This document discusses security for online transactions. It introduces various protocols and methods used for securing online payments, including 3-D Secure, Extended Validation, SiteKey and SafePass. It explains how these different approaches work and their goals of maintaining consumer trust while securing huge money flows involved in online commerce. The document also covers future directions for research, noting challenges around user awareness and developing solutions that balance security with usability.
6. Online transactions security
Developed by Visa as Verified by Visa, Licensed by
MasterCard and American Express
XML-based protocol
In 3-D Secure 3-D stands for three domains
Acquirer Domain (bank who received the money).
Issuer Domain (bank who issued the card).
Interoperability Domain (Infrastructure supported for the 3-
DS)
6
8. Online transactions security
Phishing sites were black listed but no one can make a
prefect black list.
Extended Validation was Invented by CA/Browser
forum and Supported by all major browsers.
Used to identify the correct web domain by positive
safety indicators.
90% of the average users have no idea of how to use
Extended Validation
8
10. Online transactions security
Use by Bank of America
SiteKey is a Image that Helps customers to verify
this is the real web site before proceed with the
transaction.
SafePass feature lets customer to authorize
transactions using 6-digit Passcodes. Only used in
“Bigger” transactions.
10
12. Online transactions security
Transport Layer Security – Origin Bound Certificates
Modified version of old TLS client certificates
Origin-Bound Certificates are self-signed, browsers use
them to implement TLS Client Authentication.
The initial user-authentication phase is largely
considered.
Stand Strong against Man in the Middle (MITM) attacks.
12
14. Online transactions security
Researches are expected to be done more for
commercial usages rather than for educational and
knowledge graining purposes.
Main challenge here is to develop the average user
awareness.
To be meaningful Research outcomes should be fair
trade offs between user friendliness and security
tightness.
14