Academic literature on the topic 'Secure Payments'

Les nouveaux protocoles de réseautage et cryptographiques peuvent considérablement améliorer les systèmes de paiement électroniques en ligne. Le présent mémoire porte sur la conception, la mise en œuvre et l’analyse sécuritaire du GNU Taler, un système de paiement respectueux de la vie privée conçu pour être pratique pour l’utilisation en ligne comme méthode de (micro-)paiement, et en même temps socialement et moralement responsable. La base technique du GNU Taler peut être dû à l’e-cash de David Chaum. Notre travail va au-delà de l’e-cash de Chaum avec un changement efficace, et la nouvelle notion de transparence des revenus garantissant que les marchands ne peuvent recevoir de manière fiable un paiement d’un payeur non fiable que lorsque leurs revenus du paiement est visible aux autorités fiscales. La transparence des revenus est obtenue grâce à l’introduction d’un protocole d’actualisation donnant lieu à un changement anonyme pour un jeton partiellement dépensé sans avoir besoin de l’introduction d’une évasion fiscale échappatoire. De plus, nous démontrons la sécurité prouvable de la transparence anonyme de nos revenus e-cash, qui concerne en plus l’anonymat habituel et les propriétés infalsifiables de l’e-cash, ainsi que la conservation formelle des fonds et la transparence des revenus. Notre mise en œuvre du GNU Taler est utilisable par des utilisateurs non-experts et s’intègre à l’architecture du web moderne. Notre plateforme de paiement aborde une série de questions pratiques telles que la prodigue des conseils aux clients, le mode de remboursement, l’intégration avec les banques et les chèques “know-your-customer (KYC)”, ainsi que les exigences de sécurité et de fiabilité de la plateforme web. Sur une seule machine, nous réalisons des taux d’opérations qui rivalisent avec ceux des processeurs de cartes de crédit commerciaux globaux. Pendant que les crypto-monnaies basées sur la preuve de travail à l’instar de Bitcoin doivent encore être mises à l’échelle pour servir de substituant aux systèmes de paiement établis, d’autres systèmes plus efficaces basés sur les Blockchains avec des algorithmes de consensus plus classiques pourraient avoir des applications prometteurs dans le secteur financier. Nous faisons dans la conception, la mise en œuvre et l’analyse de la Byzantine Set Union Consensus, un protocole de Byzantine consensus qui s’accorde sur un (Super-)ensemble d’éléments à la fois, au lieu d’accepter en séquence les éléments individuels sur un ensemble. Byzantine Set consensus peut être utilisé comme composante de base pour des chaînes de blocs de permissions, où (à l’instar du style Nakamoto consensus) des blocs entiers d’opérations sont convenus à la fois d’augmenter le taux d’opération<br>We describe the design and implementation of GNU Taler, an electronic payment system based on an extension of Chaumian online e-cash with efficient change. In addition to anonymity for customers, it provides the novel notion of income transparency, which guarantees that merchants can reliably receive a payment from an untrusted payer only when their income from the payment is visible to tax authorities. Income transparency is achieved by the introduction of a refresh protocol, which gives anonymous change for a partially spent coin without introducing a tax evasion loophole. In addition to income transparency, the refresh protocol can be used to implement Camenisch-style atomic swaps, and to preserve anonymity in the presence of protocol aborts and crash faults with data loss by participants. Furthermore, we show the provable security of our income-transparent anonymous e-cash, which, in addition to the usual anonymity and unforgeability proper- ties of e-cash, also formally models conservation of funds and income transparency. Our implementation of GNU Taler is usable by non-expert users and integrates with the modern Web architecture. Our payment platform addresses a range of practical issues, such as tipping customers, providing refunds, integrating with banks and know-your-customer (KYC) checks, as well as Web platform security and reliability requirements. On a single machine, we achieve transaction rates that rival those of global, commercial credit card processors. We increase the robustness of the exchange—the component that keeps bank money in escrow in exchange for e-cash—by adding an auditor component, which verifies the correct operation of the system and allows to detect a compromise or misbehavior of the exchange early. Just like bank accounts have reason to exist besides bank notes, e-cash only serves as part of a whole payment system stack. Distributed ledgers have recently gained immense popularity as potential replacement for parts of the traditional financial industry. While cryptocurrencies based on proof-of-work such as Bitcoin have yet to scale to be useful as a replacement for established payment systems, other more efficient systems based on Blockchains with more classical consensus algorithms might still have promising applications in the financial industry. We design, implement and analyze the performance of Byzantine Set Union Consensus (BSC), a Byzantine consensus protocol that agrees on a (super-)set of elements at once, instead of sequentially agreeing on the individual elements of a set. While BSC is interesting in itself, it can also be used as a building block for permissioned Blockchains, where—just like in Nakamoto-style consensus—whole blocks of transactions are agreed upon at once, increasing the transaction rate

