{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T01:58:21Z","timestamp":1770515901206,"version":"3.49.0"},"reference-count":17,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T00:00:00Z","timestamp":1769558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Informatics"],"abstract":"The rapid growth of mobile payment systems has positioned Near Field Communication (NFC) as a core enabling technology. However, conventional NFC protocols primarily emphasize transmission efficiency rather than robust authentication and privacy protection, which exposes users to threats such as eavesdropping, replay, and tracking attacks. In this study, a lightweight and privacy-preserving authentication protocol is proposed for NFC-based mobile payment services. The protocol integrates anonymous authentication, replay resistance, and tracking protection while maintaining low computational overhead suitable for resource-constrained devices. A secure offline session key generation mechanism is incorporated to enhance transaction reliability without increasing system complexity. Formal security verification using the Scyther tool (version 1.1.3) confirms resistance against major attack vectors, including impersonation, man-in-the-middle, and replay attacks. Comparative performance analysis further demonstrates that the proposed scheme achieves superior efficiency and stronger security guarantees compared with existing approaches. These results indicate that the protocol provides a practical and scalable solution for secure and privacy-aware NFC mobile payment environments.<\/jats:p>","DOI":"10.3390\/informatics13020021","type":"journal-article","created":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T15:04:46Z","timestamp":1769612686000},"page":"21","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Highly Robust Approach to NFC Authentication for Privacy-Sensitive Mobile Payment Services"],"prefix":"10.3390","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-3174-9094","authenticated-orcid":false,"given":"Rerkchai","family":"Fooprateepsiri","sequence":"first","affiliation":[{"name":"Innovative Education and Lifelong Learning Institute, Rajamangala University of Technology Tawan-ok, Chonburi 20110, Thailand"}]},{"given":"U-Koj","family":"Plangprasopchoke","sequence":"additional","affiliation":[{"name":"Business Administration and Information Technology Faculty, Rajamangala University of Technology Tawan-ok, Bangkok 10400, Thailand"}]}],"member":"1968","published-online":{"date-parts":[[2026,1,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Onumadu, F.N., and Abroshan, H. (2024). Near-Field Communication (NFC) Cyber Threats and Mitigation Solutions in Payment Transactions: A Review. Sensors, 24.","DOI":"10.3390\/s24237423"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Liu, Y., Wang, H., and Zhang, X.M. (2023). Mobile Payment Protocol with Deniably Authenticated Property. Sensors, 23.","DOI":"10.3390\/s23083927"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Rehman, S.U., Khan, M.A., and Alqahtani, A. (2025). DC-NFC: Deep-Learning-Driven Secure and Privacy-Aware NFC Framework for IoT Applications. Sensors, 25.","DOI":"10.3390\/s25051381"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Fragkiadakis, I., Gritzalis, S., and Lambrinoudakis, C. (2025). Evaluating Privacy Technologies in Digital Payments: A Balanced Framework. J. Cybersecur. Priv., 5.","DOI":"10.3390\/jcp5040107"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Hasan, S.S.U., Ghani, A., Daud, A., Akbar, H., and Khan, M.F. (2025). A Review on Secure Authentication Mechanisms for Mobile Security. Sensors, 25.","DOI":"10.3390\/s25030700"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"103348","DOI":"10.1016\/j.csi.2019.04.007","article-title":"A secure end-to-end proximity NFC-based mobile payment protocol","volume":"66","author":"Bojjagani","year":"2019","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1905","DOI":"10.1109\/ACCESS.2021.3139065","article-title":"A novel NFC-based secure protocol for merchant transactions","volume":"10","author":"Ahamad","year":"2022","journal-title":"IEEE Access"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1186\/s40294-019-0064-z","article-title":"Trusted service manager (TSM) based privacy preserving and secure mobile commerce framework with formal verification","volume":"7","author":"Ahamad","year":"2019","journal-title":"Complex Adapt. Syst. Model."},{"key":"ref_9","first-page":"102997","article-title":"A new NFC mobile payment protocol using improved GSM based authentication","volume":"62","author":"Tafti","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Al-Haj, A., and Al-Tameemi, M.A. (2018, January 25\u201327). Providing security for NFC-based payment systems using a management authentication server. Proceedings of the 2018 4th International Conference on Information Management (ICIM), Oxford, UK.","DOI":"10.1109\/INFOMAN.2018.8392832"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"705","DOI":"10.1016\/j.procs.2016.04.156","article-title":"A lightweight security protocol for NFC-based mobile payments","volume":"83","author":"Badra","year":"2016","journal-title":"Procedia Comput. Sci."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"El-Madhoun, N., Guenane, F., and Pujolle, G. (2015, January 5\u20137). A cloud-based secure authentication protocol for contactless-NFC payment. Proceedings of the 2015 IEEE 4th International Conference on Cloud Networking (CloudNet), Niagara Falls, ON, Canada.","DOI":"10.1109\/CloudNet.2015.7335332"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"470","DOI":"10.1109\/TCE.2018.2873181","article-title":"NFC secure element-based mutual authentication and attestation for IoT access","volume":"64","author":"Sethia","year":"2018","journal-title":"IEEE Trans. Consum. Electron."},{"key":"ref_14","first-page":"195","article-title":"Mutual authentication protocol for secure NFC-based mobile healthcard","volume":"11","author":"Sethia","year":"2016","journal-title":"IADIS Int. J. Comput. Sci. Inf. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Thammarat, C. (2020). Efficient and secure NFC authentication for mobile payment ensuring fair exchange protocol. Symmetry, 12.","DOI":"10.3390\/sym12101649"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"609","DOI":"10.1007\/s12652-021-03316-4","article-title":"Systematic survey of mobile payments, protocols, and security infrastructure","volume":"14","author":"Bojjagani","year":"2023","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"ref_17","unstructured":"Zheng, X., Yang, L., Ma, J., Shi, G., and Meng, D. (2016, January 27\u201330). TrustPAY: Trusted mobile payment on security enhanced ARM TrustZone platforms. Proceedings of the 2016 IEEE Symposium on Computers and Communication (ISCC), Messina, Italy."}],"container-title":["Informatics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2227-9709\/13\/2\/21\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T05:13:11Z","timestamp":1770441191000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2227-9709\/13\/2\/21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,28]]},"references-count":17,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["informatics13020021"],"URL":"https:\/\/doi.org\/10.3390\/informatics13020021","relation":{},"ISSN":["2227-9709"],"issn-type":[{"value":"2227-9709","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,28]]}}}