A Secure Wireless Lightweight Payment Protocol for Bank Cards

Abstract

Credit/Debit cards or so-called Bank cards have made shoppers life easier to complete purchases online or point of sale without having money in hand. A Bank card is a plastic card issued by Banks for easy credit/debit purchases. It has set a trendin the society to use bank cards instead of money because of its convenience and easy usage. Butthere are large numbers of credit/debit card frauds reported in recent years, all over the world.Peopleget into trouble due to lack of risk awareness in using these cards, and they lose their valuable funds from their accounts. Some of the popular ways of committingcredit/debit card frauds may include Identity theft, Skimming, Shoulder Surfing, Dumpster Diving, Packet Intercepting and Database Stealing and these are hard to prevent. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from genuine cardholders‟ account. This issue has been addressed in the past by introducing number of secure communication protocols. Most of them had kept as conceptual models due tothecomplexities in implementing them practically. A well-known example is the SET protocol. Moreover there are some protocols which are in use such as “3D secure” but still they haven‟t address the scenarios like identity theft, when thieves catch cards arrive in the postal mail. The purpose of this dissertation is to address the above stated concerns by introducing asecure wireless lightweight payment protocol for bank cards which can be easy to implement. Along with that an android mobile application called “MCard” is introduced which is a replacement to traditional plastic credit/debitcards. The idea behind introducing MCard is to prevent credit/debit card frauds mentioned earlier. If needed,it can be customized to any extra functionality availablein plasticcredit/debit cards. The proposed protocol uses PKI (Public key encryption) for the transactions directly taking place between customer‟s bank and the merchant‟s bank. The symmetric key encryption is used for the rest of the intermediate communications along with Hashing. The proposed protocol consists of two phases. 1. Install the MCard in customer‟s mobile phone. 2. Payment process. The scope of this project is limited to implement this protocol only for point of sale purchases. This can be further customized/ extended for other scenarios (such as online purchases) as well and that will be kept as future work.