Privacy Threats in E-Shopping (Position Paper)

  • Jesus Diaz
  • Seung Geol Choi
  • David Arroyo
  • Angelos D. Keromytis
  • Francisco B. Rodriguez
  • Moti Yung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9481)


E-shopping has grown considerably in the last years, providing customers with convenience, merchants with increased sales, and financial entities with an additional source of income. However, it may also be the source of serious threats to privacy. In this paper, we review the e-shopping process, discussing attacks or threats that have been analyzed in the literature for each of its stages. By showing that there exist threats to privacy in each of them, we argue our following position: “It is not enough to protect a single independent stage, as is usually done in privacy respectful proposals in this context. Rather, a complete solution is necessary spanning the overall process, dealing also with the required interconnections between stages.” Our overview also reflects the diverse types of information that e-shopping manages, and the benefits (e.g., such as loyalty programs and fraud prevention) that system providers extract from them. This also endorses the need for solutions that, while privacy preserving, do not limit or remove these benefits, if we want prevent all the participating entities from rejecting it.


Privacy Online shopping Payment systems Purchase systems 


  1. 1.
    Anderson, R.J.: Risk and privacy implications of consumer payment innovation (2012).
  2. 2.
    Anderson, R.J., Barton, C., Böhme, R., Clayton, R., van Eeten, M., Levi, M., Moore, T., Savage, S.: Measuring the cost of cybercrime. In: WEIS 2012, Germany, pp. 25–26, June 2012Google Scholar
  3. 3.
    Androulaki, E., Bellovin, S.: An anonymous credit card system. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2009. LNCS, vol. 5695, pp. 42–51. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Androulaki, E., Bellovin, S.: APOD: anonymous physical object delivery. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 202–215. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Antoniou, G., Batten, L.M.: E-commerce: protecting purchaser privacy to enforce trust. Electron. Commer. Res. 11(4), 421–456 (2011)CrossRefGoogle Scholar
  6. 6.
    Blaze, M., Ioannidis, J., Keromytis, A.D.: Offline micropayments without trusted hardware. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, p. 21. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Chen, L., Escalante B., A.N., Löhr, H., Manulis, M., Sadeghi, A.-R.: A privacy-protecting multi-coupon scheme with stronger protection against splitting. In: Dietrich, S., Dhamija, R. (eds.) FC/USEC 2007. LNCS, vol. 4886, pp. 29–44. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    de Montjoye, Y.-A., Radaelli, L., Singh, V.K., Pentland, A.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)CrossRefGoogle Scholar
  9. 9.
    Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: USENIX Security Symposium (2004)Google Scholar
  10. 10.
    The Eurostat. E-commerce by individuals and enterprises (December 2014).
  11. 11.
    Karame, G.O., Androulaki, E., Roeschlin, M., Gervais, A., Capkun, S.: Misbehavior in bitcoin: a study of double-spending and accountability. ACM Trans. Inf. Syst. Secur. 18(1), 2 (2015)CrossRefGoogle Scholar
  12. 12.
    Low, S.H., Maxemchuk, N.F., Paul, S.: Anonymous credit cards and their collusion analysis. IEEE/ACM Trans. Netw. 4(6), 809–816 (1996)CrossRefGoogle Scholar
  13. 13.
    Minkus, T., Ross, K.W.: I know what you’re buying: privacy breaches on eBay. In: De Cristofaro, E., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 164–183. Springer, Heidelberg (2014)Google Scholar
  14. 14.
    Molloy, I., Li, J., Li, N.: Dynamic virtual credit card numbers. In: Dietrich, S., Dhamija, R. (eds.) FC/USEC 2007. LNCS, vol. 4886, pp. 208–223. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Moreno-Sanchez, P., Kate, A., Maffei, M., Pecina, K.: Privacy preserving payments in credit networks: enabling trust with privacy in online marketplaces. In: NDSS 2015, San Diego (2015)Google Scholar
  16. 16.
    Murdoch, S.J., Anderson, R.: Verified by visa and mastercard securecode: or, how not to design authentication. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 336–342. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009)Google Scholar
  18. 18.
    Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy (S&P 2008), 18–21 May 2008. Oakland (2008)Google Scholar
  19. 19.
    U.S. Department of Commerce. The 2nd quarter retail e-commerce sales report (2013)Google Scholar
  20. 20.
    Parra-Arnau, J., Rebollo-Monedero, D., Forné, J.: Optimal forgery and suppression of ratings for privacy enhancement in recommendation systems. Entropy 16(3), 1586–1631 (2014)CrossRefGoogle Scholar
  21. 21.
    Partridge, K., Pathak, M.A., Uzun, E., Wang, C.: PiCoDa: privacy-preserving smart coupon delivery architecture (2012)Google Scholar
  22. 22.
    Preibusch, S., Peetz, T., Acar, G., Berendt, B.: Purchase details leaked to PayPal (short paper). In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 217–226. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  23. 23.
    Ramakrishnan, N., Keller, B.J., Mirza, B.J., Grama, A., Karypis, G.: Privacy risks in recommender systems. IEEE Internet Comput. 5(6), 54–62 (2001)CrossRefGoogle Scholar
  24. 24.
    Rial, A.: Privacy-preserving e-commerce protocols. Ph.D. thesis, Arenberg Doctoral School, KU Leuven (2013)Google Scholar
  25. 25.
    Sadeh, N.M.: M-Commerce: Technologies, Services, and Business Models. John Wiley & Sons Inc., New York (2002)Google Scholar
  26. 26.
    Stolfo, S., Yemini, Y., Shaykin, L.: Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party. US Patent App. 11/476,304, 2 November 2006Google Scholar
  27. 27.
    Tsai, J.Y., Egelman, S., Cranor, L.F., Acquisti, A.: The effect of online privacy information on purchasing behavior: an experimental study. Inf. Syst. Res. 22(2), 254–268 (2011)CrossRefGoogle Scholar
  28. 28.
    Visa. Verified by Visa - acquirer and merchant implementation guide (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Jesus Diaz
    • 1
  • Seung Geol Choi
    • 2
  • David Arroyo
    • 1
  • Angelos D. Keromytis
    • 3
  • Francisco B. Rodriguez
    • 1
  • Moti Yung
    • 3
    • 4
  1. 1.Universidad Autónoma de MadridMadridSpain
  2. 2.United States Naval AcademyAnnapolisUSA
  3. 3.Columbia UniversityNew YorkUSA
  4. 4.Google Inc.New YorkUSA

Personalised recommendations