Technologies for protecting electronic payment systems. Technologies for protecting electronic payment systems Methods for protecting personal electronic payments

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

electronic plastic card payment algorithm

List of abbreviations

Introduction

1. Statement of the problem

2. Implementation

3. Principles of functioning of electronic payment systems

4. Electronic plastic cards

5. Personal identification number

6. Securing POS Systems

7. Ensuring the security of electronic payments

8. Federal Law "On the National Payment System"

Conclusion

List of used literature

List of abbreviations

COS (Cards Operation System) - card operating system

DES (Data Encryption Standard) - the old American encryption standard, replaced in 2002 by the AES standard

ISO (International Organization for Standardization) - international organization for standardization

PIN (Personal Identification Number) - personal identification number

POS-terminals (Point-Of-Sale) - payment at the point of sale

SET (Secure Electronic Transactions) - Secure Electronic Transactions Protocol

SSL ( Secure socket Layer) - a protocol for protecting transactions on the Internet

NSPK - national payment card system "Russian Payment Card"

RAM - random access memory

ROM - Read Only Memory

CPU - Central Processing Unit

Computer - electronic computing machine

EEPROM - Electrically Erasable Programmable ROM

Introduction

Simultaneously with the invention of money as an abstract representation of value, various payment systems were formed. However, over time, the number of ways to abstractly represent value has grown, and each round of economic development has brought new elements to this area, thereby ensuring the development of payment systems. Starting with barter, the society went through the introduction of banknotes, payment orders, checks, and in recent times also credit cards, and finally entered the era of electronic payment systems. Rapid development ecommerce led to the development of many different electronic payment systems, the functionality of which is constantly expanding and becoming more complex. Experts predict that until the market stabilizes and obvious leaders are established on it, the trend of growth in the number of offers will continue.

Electronic payment systems present on the market today can be divided into a number of categories - both by suppliers and according to the specifics of implementation. Each category has its own leaders and outsiders, but it is still clear that there are no companies that dominate the entire market as a whole, and cash, checks and real credit cards are widely used alongside their electronic counterparts. Banks, on the other hand, are traditionally cautious about experimenting with various new solutions. However, financial institutions are expected to play a decisive role in the acceptance of these solutions by the electronic payment system market. In addition, for all these proposals, a rigid system of standards has not yet been developed that would also affect the development and adoption of electronic payment systems. While the organizational part of this industry is in its infancy, and its areas still need serious protection.

1. Formulation of the problem

To study the basic concepts, algorithms, methods of protecting information in electronic payment systems. Implement a method for generating a PIN code from a client's account number.

2. Implementation

The general process for generating an assigned PIN from a bank account number is shown in Fig. 3. First, the customer's account number is padded with zeros to 16 hexadecimal digits (8 bytes). Then a pseudo-random number is generated, which is also padded with zeros to 16 hexadecimal digits (8 bytes). The resulting numbers are translated into binary system numbers and are added modulo 2. From the resulting number of 8 bytes in length, 4-bit blocks are alternately selected, starting with the least significant byte. If the number formed by these bits is less than 10, then the resulting digit is included in the PIN, otherwise this value is not used. In this way, all 64 bits (8 bytes) are processed. If as a result of processing it was not possible to immediately obtain the required number of decimal digits, then they refer to the unused 4-bit blocks, from which the remainder of division by 10 is taken. The implementation of the algorithm can be seen in Appendix 6. For the functioning of the program is sufficient for the software to include the operating system. The program interface is easy to use (see fig. 6). The user must enter the bank card number and select the length of the PIN-code, and at the exit he will receive the PIN-code of the selected length.

3. Principles of functioning of electronic payment systems

An electronic payment system is a set of methods and subjects implementing them that ensure the use of bank plastic cards as a means of payment within the system.

A plastic card is a personalized payment instrument that provides the person using this card with the opportunity to pay for goods and services without cash, as well as receive cash from ATMs and bank branches. Trade and service enterprises and bank branches that accept the card as a payment instrument form a receiving network of card service points.

