The main incentive for the use of electronic commerce (E-commerce) and spread on a large scale is that most of business activities need payment system. As E-commerce requires an efficient payment system which is stable and secure for supporting electronically commerce. This paper proposed to enforce SET, SSL protocols for encrypting e-payment information. It also presented several methods to take under consideration to avoid fraud and keep our site safe.
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...Syeful Islam
In the era ofinternet, most ofthe people all over the world completed their transaction
on internet. Though the user of electronic transaction or E-money transaction system
increase rapidly but the majority person are concern about the security of this system.
The growth in online transactions has resulted in a greater demand for fast and accurate
user identification and authentication. Conventional method of identification based on
possession of ID cards or exclusive knowledge like a social security number or a
password are not all together reliable. Identification and authentication by individuals'
biometric characteristics is becoming an accepted procedure that is slowly replacing the
most popular identification procedure – passwords. Among all the biometrics, fingerprint
based identification is one of the most mature and proven technique. Along with the
combination of conventional system, biometric security, Global positioning system(GPS)
and mobile messaging we have design an algorithm which increase security ofelectronic
transaction and more reliable to user. A three layer security model to enhancing security
ofelectronic transaction is proposed in this paper.
Security Architecture for On-Line Mutual Funds Trading With Multiple Mobile A...CSCJournals
In this paper we propose a security architecture for the transaction procedure of On-Line Mutual Fund Trading system which is implemented using multi mobile agents that helps an individual, who is a kind of Do It yourself investor to invest her/his money in mutual funds online. Here, we modify, design and implement the global standard which provides security for transaction processing in E-Commerce i.e. Secure Electronic Transactions (SET). This eliminates the fraud that normally occurs during money transaction on-line. Modified SET protocol provides authentication of the participants, non-repudiation, data integrity and confidentiality. These features give a guarantee of security during payment procedure. The system is implemented on Aglets Framework - ASDK2.0.2 which is Mobile Agent Development platform and using java programming language. The issues of security and performance are analyzed.
e-banking and security are important for any business. Hover what are the challenges faced and what is the gap between customer and security expectations.
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...Syeful Islam
In the era ofinternet, most ofthe people all over the world completed their transaction
on internet. Though the user of electronic transaction or E-money transaction system
increase rapidly but the majority person are concern about the security of this system.
The growth in online transactions has resulted in a greater demand for fast and accurate
user identification and authentication. Conventional method of identification based on
possession of ID cards or exclusive knowledge like a social security number or a
password are not all together reliable. Identification and authentication by individuals'
biometric characteristics is becoming an accepted procedure that is slowly replacing the
most popular identification procedure – passwords. Among all the biometrics, fingerprint
based identification is one of the most mature and proven technique. Along with the
combination of conventional system, biometric security, Global positioning system(GPS)
and mobile messaging we have design an algorithm which increase security ofelectronic
transaction and more reliable to user. A three layer security model to enhancing security
ofelectronic transaction is proposed in this paper.
Security Architecture for On-Line Mutual Funds Trading With Multiple Mobile A...CSCJournals
In this paper we propose a security architecture for the transaction procedure of On-Line Mutual Fund Trading system which is implemented using multi mobile agents that helps an individual, who is a kind of Do It yourself investor to invest her/his money in mutual funds online. Here, we modify, design and implement the global standard which provides security for transaction processing in E-Commerce i.e. Secure Electronic Transactions (SET). This eliminates the fraud that normally occurs during money transaction on-line. Modified SET protocol provides authentication of the participants, non-repudiation, data integrity and confidentiality. These features give a guarantee of security during payment procedure. The system is implemented on Aglets Framework - ASDK2.0.2 which is Mobile Agent Development platform and using java programming language. The issues of security and performance are analyzed.
e-banking and security are important for any business. Hover what are the challenges faced and what is the gap between customer and security expectations.
Internet based e-commerce has besides, great advantages, posed many threats because of its being what is popularly called faceless and borderless.Privacy has been and continues to be a significant issue of concern for both current and prospective electronic commerce customers. In addition to privacy concerns, other ethical issues are involved with electronic commerce. The Internet offers unprecedented ease of access to a vast array of goods and services. The rapidly expanding arena of "click and mortar" and the largely unregulated cyberspace medium have however prompted concerns about both privacy and data security.
