Title :
The power of credit card numbers and long CVVs
Author :
Oliveira, Valentim ; Silva, Tito
Author_Institution :
Fac. de Eng., Univ. Catolica Portuguesa, Sintra, Portugal
Abstract :
Many protocols have been proposed to guarantee the security of payments on the internet, however their adoption has failed. Meanwhile the credit card number together with the expiry date and the CVV2 has been widely adopted. In recent years cybercriminals have been able to break into systems and intercept communications harvesting hundreds of millions of records of card data or payment transactions. This study proposes a complementary approach that withdraws value out of payment transaction data so that in the case of compromise the criminals will have limited success in executing fraudulent transactions. The proposed technique makes use of a Long CW (LCW) to substitute the CW2. In each transaction only parts of the LCW will be used thus not revealing the entirety of the secret in possession of the cardholder. Implementation of the proposed scheme is of very low impact, user friendly and has a very high degree of effectiveness against most relevant attacks.
Keywords :
Internet; credit transactions; fraud; protocols; security of data; smart cards; transaction processing; CVV2; Internet; card verification value 2; credit card number; expiry date; fraudulent transaction; payment transaction data; protocols; Credit cards; Decision support systems; Internet; Malware; Probability; Protocols; CVC2; CVV2; coupon collectors problem; credit card number; e-commerce; e-payment;
Conference_Titel :
Network and System Security (NSS), 2011 5th International Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-0458-1
DOI :
10.1109/ICNSS.2011.6060017
