Enhancing the Security of 3-D Secure

by

ACKNOWLEDGEMENT

I would take this opportunity to thank my research supervisor, family and friends for their support and guidance without which this research would not have been possible.

DECLARATION

I, [type your full first names and surname here], declare that the contents of this dissertation/thesis represent my own unaided work, and that the dissertation/thesis has not previously been submitted for academic examination towards any qualification. Furthermore, it represents my own opinions and not necessarily those of the University.

Signed __________________ Date _________________

EXECUTIVE SUMMARY

This dissertation is based on the security aspects of payments being done with the use of 3D secure. The present economical situation in UK asks the enterprises to change the traditional transaction style and implement e-business. The most important problems the e-business is facing are: the information confidentiality, the data availability, the data integrity, the user's identity, the non-repudiation of the data's original sender and the legal user, etc. The subject of this thesis analyzes the basic concepts, the security infrastructure and payment system of electronic commerce, makes a thorough and comprehensive research on the security technology, authentication and transaction process, points out some deficiencies in Secure Electronic Transaction (SET) protocol. Then an improved method is given out with the data flow and data structure, finally a secure electronic commerce payment system and its software based on the improved SET model are designed. This thesis brings forward the improved method for improving the speed of transaction, and strengthening the security of protocol and adapting it to any circumstance easily. It is mostly used with the help of MasterCard (MasterCard SecureCode). Security codes are required for such kinds of sales transactions. The security code consists of the 3 numbers on the back of the card normally asks us when we enter an online purchase.

LIST OF ABBREVIATION

CNP: Card Not Present

SSL: Encryption Secure Socket Layer

MPI: Merchant plug-in interface

E-Commerce: Electronic Commerce

EMV: Europay, MasterCard and VISA

MPI: Message Passing Interface

EDI: Electronic Data Interchange

GDP: Gross Domestic Product

LIST OF FIGURES

Figure 1: EPS Process. Pp. 14

Figure 2: Process. Pp. 17

Figure 3: EPS. Pp. 27

TABLE OF CONTENTS

ACKNOWLEDGEMENTII

DECLARATIONIII

EXECUTIVE SUMMARYIV

LIST OF ABBREVIATIONV

LIST OF FIGURESVI

CHAPTER 1: INTRODUCTION3

Aim of the Study…………4

Objectives of the Study4

Bank-Based Payment6

Basic Payment Model6

Pull Model7

Push Model7

Payment by Card7

Conventional Card Risks8

Online Card Risks8

CHAPTER 2: LITERATURE REVIEW9

Introduction9

Schemes without Cryptography11

First Visual11

Mature Cryptography Schemes11

3-D secure11

SSL/TLS12

SSL/TLS and e-commerce12

The i-KP Protocol14

The Birth of E-commerce16

SET16

Payment Systems and Payment Gateways19

Merchants22

Electronic Commerce Safety Protocol29

The EMV Standard34

SET - A First Attempt at Securing E-commerce42

A holistic framework for trust in online transactions45

CHAPTER 3: METHODOLOGY47

CHAPTER 4: DISCUSSION AND ANALYSIS49

Credit Card Payment Models & Schemes56

PayPal60

iDEAL61

CHAPTER 5: CONCLUSION65

CHAPTER 1: INTRODUCTION

This thesis proposes a new approach to electronic payment in which a customer's payment information cannot be obtained by a merchant. A customer's payment information is usually a debit or credit card detail, and providing it to a merchant during e-payment exposes this sensitive financial information to various risks. Some of these widely known risks are data tampering, stealing credit card details and credit card fraud. A merchant may or may not exploit customer data but can definitely store ...