Secure electronic payments for Islamic finance

Secure electronic payment systems are of paramount importance in supporting the further development of electronic commerce. While an electronic payment system must meet the needs of both businesses and consumers, most of the current electronic payment schemes are based on the traditional methods of finance we are familiar with in the western world. The main aim of this thesis is to develop new secure electronic payment schemes that satisfy the requirements posed by Islamic finance principles, which forbid the payment or receipt of interest. After providing a generic model for an electronic payment system, a description of some of the properties that distinguish the various types of electronic payment systems is given. The thesis then reviews examples of electronic payment schemes that are relevant to this thesis. The main concepts underlying Islamic finance are also introduced. The main contribution of this thesis is to propose four protocols that can be used to conduct secure electronic commerce transactions in a way that is consistent with Islamic financial principles. In the theme of developing new schemes to enable new participants to benefit from electronic payments, we also propose a simple and secure interpersonal payment system. EMV compliant IC cards have been developed to secure traditional Point of Sale debit/credit transactions. In this thesis, we propose a way to use EMV-compliant cards to conduct an electronic Murabaha transaction with the goal of exploiting the widespread deployment of EMV cards. The Internet is the platform on which most electronic commerce transactions are performed. To build upon this base, this thesis presents a method for conducting a secure electronic Murabaha transaction using the Internet. The increase in ownership of mobile phones suggests that they can be an effective means of authorising payment in electronic commerce transactions, offering security and convenience advantages by comparison with on-line payments conducted using PCs only. Therefore, this thesis proposes a new GSM-based payment system that enhances the security of Internet Murabaha transactions. Although many charities have a web presence, almost all of them have been designed to accept credit cards as the only means for making donations. The anonymity requirements of many donors, however, make the existing means of donation inappropriate for them. A new scheme supporting anonymous donations and distribution of these donations is therefore proposed

TRADECARD: Building A Global Trading Electronic Payment System

In an attempt to provide an on-line payment mechanism for large-dollar cross-border transactions, TradeCard Inc. developed the world\u27s first and only credit card for international trade. This case study discusses the major issues surrounding the viability of such a B2B electronic payment architecture. How would TradeCard provide a seamless and secure on-line settlement transaction? Is its platform capable of synchronizing all the databases involved in international transactions yet allowing all companies to use their own tools, operating systems and hardware platforms? How would TradeCard aggregate the disparate services offered by the network of companies involved in international trade? Would it change the mindset of global traders so that they would use its services rather than the traditional off-line settlement methods? The case discusses the critical issues involved in creating an international electronic payment system for cross-border transactions; the impact of new on-line alternative payment mechanisms on international trade payment environment; the systems security requirements for safe electronic payments for B2B e-commerce; and TradeCard\u27s business plan and marketing strategy in building a global e-commerce trading system

Electronic business and electronic commerce (supporting lecture notes for students of dirеction "Management" of all forms of education)

