A Simple and Secure Credit Card-Based Payment System

2010 ◽  
pp. 834-842
Author(s):  
Chi Po Cheong
Keyword(s):  
Private Information ◽  
Credit Card ◽  
Financial Institution ◽  
Payment System ◽  
The Internet ◽  
Sensitive Information ◽  
Payment Systems ◽  
Credit Card Number ◽  
Card Number ◽  
Card Payment

Credit card is the most popular payment method used in Internet shopping. The idea of credit card payment is to buy first and pay later. The cardholder can pay at the end of the statement cycle or they can pay interest on the outstanding balance. Therefore, there are many credit card-based electronic payment systems (EPSs) that have been developed to facilitate the purchase of goods and services over the Internet such as CyberCash (VeriSign), iKP (Bellare, Garary, Hauser, et al, 1995), SET (Visa and MasterCard, 1997), CCT (Li & Zhange, 2004), and so forth. Usually a credit card-based EPS involves five parties: cardholder, merchant, acquirer bank, issuer bank, and financial institution. Internet is an open system and the communication path between each other is insecure. All communications are potentially open for an eavesdropper to read and modify as they pass between the communicating endpoints. Therefore, the payment information transmitted between the cardholder and the merchant through Internet is dangerous without a secure path. SSL (Zeus Technology, 2000) is a good example to secure the communication channel. Besides the issue of insecure communication, there are a number of factors that each participant must consider. For example, merchant concerns about whether the credit card or the cardholder is genuine. There is no way to know the consumer is a genuine cardholder. As a result, the merchant is incurring the increase in losses due to cardholder disputes and frauds. On the other hand, cardholders are worried about the theft of the privacy or sensitive information such as the credit card number. They don’t want any unauthorized usage of their credit cards and any modification to the transaction amount by a third party. These security issues have deterred many potential consumers from purchasing online. Existing credit card-based EPSs solve the problems in many different ways. Some of them use cryptography mechanisms to protect private information. However, they are very complicated, expensive, and tedious (Xianhau, Yuen, Ling, & Lim, 2001). Some EPSs use the Certificate Authority (CA) model to fulfill the authentication, integrity, and nonrepudiation security schemes. However, each participant requires a digital certificate during the payment cycle. These certificates are issued by independent CAs but the implementation and maintenance cost of this model is very high. In addition, the validation steps of Certificate-based systems are very time-consuming processes. It requires access to an online certificate server during the payment process. Moreover, the certificate revocation list is a major disadvantage of the PKI-based certification model (The Internet Engineering Task Force). The cardholder’s certificate also includes some private information such as the cardholder’s name. The requirement of a cardholder’s certificate means software such as e-Wallet is required to be installed on the cardholder’s computer. It is the barrier for the cardholder to use Certificatebased payment systems. To solve this problem, Visa Company has developed a new payment system called Verified by Visa (VbV) (http:www/visa-asia.com/ ap/sea/merchants/productstech/vbv_implementvbv. shtml). However, sensitive information such as credit card number is still passed to the merchant. Therefore, the cardholder is not protected by the system.

A Simple and Secure Credit Card-Based Payment System

2009 ◽  
pp. 1299-1306
Author(s):  
Chi Po Cheong
Keyword(s):  
Private Information ◽  
Credit Card ◽  
Financial Institution ◽  
Payment System ◽  
The Internet ◽  
Sensitive Information ◽  
Payment Systems ◽  
Credit Card Number ◽  
Card Number ◽  
Card Payment

