Paying public passenger transport tickets with a smartphone becomes increasingly popular. But is it secure? (Photo: Gabi Zachmann/KIT)
No matter whether payment of the public passenger transport ticket is made via a smartphone app or whether a prepaid card is used for the public swimming pool or a bonus card for the supermarket: Many people already open their “electronic purses” every day. However, most of them are not aware of the fact that by doing so, they largely lose privacy. Researchers of Karlsruhe Institute of Technology (KIT) have developed a secure and anonymous system for daily use. It will be presented at the ACM CCS 2017 conference in the USA.
Computer scientist Andy Rupp, member of the “Cryptography and Security” working group of KIT, is always surprised about lacking problem awareness: “I observed that only few users are aware of the fact that by using such bonus or payment systems they disclose in detail how and what they consume or which routes they have taken.” To prevent manipulation of the accounts by dishonest users, customer data and account balances of payment and bonus systems are usually administrated with the help of a central database. In every payment transaction, the customer is identified and the details of her/his transaction are transmitted to the central database. This repeated identification process produces a data trace that might be misused by the provider or third parties.
The new “BBA+“ protocol makes electronic payment secure and confidential. (Photo: Gabi Zachmann/KIT)
The cryptography expert did not want to resign himself to this apparent conflict of privacy and security. Together with Gunnar Hartung and Matthias Nagel of KIT and Max Hoffmann of Ruhr-Universität Bochum, he has now presented the basics of an “electronic purse” that works anonymously, but prevents misuse at the same time. The “black-box accumulation plus” (BBA+) protocol developed by them transfers all necessary account data to the card used or the smartphone and guarantees their confidentiality with the help of cryptographic methods. At the same time, BBA+ offers security guarantees for the operator of the bonus or payment system: The protocol guarantees a correct account balance and is mathematically constructed such that the identity of the user is disclosed as soon as the attempt is made to pay with a manipulated account.
The new protocol is a further development of an anonymous bonus card system that was also designed by the KIT research group. For collecting and redeeming points, however, it required an internet connection to prevent misuse. “Our new protocol guarantees privacy and security for customers during offline operation as well,” Andy Rupp says. “This is needed for ensuring the payment system’s suitability for daily use. Think of a subway turnstile or a toll bridge. There you may have no internet connection at all or it is very slow.” Also its high efficiency makes the protocol suited for everyday use: During first test runs, researchers executed payments within about one second.
Learn more: Secure Payment without Leaving a Trace
The Latest on: Secure payment without a trace
- Hidden holiday scams that could prove costly ahead of summer getawayon May 23, 2022 at 6:57 pm
Fraudsters have been taking advantage of the rush to getaway with a variety of cons designed to fleece holidaymakers out of their cash ...
- Easy Data-Driven Approaches To Bolster Cryptocurrency Securityon May 21, 2022 at 11:10 am
You might think that all you need to protect your cryptocurrency funds is a VPN or a good offline wallet. However, these aren’t enough to secure your cryptocurrency funds. To protect yourself from ...
- Payments made easy in Latin America: Interview with Jairo Riveros, Managing Director for the Americas and Global Head of Strategy at Paysend Globalon May 20, 2022 at 5:27 am
Today, startups are meeting this demand across the region. Paysend is another company making transferring and receiving money in LatAm easy ...
- A Beginner’s Guide to Payment Processingon May 18, 2022 at 11:07 am
Payment processing is an integral part of any online business. Learn the basics of payment processing to ensure smooth and secure payment transactions ... transfers and electronic payments between ...
- The 5 Best Payment Gateways for Secure Transactionson May 18, 2022 at 11:06 am
A payment gateway is a virtual POS that approves or declines transactions made between your business and customers. Consider these top five payment gateways.
- Mastercard is launching a payment system that allows customers to pay by smiling or waving their hands at checkouton May 18, 2022 at 6:20 am
Payments may be more secure and fast ... A new biometric payment system, which is being piloted in Brazil this week, will allow customers to pay by waving their hand over a reader or smiling into a ...
- How Economic Sanctions Shaped Today’s Global Powerson May 14, 2022 at 2:09 am
As he states in this interview, we should not extrapolate lessons from the past without being careful to recognize how ... There’s a group of people I trace in the book—I call them “sanctionists,” ...
- Insecurity: APC failed despite spending N4.2trn on defence — Shehu Sanion May 13, 2022 at 1:25 am
“Kidnappers call relatives for ransom with Nigerian registered numbers yet no trace of anyone arrested.” Sani said the only legacy the government can leave for the people was to secure their l ...
- Chilean Digital Peso Would Need to Work Offline, Central Bank Governor Sayson May 10, 2022 at 2:47 am
The system should “allow the authorities to trace the transaction afterwards ... convertible with cash and commercial banks, and be secure, she added, saying that pilot projects could ...
- Chilean Digital Peso Would Need to Work Offline, Central Bank Governor Sayson May 10, 2022 at 2:35 am
Chile's central bank digital currency (CBDC) would need to accept offline payments, the central bank governor said at an event on Tuesday. Governor Rosanna Costa promised a policy paper on the topic ...
via Google News and Bing News