Title: A pragmatic approach to temporary payment card numbers
Authors: David J. Boyd
Addresses: Information Security Group, Royal Holloway, University of London, Egham, Surrey TW20 0EX, UK
Abstract: With the push towards electronic payments that use a smart card and authenticate the cardholder by his or her personal identification number, much fraud has switched to the residual payment methods that just rely on knowing the card number: card-not-present transactions. There are various countermeasures; notably some issuers allocate temporary card numbers (TCNs). The snag is that this is an online solution that requires the cardholder to be identified and authenticated over a separate and direct link between the cardholder and card issuer each time a number is allocated. Some off-line mechanisms have been proposed but those TCNs do not act as the cardholder|s identifier. This paper examines a sample of online and off-line TCN mechanisms and then proposes an off-line mechanism that gives a comparable service to the online mechanisms. The cardholder|s privacy is protected whilst still allowing proof of payment.
Keywords: CNP; card-not-present; electronic commerce; e-commerce; non-repudiation; offline TCN; payment cards; online TCN; temporary card numbers; electronic payment; e-payment; cardholder privacy; proof of payment.
DOI: 10.1504/IJESDF.2009.027521
International Journal of Electronic Security and Digital Forensics, 2009 Vol.2 No.3, pp.253 - 268
Received: 06 Oct 2008
Accepted: 10 Dec 2008
Published online: 28 Jul 2009 *