Browsing by Author "Dida, Mussa Ally"

Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Evaluation of Key Security Issues Associated with Mobile Money Systems in Uganda
    (information, 2020) Guma, Ali; Dida, Mussa Ally; Elikana Sam, Anael
    Smartphone technology has improved access to mobile money services (MMS) and successful mobile money deployment has brought massive benefits to the unbanked population in both rural and urban areas of Uganda. Despite its enormous benefits, embracing the usage and acceptance of mobile money has mostly been low due to security issues and challenges associated with the system. As a result, there is a need to carry out a survey to evaluate the key security issues associated with mobile money systems in Uganda. The study employed a descriptive research design, and stratified random sampling technique to group the population. Krejcie and Morgan’s formula was used to determine the sample size for the study. The collection of data was through the administration of structured questionnaires, where 741 were filled by registered mobile money (MM) users, 447 registered MM agents, and 52 mobile network operators’ (MNOs) IT o cers of the mobile money service providers (MMSPs) in Uganda. The collected data were analyzed using RStudio software. Statistical techniques like descriptive analysis and Pearson Chi-Square test was used in data analysis and mean (M) > 3.0 and p-value < 0.05 were considered statistically significant. The findings revealed that the key security issues are identity theft, authentication attack, phishing attack, vishing attack, SMiShing attack, personal identification number (PIN) sharing, and agent-driven fraud. Based on these findings, the use of better access controls, customer awareness campaigns, agent training on acceptable practices, strict measures against fraudsters, high-value transaction monitoring by the service providers, developing a comprehensive legal document to run mobile money service, were some of the proposed mitigation measures. This study, therefore, provides a baseline survey to help MNO and the government that would wish to implement secure mobile money systems.
  • Thumbnail Image
    Item
    Heuristic Evaluation and Usability Testing of G-MoMo Applications
    (Journal of Information Systems Engineering and Management, 2022) Guma, Ali; Dida, Mussa Ally; Elikana Sam, Anael
    Financial technology (FinTech) has swiftly revolutionized mobile money as one of the ways of accessing financial services in developing countries. Numerous mobile money applications were developed to access mobile money services but are hindered by severe authentication security challenges, thus, forcing the researchers to design a secure multi-factor authentication (MFA) algorithm for mobile money applications. Three prototypes of native mobile money applications (G-MoMo applications) were developed to confirm that the algorithm provides high security and is feasible. This study, therefore, aimed to evaluate the usability of the G-MoMo applications using heuristic evaluation and usability testing to identify potential usability issues and provide recommendations for improvement. Heuristic evaluation and usability testing methods were used to evaluate the G-MoMo applications. The heuristic evaluation was carried out by five experts that used the 10 principles proposed by Jakob Nielsen with a five-point severity rating scale to identify the usability problems. While the usability testing was conducted with forty participants selected using a purposive sampling method to validate the usability of the G-MoMo applications by performing tasks and filling out the post-test questionnaire. Data collected were analyzed in RStudio software. Sixty-three usability issues were identified during heuristic evaluation, where 33 were minor and 30 were major. The most violated heuristic items were “help and documentation”, and “user control and freedom”, while the least violated heuristic items were “aesthetic and minimalist design” and “visibility of system status”. The usability testing findings revealed that the G-MoMo applications’ performance proved good in learnability, effectiveness, efficiency, memorability, and errors. It also provided user satisfaction, ease of use, aesthetics, usefulness, integration, and understandability. Therefore, it was highly recommended that the developers of G-MoMo applications fix the identified usability problems to make the applications more reliable and increase overall user satisfaction.
  • Thumbnail Image
    Item
    A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications
    (Future Internet, 2021) Guma, Ali; Dida, Mussa Ally; Elikana Sam, Anael
    With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems.