Upload
amila-gamanayake
View
68
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Online Transaction Security
An Undergraduate Independent Study
Online transactions security 2
Overview
Introduction
Importance
Presentation Content
Future directions
Conclusion
Online transactions security 3
Introduction
What is an online transaction?
Risks involved
Challenge of providing security
Online transactions security 4
Importance
Online stores and Sales increasing
Huge money flow
Vital part of the world economy
Maintain consumer trust
Online transactions security 5
Presentation
Content The 3-D Secure protocol (3DS)
Extended Validation
SiteKey
SafePass
TLS - OBC
Online transactions security 6
The 3-D Secure
protocol Developed by Visa as Verified by Visa, Licensed by
MasterCard and American Express
XML-based protocol
In 3-D Secure 3-D stands for three domains
Acquirer Domain (bank who received the money).
Issuer Domain (bank who issued the card).
Interoperability Domain (Infrastructure supported for the 3-
DS)
Online transactions security 7
The 3-D Secure
protocolHow it works…
Online transactions security 8
Extended
ValidationPhishing sites were black listed but no one can
make a prefect black list.
Extended Validation was Invented by CA/Browser
forum and Supported by all major browsers.
Used to identify the correct web domain by
positive safety indicators.
90% of the average users have no idea of how to
use Extended Validation
Online transactions security 9
Extended
Validation
Online transactions security 10
SiteKey and
SafePass Use by Bank of America
SiteKey is a Image that Helps customers to
verify this is the real web site before
proceed with the transaction.
SafePass feature lets customer to authorize
transactions using 6-digit Passcodes. Only
used in “Bigger” transactions.
Online transactions security 11
SiteKey and
SafePass
Online transactions security 12
TLS - OBC
Transport Layer Security – Origin Bound Certificates
Modified version of old TLS client certificates
Origin-Bound Certificates are self-signed, browsers
use them to implement TLS Client Authentication.
The initial user-authentication phase is largely
considered.
Stand Strong against Man in the Middle (MITM)
attacks.
Online transactions security 13
TLS - OBC
Online transactions security 14
Future directions
Researches are expected to be done more for
commercial usages rather than for educational
and knowledge graining purposes.
Main challenge here is to develop the average
user awareness.
To be meaningful Research outcomes should be
fair trade offs between user friendliness and
security tightness.
Online transactions security 15
Thank You