Comparison of Mobile Transaction Security Using NFC and QR Codes
Abstract
Mobile device transactions have become commonplace today. Quick-response (QR) codes and near-field communication (NFC) are popular cashless and contactless payment methods. These two payments have their characteristics. NFC payments use secure elements that encrypt credential data to ensure safe transactions. In contrast, QR code payments transmit data in its original form without encryption. Existing data are sent between devices in the form of original data. Given the extensive adoption of these methods, it is imperative to secure transaction data to prevent theft and misuse. It is necessary to know and compare the security level of each transaction and provide the best recommendations. This study undertook a comparative analysis of the security and performance of NFC and QR code-based mobile payment models. The study found that NFC transactions required 1,074 ms for encryption, while QR code transactions took 5.9359 ms. The entropy value, indicating data randomness, was 3.96 for NFC and 3.23 for QR codes. The P value, representing statistical significance, was 0.45 for NFC and 0.069 for QR codes. Both payment methods demonstrated acceptable levels of safety, with processing times and data randomness within satisfactory ranges. However, the analysis concludes that NFC transactions offer superior performance in terms of processing time and data security compared to QR code transactions.
References
M. Raikar, P.N. Naik, C. Bhavikatti, and S. Shetty, “QR code based patient monitoring system,” Int. Res. J. Eng. Technol., vol. 7, no. 5, pp. 7635–7638, May 2020.
T. Cata, P.S. Patel, and T. Sakaguchi, “QR code: A new opportunity for effective mobile marketing,” J. Mob. Technol. Knowl. Soc., vol. 2013, pp. 1–7, Aug. 2013, doi: 10.5171/2013.748267.
S. Kamble, “A QR code technology for centralized inventory management system,” Int. Res. J. Eng. Technol., vol.8, no. 4, pp. 1537–1540, Apr. 2021.
S. Nseir, N. Hirzallah, and M. Aqel, “A secure mobile payment system using QR code,” in 2013 5th Int. Conf. Comput. Sci. Inf. Technol., 2013, pp. 111–114, doi: 10.1109/CSIT.2013.6588767.
C. Shuran and Y. Xiaoling, “A new public transport payment method based on NFC and QR code,” in 2020 IEEE 5th Int. Conf. Intell. Transp. Eng. (ICITE), 2020, pp. 240–244, doi: 10.1109/ICITE50838.2020.9231356.
S.S. Ahamad, “A novel NFC-based secure protocol for merchant transactions,” IEEE Access, vol. 10, pp. 1905–1920, Dec. 2022, doi: 10.1109/ACCESS.2021.3139065.
S. Chabbi and N.E. Madhoun, “A new security solution enhancing the dynamic array PIN protocol,” in 2022 Int. Wirel. Commun. Mob. Comput. (IWCMC), 2022, pp. 991–996, doi: 10.1109/IWCMC55113.2022.9825252.
A.B. Barba et al., “Design and manufacture of flexible epidermal NFC device for electrochemical sensing of sweat,” in 2022 IEEE Int. Conf. Flex. Printable Sens. Syst. (FLEPS), 2022, pp. 1–4, doi: 10.1109/FLEPS53764.2022.9781563.
F. Basic, C.R. Laube, C. Steger, and R. Kofler, “A novel secure NFC-based approach for BMS monitoring and diagnostic readout,” in 2022 IEEE Int. Conf. RFID (RFID), 2022, pp. 23–28, doi: 10.1109/RFID54732.2022.9795979.
L. Ahmad, R. Al-Sabha, and A. Al-Haj, “Design and implementation of a secure QR payment system based on visual cryptography,” in 2021 7th Int. Conf. Inf. Manag. (ICIM), 2021, pp. 40–44, doi: 10.1109/ICIM52229.2021.9417129.
W. Stallings, Cryptography and Network Security: Principles and Practice, 6th ed. Harlow, United Kingdom: Pearson, 2013.
L.N. Harnaningrum, A. Ashari, and A.E. Putra, “Mobile payment transaction model with robust security in the NFC-HCE ecosystem with secure elements on smartphones,” Int. J. Adv. Comput. Sci. Appl., vol. 13, no. 8, pp. 160–168, Aug. 2022, doi: 10.14569/IJACSA.2022.0130819.
A. Rukhin et al., “A statistical test suite for random and pseudorandom number generators for cryptographic applications,” Natl. Inst. Stand. Technol. Spec. Publ., Gaithersburg, MD, USA, Tech. Rep. NIST SP 800-22rev1a, 2010.
K. Oad, “Reduce the complexity of big number factoring for RSA breaking,” M.S. Thesis, Southeast Missouri State University, Cape Girardeau, MO, USA, 2021.
H.M. Bahig et al., “Performance analysis of Fermat factorization algorithms,” Int. J. Adv. Comput. Sci. Appl., vol. 11, no. 12, pp. 340–352, Dec. 2020, doi: 10.14569/IJACSA.2020.0111242.
K. Fan, P. Song, and Y. Yang, “ULMAP: Ultralightweight NFC mutual authentication protocol with pseudonyms in the tag for IoT in 5G,” Mob. Inf. Syst., vol. 2017, pp. 1-7, Apr. 2017, doi: 10.1155/2017/2349149.
N.E. Madhoun, E. Bertin, and G. Pujolle, “For small merchants: A secure smartphone-based architecture to process and accept NFC payments,” in 2018 17th IEEE Int. Conf. Trust Secur. Priv. Comput. Commun./12th IEEE Int. Conf. Big Data Sci. Eng. (Trust./BigDataSE), 2018, pp. 403–411, doi: 10.1109/TrustCom/BigDataSE.2018.00067.
A. Al-Haj and M.A. Al-Tameemi, “Providing security for NFC-based payment systems using a management authentication server,” in 2018 4th Int. Conf. Inf. Manag. (ICIM), 2018, pp. 184–187, doi: 10.1109/INFOMAN.2018.8392832.
N.E. Madhoun, E. Bertin, and G. Pujolle, “An overview of the EMV protocol and its security vulnerabilities,” in 2018 Fourth Int. Conf. Mob. Secure Serv. (MobiSecv), 2018, pp. 1–5, doi: 10.1109/MOBISECSERV.2018.8311444.
S.S. Ahamad and A.-S.K. Pathan, “Trusted service manager (TSM) based privacy-preserving and secure mobile commerce framework with formal verification,” Complex Adapt. Syst. Model., vol. 7, no. 1, pp. 1–18, Dec. 2019, doi 10.1186/s40294-019-0064-z.
A. Al-Mamun, S.S.M. Rahman, T.A. Shaon, and M.A. Hossain, “Security analysis of AES and enhancing its security by modifying s-box with an additional byte,” Int. J. Comput. Netw. Commun., vol. 9, no. 2, pp. 69–88, Mar. 2017, doi: 10.5121/ijcnc.2017.9206.
R. Skibba, “Japan’s Fugaku supercomputer crushes competition, but likely not for long,” Engineering, vol. 7, no. 1, pp. 6–7, Jan. 2021, doi: 10.1016/j.eng.2020.12.003.
Y. Kodama, T. Odajima, E. Arima, and M. Sato, “Evaluation of power management control on the supercomputer Fugaku,” in 2020 IEEE Int. Conf. Clust. Comput. (CLUST.), 2020, pp. 484–493, doi: 10.1109/CLUSTER49012.2020.00069.
© Jurnal Nasional Teknik Elektro dan Teknologi Informasi, under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.