EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

OTP security in wallet systems: A vulnerability assessment

Ahmad H. Al-Omari (), Ahmad Ghazi Alshanty (), Ayoub Alsarhan () and Saifullah A. Omari ()

International Journal of Innovative Research and Scientific Studies, 2025, vol. 8, issue 2, 2356-2371

Abstract: This study investigates One-Time Password (OTP) vulnerabilities in digital wallet systems, employing penetration testing and manual security evaluations (via Burp Suite) to assess risks across authentication, fund transfers, IVR verification, and token lifecycle management. Critical gaps including OTP bypass (e.g., header manipulation, token reuse), unauthorized beneficiary additions, brute-force attacks on weak pincodes, and expired OTP exploitation, highlight systemic flaws in server-side validation and API security. Classified using CVSS and ISO/IEC 27005:2018 frameworks, these vulnerabilities demonstrate high exploitability and impact, exacerbated by poor usability-security trade-offs. The findings underscore the inadequacy of current OTP implementations against evolving threats like SIM-swapping and phishing, which jeopardize financial safety and regulatory compliance. To mitigate risks, the study proposes multi-factor authentication (MFA), cryptographic token hardening, AI-driven threat detection, and behavioral monitoring to strengthen defenses. Additionally, user education, strict token expiration policies, and adaptive authentication models are emphasized to address human-factor vulnerabilities. These strategies aim to establish scalable, user-centric frameworks that balance security with usability while aligning with industry standards. The research advocates for proactive defense mechanisms, continuous security audits, and adaptive learning systems to safeguard digital transactions, reinforcing trust in wallet ecosystems amid rising cyber threats.

Keywords: API Security; Behavioral Analysis; Cybersecurity; Digital Wallet Security; Financial Security; Mobile Payment Systems; One-Time Password; OTP Vulnerabilities; Secure Transactions; Token-Based Authentication; Two-Factor Authentication; User Education. (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://ijirss.com/index.php/ijirss/article/view/5691/1031 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aac:ijirss:v:8:y:2025:i:2:p:2356-2371:id:5691

Access Statistics for this article

International Journal of Innovative Research and Scientific Studies is currently edited by Natalie Jean

More articles in International Journal of Innovative Research and Scientific Studies from Innovative Research Publishing
Bibliographic data for series maintained by Natalie Jean ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-28
Handle: RePEc:aac:ijirss:v:8:y:2025:i:2:p:2356-2371:id:5691