Theft of credit card information is an increasing threat to e-commerce. Payment systems introduced CVV2 as a method to mitigate the threat based on the principle that these values would not be stored once the transaction has completed. Compromised systems, communications and databases result in the unlawful capture of this authentication credential and therefore thwart its initial purpose. This study proposes the creation of dynamic CVVs (enhanced CVV2s) in order to counter these attacks. Thus a compromise of all the elements in one or more transactions will not be sufficient to guarantee successful authentication of subsequent payments. It is essential for success, that any new payment scheme take into account the key factors determinant for the acceptance of each of the participating parties. Two implementation schemes of enhanced CVVs are proposed: Matrix CVVs and Long CVVs. The proposed methods build upon the current card based e-payment infrastructure with the objective of mitigating present day threats whilst maintaining the delicate equilibrium of key factors for all participating parties. Both schemes are analysed at a security level so as to evaluate, and compare, the level of resistance function of the number of previously compromised transactions. Implementation and migration issues are equally analysed so as to determine the impacts of adoption of the proposed schemes.
| Date of Award | 2013 |
|---|
| Original language | English |
|---|
| Awarding Institution | - Universidade Católica Portuguesa
|
|---|
| Supervisor | Tito Lívio dos Santos Silva (Supervisor) |
|---|
- E-payments
- E-commerce
- Credit card number
- Coupon collectors problem
- Mestrado em Segurança em Sistemas de Informação
The power of credit card numbers and enhanced CVVs
Oliveira, V. V. D. (Student). 2013
Student thesis: Master's Thesis