標題: Securing on-line credit card payments without disclosing privacy information
作者: Hwang, JJ
Yeh, TC
Li, JB
資訊管理與財務金融系 註:原資管所+財金所
Department of Information Management and Finance
關鍵字: electronic commerce;privacy;credit card;on-line payment
公開日期: 1-May-2003
摘要: Two revisions of the original Secure Electronic Transaction (SET) protocol are proposed to conceal cardholders' identities in the electronic marketplace in which cardholders' trust for banks can be reduced to a minimum. Constrained by being extensions of the existing card payment networks to the Internet, most on-line credit card payment schemes in use or proposed in recent papers assume the sensitive card information could be disclosed to all the participating banks. The assumption used to work well in traditional credit card payments before. However, negative impacts such as banking scandals, closure programs due to poor management, and security problems with Internet banking are all undermining cardholders' trust in banks. The issuer is the trusted bank selected by the cardholder, but the acquirer is not. To reveal the cardholder's sensitive card information to every possible acquirer implies potential risk. Based on the need-to-know principle, the two revisions are proposed to relax the assumption mentioned above. In our solutions, the sensitive card information is well protected along the way and can be extracted only by the issuer. A cardholder needs only to select a trustworthy issuer, instead of worrying about the possible breakdowns of every involved acquirer. The cost to achieve our more. secure schemes demands only minor information modifications on the legacy system. (C) 2002 Elsevier Science B.V. All rights reserved.
URI: http://dx.doi.org/10.1016/S0920-5489(02)00102-2
http://hdl.handle.net/11536/27912
ISSN: 0920-5489
DOI: 10.1016/S0920-5489(02)00102-2
期刊: COMPUTER STANDARDS & INTERFACES
Volume: 25
Issue: 2
起始頁: 119
結束頁: 129
Appears in Collections:Articles


Files in This Item:

  1. 000182441000005.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.