The International Journal of Engineering and Science (The IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
MOBILE SIMPLE PAYMENT SYSTEM DEVELOPMENT FOR ONLINE DONATION INVIGORATIONIAEME Publication
The simple payment service is becoming generalized as a payment and settlement means, covering consumers' online shopping, banking/financing, payment, remittance, and transfer, due to IT development and the FinTech industry's expansion. Due to changes in the payment means environment, donation or diverse donation activities started to become digitalized by adopting simple payment platforms. This study presents the mobile simple payment system construction strategy formed by the Korean Red Cross (KRC) and its execution method and results. This study aims to specifically present how online donation invigoration needs to be led and how the simple payment system can be used by non-governmental organizations (NGOs) and the relevant institutions that need to encourage contributions and donation activities according to change of the temporal environment. As a result of the case study, the mobile notice authentication and simple payment use rates of the elderly were very low. If an online system had been used for donation like other digital services, this study found that an increase in education for e-literacy in smartphones and services concerning the elderly is essential. Also, it was found that there is a need to consider IT companies' diverse technology types and open collaboration types on the access modes.
A Review of Information Security from Consumer’s Perspective Especially in On...Dr. Amarjeet Singh
In the current internet technology, most of the transactions to banking system are effective through online transaction. Predominantly all these e-transactions are done through e-commerce web sites with the help of credit/debit cards, net banking and lot of other payable apps. So, every online transaction is prone to vulnerable attacks by the fraudulent websites and intruders in the network. As there are many security measures incorporated against security vulnerabilities, network thieves are smart enough to retrieve the passwords and break other security mechanisms. At present situation of digital world, we need to design a secured online transaction system for banking using multilevel encryption of blowfish and AES algorithms incorporated with dual OTP technique. The performance of the proposed methodology is analyzed with respect to number of bytes encrypted per unit time and we conclude that the multilevel encryption provides better security system with faster encryption standards than the ones that are currently in use.
This presentation is about technology internet banking or net banking which is very essential and helpful in our daily life..so in this ppt basic and some advance concepts are highlighted. i am sure this will be very much help full for u
Internet based e-commerce has besides, great advantages, posed many threats because of its being what is popularly called faceless and borderless.Privacy has been and continues to be a significant issue of concern for both current and prospective electronic commerce customers. In addition to privacy concerns, other ethical issues are involved with electronic commerce. The Internet offers unprecedented ease of access to a vast array of goods and services. The rapidly expanding arena of "click and mortar" and the largely unregulated cyberspace medium have however prompted concerns about both privacy and data security.
The International Journal of Engineering and Science (The IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
MOBILE SIMPLE PAYMENT SYSTEM DEVELOPMENT FOR ONLINE DONATION INVIGORATIONIAEME Publication
The simple payment service is becoming generalized as a payment and settlement means, covering consumers' online shopping, banking/financing, payment, remittance, and transfer, due to IT development and the FinTech industry's expansion. Due to changes in the payment means environment, donation or diverse donation activities started to become digitalized by adopting simple payment platforms. This study presents the mobile simple payment system construction strategy formed by the Korean Red Cross (KRC) and its execution method and results. This study aims to specifically present how online donation invigoration needs to be led and how the simple payment system can be used by non-governmental organizations (NGOs) and the relevant institutions that need to encourage contributions and donation activities according to change of the temporal environment. As a result of the case study, the mobile notice authentication and simple payment use rates of the elderly were very low. If an online system had been used for donation like other digital services, this study found that an increase in education for e-literacy in smartphones and services concerning the elderly is essential. Also, it was found that there is a need to consider IT companies' diverse technology types and open collaboration types on the access modes.
A Review of Information Security from Consumer’s Perspective Especially in On...Dr. Amarjeet Singh
In the current internet technology, most of the transactions to banking system are effective through online transaction. Predominantly all these e-transactions are done through e-commerce web sites with the help of credit/debit cards, net banking and lot of other payable apps. So, every online transaction is prone to vulnerable attacks by the fraudulent websites and intruders in the network. As there are many security measures incorporated against security vulnerabilities, network thieves are smart enough to retrieve the passwords and break other security mechanisms. At present situation of digital world, we need to design a secured online transaction system for banking using multilevel encryption of blowfish and AES algorithms incorporated with dual OTP technique. The performance of the proposed methodology is analyzed with respect to number of bytes encrypted per unit time and we conclude that the multilevel encryption provides better security system with faster encryption standards than the ones that are currently in use.
