1. Introduction

The exponential demand for mobile money services is radically transforming the lives of the large unbanked population in sub-Saharan Africa. The mobile money system (MMS) makes it possible to render diversified services at affordable costs to remote areas and low-income people. Therefore, Suri [1] defined a mobile money system as a payment account that sits on the user’s mobile phone and is used to engage in financial transactions by going through a menu. In sub-Saharan Africa, MMS has spread at a remarkable speed and extends many benefits such as convenience, reliability, speed, flexibility, and affordability [2]. Furthermore, it settles domestic financial matters, avoids security hazards of carrying hard cash, and eliminates standing in long queues at banks [3].

In Uganda, mobile money payment systems such as MTN Uganda, Airtel, UTL, Africell, M-Cash, Ezeey Money, and Micropay have a combined network of approximately 200,857 agents who act as intermediaries [4,5,6]. These MMSs provide services ranging from sending and receiving the money to checking account balances [7,8]. Mobile money agents and users interact with the MMS using the unstructured supplementary service data (USSD) protocol interface that has a main menu and short message service (SMS) sent by the telecommunication company for notification purposes.

Although MMS plays an essential part in bridging the financial inclusion gap, unfortunately, the security of MMS has been a rising concern with the evolution of mobile technology. Despite the considerable effort invested in providing a more robust and secure system, most of the existing MMSs still rely on a weak two-factor authentication (2FA) scheme. Various attacks to mobile money’s 2FA scheme include man-in-the-middle (MITM) attack, authentication attack, replay attack, identity theft, USSD technology vulnerabilities, brute force attack, social engineering attacks, and denial of service (DoS) attack [8,9,10,11,12,13,14,15,16,17,18,19,20,21,22]. Reaves et al. [23] also observed that the current MMS uses nonstandard cryptography, which is easily compromised, thus limiting the integrity and privacy guarantees of the software, giving rise to the threat of forged transactions and loss of transaction privacy.

In Uganda, many customers and businesses have lost billions of shillings to adversaries because of the sophisticated technologies used to attack MMS’s 2FA, which is the weakest authentication method [24]. The purpose of this study is to analyse critically the previously published literature on the threat models and countermeasures for the mobile money’s 2FA scheme. The MMS primarily deals with high-level private financial and confidential information, where the security has to be top-notch as threats cannot be accepted [7]. Therefore, deploying highly secure MMS will ensure secure authentication, access control, integrity, confidentiality, availability, nonrepudiation, and privacy of the confidential information [25,26].

There are related survey papers that focused on mobile 2FA schemes. For example, Ferrag et al. [27] presented a comprehensive review of smart mobile device authentication schemes. Phipps et al. [20] explored the security of the phone-based mobile money systems against attacks via the SIM interface. Han et al. [28] and Dmitrienko et al. [29] analysed the security of the 2FA schemes for the mobile. Nevertheless, none of the mentioned surveys analysed the threat models and countermeasures for mobile money’s 2FA scheme. Therefore, this is the first study that thoroughly analyses the threat models and countermeasures of the 2FA scheme for mobile money in Uganda.

The current review makes the following contributions:

• Presents the concept of authentication and types of authentication factors.

• Presents an overview of the MMS architecture and mobile money access.

• Explains the authentication scheme for mobile money in Uganda.

• Discusses the five categories of the threat models, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability.

• Provide countermeasures for the threat models in mobile money’s 2FA scheme.

The organisation of the paper is as follows: Section 2 presents related works on MMS architecture, mobile money access, the authentication scheme for the mobile money in Uganda, various attacks on MMS, threat models, and countermeasures; Section 3 presents the materials and methods used in the study; Section 4 details results and discussions; the final remarks and future works are given in Section 5.

2. Related Work

2.1. Concept of Authentication

Authentication is defined as the process of verifying the user’s claimed identity by comparing the data received from an individual with those stored in the database to attest whether the person is who they claim to be [30]. Authentication is important because it allows only authorised individuals to access system resources [31]. The main mechanisms that are available to authenticate individuals with established credentials are as follows:

• ■. Something you know (knowledge factor) such as a password, personal identification number (PIN), an answer to a security question.

• ■. Something you have (ownership factor) such as security token, subscriber identity module (SIM) card, one-time password (OTP) token, employee access card.

• ■. Something you are (biometric factor) such as biometric fingerprint, face, iris, retina, voice, gait, keystroke dynamics, gaze gestures, signature, deoxyribonucleic acid (DNA).

2.2. Types of Authentication Factors

There are mainly three types of authentication factors available to verify both online and offline users.

• Single-Factor Authentication (SFA)

  Single-factor authentication was defined by Rouse [32] and Rahav [33] as the process via which a person seeking access requests an authenticating party to attest their personality by availing a single attribute linked to the identity, for example, the use of a PIN to unlock a phone. Many companies accepted SFA because it is simple and user-friendly [34]. However, this form of authentication cannot be applied to financial institutions and other relevant transactions because it is vulnerable to shoulder surfing attacks, brute force attacks, social engineering attacks, and impersonation attacks [33].

• Two-Factor Authentication (2FA)

  Two-factor authentication was defined by Rahav [33] as the process via which a person seeking access requests an authenticating party to attest their personality by availing two attributes such as something you know and either something you have or something you are that are linked to the identity. Mobile money authentication, for example, relies on 2FA. In 2FA, the attacker must have the two identifiers for access [33]. Nevertheless, the 2FA is susceptible to eavesdropping, MITM attack, and forgery or Trojan horse attack and is not fully effective against phishing [34].

