Security of M-Commerce transactions

Abstract.
In this material electronic market are defined. How they are structured.
Security in E-Commerce applications is very important both at the administrative
level and from the user perspective. The new trend in the field is the M-commerce
that involves making purchases through mobile devices. And for M-commerce
transactions the security is a very important thing. Here's how to analyze the
security of M-commerce transactions and ways to increase security for these
transactions taking into account the organization of M-Commerce applications,
software used, hardware used and other important issues in the development of
these applications.

1. E-Commerce applications
A business of any kind for prosperous should have the number of clients
higher. Thus it is necessary that its potential customers to know its existence. One
of the many ways to make a company known work is the World Wide Web, which
the company presents its products and customer service. Above both Internets
enables customers to order the products and services offered by the company.

According to Lupu, a developed in the online business has some clear

advantages compared with traditionally held business by opening a physical office.
Benefits are categorized into direct benefits of the company, benefits of company
products and services to beneficiaries and benefits society.

The main advantages of the company's activity are:

 help to expand the business, ensuring quick access to local, national, and even
International;
 reduce costs company-specific activity, in the case of electronic business some
Activities are automated through electronic services;
 Quick and easy modeling of products and services according to the needs of
buyers;
 reduce costs of communication and transportation.
Consumer benefits are numerous, among them:
 consumers' ability to buy or to trade 24/7, indifferent the location;
 the multiple choice options, consumers can compare products from many
manufacturers and choose only him corresponding to his needs;
 choice of the lowest prices for products or services;
 fast delivery to the address specified products or services purchased;
 receipt of relevant information in a very short time;
 participate in virtual auctions;
 reduce prices of goods and services due to competition;
 interaction with other users through forums for buyers changing impressions,
comparing experiences with the products or services offered by that company.

The advantages of electronic business for the society are:

 reducing traffic and pollution in the city, because buying products and services
online but this does not involve the displacement;
 by reducing the price it offers advantages to those with low income, thus
contributing to social protection;
 increase efficiency and improve quality of products and services sold.

In addition to these advantages, electronic businesses have a number of

limitations. The main disadvantages of electronic business are:
 lack of universally accepted standards for quality, security and trust in electronic
business;
 software development tools for conducting electronic business are still evolving;
 be some difficulties in the integration of e-commerce software with some
existing applications and databases;
 Internet access is still inappropriate for a large part of world population;  lack
of a developed hardware structure;
 lack of confidence between business partners;
 lack of confidence in the security of electronic transactions;
 overcoming the stereotype of direct meeting with the business partner or
customer;
 need to know the common communication language for business partners.
 The developed electronic business category is represented by online sales
business, E-Commerce.
The difference between e-commerce and online business comes from the fact
that electronic business (e-business) is not limited to buying and selling of goods or
services, but also include facilities for serving buyers, collaborating with business
partners or management of an organization by electronic means, unlike e-
commerce is the buying, selling or exchanging products, services or information
via computer networks.
According to Zamfiroiu (2010) the e-business term was first used by IBM to
define the use of Internet technologies to improve and transform key processes in a
business. The definition of IBM for e-business is a way to secure, flexible and
integrated business development by combining different processes and systems
running core business operations with those that make it possible to find
information on the Internet.
E-business is a new way of doing business, a new way of using technology
and a new way of creating companies. There is no secret to anyone that the Internet
has revolutionized the business world that is constantly trying to adapt to changing
market needs digital.
Due to the complexity of business, there are times when not all processes can
be automated.
According to Lupu, e-commerce is closely related to the virtual market, this
being the place where buyers and sellers meet to exchange goods, services or
information.
Electronic Businesses currently available were divided into several broad
categories, namely:
 Business to Business (B2B) is a model of electronic commerce between
companies or organizations, Figure 1. This type of business uses as a medium
of operation of the service vendor extranet.
 Business to Consumer (B2C) ecommerce model is the transfer of goods and
services through electronic platforms are made from company to individual
customers, Figure 1.