This presentation is about technology internet banking or net banking which is very essential and helpful in our daily life..so in this ppt basic and some advance concepts are highlighted. i am sure this will be very much help full for u
Analysis of Security Algorithms used in E-Commerce and ATM TransactionsIJERD Editor
E-commerce is trading ofproducts or services using computer and Internet. It mainly revolves around
the Internet for it‟s functioning. Virtual mall, buying selling websites or domains, providing secure business
transactions, collection and use of demographic data comes under e- commerce. E-commerce security is an
important part for the framework and it is applied to the components that affect the vendor and the end user
through their daily payment and interaction with business. Since it involves various transactions, E-commerce
offers the banking industry a great opportunity but it also creates various risks and security threats. We can say
in the near future people would like to carry their transactions though mobile devices instead of carrying
currency in their wallets. Due to this the security of sensitive customer information is necessary. Thereare many
security protocols and algorithms used in securing credit card transactions over the Internet and we will discuss
and analyze the major ones.
Design and develop authentication in electronic payment systems based on IoT ...TELKOMNIKA JOURNAL
Biometrics is a highly reliable technology where it has become possible to use the characteristics of a person or user (biometrics) along with traditional passwords, and we can even say that it has become an indispensable complement in modern authentication systems today, especially with regard to bank accounts, banks, financial technology (FinTech) internet of things (IoT) devices and all a process related to money and privacy, and biometric methods are multiple and increasing day by day, the most famous of which is (iris, face chart, palm, fingerprint, and others). Biometric systems are immune and immune from modern electronic attacks, such as plagiarism or electronic theft, because the authentication here takes place when all conditions are met. Then the authentication is done and the process is completed, and the aim is to reach the highest levels of accuracy and security and to make the user more comfortable to deal with these modern systems that provide him with many advantages and high privacy.
Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...IJRESJOURNAL
ABSTRACT:Most of the current payment methods that can be used in conducting transactions on the Internet have major drawbacks either in terms of functionality, usability, costs or security. The only widely accepted way of securely and reliably authorizing electronic payment transactions is through the use of digital signatures in a public key infrastructure (PKI) framework which is computationally expensive. This paper presents an electronic payment(E-Payment) authorization system where two factor authentication (T-FA) was utilized for the authorization of payment transactions. The description approach is based on UML notation ,the functional processes are presented as use cases, the classes that make up the system structures were presented and the system was implemented on java technology with MS ASP for the web presentation and MS SQL for the DBMS. The system enables securely authorizing payment transactions using the Internet channel.
E-Payment System on E-Commerce in IndiaIJERA Editor
E-commerce provides the capability of buying and selling products, information and services on the Internet and other online environments. In an e-commerce environment, payments take the form of money exchange in an electronic form, and are therefore called Electronic Payment. E-Payment system is secure there should be no threat to the user credit card number, smart card or other personal detail, payment can be carried out without involvement of third party, It makes E payment at any time through the internet directly to the transfer settlement and form E-business environment. Studied have been carried out on E-Payment system .E-Payment system an integral part of electronic commerce.An efficient payments system reduces the cost of exchanging goods and services, and is indispensable to the functioning of the interbank, money, and capital markets. Questions are related to E-Payment system in which given options are Agree, Disagree, Strongly disagree, Strongly agree, Neutral. After analysis and comparison of various modes of electronic payment systems, it is revealed that it is quite difficult, if not impossible, to suggest that which payment system is best. Some systems are quite similar, and differ only in some minor details. Thus there are number of factors which affect the usage of e-commerce payment systems. Among all these user base is most important success of e-commerce payment systems also depends on consumer preferences, ease of use, cost, industry agreement, authorization, security, authentication, non-refutability, accessibility and reliability and anonymity and public policy
The vast spreading of information in the last decade has led to great development in e-commerce. For instance, e-trade and e-bank are two main Internet services that implement e-transaction from anyplace in the world. This helps merchant and bank to ease the financial transaction process and to give user friendly services at any time. However, the cost of workers and communications falls down considerably while the cost of trusted authority and protecting information is increased. E-payment is now one of the most central research areas in e-commerce, mainly regarding online and offline payment scenarios. In this paper, we will discuss an important e-payment protocol namely Kim and Lee scheme examine its advantages and delimitations, which encourages the author to develop more efficient scheme that keeping all characteristics intact without concession of the security robustness of the protocol. The suggest protocol employs the idea of public key encryption scheme using the thought of hash chain. We will compare the proposed protocol with Kim and Lee protocol and demonstrate that the proposed protocol offers more security and efficiency, which makes the protocol workable for real world services.