• Multifactor Authentication (MFA)

  Rahav [33] defined MFA as the process via which a person seeking access requests an authenticating party to attest their personality by availing multiple identifiers such as something you know, something you have, and something you are that are linked to the identity to grant access. In MFA, three factors such as knowledge, ownership, and biometric are all used together during authentication [33]. Many computing devices and critical services are adopting MFA because it provides higher levels of security against the different attacks [34,35]. MFA becomes more successful when one of the authentication factors is separated physically from the device from which the client accesses the application or resource [36]. The use of biometrics in the MFA process helps to improve identity proof and has a profound effect on the security of the system [34,37].

2.3. Mobile Money System Architecture

The MMS comprises several components such as network, customers, agents, administrators, authentication, financial institutions (e.g., banks), information technology (IT) administrators, base transceiver station (BTS), databases, and servers (telecom gateway servers such as short messaging service gateway (SMSGW) and USSD), core servers, web servers) [38]. The platform does not exist as a standalone unit; it connects to other mobile network operator (MNO) core elements to access the global system for mobile communications (GSM) technology and to external platforms to provide full commercial functionality. The internal MNO interfaces include SMS centre (SMSC), USSD gateway, airtime in or mediation platform, web services, and interactive voice response (IVR) gateway. The external interfaces include banking systems, payment switches, biller systems, payment service provider systems, point-of-sale devices, and systems [39,40]. All these components work together to achieve the goal of the system. Figure 1 shows a mobile money system architecture.

2.4. Mobile Money Access

In Uganda, mobile money applications have a standardised interface across the seven MMSPs. Varieties of acceptance technologies are available to mobile money merchants to access services from the servers, which include the following:

• ○. Unstructured Supplementary Services Data (USSD): This is a communications protocol used by mobile communication technology in mobile networks to send texts between mobile phones and an application program without internet access [21]. It is session-based and interactive, but much faster since it involves simple operations that are handset-independent [39]. All seven MMSPs in Uganda, namely, MTN Uganda, Airtel, UTL, Africell, M-Cash, Ezeey Money, and Micropay, work by initiating a session between the mobile phone and the server through dialling a USSD code, for example, by dialling *165# in MTN to display the mobile money menu, followed by a series of steps to accomplish a transaction [2]. There are two modes of USSD operations, namely, the mobile-initiated operation and the network-initiated operation [39].

• ○. SIM Toolkit (STK): This is the portion of the GSM standard that enables the SIM to initiate activities to further exploit SMS by providing value-added services such as mobile banking [41]. GSMA [42] added that the STK is a set of applications that run on the SIM card and interact with the mobile device. Mobile operators use STK to present information about their services to subscribers [41]. The mobile money transaction is achieved when the mobile money platform breaks down the transaction into a series of logical steps by using STK and then reassembles the different steps into a complex statement, which is transmitted to the server via SMS [2].

• ○. SMS: This is a technology used by mobile subscribers and mobile telephones to exchange alphanumeric messages [43]. All the mobile money platforms in Uganda use SMS to send confirmation or notification messages for the success or failure of a transaction to the user [2,39].

Mobile money platforms in Uganda have a simple interface made of a basic menu that is accessed using the USSD protocol. Mobile money users can send electronic money from their accounts to other users by interacting with the USSD interface and telecommunication company [2]. The telecommunication company sends a confirmation message to both the sender and the recipient about the money. The mobile money confirmation SMS contains details about the transaction identifier (ID), date and time of the transaction, amount sent, the recipient’s name and phone number, the fee charged for sending the money, the reason for sending the money, and the available balance in the sender’s account.

2.5. The Authentication Scheme for Mobile Money in Uganda

The current authentication scheme for mobile money uses a 2FA scheme where a subscriber must have a registered SIM card and mobile money PIN to perform a transaction. The SIM card has a unique phone number that is used as the account number for mobile money. The scheme has two main phases, namely, the enrolment phase and the authentication phase.

• The Enrolment Phase

  The enrolment phase involves obtaining subscriber’s details, including biodata, fingerprint, passport photo, national identification number (NIN) of the national ID, or valid passport and provisionally saving the information in the MNO’s mobile money database. The NIN or passport number is verified from the national identification and registration authority’s (NIRA) database. If the NIN matches with the one in the NIRA database, the subscriber is allowed to set the mobile money PIN. The subscriber’s information is updated and saved in the database, and a confirmation message is sent to the subscriber for successful mobile money registration. If the NIN or passport number provided by the subscriber does not exist in the NIRA database, they are allowed to retry three times. If all the three attempts fail, a confirmation message is sent to the subscriber to try again. Figure 2 shows the data flow diagram for the mobile money enrolment phase.

• The Authentication Phase

  During the authentication phase, to send money to an MTN Uganda mobile user, the sender sticks to the following steps: (1) dial *165#, (2) select send money from the menu, (3) choose to send money to a mobile user, (4) enter recipient’s phone number, and (5) enter amount. The amount entered is compared with the available electronic balance in the sender’s account. If the amount is less than the amount entered, it terminates the transaction; otherwise, the sender continues. Then, (6) enter the reason for sending, and (7) confirm by entering the PIN Code. The application server then authenticates the PIN. If the PIN is correct, the money is sent, and (8) the sender receives a confirmation message; otherwise, they are allowed to retry for the maximum of three times. Note that the confirmation message contains details about the amount sent, the recipient’s name and phone number, the fee charged for sending the money, the reason for sending the money, the available balance in the sender’s account, and the transaction ID. Figure 3 shows the data flow diagram for a mobile money authentication phase.

2.6. Various Attacks on Mobile Money System

An outsider or unauthorised person can attack the MMS at various levels. There are 11 attack points (AP) that are utilised by adversaries, as shown in Figure 4.

• ■. The attack on mobile money users, i.e., authentication attack at AP 1: The attacker gets access to the user’s PIN through shoulder surfing since the PIN used is only four or five digits long and is unmasked [39]. Once the attacker accesses the PIN, they can perform a fraudulent transaction. The attacker can also perform a brute force attack because of the simplicity of the PIN [11,23,44].

