A Comparative Study of Network Securities on Mobile Transaction

In recent years, the number of mobile transactions has skyrocketed. Because mobile payments are made on the fly, many consumers prefer the method to the traditional local payment approach. The rise in mobile payments has inspired this study into the security of mobile networks in order to instill trust in those who may be involved in the transaction in some way. This report is a precursor to explain and compare some of the most popular wireless networks that enable mobile payments, from a security standpoint, this research presents, explains, and compares some of the most common wireless networks that enable mobile payments. Threat models in 3G with connections to GSM, WLAN, and 4G networks are classified into four categories: attacks on privacy, attacks on integrity, attacks on availability, and assaults on authentication. In addition, we offer classification countermeasures which are divided into three categories: cryptographic methods, human factors, and intrusion detection methods. One of the most important aspects we analyze is the security procedures that each network employs. Since the security of these networks is paramount, it gives hope to subscribers. In summary, the study aims to verify if mobile payments offer acceptable security to the average user.

should have been concentrated in one location. According to research, this technology is used in a wide range of business activities, but it comes at a high price. One might believe that the costs of purchasing technology such as laptops, cell phones, and software are unavoidable. My main issue is the cost of learning how to use the device and the security of your regular transactions.
We will be able to learn about the risks associated with using these technologies using this study.
Businesses are set up to meet people's needs while also generating a profit; nevertheless, there are those whose primary goal is to steal crucial items from other businesses. As a result, the study of security in using this medium for transaction has been motivated. [7] Aim and Objectives The goal of this study is to investigate: • The notion of mobile payments • Mobile payment network security.
• The security of four popular wireless networks, GSM, 3G, WLAN, and 4G, will be examined.
• To assess the many mobile security techniques obtainable in the aforementioned networks, as well as their requirements, as well as to comprehend the security success and functioning principle of the hazards associated with them.

Statement of the Problem.
Every major technology company wants to implement a mobile payment system. However, mobile payments aren't yet good enough to totally replace traditional payment methods. This is why.
There are numerous mobile payment apps and systems available (eg Intuit Gopayment, Paypal, Google Wallet, Pay with Square, Verifone Sail, etc). Some are administered by banks, some are incorporated into devices and use hardware-based encryption, and others are in the works from companies with excellent intentions but lack the competence to overcome user errors or process flaws. Furthermore, mobile payment systems necessitate a significant amount of maintenance.
As black hats hack or reverse engineer the old ones, minimum security criteria change on a regular basis.
Previously, cash transactions were carried out by physically transporting it from a source point to a destination area without incurring additional costs; however, as transactions grew in volume and the risk of transporting physical cash became apparent, the need for mobile transactions became unavoidable, [13]. Some of the questions to be addressed in order to acquire a better report are listed below.
• Define the mobile payment system and its current market impact.
• What makes the mobile payment system stand out?
• Is there any truth to the security of mobile payments and the most common security attacks?
• Can secure mobile payment solutions be implemented? And who is it for?
• Is this technology suitable for the average user?
• What suggestions do you have for a mobile payment system?
• Can this report effectively raise awareness of mobile payment consumers across several platforms?

Scope/Limitations
This paper will not cover every aspect of information security; instead, it will focus on three networks: 3G in conjunction with GSM, WLAN, and 4G networks, as well as the security mechanisms employed in each. The paper was written at Ahmadu Bello University in Zaria, Nigeria, and it will serve as a guide for those working in the subject of information security in mobile transactions across various networks. The user of this report must have a basic understanding of computer science, mathematics, and cryptography.

Target Audience
This is primarily aimed at students with a rudimentary understanding of information security in the fields of information technology, computer engineering/science, and telecommunication. It will also be beneficial to individuals who intend to use security technologies for financial gain.

Project Outlines
The first section of this report provides an overview of the study (A Comparative Study of Network Securities on Mobile Transactions), as well as the study's rationale and objective.
The second half of the paper will list some basic security criteria for wireless networks as well as an introduction to particular security methods for the various types of networks examined.
The third section presents an important perspective on wireless network assaults and security concerns in general, with appropriate actions made to prevent the attacks when practicable.
Finally, the offered results are reviewed, and adequate responses to the above-mentioned questions are provided.

