ENSURING DATA PRIVACY IN ELECTRONIC PAYMENT SYSTEMS THROUGH STRIDE-BASED THREAT MODELING AND MULTI-FACTOR AUTHENTICATION
Keywords:
Electronic payment systems, data privacy, threat modeling, STRIDEAbstract
Electronic payment systems process large volumes of sensitive financial and personal data, making them attractive targets for cyberattacks. Ensuring data privacy in such systems requires systematic identification and mitigation of security threats across complex, distributed architectures. While cryptographic and regulatory controls are widely applied, existing studies often address threats in isolation and lack an integrated, system-level threat modeling framework tailored to modern payment infrastructures. This paper addresses this gap by proposing a structured threat modeling approach for electronic payment systems based on the STRIDE methodology, combined with privacy-preserving authentication mechanisms.
The proposed framework models payment system components using data flow diagrams and systematically classifies threats related to identity spoofing, data tampering, repudiation, information disclosure, denial of service, and privilege escalation. For each threat category, corresponding technical and organizational countermeasures are mapped to system assets and aligned with contemporary security standards. Additionally, the paper examines the role of multi-factor authentication, including biometric-based mechanisms, as a risk mitigation strategy within the threat model.
Rather than reporting experimental performance metrics, the study provides a methodological evaluation demonstrating how STRIDE enables comprehensive coverage of privacy risks and supports consistent risk prioritization. The main contribution is a reproducible, architecture-aware threat modeling framework that enhances privacy protection in electronic payment systems and can be adapted to evolving threat landscapes.
References
Mohinabonu A. et al. E-payment Systems Security Solutions Using Facial Authentication Based on Artificial Neural Networks //World Conference Intelligent System for Industrial Automation. – Cham : Springer Nature Switzerland, 2022. – С. 139-148.
Агзамова М. ПРИМЕНЕНИЕ НЕЙРОННЫХ СЕТЕЙ ДЛЯ АУТЕНТИФИКАЦИИ ЛИЦА В ПЛАТЕЖНЫХ СИСТЕМАХ //DIGITAL TRANSFORMATION AND ARTIFICIAL INTELLIGENCE. – 2024. – Т. 2. – №. 4. – С. 148-157.
Агзамова М. ОБУЧЕНИЕ И НАСТРОЙКА НЕЙРОННОЙ СЕТИ НА БАЗЕ ПОДГОТОВЛЕННЫХ ДАННЫХ ДЛЯ МОДУЛЯ ОБНАРУЖЕНИЯ ЛИЦ //DIGITAL TRANSFORMATION AND ARTIFICIAL INTELLIGENCE. – 2024. – Т. 2. – №. 4. – С. 158-164.
Mohinabonu A. ADVANCED FACE DETECTION USING RESNET AND FPN ARCHITECTURES WITH FOCAL LOSS FOR ENHANCED ACCURACY //Next Scientists Conferences. – 2024. – С. 48-51.
Mohinabonu A. Contrastive convolution in face recognition: advancements in accuracy //Next Scientists Conferences. – 2023. – С. 3-5.
Mohinabonu A. Emotion recognition through advanced neural architectures: a comprehensive analysis //International Scientific and Current Research Conferences. – 2023. – С. 29-31.
Mohinabonu A. ENHANCING FACIAL RECOGNITION THROUGH CONTRASTIVE CONVOLUTION: A COMPREHENSIVE METHODOLOGY //The American Journal of Engineering and Technology. – 2023. – Т. 5. – №. 11. – С. 105-114.
Agzamova M. ANALYSIS OF ISSUES RELATED TO BIOMETRIC AUTHENTICATION IN PAYMENT //Science and innovation. – 2024. – Т. 3. – №. A10. – С. 209-214.
Agzamova M. ENHANCING FACIAL EXPRESSION AND ATTRIBUTES RECOGNITION: AN EXPLORATION OF MULTI-TASK LEARNING WITHIN LIGHTWEIGHT NEURAL NETWORKS //Science and innovation. – 2023. – Т. 2. – №. A11. – С. 177-184.
Agzamova M. Development of a software module implementing a proposed facial biometric authentication algorithm and evaluation of solution effectiveness //Science and innovation. – 2023. – Т. 2. – №. A7. – С. 51-57.
Nuriddinov Azizbek, Agzamova Mokhinabonu . IMPROVING THE AUTHENTIFICATION MECHANISM BASED ON NEURAL NETWORKS IN PAYMENT SYSTEMS. 2(11)2025., doi:https://doi.org/10.61663/252tuitmct11
