Secure Electronic Payment Methods for Online Shopping Based on Visual Cryptography
Metode Pembayaran Elektronik yang Aman pada Online Shopping Berbasis Kriptografi Visual
Abstract
Phishing and identity theft are common threats of online shopping. Phishing is an attempt to steal personal data from legitimate user. In this paper we propose a secure e-payment method using a credit card based on visual cryptography. This method adopts the existing 3D-Secure technology. Visual cryptography is applied in: user-merchant authentication, user-card provider authentication, user-card issuer authorization. It is applied to captcha image generated by merchant during registration using (2, 2) scheme with 2-subpixel expansion, to a text file containing credit card information sent by merchant to the card provider using (2, 2) scheme with pixel replacement, and to quick response code containing one-time-password that is used to authorize the payment transaction using (2, 2) scheme with 4-subpixel expansion. The test results show that out of 100 trials, all of them give 100% true positive. This indicates that the method is able to prevent phishing and identity theft, in sense of authentication, authorization, confidentiality, and integrity are gained. Phishing can be prevented because only legitimate participant who has an image share. Identity theft can be prevented because credit card details are not stored in the merchant’s database. Authorization is more guaranteed because only authenticated user can authorize the payments.
Downloads
References
Naor M. and Shamir A., 1995. Visual Cryptography. EUROCYPT’94, 950, pp.1-12.
Chaudari N. and Parate P., 2016. Secure Online Payment System using Visual Cryptography. International Journal of Advanced Research in Computer and Communication Engineering, 5(2), pp.552-553.
James D. and Philip M., 2012. A Novel Anti-Phising Framework Based on Visual Cryptography. In: PES University, 2012 International Conference on Power, Signals, Controls and Computation (EPSCICON). Thrissur, Kerala, India 3-6 Jan 2012. IEEE.
Roy S. and Ventakeswaran P., 2014. Online Payment System using Steganography and Visual Cryptography. In: Maulana Azad National Institute of Technology Bhopal, 2014 IEEE Students' Conference on Electrical, Electronics and Computer Science (SCEECS). Bhopal, India 1-2 March 2014. IEEE.
Jain N.R., Ujwal K., Apsara S., Nikhil P., and Tejashri D., 2016. Advance Phising Detection using Visual Cryptography and One Time Password. International Journal of Advanced Research in Science, Engineering and Technology, 3(4), pp.1808-1812.
Akolkar S., Kokulwar Y., Neharkar A., and Pawar D., 2016. Secure Payment System using Steganography and Visual Cryptography. International Journal of Computing and Technology, 3(1), pp.58-61.
Thomas, S.A., dan Gharge, S., 2017. Review on Various Visual Cryptography Schemes. In: 2017 International Conference on Current Trends in Computer, Electrical, Electronics and Communication (CTCEEC). Mysore, India 6 Sept 2018. IEEE.
Jain, A. dan Soni, S., 2017. Visual Cryptography and Image Processing Based Approach for Secure Transactions in Banking Sector. In: 2017 2nd International Conference on Telecommunication and Networks (TEL-NET). Noida, India 23 April 2018. IEEE.
VISA, 2011. Verified by Visa: Acquirer and merchant implementation guide. U.S. Region.
VISA, 2019. PSD2 SCA for Remote Electronic Transactions: Implementation Guide Version 1.1.
Brindha K. and Jeyanthi N., 2017. Securing Portable Document Format File Using Extended Visual Cryptography to Protect Data Storage. International Journal of Network Security, 19(5), pp.684-693.
Fang W.P., Hsu J.H., and Cheng W., 2013. Text-based Visual Secret Sharing. International Journal of Computer Science and Network Security, 13(5), pp.38-40.
Cao X., Feng L., Cao P., and Hu J., 2016. Secure QR Code Scheme Based on Visual Cryptography. In: Sehiemy R.E., Reaz M.B.I., and Lee C.J., 2016 2nd International Conference on Artificial Intelligence and Industrial Engineering (AIIE). Beijing, China 20-21 Nov 2016. Atlantis Press.
Tiwari, S., 2016. An Introduction to QR Code Technology. In 2016 International Conference on Information Technology (ICIT). Bhubaneswar, India 22-24 Dec 2016. IEEE.
PCI Security Standards Council, LLC., 2016. Payment Card Industry (PCI) Data Security Standard: Requirement and security assessment procedures v3.2.
Copyright (c) 2020 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright in each article belongs to the author
- The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
- Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;