Designing an Efficient and Secure Credit Card-based Payment System with Web Services Based on the ANSI X9.59-2006

Abstract

A secure Electronic Payment System (EPS) is essential for the booming online shop-ping market. A successful EPS supports the transfer of electronic money and sensitive information with security, accuracy, and integrity between seller and buyer over the Internet. SET, CyberCash, Paypal and iKP are the most popular Credit Card-Based EPSs (CCBEPSs). Some CCBEPSs only use SSL to provide a secure communication channel. Hence they only prevent the Man in the Middle fraud but do not protect the sensitive cardholder information such as credit card number to be passed to the mer-chant, who may be unscrupulous. Other CCBEPSs use complex mechanisms such as cryptography, certificate authorities, etc. to fulfill the security schemes but factors such as ease of use for the cardholder and the implementation costs for each party are fre-quently overlooked. In this paper, we propose a Web service based new payment sys-tem, based on ANSI X9.59-2006 with extra features added on top of this standard. X9.59 is an Account Based Digital Signature (ABDS) and consumer-oriented payment system. It utilizes the existing financial network and financial messages to complete the payment process. However, there are a number of limitations in this standard. This research provides a solution to solve the X9.59 limitations by adding a merchant au-thentication feature during the payment cycle without any addenda records to be added in the existing financial messages. We have conducted performance testing on the proposed system via a comparison with SET and X9.59 using simulation to analyze their levels of performance and security.