E-Business systems naturally have greater security risks than traditional business systems, therefore it is important for e-business systems to be fully protected against these risks. Customers, suppliers, employees, and numerous other people use any particular e-business system daily and expect their confidential information to stay secure. Hackers are one of the great threats to the security of e-businesses. Some common security concerns for e-Businesses include keeping business and customer information private and confidential, authenticity of data, and data integrity. Some of the methods of protecting e-business security and keeping information secure include physical security measures as well as data storage, data transmission, anti-virus software, firewalls, and encryption to list a few.Розглянуто та рекомендовано до друку на засіданні кафедри інноваційного менеджменту та підприємництва, протокол No1 від 27 серпня 2015 року. Схвалено та рекомендовано до друку на засіданні методичної комісії факультету управління та бізнесу у виробництві Тернопільського національного технічного університету імені Івана Пулюя, протокол No6 від 26 лютого 2016 року.The purpose of thе document is to present the different underlying "technologies" (in reality, organizational modes based on information and communication technologies) and their associated acronyms. The term "e-Business" therefore refers to the integration, within the company, of tools based on information and communication technologies (generally referred to as business software) to improve their functioning in order to create value for the enterprise, its clients, and its partners.Topic 1. Basic concepts of electronic business and electronic commerce 1.1. Basic concepts and principles of e-business. 1.2. Origins and growth of e-commerce. Topic 2. Ecommerce as a part of electronic business 2.1. E-business infrastructure, e-environment and e-business strategy 2.2. Ways of e-business conducting. Online trading. Topic 3. Basis of global computer network internet functioning. 3.1. Basic principles of internet. 3.2. The most common services of Іnternet. 3.3. The concept and structure of Internet marketing. Topic 4. E-commerce systems in corporate sector 4.1. The basic processes of implementation of electronic commerce in the B2B sector. Virtual enterprise, internet incubator, mobile commerce. 4.2. The role of supply-chain management (SCM) and customer relationship management (CRM) in e-commerce. Topic 5. Information management for effective e-commerce building through intranet and extranet 5.1. Basic principles of Intranet functioning. 5.2. Extranet and its security issues. Topic 6. Electronic payment systems 6.1. Electronic payment systems. 6.2. Primary classification of payment systems

Secured e-payment system based on automated authentication data and iterated salted hash algorithm

Electronic payment has been considered as one of the most significant and convenient applications of modern electronic services e-University compared to traditional methods that impose time-consuming, human resources, and inefficiency. Different automatic identification technologies have been widely used, such as radio frequency identification (RFID). Extensive research and several applications are focusing on taking the maximum advantage of RFID technology. Data and information security had considered a crucial role when information concerning e-commerce, e-banking, or e-payments, especially due to it required real data to establish accessed illegally. Hence, data originality and security fall a very significant and critical issue in data communication services in recent years. Applications such as e-banking or e-commerce regularly contain sensitive and personal information that should be managed and controlled by authorized persons. Thus, keeping a secure password is important to prevent unauthorized users from illegal access. The password hashing is one of the safety methods and means of preventing attacks. In this article, focuses on proposing an RFID based electronic payment and also provide multi-level security privileges for an academic domain by using RFID technology besides the programmable logic circuit as well the system used VB.Net C# environment also desktop and web-based application for system working purposes. The proposed system aims to manage student payments in a secure manner and provides the capabilities of getting a bus ticket, copying books, buying food, paying registration fees, and other services. The results have shown the system is secured by using the confirmation code in addition to password encryption

A secure electronic Murabaha transaction

Conventional credit card transactions are not consistent with Islamic principles, as exemplified by the Islamic banking system and the ‘Murabaha sale’. Thus, if Islamic principles are to be applied to e-commerce, where credit card transactions are the norm, a new and secure electronic payment process is required. In this paper we present a method for secure electronic Murabaha transactions. After introducing the notion of Murabaha sale within the Islamic banking framework, we describe a general model for a secure electronic Murabaha transaction, and then consider the associated security risks. Security requirements are then identified for a secure electronic Murabaha transaction. We then present the Secure Electronic Murabaha Transaction (SEMT), designed to address the identified security requirements. Finally, we analyse how the proposed protocol matches the identified security requirements. 1

