Securing Mobile Payment Systems: Using Personal Identification Number (PIN) Method
|
|
- Elijah Potter
- 8 years ago
- Views:
Transcription
1 July 5th-9th, Ota, Nigeria Securing Mobile Payment Systems: Using Personal Identification Number (PIN) Method Raphael Olufemi Akinyede, 1,1 Olumide Sunday Adewale 1 and Boniface Kayode Alese 1 1 Department of Computer Science, The Federal University of Technology, Akure, Ondo-State, Nigeria. { femi_akinyede!,!, osadewale 1, and faalkad 1 Abstract. Mobile payment is the process whereby two parties exchanging financial value using a mobile device in return for goods or services. In Nigeria, banking industry and citizens all incur a high overhead in using physical cash. However, mobile phone-based payment system is a viable alternative to physical cash since it incurs much lower overheads and offers more convenience as the users can transact business anytime of the day, 24/7. Because security is of paramount importance in any financial transactions, this paper therefore, focuses it attention on the security issues in mobile payment for m-commerce with emphasis on personal identification number (PIN). In the paper, we carryout a review of m-commerce, m-payment and its operational model, the technologies and standards for m-payment systems. Finally, the paper proposed a method and system for securing a payment transaction model. Keywords: Mobile Payment, mobile commerce, PIN and cryptography. 1 INTRODUCTION Electronic payment revolution has finally started and it is led by a large number of Nigerian institutions which comprises of banks, federal government, and individual organizations (Akinyede and Afolayan, 2006). These revolutions, which are at its initial stage, were possible because of the introduction of Internet. Internet is being embraced virtually in all areas of human activities because of its functionalities. Presently, the number of users of Internet has increased explosively as a result of the rapid growth in information technology (IT) industry. According to the World Telecommunication/ICT Indicators Database (2009, 6 th ed), in 2000, the Internets users were 200,000 whereas in 2009 it was 11,000,000 which showed a increased in percentage of 5,400% in Nigeria. The emerging technologies such as broadband satellite, VSAT and wireless telephony provide wonderful opportunities for Nigeria to leapfrog in the information society age. These technologies have been exploited in order to accelerate information technology (IT) that leads to a cashless society development in Nigeria. However, this drive has also led to the evolution of payment modes other than paper or coin money, such as cards, electronic and wireless payment systems mainly to facilitate, expedite and secure transactions and wealth across the globe, and this has reduced the world into a global village. With Internet, the limitation posed to international trade by geographical distance is fast 23
2 July 5th-9th, Ota, Nigeria crumbling and it is now possible to carryout transactions with people in remote areas of the world. In addition, the increasing use of the Internet has seen the growth of e-payment which is now graduating to mobile payment (m-payment) for business transactions (ecommerce or m-commerce) conducted between geographically distant parties (i.e. consumers and merchants). Monetary values are transferred over networks, resulting in the development of e-payment systems. This has made a secure and efficient payment system to be one of the key drivers that would help the acceleration of the wheel of e- commerce in Nigeria. Therefore, the need for securing payment system for m-commerce in the light of the rise in Internet fraud. 2 M-PAYMENT OPERATIONAL MODEL Five principal participants are involved in m-payment operational model, and they are discussed as follows: i. Customer (C): Holder of a payment card, in the proposed model a customer is required to have a GSM mobile phone with a Subscriber Identity Module (SIM). This card has software installed by an authorizer and this acts as a credit card that is recognized by the authorizer. ii. Merchant (M): Merchant is the organization that sells goods/services to the cardholder through the Internet and accredited by a known trusted third party. iii. Acquirer (A): A financial institution, which processes payment card authorizations and makes payments. The Acquirer provides electronic transfer of funds to the Merchant s account from the Issuer I (customer s bank account) over a secured payment network iv. Issuer (I): A financial institution of the customer C. It also provides payment software to install. v. Payment Gateway (PG): an additional entity that acts as a medium between acquirer/issuer at banking private network side and client/merchant at the Internet side for clearing purpose (Kungpisdan, et al., 2004) 24