Credit card is the most popular payment method used in Internet shopping. The idea of credit card payment is to buy first and pay later. The cardholder can pay at the end of the statement cycle or they can pay interest on the outstanding balance. Therefore, there are many credit card-based electronic payment systems (EPSs) that have been developed to facilitate the purchase of goods and services over the Internet such as CyberCash (VeriSign), iKP (Bellare, Garary, Hauser, et al, 1995), SET (Visa and MasterCard, 1997), CCT (Li & Zhange, 2004), and so forth. Usually a credit card-based EPS involves five parties: cardholder, merchant, acquirer bank, issuer bank, and financial institution. Internet is an open system and the communication path between each other is insecure. All communications are potentially open for an eavesdropper to read and modify as they pass between the communicating endpoints. Therefore, the payment information transmitted between the cardholder and the merchant through Internet is dangerous without a secure path. SSL (Zeus Technology, 2000) is a good example to secure the communication channel. Besides the issue of insecure communication, there are a number of factors that each participant must consider. For example, merchant concerns about whether the credit card or the cardholder is genuine. There is no way to know the consumer is a genuine cardholder. As a result, the merchant is incurring the increase in losses due to cardholder disputes and frauds. On the other hand, cardholders are worried about the theft of the privacy or sensitive information such as the credit card number. They don’t want any unauthorized usage of their credit cards and any modification to the transaction amount by a third party. These security issues have deterred many potential consumers from purchasing online. Existing credit card-based EPSs solve the problems in many different ways. Some of them use cryptography mechanisms to protect private information. However, they are very complicated, expensive, and tedious (Xianhau, Yuen, Ling, & Lim, 2001). Some EPSs use the Certificate Authority (CA) model to fulfill the authentication, integrity, and nonrepudiation security schemes. However, each participant requires a digital certificate during the payment cycle. These certificates are issued by independent CAs but the implementation and maintenance cost of this model is very high. In addition, the validation steps of Certificate-based systems are very time-consuming processes. It requires access to an online certificate server during the payment process. Moreover, the certificate revocation list is a major disadvantage of the PKI-based certification model (The Internet Engineering Task Force). The cardholder’s certificate also includes some private information such as the cardholder’s name. The requirement of a cardholder’s certificate means software such as e-Wallet is required to be installed on the cardholder’s computer. It is the barrier for the cardholder to use Certificatebased payment systems. To solve this problem, Visa Company has developed a new payment system called Verified by Visa (VbV) (http:www/visa-asia.com/ ap/sea/merchants/productstech/vbv_implementvbv. shtml). However, sensitive information such as credit card number is still passed to the merchant. Therefore, the cardholder is not protected by the system.

Deception in Electronic Goods and Services

2011 ◽  
pp. 177-182
Author(s):  
Neil C. Rowe
Keyword(s):  
Credit Card ◽  
Major Obstacle ◽  
The Internet ◽  
Human Society ◽  
Limited Information ◽  
Credit Card Number ◽  
The Public ◽  
Online Transactions ◽  
Goods And Services ◽  
Card Number

Deception is a frequent but under appreciated aspect of human society (Eckman, 2001). Deception in electronic goods and services is facilitated by the difficulty of verifying details in the limited information available in cyberspace (Mintz, 2002). Fear of being deceived (often unjustified) is in fact a major obstacle to wider use of e-commerce and e-government by the public. One survey reported consumers thought fraud on the Internet was 12 times more common than offline fraud, and 3 out of 5 people thought their credit card number could be stolen in most online transactions (Allen, 2001); both are overestimates. We assess here the nature of the deception threat, how deception can be detected, and what can be done about it.

Overview of Electronic Payment System

2015 ◽  
pp. 391-418
Author(s):  
Sanghita Roy
Keyword(s):  
Credit Card ◽  
Banking Sector ◽  
Payment System ◽  
Electronic Payment ◽  
Payment Systems ◽  
Advantages And Disadvantages ◽  
Business Transactions ◽  
The Difference ◽  
Card Payment ◽  
Electronic Payment System

The emergence of e-commerce has created new financial needs that in many cases cannot be effectively fulfilled by the traditional payment systems. The advent of the Electronic commerce has prompted the invention of several payment tools to facilitate the completion of business transactions over the Internet. There are different methods to pay electronically. Recognizing this, virtually all interested parties are exploring various types of electronic payment system and issues surrounding electronic payment system and digital currency. Broadly electronic payment systems can be classified into four categories: Online Credit Card Payment System, Online Electronic Cash System, Electronic Cheque System and Smart Cards based Electronic Payment System. Each payment system has its advantages and disadvantages for the customers and merchants. These payment systems have numbers of requirements: e.g. security, acceptability, convenience, cost, anonymity, control, and traceability. Therefore, instead of focusing on the technological specifications of various electronic payment systems, the researcher has distinguished electronic payment systems based on what is being transmitted over the network; and analyzed the difference of each electronic payment system by evaluating their requirements, characteristics and assessed the applicability of each system. To sustain in the competition more banks are following e-commerce and especially using e-payment mechanism. Though Indian economy is basically cash driven, still India is not far behind in adopting E-payment services in retail and banking sector.

