Technical feasibility of context-aware passive payment authorization for physical points of sale

摘要

In this work, the technical feasibility of passive secure payments for brick-and-mortar points of sale is analyzed. The core element of the proposed approach is a new application for context-based risk and trust assessment. It allows for dynamic selection of payment authorization methods that constitutes accurate trade-off between security and convenience. Particularly, the payments can be performed and authorized in the background using biometric means (face recognition), without user's explicit action. Generally, in the proposed approach, multiple devices are used for authorization: mobile, wearables, or stationary, client's or seller's, and multiple authorization methods are used: biometric, knowledge-based, and possession-based. The reported research includes requirement identification, novel architecture and protocol proposition, proof-of-concept prototype system deployment, and evaluation-based lessons learned. The research confirms that with the proposed approach, it is possible to take advantage of client-seller trust dynamism to simplify the payment process while maintaining the security level.