Mobile payment has become increasingly popular in recent years. However, concerns remain about the information security risk management practices implemented by non-financial-institution mobile payment service providers, such as mobile phone carriers and technology companies, using tokenization systems and encryption mechanisms. Using the modified Delphi method and building on the COBIT 2019 framework, this study explores and suggests how these non-financial-institution mobile payment service providers can consider a more holistic list of information security risk items and their corresponding management practices. We believe the proposed practices will help non-financial-institution mobile payment service providers focus on the valuable aspects of information security risks.

中文翻译：

---

非金融机构服务提供商移动支付信息安全风险事项及管理实践：探索性研究


近年来，移动支付日益普及。然而，对于移动电话运营商和科技公司等非金融机构移动支付服务提供商使用代币化系统和加密机制实施的信息安全风险管理实践仍然存在担忧。本研究采用修改后的德尔菲法，并以COBIT 2019框架为基础，探讨并建议这些非金融机构移动支付服务提供商如何考虑更全面的信息安全风险项目清单及其相应的管理实践。我们相信，拟议的做法将有助于非金融机构移动支付服务提供商关注信息安全风险的有价值的方面。