Using Payment Gateways to Maintain Privacy in Secure Electronic Transactions
Because many current payment systems are poorly implemented, or of incompetence, private data of consumers such as payment details, addresses and their purchase history can be compromised. Furthermore, current payment systems do not offer any non-repudiable verification to a completed transaction, which poses risks to all the parties of the transaction — the consumer, the merchant and the financial institution. One solution to this problem was SET, but it was never really a success because of its complexity and poor reception from consumers. In this paper, we introduce a third party payment system that aims to preserve privacy by severing the link between their purchase and payment records, while providing a traceable transaction that maintains its integrity and is non-repudiable. Our system also removes much of the responsibilities placed on the merchant with regards to securing sensitive data related to customer payment, thus increasing the potential of small businesses to take part in e-commerce without significant investments in computer security.
KeywordsCredit Card Payment System Payment Service Payment Mechanism Electronic Transaction
- 1.Arnab, A., AND Hutchison, A. Verifiable digital object identity system. In Proceedings of the Sixth ACM Workshop on Digital Rights Management, Co-Located with ACM CCS 2006, Alexandria, Virginia, USA (2006), K. Kurosawa, R. Safavi-Naini, and M. Yung, Eds., ACM.Google Scholar
- 3.Bella, G., Paulson, L. C, AND Massacci, F. The verification of an industrial payment protocol: the set purchase phase. In CCS’ 02: Proceedings of the 9th ACM conference on Computer and communications security (New York, NY, USA, 2002), ACM Press, pp. 12–20. url:http://www.doi.acm.org/10.1145/586110.586113.
- 4.Mulligan, D., Han, J., AND Burstein, A. How DRM Based Content Delivery Systems Disrupt Expectations of “Personal Use”. In Proceedings of the 2003 ACM workshop on Digital Rights Management (2003), ACM, pp. 77–89. URL: http://www.doi.acm.org/10.1145/947380.947391.
- 5.Peha, J. M., AND Khamitov, I. M. Paycash: a secure efficient internet payment system. In ICEC’ 03: Proceedings of the 5th international conference on Electronic commerce (New York, NY, USA, 2003), ACM Press, pp. 125–130. url: http://www.doi.acm.org/10J145/948005.948022.
- 6.Roberts, P. Strong authentication a hard sell for banks. ComputerWorld (02 Nov 2004). URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=97133 Last accessed: 05 Aug 2006.
- 7.Rosencrance, L. Gartner survey sparks debate on internet retail fraud. ComputerWorld (18 July 2000). URL:http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=47270 Last accessed: 05 Aug 2006.
- 8.Ruiz, M. C, Cazorla, D., Cuartero, F., AND Pardo, J. J. Analysis of the set e-commerce protocol using a true concurrency process algebra. In SAC’ 06: Proceedings of the 2006 ACM symposium on Applied computing (New York, NY, USA, 2006), ACM Press, pp. 879–886. url: http://www.doi.acm.org/10.1145/1141277.1141480.
- 9.Stallings, W. Network Security Essentials-Applications and Standards, international second ed. Prentice Hall, 2003.Google Scholar
- 11.Tsai, J. Y., Cranor, L. F., AND Craver, S. Vicarious infringement creates a privacy ceiling. In Proceedings of the Sixth ACM Workshop on Digital Rights Management, CoLocated with ACM CCS 2006, Alexandria, Virginia, USA (2006), K. Kurosawa, R. Safavi-Naini, and M. Yung, Eds., ACM.Google Scholar