Design and Implementation of a Secure In-app Credit Card Payment System

Abstract: Smartphones are often used in order to make purchases today and mobile payments are estimated to continue growing in numbers the following years. This makes mobile payment systems attractive to companies as a new business platform. It also increases the number of malicious users trying to exploit the systems for financial gain. This thesis is conducted for the company TaxiCaller which desires to integrate mobile payments into their existing service. It discusses the current security standards for mobile payments and evaluates existing mobile payment solutions. The focus of the evaluation is on the security of the solutions and vulnerabilities, as well as mitigations of identified vulnerabilities, are discussed. Based on the evaluation, a mobile payment solution is designed and implemented. This system fully integrates with TaxiCaller’s existing system. A threat analysis of the implemented mobile payment solution is performed to provide confidence in the security. This thesis also provides an insight into the ecosystem of mobile payments including the stakeholders, the regulations, the security standards and difficulties during implementations.