Abstract
Purchase PDF (489 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (1)
Purchase PDF (56 K)
doi:10.1016/j.elerap.2005.06.002 
Copyright © 2005 Elsevier B.V. All rights reserved.
Received 5 October 2004;
References and further reading may be available for this article. To view references and further reading you must purchase this article.
Abstract
Traditional credit card payment is not secure against credit card frauds because an attacker can easily know a semi-secret credit card number that is repetitively used. Recently one-time transaction number has been proposed by some researchers and credit card companies to enhance the security in credit card payment. Following this idea, we present a practical security enhancement scheme for one-time credit card payment. In our scheme, a hash function is used in generation of one-time credit card numbers with a secret only known to the card holder and issuer. Compared with related work, our scheme places less burden on credit card issuers, and can be easily deployed in on-line or off-line payment scenarios. Analysis and simulation show that the time and space complexity is affordable to the card issuer with desired security features.
Keywords: Credit card transaction; Credit card fraud; Security
Article Outline
- 1. Introduction
- 1.1. Evaluation criteria
- 1.2. Related work
- 1.3. Our solution
- 1.4. Organization
- 2. Customer payment scheme
- 2.1. Credit card
- 2.2. Smart card reader
- 2.3. Payment scenarios
- 3. Verification scheme
- 3.1. Verification algorithm
- 3.2. The length of verification queue
- 3.3. System simulation
- 3.4. Complexity
- 4. Security analysis
- 5. Implementation options and discussions
- 5.1. Payment without smart card reader
- 5.2. Using personal identification number
- 5.3. Recurring payment
- 5.4. Comparison with PKI-based schemes
- 6. Conclusion
- References
