Abstract
Online shopping is becoming more and more interesting for clients because of the ease of use and the large choice of products. As a consequence, 2.3 billion online clients have been identified in 2011. This rapid increase was accompagnied by various frauds, including stolen smart cards or fraudulent repudiation. Several e-payment systems have been proposed to reduce these security threats and the 3D-Secure protocol is becoming a standard for the payment on the Internet. Nevertheless, this protocol has not been studied in-depth, particularly in terms of privacy. This paper proposes a detailed description and an analysis of the 3D-Secure protocol, through a new privacy-orienting model for e-payment architectures. Some improvements of 3D-Secure protocol, concerning the protection of banking information, are also presented. Then, this article presents and analyses a new online payment architecture centered on the privacy of individuals.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Visa corporate (1958), http://corporate.visa.com/index.shtml
Mastercard worldwide (1966), http://www.mastercard.com/
Aciiçmez, O., Schindler, W., Koç, Ç.K.: Improving brumley and boneh timing attack on unprotected ssl implementations. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 139–146. ACM (2005)
Anderson, M.: The electronic check architecture. In: Financial Services Technology Consortium (1998)
Antoniou, G., Batten, L.: E-commerce: protecting purchaser privacy to enforce trust. Electronic Commerce Research 11(4), 421–456 (2011)
Ashrafi, M.Z., Ng, S.K.: Enabling privacy-preserving e-payment processing. In: Haritsa, J.R., Kotagiri, R., Pudi, V. (eds.) DASFAA 2008. LNCS, vol. 4947, pp. 596–603. Springer, Heidelberg (2008)
Bella, G., Massacci, F., Paulson, L.: Verifying the SET purchase protocols. Journal of Automated Reasoning 36(1), 5–37 (2006)
Bella, G., Massacci, F., Paulson, L.C., Tramontano, P.: Formal verification of cardholder registration in SET. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 159–174. Springer, Heidelberg (2000)
Bella, G., Paulson, L., Massacci, F.: The verification of an industrial payment protocol: The set purchase phase. In: ACM CCS, pp. 12–20. ACM (2002)
Brlek, S., Hamadou, S., Mullins, J.: A flaw in the electronic commerce protocol set. Information Processing Letters 97(3), 104–108 (2006)
Carbonell, M., Torres, J., Izquierdo, A., Suarez, D.: New E-payment scenarios in an extended version of the traditional model. In: Gervasi, O., Murgante, B., Laganà , A., Taniar, D., Mun, Y., Gavrilova, M.L. (eds.) ICCSA 2008, Part II. LNCS, vol. 5073, pp. 514–525. Springer, Heidelberg (2008)
Chen, T.H., Yeh, S.C., Liao, K.C., Lee, W.B.: A practical and efficient electronic checkbook. Journal of Organizational Computing and Electronic Commerce 19(4), 285–293 (2009)
European Commission. Directive 2000/31/ec of the European parliament and of the council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the internal market (‘directive on electronic commerce’) (2000)
European Commission. Directive 2007/64/ec of the European parliament and of the council of 13 November 2007 on payment services in the internal market amending directives 97/7/ec, 2002/65/ec, 2005/60/ec and 2006/48/ec and repealing directive 97/5/ec (2007)
European Commission. Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions (2010)
European Payments Council. Sepa - single euro payment area (2007), http://www.sepafrance.fr/
Dierks, T.: Rfc 5246: The transport layer security (tls) protocol version 1.2 (2008)
Drimer, S., Murdoch, S.J., Anderson, R.: Optimised to fail: Card readers for online banking. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 184–200. Springer, Heidelberg (2009)
PCI DSS. Payment card industry data security standard (2006), https://www.pcisecuritystandards.org/
Espelid, Y., Netland, L.–H., Klingsheim, A.N., Hole, K.J.: A proof of concept attack against norwegian internet banking systems. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 197–201. Springer, Heidelberg (2008)
Fioravanti, A., Massacci, F.: How to model (and simplify) the set payment phase for automated verification (2001)
Freier, A., Kocher, P., Karlton, P.: Rfc 6101: The secure sockets layer (ssl) protocol version 3.0 (2011)
Frenkiel, M.: Cybercriminalité et crime organisé (2009), http://www.mag-securs.com/News/tabid/62/articleType/ArticleView/articleId/24583/Cybercriminalite-et-crime-organise.aspx
Gabrilovich, E., Gontmakher, A.: The homograph attack. Communications of the ACMÂ 45(2), 128 (2002)
MasterCard International. Chip authentication program functional architecture (September 2004)
Katsikas, S.K., López, J., Pernul, G.: Trust, privacy and security in E-business: Requirements and solutions. In: Bozanis, P., Houstis, E.N. (eds.) PCI 2005. LNCS, vol. 3746, pp. 548–558. Springer, Heidelberg (2005)
Meadows, C., Syverson, P.: A formal specification of requirements for payment transactions in the SET protocol. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 122–140. Springer, Heidelberg (1998)
Murdoch, S.J., Anderson, R.: Verified by visa and masterCard secureCode: Or, how not to design authentication. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 336–342. Springer, Heidelberg (2010)
Pasupathinathan, V., Pieprzyk, J., Wang, H.: Privacy enhanced electronic cheque system. In: Seventh IEEE International Conference on E-Commerce Technology, CEC 2005, pp. 431–434. IEEE (2005)
Pasupathinathan, V., Pieprzyk, J., Wang, H., Cho, J.Y.: Formal analysis of card-based payment systems in mobile devices. In: The 2006 Australasian Workshops on Grid Computing and e-research, vol. 54, pp. 213–220. Australian Computer Society, Inc. (2006)
Paypal. Privacy policy for paypal services (2012)
S.E.T. Secure electronic transaction specification. Book 1: Business Description. Version, 1 (2002)
Visa. 3d secure protocol specification, core functions, July 16 (2002)
Wagner, D., Schneier, B.: Analysis of the ssl 3.0 protocol. In: The Second USENIX Workshop on Electronic Commerce Proceedings, pp. 29–40 (1996)
Wang, R., Chen, S., Wang, X.F., Qadeer, S.: How to shop for free online security analysis of cashier-as-a-service based web stores. In: IEEE Symposium on Security and Privacy (S&P 2011) (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Plateaux, A., Lacharme, P., Coquet, V., Vernois, S., Murty, K., Rosenberger, C. (2013). An e-payment Architecture Ensuring a High Level of Privacy Protection. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds) Security and Privacy in Communication Networks. SecureComm 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-319-04283-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-04283-1_19
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04282-4
Online ISBN: 978-3-319-04283-1
eBook Packages: Computer ScienceComputer Science (R0)