When creating a payment system, one of the main tasks to be solved is the development and observance of general rules for servicing cards issued by issuers included in the payment system, for carrying out mutual settlements and payments. These rules cover both purely technical aspects of card transactions - data standards, authorization procedures, specifications for the equipment used and others, as well as financial aspects of servicing cards - procedures for settlements with trade and service enterprises that are part of the receiving network, rules for mutual settlements between banks and etc.

From an organizational point of view, the core of the payment system is an association of banks, united by contractual obligations. In addition, the electronic payment system includes trade and service enterprises that form a network of service points. For the successful functioning of the payment system, specialized organizations are also needed that provide technical support for servicing cards: processing and communication centers, technical service centers, etc.

The generalized scheme of the functioning of the electronic payment system is shown in Fig. 1. A bank that has entered into an agreement with a payment system and received the appropriate license can act in two capacities - as an issuing bank and as an acquiring bank. The issuing bank issues plastic cards and guarantees the fulfillment of financial obligations associated with the use of these cards as means of payment. The acquiring bank serves trade and service enterprises that accept cards for payment as means of payment, and also accepts these means of payment for cash in its branches and through its ATMs. The main inalienable functions of the acquiring bank are financial transactions related to settlements and payments by service points. The technical attributes of the acquiring bank's activities (processing authorization requests; transferring funds to the settlement accounts of points of funds for goods and services provided by cards; receiving, sorting and forwarding documents that record transactions using cards, etc.) can be delegated by the acquirer processing centers.

The non-automated procedure for accepting a payment with a card is relatively simple. First of all, the cashier of the company must make sure of the authenticity of the plastic card. When paying, the company must transfer the details of the client's plastic card to a special check using an imprinting copier, enter the amount for which the purchase or service was made, and receive the client's signature. A check drawn up in this way is called a slip.

In order to ensure the security of the payment system operations, it is recommended not to exceed the lower limits of the amounts for different regions and types of business, for which settlements can be made without authorization. If the limit is exceeded or if there is any doubt about the identity of the client, the company must conduct an authorization procedure. Upon authorization, the company actually gets access to information about the state of the client's account and can establish the card's ownership and payment capacity in the amount of the transaction. One copy of the slip remains at the enterprise, the second is handed over to the client, the third is delivered to the acquiring bank and serves as the basis for refunding the amount of the payment to the enterprise from the client's account.

In recent years, automated POS terminals (Point-Of-Sale) and ATMs have gained widespread popularity. When using POS terminals, there is no need to fill in the slips. The details of the j plastic card are read from its magnetic stripe on the reader built into the POS terminal. The client enters into the terminal his PIN-code (Personal Identification Number), known only to him. The elements of the PIN-code are included in the general encryption algorithm of the magnetic stripe record and serve as the electronic signature of the cardholder. The transaction amount is entered on the POS terminal keyboard.

If the transaction is carried out at a bank branch and in its process cash is issued to the client, in addition to bank POS terminals, an electronic cashier-ATM can be used. Structurally, it represents an automated safe with a built-in POS terminal. The terminal uses the built-in modem for authorization to the appropriate payment system. In this case, the capacities of the processing center are used, the services of which are provided to the merchant by the acquiring bank.

A processing center is a specialized service organization that processes incoming requests from acquiring banks or directly from service points for authorization requests and transaction protocols - recorded data on payments made by plastic cards and cash withdrawals. For this, the processing center maintains a database, which, in particular, contains data on member banks of the payment system and plastic card holders. The processing center stores information about the limits of cardholders and executes authorization requests if the issuing bank does not maintain its own database (off-line bank). Otherwise (on-line bank) the Processing Center forwards the received request to the issuing bank of the authorized card. It is obvious that the Processing Center also ensures that the response is sent to the acquiring bank.

