Disposable credit card numbers are a recent approach to tackling the severe problem of credit card fraud, nowadays constantly growing, especially in the context of e-commerce payments. Whenever we cannot rely on a secure communication channel between cardholder and issuer, a possibility is to generate new numbers on the basis of some common scheme, starting from a shared secret information. However, in order to make the approach meaningful from a practical point of view, the solution should guarantee backward compatibility with the current system, absence of new investments in dedicated hardware, wide-spectrum usability, and adequate security level. In this paper, we propose a solution based on the use of standard mobile phones, fully meeting the above desiderata. Importantly, our solution does not require any cryptographic support and, as a consequence, the use of PADs or smart phones, opening then its usability to a wider potential market.
Implementing Disposable Credit Card Numbers by Mobile Phones / Buccafurri, Francesco; Lax, Gianluca. - In: ELECTRONIC COMMERCE RESEARCH. - ISSN 1389-5753. - 11:3(2011), pp. 271-296. [10.1007/s10660-011-9078-0]
Implementing Disposable Credit Card Numbers by Mobile Phones
BUCCAFURRI, Francesco;LAX, Gianluca
2011-01-01
Abstract
Disposable credit card numbers are a recent approach to tackling the severe problem of credit card fraud, nowadays constantly growing, especially in the context of e-commerce payments. Whenever we cannot rely on a secure communication channel between cardholder and issuer, a possibility is to generate new numbers on the basis of some common scheme, starting from a shared secret information. However, in order to make the approach meaningful from a practical point of view, the solution should guarantee backward compatibility with the current system, absence of new investments in dedicated hardware, wide-spectrum usability, and adequate security level. In this paper, we propose a solution based on the use of standard mobile phones, fully meeting the above desiderata. Importantly, our solution does not require any cryptographic support and, as a consequence, the use of PADs or smart phones, opening then its usability to a wider potential market.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
