dc.description.abstract | With the evolution of industry 4.0, financial technologies have become paramount and mobile
money as one of the financial technologies has immensely contributed to improving financial
inclusion among the unbanked population. Several mobile money schemes were developed but,
they suffered severe authentication security challenges since they implemented two-factor
authentication. This study focused on developing a secure multi-factor authentication (MFA)
algorithm for mobile money applications. It uses personal identification numbers, one-time
passwords, biometric fingerprints, and quick response codes to authenticate and authorize mobile
money subscribers. Secure hash algorithm-256, Rivest-Shamir-Adleman encryption, and Fernet
encryption were used to secure the authentication factors, confidential financial information and
data before transmission to the remote databases. A literature review, survey, evolutionary
prototyping model, and heuristic evaluation and usability testing methods were used to identify
authentication issues, develop prototypes of native genuine mobile money (G-MoMo)
applications, and identify usability issues with the interface designs and ascertain their usability,
respectively. The results of the review grouped the threat models into attacks against privacy,
authentication, confidentiality, integrity, and availability. The survey identified authentication
attacks, identity theft, phishing attacks, and PIN sharing as the key mobile money systems’
security issues. The researcher designed a secure MFA algorithm for mobile money applications
and developed three native G-MoMo applications to implement the designed algorithm to prove
the feasibility of the algorithm and that it provided robust security. The algorithm was resilient to
non-repudiation, ensured strong authentication security, data confidentiality, integrity, privacy,
and user anonymity, was highly effective against several attacks but had high communication
overhead and computational costs. Nevertheless, the heuristic evaluation results showed that the
G-MoMo applications’ interface designs lacked forward navigation buttons, uniformity in the
applications’ menu titles, search fields, actions needed for recovery, and help and documentation.
Similarly, the usability testing revealed that they were easy to learn, effective, efficient,
memorable, with few errors, subscriber satisfaction, easy to use, aesthetic, easy to integrate, and
understandable. Implementing a secure mobile money authentication and authorisation by
combining multiple factors which are securely stored helps mobile money subscribers and other
stakeholders to have trust in the developed native G-MoMo applications. | en_US |