An Efficient Secure Electronic Payment System for E-Commerce
Abstract
:1. Introduction
2. Literature Review
3. RSA Cryptosystem
- P and Q both Prime, P ≠ Q
- ∅ = (p-1) (q-1) 1
- 1 < e <∅
- gcd (e,∅) = 1
- Public Key = {e, n}
- Private Key = {d, n}
- Plaintext Encryption:
- M < n
- Cipher text: C = Me mod n
- Cipher text Decryption:
- Plaintext: M = Cd mod n
4. The Proposed Method and System Architecture
4.1. Preliminaries of the Proposed System
- Online customer
- Merchant
- Client bank
- Merchant bank
- Payment gateway
4.2. Design Consideration
- Each entity, that is, the client, merchant, user bank, and merchant bank, registers with the payment gateway to create each of their secret key with gateway.
- The client and merchant also create a secret key between themselves.
- The client can connect his/her temporary identity to the merchant site to make an order. After the order has been made, RSA encryption is executed to hide customer card information in order to get ciphertext.
- Once the order has been placed, merchant redirects to the payment gateway for the encryption and decryption processes.
- The client bank along with the client use the RSA signature to execute an electronic signature on the document by making use of the private key.
- The public key set has actually been licensed by a certificate authority.
- The payment gateway executes some verification steps (encryption, decryption, and validation) and forwards value subtraction request to the issuer and some encrypted message to the acquirer. The primary purpose of this system is to create public and private keys for traders and banks. It stores keys in the key database to be distributed to customers after the key generation process. In the decryption process, RSA collects the customer’s card details after receipt of the ciphertext from the customers and decrypts the ciphertext. The payment gateway validates the authorization for the payment phase after the customer’s card details have been decrypted.
- The ciphertext is decrypted by RSA decryption to get the customer’s card information from the bank’s website after it receives the ciphertext from the payment gateway. After the customer’s card details have been decrypted, the bank shall validate the payment transaction, on the basis of the client’s confirmation. Following the transaction, the bank will then inform the customer and the merchant of the payment confirmation.
4.3. Transaction Phase
- TIDc—temporary identification of client
- IDC—the identity of the product
- G—goods details including price, date, and transaction identification
- QC ReQ—value claim request
- QC ReS—value claim response
- PR ReQ—product request
- PR ReS—product response
- Vs ReQ—value subtraction request
- Vs ReS—value subtraction response
5. Security Analysis and Advantages
- Confidentiality
- Integrity
- Non-repudiation
- Anonymity
- Availability
- Authorization and Authentication
6. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Miva. The History of Ecommerce: How Did It All Begin?—Miva Blog. Available online: https://www.miva.com/blog/the-history-of-ecommerce-how-did-it-all-begin/ (accessed on 16 June 2020).