The Near Field Communication (NFC) technology is a short-range radio communication channel which enables users to exchange data between devices. NFC provides a contactless technology for data transmission between smart phones, Personal Computers (PCs), Personal Digital Assistants (PDAs) and such devices. It enables the mobile phone to act as identification and a credit card for customers. However, the NFC chip can act as a reader as well as a card, and also be used to design symmetric protocols. Having several parties involved in NFC ecosystem and not having a common standard affects the security of this technology where all the parties are claiming to have access to client’s information (e.g. bank account details). The dynamic relationships of the parties in an NFC transaction process make them partners in a way that sometimes they share their access permissions on the applications that are running in the service environment. These parties can only access their part of involvement as they are not fully aware of each other’s rights and access permissions. The lack of knowledge between involved parties makes the management and ownership of the NFC ecosystem very puzzling. To solve this issue, a security module that is called Secure Element (SE) is designed to be the base of the security for NFC. However, there are still some security issues with SE personalization, management, ownership and architecture that can be exploitable by attackers and delay the adaption of NFC payment technology. Reorganizing and describing what is required for the success of this technology have motivated us to extend the current NFC ecosystem models to accelerate the development of this business area. One of the technologies that can be used to ensure secure NFC transactions is cloud computing which offers wide range advantages compared to the use of SE as a single entity in an NFC enabled mobile phone. We believe cloud computing can solve many issues in regards to NFC application management. Therefore, in the first contribution of part of this thesis we propose a new payment model called “NFC Cloud Wallet". This model demonstrates a reliable structure of an NFC ecosystem which satisfies the requirements of an NFC payment during the development process in a systematic, manageable, and effective way.

Darbe nagrinėjami šiuo metu rinkoje naudojami elektroninių atsiskaitymų modeliai ir jų saugumo problemos. Kadangi elektroninių transakcijų metu operuojama svarbiais ir konfidencialiais duomenimis, aukštesnio saugumo lygio užtikrinimo problema visada išlieka itin aktuali. Darbe išnagrinėtos dažniausiai sutinkamos elektroninių atsiskaitymų schemos (tiesioginis atsiskaitymas ir atsiskaitymas per Paypal sistemą), jų saugumo užtikrinimo principai, technikos ir spragos. Atsižvelgiant į dabartinius rinkos poreikius ir informacijos saugumo spragas šiuo metu naudojamuose modeliuose, suprojektuotas aukštesnio saugumo lygio elektroninių atsiskaitymų modelis ir realizuotas šio sprendimo prototipas. Šio prototipo projektas ir realizacija gali būti naudojamos kaip rekomendacijos kūrėjams, tobulinantiems elektroninių atsiskaitymų modelių saugumą.<br>The work deals with electronic payment models used in the market and their security problems. As electronic transactions operate with important and confidential data, ensuring higher level of security is always an actual issue. The study generally concerns the main electronic payment schemes (direct payment and payment through Paypal), their safety principles, technical decisions and security ensuring gaps. Considering the current market needs and information security gaps in current eCommerce models, a new, ensuring higher level of security in electronic payments, model was designed and a prototype of this decision was implemented. The prototype design and implementation may be used as recommendations for developers, improving electronic payment security models.

An online payment system allows a customer to make a payment to an online merchant or a service provider. Payment gateways, a channel between customers and payment processors, use various security tools to secure a customer’s payment information, usually debit or credit card information, during an online payment. However, the security provided by a payment gateway cannot completely protect a customer’s payment information when a merchant also has the ability to obtain the payment information in some form. Furthermore, not all merchants provide a secure payment environment to their customers and, despite having a standard payment policy, adhere to it. Consequently, this exposes a customer’s payment information to risks of being compromised or misused by merchants or stolen by hackers and spammers. In this thesis we propose a new approach to payment systems in which a customer’s payment information cannot be obtained by a merchant. A customer sends his payment information directly to a payment gateway and a payment gateway, upon verifying the transaction, sends a payment to the appropriate merchant. We use the Pedersen commitment scheme along with dual signatures to securely transfer funds to a merchant and protect a customer’s payment information from any Internet vulnerabilities.