 10.1007/978-3-319-65978-7_19.

A. Almaarif and M. Lubis, “Vulnerability Assessment and Penetration Testing (VAPT) Framework: Case Study of Government’s Website,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 10, no. 5, pp. 1874-1880, 2020, doi: 10.18517/ijaseit.10.5.8862.

M. Najib and F. Fahma, “Investigating the adoption of digital payment system through an extended technology acceptance model: An insight from the Indonesian small and medium enterprises,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 10, no. 4, pp. 1702-1708, 2020, doi: 10.18517/ijaseit.10.4.11616.

R. Brunt, P. Pandey, and D. McCoy, “Booted: An Analysis of a Payment Intervention on a DDoS-for-Hire Service,” in Workshop on Economics of Information Security (WEIS), University of California San Diego,USA, 2017.

M. Zhang et al., “Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches,” 2020, doi: 10.14722/ndss.2020.24007.

J. Kaur Chahal, A. Bhandari, and S. Behal, “Distributed Denial of Service Attacks: A Threat or Challenge,” New Rev. Inf. Netw., vol. 24, no. 1, pp. 31-103, 2019, doi: 10.1080/13614576.2019.1611468.

A. P. Fajar and T. W. Purboyo, “A Survey Paper of Distributed Denial-of-Service Attack in Software Defined Networking (SDN),” Int. J. Appl. Eng. Res. ISSN, vol. 13, no. 1, pp. 973-4562, 2018.

B. Amro, “Phishing Techniques in Mobile Devices,” J. Comput. Commun., vol. 06, no. 02, pp. 27-35, 2018, doi: 10.4236/jcc.2018.62003.

D. Goel and A. K. Jain, “Mobile phishing attacks and defence mechanisms: State of art and open research challenges,” Comput. Secur., vol. 73, pp. 519-544, 2018, doi: 10.1016/j.cose.2017.12.006.

P. Datta, S. Tanwar, S. N. Panda, and A. Rana, “Security and Issues of M-Banking: A Technical Report,” in ICRITO 2020 - IEEE 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), Jun. 2020, pp. 1115-1118, doi: 10.1109/ICRITO48877.2020.9198032.

O. Rivers, Y. H. Hu, and M. Hoppa, “A Study on Cyber Attacks and Vulnerabilities in Mobile Payment Applications,” in Journal of The Colloquium for Information ”¦, 2020, vol. 7, no. 1, p. 9.

O. Aslan and R. Samet, “A Comprehensive Review on Malware Detection Approaches,” IEEE Access, vol. 8, pp. 6249-6271, 2020, doi: 10.1109/ACCESS.2019.2963724.

S. Sharmeen, S. Huda, J. H. Abawajy, W. N. Ismail, and M. M. Hassan, “Malware Threats and Detection for Industrial Mobile-IoT Networks,” IEEE Access, vol. 6, pp. 15941-15957, 2018, doi: 10.1109/ACCESS.2018.2815660.

P. Brey, S. Gauttier, and P.-E. Milam, Harmful Internet use Part II: Impact on culture and society Study, no. January. 2019.

L. E. Tomaszewski, J. Zarestky, and E. Gonzalez, “Planning Qualitative Research: Design and Decision Making for New Researchers,” Int. J. Qual. Methods, vol. 19, p. 160940692096717, Jan. 2020, doi: 10.1177/1609406920967174.

D. Mortelmans, “Analyzing Qualitative Data Using NVivo,” in The Palgrave Handbook of Methods for Media Policy Research, Springer, 2019, pp. 435-450.

M. Mason, “Sample size and saturation in PhD studies using qualitative interviews,” in Forum Qualitative Sozialforschung, 2010, vol. 11, no. 3, doi: 10.17169/fqs-11.3.1428.

S. Wycech, “An Investigation of Attitudes towards Mobile Payments.,” in in Management of Information Systems, no. September, Dublin , Ireland: University of Dublin, 2015.

H. Alhallaq, M. Younas, S. Kamal, and B. Champion, “Understanding Perceived Value of Mobile Payments: A Qualitative Study,” 2019.

E. U. Soykan and M. Bagriyanik, “The effect of SMiShing attack on security of demand response programs,” Energies, vol. 13, no. 17, p. 4542, 2020, doi: 10.3390/en13174542.

A. Singh and M. A. Kalra, “Impact of Mobile Wallets Security on Consumer Attitude towards Use,” Psychol. Educ. J., vol. 58, no. 4, pp. 3140-3146, 2021.

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).