A security framework for card-based systems

The legal framework provided by the Electronic Signature Act, enacted to law as of October 1, 2000, has fueled the interest for digital signature-based payment transactions over the Internet. The bulk of formalization and security analysis to date on such secure payments has focused on creating new secure channels for existing credit or debit card systems (iKP and SET). But there has been no formal modeling, or an attempt to strengthen of the security of, the card systems themselves. In this paper we present a simple but formal communication and security model for all card-based payments, encompassing credit, debit acid pre-paid cards, and proceed to propose CardSec, a new family of card-based systems which can be proven secure under this model. In the process we also analyze the security of existing credit, debit and pre-paid card systems, both for Internet and for brick and mortar payments. We then present an efficient implementation of CardSec in the form of the InternetCash(TM) card system and analyze its security in detail. We take the opportunity to describe the InternetCash Payment Protocol (ICPP) which can be used for creating a secure channel between Transaction Processor and Customer for all Internet-bound transactions, thus acting as an alternative to iKP and SET, and offering more security than systems utilizing limited-use credit card numbers. We conclude with a discussion on pre-authorization, refunds and customer service issues.