TX_1~ABS:AT/ADD:TX_2~ABS:AT 23 http://journals.cihanuniversity.edu.iq/index.php/cuesj CUESJ 2022, 6 (2): 23-27 ReseaRch aRticle Empower E-wallet Payment System Using Secured Hybrid Approach of Online and Offline Services Mohammed H. Shukur, Reem J. Ismail, Laith R. Flaih Department of Computer Science, College of Science, Chian University-Erbil,Kurdistan Region, Iraq ABSTRACT As e-commerce expands, payment mechanisms are migrated to mobile devices, creating e-wallets. Current e-wallet payment solutions are based on smartphones with internet access. E-wallets are becoming increasingly popular among individuals worldwide. Despite this, a survey conducted to determine the primary factors influencing Iraqis’ adoption of electronic wallets reveals a slower growth rate in Iraq than in other regions. This paper proposes a design for a mobile e-wallet application that offers online-to-offline (O2O) payments to replace traditional e-wallets, credit cards, debit cards, and cash using offline connectivity and near-field communication (NFC) with SMS-based payment mechanisms that do not require an internet connection. Keywords: E-wallet, offline services, SMS-based system, online and offline services, hybrid approach INTRODUCTION The “digital revolution,” or the transition from analog to digital technology, has altered our lives and created new opportunities in a wide range of societal activities. One of these activities is an electronic commerce and money digitalization. This digitalization necessitates the development of e-wallets as the next phase of the digital revolution, as part of the transition from a physical wallet or plastic card payment system to an entirely electronic payment system.[1] E-wallet is a term that refers to a type of digital system that is used to facilitate online transactions using a smartphone. It functions similarly to a credit or debit card. An E-wallet must be linked to the user’s account through the internet to make payments.[2] An e-wallet is made up of two main parts: software and data. The information is stored in a database that includes cash, the owner’s name, contact information, shipping, or billing information, such as the customer’s address and other information used at the time of checkout on e-commerce sites, and one identification document. Furthermore, users can send money using various methods, including direct sending phone numbers, quick response (QR) codes, or direct purchases.[3] In 2022, several e-wallets in Iraq, including Zain Cash, AsiaHawala, FastPay, FirstIraqi Bank, Nasspay, and Zazapay, provided essentially comparable services. What differentiates them are the benefits of utilizing a certain e-wallet. ZainCash is one of the most popular e-wallet payment methods in Iraq at the moment. The payment system integrated with Switch Master card allows users to pay either through the e-wallet or Mastercard to pay for services offered by the Zaincash app or transfer money to a specific account using their number. Zaincash is exclusively available to owners of Zain phone numbers. FastPay is the most widely used e-wallet in Kurdistan. FastPay enables users to send and receive money and move funds across accounts without the need to have a phone number associated with a particular network. While E-wallets are becoming more and more common among people around the world. However, due to the need for internet to complete transactions, it develops in Iraq more slowly than in other places. This project focuses on study the local e-wallet and improves their cashless transaction and services by adding new features in the existing e-wallets. RESEARCH PROBLEM It is anticipated that cashless and e-wallet services would account for 80% of total transaction volume between 2020 and 2025[4] but e-wallets grow slower in Iraq than in other Cihan University-Erbil Scientific Journal (CUESJ) Corresponding Author: Mohammed H. Shukur, Department of Computer Science, College of Science, Chian University-Erbil, Kurdistan Region, Iraq. E-mail: m.kurd@hotmail.com Received: June 20, 2022 Accepted: July 18, 2022 Published: August 05, 2022 DOI: 10.24086/cuesj.v6n2y2022.pp23-27 Copyright © 2022 Mohammed H. Shukur, Reem J. Ismail, Laith R. Flaih. This is an open-access article distributed under the Creative Commons Attribution License (CC BY-NC-ND 4.0) Shukur, et al.: A Secure Hybrid Approach for E-wallet Payment System 24 http://journals.cihanuniversity.edu.iq/index.php/cuesj CUESJ 2022, 6 (2): 23-27 parts of the world. Users are using e-wallets to prepaid mobile reloading, online card purchases, get some services and money transfer. Iraq may transition from cash to cashless payments following an increase in cashless payments. E-payment is regarded as critical for the productivity and efficiency.[5] Our research identifies the current e-wallet features, convenience, perceived trust, and customer satisfaction factors influencing consumers’ proclivity to use e-wallets through survey and application reviews. In addition, developing new features and add new function to current e-wallets will raise usability, functionality, convenience, and perceive trust. METHODOLOGY This method employed the extreme programming methodology to create this project. Extreme programming is an agile methodology. The main goal is to enable project changes in response to changing circumstances or customer requirements, even late in the project’s life cycle. Feedback and communication are viewed as critical components of improving software development. We can connect with users by testing the application and soliciting comments on improving or adding to the software (if any). These criteria assist developers in adapting to