This model of commerce is based on a Web site which is managed by the

company to promote and sell goods and services. One such site is named online
market and contains descriptions of products and services of the company. Online
markets include functions for searching and viewing products by certain filters,
ordered by some criterion, and also enables taking orders and payment by credit
card or electronic payment different accounts.
 Consumer to business (C2B) is a category of electronic business in which
individuals use a particular platform to sell their products or services firms or
companies in other cities, Figure 1.
 Consumer to consumer (C2C) represents a model in which consumers sell
directly to other consumers products and services through electronic platforms,
figure 1.
 M-commerce or mobile commerce is the business model electronic transactions
and activities are carried out through mobile phones or other mobile devices.
 E-banking involves conducting online banking transactions, transfer money to
bank accounts, electronic payments, bank advice.
 E-procurement is used to purchase goods and services to large companies and
public authorities. The tender specifications published on the Web reduce both
time and cost of transmission, increasing the number of companies taking part
in the auction. The system automatically increases competition and lower
prices.
 Government-to-business (G2B) is an electronic business model in which a
government buys or sells goods, services and information to businesses. In
Romania the used platform is www.e-licitatie.ro.
 Government-to-consumer (G2C) is the specific model of e-government and
covering relations between government and citizens at information and
providing public services, www.edirect.e-guvernare.ro. This category includes
sites for online payment of taxes, www.ghiseul.ro.

Figure 1. Commerce categories

 To launch the online environment, a company must undergo a series of steps
required to identify positive factors and negative factors involved in marketing
their products and services online environment:
 business analysis to be moved in the online environment;
 identify the advantages and the benefits of an electronic business;
 determining the risks involved;
 design online business;
 implementation of all components involved, namely to ensure key requirements
necessary trade goods and services online environment;
 identify ways to promote your business online;
 business administration

Identify the benefits of an electronic business involves:

 determining the type of business and type of customers they address;
 identification of objectives and performance that are intended to achieve;
 identify ways in which products and services will be sold and distributed;
 identify an Internet service provider (ISP), taking into account that will require
site hosting and securing it from unauthorized access;
 creation site under conditions of presentation and content website targeting
categories of potential customers, it will consider the site to be implemented
security features;
 choice of strategy and product promotion site;
 the means and methods to be used for payment of goods/services: checks, credit
cards.

To determine if the business is run traditionally claim to be developed and on-

line, one should be considered a number of arguments, as:
 there are advantages for online business advantages that benefit both the
business and the company's customer’s recipients;
 implications of defining technology used to conduct electronic business;
 completion of a prototype of business what will be launched in the online
environment;
 establishment costs of staff training, maintenance and technical support business
doing business;
 calculating business productivity and its comparison with the traditional version.
 Moving a business in a market in a classic electronic market involves a
number of risks, involving electronic market and some additional risks, such as:
 the competitiveness beyond the local and national market, as in traditional trade;
 existence of a high degree of security of the site that are promoted products and
services;
 determine whether the launch of online business, knowing that there are
situations when it is not recommended building an electronic business, and if
the goods or services are only a certain category of consumers;
 there is a low level of customer involved in purchasing products and services
online;
 increasing danger involved in online attacks by hackers or through viruses;
 there is a quite high possibility that existing online business to hide various
cases of online frauds.

In order to build a website presenting a positive impact on potential customers

to consider a set of rules to build content presentation:
 emphasis on content, on the information provided and the presentation so that
the displays to be easily accessible to visitors;
 creating content in real time taking into account the suggestions of those who
access;
 building a field to answer the most common questions from people who access
the site;
 providing a navigation-oriented product categories and services to help the user
to efficiently retrieve searchable categories;
 building a site with a reserved color that does not tire the eye of the beholder;
 ensuring a higher load speeds for website content by using the content stored in
small files and providing high speed information processing by the server is
stored site.

In order to attract visitors, several policies are applied, such as:

 providing an attractive interface;  introduction site content free information;
 translation information in their native language or in a language of international;
 ensuring support to meet real-time requirements of site visitors;
 providing real contacts to be made available to users by means of which to be
 made effective communication.