Security in 3G in Connection to GSM.
Implementation of 3G/GSM security • Confidentiality • Authentication

• Availability and Reliability
The Don Parker security model can be used to implement the aforementioned security requirements so that we can see if it fits the requirements.
• Confidentiality: As the number of networks has grown, so has the usage of insensitive phone communication, necessitating the deployment of a secure channel to send information. End-user ID privacy, user location privacy, and data privacy must all be protected by some form of functionality. "The prevention of unauthorized disclosure of information" [38] is defined as "confidentiality." The SIM contains the data required to encrypt the radio link between the MS and the BTS. It contains a key, Ki, which is later used to encrypt data in some versions of A5.

Fig1. COMP 128
According to the study, GSM is based on TDMA, which allows users to share radio channels with up to seven other users. Every frame, each user takes a turn using the shared radio channel, sending and receiving data only during one of the eight available time slots. Numbers are used to identify frames. Two frames are used in a GSM communication, one from the base station to the MS and the other from the MS to the base station. Both frames include bits of information that are supposed to be encrypted. Because the 3G network is based on the GSM network design, each uses the WCDMA encryption technology. Each of these frames contains bits of user data, and it is this data that informs the user.
The session key generated by the COMP128 method is then transferred to the MS and used by a different algorithm, the A5. A5 generates a keystream of bits using the session key and the frame number. The A5 generates a new bit keystream for each new frame to be sent, which is used to encrypt (and decrypt) the frame. The A5 algorithm, which is housed in the device's hardware rather than the SIM, must produce fresh key streams swiftly and continually. [38] Instead of using the A5/1 stream cipher, 3G networks use the KASUMI block cipher. They're utilized in GSM in a similar way as A5/1, but with a few differences. In KASUMI, for example, the session key is 128-bit rather than 64-bit.
• Authentication: Because 2G and 3G networks are widely connected, anybody can access them from far and wide, their security must be carefully managed. End users must be able to authenticate themselves and prove that they are who they say they are.
In 2G and 3G networks, authentication is performed using two practical objects: the SIM card in the mobile device and the Authentication Center (AUC). One of the SIM's most important security functions is to authenticate the subscriber to the network. This method ensures that the MS seeking service is a valid subscriber, not an intruder, on the network. A challenge-response procedure is used by the network to verify a subscriber's identification. When an MS seeks service, the network issues a mathematical challenge to the MS, which it must successfully answer before access is allowed. A 128-bit value called RAND is sent by the network to the MS as a challenge. Regardless of how good RAND is in the It's unlikely that the security authentication process will be repeated, or that an attacker will be able to create a codebook of (RAND, SRES) pairings and exploit the information to obtain access to services. [38] When RAND is received by the MS, it is forwarded to the SIM for processing. The SIM uses the A3 method to generate a 32-bit "signed answer" using RAND and the secret 128-bit key Ki. The response, known as SRES, is sent from the SIM to the terminal, where it is subsequently sent to the network. This is Microsoft's reaction to the challenge posed by the network. Meanwhile, the AUC of the network will carry out the same set of tasks. The network calculated its SRES value using the