Deception in Electronic Goods and Services

2011 ◽  
pp. 84-91
Author(s):  
Neil C. Rowe
Keyword(s):  
Credit Card ◽  
Major Obstacle ◽  
The Internet ◽  
Human Society ◽  
Limited Information ◽  
Credit Card Number ◽  
The Public ◽  
Online Transactions ◽  
Goods And Services ◽  
Card Number

Deception is a frequent but under appreciated aspect of human society (Eckman, 2001). Deception in electronic goods and services is facilitated by the difficulty of verifying details in the limited information available in cyberspace (Mintz, 2002). Fear of being deceived (often unjustified) is in fact a major obstacle to wider use of e-commerce and e-government by the public. One survey reported consumers thought fraud on the Internet was 12 times more common than offline fraud, and 3 out of 5 people thought their credit card number could be stolen in most online transactions (Allen, 2001); both are overestimates. We assess here the nature of the deception threat, how deception can be detected, and what can be done about it.

Electronic Publishing: The Role of Carrier and Publisher

1986 ◽  
Vol 21 (1) ◽  
pp. 40-47
Author(s):  
Richard M. Neustadt
Keyword(s):  
Los Angeles ◽  
Credit Card ◽  
Electronic Publishing ◽  
Bulletin Board ◽  
Credit Card Number ◽  
Electronic Bulletin Board ◽  
Phone Calls ◽  
Card Number ◽  
Criminal Charge

Since this is a legal seminar, I thought it would be appropriate to begin with a case. There is a person in Los Angeles who has been operating an electronic bulletin board on his personal computer. What that means is that he has memory attached to his computer, and it is possible for anyone else in the country with a computer to dial into that bulletin board and leave a message automatically in the memory. That message can then be accessed by anyone else who dials in.This person does not exercise any control over the messages that are put in. It is open to anyone who wants to put a message in there. Somebody put into that bulletin board the telephone credit card number of a rich person. Subsequently, many other people dialed into the bulletin board, got the telephone credit card number and charged phone calls to that person. No one knows where the number came from. The board operator was prosecuted under a criminal charge. The question is, is he liable?

scholarly journals Study A Public Key in RSA Algorithm

2020 ◽  
Vol 5 (4) ◽  
pp. 395-398
Author(s):  
Taleb Samad Obaid
Keyword(s):  
Private Information ◽  
Original Data ◽  
Prime Numbers ◽  
Public Key ◽  
The Internet ◽  
Sensitive Information ◽  
Rsa Algorithm ◽  
Encryption And Decryption ◽  
Main Disadvantage ◽  
Encryption Decryption

To transmit sensitive information over the unsafe communication network like the internet network, the security is precarious tasks to protect this information. Always, we have much doubt that there are more chances to uncover the information that is being sent through network terminals or the internet by professional/amateur parasitical persons. To protect our information we may need a secure way to safeguard our transferred information. So, encryption/decryption, stenographic and vital cryptography may be adapted to care for the required important information. In system cryptography, the information transferred between both sides sender/receiver in the network must be scrambled using the encryption algorithm. The second side (receiver) should be outlook the original data using the decryption algorithms. Some encryption techniques applied the only one key in the cooperation of encryption and decryption algorithms. When the similar key used in both proceeds is called symmetric algorithm. Other techniques may use two different keys in encryption/decryption in transferring information which is known as the asymmetric key.  In general, the algorithms that implicated asymmetric keys are much more secure than others using one key.   RSA algorithm used asymmetric keys; one of them for encryption the message, and is known as a public key and another used to decrypt the encrypted message and is called a private key. The main disadvantage of the RSA algorithm is that extra time is taken to perform the encryption process. In this study, the MATLAB library functions are implemented to achieve the work. The software helps us to hold very big prime numbers to generate the required keys which enhanced the security of transmitted information and we expected to be difficult for a hacker to interfere with the private information. The algorithms are implemented successfully on different sizes of messages files.