3 July 5th-9th, Ota, Nigeria Issuer (I) Acquirer (A) Payment Gateway (PG) Customer (C) Merchant (M) Figure 1: M-payment Operational Model. In figure 1, we specify the links among the five entities of our scheme. Note that there is no direct connection involving the client and the issuer. Moreover, the connection between the customer C and the merchant M (denoted as the dotted arrow) is set up through a wireless channel. However, the basic idea is that the transaction payment details are divided into two parts. Firstly, on Issuer s (I s) side, the only available information is that Customer C authorizes a payment to Acquirer (A) through the payment gateway, while no merchant (M) identity or account information is revealed, so that the Issuer (I) has no idea of what the Customer C buys. Secondly, an acquirer (A) should only know there is a payment waiting to be credited to the merchant s (M) account, while knowing nothing about who makes the payment. Based on the assumption that Issuer (I) and Acquirer (A) never collude to sell out the private information of Customer C, we can achieve the privacy protection of Customer C during the electronic transactions through mobile network (Changjie and Hofung, 2005) 2.1 M-PAYMENT SYSTEM OVERVIEW There are a number of steps involved in m-payment systems, but only one of them is hereby discussed:- 25
4 July 5th-9th, Ota, Nigeria Interactions between the entities involved- In m-payment system, where the customer C and the merchant M are at remote locations, a customer C will place an order from his station to a merchant M store (see figure 2). The steps are as follows:- Step 1: A customer C browses the merchant M s website and select item to purchase. During this phase, the merchant M and customer C reach an agreement upon a set of item s information, such as the item s price, that describes the purchase. The customer C then sends a payment request to a Payment Service Provider (PSP) over a wireless network. This request includes the details of the customer C and amount to be paid. A customer C selects the payment method from the merchant M webpage. Step 2: A PSP verifies the credentials of the customer C and the merchant M (basically it checks whether the customer C and merchant M have registered for such an m-payment service). Step 3: Optionally, the PSP might ask the customer C for some more details (like a password) for authentication. Step 4: Once the credentials of the customer C have been established, the PSP requests the merchant M for confirmation by forwarding the payment details. Step 5: The merchant M then sends a confirmation message to the PSP. Step 6: After successful confirmation, the PSP performs backend processing to update the accounts of the customer C and the merchant M. Step 7: It sends a payment receipt to the customer C. It might also optionally send a Transaction completed message to the merchant M. 26
5 SMS Internet SMS Customer C 6. Payment Receipt 1. Payment Request 3. Request for Confirmation 4. Confirmation Merchant M 5. Back end processing 2. Verification Figure 2: Basic Architecture of a Remote M-Payment System (Source: 3 TECHNOLOGIES AND STANDARDS FOR M-PAYMENT SYSTEMS According to Shivani, et al. (2008), in order to perform a security analysis of an e- payment scheme it is necessary to understand the underlying standards, technologies, protocols and platforms used. The two popular standards used for mobile communication are Global System for Mobile communications (GSM) and Code Division Multiple Access (CDMA). GSM based phones use a SIM (Subscriber Identification Module) card which is a detachable smart card containing the user's subscription key used to identify a user. In CDMA based phones, the phone itself stores the subscription key. A common technology for remote payment systems is SMS (Short Messaging Service) which is a low cost alternative to making calls. SMS is an attractive technology because of its ease of use and low cost. SMS based payment systems are of two types, namely, the ones which do not require a change in the device infrastructure (SIM card) and the ones which do. In the former case, the user can initiate or authorize a transaction by sending an SMS message using a standard SIM card. PayPal (2008) and SMS-Credit (Fong & Lai, 2005) are examples of such SMS based systems. 27
6 4 METHOD AND SYSTEM FOR SECURING A PAYMENT TRANSACTION MODEL Financial Institutions (Banks ) DBMS Cryptographic Converter Hardware Security Module Payment Transaction (PT) Communicating Environment Network Mobile Payment Device 1 2 k Merchants C 1 C 2 C n Customers Figure 3: Block diagram of a secure payment transaction system PHP MySql DBMS Merchants Side 28