Design of secure mobile payment protocols for restricted connectivity scenarios

The emergence of mobile and wireless networks made posible the extensión of electronic commerce to a new area of research: mobile commerce called m-commerce, which includes mobile payment), that refers to any e-commerce transaction made from a mobile device using wireless networks. Most of the mobile payment systems found in the literatura are based on the full connectivity scenario where all the entities are directly connected one to another but do not support business models with direct communication restrictions between the entities of the system is not a impediment to perform comercial transactions. It is for this reason that mobile payment systems that consider those situations where direct communications between entities of the system is not posible (temporarily or permanently) basically due to the impossibility of one of the entities connected to the Internet are required. In order to solve the current shortage in the scientific world of previous research works that address the problema of on-line payment from mobile devices in connectivity restricted scenarios, in this thesis we propose a set of secure payment protocols (that use both symmetric and non-traditional asymmetric cryptography), which have low computational power requirements, are fit for scenarios with communications restrictions (where at least two of the entities of the system cannot exchange information in a direct way and must do it through another entity) and offer the same security capabilities as those protocols designed for full connectivity scenarios. The proposed protocols are applicable to other types of networks, such as vehicular ad hoc network (VANETs), where services exist which require on-line payment and scenarios with communication restrictions.On the other hand, the implementation (in a multiplatform programming language) of the designed protocols shows that their performance is suitable for devices with limited computational power.Postprint (published version

A security payment model for financial payment using mykad

The Malaysian Government has created smart national identity card named MyKad for every citizen aged 12 and above since September, 2001. In the following year, the National Registration Department of Malaysia (JPN) has embedded the latest application of MyKad, which is known as Public Key Infrastructure (PKI). It allows secure electronic transactions over the Internet. The electronic transactions include online submission of tax returns, secure email and e-commerce. In parallel with the emergence of e-commerce payment system, a new MyKad Payment Model (MPM) is proposed in order to introduce to the public another function of MyKad that is not only for identification purposes, but also in e-commerce transactions. However, to make this payment model accepted by the public, the focus should be made on two issues; trust/security issue and performance issue. A system with security technique named Arbitrary Random Security Algorithm (ARSA) and a one-to-one multithreading model need to be developed in order to accelerate the authentication response time of MPM. ARSA will automatically change its security algorithm based on times and attacks. If there is no attack or intrusion detected, MPM will wait for the scheduled switching within 30 minutes. However, if attack or intrusion is detected in less than 30 minutes, ARSA will automatically change the security algorithm to a new one. The evaluation of the MPM performance is measured with HP LoadRunner testing tools from which it is found that the response time of MPM with multithreading is better compared to the single thread model and credit card authorisation system. Moreover, the development of ARSA makes this model more secure and safer for the customers

Analisis Keamanan Jaringan Komputer Pada Electronic Payment Menggunakan Secure Electronic Transaction ( SET )