new requirements and technologies. The extreme programming process is divided into three stages, and the following sections detail each stage in detail: Fact Finding: Survey The survey aims to put hand on the current issue to design a new perspectives and features to local e-wallets. We conducted a survey of Erbil residents. Residents of various ethnicities and ages are represented, including students, employed, jobless, self-employed, and retired. The online survey, which was conducted across many platforms, attracted a total of 250 respondents. Its shows 145 users have no e-wallet application, while only 105 has e-wallet application. High percentage are using their cash as they do not need cashless payment in their daily activities [Figure 1]. Figure 2 shows that 69% of e-wallet users use the Fastpay application, according to which e-wallet is used. In response to whether, they keep money in their e-wallet to determine if they have daily transactions. About 51% of users say that they do not keep money in their e-wallet and only reload their accounts when e-payments are needed. They do not have daily transactions [Figure 3]. To determine e-wallet capabilities, they respond to the type of transactions they use. Table 1 shows that six out of 11 online services were used, while five transactions were not covered in e-wallet services. In response to the question of whether they had access to the internet at the time of purchase. About 59% of users report that they were not connected to the internet at the time of purchase; the highest rates of internet usage occurred at home or work. Wallet owner Internet location Percentage Home 100 Work 85 Malls and Market 41 The survey reveals that current e-wallet issues have been identified and listed below: • Large number of users who do not have access to the internet at the time of purchase Figure 1: E-wallet usage Figure 3: Maintain money in E-wallet Figure 2: E-wallet application share Shukur, et al.: A Secure Hybrid Approach for E-wallet Payment System 25 http://journals.cihanuniversity.edu.iq/index.php/cuesj CUESJ 2022, 6 (2): 23-27 • e-wallets do not support offline transaction • e-wallets do not offer touch and go payments Planning We looked for related scenarios and cases that may help clarify and validate the problem assertions. To acquire information, surveys and informal interview sessions were undertaken. Finally, the objectives and scopes are drawn to gain a picture of the system’s required functions. Design In general, the design of the App AllPAY is created during this period based on the most popular e-wallet functions and adding needed screens and buttons keep the interface user- friendly and simple to learn and operate. Users will feel at ease when utilizing the application because of the user experience. Due to the enormous demand for offline usage of an e-wallet, sensitive user information is commonly saved on mobile devices. We suggest that this project includes optional offline device-based biometric authentication and that the most recent balance be retrieved through encrypted time-based one-time password (TOPT) Short Message Service (SMS), and to provide online-to-offline (O2O) services.[6] Figure 4 illustrates offline login, the application uses local Mobile biometric authentication employs biometrics to identify and authenticate the user seeking to access a mobile app. Screen 1 Shows login screen with biometrics. It may be done through fingerprint readers, facial recognition, speech recognition, and other methods. After user successful user authentication, the applications check if the devise whether connected to server or not, in case of no internet connection, the application sends an SMS to the server requesting the current balance; the server will then produce RSA encrypted TOTP SMS codes with account phone number that are refreshed every 30 s, making them more challenging to use if stolen, prevent fraud, and keeping the application. The following is a description of the login model’s execution: 1. User use biometric authentication to access the application 2. Application check whether it is connected to server or not, one of below options Online 1. Application inquiry the balance 2. Server send updated balance Offline 1. Application generated RSA encrypted SMS contains token, using the homomorphic properties of the RSA encryption. 2. Server confirm the token by decrypting it using the device’s last online token along with phone number. Execute of one of the below options: A. Successful authenticated, server send encrypted updated balance in TOTP SMS B. Failed authenticated, server send warning SMS, and lock the account for 30 min. While logging in through offline mobile verification, the e-wallet automatically detects TOTP. RCEIVE_SMS in android Table 1: Type of transactions in e-wallets Transaction type Percentage Online Cards 33 Mobile\Internet prepaid cards 35 Online Services 10 Online Shopping 15 Shopping 1 Services 0 Patrol Station 0 Taxi 5 Tuition Fees 0 Bills 0 Malls 0 Figure 4: Offline Login with TOTP is used by app to read the encrypted TOTP, decrypt it with last obtained online token, and update the balance in the main screen. Typically, TOTP detection requires the user to grant SMS permissions. Screen 2 illustrates that the 30 s needed to receive and update the balance. The usage of NFC in e-wallet applications is introduced in this design, allowing for more flexible and secure management, customization, and simplify the payment process.