• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.21-26
• /
• 2015

As mobile contents grow up, In App Billing is brisk at applications including mobile contents. But some of users don't pay and use charged content for free to use cheating payment module or hacking through applications. Call this bypass payment. Applications, helping bypass, are Freedom, IAP Cracker, and DNS server suggested by the hacker named Borodin. In case of mobile game, Despite sell a lot of charged content but income is different revenue in sales log with real profits. Because of users using bypass payment application. Management plan to bypass payment are checking OrderID, encrypting public key and verifying receipt.

• Review of Korea Contents Association
• /
• v.16 no.2
• /
• pp.14-19
• /
• 2018

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.827-838
• /
• 2018

Since 2014, ease of regulations on financial institutions expanded the mobile payment market based on simple authentication, and this resulted in the emergence of various simple payment services. Although several security solutions have been used to mitigate possible security threats to payment applications, there are vulnerabilities which can still be found due to the structure in which the security solution is applied to the payment service. In this paper, we analyze the payment application and security solution from the process perspective, and prove through experimentation that verification functions of security solutions can be bypassed without detailed analysis of each security function, but by simply manipulating the verification result value. Finally, we propose methods to mitigate the bypass method presented in this paper from three different perspectives, and thereby contribute to the improvement of security level of the payment service.

• Knowledge Management Research
• /
• v.16 no.4
• /
• pp.35-45
• /
• 2015

Fintech, which means the convergence of finance and information technology, becomes a hot topic in the financial sector. Through innovative activities on financial services, ICT(Information and Communication Technology) is integrated into the overall financial industry, and a new form of financial services could be expected to improve the existing financial system. On the other hand, fintech services are relatively vulnerable to security issues. Due to the process simplication and the channel fusion, the leakage of personal and financial informations, authentication bypass, phishing, and pharming are getting more concerned. In this study we investigated the security risk of fintech services in the viewpoints of service provider, technology adoption, and security policy. The possible countermeasures to reduce those risks are suggested because security is an important criterion for selecting financial services. This study basically offers quantification of the potential security risks and step-by-step control measures about business processes in the fintech services. The suggested security model includes user authentication, terminal security, payment information protection, API(Application Programming Interface) security, and abnormal transaction monitoring. This study might contribute to an understanding of the security risks and some possible measures for mitigating those risks on the practical perspective.