ABSTRAKSI: Perkembangan internet yang sangat pesat di dunia menyebabkan banyak perusahaan barang dan jasa merubah gaya bisnisnya melalui internet. Salah satu yang marak dikembangkan adalah sistem perdagangan melalui internet.Dengan semakin berkembangnya perdagangan di Internet, banyak pula protokol protokol yang dipergunakan untuk perdagangan di Internet. Protokol ini digunakan untuk menghindari adanya penyusupan atau penyalahgunaan fasilitas perdagangan di internet yang menyebabkan kerugian oleh salah satu pihak. Salah satu protokol yang dianggap paling aman adalah Secure Electronic Transaction (SET) yang dikeluarkan oleh Visa dan Mastercard. Di Indonesia belum ada yang mengimplementasikan SET untuk perdagangan di Internet. Dalam penelitian ini dicoba untuk membuat emulasi protokol SET dan kemudian menganalisanya.SET ( Secure Electronic Transaction ) merupakan protokol yang dikeluarkan oleh Visa dan Mastercard yang ditujukan untuk melindungi proses perdagangan melalui internet terhadap kejahatan – kejahatan yang mungkin dilakukan melalui internet. Protokol ini didukung oleh penyediaan fasilitas enkripsi yang cukup memadai. Fasilitas utama yang dibanggakan oleh protokol ini adalah adanya dual signature yang membuat pemisahan antara data order pembelian dan informasi pembayaran. Pada protokol ini, merchant hanya dapat mengetahui informasi order barang yang diajukan oleh client tanpa dapat mengetahui informasi pembayaran yang akan digunakan oleh client. Oleh karena itu, dalam protokol ini dibutuhkan pihak ketiga yaitu payment gateway yang akan mengurus proses pembayaran kedua belah pihak.Tujuan dari tugas akhir ini adalah untuk merancang emulasi objek-objek yang dipakai dalam protokol SET dan kemudian menganalisa protokol ini pada aplikasi electronic payment.Sistem yang dirancang ternyata dapat memenuhi parameter – parameter keamanan jaringan komputer yaitu confidentiality, integrity, authentication, authority, dan non-repudiation. Sistem belum mampu mengatasi pemutusan pengiriman data yang dilakukan pada serangan man-in-the-middle namun data yang tertangkap masih terlindungi karena masih dalam bentuk ciphertext. Sistem masih aman terhadap serangan brute-force sampai beberapa tahun ke depan.Kata Kunci : electronic payment,SET,dual signatureABSTRACT: The development of internet in the world causes many company changes their style of bussiness through internet. For example is trading system via internet.Together with developed of trading via internet, many protocol that is used for e- commerce. This protocol is used for avoiding intruding or exploiting facility in e-commerce that can cause damage for the party. One of many protocol that considered as the most secure is Secure Electronic Transaction ( SET ) that is released by Visa and MasterCard. In Indonesia, no one has implemented SET for e-commerce. In this final task, i try to make the SET emulator and then analyze it.SET is a protocol that is released by Visa and MasterCard that used for protect the trading process via internet from any crime that maybe happened in internet. This protocol is supported by strong encryption method. The main facility from this protocol is dual signature that separates between order information and payment information. In this protocol, merchant just can know the order information without know the payment information. Therefore, this protocol needs a third party that is payment gateway which can manage the payment transaction from each parity.The purpose of this final task is to make emulator and the objects that are used in SET and then analyze the protocol in electronic payment.System that has been made can meet the requirement of computer network security parameter such as confidentiality, integrity, authentication, authority, and non-repudiation. System has not able to overcome man-in-the-middle attack, but it still can protect the data because it still in ciphertext form. System able to overcome brute-force attack until next few year.Keyword: electronic payment,SET,dual signatur

A modularized electronic payment system for agent-based e-commerce

With the explosive growth of the Internet, electronic-commerce (e-commerce) is an increasingly important segment of commercial activities on the web. The Secure Agent Fabrication, Evolution & Roaming (SAFER) architecture was proposed to further facilitate e-commerce using agent technology. In this paper, the electronic payment aspect of SAFER will be explored. The Secure Electronic Transaction (SET) protocol and E-Cash were selected as the bases for the electronic payment system implementation. The various modules of the payment system and how they interface with each other are shown. An extensible implementation done using JavaTM will also be elaborated. This application incorporates agent roaming functionality and the ability to conduct e-commerce transactions and carry out intelligent e-payment procedures

SPP Secure Payment Protocol: Protocol Analysis, Implementation and Extensions

Internet commerce continues to grow rapidly. Over 60% of US households use the internet to shop online. A secure payment protocol is required to support this rapid growth. A new payment protocol was recently invented at IBM. We refer to the protocol as SPP or Secure Payment Protocol. This thesis presents a protocol analysis of SPP. It is essential that a thorough security analysis be done on any new payment protocol so that we can better understand its security properties. We first develop a method for analyzing payment protocols. This method includes a list of desirable security features and a list of proofs that should be satisfied. We then present the results of the analysis. These results validate that the protocol does contain many security features and properties. They also help understand the security properties and identify areas where the protocol can be further secured. This led us to extend the design of the protocol to enhance its security. This thesis also presents a prototype implementation of SPP. Three software components were implemented. They are the Electronic Wallet component, the merchant software component and the Trusted Third Party component. The architecture and technologies that are required for implementation are discussed. The prototype is then used in performance measurement experiments. Results on system performance as a function of key size are presented. Finally, this thesis presents an extension of SPP to support a two buyer scenario. In this scenario one buyer makes an order while another buyer makes the payment. This scenario enables additional commerce services