The execution of its functions by the acquiring bank entails settlements with issuing banks. Each acquiring bank transfers funds to service points for payments of cardholders of issuing banks included in this payment system. Therefore, the respective funds must then be transferred to the acquiring bank by the issuing banks. Prompt settlement of settlements between acquirers and issuers is ensured by the presence in the payment system of a settlement bank (one or more), in which the member banks of the system open correspondent accounts. Based on the transaction protocols accumulated during the operating day, the processing center prepares and sends out final data for settlements between banks participating in the payment system, and also generates and sends to acquiring banks and directly to service points stop lists (lists of cards, transactions on which in different reasons suspended). The processing center can also meet the needs of issuing banks for new cards, carrying out their order at factories and subsequent personalization.

The peculiarity of sales and cash withdrawals by plastic cards is that these operations are carried out by shops and banks "on credit", i.e. goods and cash are provided to customers immediately, and funds for their reimbursement are credited to the accounts of service companies after a while (no more than a few days). The issuing bank that issued them is the guarantor of the fulfillment of payment obligations arising in the process of servicing plastic cards. The nature of the guarantees of the issuing bank depends on the payment authority provided to the client and fixed by the type of card.

By the type of calculations performed using plastic cards, credit and debit cards are distinguished.

Credit cards are the most common type of plastic cards. These include cards of the national systems of the United States Visa and MasterCard, American Express and a number of others. These cards are presented at trade and service enterprises to pay for goods and services. When paying with credit cards, the buyer's bank opens a loan for the purchase amount, and then after a while (usually 25 days) sends the invoice by mail. The buyer must return the paid check (invoice) back to the bank. Naturally, a bank can offer such a scheme only to the most wealthy and proven of its clients who have a good credit history with the bank or solid investments in the bank in the form of deposits, valuables or real estate.

The debit card holder must deposit a certain amount into his account with the issuing bank in advance. The amount of this amount determines the limit of available funds. When making payments using this card, the limit is reduced accordingly. Limit control is performed during authorization, which is mandatory when using a debit card. To renew or increase the limit, the cardholder must re-deposit funds into his account. To insure a temporary gap between the moment the payment is made and the moment the bank receives the relevant information, a minimum balance must be maintained on the client's account.

Both credit and debit cards can be personal as well as corporate. Corporate cards are provided by the company to its employees to pay for travel or other business expenses. The company's corporate cards are linked to one of its accounts. These cards can have split or non-split limits. In the first case, an individual limit is set for each of the corporate cardholders. The second option is more suitable for small companies and does not imply a delineation of the limit.

In recent years, more and more attention has been attracted to electronic payment systems using microprocessor cards. The fundamental difference between microprocessor cards from all of the above is that they directly carry information about the state of the client's account, since they are, in essence, a transit account. All transactions are made off-line in the process of the card-terminal dialogue or the client's card - the merchant's card. Such a system is almost completely secure due to the high degree of security of the chip with a microprocessor and a full debit payment scheme. In addition, although a card with a microprocessor is more expensive than a conventional card, the payment system turns out to be cheaper to operate due to the fact that there is no load on telecommunications in the off-line mode.

To ensure reliable operation, an electronic payment system must be reliably protected. From point of view information security The following vulnerabilities exist in electronic payment systems:

* transfer of payment and other messages between the bank and the client and between banks;

* processing of information within the organizations of the sender and recipient of messages;

* access of clients to funds accumulated on accounts.

One of the most vulnerable places in the electronic payment system is the transfer of payment and other messages between banks, between a bank and an ATM, between a bank and a client. The forwarding of payment and other messages is associated with the following features:

* the internal systems of the sender and recipient organizations must be adapted for sending and receiving electronic documents and provide the necessary protection during their processing within the organization (protection of end systems);

* the interaction between the sender and the recipient of an electronic document is carried out indirectly - through a communication channel. These features give rise to the following problems:

* mutual identification of subscribers (the problem of establishing mutual authenticity):

* protection of electronic documents transmitted through communication channels (problems of ensuring the confidentiality and integrity of documents);

* protection of the process of exchange of electronic documents (the problem of proof of departure and delivery of the document);

* Enforcement of the document (the problem of mutual distrust between the sender and the recipient due to their belonging to different organizations and mutual independence).

