A Purchase Protocol with Multichannel Authentication

While online shopping are becoming more accepted by people in modern life, cardholders are more concerned about card fraud and the lack of cardholder authentication in the current online credit card payment. This paper proposes a purchase protocol with live cardholder authentication for online transactions which combines telephone banking and online banking together. The order information and payment information are sent though the Internet and encrypted by asymmetric key encryption. The cardholder is authenticated by the card issuing bank ringing back at the customer’s phone number and the cardholder inputting the secure PIN and the amount to pay. The multichannel authentication makes the cardholder feel secure and card fraud difficult. Furthermore, the protocol does not require the cardholder to obtain public key certificates or install additional software for online transactions.

[1]  Yingjiu Li,et al.  Securing credit card transactions with one-time payment scheme , 2005, Electron. Commer. Res. Appl..

[2]  Fabio Massacci,et al.  Verifying the SET Purchase Protocols , 2005, Journal of Automated Reasoning.

[3]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[4]  Kenji Takahashi,et al.  Authentication using multiple communication channels , 2005, DIM '05.

[5]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[6]  Frank Stajano,et al.  Multi-channel Protocols , 2005, Security Protocols Workshop.

[7]  Frank Stajano,et al.  Multichannel Security Protocols , 2007, IEEE Pervasive Computing.

[8]  Bruce Christianson,et al.  A Purchase Protocol with Live Cardholder Authentication for Online Credit Card Payment , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[9]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[10]  Hsiao-Cheng Yu,et al.  Electronic payment systems: an analysis and comparison of types , 2002 .

[11]  Fabio Massacci,et al.  Verifying the SET registration protocols , 2003, IEEE J. Sel. Areas Commun..