When analyzes were performed online business involved, the next step is the
implementation site. This involves several steps and implementation related
technologies, as shown in Table 1.

Table 1. Technologies for developing electronic business (Lupu)

The next step to be run is to promote the business, this being done in
traditional way, by announcements by distributing presentation materials, or
publish online advertisements on high traffic websites or sending via e-mail the
promotional messages.

To publish the site, the business owner has to find a web hosting provider.
The discretion of the supplier, to consider several factors, such as:
 the monthly cost of service (there are providers who offer this service for free),
 existence of high technical characteristics, and both in terms of security of
stored
data, as well as the implementation of superior software solutions for data access
and management and implementation of information;
 bandwidth available for users to access the site.

Next step for online publishing business is the choice of, this being the name
that will be accessed the site to publish it on server. In Romania, the organization
that manages domain names is Romanian Top Level Domain (http://rotld.ro/).

To purchase goods and services or to conduct any business electronic, the

most important aspect is the payment mode. There are many payment methods, the
most common methods used in electronic business are found:
 credit cards are very common and have been designed to allow customers to
immediately buy goods and services they need; the use of credit cards, the risk
is transferred from the seller to the financial institution that issued the credit
 card. This is the most used method of payment;
 gift certificates with a certain value are bought using various systems of
payment (cash, credit cards); the certificate is sent to another person (gift), it
may make payments (up to the amount stated on the certificate) in many shops;
 electronic checks is a method widely used in electronic business; a
consortium of banks, FSTC - Financial Services Technology Consortium has
created a model of electronic check which is very similar to the classical checks
on paper; payer uses a processor to generate and digitally sign a check will be
sent by electronic mail or Web; it is sent to the bank or the buyer - who will
honor him after verifying the digital signature, sending bank money seller or
seller directly - which will verify the signature, sign will turn and send it to his
bank;
 PayPal is a software solution for electronic payments (www.paypal.com);
transactions are between buyer and seller; they must create a PayPal account;
 Smartcard is the substitute regular wallet; content of a traditional wallet:
documents, credit cards, cash, will be replaced by one or more smart cards;
from the physical point of view, a smart card looks like a credit card with one or
more microcircuits; a smart card can store 100 times more information than a
magnetic card, while being more secure; the main benefits of smart cards are:
safety, flexibility in application, the possibility of off-line validation; smart
cards directly stores the digital equivalent of the amount of money and not
behind an account with a bank or a bank loan; when such a card is used to buy
something that is effectively equivalent vendor and then further transferred to a
financial institution; smart card can be rechargeable or not, in which case the
card will be discarded when the amount stated on she was exhausted; in
countries with a tradition of electronic commerce are substantial efforts to adopt
smart cards;
 Money Bookers enables any business or consumer sector that has an e-mail to
make and receive online payments safely and effectively - in real
time; Moneybokers can be used for:
– send money from your credit/debit card or bank account, using the e-mail;
– online shop;
– receive money using e-mail.
 Money bookers offer an ideal product for small businesses for online
merchants, individuals and others currently underserved by traditional mechanisms
insufficient payment.

Except payment systems presented, there are other ways of payment counter
products bought online, but they must be approved both of the buyer and seller.
Knowing that the payment method is a prerequisite for the eventual buyer to apply
for goods and services online, it is important for online business that developer to
use an approve payment method and commonly used by customers.

In Romania, at the moment, the most common method of payment is cash

payment, meaning that the person acquiring products online pay at the time the
product is delivered to his home by a courier service.

2. The security of e-Commerce

Data security is of importance due to the fact that online transactions
processing personal data, especially data regarding bank accounts and financial
resources of the users.

In order to increase the level of security methods there are implemented

methods to ensure data privacy and of information’s processing. The authentication
is to certify that the communicating parties are exactly those that claim to be. The
authentication is often performed by a digital signature.

Developing a business in the online environment must emphasize that its role
is to market products and services, marketing which, in the first phase, entails the
recording of transactions. In this regard, business developers must implement
options to certify transactions recorded in agreement.

Another important aspect of security is given to integrity, quality defining

keeping the original structure and original meaning they have the data, thereby
protecting data alteration.

