You are on page 1of 6

COMP 7/8120

:
Crypto&DataSec
Safer and cheaper payment
systems. 

     Sankaet Pathak
    
Computer Science
COMP7/8120:
Crypto&DataSec
Goal of the Project
!
Identify top five security risks faced by payment networks
!
Provide solid countermeasures to manage them effectively.
COMP7/8120:
Crypto&DataSec
Lit Review
!
Chip and PIN as a potential solution[1]
!
Not Secure. Hacker can perform a man in the middle attack to trick the
POS into thinking that a PIN was verified correctly, while telling the card
that no PIN was entered at all.
!
The Financial information still gets passed along and causes most of
the fraud.
!
Enhanced Digital Payment Proposed by NCR CORP[2]
!
Does not expose information at the point of sale visually but the
information still travels through the POS and the third party processors
!
In some variants, the credit card information is stored on the phone.
1
Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond (2010) Chip and PIN is
broken, University of Cambridge, 2010 IEEE Symposium on Security and Privacy.
2
Tom R Deaton(2002) Enhanced Digital Wallet, University of Cambridge, NCR Corp.
COMP7/8120:
Crypto&DataSec
.. Lit Review
!
An Electronic wallet with PIN[3]
!
Enter a PIN associated with a digital account every-time a payment is initiated.
!
Solves the problem of man in the middle attack with Chip and PIN.
!
No payment information exposed to the merchant.
!
But the payment information still goes through the third party payment
processors.
!
An Electronic wallet that makes use of Interbank Network[4]
!
Payment information exposed to the merchant.
!
But the payment information still goes through the third party payment
processors.
3
DiMartino et al (2012) Method and systems for setting levels of electronic wallet security,
Sprint Communications Company.
4
Mjolsnes et al. (1999) System of secured payment by the transfer of electronic money
through an interbank network, France Telecom.
COMP7/8120:
Crypto&DataSec
Case Study
!
University of Augsburg’s study, on the Security issues in Mobile
payments from the customer’s viewpoint.[5]
!
Provides scientific and statistical understanding of the security
issues that a mobile payments technology might face.
!
Discusses top 15 categories pertaining to security, which people are
mostly concerned about.
5
K. Linck and Key Pousttchi and Dietmar Georg Wiedemann (2006) Security Issues in
Mobile Payment from the Customer Viewpoint, University of Augsburg.
COMP7/8120:
Crypto&DataSec
Deliverables
!
List top 5 risks described in the goal with appropriate definition.
!
Will Include how to manage these top 5 risks
!
Also includes description of other security risks and why they are not
as important to worry about as the top 5 risks mentioned.
!
Security analysis will also address whether these measures will
make online payments secure or not.