• ■. The attacks on the mobile money communication channels (AP 2, AP 6, AP 9): Attackers can hack or control the traffic into the MMS and manipulate accounts to perform transactions or gain benefits [11,23,44].

• ■. The attack on the mobile money app server at AP 3: The adversary attacks the server and makes it unavailable to both mobile money users and agents. According to Castle et al. [11], attackers target mobile money servers and overwhelm them with fake traffic to block requests from mobile money users and agents. Attackers also install malware on the mobile money app server to deduct a small amount of money from the mobile money user’s and agent’s wallet and deposits it into the attacker’s account without them realising [18].

• ■. The attack on IT administrator (AP 4): The intruder, insider, or unauthorised person can hack into the administrator’s computer and change the credentials so that the administrator cannot access the system.

• ■. The attack on the mobile money agent (AP 7): The adversary uses a shoulder surfing technique to steal the agent’s commission PIN or gives the wrong PIN repeatedly when making a transaction to get access to the agents’ PIN. According to Buku and Mazer [12] and Lonie [13], the adversary gives the wrong mobile phone number repeatedly to get an agent’s PIN and uses the PIN to gain unauthorised access to the agent’s float account.

• ■. The attack on the bank server (AP 10): The attacker makes the bank server unavailable to the mobile money user who wishes to transfer money from the bank account to the mobile money wallet through a denial-of-service attack.

• ■. The attacks on notification message channel and modifications of messages (AP 5, AP 8, AP 11): Attackers can hack into the communication channel of the notification message, modify the message, and later resend it to the intended recipient [45,46].

2.7. Threat Models

MMS is a target for adversaries, authorised users, disgruntled employees, and system administrators possessing knowledge of the MMS. They gain access to the MMS to access the financial records of mobile money users and agents. The attacks on MMS can be internal or external and passive or active. Therefore, the current 2FA scheme protects and secures the MMS from security vulnerabilities and attacks. A threat model describes the attacks, the purpose of the attacks, the venues of attack that adversaries will exploit in their attempts to circumvent a system, and the mitigation measures prioritised. The threat models for mobile money’s 2FA scheme are classified into five main categories, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability.

2.7.1. Attacks against Privacy

According to Makulilo [47], privacy is a person’s right to be free from infringement or intrusion by others. Privacy attacks in mobile money are based on compromising the PIN of the subscribers so that the attacker can use it to illegally access the financial details of the victim and perform illicit transactions. An attacker or hacker can steal a user’s information and identity, and this can cause serious problems not only to the victim but also to the overall economy [48]. MMS has databases that contain financial records of the users; attackers can illegally gain access to the mobile money database to steal the PINs of mobile money users and agents, and update or delete the records from the system. Furthermore, mobile money SIM card registration by MNOs taps a bunch of personal information about mobile users and agents such as names, NIN, mobile telephone numbers, e-mail addresses, and so on, thus generating databanks where MNOs have control and access to this personal information without appropriate privacy safeguards [47]. The availability of such transaction data opens the door for abuse by unscrupulous insiders and government officials. Mobile money user’s privacy is also exposed during withdrawal and depositing of money where mobile money agents record their financial details in a book given by the MNOs. Nevertheless, these details are left with the mobile money agents for other purposes, thus posing privacy concerns [47]. Furthermore, illiterate users normally request the assistance of the agents to perform transactions on their behalf where their mobile money PINs are shared with the agents [49]. Therefore, this private information about mobile money users and agents must be protected from unauthorised access.

2.7.2. Attacks against Authentication

This category is where attackers forge identities to impersonate authorised mobile money users to gain access to the system. Ali, Dida, and Sam [8] further defined an authentication attack as a crime where attackers target and exploit the mobile money authentication process by applying a brute force attack against the PIN. Mobile money authentication attacks are classified into seven, namely, impersonation attack, replay attacks, masquerade attack, spoofing attacks, social engineering attack, phishing attack, and Trojan horse attacks.

• ✘. Impersonation attacks: This is an attack where the adversary successfully assumes the identity of a legitimate mobile money user or agent to access either the MMS or the information and services of a registered user. People share their PINs among friends and families to perform transactions on their behalf. In case an attacker gets access to such a PIN, they can use it to log in to their mobile money accounts, perform fraudulent transactions, or change their PIN [8,9,12,13,46,50,51,52].

• ✘. Replay attack: This is where an attacker eavesdrops on network communication between the mobile money user and MMS, intercepts the data packets that include the PIN, and then fraudulently delays or resends it to the recipient. This takes place in the form of eavesdropping on mobile communication, and mobile money platforms use SMS to notify mobile money users and agents. The SMS is protected using weak algorithms like the A5 and attackers with scanning software can easily intercept, modify, and resend them [45,46,50,53]. The attacker can misuse the previously exchanged messages between the mobile money user and MMSP to perform the replay attacks [43].

• ✘. Masquerade attack: A masquerade attack is an attack where an adversary obtains the subscribers’ SIM card and PIN and uses them either to request money from legitimate user’s friends and relatives or to perform fraudulent transactions. This occurs when the attacker obtains the credentials of the authorised user through social engineering techniques and uses them to swap the SIM card. Furthermore, the adversary can also use fake documents to register the SIM cards of legitimate users and have full access to the mobile money account of the victims [14,45,50,51].

• ✘. Spoofing attacks: This attack occurs when the adversary assumes the role of a mobile system administrator and has full access to the system. This is common because most mobile money applications and systems are poorly protected, thus giving opportunity for the attackers to hack them [16,23].

• ✘. Social engineering attack: This is the manipulation of people to reveal confidential information like mobile money PIN so that the attacker can gain control over the user’s mobile money account [19]. Mobile money platforms use PINs for securing mobile money accounts, which makes them vulnerable to many security threats, including social engineering attacks [19]. Attackers use social engineering techniques to circumvent mobile money’s 2FA scheme, compromise user accounts, and avoid fraud detection technologies [19].