7 The symbols C, M, PG, I, A are used to denote Customer, Merchant, Payment Gateway, Issuer, and Acquirer respectively. According to Coppinger (2009), the method for securing a payment transaction, comprising the steps of: a. Customer/Merchant Interaction. The system in figure 3 provides avenue for customer/merchant interaction. A customer C browses the merchant M s website and select item to purchase. During this phase, the merchant M and customer C reach an agreement upon a set of item s information, such as the item s price, that describes the purchase. The customer C then sends a payment request to a Payment Service Provider (PSP) over a wireless network. This request includes the details of the customer C and amount to be paid. A customer C selects the payment method from the merchant M webpage. b. Mobile Payment Device In figure 3 above, M k (where k= 1, 2,, k) are the merchants that maintain websites under a secure payment transaction and made sales of goods or services to customers C n (where n = 1,2, 3,, n) who maintain a mobile payment device (i.e. Personal Digital Assistant (PDA) or a mobile phone with advanced personal computing capabilities). The mobile payment device is configured in such a way that it will perform a secure payment transaction functions on the Internet. The mobile payment device has the following: a processor, memory, and other hardware elements operating in accordance with the system and application software appropriate to the functions it provides. Finally, it has a card reader through which data on a payment card (such as a credit or debit card) can be read and a user interface (i.e. keypad or touchpad) with which inputting of information is done. Operation of the mobile payment device. Both the merchant M k and customer C n communicate on the Net as shown above. Mobile payment device will obtain purchase information from merchant M k, such as, the detail of goods or services ordered for by the customer C n. It also obtains payment information and a password (PIN) from customer C n. However, when certain types of payment cards such as a debit card or ATM card is used, some form of password/pin must be provided by the customer C n to authenticate the customer to the financial institution that will process the payment. When a PIN is obtained from customer C n via the user input interface, the device stores the PIN in its volatile memory. Then the PIN will be encrypted using an asymmetric (public key) cryptography algorithm and the encrypted PIN will be transmitted via the network as shown in figure 3 to the cryptographic converter. What happens is that the device places the RSA public key encrypted PIN block into a transaction message and then transmits the transaction message to the cryptographic converter and the converter will secure the transmission using a powerful Secure Sockets Layer (SSL 3.0) cryptographic protocol, which provides various security features including encryption, authentication and data integrity. In addition, the mobile payment device will finally wait for an acknowledgement from the payment transaction showing that a transaction processing is completed before displaying a confirmation to the user. 29
8 c. Network The secure payment transaction above includes a network over which transaction data necessary to process the payment transaction is transmitted. The network is any suitable telecommunications network having a wireless network component through which the mobile payment device communicates. d. Cryptographic Converter The cryptographic converter converts public key encrypted data into secret key encrypted data. The cryptographic converter interfaces with the network, generates and securely stores a private key it uses to decrypt the public key encrypted data and a secret key it uses to re-encrypt the decrypted data. Operation of the cryptographic converter. The cryptographic converter in figure 3 obtains the public key encrypted PIN from the mobile payment device via the network. It specifically obtains the transaction message described above from the device and extracts the RSA public key encrypted PIN block and then decrypts the public key encrypted PIN. It will maintains the RSA private key which corresponds to the RSA public key that was used by the mobile payment device to encrypt the PIN. It applies the RSA private key to decrypt the RSA public key encrypted PIN block and extracts the PIN from the resulting decrypted PKCS #1 Type 2 encryption block. The cryptographic converter re-encrypts the PIN using an asymmetric (secret key) cryptography algorithm. In an embodiment of the invention, the cryptographic converter applies a Triple Data Encryption Standard (3DES) algorithm to encrypt the PIN. It also maintains a 3DES secret key which is identical to a secret key maintained by the payment transaction in figure 3. The identical secret keys are generated, for example, by a Derived Unique Key per Transaction (DUKPT) process. It applies the 3DES secret key