same RAND value and an identical copy of Ki. The network compares the SRES it receives from the MS to its own SRES. If the two values are the same, the network concludes the MS is valid and lets the service to run. If the two values don't match, the network concludes the SIM doesn't have the correct secret key Ki and rejects the MS service. [38] An eavesdropper recording the SRES response will not be able to effectively reuse it later because the RAND value varies with practically every access attempt. Even if a RAND challenge is reused (and an attacker manages to impersonate a legal subscriber to the network), a GSM network can authenticate the MS as many times as it wants, perhaps multiple times during a connection. The next challenge the MS and SIM get from the network will almost certainly be a fresh one for the attacker, one for which he or she will be unable to compute the correct SRES.
It's worth noting that one of the GSM security protocols' pillars is that a subscriber's secret key, Ki, is kept private. Ki is never communicated over the network, even though it is kept in both the SIM and the AuC. [38] The COMP128 algorithm was intended to be a reference model for GSM implementation, but it has been adopted by practically all GSM operators throughout the world for various reasons.
COMP128 was hacked in April 1998, prompting the development of COMP128-2, a new, more powerful version. However, it is claimed that most operators are still utilizing the old defective algorithm due to the high expense of upgrading COMP128. [38] Because GSM authentication was determined to have a suitable security level, the authentication method for GSM and 3G networks is identical. However, the GSM algorithm was found to be insufficient, and it was replaced with KASUMI (an algorithm used to provide over-the-air connection privacy in GSM networks by encrypting voice and data for transmission after successful encryption).
• Availability and Dependability: To ensure service reliability, GSM uses an intermittent location updating mechanism. If an HLR or MSC/VLR fails, having each mobile register at the same time to update the database will overburden the system. As a result, the database is updated as new locations are added. The operator controls the enabling of periodic updating and the time between periodic updates, which is a trade-off between signaling traffic and recovery speed. A mobile device is deregistered if it does not register after the update period. The IMSI attach and detach operation is connected to location update. • A disconnect informs the network that the mobile station is inaccessible, avoiding the need to assign channels and send paging messages that are unnecessary. An attachment functions similarly to a location update in that it alerts the system that the phone is once again reachable. On a cell-by-cell basis, the operator controls the activation of IMSI attach/detach. [38] • Anonymity: Temporary IDs are used in 3G and GSM to offer anonymity. When a user turns on his or her device, a network user's unique number (IMSI) is used to identify the MS to the network, and then a Temporary Mobile Subscriber Identity (TMSI) is issued and used to identify the MS to the network in future sessions. The network should always encrypt TMSI before sending it to the MS, according to the ETSI specification [38].
The MS receives a TMSI in response to a location update request. The TMSI is only useful within a specific geographic area. To offer an unambiguous identity beyond the location area, it must be paired with the LAI (location area identifier). As a location update request is given by the MS to the network, the TMSI reallocation is usually conducted at least once for each change of a location region. The temporary identifier is used from then on. It is only feasible to establish the temporary identifier used by tracing the user. [38]