• ✘. Phishing attacks: This is a deceitful attempt by adversaries to obtain confidential information such as mobile money PINs from mobile money users and agents by impersonating employees of MMSP in electronic communication. Ali, Dida, and Sam [8] further expanded the definition as “a form of mobile money crime where fraudsters masquerade as employees of the MMSP by calling or sending SMS messages to mobile money users and agents to reveal their data including PINs for an update” (p. 18). Phishing starts when an adversary intercepts the network traffic between the mobile money user or agent and the mobile money application server and then uses a fraudulent call or message to lure the victim into revealing their credentials. The message is created to look as if it comes from the MMSP. Then, the victim is persuaded into providing the mobile money PIN to the fraudster [11].

• ✘. Trojan horse attacks: A Trojan horse is malicious software that, once installed on a phone, either steals sensitive information and sends it to the attacker or creates a backdoor for the attacker to have access to the phone. It uses a Trojan horse program employed by hackers and adversaries to compromise the authentication system. Mobile money users and agents are tricked by some form of social engineering into loading and executing Trojans on their phones. Once activated, Trojans can enable hackers to spy on mobile money users and agents, steal their mobile money PINs, and gain backdoor access to their mobile money accounts [19,26,48]. Moreover, adversaries can install malware that gives them the exclusive right to redirect users to their network [14].

2.7.3. Attacks against Confidentiality

This category is where an attacker eavesdrops on the communication channel between the mobile money user and the mobile money application server or bank to tap information like the mobile money PIN that is used to compromise the system. Confidentiality attacks in mobile money are classified into four, namely, eavesdropping attacks, brute force attacks, guessing attacks, and shoulder surfing attacks.

• Eavesdropping attacks: This is where an attacker secretly overhears information transmitted over the communication channel between the mobile money application server and mobile money user, the mobile money application server and mobile money agent, or the bank server and mobile money application server, without being authorised by the trusted parties. The attacker takes advantage of unsecured network communications to access sensitive information. This is common when the data transmitted over the communication channel are in plaintext [21,54]. Mtaho [52] observed that attackers use network sniffer software such as Wireshark to intercept data in transit. Furthermore, attackers also take advantage of weak encryption keys used and the weak secure sockets layer (SSL)/transport layer security (TLS) implementation, which gives them the opportunity to snoop the communication channel [23].

• Brute force attacks: This is where an adversary guesses the PIN of a mobile money user or agent to gain access to their mobile money account. It is a simple attack method and has a high success rate because MMS uses numeric PINs to authenticate users [8,9,11,23,46,52,55]. Kunda and Chishimba [19] also observed that, in authenticating users using a smartphone, when the PIN is entered several times, it might leave a greasy residue or scratches on the touch screen, which may make it easy for the attacker to guess. Brinzel, Anita, and Shraddha [56] and Aloul, Zahidi, and El-Hajj [57] concluded that using a PIN for authentication is vulnerable to a brute force attack.

• Guessing Attack: This attack occurs when an adversary happens to see the mobile money PIN of the subscriber during the authentication process. The PIN used for authenticating the user has only four or five digits and is entered when unmasked, thus making it guessable [9,23,52,55].

• Shoulder Surfing attack: This is where an attacker obtains information such as PINs and other confidential data by looking over the victim’s shoulder while performing a mobile money transaction. Attackers take advantage of crowded places where mobile money agents operate and where mobile money users perform transactions. The mobile money PIN used for authenticating a user is simple and unmasked, thus making it easy for the attacker to see and memorise [19,39,57,58].

2.7.4. Attacks against Integrity

This category is where an attacker accesses and modifies the user information in the MMS. Attacks against integrity are classified into three, namely, MITM attack, salami attack, and insider attacks.

• ○. MITM attack: This is an attack where the intruder intercepts communications between mobile money users and the MMS, between mobile money agents and MMS, between mobile money users and the bank, or between the MMS and the bank and becomes familiar with the messaging system, thereby transmitting fake data to either party. The attacker sits between mobile money users and the MMSP and makes them believe that they are communicating directly to each other, when in fact the adversary controls the entire conversation [11,46]. According to Mahajan, Saran, and Rajagopalan [44] and Reaves et al. [23], the attacker controls the traffic into the mobile money platform to manipulate the credentials of the user and to perform transactions on behalf of the victim. Likewise, the adversary can use a BTS with the same mobile network code as the subscriber’s real network to perform a MITM attack since the network authenticates users [26,43,45]. Furthermore, the information carried within the communication channel is in plaintext, thus making USSD data vulnerable to attack and redirection [20,21,52].

• ○. Salami attack: This is where an employee of a financial institution installs a malware like a Trojan horse on the server hosting the application to withdraw a small amount of money from the subscribers’ accounts and deposit it into their account. The salami attack can be internal or external and difficult to notice since the malware modifies the data in financial systems and a small amount is deducted from the customers’ wallets [8,18,59,60,61].

• ○. Insider attacks: This is where an employee of the MMSP who has enough information about the organisation’s security practices, MMS, and data attacks the mobile money application server or MMS. According to Trulioo [62] and Musuva-Kigen et al. [10], insiders and employees of the MMSP due to inside access facilitate most mobile money fraud. This has resulted in organisations losing huge amounts of money to the tune of billions of shillings because of employee fraud within the companies or institutions [10]. Additionally, Gilman and Joyce [49] and Trulioo [62] noted that less scrupulous employees abuse their privileges by accessing customer mobile money information and stealing money from customers’ wallets.

2.7.5. Attacks against Availability

This category is where an adversary denies mobile money users and agents access to the mobile money application server or bank server, thus rendering the service unavailable. Attacks against availability include DoS and distributed DoS (DDoS) attacks and mobile phone theft.