to encrypt the PIN, placing it into an encrypted PIN block and then passing the encrypted PIN block back to the cryptographic converter. The cryptographic conversion host replaces the RSA encrypted PIN block in the transaction message with the 3DES secret key encrypted PIN block and provides the transaction message to the transaction host. For example, the cryptographic conversion host transmits the transaction message with the 3DES secret key encrypted PIN block to the transaction host via the network. Here, the original form of a message is usually known as plaintext, and the encrypted form is called ciphertext (Piper and Murphy, 2002). The set of all the plaintext messages is denoted by Mp; similarly, the set of all the ciphertext is denoted by Mc, and f is a mapping from the variables in Mp into the set Mc. P and C represent plaintext and 30
9 ciphertext, respectively. Both of them are stored and transited in binary data. They can be represented in mathematical formulae: C = f (P) (1) In the reverse process, the decryption function f -1 operates on C to obtain plaintext P: P = f -1 (C) (2) where P Є Mp, C Є Mc; and f is viewed as the encryption algorithm (function) and f - 1 denotes e decryption algorithm. Since the encryption and decryption are inverse functions of each other, the following formula must be true: e. Transaction host P = f -1 (f (P)) (3) The system further includes a transaction host which obtains transaction data via the network and processes the payment transaction on behalf of a financial institution that holds the account of the customer C n for the payment card that has been used. Operation of the transaction host. The operation starts with negotiation. Negotiation phase: in this phase a customer browses the merchant s website and selects item to buy. During this phase, the merchant M k and the customer C n reach an agreement upon a set of item s information that describes the purchase such as the item s price. A customer C n selects the payment method from the merchant M k webpage (in this case the customer C n will select the Using Mobile Phone method instead of other payment methods such as credit card). A customer can use any host computer to send the Order Information (OI) to the merchant such as the selected item s description and the customer s mobile number but without any financial details. The transactions process can be summarized as: When the merchant receives the order information they will send an order confirmation and the Payment order Information (PI) that has been Digitally Signed (DS) by the merchant to the customer s mobile device. The payment information includes details such as a transaction number, service ID, amount of money to be paid, merchant s ID and the merchant bank ID. The merchant stores details of the transaction in their transaction database to use them in some stage later. The transactions process can be summarized as: 31
10 Payment Phase Firstly, the transaction host obtains the secret key encrypted PIN from the cryptographic conversion host. Specifically, the transaction host obtains the transaction message described above via the network, for example, the network in figure 3 and extracts the secret key encrypted PIN block from the transaction message. Secondly, the transaction host decrypts the secret key encrypted PIN block. Specifically, the transaction host stores a 3DES secret key that is identical to the 3DES secret key applied by the cryptographic conversion host to encrypt the PIN block. The transaction host applies the 3DES secret key to decrypt the 3DES secret key encrypted PIN block and extracts the PIN from the decrypted PIN block. Thirdly, the transaction host determines whether the PIN is valid by comparing it to data associated with the account of the customer C n the particular transaction. If the PIN is valid, the transaction host debts the account of the customer C n by the purchase amount, and confirms the transaction by sending an appropriate confirmation message back to the mobile payment device via the network. If the PIN is not valid, the transaction host sends a rejection message back to the mobile payment device via the network (see figure 3.0). The process in the MP can be summarized as: Verify PIN IF PIN is correct THEN {MP A: [[PI, DS], CI] Kpu} ELSE Terminate Payment Protocol C M: NID c, TIDReq (i.e. NID c = temporary identity & TIDReq = Identification of transaction Request) M C: E M-C (TID, ID M ) C M: E C-M (OI, Price, NID c, ID I, VSRequest, h(oi,nid C, ID I )) VSRequest,= E C-I (Price, h(oi), TC, ID M ) M PG: E M-PG (VSRequest, ID M ) 32