To ensure the functions of protecting information on individual nodes of the electronic payment system, the following protection mechanisms must be implemented:

* access control on end systems;

* control of the integrity of the message;

* ensuring the confidentiality of the message;

* mutual authentication of subscribers;

* guarantees of message delivery;

* impossibility of refusal to take action on the message;

* registration of a sequence of messages,

* control of the integrity of the sequence of messages.

4. Electronic plastic cards

The use of POS terminals and ATMs is possible using some kind of storage medium that could identify the user and store certain credentials. Plastic cards are used as such information carriers.

The plastic card is a plate of standard dimensions (85.6x53.9x0.76 mm) made of special plastic, resistant to mechanical and thermal effects. One of the main functions of a plastic card is to ensure the identification of the person using it as a subject of the payment system. To do this, the logos of the issuing bank and the payment system serving this card, the name of the cardholder, his account number, the expiration date of the card, etc. are applied to the plastic card. In addition, the card may contain photographs of the holder and his signature. Alphanumeric data - name, account number, etc. - can be embossed, i.e. applied in embossed type. This makes it possible to quickly transfer the data to a check during manual processing of cards accepted for payment using a special device - an imprinter that "rolls" the card (similar to obtaining a second copy using carbon paper).

According to the principle of operation, passive and active plastic cards are distinguished. Passive plastic cards only store information on a particular medium. These include plastic cards with a magnetic stripe.

Magnetic stripe cards are by far the most common, with over two billion cards of this type in circulation. The magnetic stripe is located on the back of the card and, in accordance with the ISO 7811 standard, consists of three tracks. Of these, the first two are for storing identification data, and the third track can be used to write information (for example, the current value of the debit card limit).

However, due to the low reliability of the repetitively repeated recording and reading process, writing to a magnetic stripe is usually not practiced, and such cards are used only in the information reading mode.

Magnetic stripe cards are relatively vulnerable to fraud. To increase the security of their cards, the Visa and MasterCard / Europay systems use additional graphic tools protection: holograms and custom fonts for embossing. Payment systems with such cards require on-line authorization at retail outlets and, as a result, the presence of branched, high-quality communication means (telephone lines). Therefore, from a technical point of view, such systems have serious restrictions on their use in countries with poorly developed communication systems.

A distinctive feature of active plastic cards is the presence of an electronic microcircuit built into it. The principle of a plastic card with an electronic microcircuit was patented in 1974 by the Frenchman Roland Moreno. The ISO 7816 standard defines the basic requirements for cards on integrated circuits or Chep cards. In the not too distant future, IC cards will replace magnetic stripe cards. Therefore, let's dwell in more detail on the main types of cards with a microcircuit.

Chip cards can be classified according to several criteria. The first sign is the functionality of the card.

The following main types of cards can be distinguished here:

* card counters;

* cards with memory;

* cards with a microprocessor.

The second sign is the type of exchange with the reader:

* cards with induction reading.

Counter cards are used, as a rule, in cases where a particular payment operation requires a decrease in the balance on the cardholder's account by a certain fixed amount. Such cards are used in specialized prepaid applications (pay for the use of a pay phone, pay for parking, etc.) It is obvious that the use of cards with a counter is limited and does not have great prospects.

Memory cards are transitional between counter and processor cards. A memory card is essentially a rewritable counter card that has been designed to make it more secure against malicious attacks. The simplest existing memory cards have a memory capacity of 32 bytes to 16 kilobytes. This memory can be implemented either in the form of a programmable read only memory (EPROM) that is write-once and read many times, or as an electrically erasable programmable read-only memory (EEPROM) that can be written and read many times.

