On the design of secure electronic payment schemes for Internet

Considers the design of secure electronic credit card based payment schemes for the Internet, and reveals some of the issues that have not been adequately addressed in the proposed protocols to date. This paper proposes additional mechanisms that need to be incorporated as part of the design phase of the scheme to deal efficiently with the disputes that can arise. The design methods described in this paper are applicable to a range of protocols, including iKP (Internet Kaufmannisch Protokoll), STT (Secure Transaction Technology) and SEPP (Secure Electronic Payment Protocol). Based on this discussion, the paper goes on to propose an improved payment scheme and protocol. The new protocol, referred to as the permission-based payment (PBP) protocol, provides a fair treatment of both the client and the merchant involved in the transaction. It separates the purchase request phase from the payment phase, thereby increasing the ability to handle certain class of disputes more efficiently. It removes the need to store the secret private key at the client´s machine or the need for a smart card device. This is important as one cannot assume that all the clients connected to the Internet have smart card readers attached to them. The new protocol makes simpler assumptions about the environment, thereby making the scheme practical for securing commercial electronic credit card transactions