11 VSRequest = (VSRequest, h(oi),tid, Price, NID C, ID I ) 5 CONCLUSION The research has designed a secure mobile payment system: using personal identification number (PIN) method as a means of encouraging more customers C n s acceptance of online shopping and increasing their trust in online payment systems. In the system, customers C n do not need to disclose their financial information during the transaction and the merchant M k will not act as intermediary between customer C n and the acquirer A. The system has more advantages compared with a conventional e-payment system by providing high security, low cost and convenience, which are key factors to make the m- payment more usable. The system is part of the current research. REFERENCE 1 Akinyede, R. O. and Afolayan, O. J.: Electronic payment system revolution in Nigeria banking industry, in proceedings of the 20th Annual National Conference of the Nigeria Computer Society, vol. 17, pp , (2006). 2 World Internet/ICT Indicator Database: Internet Users and Population Stats, Internet usage statistics - The Big Picture. Retrieved 6 th Oct from: 3 Kungpisdan, S., Srinivasan, B. and. Le, P. D.: A Secure Account-Based Mobile Payment Protocol, in Proceedings of ITCC (1), pp , (2004) 4 Changjie Wang and Ho-fung Leung: A Private and Efficient Mobile Payment Protocol CIS 2005, Part II, LNAI 3802, pp , Springer-Verlag Berlin Heidelberg, (2005) 5 Shivani Agarwal, Mitesh Khapra, Bernard Menezes and Nirav Uchat: Security Issues in Mobile Payment Systems (2008) 6 S. Fong and E. Lai.: Mobile Mini-payment Scheme Using SMS-Credit.. International Conference on Computational Science and Its Applications-ICCSA. pp , (2005). 7 PayPal. Online (2008) 8 Coppinger Paul D.: Method and System for Securing a Payment Transaction (2009) 9 Piper, F. and Murphy, S.: Cryptography: Avery Short Introduction. Oxford University Press, Oxford, (2009) 33
12 34
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary
More informationIngenious Systems. Evolute System's. Mobile Payment. Initiative
Ingenious Systems Evolute System's Mobile Payment Initiative The Mobile Payment Concept A mobile payment is any payment where a mobile device is used to initiate, authorize and confirm an exchange of financial
More informationETSI TR 102 071 V1.2.1 (2002-10)
TR 102 071 V1.2.1 (2002-10) Technical Report Mobile Commerce (M-COMM); Requirements for Payment Methods for Mobile Commerce 2 TR 102 071 V1.2.1 (2002-10) Reference RTR/M-COMM-007 Keywords commerce, mobile,
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationMOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES
MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES Marko Schuba and Konrad Wrona Ericsson Research, Germany ABSTRACT This paper describes the Mobile Chip Electronic Commerce
More informationPayment Systems for E-Commerce. Shengyu Jin 4/27/2005
Payment Systems for E-Commerce Shengyu Jin 4/27/2005 Reference Papers 1. Research on electronic payment model,2004 2. An analysis and comparison of different types of electronic payment systems 2001 3.
More informationGuide to Data Field Encryption
Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations
More informationRFID based Bill Generation and Payment through Mobile
RFID based Bill Generation and Payment through Mobile 1 Swati R.Zope, 2 Prof. Maruti Limkar 1 EXTC Department, Mumbai University Terna college of Engineering,India Abstract Emerging electronic commerce
More informationELECTRONIC COMMERCE OBJECTIVE QUESTIONS
MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module
More informationElectronic Commerce and E-wallet
International Journal of Recent Research and Review, Vol. I, March 2012 Electronic Commerce and E-wallet Abhay Upadhayaya Department of ABST,University of Rajasthan,Jaipur, India Email: abhayu@rediffmail.com
More informationChapter 10. e-payments
Chapter 10 e-payments AIS 360Prentice Hall, 2003 1 Learning Objectives Understand the crucial factors determining the success of e-payment methods Describe the key elements in securing an e-payment Discuss
More informationm Commerce Working Group
m-powering Development Initiative Advisory Board second meeting Geneva, 23 rd of May 2014 m Commerce Working Group M-Commerce structure 2 Definitions Mobile Device m-commerce MFS m-marketing m-banking
More informationUsing EMV Cards to Protect E-commerce Transactions
Using EMV Cards to Protect E-commerce Transactions Vorapranee Khu-Smith and Chris J. Mitchell Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, United Kingdom {V.Khu-Smith,
More informationPaytooth - A Cashless Mobile Payment System based on Bluetooth
Paytooth - A Cashless Mobile Payment System based on Bluetooth Rushabh Patel 1, Akhil Kunche 1, Nihar Mishra 1, Zakwan Bhaiyat 1, Prof. Rahul Joshi 2 1,2 Symbiosis Institute of Technology (SIT) Affiliated
More informationCREDIT CARD PROCESSING GLOSSARY OF TERMS
CREDIT CARD PROCESSING GLOSSARY OF TERMS 3DES A highly secure encryption system that encrypts data 3 times, using 3 64-bit keys, for an overall encryption key length of 192 bits. Also called triple DES.
