Using Payment Gateways to Maintain Privacy in Secure Electronic Transactions

  • Alapan Arnab
  • Andrew Hutchison
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 232)


Because many current payment systems are poorly implemented, or of incompetence, private data of consumers such as payment details, addresses and their purchase history can be compromised. Furthermore, current payment systems do not offer any non-repudiable verification to a completed transaction, which poses risks to all the parties of the transaction — the consumer, the merchant and the financial institution. One solution to this problem was SET, but it was never really a success because of its complexity and poor reception from consumers. In this paper, we introduce a third party payment system that aims to preserve privacy by severing the link between their purchase and payment records, while providing a traceable transaction that maintains its integrity and is non-repudiable. Our system also removes much of the responsibilities placed on the merchant with regards to securing sensitive data related to customer payment, thus increasing the potential of small businesses to take part in e-commerce without significant investments in computer security.


Credit Card Payment System Payment Service Payment Mechanism Electronic Transaction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Arnab, A., AND Hutchison, A. Verifiable digital object identity system. In Proceedings of the Sixth ACM Workshop on Digital Rights Management, Co-Located with ACM CCS 2006, Alexandria, Virginia, USA (2006), K. Kurosawa, R. Safavi-Naini, and M. Yung, Eds., ACM.Google Scholar
  2. 2.
    Basu, A., AND Muylle, S. Authentication in e-commerce. Communications of the ACM 46,12(2003), 159–166. url: Scholar
  3. 3.
    Bella, G., Paulson, L. C, AND Massacci, F. The verification of an industrial payment protocol: the set purchase phase. In CCS’ 02: Proceedings of the 9th ACM conference on Computer and communications security (New York, NY, USA, 2002), ACM Press, pp. 12–20. url:
  4. 4.
    Mulligan, D., Han, J., AND Burstein, A. How DRM Based Content Delivery Systems Disrupt Expectations of “Personal Use”. In Proceedings of the 2003 ACM workshop on Digital Rights Management (2003), ACM, pp. 77–89. URL:
  5. 5.
    Peha, J. M., AND Khamitov, I. M. Paycash: a secure efficient internet payment system. In ICEC’ 03: Proceedings of the 5th international conference on Electronic commerce (New York, NY, USA, 2003), ACM Press, pp. 125–130. url:
  6. 6.
    Roberts, P. Strong authentication a hard sell for banks. ComputerWorld (02 Nov 2004). URL: Last accessed: 05 Aug 2006.
  7. 7.
    Rosencrance, L. Gartner survey sparks debate on internet retail fraud. ComputerWorld (18 July 2000). URL: Last accessed: 05 Aug 2006.
  8. 8.
    Ruiz, M. C, Cazorla, D., Cuartero, F., AND Pardo, J. J. Analysis of the set e-commerce protocol using a true concurrency process algebra. In SAC’ 06: Proceedings of the 2006 ACM symposium on Applied computing (New York, NY, USA, 2006), ACM Press, pp. 879–886. url:
  9. 9.
    Stallings, W. Network Security Essentials-Applications and Standards, international second ed. Prentice Hall, 2003.Google Scholar
  10. 10.
    Steinauer, D. D., Wakid, S.A., AND Rasberry, S. Trust and traceability in electronic commerce. StandardView 5,3 (1997), 118–124. url: http://www.doi.acm.Org/10.l145/266231.266239.CrossRefGoogle Scholar
  11. 11.
    Tsai, J. Y., Cranor, L. F., AND Craver, S. Vicarious infringement creates a privacy ceiling. In Proceedings of the Sixth ACM Workshop on Digital Rights Management, CoLocated with ACM CCS 2006, Alexandria, Virginia, USA (2006), K. Kurosawa, R. Safavi-Naini, and M. Yung, Eds., ACM.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Alapan Arnab
    • 1
  • Andrew Hutchison
    • 1
  1. 1.Data Network Architectures Group Department of Computer ScienceUniversity of Cape TownSouth Africa

Personalised recommendations