Skip to main content
SpringerLink
Log in

Security Issues of New Innovative Payments and Their Regulatory Challenges

  • Chapter
  • First Online:
Bitcoin and Mobile Payments

Part of the book series: Palgrave Studies in Financial Services Technology ((FST))

  • 3731 Accesses

Abstract

Kasiyanto discusses how the security issues of m-payments and Bitcoin as new forms of innovative payments challenge the existing EU regulatory frameworks, and whether the proposed regulatory frameworks suffice to address such challenges. The regulatory frameworks Kasiyanto discusses mainly focus on the EU Payment Services Directive and the proposed changes of the directive. To some extent, it also touches upon the proposed directive on network and information security. Firstly, security issues of both systems are scrutinized to highlight their vulnerabilities. Secondly, the existing regulatory frameworks are assessed as to whether they suffice to address the challenges brought by the security vulnerabilities of both systems. Lastly, a final assessment is conducted to seek whether the proposed changes to the frameworks are adequate to address such challenges.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Innovative payments are part of electronic payments that, according to Moody’s analysis, contribute to the increase of GDP by 0.8 % for developing countries and 0.3 % for developed countries. See details in Moody’s: Moody’s Analytics: The Impact of Electronic Payments on Economic Growth (2013). https://usa.visa.com/dam/VCOM/download/corporate/media/moodys-economy-white-paper-feb-2013.pdf.

  2. 2.

    See for instance Key Pousttchi and Dietmar G. Wiedemann, “What Influences Consumers’ Intention to Use Mobile Payments”, Mobile Communications Working Group, University of Augsburg (2007) http://www.marshall.usc.edu/assets/025/7534.pdf.

  3. 3.

    Changsu Kim, Wang Tao, Namchul Shin, and Ki-Soo Kim, “An empirical study of customers’ perceptions of security and trust in e-payment systems”, Electronic Commerce Research and Applications 9, no. 1 (2010): 84–95.

  4. 4.

    See for instance Visa Europe Risk Management, “Secure Mobile Payment Systems, Recommendations for Building, Managing and Deploying”, Visa Europe (2014). http://www.tuxedomoneysolutions.com/insights/research/2014/07/secure-mobile-payments/.

  5. 5.

    See International Finance Corporation (IFC), “Mobile Money Study: Summary Report”, 2011, Washington DC.

  6. 6.

    Visa Europe Risk Management, “Secure Mobile Payment Systems”, 5.

  7. 7.

    In this context, Payment Services Directive (PSD): OJ L 319/1, 5 December 2007.

  8. 8.

    Proposal for the revision of the Payment Services Directive (proposal for the PSD2), 24 July 2013 COM (2013) 547 final.

  9. 9.

    Catherine Linck, Key Pousttchi, and Dietmar Georg Wiedemann, “Security Issues in Mobile Payment from the Customer Viewpoint” (2006). https://mpra.ub.uni-muenchen.de/2923/1/.

  10. 10.

    For this, the World Bank provides an excellent elaboration. See Pierre-Laurent Chatain, “Integrity in Mobile Phone Financial Services, Measures for Mitigating Risks from Money Laundering and Terrorist Financing”, The World Bank Working Paper No. 146. Washington DC (2008).

  11. 11.

    See for instance Amir Herzberg, “Payments and Banking with Mobile Personal Devices”, Communications of the ACM 46, no. 5 (2003): 53–58.

  12. 12.

    Niina Mallat, “Exploring Consumer Adoption of Mobile Payments – A qualitative Study”, Journal of Strategic Information Systems 16 (2007): 413–432.

  13. 13.

    Safari Kasiyanto, “Moving Forward, Bringing Bitcoin into the Mainstream” (Forthcoming).

  14. 14.

    European Payment Council. Summer Reading: Results of Latest EPC Poll Reveal that Instant Payments are Most Likely Trigger the Next Wave of Innovation (blog). 7 August 2015.

  15. 15.

