Efficiently Achieving Full Three-Way Non-repudiation in Consumer-Level eCommerce and M-Commerce Transactions

eCommerce has rapidly turned into a trillion dollar a year industry. Now an integral part of modern economies, it is continuing to expand, especially in the form of M- commerce. Numerous solutions have been proposed to secure consumer-level eCommerce and M-commerce transactions. The recent shift toward chip-and-PIN cards in some jurisdictions, and similar technologies that require pre-transaction customer authorization, has begun to shift the legal liability for security breaches from the financial institutions onto the customers themselves. Because it is relatively easy to acquire someone´s PIN (e.g., through shoulder surfing, cameras placed in the environment, touch sensitive overlays, or compromised debit or credit card terminals), a core issue is that customers are given no formal means by which they can prove their involvement (or lack thereof) in a given transaction. To make matters worse, the supposition becomes that they were careless with their PIN and, hence, by the card holder agreement, hold financial responsibility for the transaction(s). This work addresses said problem by developing a secure and efficient (<; 5 second) consumer-level eCommerce/M-Commerce transaction protocol that supports non-repudiation for the customer, merchant, and financial institution. Hence, post-transaction, each participant holds sufficient information to prove what the others did (or did not) do. To our knowledge this is the first transaction protocol to support such full 3-way non-repudiation.