Internet transaction has three components, each affecting in some way its
security, namely:
 user - the person entering the site to buy;
 server - representing business owner;
 connection of the two components.

Any distributed application requires the prior existence of a well-defined target

group that ensures efficient use of its resources.

The target group is made up of the heterogeneous elements in relation to a

criterion to be considered in a number of subsets of a degree of uniformity control,
which fall within a range. Each subset corresponds to a user profile. If the target
group G has k subsets: S1, S2, ..., Sk, a subset Si will correspond the Pi profile,
component of the profile P defined by P = { P1, P2, ..., Pk }.

The literature it is identified by the use of a representative range of

applications that present a complete list of vulnerabilities LV.

For a specialized computer application Ah, vulnerabilities that manifest make

up the crowd LVhLV.

Information security is important in the study of the purchase of data on user

behavior, resulting in gross recording inputs, access to resources and
vulnerabilities arising:

Vulnerability study is done systematically cover the most important idea of the
generation effect vulnerabilities.

Table 2 shows the correspondence between the vulnerabilities identified, their

frequencies and the losses.
Table 2 Correspondence between errors and losses
values in the Table 2 as ordered by the value of increasing primary and secondary
losses after the frequencies of vulnerabilities.

For vulnerabilities that cause the greatest losses are calculated a percentage
of the software applications resulting value of each vulnerability, of the total value
of losses. If the weight exceeds the threshold of 0.97, this vulnerability is analyzed
to identify the causes and ways to improve computer security applications and
WCF.

To enhance the security of applications, calculating damages enlarged share

combinations of vulnerabilities, such:

this defines an architecture of security solutions that includes components that

control these vulnerabilities. There are standard procedures to eliminate the causes
of producing events associated vulnerabilities, thus building professionals matrix
associated vulnerabilities identified those security components that reduce or
control the effects of these vulnerabilities.

Based on security matrix there will be implemented those components that

mitigate vulnerabilities identified.
Table 3. Security matrix

representing that the vulnerability identified in the table line is rectified security
component identified in the table column.

Building security matrix that leads to the identification of security solutions,

that is unique and best of economically solves optimal computer application
vulnerabilities affecting.
3. Security particularities of M-Commerce applications
M-commerce or mobile e-commerce represents the using of mobile devices
for communication and implementation of electronic commerce transaction or any
transaction with monetary value achieved through mobile devices. M-commerce
appeared due to the rapid evolution of the mobile devices and connection among
internet became more accessible regardless of the geographical location of the
person who connects to the Internet.

According to Rannu et al. (2010), an estimate on mobile devices for 2018 is

realized. This estimate is made on based on the analysis of 1998-2008 decade.
Table 4. Evolution of mobile devices

If in 1998 the power of mobile penetration was only 5%, it increased in 10 years to
2008 to 55% in the mobile market and will increase to 96% or more in next period.
Of these shares only a small part represents smart phone, the rest being normal
mobile phone for people who just want to make calls and send messages,
applications used especially in 1998, when the penetration power of smart mobile
devices was very low. In 2008 the applications used on mobile phones have
become more diversified, and the power of penetration of smart phones increased.
In addition to making calls and sending these devices users listen to music,
viewing video clips, internet browsing and other specific business. For 2018 we do
not know what applications will be used but certainly those used today will be used
and other new applications, strength of smart phone penetration reaching 40%.

Communications networks used until now are divided into four distinct
generations:
 1st generation (1G), designed to provide a single service, the voice appeared
starting in 1980; currently one generation systems are out of service in many
countries they have worked;
 2nd generation (2G) was originally designed to provide voice services, while
having a limited capacity for data transmission services with relatively low
 speed; by using packet data transmission through GPRS process, data
transmission speed can be up to 172 kbit/s (compared to speed of 14.4 kbit/s
offered in phase 1 development); it becomes possible to make multimedia
transmission;
 3th generation (3G) increased transmission speeds of up to 2 Mbit/s (in some
versions up to 8 Mbit/s) and the multiple possibilities for quality multimedia
services and to operate in different environments; entry into service of the first
3G systems were conducted in 2001-2002;
 4th generation (4G) can offer download speeds of up to 100 mbps.