WLAN security implementation
In the standard 802.11x, there are a variety of existing approaches and solutions for addressing the security requirements of wireless networks. The majority of the solutions rely on encryption, which has been shown to be a good approach to ensure acceptable security when correctly implemented.

WEP
The IEEE 802.11x standard includes a security mechanism known as WEP (wired equivalent privacy). It was created with the goal of providing confidentiality and authentication.
WEP provides confidentiality through the use of the RC4 stream cipher and the CRC-32 checksum for integrity. WEP was hacked in 2004 and isn't regarded secure anymore [33]. WEP has two goals: the first is to prevent casual eavesdropping, and the second is to protect the wireless network by discarding communications that have been poorly encrypted. Integrity checksums are used as a third purpose to avoid transmission manipulation. [40] The RC4 cipher works by combining the public IV and the secret key into a pseudorandom bit stream. The plaintext and the produced keystream are encrypted using an XOR14 operation (indicated with a symbol in the diagram below). Decryption is accomplished by executing an XOR operation on the IV, secret key to generate an identical keystream.
as well as the ciphertext When two messages are encrypted with the same IV and key, information about both messages is revealed [40]. WEP is widely seen as having failed to achieve its security objectives.

Figure2. Basic WEP encryption: RC4 key stream XOR with plaintext [40]
The RC4 cipher generates a stream of encrypted packets using a 40-bit key (also known as WEP- Because of its numerous flaws, WEP should no longer be used for security purposes. WEP keys can be hacked in a matter of hours using software available on the Internet [44]. Another issue with WEP is the key management issue. WEP uses a single key for all users on a specific wireless network, making key protection problematic. WEP keys must be refreshed on a regular basis. WEP security cannot be achieved solely by increasing the key size. Longer keys necessitate more packet interruptions, but active assaults can circumvent this. [44] • Authentication: There are two methods for authenticating users in WEP: Open System and Shared Key. The user does not need to send credentials to the Access Point during login because Open System authentication is a null authentication mechanism. Any user can authenticate with the Access Point and then attempt to associate, regardless of the WEP keys used. WEP can be used to encrypt data frames after authentication and association. The client must have the correct keys at this point. [45] A four-way challenge-response handshake is used in Shared Key authentication: • The user sends a request for authentication to the Access Point. • The Access Point responds with a challenge in plain text. Knowing a plaintext/ciphertext pair of the required length can be used to deduce the keystream used for the handshake. Monitoring a legal authentication sequence is a pretty simple way to gather this information. [40] WPA Due to the failure of WEP, a new security protocol has to be developed immediately. WPA (WiFi Protected Access) was created as a stopgap measure to overcome WEP's severe weaknesses. It was also necessary for WPA to work on existing hardware.
Using the Extensible Authentication Protocol, WPA improves network authentication (EAP).
The CRC-32 checksum integrity code used in WEP was superseded by Michael, a message integrity code (MIC). The IV length was raised from 24-bits to 48-bits in WEP, and the Temporal Key Integrity Protocol (TKIP) added to the security. Other enhancements include the use of AES for stronger encryption. [51] WPA can be utilized for personal use and small companies without the need for a complicated authentication server. This is known as Pre-shared key mode (PSK), and the shared key is a secret key that clients and the AP share. A 256-bit key is used by each wireless network device to encrypt network traffic. This key can be entered as a string of 64 hexadecimal numbers or as an 8 to 63 readable ASCII characters passphrase. PSK is frequently based on symmetric-key approaches, lowering WPA's overall security level.

Extensible Authentication Protocol (EAP)
In WLAN networks, the EAP protocol is used to authenticate users. EAP supports a variety of authentication techniques known as EAP methods, which include password, certificate, and token authentication. It can also include of a mix of authentication methods, such as a certificate followed by a password. As a result, rather than being a single authentication technique, it can be thought of as an authentication framework. [41]

Key Integrity Protocol (TKIP)
The TKIP protocol was created to improve security and address all known WEP flaws. One of the most essential design goals was to ensure compatibility with older WEP-based gear. The  • A payload consisting of authenticated and encrypted data • A header, which is associated data, for authentication but not encryption • A unique value called a nonce, assigned to the payload and the associated data.

Encryption and Cryptography
The quality of encryption and cryptography is essential for effective security procedures. It will be easier if you have a solid understanding of cryptography and how it works. We'll focus on the above-mentioned security techniques in this section. For more cryptography research, see [48].
The study of concealing information is known as cryptography. It is a strategy in which algorithms provide a security service to safeguard data integrity, ensure the validity of the data source, and provide data secrecy.
Confidentiality is provided through encryption techniques. They convert data, also known as a message or plaintext, into coded text, known as ciphertext, and prepare it for secure transmission over a network. An unauthorized entity will not be able to read the message this way. The message's recipient must have access to confidential information that is not available to the public. A key is the name for this secret. [49] There are various types of encryption algorithms for various reasons; however, many other encryption algorithms are based on two major encryption techniques. Symmetric-key ciphers and public-key (also known as asymmetric) ciphers are the two types of systems. Cryptanalysis is the study of breaking an encryption method or message.

Figure4: An Encryption Scheme Family tree [49]
An encryption scheme consists of three algorithms in both symmetric and asymmetric schemes:

