The document proposes a secure online shopping system that utilizes contactless smart cards for transactions, aiming to enhance consumer trust and experience by replacing credit and debit cards. It details the end-to-end process of using the system, development components, and security measures integrated to protect user transactions. The authors discuss the need for improved online shopping security to meet increasing consumer demand for online retail services.

1. AAnn AAlltteerrnnaattiivvee ooff SSeeccuurreedd
OOnnlliinnee SShhooppppiinngg SSyysstteemm vviiaa
PPooiinntt--BBaasseedd CCoonnttaaccttlleessss SSmmaarrtt CCaarrdd
((PPaappeerr IIDD:: 111188))
Muhammad Dhiauddin Mohamed Suffian
Mohd Firdaus Ahmadoon
Faculty of Information Technology & Multimedia Communication
Open University Malaysia

2. PPrreesseennttaattiioonn OOuuttlliinnee
• Introduction
• Related Works
• End-to-End Process of Proposed System
• Development of Proposed System
• Discussions
• Conclusion and Recommendations

3. IInnttrroodduuccttiioonn
• Online shopping has gained popularity since people can shop anywhere as long as
they have access to Internet connection
• To some extent, despite various security mechanisms have been put in place, there are
still people who refuse to perform online shopping due to perception that it is not
secured, exposed to fraud and not trusted in actual delivery of the purchased item
• An alternative for purchasing items online by using contactless smart card stored with
point values is proposed based on following concerns:
 Changing the perception on security of online shopping in the sense that the use
of credit card or debit card for purchase will be cheated by the merchant
 The increasing need for offering product and services online via secured
transaction to compete and survive in business
 The increasing demand by current customers to shop more via Internet instead
of conventional shopping
 The importance of providing positive online shopping experience

4. RReellaatteedd WWoorrkkss
• Payments and transactions in electronic have grown exponentially [Fiallos & Wu, 2005].
• Digital money offers flexible electronic payment with added security features that is required for
transaction, such as replicating the individual activity [Lee, Oh & Lee, 2004]
• Common elements in electronic payment methods are credit card, debit instruments, prepaid
payment services, cumulative collection services, payment portal services and mobile phone
payments [Vassilliou, 2004]
• Electronic payment (e-payment) offers several benefits:
 The need to only enter account information for making online payment [Hord, 2005]
 Convenient, helps in cost reduction and secured, which translates into reliable online
transactions for purchasing goods or services over the Internet [Humphrey, Pulley & Vesala,
2000]
 Automation of payment made electronically contributes to the reduction of the overall cost
for payment system [Appiah and F. Agyemang, 2006].
• Approaches and technologies have been introduced in ensuring the security of electronic
payment via the Internet:
 Cryptography is the most common security measures for online payment but slow in speed
and less efficient [Taddesse & Kidan, 2005]
 Credit cards with RFID technology is part of mobile phone architecture for secure e-payments
[Venkataramani & Gopalan, 2007].
 Use of fingerprint verification technique and steganography for confidence in online
shopping [Ihmaidi, Al-Jaber & Hudaib, 2006]
 Speech recognition and encrypted USB device as mechanisms for secured online
transaction [Panigrahy, Jena & Jena, 2010][Lin, Yuan &Qu, 2007].
 a new framework that omits hardware deployment at customer’s site for online shopping via
mutual authentication between merchant and customers
[Gupta and R. Johari, 2007]

5. EEnndd--ttoo--EEnndd PPrroocceessss ooff
PPrrooppoosseedd SSyysstteemm
• The user need to purchase the contactless smart card stored with point values at the
authorized retailer and register the purchase.
• User need to register his/her profile into the online shopping system and tie the card
purchased with the profile.
• Once user is registered, online shopping activity start: search for items, confirm
items to purchase and their quantity, agrees with terms and perform checkout.
• User then make payment after confirming the total amount of points required.
(Payment here means purchase the items using the points instead of typical actual
cash and subjects to availability of point values in the contactless smart card)
• The process ends and user waits for delivery of item according to specified time
stated in the system.

6. DDeevveellooppmmeenntt ooff PPrrooppoosseedd
SSyysstteemm ((11))

7. DDeevveellooppmmeenntt ooff PPrrooppoosseedd
SSyysstteemm ((22))
Server Side Process Client Side Process
Internet
Web Application
Source Code ASP.Net
MSSQL Database
Windows Service
For Send Email Notification
And SMS Notification
Client Web Browser
Client Email Inbox
SMS
Java
Applate
Mifare Smart Card Reader

8. DDeevveellooppmmeenntt ooff PPrrooppoosseedd
SSyysstteemm ((33))

9. DDeevveellooppmmeenntt ooff PPrrooppoosseedd
SSyysstteemm ((44))

10. DDeevveellooppmmeenntt ooff PPrrooppoosseedd
SSyysstteemm ((55))

11. DDiissccuussssiioonnss ((11))
SYSTEM FEATURES (MOL POINTS) LAZADA TOUCH ‘N GO MEPS CASH PROPOSED SYSTEM
Webpage system interactive interactive moderate Low moderate
User online registration 4 4 2 2 4
Website have module for online
shopping 4 3 3 1 4
System using any smart card
technology 2 2 4 4 4
System that interact with
payment gateway 4 4 2 4 4
Using conversion to point or
value to translate the payment
transaction
4 2 4 4 4
System able to support
operation via offline
environment
2 2 4 3 2
System marketing promotion 4 4 3 1 2
Easy to use the system 4 4 4 1 4
Flexibility system to the end
user 4 4 4 1 4
System availability in market
and user still use until now 4 4 4 2 2
System able to support multiple
sale product 4 4 4 2 4
System tight on security 4 4 4 4 4
User system audience World wide World wide Malaysia only Malaysia only Malaysia only
Note:
1 – Do not know; 2 - Do not have; 3 – Partly available; 4 – Fully available

12. DDiissccuussssiioonnss ((22))
From the perspective of security and protection, the following is incorporated:
•SSL is enabled in the system to prevent the hackers tap during all transaction and
cover the whole website system
•Implement LINQ module which connect .NET web application to the database, thus
prevents SQL injection attempt
•Java Applet is used to communicate with the card reader, thus this enables code
signing certificate for Java.
•This system is a closed-environment, which means all users should login before there
can do the shopping and perform the transaction. So, since the log record exists in the
system, user activities within the system are recorded and can be tracked. Any
suspicious activities can be detected and the user tied-up with such activities can be
blocked.
•Since user need to tap the contactless smart card on multiple check point in
purchasing the product, it could prevent hackers from getting extra point from other
user or hacking to get illegal point without make the payment. This is because if
contactless card is not tapped at the particular check point, user cannot proceed to
next stage of purchase

13. CCoonncclluussiioonn &&
RReeccoommmmeennddaattiioonnss

14. TThhaannkk YYoouu