Enabling Privacy-Preserving e-Payment Processing

  • Mafruz Zaman Ashrafi
  • See Kiong Ng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4947)


The alarming increase in the number of data breaching incidents from high profile companies reflects that buying goods or services from online merchants can pose a serious risk of customers’ privacy and the merchants’ business reputation. The conventional approach of encrypting customer data at merchant side using the merchant’s secret key is no longer adequate for preserving customer privacy. An e-payment scheme that can guarantee customer authenticity while keeping the customer’s sensitive details secret from the various parties involved in the online transaction is needed. We propose here an online protocol for processing e-payments that minimizes the customer’s privacy as well as merchant business risks. Using a non-reusable password-based authentication approach, the proposed protocol allows consumers to purchase goods or services from an online merchant anonymously, thus achieving the ideal privacy environment in which to shop. The payment details sent to a merchant will become obsolete after the first use, thereby preventing any subsequent fraudulent transactions by a third party. Such protocol can be easily deployed in an e-commerce environment to strengthen the integrity of the electronic payment system.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Federal Trade Commission, Consumer Fraud and Identity Theft Complaint Data, available electronically at: http://www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf
  2. 2.
    Bella, G., Massacci, F., Paulson, L.C.: The verification of an industrial payment protocol: the SET purchase phase. In: Proc. of the 9th ACM CCS, pp. 12–20 (2002)Google Scholar
  3. 3.
    Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET Registration Protocols. IEEE Journal of Selected Areas in Communications 21(1), 77–87 (2003)CrossRefGoogle Scholar
  4. 4.
    Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET Purchase Protocols. Journal of Automated Reasoning 36(1-2), 5–37 (2006)MATHCrossRefGoogle Scholar
  5. 5.
    Ruiz, C.M., Cazorla, D., Cuartero, F., Pardo, J.J.: Analysis of the SET e-commerce protocol using a true concurrency process algebra. In: Proce. ACM SAC, pp. 879–886 (2006)Google Scholar
  6. 6.
    Wagner, D., Schneier, B.: Analysis of the SSL 3.0 Protocol. In: Proc. of the 2nd USENIX Workshop on Electronic Commerce, pp. 29–40 (1996)Google Scholar
  7. 7.
    Citibank Virtual Account Number, available at: http://www.citicards.com/cards/wv/detail.do?screenID=700
  8. 8.
    Boston Globe, Breach of data at TJX is called the biggest ever, available at: http://www.privacy.org/archives/2007_03.html
  9. 9.
    Netscape Communication, The SSL Protocol Version 3.0, available electronically: http://wp.netscape.com/eng/ssl3/ssl-toc.html
  10. 10.
    Visa Verified By Visa, available at: https://usa.visa.com/personal/security/vbv/index.html
  11. 11.
    Schneier, B.: CardSystems Exposes 40 Million Identities (July 2005) available electronically at: http://www.schneier.com/blog/archives/2005/06/cardsystems_exp.html
  12. 12.
    Samos, M.H.: Electronic Payment Systems (20-763), Official Course Web, available electronically at: http://euro.ecom.cmu.edu/program/courses/tcr763/2002pgh/cards7.ppt
  13. 13.
    Discover Card, Secure Online Account Number available electronically at: http://www.discovercard.com/discover/data/faq/soan.shtml
  14. 14.
    Mastercard & VISA. SET Secure Electronic Transaction: External Interface Guide (1997)Google Scholar
  15. 15.
    VeriSign Unified Authentication, available electronically at: http://www.verisign.com/products-services/security-services/unified-authentication/index.html
  16. 16.
    MSN Money Online, credit cards are the only way to buy, available electronically at: http://moneycentral.msn.com/content/Banking/creditcardsmarts/P114591.asp

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Mafruz Zaman Ashrafi
    • 1
  • See Kiong Ng
    • 1
  1. 1.Institute for Infocomm ResearchSingapore

Personalised recommendations