[7,8] At pressing Go Button on the main screen which it represents the touch and go payment. GO are contactless payments that employ near-field communication (NFC) technology to securely communicate between an e-wallet and a point of sale’s (POS) terminal at time of pressing the button. This technology powers e-wallet payments shown in Screen 3. The following is a description of the NFC model’s execution: 1. To make a payment, the customer must press the “go” button on their phone to enable NFC on the POS terminal. 2. The e-wallet reads the transaction information from the POS. 3. The application checks whether the user has enough credit or not using the current balance stored in the application. 4. If the user has sufficient credit, e-wallet apps send collected information to the server through online or offline (SMS) communication to authorize the transaction. Shukur, et al.: A Secure Hybrid Approach for E-wallet Payment System 26 http://journals.cihanuniversity.edu.iq/index.php/cuesj CUESJ 2022, 6 (2): 23-27 5. Server either authorizes the transaction or rejects the user’s request. If the user’s request was authorized, the purchase amount will be withdrawn from his account; otherwise, the user’s account will remain with the same balance. At the time of each transaction, the application checks if the amount required is within the balance; if it is not, the user will receive notification “insufficient funds to complete the payment.” In the event that the amount is equal to or less than the balance. The application will determine whether it is connected to the server online or not. In case of offline, the application sends encrypted SMS to server with token and user transaction information, amount, receiver id, and other related info about the order [Figure 5]. Server will send back TOTP to user to validate the transaction. DISCUSSION The proposed e-wallet payment system, which combines online and offline services, satisfies the following standards defined: • Secure authentication. Additional components ensure that only authorized users may conduct online and offline transactions. Biometric authentication is the first step in the login process, followed by two-factor authentication. • Secured payments. In offline transactions, data are encrypted using the RSA cryptosystem’s homomorphic features; as a result, the user and any sniffer learn nothing about the data. In Touch and Go payment, NFC enabled at the point when the user touch Go button, adding extra security to enable the payment transaction. We are not concentrating on registration at the moment, and we assume that all users have previously registered, been validated in the payment system, and have access to the internet at some point. The following procedures should be followed while modifying the online authentication method with the offline services scheme: Screen 1: Login, Red Button for Biometric login Screen 2: Reading TOTP and updating user Balance Screen 3: Touch and Go Payment using NFC. Figure 5: Online/Offline transaction Shukur, et al.: A Secure Hybrid Approach for E-wallet Payment System 27 http://journals.cihanuniversity.edu.iq/index.php/cuesj CUESJ 2022, 6 (2): 23-27 1. The user chooses the biometric feature they want to employ (e.g., fingerprint and facial recognition) during the authentication procedure. 2. Within the e-wallet application, a hash value is utilized with the user’s identification and approval of the user’s identity. 3. Two tokens to confirm RSA encryption and decryption (server token and user token), server-generated random numbers and save it in the server database, and e-wallet at any online activity. 4. Only the server accepts SMS from registered and validated phone numbers then compares user tokens. 5. Once linked to the internet, the e-wallet produces new tokens and verifies previously saved transactions. 6. Account will be locked for 30 min if any verification fails. CONCLUSION The solution presented in this paper includes three additional components: Local biometric authentication, offline payment transactions, and touch and go NFC payment. The suggested solution applies to online and offline transactions in the banking and payment sectors. As a result, it is appropriate for countries with limited internet connections. Finally, the intended contributions were successful, resulting in favorable outcomes and distinctive contributions. REFERENCES 1. M. Olsen, J. Hedman and R. Vatrapu. HCI Issues in Mobile Wallet Design, in The Tenth Annual Pre-ICIS Workshop on HCI Research. China: Shanghai, 2011. 2. Definition of “E-wallets”. Times Syndication Service. Available from: https://www.economictimes.indiatimes.com/definition/e- wallets [Last accessed on 2022 Mar 14]. 3. A. Madan and M. I. Rosca. Current trends in digital marketing communication. Journal of Marketing Research and Case Studies, vol. 2022, pp. 1-13, 2022. 4. V. Vinatier. Investment Managers. Available from: https://www. axa-im.com/insights/future-trends/digital-economy/why-scale- matters-evolving-landscape-cashless-payments [Last accessed on 2022 Mar 14]. 5. G. Oprescu and D. Eleodor. The Impact of the Digital Economy’s Development on Competition. Bucharest: International Conference of the Institute for Business Administration, 2014. 6. A. Dhir. V. Scuotto. P. Kaur and Shalini Talwar. Barriers and paradoxical recommendation behaviour in online to offline (O 2 O) services. A convergent mixed-method study. Journal of Business Research, vol. 131, pp. 25-39, 2021. 7. N. Sabli, N. E. Pforditen, K. Supian, F. N. Azmi and N. A. Solihin. The acceptance of e-wallet in Malaysia. Selangor Business Review, vol. 6, no. 1, pp. 1-14, 2021. 8. P. Pourghomi and G. Ghinea. Managing NFC Payments Applications through Cloud Computing. In: 7th International Conference for Internet Technology and Secured Transactions (ICITST), IEEE, 2012. OLE_LINK1 _GoBack