• ○. DoS and DDoS attacks: DoS attack is where attackers overwhelm mobile money server with fake traffic to block requests from legitimate users requesting to access the services. The DDoS attack, on the other hand, is a kind of attack where adversaries overwhelm the mobile money server from different sources, thus making it difficult to stop the attacks. The goal of DoS and DDoS attacks is to make mobile money services unavailable by flooding servers with an immense amount of data to make it busy and unable to provide services to legitimate users [11,45]. Additionally, when DoS and DDoS occur, mobile money agents, banks, and MMSPs lose money, and mobile money users cannot access their mobile wallet accounts [9,11,14,63].

• ○. Mobile phone theft: According to Reaves et al. [23] and Castle et al. [11], when an attacker steals the mobile money user’s or agent’s mobile phone, the SIM card that has a wallet account becomes unavailable. It also results in loss of data and service access [64]. Moreover, an attacker can swap SIM cards for those of the mobile money users and agents and take over the victims’ e-wallet account, thus making it unavailable for legitimate users [14,50,51,62].

Figure 5 summarises the classification of threat models in mobile money’s 2FA scheme.

2.8. Countermeasures

For efficient and secure mobile money authentication, there is a need to prevent various attacks against the current 2FA scheme. Mobile money users, agents, and administrators can use both cryptosystem and non-cryptosystem measures to prevent the attacks to ensure secure mobile money authentication. The countermeasures are categorised into cryptographic functions and personal identification as shown in Figure 6.

2.8.1. Cryptographic Functions

Barker and Barker [65] defined cryptographic functions as cryptographic algorithms in conjunction with the modes of operation. In the 2FA scheme for mobile money, cryptographic functions help in achieving the security goals of confidentiality, authenticity, and integrity. The most common cryptographic functions used in the mobile money’s 2FA scheme are asymmetric encryption function, symmetric encryption function, and hash function.

• Asymmetric Encryption Function: The examples of asymmetric encryption functions used in the 2FA scheme for mobile money are elliptic curve cryptography (ECC) and the Rivest–Shamir–Adleman (RSA) encryption algorithm. The mobile money authentication schemes [66,67,68,69,70] use ECC. The scheme proposed by Bojjagani and Sastry [66] uses SMS, elliptic curve integrated encryption scheme (ECIES), and elliptic curve digital signature algorithm (ECDSA) to ensure user authentication, data confidentiality, and nonrepudiation, thereby reducing computation complexity in mobile banking. Using the elliptic curve Menezes-qua-Vanstone (EC-MQV) key agreement protocol in [67] gave resistance against MITM attacks, SIM cloning and swapping attacks, DoS attacks, and message modification. The scheme in [68] used biometric fingerprints or retinal images on the basis of ECC to provide strong security against MITM attacks, replay attacks, DoS attacks, spoofing attacks, and repudiation. Furthermore, the scheme is effective in terms of computation and communication. Shilpa and Panchami [69] employed biometric, IMEI number, and SIM serial number, colour encryption with ECC to improve the security of mobile banking. The scheme [70] integrated secure ECC to provide data confidentiality, data integrity, and user authentication in mobile banking. The scheme proposed by Sharma and Bohra [71] employed a hybrid cryptographic authentication method using the quick response (QR) code and OTP to improve user authentication and confidentiality in online banking. Additionally, using the encrypted QR code with RSA in the scheme in [72] ensured the legitimacy of the user, information confidentiality, integrity, and accuracy in mobile payment.

• Symmetric Encryption Function: The examples of symmetric encryption functions used in mobile money authentication include data encryption standard (DES) and advanced encryption standard (AES). Using triple-DES (3DES) in [73] provided more security in a cashless transaction than DES. The scheme proposed by [74] used a PIN, SIM card, and face recognition with a DES/3DES encryption algorithm to enforce the security between the mobile payment application and the virtual private ad hoc network. Alornyo et al. [75] employed identity-based cryptography in securing mobile money wallets to resist insider attacks, and it consumed less computational cost in token generation. The scheme proposed by [76] used a dynamic mobile phone token, SSL protocol, and AES to encrypt the transaction information and combat MITM attacks, replay attacks, and transactions repudiation. The scheme in [56] used a QR code with AES-128 bit encryption–decryption and secure hash algorithm 1 (SHA-1) for securing Android smartphones from attacks.

• Secure Hash Function: The MD5, SHA-1, and SHA-2 are common examples of hash functions used in mobile money authentication. Alhothailya et al. [77] proposed an authentication scheme for online banking using a one-time-username and SHA-1 hash function to calculate the ticket’s hash value. Using a vehicle’s identity and the SIM to secure the mobile money authentication system in [78] offered higher security against the increasing identity thefts, SIM cloning, and other cybercrimes.

2.8.2. Personal Identification

The personal identification is further categorised into number-based countermeasures and biometric-based countermeasures.

• Number-Based Countermeasures: The examples of number-based countermeasures used in mobile money authentication include password, PIN, OTP, and QR code.

  • Password: A password is a string of characters including letters, digits, or symbols that a user memorises secretly to confirm their identity. An authentication party verifies the identity of a person to access a service. It is a requirement that the password should be long (at least eight characters), a mixture of both uppercase and lowercase letters, as well as letters and numbers, and should include special characters. Similarly, a password must be changed frequently and easy to remember, but a nondictionary word so that it is hard for an attacker to guess. In most cases, the password is used alongside a username during authentication. Authentication schemes in [79,80,81] used a password to enhance the security of mobile money. The scheme in [80] integrated username and password, phone number, and voice biometric solutions during the authentication of M-Pesa transactions. The scheme in [81] employed username, password, and fingerprint in mobile banking transaction. The password remains the weakest component of many authentication systems [82].