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System IJECEIAES
Contactless payments devised for NFC technology are gaining popularity. Howbeit, with NFC technology permeating concerns about arising security threats and risks to lessen mobile payments is vital. The security analysis of NFC-enabled mobile payment system is precariously imperative due to its widespread ratification. In mobile payments security is a prevalent concern by virtue of the financial value at stave. This paper assays the security of NFC based mobile payment system. It discusses the security requirements, threats and attacks that could occur in mobile payment system and the countermeasures to be taken to secure pursuance suitability.
Design and Implementation of Electronic Payment Gateway for Secure Online Pay...ijtsrd
In e commerce, main problem is to be more secure for payment systems and disputation between online merchant and customer. To solve this problem, this paper presents design and implementation of Electronics Payment Gateway for online payment system. In this system, a customer's financial information credit or debit card information is sent directly to a Payment Gateway also called Trusted Third Party, TTP instead of sending it through an online merchant. The Payment Gateway can support more secure for online payment system. In this system, Secure Socket Layer SSL with RivestShamirAdleman RSA is used to enhance more secure connection in payment process. In secure online payment system, end to end encryption is required to maintain the integrity of transactions carried out online. RSA is more secure because its factors are large integers and key size is large, which increases the security. The electronic payment gateway provides the confidentiality by using RSA for online payment transactions and trusted third party to recover the disputation between online merchant and customer. Kyaw Zay Oo "Design and Implementation of Electronic Payment Gateway for Secure Online Payment System" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26635.pdfPaper URL: https://www.ijtsrd.com/engineering/information-technology/26635/design-and-implementation-of-electronic-payment-gateway-for-secure-online-payment-system/kyaw-zay-oo
Improving System Security and User Privacy in Secure Electronic Transaction (...IJERA Editor
With the advancement of internets, user’s transaction is at ease, timely manner and effective wise through online payment method, so also cybercriminals become increasingly more prompt in areas like e-commerce sites, financial institutions, payment processes and other online transactions. Therefore the need for the system security and privacy became the central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Using SET as an open encryption and security specification designed to protect credit card transaction on the internet. This paper proposes a new approach for increasing security by avoiding privacy violation using Public Key Infrastructure, X.509 certificate and Format Preservation encryption method, the credit card number is encrypted using public key algorithm and re-encrypted using Format preservation Encryption algorithm and finally stored in the X.509 version 3 certificate private extensions. This technique can be used to improve the security of the user credit card information against card fraud or the compromise of data associated with the account.
One time password(OTP) is the
authentication method used in online banking system today.
Hackers are getting better each day at cracking sensitive
information. Once this happened, they can gain access to our
private network and steal our sensitive business information. A
common technology used for the delivery of OTPs is text
messaging.OTP over SMS might not be encrypted by any serviceprovider.
In addition, the cell phones which is used to receive the
SMS also play an important role, in which more than one phone
comes into account. The vulnerable parts of the cell phone
network can be mount to man-in-the-middle attack[13]. To
overcome the difficulties the virtual password concept is
introduced. The virtual password concept involves a small
amount of human computing to secure user’s passwords in online
environments. To provide high security, we enhance the
existing system with virtualization concept [1]. Hacker may guess
our password but he cannot access our account because he
cannot access virtual password. The major hacking threats like
phishing, key-logger, shoulder-surfing attacks, and multiple
attacks cannot affect our schema. In user-specified functions, we
adopted secret little functions in which security is enhanced.
Virtual password is a password that is valid for only one login
session or transaction and after that it becomes obsolete [12]. The
calculation of the virtual password is done at the client side which
reduces the delay of time in receiving OTP via SMS. To make the
client more convenient in calculating the virtual password an
application is used which reduces the work of the client. This
method is more instant than the traditional OTP system used
today.
All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex
As online transactions become an integral part of our daily lives, the importance of robust online payment security methods cannot be overstated, especially when you want to start your own payment gateway business. Visit us at: https://itio.in/
Similar to ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT (20)
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
1. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
DOI:10.5121/ijcsit.2017.9210 113
ENFORCING SET AND SSL PROTOCOLS IN E-
PAYMENT
Nancy Awadallah
Department of Computer and Information Systems, Sadat Academy for Management
Sciences, Egypt
ABSTRACT
The main incentive for the use of electronic commerce (E-commerce) and spread on a large scale is that
most of business activities need payment system. As E-commerce requires an efficient payment system
which is stable and secure for supporting electronically commerce. This paper proposed to enforce SET,
SSL protocols for encrypting e-payment information. It also presented several methods to take under
consideration to avoid fraud and keep our site safe.
