Securing on-line credit card payments without disclosing privacy information

Two revisions of the original Secure Electronic Transaction (SET) protocol are proposed to conceal cardholders’ identities in the electronic marketplace in which cardholders’ trust for banks can be reduced to a minimum. Constrained by being extensions of the existing card payment networks to the Internet, most on-line credit card payment schemes in use or proposed in recent papers assume the sensitive card information could be disclosed to all the participating banks. The assumption used to work well in traditional credit card payments before. However, negative impacts such as banking scandals, closure programs due to poor management, and security problems with Internet banking are all undermining cardholders’ trust in banks. The issuer is the trusted bank selected by the cardholder, but the acquirer is not. To reveal the cardholder’s sensitive card information to every possible acquirer implies potential risk. Based on the need-to-know principle, the two revisions are proposed to relax the assumption mentioned above. In our solutions, the sensitive card information is well protected along the way and can be extracted only by the issuer. A cardholder needs only to select a trustworthy issuer, instead of worrying about the possible breakdowns of every involved acquirer. The cost to achieve our more secure schemes demands only minor information modifications on the legacy system. D 2002 Elsevier Science B.V. All rights reserved.