- Alam, S.S.; Ali, M.H.; Omar, N.A.; Hussain, W.M.H.W. Customer satisfaction in online shopping in growing markets: An empirical study. Int. J. Asian Bus. Inf. Manag. 2020, 11, 78–91. [Google Scholar] [CrossRef]
- Noor Ardiansah, M.; Chariri, A.; Rahardja, S.; Udin, U. The effect of electronic payments security on e-commerce consumer perception: An extended model of technology acceptance. Manag. Sci. Lett. 2020, 10, 1473–1480. [Google Scholar] [CrossRef]
- Soare, C.A. Internet Banking Two-Factor Authentication using Smartphones. J. Mob. Embed. Distrib. Syst. 2012, 4, 12–18. [Google Scholar]
- Satar, N.S.M.; Dastane, O.; Ma’arif, M.Y. Customer value proposition for E-Commerce: A case study approach. Int. J. Adv. Comput. Sci. Appl. 2019, 10, 454–458. [Google Scholar] [CrossRef] [Green Version]
- Narwal, B. Security Analysis and Verification of Authenticated Mobile Payment Protocols. In Proceedings of the 4th International Conference on Information Systems and Computer Networks (ISCON 2019), Mathura, India, 21–22 November 2019; pp. 202–207. [Google Scholar] [CrossRef]
- Bezhovski, Z. The Future of the Mobile Payment as Electronic Payment System. Eur. J. Bus. Manag. 2016, 8, 2222–2839. [Google Scholar]
- Masihuddin, M.; Islam Khan, B.U.; Islam Mattoo, M.M.U.; Olanrewaju, R.F. A Survey on E-Payment Systems: Elements, Adoption, Architecture, Challenges and Security Concepts. Indian J. Sci. Technol. 2017, 10, 1–19. [Google Scholar] [CrossRef]
- Liao, X.; Ahmad, K. Factors Affecting Customers Satisfaction on System Quality for E-Commerce. In Proceedings of the 2019 International Conference on Electrical Engineering and Informatics (ICEEI), Bandung, Indonesia, 9–10 July 2019; pp. 360–364. [Google Scholar] [CrossRef]
- Mazumder, F.K.; Jahan, I.; Das, U.K. Security in Electronic Payment Transaction. Int. J. Sci. Eng. Res. 2015, 6, 955–960. [Google Scholar]
- Choo, K.K.R. The cyber threat landscape: Challenges and future research directions. Comput. Secur. 2011, 30, 719–731. [Google Scholar] [CrossRef]
- Izhar, A.; Khan, A.; Sikandar, M.; Khiyal, H.; Javed, W.; Baig, S. Designing and Implementation of Electronic Payment Gateway for Developing Countries. J. Theor. Appl. Inf. Technol. 2011, 26, 3643–3648. [Google Scholar] [CrossRef]
- European Union Agency for Cybersecurity. Algorithms, Key Sizes and Parameters Report―2013; European Union Agency for Cybersecurity: Eracleon, Greece, 2013; pp. 1–5. [Google Scholar]
- Liu, J.; Xiao, Y.; Chen, H.; Ozdemir, S.; Dodle, S.; Singh, V. A survey of payment card industry data security standard. IEEE Commun. Surv. Tutor. 2010, 12, 287–303. [Google Scholar] [CrossRef]
- Pandey, A. Credit Risk Assessment of Payment Gateway Loans for Working Capital Funding of E-Commerce Industry. Int. Educ. Sci. Res. J. 2018, 4, 2–6. [Google Scholar] [CrossRef]
- Nwoye, C.J. Design and Development of an E-Commerce Security Using RSA Cryptosystem. Int. J. Innov. Res. Inf. Secur. 2015, 2, 2349–7017. [Google Scholar]
- Kaur, J.; Singh, H. E-Banking Adoption: A Study of Privacy and Trust. Int. J. Technol. Comput. 2017, 3, 314–318. [Google Scholar]
- Musaev, E.; Yousoof, M. A Review on Internet Banking Security and Privacy Issues in Oman. In Proceedings of the 7th International Conference on Information Technology (ICIT 2015), Chiang Mai, Thailand, 29–30 October 2015; pp. 365–369. [Google Scholar] [CrossRef]
- Rajendran, B.; Pandey, A.K.; Bindhumadhava, B.S. Secure and privacy preserving digital payment. In Proceedings of the 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), San Francisco, CA, USA, 4–8 August 2017; pp. 1–5. [Google Scholar] [CrossRef]
- Ali, M.A.; Arief, B.; Emms, M.; Van Moorsel, A. Does the Online Card Payment Landscape Unwittingly Facilitate Fraud? IEEE Secur. Priv. 2017, 15, 78–86. [Google Scholar] [CrossRef] [Green Version]