  • PIN: Hao-Jun, Wei-Chi, and Yu-Xuan [83] defined a PIN as a numeric key used for authenticating users in an electronic transaction. For user convenience, PINs are often short (up to eight digits) to allow access to only authorised users. PINs are widely used for user authentication such as withdrawing cash from mobile money or withdrawing money from an automated teller machine (ATM) [84]. Mtaho [52], Islam [85], Ombiro [86], Singh and Jasmine [87], Fan et al. [88], Islam et al. [89], and Zadeh and Barati [90] employed authentication schemes using PINs to verify user identity. Using PINs, the schemes in [86,87,90] provided convenience, efficiency, reliability, and security in mobile transactions. Moreover, the schemes in [52,85,89] used PINs to achieve better dependability and customer satisfaction. The PIN should be easy to remember, random, and hard to guess, while it should be changed frequently, distinct for different accounts, and not written down or stored in plaintext [52]. However, using a PIN in mobile money authentication is susceptible to shoulder surfing attacks, brute force attacks, and smudge attacks [83,84,91].

  • OTP: Elganzoury, Abdelhafez, and Hegazy [92] defined OTP as a unique and time-sensitive string of alphanumeric characters generated and forwarded to the user’s mobile phone via either email or SMS for a single authentication session. Clock time-based OTP, pattern-based OTP, and random key-based OTP are the three methods used to generate OTP on the basis of the secret key derived from the Diffie–Hellman algorithm [93,94]. The OTP generator located on the server machine creates the OTP and sends it to the user to complete the authentication process [95,96]. If an adversary succeeds in accessing the OTP, they may not be able to predict the next because of its random generation. The authentication schemes in [71,79,86,87,90,97,98] employed OTP, which is fast, efficient, reliable, and convenient. Furthermore, it is resistant to phishing attacks, identity theft, guessing attacks, brute force attacks, and unauthorised access by attackers.

  • QR Code: A QR Code is a two-dimensional barcode encoded using standardised modes to store information that can be read using an imaging device such as a smartphone camera [99]. The swift expansion of QR code in mobile wallets is because of ease of use, security, cost-effectiveness, and trackability [100,101]. The schemes proposed by [56,71,100,102,103] employed QR codes to ensure convenience, accuracy, confidentiality, nonrepudiation, integrity, speed, and safety in payment transactions. Additionally, it offers resistance against impersonation attack, shoulder-surfing attack, identity theft, and brute force attack.

• Biometric-Based Countermeasures: Biometrics are the unique physical or behavioural characteristics used to verify a person’s identity [30]. There are two types of biometrics, namely, physiological biometrics and behavioural biometrics.

  • Physiological biometrics: Physiological biometrics use the physical characteristics of a person to determine their identity. Examples of physiological biometrics used in mobile money authentication include fingerprint recognition, face recognition, iris recognition, and retina recognition. Islam [85], Mtaho [52], Ahsan et al. [104], Fan et al. [88], Okpara and Bekaroo [105], Sharma and Mathuria [81] used fingerprint recognition in mobile money authentication to offer security against identity theft, shoulder surfing attack, replay attack, impersonation attack, and counterfeit, and it was responsible for privacy protection. The scheme in [90] used facial recognition in authentication to increase the security and reliability of mobile banking systems. Using iris recognition, the scheme in [89] helped to achieve better efficiency, accuracy, dependability, customer satisfaction, and security during mobile money authentication. Moreover, the scheme in [68] employed retina recognition in mobile money authentication to provide security against MITM attack, replay attack, DoS attack, spoofing attack, and repudiation.

  • Behavioural biometrics: Behavioural biometrics depend on an individual’s behavioural characteristics to identify them. Voice recognition is the only example of behavioural biometrics used in mobile money authentication. The authentication schemes in [80,86] used voice recognition to increase efficiency, convenience, and security, as well as to resist impersonation attack.

Table 1 summarises the countermeasures against the attacks in mobile money authentication schemes.

3. Materials and Methods

A comprehensive literature search on the threat models and countermeasures for the 2FA scheme in mobile money was conducted using digital library databases. Some of the databases used include IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, Google Scholar, and Specific and International Journals. Specific keywords such as “2FA scheme for mobile money”, “2FA protocol for mobile money”, “2FA framework for mobile money”, “2FA scheme for mobile wallet”, “2FA protocol for mobile wallet”, “2FA framework for mobile wallet”, “2FA scheme for mobile banking”, “2FA protocol for mobile banking”, and “2FA framework for mobile banking” were used to identify the literature for the study. The researchers only reviewed papers related to the 2FA scheme, and each collected source was evaluated against relevance, originality, eminence, influence, and year of publication. Furthermore, the researchers omitted some papers whose content was outside 2FA schemes and not written in English. The selected collection of literature comprised the most relevant papers in the area of the 2FA scheme for mobile money as the primary objective. Ninety-seven papers were reviewed, of which 28 were from the IEEE Xplore, three from MDPI, two from Emerald Insight, three from Hindawi, six from ACM, three from the Elsevier, six from Springer, 16 from Google Scholar, and 30 from Specific and International Journals, as summarised in Figure 7. Out of the reviewed papers, 39 papers focused on the threat models in the 2FA scheme for mobile money, and 58 focused on the countermeasures against the attacks in mobile money’s 2FA schemes. The literature search started in January 2020 and continued until the date of the submission of the paper.

4. Results and Discussion

Through the literature analysis, the threat models below were identified and discussed.

• ✘. Attacks against privacy: In this attack, adversaries infringe on the privacy of mobile money users, agents, MNO, and the MMS. They also compromise the PINs of the subscribers so that the attacker can use them to illegally access the financial details of the victim and perform illicit transactions. Additionally, attackers take advantage of the illiteracy of mobile money users and agents to access their mobile money PINs and accounts. To deal with this attack, [71,106] proposed a hybrid cryptographic method on the basis of the MD5 algorithm and the RSA algorithm. Bojjagani and Sastry [66] and Salim, Sagheer, and Yaseen [70] suggested ECDSA for digital signature and ECIES using AES-GCM as the encryption algorithm. Makulilo [47] recommended general data privacy legislation and sector-specific laws that protect privacy. Moreover, digital communications law and user regulations in mobile money provide data privacy, confidentiality, and lawful interception.