    OJ L 319/1, 5 December 2007.

  16. 16.

    European Central Bank. “Recommendations for the Security of Mobile Payments, Draft Document for Public Consultations” (2013). https://www.ecb.europa.eu/paym/cons/pdf/131120/recommendationsforthesecurityofmobilepaymentsdraftpc201311en.pdf?7f9004f1cbbec932447c1db2c84fc4e9.

  17. 17.

    Under the same group as the internet payments.

  18. 18.

    See European Payments Council. “Overview Mobile Payments Initiatives.” EPC091-14. Version 2.0. 2014.

  19. 19.

    On the one hand, a mobile phone has functions for communication, and on the other hand it serves as a payment device to initiate transactions. See for instance Information Systems Audit and Control Association (ISACA). “Mobile Payments: Risk, Security and Assurance Issues.” An ISACA Emerging Technology White Paper. November 2011. http://www.isaca.org/groups/professional-english/pci-compliance/groupdocuments/mobilepaymentswp.pdf.

  20. 20.

    As highlighted by ECB, Recommendations for Mobile Payments.

  21. 21.

    See for instance Vanessa Pegueros. “Security of Mobile Banking and Payments.” SANS Institute InfoSec Reading Room (2012). https://www.sans.org/reading-room/whitepapers/ecommerce/security-mobile-banking-payments-34062.

  22. 22.

    Ibid, 12–14.

  23. 23.

    Consumerreports.org. “3.1 Million Smart Phones Were Stolen In 2013, Nearly Double the Year Before.” http://pressroom.consumerreports.org/pressroom/2014/04/my-entry-1.html. 17 April 2014.

  24. 24.

    See https://www.lookout.com/. Last accessed on 29 November 2015.

  25. 25.

    See Lookout, Inc. “Phone Theft in America.” https://www.lookout.com/resources/reports/phone-theft-in-america. Last accessed on 29 November 2015.

  26. 26.

    Edward C. Clarkson, Shwetak N. Patel, Jeffrey S. Pierce, and Gregory D. Abowd, “Exploring Continuous Pressure Input for Mobile Phones” (2006) ftp://coffeetalk.cc.gatech.edu/pub/gvu/tr/2006/06-20.pdf.

  27. 27.

    Murugiah Souppaya and Karen Scarfone, “Guidelines for Managing the Security of Mobile Devices in the Enterprise”, NIST Special Publication 800, (2013):124.

  28. 28.

    https://www.alcatel-lucent.com/about. Last accessed on 29 November 2015.

  29. 29.

    See Leon Spencer, “16 Million Mobile Devices Hit by Malware in 2014: Alcatel-Lucent”, Available at http://www.zdnet.com/article/16-million-mobile-devices-hit-by-malware-in-2014-alcatel-lucent/.

  30. 30.

    http://home.mcafee.com/advicecenter/?id=ad_ms_wimm&ctst=1. Last accessed on 29 November 2015.

  31. 31.

    Suhas Desai, “Mobile Payment Services: Security Risks, Trends and Countermeasures”, RSA Conference 2014. Asia Pacific & Japan (2014) http://www.rsaconference.com/events/ap14/agenda/sessions/1447/mobile-payment-services-security-risks-trends-and.

  32. 32.

    ECB, Recommendations for Mobile Payments, November 2013. https://www.ecb.europa.eu/paym/cons/pdf/131120/recommendationsforthesecurityofmobilepaymentsdraftpc201311en.pdf?7f9004f1cbbec932447c1db2c84fc4e9.

  33. 33.

    Desai, Mobile Payment Services, p. 8.

  34. 34.

    See Ibid, 21.

  35. 35.

    Rob Wile, “One of Bitcoin’s Strongest Backers Reveals the Two Big Reasons Why It’s Still Not Mainstream.” 20 July 2014. http://www.businessinsider.com/fred-wilson-on-bitcoin-2014-7?IR=T.

  36. 36.

    Ibid.

  37. 37.

