Are My Transactions Secure?

Online Transactions are one of the most talked subjects when e-commerce is concerned. Currently Visa and MasterCard support 3-Domain system to secure your online transactions. The 3-Domain System(3D)is used in 3D-Secure XML based protocol as an added security layer for online transaction. The other protocol that was developed for transaction includes Secure Electronic Transaction(SET) which is open transaction protocol specially developed for securing Credit Card transaction. So lets have a little look on these protocols.

#-Link-Snipped-#Lets start with SET. SET was developed as protocol that can be used for online transactions to provide credit card privacy. Please note that though it works as transaction protocol it does not act as transaction system or payment system. SET provides security by encrypting transaction in encryption mechanisms. SET uses symmetric encryption in from of Data Encryption Standard DES as well as asymmetric encryption to transmit session keys for DES transaction. The key features that SET provides includes ?Confidentiality of information, ?Integrity of data,? Card holder’s account authentication and ?Merchant authentication. The important feature that was included in SET was dual signature. The dual signature method used to create a Message Digest (MD) for both Payment Information (PI) as well as Order Information (OI) calculated from customer side. Like this merchandise can be completed without merchant knowing PI since he used to receive MD of PI and bank without knowing OI since it used to receive MD of OI. Merchant can never see your Credit Card and Bank can never see products you buy thus privacy was preserved since transaction can be completed using MD of OI and PI. Though as per my view is concerned this is much secure than 3D mechanism but hardly used in its comparison.

3D was developed by Visa to implement security to Internet payments. Visa runs this protocol under its name as 3D secure whereas it was adopted by MasterCard as MasterCard SecureCode. 3D uses authentication process via three domains to provide authentic transaction. Following are the three domains it uses for authentication.

Acquirer Domain (Bank of merchant where payment is to be made)

Issuer  Domain (Bank which issued card to card holder)

Interoperability Domain (Domain of credit card scheme to support protocol)

The protocol uses XML messages sent over SSL connections to preserve privacy. To provide authentication card issuer can use any mechanism but usually a password is used for which an iframe from bank system loads and asks for password.

Criticism:

3D payment system though secure can not be always guaranteed are being initialized by a authorized vendor or merchant. Since iframe loads from bank’s domain how much can be you sure that the page belongs to bank’s domain or someone else has just phished you to gain your password. The hardware used for 3D payments can be configured to be monitored and are susceptible to be watched by third person being always available for Man In The Middle Attack. These are some reasons why Credit Card scams are always very effective while you make an electronic transaction.

#-Link-Snipped-#SET though secure, offers only 56bit DES encryption instead of 128bit or 256bit DES. With super fast computers available today 56bit encryption will hardly take 5-6 hours to break with a brute force attack. This is the only drawback of SET but no one specially bank and merchants are ready to implement a better encryption method.

When so much things are going online you can hardly ever notice that you are fooled unless you receive your bills. The protocols and security measures are not as much safe as we were expecting to be though you implement them from best person in field because the mechanism itself is faulty. The best way to keep yourself safe from getting fooled online is to make transaction via known or trusted merchants only because its better to keep yourself safe than crying afterwards.

Replies

You are reading an archived discussion.

Related Posts

India has been buzzing with the talks of mobile number portability. After much deliberation and a delay of almost a year, which is not unnatural here, the service is finally...
He topped SSC exams and made sure that his enlarged photograph was hung in head-master's office for several years. In late 80's he could have settled in a job with...
The CompactFlash association has published CF6.0 specifications, three companies are gearing up for the future. Sony, Nikon & Sandisk have proposed a new memory card format that switches from PATA...
As a regular user on Internet we expect some kind of security, this security is provided in form of Secure Socket Layer(SSL) and Transport Layer Security(TLS). Both security models use...
Last month I purchased Linux For You magazine, since after taking Computer Security as my subject I got more interested in Open Source and Linux based systems. While reading articles...