wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Security requirements for Safe E-Payments

profile
HARSH KUMAWAT
Aug 28, 2022
1 Like
0 Discussions
83 Reads

Security measures in International and Cross Border financial transactionsSecurity Requirements for Safe E-Payment Systems

The concrete security requirements of electronic payment systems vary, depending on both on their features and the trust assumptions placed on their operation. In general, however, electronic payment systems must exhibit integrity, authorization, confidentiality, availability, and reliability

 

 

 

1. Integrity and authorization 

A payment system with integrity allows no money to be taken from a user without explicit authorization by that user.It may also disallow the receipt of payment without explicit consent, to prevent occurrences of things like unsolicited bribery.Authorization constitutes the most2. Out-band authorizatio.In this approach, the verifying party (typically a bank) notifies the authorizing party (the payer) of a transaction.The authorizing party is required to approve or deny the payment using a secure, out-band channel (such as via surface mail or the phone).This is the current approach for credit cards involving mail orders and telephone orders: Anyone who knows a user's credit card data can initiate transactions, and the legitimate user must check the statement and actively complain about unauthorized transactions. If the user does not complain within a certain time (usually 90 days), the transaction is considered "approved" by default

 

 

2. Password authorization

A transaction protected by a password requires that every message from the authorizing party include a cryptographic check value.The check value is computed using a secret known only to the authorizing and verifying parties.This secret can be a personal identification number, a password, or any form of the shared secret.In addition, the shared secret that is short like a six-digit pin is inherently susceptible to various kinds of attacks.They cannot by themselves provide a high degree of security. They should only be used to control access to a physical token like a smart card (or a wallet) that performs the actual authorization using secure cryptographic mechanisms, such as digital signatures4. Signature authorization.In this type of transaction, the verifying party requires the digital signature of the authorizing party Digital signatures provide nonrepudiation of origin: Only the owner of the secret signing key can "sign" messages (whereas everybody who knows the corresponding public verification key can verify the authenticity of signatures.

 

 

3. Confidential

Some parties involved may wish for the confidentiality of  transactions.Confidentiality in this context means the restriction of the knowledge about various pieces of information related to a transaction: the identity of the payer/payee, purchase content, amount, and so on.Typically, the confidentiality requirement dictates that this information be restricted only to the participants involved.Where anonymity or un-traceability are desired, the requirement may be to limit this knowledge to certain subsets of the participants only, as described later

 

 

4. Availability and reliability 

All parties require the ability to make or receive payments whenever necessary.Payment transactions must be atomic: They occur entirely or not at all, but they never hang in an unknown or inconsistent state. No payer would accept a loss of money (not a significant amount, in any case) due to a network or system crash.Availability and reliability presume that the underlying networking services and all software and hardware components are sufficiently dependable.Recovery from crash failures requires some sort of stable storage at all parties and specific resynchronization protocols.These fault tolerance issues are not discussed here because most payment systems do not address them explicitly.    

.    


Comments ()


Sign in

Read Next

Pro-Tips On How To Keep your Foot Healthy

Blog banner

operating system

Blog banner

Student Grade Calculator in LISP

Blog banner

Fitness

Blog banner

Virtual Memory

Blog banner

Scheduling

Blog banner

Dos (Denial of service) Attack

Blog banner

NodeJs

Blog banner

Challenges of Digital forensics in cloud computing environment

Blog banner

Virtual Machine

Blog banner

Virtual memory

Blog banner

Riddhi Miyani 53003220140

Blog banner

PROCESS CONTROL BLOCK IN OS

Blog banner

10 Interesting Facts about Death Note

Blog banner

Why Inconel 625 and Monel 400 Remain Unbeatable in Refinery Applications?

Blog banner

Building Confidence in Children Through Daily Routines and Play

Blog banner

Understanding Portion Control: How Much Food Do You Really Need?

Blog banner

Mobile Survey

Blog banner

SQL Injection

Blog banner

Windows Operating System

Blog banner

Facebook Shut Down an AI Program!!! Facebook AI bots became Terminators???

Blog banner

Deadlock and Starvation

Blog banner

How Does SSO Works

Blog banner

Landslide Hazard

Blog banner

Linux VServer Architecture

Blog banner

Puri Jagannath temple

Blog banner

The War With Cold On Earth

Blog banner

History of ITIL

Blog banner

IT RISK

Blog banner

Diwali

Blog banner

virtual machine

Blog banner

Cyber Crime Investigation In The Era Of Big Data

Blog banner

Cyber Bullying - Neeta Vonkamuti

Blog banner

What is HTML?

Blog banner

21ST CENTURY PATRIARCHY

Blog banner

Dental Problems That Start Small But Should Never Be Ignored

Blog banner

Use case of K-means clustering

Blog banner

How to use GIT & GITHUB

Blog banner

Celebrate Diwali the Delicious Way with Meal Maharaj Catering

Blog banner

John Titor: The Time Traveler

Blog banner

MAILFENCE

Blog banner

Safeguarding Your Data: The Importance of Wireless Encryption

Blog banner