This document discusses security for online transactions. It introduces various protocols and methods used for securing online payments, including 3-D Secure, Extended Validation, SiteKey and SafePass. It explains how these different approaches work and their goals of maintaining consumer trust while securing huge money flows involved in online commerce. The document also covers future directions for research, noting challenges around user awareness and developing solutions that balance security with usability.

1. An Undergraduate Independent Study

2. Online transactions security
Introduction
Importance
Presentation Content
Future directions
Conclusion
2

3. Online transactions security
 What is an online transaction?
 Risks involved
 Challenge of providing security
3

4. Online transactions security
Online stores and Sales increasing
 Huge money flow
 Vital part of the world economy
 Maintain consumer trust
4

5. Online transactions security
 The 3-D Secure protocol (3DS)
 Extended Validation
 SiteKey
 SafePass
 TLS - OBC
5

6. Online transactions security
 Developed by Visa as Verified by Visa, Licensed by
MasterCard and American Express
 XML-based protocol
 In 3-D Secure 3-D stands for three domains
Acquirer Domain (bank who received the money).
Issuer Domain (bank who issued the card).
Interoperability Domain (Infrastructure supported for the 3-
DS)
6

7. Online transactions security
How it works…
7

8. Online transactions security
Phishing sites were black listed but no one can make a
prefect black list.
Extended Validation was Invented by CA/Browser
forum and Supported by all major browsers.
Used to identify the correct web domain by positive
safety indicators.
90% of the average users have no idea of how to use
Extended Validation
8

9. Online transactions security 9

10. Online transactions security
 Use by Bank of America
 SiteKey is a Image that Helps customers to verify
this is the real web site before proceed with the
transaction.
 SafePass feature lets customer to authorize
transactions using 6-digit Passcodes. Only used in
“Bigger” transactions.
10

11. Online transactions security 11

12. Online transactions security
 Transport Layer Security – Origin Bound Certificates
 Modified version of old TLS client certificates
 Origin-Bound Certificates are self-signed, browsers use
them to implement TLS Client Authentication.
 The initial user-authentication phase is largely
considered.
 Stand Strong against Man in the Middle (MITM) attacks.
12

13. Online transactions security 13

14. Online transactions security
Researches are expected to be done more for
commercial usages rather than for educational and
knowledge graining purposes.
Main challenge here is to develop the average user
awareness.
To be meaningful Research outcomes should be fair
trade offs between user friendliness and security
tightness.
14

15. Online transactions security 15