Security Requirements for Safe E-Payment Systems
The concrete security requirements of electronic payment systems vary, depending based on their attributes as well as the presumptions made about their reliability. Electronic payment systems must, however, generally function with integrity, permission, secrecy, availability, and dependability.
Honesty and permission
If a payment system is honest, no money may be stolen from a user without that user’s express consent. It could also prohibit accepting money without express permission in order to stop instances of things like uninvited bribery. In a payment system, authorization is the most crucial connection. Three methods exist for authorizing payment: out-of-band authorization, passwords, and signatures.
Authorization outside of the band
This method involves notifying the authorized party, who is usually the payer, of a transaction by the verifying party, which is usually a bank. The payment must be approved or denied by the authorized party by a secure, out-of-band channel (phone or surface mail, for example). The present method for credit cards that involves phone and postal orders is as follows: Anybody with access to a user’s credit card information may start transactions, thus the authorized user has to regularly monitor their statement and report any illegal charges. The transaction is automatically deemed “approved” if the user does not file a complaint within a certain window of time, often 90 days.
Authorization of passwords
Every communication from the authorized party for a transaction that is password-protected must include a cryptographic check value. A secret that is only known to the persons approving and confirming the check is used to calculate the check value. Passwords, PINs, or any other kind of shared secret may be used as this secret. Furthermore, small shared secrets, such as a six-digit PIN, are naturally vulnerable to a variety of assaults. They are unable to provide a high level of protection on their own. They need to be limited to managing entry to a tangible token, such as a wallet or smart card, which handles the real authorization using safe cryptographic techniques like digital signatures.
authorization of signatures
The verifying party in this kind of transaction needs the authorizing party’s digital signature. Digital signatures provide nonrepudiation of origin: although anybody with the matching public verification key may confirm the validity of signatures, only the owner of the secret signing key can “sign” communications.
Keep Information Private
Transaction secrecy may be desired by some parties. In this sense, confidentiality refers to limiting knowledge about several aspects of a transaction, such as the payer’s or payee’s identity, the substance of the purchase, the amount, and so on. Usually, the participants alone should have access to this information due to the confidentiality need. If untraceability or anonymity are needed, it could be necessary to restrict this information to certain participant subsets alone, as will be discussed later.
Availability and dependability
Everybody needs to be able to send and receive money as needed. Payment transactions must always be atomic, taking place in whole or in part and never remaining in an ambiguous or inconsistent state. If there was a network or system breakdown, no payer would take a loss of money—not a big one, anyhow. All software and hardware components, as well as the underlying networking services, must be sufficiently trustworthy for availability and dependability to exist. Certain resynchronization methods and a kind of reliable storage at all parties are necessary for crash failure recovery. Since the majority of payment systems do not specifically handle these fault tolerance concerns, they are not covered here.