An Implementation of a Secure Payment Framework

M S D Ranasinghe, R Dayarathne, D N Ranasinghe

ABSTRACT

Despite of the tremendous growth in the use of electronic financial transactions, fraud rate remains very high. Hence an approach, which also conforms to international standards, is considered towards achieving a secure framework for financial transactions at a lower cost by utilising PC's instead of proprietary terminals. [JPOS], a java based open source project, which is used world wide as a library for developing financial transaction software systems is used throughout this work. Being compliant to ISO8583 is a high priority objective while achieving security. In our approach, the standard POS terminals at the merchant's site are replaced by PC's which communicate with a Network Access Controller (NAC) securely and in turn exchanges messages with the payment host at a bank. The financial transaction framework has two phases in execution. They are the Diffie-Hellman key agreement phase and the business transaction phase. Certificates are used particularly to avoid the “man in the middle attack”. Our success story has been publicized at http://www.jpos.org.

Subscribe to ICTer News