[4842] in WWW Security List Archive
Credit Cards in Cyberspace
daemon@ATHENA.MIT.EDU (Avriel E. Rabenou)
Tue Mar 18 05:07:43 1997
Date: Tue, 18 Mar 1997 09:00:48 +0100
To: WWW-SECURITY@ns2.rutgers.edu, WWW-BUYINFO@allegra.att.com,
E-PAYMENT@cc.bellcore.com, IETF-PAYMENTS@cc.bellcore.com
From: "Avriel E. Rabenou" <104951ar@student.eur.nl>
Errors-To: owner-www-security@ns2.rutgers.edu
Hi,
Next month I hope to graduate from Erasmus University Rotterdam, The
Netherlands with a Master's in Managerial Computer Science. I wrote my
thesis on the use of credit cards on the Internet. The problem the study
investigated was the security of credit card based payment systems for
electronic commerce on Internet. Specially, the study seeked to determine:
1) What are the issues for secure payment on the Internet?
2) How credit cards are used today for electronic commerce on Internet?
3) What will the future be for credit cards on Internet?
This study provides a useful overview of security issues involved with
(credit card based) payment systems on Internet. Secondly, this study shows
whether doing electronic commerce using credit card based payment systems on
Internet is attractive for buyer, merchant and financial institution. All
major credit card based systems took part in the study (plain web forms,
First Virtual, CyberCash, SET).
If people are intrested in a copy of my thesis (or have other related
questions) please contact me by e-mail (104951ar@student.eur.nl).
Avriel Rabenou
Short Summary (without conclusions/findings)
****************************************
Overview of the Study
As has been previously stated, the purpose of the study is to examine how
secure credit card based payment systems are for electronic commerce on
Internet. The second chapter provides an introduction on electronic commerce
and the Internet. Security issues are presented in the third chapter. The
fourth chapter deals with the traditional credit card payment process. The
fifth chapter provides an overview of the major (credit card based) payment
systems on Internet. The final chapter of the study is concerned with
analysis of the payment systems, summary of findings, conclusions,
implications and suggestions for further research.
Electronic Commerce and the Internet
Electronic commerce is a hot topic. Many hope it will change the way
business is being done. It can shrink geographical distance, restructure
supply chains, cut distribution and transactions costs and improve the
efficiency of markets by giving more information and choice to both buyers
and sellers. The primary testing site for electronic commerce is the Internet.
The Internet, an interconnected network which is seen as the precursor of
the Information Superhighway, consist of set of services like E-mail, FTP,
Gopher, Telnet, Netnews & the Web. The Web, which is currently the most
advanced and most popular service, offers an affordable opportunity for
commerce. Since the Internet as a commercial network is still in its infancy
we encounter critical factors which need to be resolved before Internet
commerce can flourish.
An important critical factor are the payment systems. A satisfactory
Internet payment system needs to be easy to use, fast, and especially
trusted. The most popular form of payment which is used today on the
Internet is based on the credit card. In this study the position of credit
cards on the Internet was analysed with special attention on security issues
involved.
Security
Security, and more specifically, security of payment is a the major
bottleneck which slows down the growth of Internet commerce. Security today
is made possible using encryption, digital signatures, certificates, and
certificate authorities. Encryption is the main component providing security
within payment systems. Payment systems need to be evaluated on certain
security criteria. In this study a list was compiled of evaluation criteria
for payment systems as illustrated in table 6-1.
Authentication
Integrity
Confidentiality
Non-Repudiation
Clearing
Privacy
Table 6-1: Security evaluation criteria
The Credit Card
An overview of the usage of credit cards in the physical world was given to
get a better understanding of their use on the Internet. Table 6-2 shows
which Table 6-2: Analysed credit card based Internet payment systems credit
card based Internet payment systems took part in the study.
Insecure Credit Card Web Form
Secure Credit Card Web Form
First Virtual
CyberCash
SET
Credit card based Internet payment can be divided into three groups:
insecure credit card web form, secure credit card web form, and systems
which use a third party in the credit card transactions. The systems based
on a third party offer the best security. Of these systems the following
were analysed: First Virtual, CyberCash, and SET. SET is the only system
which can provide non-repudiation in addition to confidentiality, integrity,
and authentication. Non-repudiation in SET is implemented using certificates
and certificate authorities.
In addition, two other potential (non-credit card) systems were shortly
discussed, digital cash and smart cards. Many of these systems are still in
an experimental phase.
*******************Message from Avriel E. Rabenou ************
E-mail: 104951ar@student.eur.nl
WWW: http://huizen.dds.nl/~shalom/
Author of Master's Thesis, Credit Cards in Cyberspace.
*************************************************************
