2010 International Conference on Intelligence and Information Technology (ICIIT 2010)
DESIGN AND DEVELOPMENT OF SECURE ELECTRONIC TRANSACTION ON PROPOSED ELECTRONIC PAYMENT SYSTEM Sundas Iqbal
Dr. Malik Sikander Hayat Khiyal
Graduate, Department of Software Engineering, Fatima Jinnah Women University, Rawalpindi, Pakistan
[email protected]
Chairperson, Department of Computer Science and Software Engineering, Fatima Jinnah Women University, Rawalpindi, Pakistan
[email protected]
Aihab Khan Department of Computer Science, Fatima Jinnah Women University, Rawalpindi, Pakistan
[email protected] Abstract —People use more and more internet as a purchasing tool, for doing so they have to communicate their personal banking information. This is sensible data that is need to be protected by secure exchanges. For that a secure electronic payment infrastructure is needed. .In response to this need the Secure Electronic Transactions (SET) specification has been proposed by a consortium headed by Visa and Master Card. The proposed system is made secure enough, so that only authorized customer can relay fearlessly and make electronic transactions access it .For this purpose techniques of encryption and decryption have been applied for the security of information Keywords e-commerce, electronic payment system, Secure electronic transactions (set)
I.
INTRODUCTION
In the area of e-commerce payment is one of the major elements. Generally payment made through e-payment is mode of on-line transaction. The purpose of on-line transaction is to allow the purchaser and vendor to made agreements between them without their physical presence. For this purpose the vendor and purchaser are provided the facility of website. Web store manages the transfer of funds from the internet user to the e-merchant. The money may come from a mobile phone, from a digital wallet (e-money), from a credit card, from a prepaid account or from a microbilling system. Recently, sudden increase of publicity has indicated the growth of the Internet and the possibilities for clients and merchants to experience a new shopping trend called electronic commerce. In the use of electronic payment process, the safety factors involved in the six areas, which include Confidentiality of information, non-repudiation of information, validity of information, integrity of the information, Confidentiality of information, authenticity of the transaction status, reliability of the system[1]. A. Contributions This analytical research has provided an insight that how the secure electronic transactions (SET) are implemented on
978-1-4244-813 8-5/10/$26.00
C
2010 IEEE
the proposed model of electronic payments for providing confidentiality of information, ensurance of payment integrity by authentication of transaction. After studying the different electronic architectures, the set have been implemented with its secure characteristics for developing countries. The system is implemented according to the requirements available resources, assets and technology of the local environment. II. RELATED WORK Guan et. al. [2] proposed architecture for the Secure Agent Fabrication Evolution and Roaming (SAFER) that further facilitate e-commerce using agent technology. In this paper, the authors explore the electronic payment aspect of SAFER. For implementation they selected the Secure Electronic Transaction (SET) protocol and E-cash. On the basis that SET (Loeb, 1998) protocol satisfies the three criteria of compatibility, scalability and security has chosen as the payment scheme. By applying to a local Community Administration Centre (CAC) a network client can join a SAFER community. After accepting the application of applicant, CAC issues a digital certificate to the applicant. This certificate can be used by trusted remote hosts to identify clients’ agents that roam to. On member’s request all agents are fabricated by the Agent Factory under these organized communities. Individual owners can be controlled by Agent Butler, a coordinating entity after customization. In order to separate the communication either the coordination between the parties at certain stages during payment process or exchange of all encrypting the messages among different entities, the SET protocol is more suitable. In the payment confirmation stage, Certificate Authority, Payment Gateway, the Owner and Merchant Host are all involved in message exchanges. In addition, the Certificate Authority and the Payment Gateway are requested to validate the Owner’s payment information, then the Merchant send out the payment confirmation to the SET payment agent,. The whole process is time consuming. [3]
V2-621
2010 International Conference on Intelligence and Information Technology (ICIIT 2010)
Figure 1. Simple Encrypted Payment System Model
Hua Jiang, Jing Yang’s [4] proposed Architecture with implementation of SET. It makes use of encryption technology to bank cards and other critical information. To confirm the authenticity message the encrypted digital signature scheme is used. Also software support services and Business servers are used.
III. PRELIMINARIES The worldwide proliferation of the internet led to the birth of electronic commerce. The SET Secure Electronic Transaction protocol was jointly developed by Visa and MasterCard as a method to secure payment card transactions over open networks. SET is being published as an open specification for the industry. This specification is available to be applicable to any payment card service and may be used by software vendors to develop applications. The SET protocol provides three main advantages that put altogether to make it safer than other payment methods [5]. IV. FRAMEWORK OVERVIEW A.
Strengths of Architecture Based On SET Authentication: Anyone involved in obtaining a digital signature like cardholder, bank, merchant etc., need authentication from Certificate Authority (CA). Limits merchant’s access: To avoid any inconvenience on phone transaction, merchant has no access to credit card information. It makes SET safer. Limits access: This means to maintain the customer’s privacy by not giving access to order information to credit card issuer. Immediate verification: This module immediately verifies the customer authenticity and credit availability by the merchant, so the merchant fulfill orders without any risk. Stronger encryption: This module lets SET use stronger encryption, as the card information is of fixed length. Both credit card information and encrypts order done separately.
Figure 2. Proposed Electronic Payment System for Local Environment
Electronic Payment system has changed world to a global village. The forces of globalization have made this ONE world and ONE economy. Now there is no more choice. By keeping an eye on the existing E-payment systems having SET implementation it can be concluded that every EPS has SET implementation in its own way. Yet still no fool proof system has been developed. Pakistan and developing countries do not have a secure electronic payment infrastructure. The electronic payment system which we are trying to build will be efficient enough to be implemented in the local environment. For security assurance we will implement SET. It is proposed while keeping in account the available resources present in the local environment. Our main focus is on security, Cost effectiveness and efficiency gain like atomicity, availability, anonymity and acceptability. V. FLOW DIAGRAMS RELATED TO PROPOSED ARCHITECTURE
The figure below shows SET plays its role in an online transaction.
Figure 3. The role of SET in online transaction.
V2-622
2010 International Conference on Intelligence and Information Technology (ICIIT 2010)
Figure 4. Payment Procedure.
This figure 4 shows the payment procedure. The entities involved in this process are Cardholder, Merchant, Issuer Bank, Payment Gateway and Merchant
Figure 5. Flow Chart for Functioning Of SET Transactions
V2-623
2010 International Conference on Intelligence and Information Technology (ICIIT 2010)
Figure 5. Shows flow chart functioning of SET in the proposed architecture. First customer obtains a credit card account such as Master Card or Visa with a bank that supports ae-payment and SET. The customer browsed the merchants Website and selects items he wants to purchase. He sends list of items to be purchased to the merchant who returns order form. The customer sends the order information and payment information. Payment information contains the credit card information which is sent to merchant in encrypted form. Then merchant sends payment information to payment gateway, requesting authorization that the customer’s available credit is enough for this purchase. After that merchant ends confirmation of information to the customer and ships the goods and services to the customer. The complete working of the system is shown in figure 5. VI. ALGORITHM
Else Cancel} Authorization If select submit Go to authorization page { If credit card number is true Then Show message "This Customer is Authorized From Bank." Else "This Customer is Not Authorized From Bank.} if authorized Payment Transfer
The proposed architecture will work using this algorithm. The merchant and the customer should be registered with the CA before starting any transaction
Decrypt credit card number Then make
Category
Payment request through payment gateway
Customer obtains credit card account
Response.Redirect("PaymentGateway”
Select Category then
Make
Add CategoryId
Payment request to issuer}
Choose SubCategoryId
Then
Select Item list of selected category
Transfer payment to merchant account
If Select (Item}
Show
Then
"Payment Transfered To Merchant Bank
{Show detail of selected item}
End
Buying Phase
VII. CONCLUSION AND FUTURE WORK
If {Want to buy selected item} Then select {Add to order form} Else {Go back to category} Ordering Phase If select add to order form do AddToOrder(SubCategoryId go to Order form and fill required fields like credit card No., expiry Date, and telephone , Address Select {Submit} {Encrypt} Else {Continue shopping}
Electronic Payment system infrastructure is present in third world countries but it is not secure enough. The proposed architecture was also lacking the security feature. That architecture is made secure by the implementation of secure electronic transaction infrastructure. Only authentic customer can now purchase goods from merchant’s site whose credit card number is valid and credit card amount is enough to buy the desired product. A trusted third party (payment gateway) sis involved who is dealing with all the payment settlements. Merchant can not misuse customers’ credit card details because the information send to him is sent in encrypted form. Only payment gateway can decrypt the information and deal with the customer’s bank. At first its checked weather the customer is authorized one or not then the whole transaction takes place. Hence the site is made secure enough that any authorized customer can easily rely on it and fearlessly make the electronic transaction over the internet. we have made a SET based transaction system but in SET certification of both merchant and customer from a certification authority is needed that is not currently done in our project, we have assumed that both customer and merchant are certified one, that could be done in future so that the system could be fully
V2-624
2010 International Conference on Intelligence and Information Technology (ICIIT 2010)
SET based. If this system is to be implemented in Pakistan then strong support of government is needed as there is not much awareness of credit card based electronic REFERENCES [1]
UETA Task Force, “Guidelines for the Management of Electronic Transactions and Signed Records”, Department of Information Resources and the Texas State Library and Archives Commission, September 2002
[2]
Sheng-Uei Guan, Sin Lip Tan and Feng Hua,” A Modularized Electronic Payment System for Agent-based E-commerce”,
Journal of Research and Practice in Information Technology, Vol. 36, No. 2, May 2004 [3]
Ganesh Ramakrishnan,” Secure Electronic Transaction (SET) Protocol“, Information Systems Control Journal, CISA, Volume 6, 2000
Hua Jiang, Jing Yang, “On-line Payment and Security of Ecommerce”, Proceedings of the 2007 WSEAS International Conference on Computer Engineering and Applications, Gold Coast, Australia, January 17-19, 2007 545 [5] www.mastercard.com
[4]
V2-625
