Greater protection for credit card holders: a revised SET protocol
Computer Standards & Interfaces
Password authentication with insecure communication
Communications of the ACM
PayWord and MicroMint: Two Simple Micropayment Schemes
Proceedings of the International Workshop on Security Protocols
Efficient commerce protocols based on one-time pads
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
A New Scheme of Credit based Payment for Electronic Commerce
LCN '98 Proceedings of the 23rd Annual IEEE Conference on Local Computer Networks
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Design, implementation, and deployment of the iKP secure electronic payment system
IEEE Journal on Selected Areas in Communications
Adoption and effectiveness of electronic banking in Kenya
Electronic Commerce Research and Applications
Preference of internet-based debit payment protocols
Proceedings of the 13th International Conference on Electronic Commerce
Efficient and secure credit card payment protocol for mobile devices
International Journal of Information and Computer Security
Hi-index | 0.00 |
Two revisions of the original Secure Electronic Transaction (SET) protocol are proposed to conceal cardholders' identities in the electronic marketplace in which cardholders' trust for banks can be reduced to a minimum. Constrained by being extensions of the existing card payment networks to the Internet, most on-line credit card payment schemes in use or proposed in recent papers assume the sensitive card information could be disclosed to all the participating banks. The assumption used to work well in traditional credit card payments before. However, negative impacts such as banking scandals, closure programs due to poor management, and security problems with Internet banking are all undermining cardholders' trust in banks. The issuer is the trusted bank selected by the cardholder, but the acquirer is not. To reveal the cardholder's sensitive card information to every possible acquirer implies potential risk. Based on the need-to-know principle, the two revisions are proposed to relax the assumption mentioned above.In our solutions, the sensitive card information is well protected along the way and can be extracted only by the issuer. A cardholder needs only to select a trustworthy issuer, instead of worrying about the possible breakdowns of every involved acquirer. The cost to achieve our more secure schemes demands only minor information modifications on the legacy system.