Dynamic virtual credit card numbers

Authors:
Ian Molloy;Jiangtao Li;Ninghui Li
Affiliations:
Purdue University;Intel Corporation;Purdue University
Venue:
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Year:
2007

Citing 8
Cited 6

Why cryptosystems fail

Communications of the ACM
Grammar based off line generation of disposable credit card numbers

Proceedings of the 2002 ACM symposium on Applied computing
Ciphers with Arbitrary Finite Domains

CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
The Security of Cipher Block Chaining

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
MDx-MAC and Building Fast MACs from Hash Functions

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
SecureClick: A Web Payment System with Disposable Credit Card Numbers

FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Off-Line Generation of Limited-Use Credit Card Numbers

FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Design, implementation, and deployment of the iKP secure electronic payment system

IEEE Journal on Selected Areas in Communications

CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Localization of credential information to address increasingly inevitable data breaches

Proceedings of the 2008 workshop on New security paradigms
Attack on the GridCode one-time password

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
E-commerce: protecting purchaser privacy to enforce trust

Electronic Commerce Research
When do online shoppers appreciate security enhancement efforts? Effects of financial risk and security level on evaluations of customer authentication

International Journal of Human-Computer Studies
Spread Identity: A new dynamic address remapping mechanism for anonymity and DDoS defense

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Theft of stored credit card information is an increasing threat to e-commerce.We propose a dynamic virtual credit card number scheme that reduces the damage caused by stolen credit card numbers. A user can use an existing credit card account to generate multiple virtual credit card numbers that are either usable for a single transaction or are tied with a particular merchant. We call the scheme dynamic because the virtual credit card numbers can be generated without online contact with the credit card issuers. These numbers can be processed without changing any of the infrastructure currently in place; the only changes will be at the end points, namely, the card users and the card issuers. We analyze the security requirements for dynamic virtual credit card numbers, discuss the design space, propose a scheme using HMAC, and prove its security under the assumption the underlying function is a PRF.