More informationMobile Wallet Platform. Next generation mobile wallet solution
Mobile Wallet Platform Next generation mobile wallet solution Introduction to mwallet / Mobile Wallet Mobile Wallet Account is just like a Bank Account User s money lies with the Mobile Wallet Operator
More informationFramework of e-commerce
Framework of e-commerce Alka Arora Lecturer, Department of CSE/IT, Amritsar College of Engg.& Tech,Amritsar.143 001, Punjab, India, E-mail :alka_411 @rediffmail.com. Abstract This paper provides a detailed
More informationELECTRONIC COMMERCE WORKED EXAMPLES
MODULE 13 ELECTRONIC COMMERCE WORKED EXAMPLES 13.1 Explain B2B e-commerce using an example of a book distributor who stocks a large number of books, which he distributes via a large network of book sellers.
More informationMobile Banking. Product Overview
Mobile Banking Product Overview financial services & retail enterprise internet content providers public sector telecommunications > PRODUCT transport Introduction Mobile phones have become an integral
More informationAn access number, dialed by a modem, that lets a computer communicate with an Internet Service Provider (ISP) or some other service provider.
TERM DEFINITION Access Number Account Number Acquirer Acquiring Bank Acquiring Processor Address Verification Service (AVS) Association Authorization Authorization Center Authorization Fee Automated Clearing
More informationSAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES
SAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES Sead Muftic 1, Feng Zhang 1 1Department of Computer and System Sciences, Royal Institute of Technology, Stockholm, Sweden
More informationE-commerce refers to paperless exchange of business information using following ways.
E-Commerce E-Commerce or Electronics Commerce is a methodology of modern business which fulfills the need of business organizations, vendors and customers to reduce cost and improve the quality of goods
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationAn Electronic Voting System Based On Blind Signature Protocol
CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationM-Wallet: An SMS based payment system
M-Wallet: An SMS based payment system Nitika Rai*, Anurag Ashok**, Janhvi Chakraborty**, Prajakta Arolker**, Saumeel Gajera** *(Associate Professor, Department of Information Technology, St. Francis Institute
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationSecurity Issues in Mobile Payment Systems
Security Issues in Mobile Payment Systems Shivani Agarwal 1 *, Mitesh Khapra 1, Bernard Menezes 1 and Nirav Uchat 1 ABSTRACT The national exchequer, the banking industry and regular citizens all incur
More informationInternational Journal of Computing and Business Research (IJCBR) INSECURE GSM NETWORK AND SECURITY SOLUTIONS FOR MOBILE BANKING
INSECURE GSM NETWORK AND SECURITY SOLUTIONS FOR MOBILE BANKING Karun Madan, Surya World Institute of Engg. & Technology, Rajpura, Punjab ABSTRACT Out of the many revolutions in the current world, mobile
More informationElectronic Cash Payment Protocols and Systems
Electronic Cash Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University email: jerrygao@email.sjsu.edu URL: http://www.engr.sjsu.edu/gaojerry May, 2000 Presentation Outline - Overview
More informationA Proxy-Based Data Security Solution in Mobile Cloud
, pp. 77-84 http://dx.doi.org/10.14257/ijsia.2015.9.5.08 A Proxy-Based Data Security Solution in Mobile Cloud Xiaojun Yu 1,2 and Qiaoyan Wen 1 1 State Key Laboratory of Networking and Switching Technology,
More informationWorld Summit on Information Society (WSIS) Forum 2013. 16 May 2013
World Summit on Information Society (WSIS) Forum 2013 Toolkit for creating ICT-based services using mobile communications for e- government services 16 May 2013 Hani Eskandar ICT Applications coordinator
More informationAlternative Frameworks of E-Commerce and Electronic Payment Systems Specially Suitable for the Developing Countries Likes Ours
Alternative Frameworks of E-Commerce and Electronic Payment Systems Specially Suitable for the Developing Countries Likes Ours ABSTRACT With the rapid growth of Information and Communication Technology
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationIntegration of CRM Systems with Payment Gateway
1 Integration of CRM Systems with Payment Gateway Niketa Singhal, Research Scholar, Computer Science & Engineering, ITM, Bhilwara. ABSTRACT CRM (Customer Relationship Management) is a system that manages
More informationController of Certification Authorities of Mauritius