- Zay Oo, K. Design and Implementation of Electronic Payment Gateway for Secure Online Payment System. Int. J. Trend Sci. Res. Dev. 2019, 3, 1329–1334. [Google Scholar] [CrossRef]
- Hajira Be, A.B.; Balasubramanian, R. Developing an enhanced high-speed key transmission (EHSKT) technique to avoid fraud activity in E-commerce. Indones. J. Electr. Eng. Comput. Sci. 2018, 12, 1187–1194. [Google Scholar] [CrossRef]
- Mohit, P.; Amin, R.; Biswas, G.P. Design of Secure and Efficient Electronic Payment System for Mobile Users. In International Conference on Mathematics and Computing; Springer: Singapore, 2017; Volume 1, pp. 34–43. [Google Scholar] [CrossRef]
- European Union Agency for Network and Information Security (ENISA). Security of Mobile Payments and Digital Wallets; ENISA: Eracleon, Greece, 2016; ISBN 978-92-9204-199-1. [Google Scholar]
- Sharma, M.K. Electronic Cash over the Internet and Security Solutions. Int. J. Adv. Res. Comput. Sci. 2017, 8, 229. [Google Scholar]
- Sharma, N.; Bohra, B. Enhancing Online Banking Authentication using Hybrid Cryptographic method. In Proceedings of the 3rd International Conference on Computational Intelligence and Communication Technology, Ghaziabad, India, 24–26 November 2017; pp. 1–8. [Google Scholar] [CrossRef]
- Rouse, M. What is RSA algorithm (Rivest-Shamir-Adleman)?—Definition from WhatIs.com. Available online: https://searchsecurity.techtarget.com/definition/RSA (accessed on 16 June 2020).
- Balilo, B.B.; Gerardo, B.D.; Byun, Y.; Medina, R.P. Design of physical authentication based on OTP KeyPad. In Proceedings of the 2017 International Conference on Applied Computer and Communication Technologies (ComCom), Jakarta, Indonesia, 17–18 May 2017; pp. 1–5. [Google Scholar] [CrossRef]
- Susanna, A.; David, S.; Kathrine, J.W.; Esther, A.G. Enhancing user authentication for mobile wallet using cryptographic algorithm. J. Adv. Res. Dyn. Control Syst. 2018, 10, 891–897. [Google Scholar]
- Sönmez, F.; Abbas, M.K. Development of a Client/Server Cryptography-Based Secure Messaging System Using RSA Algorithm. J. Manag. Eng. Inf. Technol. 2017, 4, 6. [Google Scholar]
- Ibrahim, R.M. A Review on Online-Banking Security Models, Successes, and Failures. In Proceedings of the 2018 International Conference on Electrical, Electronics, Computers, Communication, Mechanical and Computing (EECCMC), Tamil Nadu, India, 28–29 January 2018. [Google Scholar]
- Khrais, L.T. Highlighting the Vulnerabilities of Online Banking System. J. Internet Bank. Commer. 2015, 20, 120. [Google Scholar] [CrossRef] [Green Version]
- Poeng, K.P.; Chukwuere, J.E.; Agu, N.T. The issues affecting employees’ adoption of online banking in mahikeng. In Proceedings of the 2nd International Conference on Information System and Data Mining, Lakeland, FL, USA, 9–11 April 2018; pp. 70–75. [Google Scholar] [CrossRef]
- Hassan, M.A.; Shukur, Z. Review of Digital Wallet Requirements. In Proceedings of the 2019 International Conference on Cyber Security (ICoCSec), Negeri Sembilian, Malaysia, 25–26 September 2019; pp. 43–48. [Google Scholar] [CrossRef]
- Karim, N.A.; Shukur, Z. Review of user authentication methods in online examination. Asian J. Inf. Technol. 2015, 14, 166–175. [Google Scholar] [CrossRef]
- Shaju, S.; Panchami, V. BISC authentication algorithm: An efficient new authentication algorithm using three factor authentication for mobile banking. In Proceedings of the 2016 Online International Conference on Green Engineering and Technologies (IC-GET), Coimbatore, India, 19 November 2016; pp. 1–5. [Google Scholar] [CrossRef]