KEYWORDS
E-commerce, E-payment, Security risks, SET, SSL.
1. INTRODUCTION
E-payment process is essential issue to electronic transactions. The e-commerce picture is not
complete without successful e-payment steps.
Fraud amount in e-payment has increased and become major concern for web clients [16].
The security requirements for e-payment or e-commerce in general, such as message privacy,
message integrity, authentication, authorization, non - repudiation, and secure payment [17].
Authentication and Security in E-commerce should not be inflicting harm of users’ privacy [18].
Personal information should be protected which involved in all steps of a payment on the Internet.
The banking industry strategy is centered on identity spoofing and user authentication.
In E-commerce, the information travels via the most popular E-commerce transactions secure
protocols SSL and SET [19] as discuss in section 4.
2. LITERATURE REVIEW
Authentication and a secure connection between the client and the service provider website are
considered the beginning point for any service online via using a protocol such as SSL (Secure
Socket layer).
A. Kr. Luhach ,S. K. Dwivedi et C. K. Jha , discussed the using E-commerce with SOA and it’s
importance and defines the problems in the existing security of E-commerce platforms. They also
suggested a design of SOA security framework for supported E-commerce system [2].
2. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
114
Y. Jing , proposed a 3D model framework for e-commerce security system structure and
presented variety of countermeasures to solve e-commerce security problems such as : security
strategy , legal protection , social moral norms , perfect management strategy[3] .
Eric W.K et al, used six design attributes defined by a group of specialists and E-payment service
users using the Delphi method, an online conjoint experiment is conducted [4].
A.Takyi, P. O. Gyaase, developed a model of a protocol which ensures convenience ,security,
verification of merchant ,cardholder authentication, and requires authentication from the
cardholder. Cardholder, issuer, merchant, and acquirer are considered into account [5].
M. Z. Ashrafi and S. K. Ng ,proposed a preserving e-payment scheme that ensure authenticity
while keeping the customer’s sensitive details secret from the respective parties involved in the
online transaction [14].
A. Plateaux et al ,proposed a detailed description and an analysis of the 3D-Secure protocol,
through a new privacy-orienting model for e-payment architectures.
Z. Chen , said that it's important to understand the e-commerce platform, integrate network
technology which is applied in the application of electronic commerce, the technology,
knowledge, management and human resources in one [24].
3. ONLINE PAYMENT SYSTEMS AND PROCESS
E-payment process including security issues such as verification, identification, and
authentication with different and competing interests.
Account-Based
Credit Cards: once using the cardholder’s name, credit card number and expiry dates are
done the Authentication is done.
Fraudsters could use this information [9][10].
Debit Card: value of online transaction is discounted immediately to the cardholder’s
bank account [9].
Mediating Systems: PayPal payment is a mediating service for online transactions.
Mobile Payment Systems: are represented by wireless devices. [11].
Online Banking: Electronic bill will enter customer payment details are automatically and the
payer only authorizes.
Electronic Currency Systems
It includes smart cards and online cash systems [10][12][20].
3. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
115
3.1 E-Payment Process
No business can be found without a payment system. The famous form of B2C payment is
accepting credit cards over the Internet. Physical world paying for goods and services is moving
to mobile devices.
3.1.1 The process for accepting credit card payments
Users’ credit- and debit-card information are stored in PayPal servers [1].
3.1.2 Receiving Payments Using PayPal
The payment process is a transformation process as it converts the “commerce” concept into “e-
commerce.” A payment processor and gateway are two kinds of payment systems that customer
should consider for website:
Payment processors, such as PayPal will send a customer to a checkout page that is hosted by the
processing company. But, payment gateways, such as Authorize.net integrate directly with site
shopping cart and the transaction is invisible to the customer.
Figure 1. Online credit card transaction
4. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
116
4. E-PAYMENT SYSTEM REQUIREMENTS
Personal data involved in online payment must be protected against threats.
The personal information is divided in three parts, the first one is the identity information which
includes the information about the client’s identity, the second one is the information includes the
detailed data linked to the expected service, the third part is banking information which includes
client’s the personal account number and bank name [15].
There are requirements should be taken into account in the e-payment system:
-The confidentiality of transactions
-The integrity of transmitted information
-The confidentiality of client’s identity towards the Service Provider
- The client’s authentication
- The banks authentication
- The non-reusability
- The confidentiality of order information
- The confidentiality of banking information [15]
In table 1., we introduce definitions of dimensions risks of using the E-payment service .