• ✘. Impersonation attacks: An attacker can assume the identity of a legitimate mobile money user or agent, access the financial details of a registered user, and perform fraudulent transactions. There are 14 authentication protocols [56,66,67,68,69,70,72,77,81,87,88,102,103,105] to prevent impersonation attacks. The schemes in [81,105] employed fingerprint biometrics. Bojjagani and Sastry [66], Ray, Biswas, and Dasgupta [68], and Shilpa and Panchami [69] used elliptic curve cryptosystems. Singh and Jasmine [87], Kisore and Sagi [67], Rodrigues, Chaudhari, and More [56], Alhothailya et al. [77], and Salim, Sagheer, and Yaseen [70] adopted hashing functions. Purnomo, Gondokaryono, and Kim [72] proposed an asymmetric encryption function. The idea of mutual authentication was proposed in [72,88]. On the other hand, [102,103] used random values like OTP.

• ✘. Replay attack: An attacker eavesdrops on network communication between the mobile money user and MMS, and intercepts the data packets that include the PIN, and then delays and resends it to the recipient. To thwart this attack, [66,68,69,102,103] employed pairing-based cryptography and timestamps in encrypted data. Rodrigues, Chaudhari, and More [56] and Salim, Sagheer, and Yaseen [70] adopted techniques with hashing functions. Alhothailya et al. [77] proposed the use of a one-time username to secure the system against this attack.

• ✘. Masquerade attack: This is where an adversary uses social engineering techniques to obtain the subscribers’ SIM card, PIN, or other credentials of the authorised users and uses them to request money from legitimate user’s friends and relatives and to carry out illegal business. To resist masquerade attacks, [66,68,69] proposed deploying the elliptic curve cryptosystem. Purnomo, Gondokaryono, and Kim [72] and Fan et al. [88] adopted mutual authentication techniques. Kisore and Sagi [67], Rodrigues, Chaudhari, and More [56], Sharma and Bohra [71], Alhothailya et al. [77], and Salim, Sagheer, and Yaseen [70] used the idea of hash functions. Coneland and Crespi [78], Okpara and Bekaroo [105], Sharma and Mathuria [81], Chetalam [80], and Islam et al. [89] proposed the use of physiological and behavioural biometrics.

• ✘. Spoofing attacks: An adversary can assume the role of a mobile system administrator and have full access to the system. The poor protection offered to most mobile money applications and systems allows the attackers to hack and control the systems. Security against this attack was ensured in [68,80,81,89,104,105,107] by using biometric authentication. Purnomo, Gondokaryono, and Kim [72] and Fan et al. [88] used mutual authentication techniques.

• ✘. Social engineering attack: Mobile money platforms use PINs to secure mobile money accounts, thus making them vulnerable to many security threats, including social engineering attacks. Attackers also use social engineering techniques to circumvent mobile money’s 2FA scheme, compromise user accounts, and avoid fraud detection technologies. Security against social engineering attacks is ascertained using a multifactor authentication scheme, customer alert systems, and anti-phishing systems [108]. Luo et al. [109], Chinta, Alaparthi, and Koda [110], and Conteh and Schmick [111] adopted a multidimensional approach, including technology, policies, procedures, standards, employee training, and awareness programs. Hamandi et al. [112] proposed an anomaly-based intrusion detection system to thwart SMS messaging attacks.

• ✘. Phishing attacks: This is where fraudsters masquerade as staff of MMSP and call or send SMS messages to the subscribers to lure them into revealing their mobile money PIN. Resiliency against phishing attacks is enhanced by employing multifactor authentication, an anomaly-based intrusion detection system, email authentication, encryption, secure sockets layer, reports of suspicious activities, back-end analytics, user training and awareness, content-based filtering, blacklisting, and whitelisting [112,113,114]. Aleroud and Zhou [115] used machine learning, profile matching, text mining, ontology, honeypots, and client-server authentication to detect phishing attacks.

• ✘. Trojan horse attacks: Attackers use social engineering to trick mobile money users and agents into loading and executing Trojans on their phones. Once activated, Trojans can enable hackers to spy on mobile money users and agents, steal their mobile money PINs, and gain backdoor access to their mobile money accounts. The security against Trojan horse attacks was ensured in [68,69] by using the idea of integrating biometrics and cryptography. Jung et al. [116] proposed binary code obfuscation and hardware-based code attestation. Bosamia and Patel [106] adopted malware detection and prevention techniques.

• ✘. Eavesdropping attacks: This is where an attacker secretly overhears information transmitted over the communication channel without being authorised by the trusted parties. The attacker takes advantage of unsecured network communications to access sensitive information. Salim, Sagheer, and Yaseen [70] enforced security against eavesdropping attacks by using a message authentication code (MAC). Bojjagani and Sastry [66] proposed the use of ECIES and ECDSA.

• ✘. Brute force attacks: This is a simple attack method with a high success rate because MMS uses numeric PINs of four or five digits to authenticate users. To deal with brute force attacks, [56,70,77,87] proposed the use of cryptographic hash functions.

• ✘. Guessing attack: Mobile money users and agents use a PIN during mobile money authentication and the PIN used is only four or five digits, entered when unmasked, thus making it guessable. To thwart this attack, [66,67,68,69,70] employed the elliptic curve cryptosystem. Singh and Jasmine [87] adopted a password-salting mechanism. Rodrigues, Chaudhari, and More [56] and Alhothailya et al. [77] used hashing functions.

