An enhanced user authentication solution for mobile payment systems using wearables

As technology continues to evolve, banks and other enterprises are restructuring their businesses to provide services to customers anywhere and anytime. However, it is challenging to move from conventional payment systems toward digital wallets across a range of payment services. Mobile devices are easily lost or stolen, so the rapid adoption of mobile devices for payment systems requires protection against unauthorized access to private applications and data. When mobile devices communicate with merchant point-of-sale systems, there is a risk of data leakage because third party applications in point-of-sale systems might access private data stored on the device without the user's knowledge or permission. We thus propose the use of wearable devices to store partial private data for the user and to participate in the user authentication. In this paper, we design a practical user authentication solution for mobile payment systems, and the main idea is to split the user's private data, such as credit card and banking information, and then store them across two separate devices (e.g., a smartphone and a wearable device). Our solution can improve the security of existing mobile payment systems that utilize user biometrics as an authentication factor, such as Apple Pay and Samsung Pay. Copyright (C) 2016 John Wiley & Sons, Ltd.