Writing in a recent issue of the Inderscience publication International Journal of Electronic Security and Digital Forensics Mohammed Assora, James Kadirire and Ayoub Shirvani explain how a disposable credit card number would protect consumers from fraud when shopping online.
Today, e-commerce transactions are performed by sending the customer's credit card details over the Internet between a web browser and the e-commerce site. Despite rudimentary security, there are many points at which the process can be compromised by a fraudster.
The most insecure aspect of the whole process, explains Shirvani and colleagues, is the client authentication step because most e-commerce sites usually only require the customer's credit card details to validate the sale. There is no certification on the customer's side of the bargain. This means that anyone who steals your credit card information could use it to buy goods and services online fraudulently.
Customer certification is not the only problem, the researchers say. Once you have entered your credit card details into a shopping or other e-commerce site, these are usually stored unencrypted in the merchant’s database, which means they could be retrieved by anyone with access to that database, whether or not that is an unscrupulous employee or someone breaking in to the database from outside.The researchers point out that more than a decade has passed since computer security experts instigated the Secure Electronic Transaction
(SET) protocol to try to solve this problem by sending the client's credit card details encrypted. However, the system was very complicated and has not been adopted by e-commerce sites.
Instead, Shirvani and colleagues put forward the idea of a disposable credit card number (DCCN) that could overcome the vast majority of security threats. They describe how DCCNs could be generated "off-line" using a pre-shared secret key between the issuer and the customer and used only once to make an electronic purchase.
The concept is related to the credit voucher and gift certificate systems used by some e-commerce sites but the off-line system means no credit card details need pass across the Internet to create the voucher code. The off-line approach would also side-step any potential security and implementation issues that might be associated with online DCCNs such as Private Payment and SecureClick.
In off-line generation of DCCNs, the customer registers his/her credit card with the card issuer and receives an associated secret key. The customer will then use this secret key in conjunction with a simple calculation device such as a smart card, PDA or mobile phone to generate an encrypted code - known as a hash - that is based on the price of the goods he/she intends to purchase and other details pertinent to the e-commerce site.
The resulting hash is adapted to form the DCCN, and then sent over the Internet instead of the actual credit card details. The shopping site validates the DCCN as any normal credit card without ever seeing or having to store their real credit card details. As a result, the client can shop with no need to worry about confidential data being compromised, the researchers conclude.
How Strong Brands Translate into Money
15.11.2016 | Kühne Logistics University - Wissenschaftliche Hochschule für Logistik und Unternehmensführung
Demographic change depresses tax revenues
04.11.2016 | Fraunhofer-Institut für Angewandte Informationstechnik FIT
Yersiniae cause severe intestinal infections. Studies using Yersinia pseudotuberculosis as a model organism aim to elucidate the infection mechanisms of these...
Researchers from the University of Hamburg in Germany, in collaboration with colleagues from the University of Aarhus in Denmark, have synthesized a new superconducting material by growing a few layers of an antiferromagnetic transition-metal chalcogenide on a bismuth-based topological insulator, both being non-superconducting materials.
While superconductivity and magnetism are generally believed to be mutually exclusive, surprisingly, in this new material, superconducting correlations...
Laser-driving of semimetals allows creating novel quasiparticle states within condensed matter systems and switching between different states on ultrafast time scales
Studying properties of fundamental particles in condensed matter systems is a promising approach to quantum field theory. Quasiparticles offer the opportunity...
Among the general public, solar thermal energy is currently associated with dark blue, rectangular collectors on building roofs. Technologies are needed for aesthetically high quality architecture which offer the architect more room for manoeuvre when it comes to low- and plus-energy buildings. With the “ArKol” project, researchers at Fraunhofer ISE together with partners are currently developing two façade collectors for solar thermal energy generation, which permit a high degree of design flexibility: a strip collector for opaque façade sections and a solar thermal blind for transparent sections. The current state of the two developments will be presented at the BAU 2017 trade fair.
As part of the “ArKol – development of architecturally highly integrated façade collectors with heat pipes” project, Fraunhofer ISE together with its partners...
At TU Wien, an alternative for resource intensive formwork for the construction of concrete domes was developed. It is now used in a test dome for the Austrian Federal Railways Infrastructure (ÖBB Infrastruktur).
Concrete shells are efficient structures, but not very resource efficient. The formwork for the construction of concrete domes alone requires a high amount of...
10.01.2017 | Event News
09.01.2017 | Event News
05.01.2017 | Event News
18.01.2017 | Power and Electrical Engineering
18.01.2017 | Materials Sciences
18.01.2017 | Life Sciences