• ✘. Shoulder surfing attack: Attackers take advantage of crowded places to obtain mobile money agents’ and users’ PINs by looking over their shoulders while performing transactions. To resist this attack, [79,80,81,85,86,89,90,105] emphasised the use of sightless multifactor authentication.

• ✘. MITM attack: In this attack, the adversary sits between the mobile money user and MMSP and makes them believe that they are communicating directly with each other, when in fact the attacker controls the entire conversation. There are different authentication protocols [56,66,67,68,69,70,71,73,74,76,79,85,86,90,102,103] that are resilient against MITM attacks. To deal with this attack, [66,69] proposed the use of ECC. Ray, Biswas, and Dasgupta [68] proposed the use of both biometric fingerprint and ECC, [79,85,86,90] used multi-factor authentication, and [56,67,70,71,73,74,76,102,103] proposed the use of symmetric encryption and message authentication code.

• ✘. Salami attack: This is where an employee of a financial institution installs a malware like a Trojan horse on the server hosting the mobile money application to withdraw a small amount of money from the subscribers’ accounts and deposit it into their account. To thwart this attack, [18] suggested that there is a need to define an efficient and robust user and security policy that contains different privileges, updates security systems, initiates both SMS and email messages to alert customers regarding any transaction that occurs, and advises the customers to report any unaware money reductions.

• ✘. Insider attacks: This is where an employee of the MMSP who has enough information about the organisation’s security practices, MMS, and data attacks the mobile money application server or MMS. To resist insider attacks, [66,68,70] used elliptic curve cryptography. Alornyo et al. [75] employed identity-based cryptography, and [117] proposed a certificate-based signcryption scheme.

• ✘. DoS and DDoS attacks: This is where attackers overwhelm mobile money servers with fake traffic to block requests from legitimate users requesting to access the services. The goal is to make mobile money services unavailable to legitimate users. Resiliency against DoS attacks is enhanced by using cryptographic hash functions [56,67,68,70,71,77,87]. Mtaho [52], Ahsan et al. [104], Okpara and Bekaroo [105], and Sharma and Mathuria [81] proposed the use of biometric fingerprint authentication. On the other hand, to deal with a DDoS attack, [118] introduced a nonlinear control approach that can prevent malicious attack packets. Cepheli, Büyükçorak, and Kurt [119] proposed a hybrid intrusion detection system that utilises anomaly- and signature-based detection methods.

• ✘. Mobile phone theft: When an attacker steals the mobile money user’s or agent’s mobile phone, the SIM card that has a wallet account becomes unavailable. Tu et al. [64] proposed technical countermeasures such as remote device wipe, training customers, access blocking, data encryption, online or offline data backup, remote access to built-in cameras, global positioning system (GPS) device tracking, and PIN protection.

Table 2 summarises the threat models and countermeasures.

5. Conclusions and Future Work

The advent of mobile money has enhanced the standard of living of the unbanked population in developing countries. As much as it offers a wide range of services and benefits, mobile money has experienced increases in attacks against the current 2FA scheme. This study conducted a review of the threat models and countermeasures in the 2FA scheme for mobile money. The authors utilised an appropriate search strategy to review the relevant literature.

With the comprehensive research and literature analysis, the threat models in the 2FA scheme for mobile money were classified into five categories: (1) attacks against privacy; (2) attacks against authentication, such as impersonation attack, replay attacks, masquerade attack, spoofing attacks, social engineering attack, phishing attack, and Trojan horse attacks; (3) attacks against confidentiality, such as eavesdropping attacks, brute force attacks, guessing attacks, and shoulder surfing attack; (4) attacks against integrity, such as MITM attack, salami attack, and insider attacks; (5) attacks against availability such as DoS and DDoS attacks, and mobile phone theft.

Furthermore, the countermeasures against the threat models in the 2FA scheme for mobile money were categorised into two, namely, cryptographic functions (such as asymmetric encryption function, symmetric encryption function, and hash function) and personal identification. Personal identification was subdivided into two categories: (1) number-based countermeasures such as password, PIN, OTP, and QR code; (2) biometric-based countermeasures, which was further classified into physiological biometrics (e.g., fingerprint recognition, face recognition, iris recognition, and retina recognition) and behavioural biometrics (e.g., voice recognition).

This work, therefore, will help MMSPs, decision-makers, and governments that wish to improve their current mobile money authentication method. Furthermore, it will help researchers who are doing an initial review of mobile money authentication schemes and mobile banking schemes. With a thorough analysis of the literature, we conclude that the current mobile money authentication system needs to be improved using a secure multifactor authentication scheme implementing a PIN, OTP, and biometric fingerprint. Moreover, data in transit and storage should be protected using end-to-end encryption and decryption techniques.

Author Contributions

Data curation, G.A.; formal analysis, M.A.D. and A.E.S.; investigation, G.A.; methodology, G.A.; supervision, M.A.D. and A.E.S.; writing—review and editing, G.A., M.A.D., and A.E.S. All authors read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Acknowledgments

The authors offer their heartfelt appreciation to the anonymous reviewers for their insightful suggestions and constructive comments. The authors extend their appreciations to Muni University and NM-AIST.

Conflicts of Interest

The authors declare no conflict of interest.

Figures and Tables

Enlarge this image.

Figure 1. Mobile money system (MMS) architecture.

Enlarge this image.

Figure 2. Mobile money enrolment phase.

Enlarge this image.

Figure 3. Mobile money authentication phase.

Enlarge this image.

Figure 4. The red dashed line with an arrow represents an attack point (AP) on different components of the MMS.

Enlarge this image.

Figure 5. Classification of threat models in mobile money’s two-factor authentication (2FA) scheme.

Enlarge this image.

Figure 6. Countermeasures against attacks in mobile money’s 2FA schemes.

Enlarge this image.

Figure 7. Summary of the number of research papers reviewed.

Summary of the countermeasures against the attacks in mobile money authentication schemes.

Summary of the threat models and countermeasures.