Securing on-line credit card payments without disclosing privacy information

Authors:
Jing-Jang Hwang;Tzu-Chang Yeh;Jung-Bin Li
Affiliations:
Department of Information Management, Chang Gung University, 259 Wen Hwa 1st Road, Kweishan, Taoyuan 333, Taiwan;Institute of Information Management, National Chiao Tung University, 1001 Tah Hsueh Road, Hsinchu 300, Taiwan and Department of Information Management, Ming Hsin University of Science and Technolo ...;Institute of Information Management, National Chiao Tung University, 1001 Tah Hsueh Road, Hsinchu 300, Taiwan
Venue:
Computer Standards & Interfaces
Year:
2003

Citing 7
Cited 3

Greater protection for credit card holders: a revised SET protocol

Computer Standards & Interfaces
Password authentication with insecure communication

Communications of the ACM
PayWord and MicroMint: Two Simple Micropayment Schemes

Proceedings of the International Workshop on Security Protocols
Efficient commerce protocols based on one-time pads

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
A New Scheme of Credit based Payment for Electronic Commerce

LCN '98 Proceedings of the 23rd Annual IEEE Conference on Local Computer Networks
On shopping incognito

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Design, implementation, and deployment of the iKP secure electronic payment system

IEEE Journal on Selected Areas in Communications

Adoption and effectiveness of electronic banking in Kenya

Electronic Commerce Research and Applications
Preference of internet-based debit payment protocols

Proceedings of the 13th International Conference on Electronic Commerce
Efficient and secure credit card payment protocol for mobile devices

International Journal of Information and Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Two revisions of the original Secure Electronic Transaction (SET) protocol are proposed to conceal cardholders' identities in the electronic marketplace in which cardholders' trust for banks can be reduced to a minimum. Constrained by being extensions of the existing card payment networks to the Internet, most on-line credit card payment schemes in use or proposed in recent papers assume the sensitive card information could be disclosed to all the participating banks. The assumption used to work well in traditional credit card payments before. However, negative impacts such as banking scandals, closure programs due to poor management, and security problems with Internet banking are all undermining cardholders' trust in banks. The issuer is the trusted bank selected by the cardholder, but the acquirer is not. To reveal the cardholder's sensitive card information to every possible acquirer implies potential risk. Based on the need-to-know principle, the two revisions are proposed to relax the assumption mentioned above.In our solutions, the sensitive card information is well protected along the way and can be extracted only by the issuer. A cardholder needs only to select a trustworthy issuer, instead of worrying about the possible breakdowns of every involved acquirer. The cost to achieve our more secure schemes demands only minor information modifications on the legacy system.