Skip to main content

Resuscitating privacy-preserving mobile payment with customer in complete control


Credit/debit card payment transactions do not protect the privacy of the customer. Once the card is handed over to the merchant for payment processing, customers are “no longer in control” on how their card details and money are handled. This leads to card fraud, identity theft, and customer profiling. Therefore, for those customers who value their privacy and security of their payment transactions, this paper proposes a choice—an alternate mobile payment model called “Pre-Paid Mobile HTTPS-based Payment model”. In our proposed payment model, the customer obtains the merchant’s bank account information and then instructs his/her bank to transfer the money to the merchant’s bank account. We utilize near field communication (NFC) protocol to obtain the merchant’s bank account information into the customer’s NFC-enabled smartphone. We also use partially blind signature scheme to hide the customers’ identity from the bank. As a result, our payment model provides the customer with complete control on his/her payments and privacy protection from both the bank and the merchant. We emulated our proposed mobile payment model using Android SDK 2.1 platform and analyzed its execution time.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8


  1. Abe M, Okamato T (2000) Provably secure partially blind signature. In: proceedings of annual international cryptology conference. LNCS 1880:271–286

  2. Balakrishnan M, Mohomed I, Ramasubramanian V (2009) Where’s that phone?: geolocating IP addresses on 3G networks. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, pp 294–300

  3. Brands S (1993) Untraceable off-line cash in wallets with observers. In: Proceedings of annual international cryptology conference, pp 302–318, ISBN 3-540-57766-1

  4. Cao T, Lin D, Xue R (2005) A randomized RSA-based partially blind signature scheme for electronic cash. Comput Secur 24–1:44–49

    Article  Google Scholar 

  5. Chaum D, Fiat A, Naor M (1988) Untraceable electronic cash. In: Proceedings of annual international cryptology conference, pp 319–327, ISBN 3-540-97196-3

  6. Chaum D (1982) Blind signatures for untraceable payments. In: Proceedings of annual international cryptology conference, pp 199–203

  7. EPCglobal Inc website.

  8. EPCglobal Specification, The EPCglobal architecture framework.

  9. Gartner Inc. (2009) Dataquest Insight: mobile payment, 2007–2012.

  10. Hayashi F (2009) Do US consumers really benefit from payment card rewards?. Econ Rev, First Quarter, Federal Reserve Bank of Kansas City,

  11. Heydt-Benjamin TS, Bailey DV, Fu K, Juels A, O’Hare T (2007) Vulnerabilities in first-generation RFID-enabled credit cards. In: Proceedings of eleventh international conference on financial cryptography and data security. LNCS 4886, pp 2–14

  12. Internet Engineering Task Force (IETF), Network Working Group, Rescorla E (2000) “HTTP Over TLS”, RFC2818.

  13. ISO/IEC 14443-1∼4 (2008) Identification cards—contactless integrated circuit cards—proximity cards.

  14. ISO/IEC 18092, Near Field Communication Interface and Protocol (NFCIP-1).

  15. Massouda N, Saundersb A, Scholnickc B (2010) The cost of being late? The case of credit card penalty fees. J Financ Stability. doi:10.1016/j.jfs.2009.12.001

  16. MasterCard Worldwide, Tap & Go with MasterCard PayPass.

  17. MasterCard Worldwide, MasterCard Pioneers Innovation in Payments with NFC Enabled Mobile Phones.

  18. Michael K, Burrows JH ELECTRONIC DATA INTERCHANGE (EDI). National Institute of Standards and Technology, 1996/04/29.

  19. National Institute of Standards and Technology (NIST) (2009) Digital Signature Standard (DSS), The Federal Information Processing Standards (FIPS) Publication 186–3.

  20. NFC Forum website.

  21. Pritchard S (2009) Data lost, not found. Infosecurity 6-4:22–24

    Article  Google Scholar 

  22. Roberds W, Schreft SL (2009) Data breaches and identity theft. J Monetary Econ 56-7:918–929

    Article  Google Scholar 

  23. Schuhy S, Shyz O, Stavins J (2010) Who gains and who loses from credit card payments? Theory and calibrations. The Economics of Payments IV—Federal Reserve Bank of New York.

  24. Sweeney II PJ (2005) RFID for dummies. Wiley, ISBN: 0-7645-7910-X

  25. VeriSign, The EPCglobal Network: Enhancing the supply chain. White Paper (2005).

  26. Vijayan J (2009) Heartland data breach sparks security concerns in payment industry. News article at Computerworld,


  28. Visa Europe, Visa Contactless—the wave and pay alternative to cash for low value transactions.

Download references


This work was partially supported by Brain Korea 21 (BK21) Project of the Korea Research Foundation (KRF) grants to Made Harta Dwijaksara.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Divyan Munirathnam Konidala.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Konidala, D.M., Dwijaksara, M.H., Kim, K. et al. Resuscitating privacy-preserving mobile payment with customer in complete control. Pers Ubiquit Comput 16, 643–654 (2012).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


  • Smartphone application
  • Secure mobile payment
  • Privacy
  • Near field communication (NFC)
  • RFID
  • Customer centric payment model