Table 1. E-payment service dimensions risks [4]
4.1 Security Risks in Mobile Devices
Computers are considered tool to attack information systems, it’s growing rapidly and becoming
dangerous.
Mobile devices security concerns are:
- Identity theft is represented by (30%)
- Downloading malicious applications are represented by (33%);
- Data theft from the device are represented by (44%);
- Mobile devices infected by malware (60%)
- Loss of devices that include sensitive information (66%) [23].
Cyberwarefare refers to The attack usually is done through viruses, DoS, or botnets.
• Cyberwarfare, includes threats: Online acts of spy and security breaches .
Dimension of perceived risk Definition
Privacy E-payment usage may exposes to customer
identity theft.
Time Losses to time, and effort caused by wasting
time setting up purchasing and researching.
Performance Performance problems, that cause the E-
payment service to not perform as expected.
Financial potential Internet fraud due to financial losses
because of
5. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
117
• Sabotage, which means using the Internet to prevent online communications to cause
damage.
5. E-COMMERCE SECURITY PROTOCOLS
SMS is vulnerable to snooping, spoofing, message interception, and social-engineering based
bypasses of security measures these technologies used have weak security.
5.1 SET: Secure Electronic Transactions
SET is a protocol used to secure payment transactions and authenticate the parties involved in the
transaction. It provides confidentiality of the information as using cryptography and digital
certificates for ensuring of payment integrity, and authenticates cardholders, banks and
merchants, so it achieves the trust needed for consumers.
Figure 2. Secure Electronic Transactions
5.1.1 SET Protocol for Encrypting Payment Information
According to step 2: “Encrypted payment info “, in this section we will process this step in
programming way using PHP tool.
The Mcrypt module is one of the easiest solutions that allows high-grade encryption, add-in for
PHP. The Mcrypt library ensures that only users can decrypt data.
The following Mcrypt functions that use to encrypt and decrypt data:
Customer’s Bank (Issuer) Merchant’s Bank
4. Bank checks with issuer for payment authorization
5. Bank checks with issuer for payment authorization
Visa
Merchant
9. Issuer sends credit card bill to customer
1. Customer browses and decides to purchase
7. Merchant completes order
2. SET sends order and payment information
3. Merchant
forwards
payment
information to
bank
6. Bank
authorizes
payment
8.
Merchant
captures
transaction
Customer
6. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
118
<?php
$desc = "Stuff you want encrypted";
$k = "Secret passphrase used to encrypt your data";
$cp = "MCRYPT_SERPENT_256";
$md = "MCRYPT_MODE_CBC";
function encrypt($desc, $k, $cp, $md) {
// Data Encryption
return (string)
base64_encode
(
mcrypt_encrypt
(
$cp,
substr(md5($k),0,mcrypt_get_key_size($cp, $md)),
$desc,
$md,
substr(md5($k),0,mcrypt_get_block_size($cp, $md))
)
);
}
function decrypt($desc, $k, $cp, $md) {
// Data Decryption
return (string)
mcrypt_decrypt
(
$-cp,
substr(md5($k),0,mcrypt_get_key_size($cp, $md)),
base64_decode($desc),
$mode-md,
substr(md5($k),0,mcrypt_get_block_size($cp, $md))
);
}
?>
Information which be required by mcrypt() function :
• Encrypted data (desc).
• The key (k) used to unlock and encrypt customer data.
• The cipher (cp) used for data encryption.
• The mode (md) used to encrypt the data.
In the case of user data and user passphrase are stolen, they can search the ciphers until finding
the correct one. using the md5() function on the key before we use it is considered the additional ,
as in case of having both passphrase and data ,the intruder won't get what they want.
5.2 SSL : Secure Socket Layer
This protocol using a combination of public - private key cryptography and digital certificate [13]
so it provides communications privacy over the Internet. SSL provides a private between the
server and the client.
A handshake between the cardholder’s browser and the merchant server has a role in the
encryption process of the information transmitted by the cardholder [7] [8].
7. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
119
Figure 3 shows transferring sensitive data over the internet via SSL connection in order to,only
the server is authenticated using a digital certificate.
Figure 3. SSL Secured Connection Steps [25]
5.2.1 SSL Protocol for Securing Data
We need to force the web pages with sensitive data to be accessed through SSL as it’s important
to use it for securing the data that passes between the server and the client’s browser. In case for
example, if customer tried to access the next link http://localhost/mobileshop/credit-card-details/ ,
the customer should be redirected to https://localhost/mobileshop/credit-card-details/
At the same time, enforcing SSL protocol will not needed in all places of the site, and because
that makes web pages invisible to search engines and reduces performance.
