Australian Information Security Management Conference

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University, Perth, Western Australia


8th Australian Information Security Mangement Conference, Edith Cowan University, Perth Western Australia, 30th November 2010


If we compare the security problem of a face-to-face contactless card payment process with a mobile phone NFC payment process, we may easily consider that the latter is far more difficult to study. Indeed, the more partners from different organizations involved in the process there are, the more complex the studies are and, accordingly, its protection. As well as the current solutions applied to studying the electronic payment security chain (Common Criteria, ISO 27005, etc), the James Reason model has pointed out the specific risks implied by the interaction between the different links in a complex chain. His theory has been applied to various fields (airplanes, nuclear power plants, health, etc) and various ways of studying it have been proposed. In this article we will attempt to apply his model to the complex electronic payment chain required by the NFC payment process.