Cryptography's Objectives
Confidentiality is a method of ensuring that information is only available to those who are allowed to see it [15]. Confidentiality is sometimes known as secrecy or privacy. Confidentiality can be achieved in a variety of ways, ranging from physical security to mathematical techniques that render data incomprehensible. A transaction on the Internet, for example, necessitates the transmission of personal information (such as account number and personal number, ID) from the buyer to the merchant across a public network. The system tries to keep this information private by encrypting it during transmission, limiting where it can appear (in databases, log files, backups, printed receipts, and so on), and restricting access to the storage locations. A breach of confidentiality has occurred if an unauthorized party acquires the card number in any way. To prevent unwanted access to sensitive information, it must be encrypted. [15] • Integrity: data integrity refers to the prevention of unlawful data change. There must be certain procedures in place to detect data tampering by unauthorized entities in order to ensure data integrity. When a computer virus infects a computer and manages to edit or delete some files, for example, integrity is compromised. Encryption aids in the verification of data's origin; changed data has a different source than the original. [15] • Authentication: When we want to know where information or an entity came from, we use authentication. The two parties involved in a transaction or communication must be able to appropriately identify themselves to each other or to a third party. The information supplied across a channel should be validated in terms of its source, date of origin, data content, and time of transmission, among other things. Because of these factors, entity authentication and data origin authentication are the two most used types of cryptography. As previously stated, data integrity is implicitly provided through data origin authentication. [50]

Symmetric Key Cryptography
Symmetric-key Cryptography is an encryption process in which the sender and receiver use the same key.

Cipher Blocks
A block cipher is a symmetric-key encryption technique that divides the plaintext message into -*

Figure5: An Example of a Block Cipher
A stream cipher is a symmetric-key encryption system that can be thought of as very simple block ciphers with one block length. A stream cipher encrypts data by producing a keystream from the secret key and using the keystream to perform an XOR operation on the plaintext data.
The keystream can be whatever size required to match the plaintext frame being encrypted.
[43] Stream ciphers can be thought of as an approximation of the one-time pad (OTP)19, a known unbreakable cipher. Due to the difficulty of implementing an OTP system, a stream cipher employs a considerably smaller and more convenient key size, and stream ciphers use pseudorandomness.
Rather than using an OTP genuine random key, you can generate your own key. A stream cipher generates a pseudorandom keystream that may be coupled with the plaintext digits in the OTP in the same way. That is not to say that stream ciphers have the same level of security as an OTP encryption system, or even that they are secure at all.

4G Wireless Security
In the previous chapter, we reviewed the security of 2G/3G and WLAN networks, as well as how safe mobile transactions using these networks are. We also discussed various compromises that were mandated, as well as all of the remedies that were devised to increase the security of each network. Because the 4G network is fully operational in many parts of the world, security will play an essential role in this study. The security action on the 4G network is summarized here.
The security architecture for 4G LTE (Long Term Evolution) was created by 3GPP from the start, with security principles in mind and a design based on five security feature groups [57].
(i)Network access security, which ensures that the user has secure access to the service.
(ii) Network domain security, which safeguards network elements as well as signaling and user data transmission.
(iii) Controlling secure access to mobile stations through user domain security.
(iv) Application domain security, which allows for secure communication at the application layer.
(v) Security visibility and configuration provide the user with the ability to verify that security features are operational.

4G/LTE Security Requirements
From a general perspective, the security architecture for 4G/LTE systems should be able to protect connections between UEs and MMEs, as well as between rudiments in landline networks and mobile stations, according to the following security standards.
(i) improved robustness over 3G (ii) user identity confidentiality (iii) strong user and network authentication (iv) data integrity (v) confidentiality, and (vi) security interoperability with other radio networks In any mobile device that uses 4G/LTE wireless technology, every connection between UEs and MMEs, as well as between all elements in the wireless network and mobile station, should be secured. The 4G/LTE security is greatly strengthened to meet these needs by introducing (1) advanced key hierarchy, (2) extended authentication and key agreement, and (3) supplemental interworking security for the NEs [77]. As detailed below, the requirements are divided into major building pieces and LTE end-to-end security [78].

The following ingredients are important building blocks:
Security and hierarchy are crucial.
The following are five important LTE techniques for connecting EPS and UTRAN: (1) nonaccess section (NAS) traffic between the UE and MME is protected with KANS encryption and veracity keys, (2) traffic between the UE and eNodeB is encrypted with KUP encryption, and (3) the Radio Resource Control (RRC) between the UE and eNodeB is protected with KPRC encryption and integrity keys.