scholarly journals Transaksi E-Commerce dalam Perspektif Islam

2019 ◽  
Vol 2 (1) ◽  
pp. 90 ◽  
Author(s):  
Annisa Dwi Kurniawati
Keyword(s):  
Credit Card ◽  
Payment System ◽  
The Internet ◽  
Face To Face ◽  
The Status ◽  
Almost All

Abstract: The development of technology flows is increasing. The internet, which was initially used by several groups as a medium for the transformation of scientific and academic data, has now been used in almost all aspects of people's lives, including e-commerce transactions. E-commerce transactions are transactions carried out without meetings between parties. By using e-commerce, many reservations are obtained from the seller or buyer. The convenience offered doesn't mean it doesn’t rise the problems. For Muslims, understanding the status of e-commerce transactions is important. E-commerce accepts payments with bai’s-salam, which is about non-related transactions and the suspension of goods for payments that have been hastened. It's just that if on Bai 's-Salam a face-to-face meeting is held for the implementation of sighat, it is different with e-commerce that communicate only through chat. E-commerce is permitted in Islam with a note that there is no riba ',gharar, maisir, etc. Therefore, if it is approved by the payment system on e-commerce, it is asked not to use a credit card to avoid riba’.الملخص: يشهد تطوير تدفقات التكنولوجيا زيادة هائلة. يستخدم الإنترنت في جميع جوانب حياة الناس تقريبًا ، بما في ذلك معاملات التجارة الإلكترونية، معاملات التجارة الإلكترونية هي معاملات تتم بدون اجتماع بين الطرفين .باستخدام التجارة الإلكترونية، الكثير من السهولة حصلت من البائع أو المشتري. يتم تقديم التسهيلات المقدمة. التسهيلات المقدمة لايمكن تسبب مشاك. معلومات المسلمين عن حالة المعاملة التجارة الإلكترونية شيء مهمة. التجارة الإلكترونية مثل بيع السلام هي عن العناصر فى المعاملات وتأخير القبض دفعت مقدما. إذا كان بيع السلام يتم عقد اجتماع وجها لوجه في تنفيذ سيغات تختلف عن التجارة الإلكترونية استخدام التواصل مع الدردشة. التجارة الإلكترونية مباحات في الإسلام مع ملاحظة عدم وجود عناصر الربا والغرار والميسر وغيرها لذلك ، إذا كانت مرتبطة بنظام دفع في التجارة الإلكترونية المستحسن عدم استخدام بطاقة الائتمان لتجنب الربا.. Abstrak: Perkembangan arus teknologi mengalami peningkatan yang masif. Internet yang pada awalnya digunakan oleh beberapa kalangan sebagai media transformasi data ilmiah dan akademik, kini telah digunakan di hampir seluruh aspek kehidupan masyarakat, termasuk transaksi jual beli (e-commerce). Transaksi e-commerce merupakan transaksi yang dilakukan tanpa adanya pertemuan antar para pihak. Dengan menggunakan e-commerce, banyak kemudahan yang diperoleh baik dari pihak penjual maupun pembeli. Kemudahan yang ditawarkan bukan berarti tidak menimbulkan masalah. Bagi kaum muslim, mengetahui status dari transaksi e-commerce merupakan hal yang penting. E-commerce  memiliki kesamaan dengan bai’ as-salam yaitu mengenai unsur-unsur terjadinya transaksi serta adanya penangguhan barang untuk pembayaran yang telah disegerakan. Hanya saja, jika pada bai’ as-salam dilakukan pertemuan face to face untuk pelaksanaan sighat, berbeda halnya dengan e-commerce yang melakukan komunikasi via chatting. E-commerce diperbolehkan dalam Islam dengan catatan tidak adanya unsur riba’, gharar, maisir, dsb. Oleh karena itu, jika dihubungkan dengan sistem pembayaran pada e-commerce, maka dianjurkan tidak menggunakan kartu kredit guna menghindari terjadinya riba’.

Sign in / Sign up

Export Citation Format

Share Document