Abstract
The alarming increase in the number of data breaching incidents from high profile companies reflects that buying goods or services from online merchants can pose a serious risk of customers’ privacy and the merchants’ business reputation. The conventional approach of encrypting customer data at merchant side using the merchant’s secret key is no longer adequate for preserving customer privacy. An e-payment scheme that can guarantee customer authenticity while keeping the customer’s sensitive details secret from the various parties involved in the online transaction is needed. We propose here an online protocol for processing e-payments that minimizes the customer’s privacy as well as merchant business risks. Using a non-reusable password-based authentication approach, the proposed protocol allows consumers to purchase goods or services from an online merchant anonymously, thus achieving the ideal privacy environment in which to shop. The payment details sent to a merchant will become obsolete after the first use, thereby preventing any subsequent fraudulent transactions by a third party. Such protocol can be easily deployed in an e-commerce environment to strengthen the integrity of the electronic payment system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Federal Trade Commission, Consumer Fraud and Identity Theft Complaint Data, available electronically at: http://www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf
Bella, G., Massacci, F., Paulson, L.C.: The verification of an industrial payment protocol: the SET purchase phase. In: Proc. of the 9th ACM CCS, pp. 12–20 (2002)
Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET Registration Protocols. IEEE Journal of Selected Areas in Communications 21(1), 77–87 (2003)
Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET Purchase Protocols. Journal of Automated Reasoning 36(1-2), 5–37 (2006)
Ruiz, C.M., Cazorla, D., Cuartero, F., Pardo, J.J.: Analysis of the SET e-commerce protocol using a true concurrency process algebra. In: Proce. ACM SAC, pp. 879–886 (2006)
Wagner, D., Schneier, B.: Analysis of the SSL 3.0 Protocol. In: Proc. of the 2nd USENIX Workshop on Electronic Commerce, pp. 29–40 (1996)
Citibank Virtual Account Number, available at: http://www.citicards.com/cards/wv/detail.do?screenID=700
Boston Globe, Breach of data at TJX is called the biggest ever, available at: http://www.privacy.org/archives/2007_03.html
Netscape Communication, The SSL Protocol Version 3.0, available electronically: http://wp.netscape.com/eng/ssl3/ssl-toc.html
Visa Verified By Visa, available at: https://usa.visa.com/personal/security/vbv/index.html
Schneier, B.: CardSystems Exposes 40 Million Identities (July 2005) available electronically at: http://www.schneier.com/blog/archives/2005/06/cardsystems_exp.html
Samos, M.H.: Electronic Payment Systems (20-763), Official Course Web, available electronically at: http://euro.ecom.cmu.edu/program/courses/tcr763/2002pgh/cards7.ppt
Discover Card, Secure Online Account Number available electronically at: http://www.discovercard.com/discover/data/faq/soan.shtml
Mastercard & VISA. SET Secure Electronic Transaction: External Interface Guide (1997)
VeriSign Unified Authentication, available electronically at: http://www.verisign.com/products-services/security-services/unified-authentication/index.html
MSN Money Online, credit cards are the only way to buy, available electronically at: http://moneycentral.msn.com/content/Banking/creditcardsmarts/P114591.asp
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ashrafi, M.Z., Ng, S.K. (2008). Enabling Privacy-Preserving e-Payment Processing. In: Haritsa, J.R., Kotagiri, R., Pudi, V. (eds) Database Systems for Advanced Applications. DASFAA 2008. Lecture Notes in Computer Science, vol 4947. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78568-2_51
Download citation
DOI: https://doi.org/10.1007/978-3-540-78568-2_51
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78567-5
Online ISBN: 978-3-540-78568-2
eBook Packages: Computer ScienceComputer Science (R0)