Implementing a Secure Mobile Application for Cardless Transactions using QR Code and Hybrid AES-ECC Encryption

Abstract

The use of mobile banking has gained wide acceptance, due to the convenience and ease of access via mobile phone. However, the increasing reliance on it by users has been accompanied by security challenges such as phishing and data breaches. Ensuring the security and integrity of data transmission is crucial to building user trust. Data encryption during transactions is the ideal solution for data security and integrity. To achieve this, we propose a system that uses mobile applications to transmit and secure cardless transactions, using QR code fusion with a hybrid AES-ECC algorithm. This algorithm encrypts the data and authenticates it via a QR code. The method involves hybrid encryption that combines Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC). Instead of using the AES key directly for encryption, a key is generated through the ECC algorithm. Decryption is done using the ECC private key. When the user receives the QR code, they can scan it to access the original text. The proposed system has the advantage of storing QR codes on users' phones instead of servers, while keeping the encryption keys embedded in the hybrid algorithm for greater efficiency and ease. The efficiency of the proposed system was tested using different data sizes, to measure the encryption and QR generation time, and the time required to scan the QR code and decrypt. In addition, the QR code's ability to store data. The results showed the effectiveness of the system, its ease of use, and its ability to transfer data securely. Keywords: Encryption, Decryption, Hybrid (AES&ECC), QR Code, Security.