Evolution of network generations is shown in Figure 2.

Figure 2. The evolution of communications networks generations

In the paper of Cole et al. (2009) it is given an ecosystem to create electronic

wallet for mobile phones. A prototype electronic wallet is described, smart mobile
devices based on an architecture designed to demonstrate the concept. The simplest
action to demonstrate the using of this wallet is when a person goes to shopping
but forgot money and cards at home. How people do not ever leave the phone next
to them, it certainly is in the possession of the person went shopping. And after he
purchases he realizes the payment by mobile phone process similar with credit
cards payment.

The most important roles in such ecosystem are:

 user wallet is the most important part of the ecosystem because it controls the
transactions;
 content providers such as banks or other financial service providers that can
provide user accounts credit or debit card, digital coupons or discount offers;
 content consumers are entities that extract content from electronic wallet and
 POS stations in stores;
 host of wallet is the entity that implements electronic wallet used by ecosystem
services such as banks or other financial service providers;
 electronic wallet service providers are entities that provide users the ecosystem
services provided by content providers.

M-Commerce applications are obtained by the two methods:

 supplement or extend existing applications, which involves the addition of new
tools to improve more efficient the access to E-Commerce applications existing
through mobile devices;
 innovative requires the development of new services and new applications for
M-Commerce to facilitate access through mobile devices; in this category of
applications are not used old e-commerce applications; new applications are
designed from the beginning.

Security for mobile devices and applications for these devices is provided in the
following aspects:
 authentication found in the M-Commerce applications with virtual identity
verification (Ivan et al., 2012), the request of personally identifiable information
and checking them with the information previously provided in the registration;
according to (Marian, 2009) authentication is the process of establishing or
confirming the accuracy and reliability of information relating to the identity or
origin of an entity. The authentication process is divided into two parts:
– the first part is to identify the entity that is done by presenting an identifier
associated with the entity that authenticates;
– the second step is the verification and validation entity that authenticates.

In the M-Commerce applications used is that user authentication. The user

authentication involves the two steps in sequence:
 user identification;
 claimed identity verification and validation.

These steps are similar to the steps identified in the authentication process.
Such user authentication satisfies the conditions of the authentication process. Also
all mobile applications which are components of authentication must acknowledge
these restrictions and authentication process to meet. In all applications, the
authentication process must submit these steps.
 communication and sending text messages is one of the core activities of mobile
phones and also transactions; so this is a very important segment where security is
vital to protect users of mobile devices; in paper of Boja et al. (2011) SMSEncrypt
application is presented for the people who want a secure communication through
SMS service; SMSEncrypt software is composed of two parts: first part of sending
encrypted with specified key and the second allows receiving messages and
decrypt the secret key that the message receiver must know.

Encryption key and decryption key are identical and are known only to the
sender of the message and its receiver.

Figure 3 presents the steps that are taken in order to send an encrypted message
and steps taken to read it to reception.

Figure 3. Stages of communication through encrypted messages

 information is stored remote or on a server as a backup in case of damage to

mobile; in the internal memory of the mobile device the user store pictures taken
with this device, text messages used to communicate with other people, emails,
contacts or other persons contact list; all this information in the event of damage
or destruction of the mobile device is lost, and their recovery is impossible or
very difficult; it is recommended to keep a backup copy on a server or other
device;
 encryption of locally stored information in case the device is lost or stolen by
other people, such as personal information available to them; so that the
previous recommendation information is saved in a backup on the server are
stored on your device but are protected by a password, access to which is
 allowed only by specifying the encryption key.

These aspects are very important in developing mobile applications and should
be considered so that the quality of the application is increased by the security
offered to the user.

