A mobile payment scheme using biometric identification with mutual authentication

Conference item

Cashless payment systems offer many benefits over cash, but also have some drawbacks. Fake terminals, skimming, wireless connectivity, and relay attacks are persistent problems. Attempts to overcome one problem often lead to another—for example, some systems use QR codes to avoid skimming and connexion issues, but QR codes can be stolen at distance and relayed. In this paper, we propose a novel mobile payment scheme based on biometric identification that provides mutual authentication to protect the user from rogue terminals. Our scheme imposes only minimal requirements on terminal hardware, does not depend on wireless connectivity between the user and the verifier during the authentication phase, and does not require the user to trust the terminal until it has authenticated itself to the user. We show that our scheme is resistant against phishing, replay, relay, and presentation attacks.

Authors: Sturgess, J; Martinovic, I

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: SciTePress
• Host title: Proceedings of the 22nd International Conference on Security and Cryptography - SECRYPT
• Volume: 1
• Pages: 577-585
• Publication date: 2025-06-11
• Acceptance date: 2025-03-17
• Event title: 22nd International Conference on Security and Cryptography (SECRYPT 2026)
• Event location: Bilbao, Spain
• Event website: https://secrypt.scitevents.org
• Event start date: 2025-06-11
• Event end date: 2025-06-13
• DOI: 10.5220/0013498600003979
• ISSN: 2184-7711
• ISBN: 978-989-758-760-3
• Language: English
• Keywords: authentication; identification; mobile payment; biometrics; mutual authentication