Design and Evaluation of Privacy-Preserving Protocols for Agent-Facilitated Mobile Money Services in Kenya

• URL: http://arxiv.org/abs/2412.18716v1
• Date: Wed, 25 Dec 2024 00:27:13 GMT
• Title: Design and Evaluation of Privacy-Preserving Protocols for Agent-Facilitated Mobile Money Services in Kenya
• Authors: Karen Sowon, Collins W. Munyendo, Lily Klucinec, Eunice Maingi, Gerald Suleh, Lorrie Faith Cranor, Giulia Fanti, Conrad Tucker, Assane Gueye,
• Abstract summary: Mobile Money (MoMo) is a technology that allows users to complete digital financial transactions using a mobile phone. MoMo processes require agents to access and verify customer information such as name and ID number. In this work, we design protocols for redirecting the flow of sensitive information from the agent to the MoMo provider.
• Score: 15.817042926071407
• License:
• Abstract: Mobile Money (MoMo), a technology that allows users to complete digital financial transactions using a mobile phone without requiring a bank account, has become a common method for processing financial transactions in Africa and other developing regions. Operationally, users can deposit (exchange cash for mobile money tokens) and withdraw with the help of human agents who facilitate a near end-to-end process from customer onboarding to authentication and recourse. During deposit and withdraw operations, know-your-customer (KYC) processes require agents to access and verify customer information such as name and ID number, which can introduce privacy and security risks. In this work, we design alternative protocols for mobile money deposits and withdrawals that protect users' privacy while enabling KYC checks. These workflows redirect the flow of sensitive information from the agent to the MoMo provider, thus allowing the agent to facilitate transactions without accessing a customer's personal information. We evaluate the usability and efficiency of our proposed protocols in a role play and semi-structured interview study with 32 users and 15 agents in Kenya. We find that users and agents both generally appear to prefer the new protocols, due in part to convenient and efficient verification using biometrics, better data privacy and access control, as well as better security mechanisms for delegated transactions. Our results also highlight some challenges and limitations that suggest the need for more work to build deployable solutions.

Related papers

• FedMobileAgent: Training Mobile Agents Using Decentralized Self-Sourced Data from Diverse Users [50.780622043840076]
  We propose FedMobileAgent, a framework that trains mobile agents using self-sourced data from diverse users. In distributed settings, FedMobileAgent achieves performance comparable to centralized human-annotated models.
  arXiv  Detail & Related papers  (2025-02-05T08:26:17Z)
• Private, Auditable, and Distributed Ledger for Financial Institutes [1.8911961520222993]
  This paper proposes a framework for a private, audit-able, and distributed ledger (PADL) that adapts easily to fundamental use-cases within financial institutes. PADL employs widely-used cryptography schemes combined with zero-knowledge proofs to propose a transaction scheme for a table' like ledger. We show that PADL supports smooth-lined inter-assets auditing while preserving privacy of the participants.
  arXiv  Detail & Related papers  (2025-01-07T14:21:24Z)
• Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
  We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency. Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
  arXiv  Detail & Related papers  (2024-12-07T20:18:36Z)
• Dual-Technique Privacy & Security Analysis for E-Commerce Websites Through Automated and Manual Implementation [2.7039386580759666]
  38.5% of the websites deployed over 50 cookies per session, many of which were categorized as unnecessary or unclear in function. Our manual assessment uncovered critical gaps in standard security practices, including the absence of mandatory multi-factor authentication and breach notification protocols. Based on these findings, we recommend targeted improvements to privacy policies, enhanced transparency in cookie usage, and the implementation of stronger authentication protocols.
  arXiv  Detail & Related papers  (2024-10-19T03:25:48Z)
• Strong Privacy-Preserving Universally Composable AKA Protocol with Seamless Handover Support for Mobile Virtual Network Operator [9.866910244173761]
  We propose a universally composable authentication and handover scheme with strong user privacy support. Our proposed solution will most likely be deployed by the MVNO(s) to ensure enhanced privacy support to their customer(s)
  arXiv  Detail & Related papers  (2024-09-07T18:04:54Z)
• Tell Me More! Towards Implicit User Intention Understanding of Language Model Driven Agents [110.25679611755962]
  Current language model-driven agents often lack mechanisms for effective user participation, which is crucial given the vagueness commonly found in user instructions. We introduce Intention-in-Interaction (IN3), a novel benchmark designed to inspect users' implicit intentions through explicit queries. We empirically train Mistral-Interact, a powerful model that proactively assesses task vagueness, inquires user intentions, and refines them into actionable goals.
  arXiv  Detail & Related papers  (2024-02-14T14:36:30Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• The Boomerang protocol: A Decentralised Privacy-Preserving Verifiable Incentive Protocol [5.384175614198884]
  We propose the BOOMERANG protocol for privacy-preserving incentive systems. It uses cryptographic black box accumulators to store user interactions privately. It also employs zero-knowledge proofs to transparently compute rewards for users.
  arXiv  Detail & Related papers  (2023-12-06T09:37:45Z)
• Feature-Level Fusion of Super-App and Telecommunication Alternative Data Sources for Credit Card Fraud Detection [106.33204064461802]
  We review the effectiveness of a feature-level fusion of super-app customer information, mobile phone line data, and traditional credit risk variables for the early detection of identity theft credit card fraud. We evaluate our approach over approximately 90,000 users from a credit lender's digital platform database.
  arXiv  Detail & Related papers  (2021-11-05T19:10:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.