Information security risk items and management practices for mobile payment using non-financial-institution service providers: An exploratory study

•Security risks are critical for mobile payment service providers.•Non-financial institution providers face different security risks.•We summarize a list of risk factors and management practices highlighted by experts. Mobile payment has become increasingly popular in recent years. However, concerns...

Full description

Saved in:
Bibliographic Details
Published in:International journal of accounting information systems 2024-06, Vol.53, p.100684, Article 100684
Main Authors: Huang, Shaio-Yan, Wang, Tawei, Huang, Yu-Ting, Yeh, Tzu-Ning
Format: Article
Language:English
Subjects:
COBIT 2019
Information security
Internal control
Mobile payment
Non-financial institutions
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•Security risks are critical for mobile payment service providers.•Non-financial institution providers face different security risks.•We summarize a list of risk factors and management practices highlighted by experts. Mobile payment has become increasingly popular in recent years. However, concerns remain about the information security risk management practices implemented by non-financial-institution mobile payment service providers, such as mobile phone carriers and technology companies, using tokenization systems and encryption mechanisms. Using the modified Delphi method and building on the COBIT 2019 framework, this study explores and suggests how these non-financial-institution mobile payment service providers can consider a more holistic list of information security risk items and their corresponding management practices. We believe the proposed practices will help non-financial-institution mobile payment service providers focus on the valuable aspects of information security risks.
ISSN:1467-0895
1873-4723
DOI:10.1016/j.accinf.2024.100684