Track: Masters Thesis Competition

Abstract

This paper analyzes the demand for higher security protocols for purchases made online using a credit card. Current issues obscuring progress in credit card security include the lack of adoption of EMV chip technology world-wide, loop holes still existing in the EMV chip algorithms, sale of credentials over the black market, counterfeiting, and abuse by close family members. A new protocol is proposed whereby users are required to present their EMV chipped credit card at a virtual payment gateway or physical point of sale. Furthermore, in case the purchases come under the threat of a man-in-the-middle attack, a biometric scan of the user’s fingerprint will also be mandatory to authenticate the credentials. Thus, hacks involving EMV vulnerabilities such as pre-play attacks and image capturing can also be eliminated. This protocol is revolutionary in that biometric security involving fingerprint matching in a biometric database using SDK in conjunction with EMV chip readers such as SecuGen and e-commerce websites programmed in Java have never been used simultaneously to process credit card purchases. Additionally, end-users’ attitudes towards adopting the proposed solution indicate that for the sake of security, authentication using both a card reader and fingerprint scan is preferable over current practices.