One-Time Code Cardholder Verification Method in Electronic Funds Transfer Transactions

• Autorzy: Sitek A.
• Języki publikacji: EN

Abstrakty

EN

Card payments are getting more and more popular across the world. The dominant standard used for Electronic Funds Transfer transaction is EMV. It is widely used across Europeand Canada, and currently it is being introduced in the USA. The most frequently used Cardholder Verification Method in EMV transaction is PIN, which requires from the payment terminal to be equipped with pinpad - which increases the cost of the whole payment device. In this article I presentan alternative Cardholder Verification Method (CVM) that can be used instead of traditional PIN.The key advantage of the presented mechanism is that it can be easily implemented in currently utilized authorization protocols, it does not affect rules of EMV specification and may decrease time of transaction processing.

Słowa kluczowe

EN

Electronic Funds Transfer; Cardholder Verification Method; CVM; EMV; authorization protocols

• Wydawca: Wydawnictwo UMCS
• Czasopismo: Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica
• Rocznik: 2014
• Tom: Vol. 14, no. 2
• Strony: 46--59
• Opis fizyczny: Bibliogr. 25 poz., rys.

Twórcy

autor

Sitek A.

• Institute of Telecommunications, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, Poland

Bibliografia

• [1] Extract from The Nielsen Report - global Credit, Debit, and Prepaid Card Fraud Losses Reach $11.27 Billion in 2012 - Up 14.6% Over 2011 http://www.businesswire.com/news/home/20130819005953/en/Global-Credit-Debit-Prepaid-Card-Fraud-Losses#.U4Y3Ryj69SE
• [2] Groenfeldt T. American Credit Cards Improving Security With EMV, At Last, http://www.forbes.com/sites/tomgroenfeldt/2014/01/28/american-credit-cards-improving-security-with-emv-at-last/
• [3] Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment version 3.0
• [4] Berat, C. Cross-border Interchange Fees: Why the General Court Got it Wrong in the MasterCard v. Commission Case http://www.europeanpaymentscouncil.eu/index.cfm/newsletter/article/?articles_uuid=567705BA-5056-B741-DB26318F233469A0
• [5] ISO 8583 protocol description, en.wikipedia.org/wiki/ISO_8583
• [6] Murdoch S.J., Drimer S., Anderson R., Bond M., Chip and PIN is Broken, IEEE Symposium on Security and Privacy (2010).
• [7] Ward M., EMV card payments An update, information security technical report II (2006): 89-92.
• [8] TSYS People-Centered payments Cardholder Verification Method - Considerations In A Chang-ing Payments Landscape, http://www.tsys.com/acquiring/engage/white-papers/Cardholder-Verification-Method.cfm
• [9] ANSI, ANS X9.24-1:2009 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques
• [10] SIX Payments, EP2 Terminal Security - Technical Requirements
• [11] Laurie A., Barisani A., Bianco D., Franken Z., CVM Downgrade Attack
• [12] Laurie A., Barisani A., Bianco D., Franken Z., Chip & PIN is definitely broken, Credit Card skimming and PIN harvesting in an EMV world, Inverse Path S.r.l. (2011).
• [13] EMVCo, EMV Integrated Circuit Card Specifications for Payment Systems Book 3: Application Specification v. 4.3 (2011).
• [14] EMVCo, EMV Integrated Circuit Card Specifications for Payment Systems Book 4: Cardholder, Attendant, and Acquirer Interface Requirements v. 4.3 (2011).
• [15] Sanchez-Reillo R., ETSI Telecommun., Ciudad Univ., Spain, Securing information and operations in a smart card through biometrics Security Technology, 2000. Proceedings. IEEE 34th Annual 2000 International Carnahan Conference
• [16] Struif B., Use of Biometrics for User Verification in Electronic Signature Smartcards, LNCS 2140 (2001): 220-227.
• [17] Ksiezopolski B., Kotulski Z., Adaptable security mechanism for dynamic environments, Computers & Security 26(3) (2007): 246-255.
• [18] Gerstel O., Sasaki G., Quality of Protection (QoP): A Quantitative Unifying Paradigm to Protection Service Grades, OptiComm 2001, Optical Networking and Communication Conference (2001).
• [19] Jovanovikj V., Gabrijelcic D., Klobucar T., A conceptual model of security context, International Journal of Information Security (2014).
• [20] Baldauf M., Dustdar S., Rosenberg F., A survey on context-aware systems, Int. J. Ad Hoc and Ubiquitous Computing 2(4) (2007): 263-277.
• [21] Hayashi E., Das S., Shahriyar A., Owusu E., Han J., Hong J., Oakley I., Perrig A., Zhang J., CASA: A Framework for Context-Aware Scalable Authentication, SOUPS'13: Ninth Symposium on Usable Privacy and Secrecy (2013).
• [22] Wrona K., Gomez L., Context-aware security and secure context-awareness in ubiquitous computing environments, Annales UMCS Informatica AI 4 (2006): 332-348.
• [23] Siljee B., Bosloper I., Nijhuis J., A Classification Framework for Storage and Retrieval of Context, KI-04 Workshop on Modelling and Retrieval of Context, CEUR 114 (2004).
• [24] Chen H., An intelligent broker architecture for context-aware systems, A PhD. Dissertation Proposal in Computer Science at the University of Maryland, Baltimore County (2003).
• [25] Smirnov A., Pashkin M., Chilov N., Levashova T., Operational Decision Support: Context-Based Approach and Technological Framework, Proceedings of the 5th International and Interdisciplinary Conference CENTEXT (2005).