Mobile payment systems are pervasive; their design is driven by convenience and security. In this paper, we identify five common problems in existing systems: (ⅰ) specialist hardware requirements, (ⅱ) no reader-to-user authentication, (ⅲ) use of invisible channels, (ⅳ) dependence on a client-server connection, and (ⅴ) no inherent fraud detection. We then propose a novel system which overcomes these problems, so as to mutually authenticate a user, a point-of-sale reader, and a verifier over a visual channel, using an embedded image token to transport information, while providing inherent unauthorised usage detection. We show our system to be resilient against replay and tampering attacks.
展开▼