4. Ways to increase the security in M-Commerce

According to Gheorghe (2001), to increase the security of m-commerce
transactions a series of aspects should be considered:
 Is necessary the exchange of information, data and knowledge about the
vulnerability of different software systems, between M-Commerce platforms
and users;
 It is necessary to build a platform which provides services to M-Commerce, a
responsibility to ensure cooperation between different groups active in the
operation of critical infrastructure;
 Infrastructure protection capabilities necessary to build integrated into the
various institutions dealing with making M-Commerce transactions;
 It is necessary to achieve a culture of safety, appropriate both to users and to the
persons administering M-Commerce Platforms;
 M-Commerce platforms administrators must consider the potential impact of
cyber dangers and accordingly covered;
 It is necessary initiation and management of research activities to address
vulnerability and security platforms for M-Commerce.

The most important aspect when making the M-commerce transaction is

security and safety is ensured as users or buyers online, so that they trust services
through mobile devices. So, to attract as many users it is necessary to increase the
security services and increase confidence in these services. According to Kwok
and Chi (2006) the problems encountered in mobile commerce are:
 Coordination and interoperability between existing technologies and protocols in
the M-Commerce environment;
 Security of the authentication process in the site, you need to keep safe the
information provided by the user to increase users' confidence;
 User privacy and trust sites M-Commerce to increase the collaboration and the
number of transactions;
 Payment must be made on a secure channel, preferably involving private and
secure minimum exposure to information about the user who made the payment.

According to AV Security (2013), in 2013 attackers will aim, in greater

measure, users of mobile devices; especially the amount of malware developed for
phones and tablets will increase.

In terms of hardware to increase security in M-Commerce there are physical

devices used to secure online accounts.

Currently many mobile users use saving passwords in browsers and if lost or
stolen mobile device user access to old accounts is done with great ease. To do this
is recommended that for electronic shopping made via mobile devices to be used a
new method of authentication or a new level of security and request a new
password that is not stored in the mobile device browser.

Conclusions
Increasing the number of users who choose to order products and services
online led to the implementation of new methods and concepts of online business.

Mobile ecommerce solutions increase the number of users and thus increase the
number of potential customers. However, an increased number of potential mobile
users in the field of online commerce are also a growing number of potential
people to be victims of cybercrime.

Therefore, the implementation of mobile services to ensure access to the

ecommerce options must take into consideration the security of these services, so
the transfer of data with personal character and especially of bank accounts
accessing data on is to be achieved only by people legal owner.

Identifying vulnerabilities and their control or eradication increase trust that

users give mobile commerce services.

References
1. AV Security, http://www.avsecurity.ro/index.php?
option=com_content&view =article&id =217: tendintele-securitatii-it-in-
2013-niciun-razboi-cibernetic-la-orizont&catid=42:fp-rnp

2. Boja, C., Pocatilu, P., Zamfiroiu, A. (2011). “Data Security in M-Learning

Messaging Services”, International Journal Of Computers And
Communications, Vol. 5, No. 3, pp. 198-205

3. Cole, A., McFaddin, S., Narazanaswami, Chandra, Tiwari, Alpana (2009).

“Toward a Mobile Digital Wallet”, IBM Research Report, 16 octombrie

4. Gheorghe, A.V. (2001). Analiză de risc şi de vulnerabilities pentru

infrastructural critic ale societăţii informative – societies a cunoaşterii

5. Ivan, I., Boja, C., Zamfiroiu, A. (2012). „Process de emulate pentru test area
aplicatiilor mobile”, Revista Româna de Informatica si Automatica, Vol. 22,
No. 1, pp. 5-16

6. Kwok, Sai Ho, Chi, R. (2006). “Digital Rights Management for Mobile
Commerce Using Web Services”, Journal of Electronic Commerce
Research, Vol. 7, No. 1

7. Lupu, V., http://www.seap.usv.ro/~valeriul/lupu/afaceri_electronice.pdf

Marian,

8. M. (2009). Ghid de Securitate Informatica, Editura Universitară, Craiova,

2009

9. Rannu, R., Saksing, S., Mahlakõiv, T. (2010). Mobile Government: 2010

and Beyond

10.Zamfiroiu, A. (2010). „Aspecte privind afacerile online si un prototip de

platform de e-gaming”. Revista Româna de Informatica si Automatica, Vol.
20, No. 4