- Hua, J. Study on mobile E-commerce security payment system. In Proceedings of the International Symposium on Electronic Commerce and Security (ISECS 2008), Guangzhou, China, 3–5 August 2008; pp. 754–757. [Google Scholar] [CrossRef]
- Serrano, M.E.; Godoy, S.A.; Gandolfo, D.; Mut, V.A.; Scaglia, G.J.E. A Simple Off-line E-Cash System with Observers. Inf. Technol. Control 2018, 47, 118–130. [Google Scholar] [CrossRef] [Green Version]
- Omariba, Z.B.; Masese, N.B. Security and Privacy of Electronic Banking. Kidney Int. Suppl. 2013, 3, 262. [Google Scholar] [CrossRef]
- Kang, J. Mobile payment in Fintech environment: Trends, security challenges, and services. Hum. Cent. Comput. Inf. Sci. 2018, 8, 32. [Google Scholar] [CrossRef] [Green Version]
- Bahtiyar, Ş.; Gür, G.; Altay, L. Security Assessment of Payment Systems under PCI DSS Incompatibilities. In IFIP International Information Security Conference; Springer: Berlin/Heidelberg, Germany, 2014; pp. 395–402. [Google Scholar] [CrossRef] [Green Version]
- Khattri, V.; Singh, D.K. Implementation of an Additional Factor for Secure Authentication in Online Transactions. J. Organ. Comput. Electron. Commer. 2019, 29, 258–273. [Google Scholar] [CrossRef]
- European Central Bank (ECB). Recommendations for the Security of Internet Payments; European Central Bank (ECB): Frankfurt, Germany, 2013; pp. 1–26. ISSN 978-92-899-0866-6. [Google Scholar]
Author | Method | Remarks | Drawback |
---|---|---|---|
Izhar et al. [12] | Triple Data Encryption Standard (TDES) | The proposed system designed and implemented a secure electronic payment gateway to provide authorization, confidentiality, integrity, and availability for transactions. | The proposed method is for the local environment. This payment architecture did not address security issues (i.e., non-repudiation and anonymity). |
Nwoye [16] | RSA cryptosystem | The proposed system implemented an RSA e-commerce security system (RSA-ESS), which addresses the security and privacy difficulties with credit card information in e-commerce transactions. In this system, RSA is used to secure payment information and achieve the required speed in an e-commerce transaction. | The proposed system can be used only for the security and privacy of payment information. |
Zay Oo [21] | RSA cryptosystem | Through this method, a customer’s monetary data (credit or debit card information) are sent straight to a payment gateway, also called TTP, instead of directing them through an online merchant. | The payment gateway plays an essential role as each of the entities communication is concluded in the transaction gateway for the fee payment request. Furthermore, the consumer cannot talk interconnectedly in the merchant to the device doing the payment request. The cardholder and private data are kept in cloud servers and might be subject to compromise of cloud products/services with malware and exploitation of potential vulnerabilities in the program implementation of e-commerce services [24]. |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hassan, M.A.; Shukur, Z.; Hasan, M.K. An Efficient Secure Electronic Payment System for E-Commerce. Computers 2020, 9, 66. https://doi.org/10.3390/computers9030066
Hassan MA, Shukur Z, Hasan MK. An Efficient Secure Electronic Payment System for E-Commerce. Computers. 2020; 9(3):66. https://doi.org/10.3390/computers9030066
Chicago/Turabian StyleHassan, Md Arif, Zarina Shukur, and Mohammad Kamrul Hasan. 2020. "An Efficient Secure Electronic Payment System for E-Commerce" Computers 9, no. 3: 66. https://doi.org/10.3390/computers9030066
APA StyleHassan, M. A., Shukur, Z., & Hasan, M. K. (2020). An Efficient Secure Electronic Payment System for E-Commerce. Computers, 9(3), 66. https://doi.org/10.3390/computers9030066