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationA KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL
A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL Wangjian, Xu Guoai, Zhangmiao National Engineering Laboratory for Disaster Backup and Recovery, Beijing University
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationPCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationAdvance Technique for Online Payment Security in E-Commerce : Double Verification
Advance Technique for Online Payment Security in E-Commerce : Double Verification Shilpa Research Scholar Shri Krishan Institute of Engineering & Technology, Kurukshetra University Kurukshetra, India er.shilpa2011@gmail.com
More informationLectures for the course: Electronic Commerce Technology (IT 60104)
Lectures for the course: Electronic Commerce Technology (IT 60104) Week 1 Lecture 1 30/12/2010 Introduction to the course Evaluation guidelines Week 2 Lecture 2 3/01/2011 Overview of E-Commerce E-Commerce
More informationAnalysis of E-Commerce Security Protocols SSL and SET
Analysis of E-Commerce Security Protocols SSL and SET Neetu Kawatra, Vijay Kumar Dept. of Computer Science Guru Nanak Khalsa College Karnal India ABSTRACT Today is the era of information technology. E-commerce
More informationMathematical Model Based Total Security System with Qualitative and Quantitative Data of Human
Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
More informationENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 4, April 2014,
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationPCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00
PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)
More informationThe Comprehensive, Yet Concise Guide to Credit Card Processing
The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationEnhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011
Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic
More informationPCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core
PCI PA - DSS Point BKX Implementation Guide Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core Version 2.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566
More informationPrivacy in New Mobile Payment Protocol
in New Mobile Payment Protocol Tan Soo Fun, Leau Yu Beng, Rozaini Roslan, and Habeeb Saleh Habeeb Abstract The increasing development of wireless networks and the widespread popularity of handheld devices
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key
More informationSECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS
MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationA secure mobile payment system *
Jun. 2007, Volume 1, No.1 (Monthly) Computer Technology and Application, ISSN1934-7332, USA A secure mobile payment system * LI Xi, HU Han-ping (Institute of Pattern Recognition and Artificial Intelligence,
More informationmobile payment acceptance Solutions Visa security best practices version 3.0
mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid
More informationMobile Payments. Antti Pihlajamäki 27.10.2004
Mobile Payments Antti Pihlajamäki 27.10.2004 Outline Introduction Terminology Basic concepts Technology behind mobile payments Remote transactions Local transactions Drivers of mobile payments Unique features
More informationThe Definition of Electronic Payment
Part IX: epayment Learning Targets What are the electronic means of payment? What is the difference between pico-, micro- and macro-payment? How can we classify the e-payment systems? How can secure transactions
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table
More informationPCI DSS: An Evolving Standard
White Paper PCI DSS: An Evolving Standard PCI 3.0 and 3.1 Key Requirements Explained 2015 SecurityMetrics PCI DSS: An Evolving Standard 2 PCI DSS An Evolving Standard The Payment Card Industry Data Security
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments
A TO Z JARGON BUSTER A ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments ATM Automated Teller Machine. Unattended,
More informationAn in-building multi-server cloud system based on shortest Path algorithm depending on the distance and measured Signal strength
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 1, Ver. I (Jan Feb. 2015), PP 38-42 www.iosrjournals.org An in-building multi-server cloud system based
More informationEMP's vision is to be the leading electronic payments processing company in the emerging markets of Africa and the Middle East.
