• Journal of Computing Science and Engineering
• /
• v.5 no.1
• /
• pp.51-70
• /
• 2011

This paper introduces a new credit card payment scheme called No Number Credit Card that can significantly reduce the possibility of credit card fraud. The proposed payment system is loosely based on Kerberos, a cryptographic framework that has stood the test of time. In No Number Credit Card, instead of card numbers, only payment tokens are exchanged between the customers and merchants. The tokens are generated based on the payment amount, payment type, client information, and merchant information. However, it does not contain the credit card number, so the merchant or a database hacker cannot acquire and illegally use any credit card numbers. The No Number Credit Card system is ideal for online e-commerce transactions and can be used with any credit card that users possess. It can be used with minor modifications to the current card payment system. We provide the principles of its operation through scenario analysis, a sample implementation, and a security analysis

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1175-1186
• /
• 2015

Financial fraud has been increasing along with credit card usage. Magnetic stripe cards have vulnerabilities in that credit card information is exposed in plaintext and cardholder verification is untrustworthy. So they have been replaced by a smart card scheme to provide enhanced security. Furthermore, the FinTech that combines the IT with Financial product is being prevalent. For that reason, many mobile device based payment schemes have been proposed for card present transaction. In this paper, we propose a virtual credit card number payment scheme based on public key system for efficient authentication in card present transaction. Our proposed scheme is able to authenticate efficiently in card present transaction by pre-registering virtual credit card number based on cardholder's public key without PKI. And we compare and analyze our proposed scheme with EMV.

• Journal of Convergence Society for SMB
• /
• v.5 no.2
• /
• pp.33-38
• /
• 2015

The damage to the security is increasing as public key-based ISP secure payment service is used in online banking payment system. Security technology aspect to ISP secure payment security has no special problems. But, security damage that occurs due to the simplicity of the payment system is a problem. In this paper, we propose response and plan for ISP secure payment service to minimize the damage that occurs due to the simplicity of a security settlement system. Proposed scheme is applicable to various billing systems such as secure payments, online payment, mobile payment, credit card. Proposed scheme is characterized in that can stably support the capabilities of the new billing system. Also, proposed scheme is to analyze the various security threats arising from the payment of the financial services and to describe response and plan technology.

• Journal of KIISE:Information Networking
• /
• v.33 no.2
• /
• pp.149-155
• /
• 2006

Existing routing protocols for mobile ad hoc networks (MANETs) have assumed that all nodes voluntarily participate in forwarding others' packets. In the case when a MANET consists of nodes belonging to multiple organizations, mobile nodes may deliberately avoid packet forwarding to save their own energy, resulting in network performance degradation. In this paper, to make nodes volunteer in packet forwarding, a credit payment scheme called Protocol-Independent Fairness Algorithm (PIFA) is proposed. PIFA can be utilized irrespective of the type of basic routing protocols, while previous methods are compatible only with source routing mechanisms like DSR. According to simulation results, we can know that PIFA can prevent network performance degradation by inducing selfish nodes to participate in packet forwarding.

• International Commerce and Information Review
• /
• v.9 no.1
• /
• pp.149-168
• /
• 2007

e-Trade Payment system has been transformed by quickly and effectively. The e-trade Payment system such as TradeCard System, Bolero Surf, Identrus Eleanor and e-Escrow and e-letter of Credit issued by SWIFT System enable partly sellers, buyers and service providers. This paper studies for SWIFT, Surf, TradeCard, Eleanor, e-Escrow as international trade payment, As reason following : The First, Bolero is a neutral secure platform enabling paperless trading between exporter, importer, and their logistics service and bank partners, insurance company. The Second, TradeCard is to manage procurement-to-payment worldwide, that is exporter, importer and connected partners, paperless platform. The Third, Identrus is the global leader in trusted identity solutions, recognized by global financial institutions, commercial organizations and bank partners around the world. The Forth, Escrow payment have effect to L/C issue and enter into electronic contracts in internet bank. Trader practice use Escrow Bank as the same bank that rules to Issuing Bank and Advising Bank and payment, acceptance. This paper of these electronic payment have studies new international trade payment to approach such as eUCP rules and TradeCard System, Surf of bolero, eleanor of Identrus, SWIFT.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.1
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.1180-1200
• /
• 2017

Currently, automated payment services provide intuitive user interfaces by adapting various wireless communication devices with mobile services. For example, companies like Samsung, Google, and Apple have selected the NFC payment method to service payments of existing credit cards. An electronic payment standard has been released for NFC activation within Korea and will strengthen the safety of payment service communications. However, there are various security risks regarding the NFC-based electronic payment method. In particular, the NFC payment service using the recently released lightweight devices cannot provide the cryptographic strength that is supported by many financial transaction services. This is largely due to its computational complexity and large storage resource requirements. The chaotic map introduced in this study can generate a highly complicated code as it is sensitive to the initial conditions. As the lightweight study using the chaotic map has been actively carried out in recent years, associated authentication techniques of the lightweight environment have been released. If applied with a chaotic map, a high level of cryptographic strength can be achieved that can provide more functions than simple XOR operations or HASH functions. Further, this technique can be used by financial transaction services. This study proposes a mutual authentication technique for NFC-PCM to support an NFC payment service environment based on the chaotic map.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1864-1876
• /
• 2016

Card-Not-Present (CNP) transactions taking place remotely over the Internet are becoming more prevalent. Cardholder authentication should be provided to prevent the CNP fraud resulting from the theft of stored credit card numbers. To address the security problems associated with CNP transactions, the use of a virtual card number derived from the transaction details for the payment has been proposed, instead of the real card number. Since all of the virtual card number schemes proposed so far are based on a password shared between the cardholder and card issuer, transaction disputes due to the malicious behavior of one of the parties involved in the transaction cannot be resolved. In this paper, a new virtual card number scheme is proposed, which is associated with the cardholder's public key for signature verification. It provides strong cardholder authentication and non-repudiation of the transaction without deploying a public-key infrastructure, so that the transaction dispute can be easily resolved. The proposed scheme is analyzed in terms of its security and usability, and compared with the previously proposed schemes.

• International Commerce and Information Review
• /
• v.6 no.2
• /
• pp.243-263
• /
• 2004

Recently, International electronic commerce has been rapidly increasing. Over the past decade, e-commerce on the business foundation of the Internet compound has entered extensive areas of international trade and social activity. This paper focuses on the system establishment of customs duties of import goods in Global e-Commerce. Today, USA, EU and some major countries, International Organization insisted to Tariff-free woe in customs duty. This study also will discuss the effect of imposition of import duties. In order to impose customs duties, it needs to establish a system scheme, especially, because international payment of BtoC Commerce occur by the Credit Card. This study deals with Customs duties of import goods in Global e-Commerce.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.129-136
• /
• 2003

A representative payment broker system is SET and one of its signature shcemes is a dual digital signature scheme. A dual digital signature scheme expose neither user's payment information(credit card number etc.) to merchandiser, nor user's order information to bank So it keeps user's Privacy safe. The digital signature scheme like this is being necessary as E-commerce is revitalized. But a dual digital signature of SET is not appropriate for wireless environments because it needs so many computations and communications. In this paper, we propose a signcryption scheme that generates a polynomial using a payment information for merchandiser and an order information for bank in order to reduce communications. We analyze the problem of existing signcryption schemes and dual digital signature schemes. Also we analyze the security properties of the proposed scheme.