Skip to main content
Springer Nature Link
Log in

Dynamic Virtual Credit Card Numbers

  • Conference paper
Financial Cryptography and Data Security (FC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4886))

Included in the following conference series:

Abstract

Theft of stored credit card information is an increasing threat to e-commerce. We propose a dynamic virtual credit card number scheme that reduces the damage caused by stolen credit card numbers. A user can use an existing credit card account to generate multiple virtual credit card numbers that are either usable for a single transaction or are tied with a particular merchant. We call the scheme dynamic because the virtual credit card numbers can be generated without online contact with the credit card issuers. These numbers can be processed without changing any of the infrastructure currently in place; the only changes will be at the end points, namely, the card users and the card issuers. We analyze the security requirements for dynamic virtual credit card numbers, discuss the design space, propose a scheme using HMAC, and prove its security under the assumption the underlying function is a PRF.

The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-540-77366-5_37

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Hotels.com credit-card numbers stolen: CNN Money (June 2, 2006)

    Google Scholar 

  2. Anderson, R.: Why cryptosystems fail. Communications of the ACM 37(11), 32–40 (1994)

    Article  Google Scholar 

  3. Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. Cryptology ePrint Archive, Report 2006/043 (2006), http://eprint.iacr.org/

  4. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, Springer, Heidelberg (1996)

    Google Scholar 

  5. Bellare, M., Garay, J., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Herreweghen, E.V., Waidner, M.: Design, implementation and deployment of the ikp secure electronic payment system. IEEE Journal on Selected Areas in Communications 18, 611–627 (2000)

    Article  Google Scholar 

  6. Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, Springer, Heidelberg (1994)

    Google Scholar 

  7. Black, J., Rogaway, P.: Ciphers with arbitrary finite domains. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 114–130. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  8. Citigroup.: Citi identify theft solutions: Virtual account numbers, http://www.citibank.com/us/cards/cardserv/advice/van.htm

  9. Dennis, S.: French banks hacked (March 2000), http://www.computeruser.com/newstoday/00/03/11/news4.html

  10. Discover Bank.: Discover card: Secure online account numbers, http://www.discovercard.com/discover/data/faq/soan.shtml

  11. Evers, J.: Amazon unit loses credit card data to hackers. InfoWorld (March 6, 2001)

    Google Scholar 

  12. Franklin, D.C., Rosen, D.: Electronic online commerce card with transactionproxy number for online transactions. Patent 5883810 (1999)

    Google Scholar 

  13. Kim, J., Biryukov, A., Preneel, B., Hong, S.: On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. Cryptology ePrint Archive, Report 2006/187 (2006), http://eprint.iacr.org/

  14. Krim, J., Barbaro, M.: 40 Million Credit Card Numbers Hacked. Washington Post, p. A01 (June 18, 2005)

    Google Scholar 

  15. MasterCard: Mastercard securecode, http://www.mastercard.com/securecode/

  16. Preneel, B., van Oorschot, P.C.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)

    Google Scholar 

  17. Rubin, A.D., Wright, R.N.: Off-line generation of limited-use credit card numbers. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 196–209. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  18. Secure Electronic Transaction LLC: Set secure electronic transaction specification – version 1.0 (1997)

    Google Scholar 

  19. Shamir, A.: Secureclick: A web payment system with disposable credit card numbers. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 232–242. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  20. Singh, A., dos Santos, A.L.M.: Grammar based off line generation of disposable credit card numbers. In: SAC 2002, pp. 221–228. ACM Press, New York (2002)

    Google Scholar 

  21. D. Transactions. Discover redoubles its commitment to single-use card numbers, http://www.orbiscom.com/news9.php

  22. Visa International Service Association: Visa security progam: Verified by visa, https://usa.visa.com/personal/security/vbv/index.html

  23. Visa International Service Association: Rules for visa merchants - card acceptance and chargeback management guidelines. Technical report, Visa International Service Association (2005)

    Google Scholar 

  24. Visa International Service Association: Visanet fact sheets (2006), http://www.corporate.visa.com/md/fs/corporate/visanet.jsp

  25. Weiss, T.: Laptop with credit card info for 80,000 DOJ workers stolen. ComputerWorld (March 31 2005), http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,102146,00.html

  26. Ziegler, J.: Everything you ever wanted to know about CC’s, http://euro.ecom.cmu.edu/resources/elibrary/everycc.htm

Download references

Author information

Authors and Affiliations

  1. Purdue University, USA

    Ian Molloy & Ninghui Li

  2. Intel Corporation, USA

    Jiangtao Li

Authors
  1. Ian Molloy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiangtao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ninghui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Software Engineering Institute, Carnegie Mellon University, 4500 Fifth Avenue, 15213, Pittsburgh, PA, USA

    Sven Dietrich

  2. CRCS DEAS, Harvard University, Maxwell Dworkin 110, 33 Oxford Street, 02138, Cambridge, MA, USA

    Rachna Dhamija

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Molloy, I., Li, J., Li, N. (2007). Dynamic Virtual Credit Card Numbers. In: Dietrich, S., Dhamija, R. (eds) Financial Cryptography and Data Security. FC 2007. Lecture Notes in Computer Science, vol 4886. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77366-5_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77366-5_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77365-8

  • Online ISBN: 978-3-540-77366-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics