Title :
On two proposals for on-line bankcard payments using open networks: problems and solutions
Author_Institution :
Hewlett-Packard Labs., Bristol, UK
Abstract :
Recently, two major bankcard payment instrument operators VISA and MasterCard published specifications for securing bankcard payment transactions on open networks for open scrutiny. (VISA: Secure Transaction Technology, STT; MasterCard: Secure Electronic Payment Protocol, SEPP.) Based on their success in operating the existing on-line payment systems, both proposals use advanced cryptographic technologies to supply some security services that are well-understood to be inadequate in open networks, and otherwise specify systems similar to today´s private-network versions. In this paper we reason that when an open network is used for underlying electronic commerce some subtle vulnerabilities will emerge and the two specifications are seen not in anticipation of them. A number of weaknesses are found as a result of missing and misuse of security services. Missing and misused services include: authentication, nonrepudiation, integrity, and timeliness, We identify problems and devise solutions while trying to keep, the current successful working style of financial institutions being respected
Keywords :
EFTS; MasterCard; Visa; cryptography; financial data processing; protocols; security of data; MasterCard; Secure Electronic Payment Protocol; Secure Transaction Technology; VISA; bankcard payment; on-line bankcard payments; on-line payment; open network; open networks; security services; Authentication; Consumer electronics; Costs; Cryptographic protocols; Cryptography; Electronic commerce; Instruments; Internet; Laboratories; Proposals;
Conference_Titel :
Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7417-2
DOI :
10.1109/SECPRI.1996.502682
