A SECURE ONLINE PAYMENT SYSTEM

Pant, Shristi

01 January 2011

An online payment system allows a customer to make a payment to an online merchant or a service provider. Payment gateways, a channel between customers and payment processors, use various security tools to secure a customer’s payment information, usually debit or credit card information, during an online payment. However, the security provided by a payment gateway cannot completely protect a customer’s payment information when a merchant also has the ability to obtain the payment information in some form. Furthermore, not all merchants provide a secure payment environment to their customers and, despite having a standard payment policy, adhere to it. Consequently, this exposes a customer’s payment information to risks of being compromised or misused by merchants or stolen by hackers and spammers. In this thesis we propose a new approach to payment systems in which a customer’s payment information cannot be obtained by a merchant. A customer sends his payment information directly to a payment gateway and a payment gateway, upon verifying the transaction, sends a payment to the appropriate merchant. We use the Pedersen commitment scheme along with dual signatures to securely transfer funds to a merchant and protect a customer’s payment information from any Internet vulnerabilities.

Online Payment Systems

Payment Gateways

Pedersen Commitment

Secure Electronic Transaction

Dual Signatures

Computer Sciences

Elektroninės komercijos saugumas / ECommerce security

Budrionis, Andrius

09 July 2011

Darbe nagrinėjami šiuo metu rinkoje naudojami elektroninių atsiskaitymų modeliai ir jų saugumo problemos. Kadangi elektroninių transakcijų metu operuojama svarbiais ir konfidencialiais duomenimis, aukštesnio saugumo lygio užtikrinimo problema visada išlieka itin aktuali. Darbe išnagrinėtos dažniausiai sutinkamos elektroninių atsiskaitymų schemos (tiesioginis atsiskaitymas ir atsiskaitymas per Paypal sistemą), jų saugumo užtikrinimo principai, technikos ir spragos. Atsižvelgiant į dabartinius rinkos poreikius ir informacijos saugumo spragas šiuo metu naudojamuose modeliuose, suprojektuotas aukštesnio saugumo lygio elektroninių atsiskaitymų modelis ir realizuotas šio sprendimo prototipas. Šio prototipo projektas ir realizacija gali būti naudojamos kaip rekomendacijos kūrėjams, tobulinantiems elektroninių atsiskaitymų modelių saugumą. / The work deals with electronic payment models used in the market and their security problems. As electronic transactions operate with important and confidential data, ensuring higher level of security is always an actual issue. The study generally concerns the main electronic payment schemes (direct payment and payment through Paypal), their safety principles, technical decisions and security ensuring gaps. Considering the current market needs and information security gaps in current eCommerce models, a new, ensuring higher level of security in electronic payments, model was designed and a prototype of this decision was implemented. The prototype design and implementation may be used as recommendations for developers, improving electronic payment security models.

Elektrininės komercijos saugumas

E-commerce security

Saugūs elektroniniai atsiskaitymai

Secure e-payments

Elektroninės komercijos modelis

E-commerce model

Elektroninių atsiskaitymų modulis

E-payment module

E-payments module prototype

Saugi elektroninė transakcija

Secure electronic transaction

E-parašo infrastruktūra

E-signature infrastructure