    Kasiyanto, Moving Forward.

  38. 38.

    Jeff Desjardins, “How Secure are Bitcoins?”, Visual Capitalist. www.visualcapitalist.com/secure-bitcoins/ 13 August 2014.

  39. 39.

    Meni Rosenfeld, “Analysis of hash-rate-based double-spending”, Latest version: 13 December 2012. https://bitcoil.co.il/Doublespend.pdf.

  40. 40.

    See Satoshi Nakamoto, “Bitcoin: A peer-to-peer Electronic Cash System”, Consulted 1.2012 (2008).

  41. 41.

    For a good discussion on this, see for instance Emin Gun Sirer. “What Did Not Happen at Mt. Gox.” 1 March 2014. http://hackingdistributed.com/2014/03/01/what-did-not-happen-at-mtgox/.

  42. 42.

    https://www.khanacademy.org/economics-finance-domain/core-finance/money-and-banking/bitcoin/v/bitcoin-security-of-transaction-block-chains, last accessed on 28 October 2015.

  43. 43.

    Jonas Borchgrevink, “Warning: GHash.IO is Nearing 51 % – Leave the Pool”, Crypto Coins News. 9 January, 2014. https://www.cryptocoinsnews.com/warning-ghash-io-nearing-51-leave-pool/.

  44. 44.

    Vulnerability in UPnP library used by Bitcoin Core, 12 October 2015. https://bitcoin.org/en/alert/2015-10-12-upnp-vulnerability.

  45. 45.

    TALOS Vulnerability Report. “MiniUPNP Internet Gateway Device Protocol XML Parser Buffer Overflow.” TALOS-2015-0035. 15 September 2015. http://talosintel.com/reports/TALOS-2015-0035/

  46. 46.

    The term of “supporting system” does not need to be interpreted literally. It is a general term used to make the analysis easier.

  47. 47.

    “In every chain of reasoning, the evidence of the last conclusion can be no greater than that of the weakest link of the chain, whatever may be the strength of the rest.” Reid, Thomas. Essays on the Intellectual Powers of Man (1786) as in http://www.phrases.org.uk/meanings/the-weakest-link.html.

  48. 48.

    Desjardins, How Secure are Bitcoins?, on 13 August 2014, http://www.visualcapitalist.com/secure-bitcoins/.

  49. 49.

    https://bitcoin.org.

  50. 50.

    Securing your wallet, Be careful with online services. https://bitcoin.org/en/secure-your-wallet. Last accessed on 28 October 2015.

  51. 51.

    http://www.theguardian.com/technology/2015/aug/01/ex-boss-of-mtgox-bitcoin-exchange-arrested-in-japan-over-lost-480m. Last accessed on 30 November 2015.

  52. 52.

    For an insight, see Sirer, What Did Not Happen. See also https://winklevosscapital.com/what-may-have-happened-at-mt-gox/, http://www.hackingdaily.com/2014/02/mtgox-speculations.html, and https://www.reddit.com/r/Bitcoin/comments/1z8fmc/mtgox_private_key_related_coin_loss_a_explanation/. Last accessed on 30 November 2015.

  53. 53.

    Proposal for PSD2, paragraph 6 of the preamble, 14.

  54. 54.

    Here Bitcoin is treated as a payment system instrument. For discussion as to whether Bitcoin meets the characteristics and requirements of payment instruments, see Safari Kasiyanto, “Regulating Peer-to-peer Network Currency: Lessons from Napster and Payment Systems”, Journal of Law, Technology and Public Policy 1(2) (2015): 40–73.

  55. 55.

    Proposal for PSD2, paragraph 6 of the preamble, 14.

  56. 56.

    Proposal for PSD2, paragraph 7 of preamble, 15.

  57. 57.

    EPC, Overview Mobile Payments Initiatives, 21, 25.

  58. 58.

    Converting back the ‘electronic’ money into the real currency.

  59. 59.

    Chapter 4 of the PSD on Data Protection.

