Abstract
Credit/debit card payment transactions do not protect the privacy of the customer. Once the card is handed over to the merchant for payment processing, customers are “no longer in control” on how their card details and money are handled. This leads to card fraud, identity theft, and customer profiling. Therefore, for those customers who value their privacy and security of their payment transactions, this paper proposes a choice—an alternate mobile payment model called “Pre-Paid Mobile HTTPS-based Payment model”. In our proposed payment model, the customer obtains the merchant’s bank account information and then instructs his/her bank to transfer the money to the merchant’s bank account. We utilize near field communication (NFC) protocol to obtain the merchant’s bank account information into the customer’s NFC-enabled smartphone. We also use partially blind signature scheme to hide the customers’ identity from the bank. As a result, our payment model provides the customer with complete control on his/her payments and privacy protection from both the bank and the merchant. We emulated our proposed mobile payment model using Android SDK 2.1 platform and analyzed its execution time.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abe M, Okamato T (2000) Provably secure partially blind signature. In: proceedings of annual international cryptology conference. LNCS 1880:271–286
Balakrishnan M, Mohomed I, Ramasubramanian V (2009) Where’s that phone?: geolocating IP addresses on 3G networks. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, pp 294–300
Brands S (1993) Untraceable off-line cash in wallets with observers. In: Proceedings of annual international cryptology conference, pp 302–318, ISBN 3-540-57766-1
Cao T, Lin D, Xue R (2005) A randomized RSA-based partially blind signature scheme for electronic cash. Comput Secur 24–1:44–49
Chaum D, Fiat A, Naor M (1988) Untraceable electronic cash. In: Proceedings of annual international cryptology conference, pp 319–327, ISBN 3-540-97196-3
Chaum D (1982) Blind signatures for untraceable payments. In: Proceedings of annual international cryptology conference, pp 199–203
EPCglobal Inc website. http://www.EPCglobalinc.org
EPCglobal Specification, The EPCglobal architecture framework. http://www.epcglobalinc.org/standards/
Gartner Inc. (2009) Dataquest Insight: mobile payment, 2007–2012. http://www.gartner.com/it/page.jsp?id=995812
Hayashi F (2009) Do US consumers really benefit from payment card rewards?. Econ Rev, First Quarter, Federal Reserve Bank of Kansas City, https://www.kansascityfed.org/Publicat/ECONREV/PDF/09q1Hayashi.pdf
Heydt-Benjamin TS, Bailey DV, Fu K, Juels A, O’Hare T (2007) Vulnerabilities in first-generation RFID-enabled credit cards. In: Proceedings of eleventh international conference on financial cryptography and data security. LNCS 4886, pp 2–14
Internet Engineering Task Force (IETF), Network Working Group, Rescorla E (2000) “HTTP Over TLS”, RFC2818. http://tools.ietf.org/html/rfc2818
ISO/IEC 14443-1∼4 (2008) Identification cards—contactless integrated circuit cards—proximity cards. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=39693
ISO/IEC 18092, Near Field Communication Interface and Protocol (NFCIP-1). http://www.iso.org/iso/catalogue_detail.htm?csnumber=38578
Massouda N, Saundersb A, Scholnickc B (2010) The cost of being late? The case of credit card penalty fees. J Financ Stability. doi:10.1016/j.jfs.2009.12.001
MasterCard Worldwide, Tap & Go with MasterCard PayPass. http://www.paypass.com/
MasterCard Worldwide, MasterCard Pioneers Innovation in Payments with NFC Enabled Mobile Phones. http://www.mastercard.com/hk/personal/en/wce/pdf/19755_Microsoft_Word_-_0411_-_HK-_NFC_release_-_Eng_-FINAL.pdf
Michael K, Burrows JH ELECTRONIC DATA INTERCHANGE (EDI). National Institute of Standards and Technology, 1996/04/29. http://www.itl.nist.gov/fipspubs/fip161-2.htm
National Institute of Standards and Technology (NIST) (2009) Digital Signature Standard (DSS), The Federal Information Processing Standards (FIPS) Publication 186–3. http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
NFC Forum website. http://www.nfc-forum.org/home
Pritchard S (2009) Data lost, not found. Infosecurity 6-4:22–24
Roberds W, Schreft SL (2009) Data breaches and identity theft. J Monetary Econ 56-7:918–929
Schuhy S, Shyz O, Stavins J (2010) Who gains and who loses from credit card payments? Theory and calibrations. The Economics of Payments IV—Federal Reserve Bank of New York. http://newyorkfed.org/research/conference/2010/econ/reward28.pdf
Sweeney II PJ (2005) RFID for dummies. Wiley, ISBN: 0-7645-7910-X
VeriSign, The EPCglobal Network: Enhancing the supply chain. White Paper (2005). http://www.verisign.com/static/DEV044095.pdf
Vijayan J (2009) Heartland data breach sparks security concerns in payment industry. News article at Computerworld, http://www.computerworld.com/s/article/9126608/Heartland_data_breach_sparks_security_concerns_in_payment_industry
Visa USA, VISA PAYWAVE. http://usa.visa.com/personal/cards/paywave/index.html
Visa Europe, Visa Contactless—the wave and pay alternative to cash for low value transactions. http://www.visaeurope.com/pressandmedia/factsheets/visacontactless.jsp
Acknowledgments
This work was partially supported by Brain Korea 21 (BK21) Project of the Korea Research Foundation (KRF) grants to Made Harta Dwijaksara.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Konidala, D.M., Dwijaksara, M.H., Kim, K. et al. Resuscitating privacy-preserving mobile payment with customer in complete control. Pers Ubiquit Comput 16, 643–654 (2012). https://doi.org/10.1007/s00779-011-0436-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-011-0436-7