Management positions of importance
The three functions of LTE key management are key establishment, distribution, and generation.
Because mobile devices with IP-based infrastructure regularly contact different wireless networks, key management systems that prevent key theft are critical in 4G/LTE wireless technology. In 4G/LTE networks, the Authentication and Key Agreement (AKA) procedure is used to create and validate keys.

Protection from tampering, encryption, and integrity
In LTE, the authentication process is updated on a frequent basis by swapping sequence numbers in the encryption mechanism's message. While transmitting communication between LTE nodes, the IPsec protocol and tunnels are also utilized to declare the confidentiality of customers' data.

User identities that are one-of-a-kind
LTE has a variety of mechanisms for identifying and discouraging attackers from learning mobile user identities, making it difficult for them to launch DoS attacks or track mobile user profiles. The following are the identifier mechanisms: (1) international mobile equipment identification (IMEI), which is a permanent single identifier for each mobile, (2) M-TMSI, which is a temporary identifier that describes the UE inside the MME, and (3) C-RNTI, which is a single and temporary UE identity when a UE is coupled with a cell.
LTE end-to-end security encompasses the following elements:

Authentication and Key Agreement (AKA)
The AKA creates encryption and integrity keys that are responsible for originating multiple session keys, ensuring 4G/LTE security and privacy. The serving network authenticates a user's identity to the network, and the UE certifies the network signature through this method. LTE security is primarily concerned with authenticating UEs and wireless networks.

Signaling confidentiality and integrity
When the RCC and NAS layer signaling is appropriately encrypted and access control is integrity-protected, security is guaranteed. Crypturing and integrity protection are carried out at the Packet Data Convergence Protocol (PDCP) layer in LTE RCC. The NAS-layer, on the other hand, achieves security by encrypting NAS-level signaling. The above protective connections apply to every trusted UE connection between AGW and eNodeB.

Confidentiality of user plane
The user plane of LTE features a security feature that encrypts data/voice between the UE and the eNodeB. Between eNodeB and AGW, encryption is performed at the IP layer using IPsecbased tunnels, albeit no integrity protection is provided for the user plane due to performance and efficiency concerns. The PDCP layer is used to encrypt and decode the user plane while communication is being transmitted between the eNodeB and the UE.

Discussion/Conclusions and Recommendations
Here, we will focus solely on the issues raised in the previous sections of the presentation, draw an appropriate conclusion, and make recommendations. Some of the presentation's questions will be addressed, as well as the current market condition for mobile payment systems and their financial components.

Payments via mobile devices
Mobile consumers benefit from the development of new technologies and secondary execution; nevertheless, investors and service providers have yet to fully apply the process. The following are some of the reasons: Adapting to new technology has become a significant issue. Users' familiarity with newly introduced technology is a challenge for marketers.
Though internet transactions, whether wired or wireless, are still relatively new, they are becoming more common. Because of their multiple advantages, wired transactions done at our houses cannot be restrained if we examine online payments and ignore other forms of transactions.
In comparison to others, they are less expensive.
In comparison to other types of devices, wired devices have fewer security risks. Wireless solutions face all of the same threats as wired systems, as well as additional threats.
Adaptability is not a concern because wired technology predates wireless technologies.
When compared to wireless, the average user is familiar with the security procedures of wired connections and devices.
Mobile payments are not suited for major transactions in their current condition because they lack adequate security.
Individuals in the information technology trade company are more exposed and threatened since the internet is a worldwide field where diverse types of people use it.
The fact that the transaction is taking place over a long distance is not a barrier to committing a crime. There is no international law enforcement agency capable of quickly prosecuting such perpetrators.

Technology
Is the number of functions provided by mobile solutions sufficient to satisfy the average customer?
The technology given by 4G is significantly faster than that offered by 3G in terms of data transmission speed. In the case of GSM, EDGE-enabled mobile handsets do not provide adequate speed. Taking into account the 802.11g standard, which has a download speed of 54 Mps. One of the most significant advantages of WLAN has always been data throughput. We have a highly diversified situation in terms of service range and coverage.
GSM networks that have been in use for a long time have the best service coverage and geographic distribution of base stations. In many countries where they are accessible, 3G networks are comparable to GSM in terms of coverage, although 4G has the least coverage of the three networks and has yet to be fully implemented in some. technologies.

Security
The security requirement of a user's privacy is one element that motivates an ordinary user of mobile payment systems.
The news of worldwide cyber-crime has made users of technology, particularly the average user, more cautious. We need to trust that personal information shared over the internet will not end up in the wrong hands.

Network Analysis and Comparison
The goal of this project is to assess the security of various wireless networks used in business transactions. According to the findings, as the generation of networks grows, security flaws that could be a deterrent to mobile users improve.
2G, 3G, WLAN, and 4G are the different types of wireless connections. Although GSM was designed to be a more secure communication channel than prior analog voice transmission, it was discovered that GSM traffic was not as safe as planned. This isn't to say that GSM can't be used for successful business transactions; all it takes is someone with a good understanding of the network's design to break into it for bad purposes. The secret COMP128 algorithm, which is used for authentication and encryption in GSM, was discovered and cracked by the United States. As a result, businesses should choose 3G and WLAN, which will provide better results than a 2G network. When comparing 3G and 4G networks, however, the shortfall of 3G networks is evident; it just isn't fast enough, giving 384kbps for users on the move and 2mbps if they are stationary, which falls short of what the end-user has grown to expect these days. Some regard 3G as a stopgap until a fully integrated IP network emerges that can provide speeds of 100mbit/s to 1Gbit/s both indoors and outdoors, with premium quality and strong security. As previously said, whether the network is fast or slow, our main concern is that 4G networks provide significantly better security than 3G networks.
The issue isn't that wireless solutions are fully unsafe; no solution is. There is no such thing as complete security, and this holds true for all systems, whether they be mobile payment systems, medical systems, or military systems. For a medical system to be acceptable, it would need to have a very high level of security and fail tolerance. For mobile payments, not losing our personal information is an acceptable level of security.

Conclusions
It's time to draw some conclusions after evaluating security requirements, issues faced by each network, and discussing the findings: The existing market position for mobile payments is less than what investors and service providers projected prior to network implementation. There are a number of reasons behind this, including user reception, mobile transaction costs, and the availability of other traditional alternatives.
Is there a good level of security in a mobile payment system for the ordinary user? Yes, but only in terms of user awareness. Many threat attacks can be averted if the user is aware of the dangers and understands the security systems at work. Time and effort invested in learning the most significant components of security involved in a certain system result in a better overall experience and future time, effort, and money savings.
In terms of technology and available functions, the current state of mobile devices still has potential for advancement in order to meet user demands.
During the transition from 1G to 4G, security protection has advanced significantly.
However, our research shows that the combination of using an open IP-based design and the sophistication of security hackers means that security vulnerabilities in 4G networks remain a major worry. Analyzing security concerns in 4G wireless, as well as the rapid development of solutions for attack detection and mitigation, require special attention.

Recommendations
Because security is a never-ending job, all hands must be on deck to improve mechanisms as the network evolves, and hackers worked diligently to undermine the fundamental notion of these networks.
One strategy is to focus on a single network and explain its components, security procedures, and threats in detail. Another strategy is to focus solely on security assaults, explain them in detail, and conduct actual tests to validate their outcomes.
In schools, hospitals, banks, government parastatals, and commercial institutions, adequate attention should be paid to the research of the security of mobile payment networks to inform people about the risk involved in accessing messages sent to you by any of these devices.
To avoid a fraudulent act, services for keeping a financial database of any corporation should be contracted with a proper business agreement.
Adequate attention should be given to the study of security of mobile payment networks both in schools, hospitals, banks, government parastatals and private institutions to intimate people on the risk involved in accessing messages sent to you through any of these devices.
In the case of managing financial database of any organization, such services should be contracted with a good business agreement to avoid fraudulent act.