  60. 60.

    See Ayden, “Over 27 % of global online transactions are now on mobile devices”, 30 April 2015. Available at https://www.adyen.com/home/about-adyen/press-releases/mobile-payments-index-april-2015. Last accessed on 17 November 2015.

  61. 61.

    Wile, One of Bitcoin’s Strongest Backers Reveals.

  62. 62.

    Directive 2009/110/EC, OJ L 267/7. 10 October 2009.

  63. 63.

    See European Central Bank, “Virtual Currency Schemes”, 2012. In this report, ECB eloquently elaborates the rise of virtual currencies and uses Bitcoin as one of the case studies. It concludes that the peer-to-peer crypto system falls beyond directive on e-money and the PSD.

  64. 64.

    This illustration is generated from that of Cameron Winklevoss. “What May Have Happened at Mt.Gox.” https://winklevosscapital.com/what-may-have-happened-at-mt-gox/. Last accessed on 30 November 2015.

  65. 65.

    See Ken Shirriff. “The Bitcoin malleability attack graphed hour by hour.” http://www.righto.com/2014/02/the-bitcoin-malleability-attack-hour-by.html. Last accessed on 30 November 2015.

  66. 66.

    ECB, Recommendations for Mobile Payments.

  67. 67.

    A cooperation initiated between the relevant authorities in payment systems within the European Economic Area, established in 2011, with objectives of sharing, understanding and facilitating platforms regarding the security issues of electronic retail payment systems. If necessary, this forum may issue any recommendation on the subject matter. See ECB. “Mandate of the European Forum on the Security of Retail Payments.” October 2014.

  68. 68.

    See EPC Newsletter. “EPC Comments on the Draft Recommendation for the Security of Mobile Payments Developed by the European Forum on Security of Retail Payments.” 29 April 2014.

  69. 69.

    Ibid.

  70. 70.

    See IFC, Mobile Money Report.

  71. 71.

    Under directive 2009/110/EC on e-money.

  72. 72.

    Beside these four entities, there are actually two other entities covered under the proposal, namely the central banks (the European Central Bank and the national central banks) and member states when not acting as public authorities. However, these entities are less relevant to this chapter.

  73. 73.

    Proposal for a directive on the subject matter: COM (2013) 48 final, 2013/0027 (COD) (7 February 2013).

  74. 74.

    Under article 3(1) (b) and (c) of the proposed NIS directive.

  75. 75.

    Under article 1(1) of the proposed NIS directive.

  76. 76.

    Article 14(1) of the proposed NIS directive.

  77. 77.

    Article 14(2) of the proposed NIS directive.

  78. 78.

    See Annex II of the proposed NIS directive. E-commerce platforms are explicitly mentioned as one of service provider designated under the proposed regulation.

References

Download references

Author information

Authors and Affiliations

  1. Tilburg Law and Economic Centre, Junior research fellow, European Banking Centre, Tilburg University, Tilburg, The Netherlands

    Safari Kasiyanto (Ph.D. researcher)

Authors
  1. Safari Kasiyanto
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Siena , Siena, Italy

    Gabriella Gimigliano

Copyright information

© 2016 The Editor(s) (if applicable) and The Author(s)

About this chapter

Cite this chapter

Kasiyanto, S. (2016). Security Issues of New Innovative Payments and Their Regulatory Challenges. In: Gimigliano, G. (eds) Bitcoin and Mobile Payments . Palgrave Studies in Financial Services Technology. Palgrave Macmillan, London. https://doi.org/10.1057/978-1-137-57512-8_7

Download citation

  • DOI: https://doi.org/10.1057/978-1-137-57512-8_7

  • Published:

  • Publisher Name: Palgrave Macmillan, London

  • Print ISBN: 978-1-137-57511-1

  • Online ISBN: 978-1-137-57512-8

  • eBook Packages: Economics and FinanceEconomics and Finance (R0)

Publish with us

Policies and ethics

Search

Navigation