[attachment=13294]
Abstract
Two revisions of the original Secure Electronic Transaction (SET) protocol are proposed to conceal cardholders’ identities inthe electronic marketplace in which cardholders’ trust for banks can be reduced to a minimum. Constrained by being extensionsof the existing card payment networks to the Internet, most on-line credit card payment schemes in use or proposed in recentpapers assume the sensitive card information could be disclosed to all the participating banks. The assumption used to workwell in traditional credit card payments before. However, negative impacts such as banking scandals, closure programs due topoor management, and security problems with Internet banking are all undermining cardholders’ trust in banks. The issuer is thetrusted bank selected by the cardholder, but the acquirer is not. To reveal the cardholder’s sensitive card information to everypossible acquirer implies potential risk. Based on the need-to-know principle, the two revisions are proposed to relax theassumption mentioned above.In our solutions, the sensitive card information is well protected along the way and can be extracted only by the issuer. Acardholder needs only to select a trustworthy issuer, instead of worrying about the possible breakdowns of every involvedacquirer. The cost to achieve our more secure schemes demands only minor information modifications on the legacy system..
Introduction
Information privacy is defined as ‘‘an individual’sclaim to control the terms under which personalinformation—information identifiable to the individual—is acquired, disclosed, and used’’ [1]. It has beena critical concern long there before the advent ofcomputers. As computer technologies advance andthe popularity of Internet grows, personal informationcould be recorded, gathered, analyzed, and misusedeasier than ever. Privacy protection is thereforebecoming an important issue in the cyber era. Especiallywhen it comes to on-line credit card payments.Not just only because this payment method has beenbecoming the trend of modern consuming practice,but also it involves the sensitivity of personal information.One of GartnerG2’s reports [2] shows that0920-5489/02/$ - see front matter D 2002 Elsevier Science B.V. All rights reserved.doi:10.1016/S0920-5489(02)00102-2* Corresponding author. Tel.: +886-3-3283016x5815; fax:+886-3-3271304.E-mail address: jjhwang[at]mail.cgu.edu.tw (J.-J. Hwang).elsevierlocate/csiComputer Standards & Interfaces 25 (2003) 119– 129approximately 60% of on-line adults in the US do notdo business on the web due to security and privacyconcerns. Another Gartner’s report [3] indicates thatcredit cards are used for 93% of all transactions in theon-line world. The Information Technology Associationof America found that 74% of Americans areworried that their personal information on the Internetcould be stolen or used for malicious purpose [4].Therefore, the issue of privacy protection for on-linecredit card payments is in great need to be addressedfor the development of electronic commerce.With a growing scale of wide acceptance and amature business operation infrastructure, payment bycredit card has been a common payment method in thephysical world. This method has also been commonlyapplied on-line, but cardholders’ confidence needs tobe improved. Taking advantage of its convenience,Secure Sockets Layer (SSL) has become the mostwidely used protocol for on-line credit card paymentsnowadays. However, it is designed only to provide aprivate and reliable channel between two communicatingentities. Unscrupulous merchants can stealcardholders’ credit card information that contains thekey elements needed to counterfeit credit cards and/orto initiate fraudulent transactions. Secure ElectronicTransaction (SET) [5–8], the secure electronic transactionprotocol proposed by VISA International andMasterCard International, is deemed to be a de factostandard. But, there is agreement in the market thatSET has not taken off. The complexity and cost ofimplementing SET have been obstructing barriers.Moreover, some researchers [8] pointed out thatSET does not address the concern of data aggregation.Constrained by being an extension of the existing cardpayment networks to the Internet, the acquirer canobtain the cardholder’s card number and the issuer hasa complete record of the cardholder’s credit cardtransactions which could be aggregated for furtheranalysis. Recently the successor of SET, 3D SET (3Dimension SET) [9], is proposed to improve theportability and the flexibility for cardholders to payon-line. The core protocol of 3D SET is the same asthat of SET. Based on the inherent assumption thatbanks are trustworthy, all the transaction details andhistory of the cardholder are stored at the bank.Having long been trusted by cardholders, banks canalways access to sensitive data over their cardholders,which they should not know. However, negativeimpacts such as banking scandals, closure programsdue to poor management, and security problems withInternet banking are all undermining cardholders’trust in banks. The Behrens’s report from GartnerG2[2] shows that 86% of on-line American adults arevery concerned about the security of bank and brokerageaccount numbers when doing on-line transactions.According to Riem’s survey [10], a seriouscase happened in December 2000 draws much attention.Halifax, a British bank, was forced to shut downone of its credit card sites after leaving cardholderdetails exposed. Three of the largest British bankshave also been identified as having security holes intheir systems. Academically, some protocols are alsoproposed in recent papers to improve the privacyprotection for cardholders [8,11,12].In this paper, we first examine the necessaryprivacy protection for on-line credit card payments,and then analyze the protection on the major protocolsthat are either in use or proposed in recent papers.Based on the need-to-know principle proposed inRefs. [8,13,14], transaction information should beavailable only to parties that need it to avoid dataaggregation and misuse. Two revisions of the originalSET protocol are proposed to conceal cardholders’identities in the electronic marketplace. Cardholders’trust for banks can thus be reduced to a minimum. Acardholder needs only to select a trustworthy issuer,instead of worrying about the possible breakdowns ofevery involved acquirer