online transaction security (an undergraduate independent study)

Online Transaction Security

An Undergraduate Independent Study

Online transactions security 2

Overview

Introduction

Importance

Presentation Content

Future directions

Conclusion

Online transactions security 3

Introduction

What is an online transaction?

Risks involved

Challenge of providing security

Online transactions security 4

Importance

Online stores and Sales increasing

Huge money flow

Vital part of the world economy

Maintain consumer trust

Online transactions security 5

Presentation

Content The 3-D Secure protocol (3DS)

Extended Validation

SiteKey

SafePass

TLS - OBC

Online transactions security 6

The 3-D Secure

protocol Developed by Visa as Verified by Visa, Licensed by

MasterCard and American Express

XML-based protocol

In 3-D Secure 3-D stands for three domains

Acquirer Domain (bank who received the money).

Issuer Domain (bank who issued the card).

Interoperability Domain (Infrastructure supported for the 3-

DS)

Online transactions security 7

The 3-D Secure

protocolHow it works…

Online transactions security 8

Extended

ValidationPhishing sites were black listed but no one can

make a prefect black list.

Extended Validation was Invented by CA/Browser

forum and Supported by all major browsers.

Used to identify the correct web domain by

positive safety indicators.

90% of the average users have no idea of how to

use Extended Validation

Online transactions security 9

Extended

Validation

Online transactions security 10

SiteKey and

SafePass Use by Bank of America

SiteKey is a Image that Helps customers to

verify this is the real web site before

proceed with the transaction.

SafePass feature lets customer to authorize

transactions using 6-digit Passcodes. Only

used in “Bigger” transactions.

Online transactions security 11

SiteKey and

SafePass

Online transactions security 12

TLS - OBC

Transport Layer Security – Origin Bound Certificates

Modified version of old TLS client certificates

Origin-Bound Certificates are self-signed, browsers

use them to implement TLS Client Authentication.

The initial user-authentication phase is largely

considered.

Stand Strong against Man in the Middle (MITM)

attacks.

Online transactions security 13

TLS - OBC

Online transactions security 14

Future directions

Researches are expected to be done more for

commercial usages rather than for educational

and knowledge graining purposes.

Main challenge here is to develop the average

user awareness.

To be meaningful Research outcomes should be

fair trade offs between user friendliness and

security tightness.

Online transactions security 15

Thank You