Exploring Security of Phone-based Mobile Money Systems Against Attacks

Mobile money systems have become critical financial infrastructure throughout the world and particularly in many developing countries, but the security of these systems remains unclear, with limited research into how security will exist longterm.
People Impacted
$ 409B
Potential Funding
I have this challenge
the problem
Nature and Context

Rather than operating on the wider Internet and using standard encryption protocols and banking best practices, most mobile money systems are built and operated by mobile network operators (MNOs) using telecom primitives such as the short message service (SMS), unstructured supplementary service data (USSD), and the SIM Toolkit (STK) to communicate with servers in their core network. These services rely on the encrypted air interface to protect user data and ensure safe transmission of mobile money data and requests. While the telecom ecosystem has existed for decades and is generally understood to have numerous security issues, the size, scale, and impact of mobile money is a recent change that is focused primarily in the developing world. The security of this ecosystem has seen little exploration, with what does exist being focused on higher-end, less used Android applications or attacks that leverage fake base stations.

Input Needed From Contributing Editors
(click on any tag to contribute)