In this paper, we propose a secure NFC mobile payment protocol
based on biometrics (SNMPBs) using wireless public key infrastructure
(WPKI) and universal integrated circuit card (UICC). Electronic signatures
generated in this protocol are considered qualified signatures as they are
generated in UICC which is tamper resistant device. A procedure for the
personalisation of mobile payment application (on the UICC) (by the
issuer/bank) is proposed. Our SNMPB resolves disputes efficiently among
stakeholders by collecting evidence using transaction counters, transaction log,
forensics mode and cryptographic audit log techniques. SNMPB ensures
end-to-end security (i.e., from mobile payments application in UICC to the
bank server) thereby achieving confidentiality, authentication, integrity and
non-repudiation properties, prevents double spending and over spending. Our
proposed SNMPB protocol withstands replay, man in the middle (MITM),
impersonation and multi-protocol attacks as SNMPB is formally verified
successfully using BAN logic and Scyther tool.