M-Commerce is any financial transaction made through mobile devices. The mobile devices are categorized in three generation and each generation uses different technologies such as SDR, RFID, and WAP. The security has more significant importance in M-Commerce than E-Commerce. It involves data, network and memory protection through different methods during transaction through mobile devices. M-Commerce uses J2ME, WAP and i-mode as programmable display standard and involves technical or direct and non-Technical or indirect risk in security. WAP is an industry initiated standard has emerged as a common communication technology and delivering wireless services on mobile. The attacker attacks the weakest link to make a loophole in security. Java with XML makes a powerful combination of portable code and data. The customer shares very sensitive information with merchant which can be major cause of security loophole during transaction. WAP allows a relatively easy and unproblematic integration of mobile applications into existing Internet services. WAP devices uses SSL between web server and gateways a potential security breach. JAVA based applications has cross platform compatibility to enhance scalability and performance of server.