Secure Mobile Payment Systems: Evaluation of Tokenization and Biometrics

Abstract

Mobile payment systems such as Apple Pay, Google Wallet, and Samsung Pay have revolutionizedconsumer transactions by offering contactless, device based alternatives to traditional cards. Thispaper evaluates the security architectures of these platforms w ith a focus on tokenization, biometricauthentication, and secure enclave technologies. We analyze transaction workflows, includingprovisioning, token generation, authentication, and payment authorization. Simulated attacks suchas relay, man in the middl e, and replay attacks are conducted in controlled environments using NFCreaders and custom relay software. Results indicate that tokenization significantly enhances securityby replacing card data with one time use digital tokens. Biometric methods (finge rprint, facialrecognition) are evaluated for usability and resilience against spoofing, with fingerprint systemsshowing slightly higher reliability under various lighting and sensor conditions. Secure enclaves andtrusted execution environments (TEE) fur ther protect sensitive operations and cryptographic keysfrom OS level malware. However, vulnerabilities persist in third party integrations and in fallbackmechanisms such as PIN verification. We propose best practices for integrating biometricauthentica tion and suggest a multi layered defense model to prevent fraud. This study contributes tounderstanding mobile payment system security and offers actionable insights for developers, financialinstitutions, and policymakers aiming to secure the digital tra nsaction landscape.