We want to make sure that the, customer logout, customer registration, and modification pages
detail of customer are accessible only via SSL.
To redirect the page to https page to be secured, the next example processes this issue. (the code
is written by php language ).
In the customer page which be filled with (his/ her) data, we will add the next method to code:
// Page with Sensitive Data
private function _IsSensitivePage()
{
if (isset($_GET['Cust_Register'])
isset($_GET['Cust_Account'])
isset($_GET['Cust_CreditCard'])
isset($_GET['Cust_Address'])
isset($_GET['Cust_Checkout'])
isset($_POST['Cust _Login']))
return true;
8. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
120
return false;}
In the __constructor() method , we add the next code :
// Class constructor
public function __construct()
{
$is_https = false;
// Is the page being accessed through an HTTPS connection?
if (getenv('HTTPS') == 'on')
$is_https = true;
// Use HTTPS when accessing sensitive pages
if ($this->_IsSensitivePage() && $is_https == false && USE_SSL != 'no')
{
$redirect_to =
Link::Build(str_replace(VIRTUAL_LOCATION, '', getenv('REQUEST_URI')),
'https');
header ('Location: '. $redirect_to);
exit();
}
// Don't use HTTPS for non-sensitive pages
if (!$this->_IsSensitivePage() && $is_https == true)
{
$redirect_to =
Link::Build(str_replace(VIRTUAL_LOCATION, '', getenv('REQUEST_URI')));
header ('Location: '. $redirect_to);
exit();
}
$this->mSiteUrl = Link::Build('');
}
After this addition, load http://localhost/mobileshop/credit-card-details/
will redirect us to https://localhost/mobileshop/credit-card-details/ .
6. METHODS TO PROTECT E-COMMERCE SITE FROM FRAUD AND HACKING
The potential risk which be executed by hackers are Stealing credit card and other sensitive
information from E-commerce sites. To reassure and protect the e-commerce site’s users, it's
necessary to know how to protect sensitive customer data. The next table (table 2) describes
different methods to how we can prevent fraud and keep our site safe.
7. CONCLUSION
SET and SSL are the major common Ecommerce security protocols. Each protocol has its use, its
own encryption mechanism, its strategy and its products. In this paper, author discussed the two
protocol and how we can use PHP programming to encrypt e-payment information and secure
sensitive data.
At the same time it is not an easy to take a rule for using sensitive data via internet, (sensitive data
is represented in any private information such as credit card number, passwords. So in this paper,
author also introduced several methods to take under consideration to avoid fraud and keep our
site safe.
Table 2. Methods to protect E-commerce site
9. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
121
REFERENCES
[1] N. Leavitt,”Payment Applications Make E-Commerce Mobile “,IEEE Computer Society, 2010 .
[2] A. Kr. Luhach ,S. K. Dwivedi , C. K. Jha ,” Designing a logical security framework for E-commerce
system based on SOA” , International Journal on Soft Computing (IJSC) , Vol. 5, No. 2, 2014 .
[3] Y. Jing , “On-line Payment and Security of E-commerce “ , Proceedings of the 2009 International
Symposium on Web Information Systems and Applications (WISA’09),China , pp. 046-050,2009 .
[4] E.W.K. See-To, K.K.W. Ho, “A study on the impact of design attributes on E-payment service utility
“,Information & Management 53 pp. 668–681, 2016 .
[5] A.Takyi,P. O. Gyaase ,”Enhancing Security of Online Payments: A Conceptual Model for a Robust
E-Payment Protocol for E-Commerce “ , Springer-Verlag Berlin Heidelberg , pp. 232–239,2012 .
[6] Hall, J., Kilbank, S., Barbeau, M., Kranakis, E.: WPP,” A Secure Payment Protocol for Supporting
Credit Card Transaction Over Wireless Network”, IEEE International Conference on
Telecommunications (ICT), Bucharest ,Romania, 2001.
[7] Hwang, J.-J., Yeh, T.-C., Li, J.-B.,” Securing On-line Credit Card Payments Without Disclosing
Information”, Computer Standards and Interfaces,119–129 ,2003.
[8] Li, Y.,” The Design of the Secure Payments Systems Based on SET Protocol”, International
Conference on Computer Science and Information Technology, 2008.
[9] Sumanjeet, S.,” Emergence of Payment Systems in the Age of Electronic Commerce”,the State of Art.