EMP's vision is to be the leading electronic payments processing company in the emerging markets of Africa and the Middle East. EMP's mission is to be at the forefront of the region's electronic payments
More informationNETWORK ADMINISTRATION AND SECURITY
NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define
More informationTwo-Factor Authentication: Tailor-Made for SMS
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication: Tailor-Made for SMS Exploring Myths, Misconceptions, and Best Practices for SMS-Based 2FA Table of Contents 4 Understanding Two-Factor
More informationGSM and UMTS security
2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages
More informationThe Encryption Technology of Automatic Teller Machine Networks
Software Engineering 4C03 Winter 2005 The Encryption Technology of Automatic Teller Machine Networks Researcher: Shun Wong Last revised: April 2nd, 2005 1 Introduction ATM also known as Automatic Teller
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationInt l Money transfer Receive on PocketMoni
Int l Money transfer Receive on PocketMoni - User Guide/ Frequently Asked Questions August, 2013.we make it happen! 1) What is PocketMoni? PocketMoni is etranzact branded mobile money solution designed
More informationmpos Solution A: Visa, MasterCard and JCB are supported. Both Debit & Credit Cards which is supported by any of this Card Type can be accepted.
mpos Solution GENERAL Q1: What is mpos Solution? A: mpos Solution is an innovative payment solution that turns a smartphone or tablet into a secure mobile card payment acceptance device. It consists of:
More informationWhat Data Thieves Don t Want You to Know: The Facts About Encryption and Tokenization
What Data Thieves Don t Want You to Know: The Facts About Encryption and Tokenization 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material are the property
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationPayment authorization Payment capture Table 1.3 SET Transaction Types
Table 1.3 lists the transaction types supported by SET. In what follows we look in some detail at the following transactions: Purchase request Payment authorization Payment capture Cardholder registration
More informationINTRODUCTION OF TRUSTED COMPUTING PLATFORM IN CLOUD COMPUTING Aayushi Bamboli Nilofar Tamboli, Pallavi Ghadage, Manisha Mohite, Sushila Kanade Guide-Prof: R. K. Narwade Special Thanks to Dr.* Vyankatesh
More informationProtected Cash Withdrawal in Atm Using Mobile Phone
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 2 Issue 4 April, 2013 Page No. 1346-1350 Protected Cash Withdrawal in Atm Using Mobile Phone M.R.Dineshkumar
More informationFirst Data E-commerce Payments Gateway
First Data E-commerce Payments Gateway High performance payment processing solution designed specifically to meet the requirements of global Card-Not-Present PSP When you partner with First Data for your
More informationChapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationSHORT MESSAGE SERVICE SECURITY
SHORT MESSAGE SERVICE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationWhat is a SSL VPN and How Does it Work?
Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private
More informationPayment Pebble Companion App API
Payment Pebble Companion App API 1. Introduction The Payment Pebble Companion App API (hereafter Companion API) provides a simple means to integrate payment capabilities into a third- party mobile application.
More informationDalPay Internet Billing. Technical Integration Overview
DalPay Internet Billing Technical Integration Overview Version 1.3 Last revision: 01/07/2011 Page 1 of 10 Version 1.3 Last revision: 01/07/2011 Page 2 of 10 REVISION HISTORY... 4 INTRODUCTION... 5 DALPAY
More informationThe Goods, the Payment and the Mobile!
WHITEPAPER The Goods, the Payment and the Mobile! This whitepaper is an extract from: Mobile Payments for Digital & Physical Goods Analysis, Markets & Vendor Strategies 2011-2015... information you can
More informationA Reliable ATM Protocol and Comparative Analysis on Various Parameters with Other ATM Protocols
A Reliable ATM Protocol and Comparative Analysis on Various Parameters with Other ATM Protocols Anurag Anand Duvey 1, Dinesh Goyal 2, Dr. Naveen Hemrajani 3 1, 2, 3 Suresh Gyan Vihar University, Jaipur
More informationProcessing IP-Based, Electronic Payment Card Transactions
Processing IP-Based, Electronic Payment Card Transactions Processing IP-Based, Electronic Payment Card Transactions Overview Early electronic payment card (EPC) transaction networks required a merchant
More informationPAYMENT SYSTEMS. E-Commerce Winter 2011 Marek Maurizio
PAYMENT SYSTEMS E-Commerce Winter 2011 Marek Maurizio THE PAYMENT REVOLUTION In 2011 we are still in the middle of a payment system revolution Electronic payments are taking the place of cash and checks
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationThe e-payment Systems
The e-payment Systems Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing, sales, payment, fulfillment, customer service Electronic
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationRfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System
Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System ArchanaThange Post Graduate Student, DKGOI s COE, Swami Chincholi, Maharashtra, India archanathange7575@gmail.com,
More information