| dc.description.abstract | With the expansion of industry 4.0, financial technology (FinTech) has become paramount in
this era. Mobile money as one of the FinTech has immensely contributed to improving financial
inclusions among the unbanked population in many developing countries. Several mobile
money schemes were developed to ensure easy access to mobile money services. However,
they have suffered severe authentication security challenges since implementing two-factor
authentication (2FA). Therefore, this research developed a secure multi-factor authentication
(MFA) algorithm for mobile money applications that combines personal identification number
(PIN), one-time password (OTP), and biometric fingerprints to authenticate the mobile money
subscribers. It also used the customer’s biometric fingerprints and the agent’s quick response
(QR) code to authorise money withdrawal. The PINs and OTP are secured by secure hashing
algorithm-256 (SHA-256) and biometric fingerprints by Fast IDentity Online (FIDO), where
the Rivest-Shamir-Adleman (RSA) encryption protects the public/private key pair and the
fingerprint templates. The QR codes, confidential financial information in the databases, and
all the data before transmission to the remote databases are secured using Fernet encryption. A
design science research approach was employed in the research using a mixed-method. The
review results identified and grouped the threat models into attacks against privacy,
authentication, confidentiality, integrity, and availability. The cryptographic functions and
personal identification were the countermeasures. The survey identified authentication attacks,
identity theft, phishing attacks, and PIN sharing as the crucial security issues Uganda’s mobile
money systems encountered. The security analysis of the designed algorithm and developed
native genuine mobile money (G-MoMo) applications proved that it provided robust security
during authentication and ensured data confidentiality, integrity, privacy and user anonymity.
It is highly effective against several security attacks and resilient to non-repudiation. The
performance analysis results showed that the algorithm enhanced security but had high
communication overhead and computational cost. Lack of a forward navigation button, lack of
uniformity in the applications menu title, lack of search field options, lack of actions needed
for recovery, and lack of help & documentation, were identified as the results of the usability
issues with the native G-MoMo applications’ user interfaces. While the results of the usability
testing showed that the native G-MoMo applications were learnable, effective, efficient,
memorable, had few errors, satisfaction, ease of use, aesthetic, helpful, easy to integrate, and
understandable. In conclusion, implementing a secure mobile money authentication using the
ii
novel approach combining multiple factors helps mobile money subscribers and other
stakeholders trust the mobile money industry since the security goals are highly maintained. | en_US |