Global Journal of International Business Research, 17–36 ,2009 .
[10] Turban, E., Lee, J.K., King, D., Liang, T.P., Turban, D.,” Electronic Commerce: Managerial
Perspective” 2010.Prentice Hall ,2010.
[11] Xiao, H., Christianson, B., Zhang, Y.,” A Purchase Protocol with Live Cardholder Authentication for
Online Payment.”,The Fourth International Conference on Information Assurance and Security ,2008.
Method Description
For online checkout ,use a secure
connection
(as explained in section 5.2)
Use SSL authentication for data protection. We use a
payment gateway to validate credit cards that uses live
address verification services right on our checkout.
Sensitive data shouldn’t store Don’t store a huge amount of records on your customers.
Require strong passwords Requiring the use of symbols or numbers and a minimum
number of characters from customers.
Using system alerts for suspicious
activity
Using an alert notification for any up normal transactions
coming through from the same IP address.
Make a Layer for security To keep your business safe from any criminals is layering
the security. It is possible to add website layers of security
and applications such as search queries, contact forms.
Patch your systems Patch everything immediately.
Having a DDoS protection With Distributed Denial of Service ( DDoS ) attacks
increasing sophistication .E-commerce sites should deal
with cloud-based DDoS protection .
A fraud management service should
be considered
Companies of credit card offer fraud management and
chargeback management services.
10. International Journal of Computer Science & Information Technology (IJCSIT) Vol 9, No 2, April 2017
122
[12] Bellare, M., Garay, J.A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G.,
Herreweghen, E.V., Waidner,” Design, Implementation and Deployment of the iKP Secure Electronic
Payment System “, IEEE Jurnal of Selected Areas in Communication 18(4) , 2000.
[13] J. Guitart ,D. Carrera, V.Beltran, J. Torres, E.Ayguade´,“ Designing an overload control strategy for
secure e-commerce applications” , Computer Networks 51 , pp. 4492–4510, 2007.
[14] M. Z. Ashrafi , S. K. Ng , “Enabling Privacy-preserving e-payments using one-time payment details”,
Computer Standards & Interfaces 31 ,pp. 321–328, 2009.
[15] A. Plateaux ,P. Lacharme, V. Coquet, S. Vernois ,K. Murty ,C. Rosenberger , “An e-payment
Architecture Ensuring a High Level of Privacy Protection” , Institute for Computer Sciences, Social
Informatics and Telecommunications Engineering , pp. 305–322, 2013 .
[16] Espelid, Y., Netland, L.–H., Klingsheim, A.N., Hole, K.J.,” A proof of concept attack against
norwegian internet banking systems “, Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 197–201.
Springer, Heidelberg ,2008 .
[17] W. Kou, “Payment Technologies for E-Commerce “, Springer, Verlag Berlin, Heidelberg, 2003.
[18] Katsikas, S.K., L´opez, J., Pernul, G.,” Trust, privacy and security in E-business:
Requirements and solutions ”, In: Bozanis, P., Houstis, E.N. (eds.) PCI 2005. LNCS,
vol. 3746, pp. 548–558. Springer, Heidelberg , 2005.
[19] S.E.T. Secure electronic transaction specification. Book 1: Business Description.
Version, 1 (2002).
[20] W. Kou , “Introduction to E-Payment: An Essential Piece of the E-Commerce Puzzle” , Payment
Technologies for E-Commerce, Springer-Verlag Berlin Heidelberg ,2003 .
[21] S. E. Fienberg ,”Privacy and Confidentiality in an e-Commerce World: Data Mining, Data
Warehousing, Matching and Disclosure Limitation”, Statistical Science, Vol. 21, No. 2, A Special
Issue on Statistical Challenges and Opportunities in Electronic Commerce Research (May, 2006), pp.
143-154.
[22] W.Wop ,“Fraud Risks in E-commerce Transactions”,The Geneva Papers on Risk and Insurance ,Vol.
27 No. 3, pp. 383-394, July 2002.
[23] Davis, M. A. ,“2012 Strategic Security Survey.” Information Week , May 14, 2012.
[24] Z. Chen, “Research on Network Architecture of the E-commerce Platform and Optimization of the
System Performance”, The Open Cybernetics & Systemics Journal, pp. 2266-2271, 2015.
[25] N. Kawatra, V. Kumar , “Analysis of E-Commerce Security Protocols SSL and SET ” , National
Workshop-Cum-Conference on Recent Trends in Mathematics and Computing (RTMC), 2011.