Memory cards can be categorized into two types, with unprotected (full access) and protected memory.

In cards of the first type, there are no restrictions on reading and writing data. They cannot be used as payment cards, since an average specialist can simply "hack" them.

The second type of cards have an identity area and one or more application areas. The identification area of ​​the cards can only be written once during personalization and is subsequently only readable. Access to application areas is regulated and is carried out only when performing certain operations, in particular, when entering a secret PIN.

Memory cards are more secure than magnetic cards and can be used in applications where the financial risks associated with fraud are relatively small. As a means of payment, memory cards are used to pay for public payphones, travel in transport, in local payment systems (club cards) Memory cards are also used in systems for access to premises and access to resources computer networks(identification cards). Memory cards are cheaper than microprocessor cards. Microprocessor cards are also called smart cards or smart cards. Microprocessor cards are essentially microcomputers and contain all of the underlying hardware components of a central processing unit (CPU), random access memory (RAM), read only memory (ROM), and electrically erasable programmable ROM (EEPROM) (Figure 2).

Currently, smart cards are installed:

* microprocessors with a text frequency of 5 MHz;

* operational memory with a capacity of up to 256 bytes,

* permanent memory with a capacity of up to 10 Kbytes;

* non-volatile memory with a capacity of up to 8 Kbytes.

The ROM contains a special set of programs called the Cards Operation System (COS). The operating system supports an EEPROM-based file system (the capacity of which is usually in the range of 1 ... 8 Kbytes, but can reach 64 Kbytes) and provides data access regulation. In this case, part of the data can only be accessed by the internal programs of the card.

The smart card provides a wide range of functions:

* differentiation of access rights to internal resources (thanks to work with a secure file system);

* data encryption using various algorithms;

* formation of an electronic digital signature;

* maintaining a key system;

* execution of all operations of interaction between the cardholder, the bank and the merchant.

Some cards provide a "self-locking" mode when attempting unauthorized access. Smart cards can significantly simplify the customer identification procedure. An algorithm implemented by a microprocessor on the card is used to check the PIN code. This allows you to abandon the operation of the POS terminal and ATM in real time and centralized verification PIN. The above-mentioned features make the smart card a highly secure payment tool that can be used in financial applications with increased requirements for information security. That is why microprocessor smart cards are currently considered the most promising type of plastic cards.

According to the principle of interaction with the reader, cards of two types are distinguished:

* cards with contact reading;

* cards with contactless reading.

A card with a contact reading has 8 ... 10 contact plates on its surface. The location of the contact plates, their number and pin assignment are different for different manufacturers and it is natural that card readers of this type differ among themselves.

In recent years, contactless cards have become widely used. In them, the exchange of data between the card and the reader is carried out inductively. Obviously, such cards are more reliable and durable.

Personalization of the card is carried out when the card is issued to the client. At the same time, data is entered on the card, which allows identifying the card and its holder, as well as checking the solvency of the card when accepting it for payment or issuing cash.

Authorization refers to the process of approving a sale or dispensing cash by card. For authorization, the service point makes a request to the payment system to confirm the powers of the card bearer and his financial capabilities. The authorization technology depends on the type of card, payment system scheme and technical equipment of the service point. Historically, the original way to personalize cards was through embossing.

Embossing is the process of embossing data on the plastic backing of a card. As a rule, the following data are embossed on the cards of issuing banks: card number; start and end dates of its validity; surname and name of the owner. Some payment systems, such as Visa, require embossing two special characters that uniquely identify the issuing bank to the payment system. Embossers (devices for embossing relief on the map) are produced by a limited number of manufacturers. In a number of Western countries, the free sale of embossers is prohibited by law. Special symbols, confirming that the card belongs to a particular payment system, are supplied to the owner of the Embossers only with the permission of the governing body of the payment system. An embossed card can serve as a means of payment when using an imprinter - a device for rolling a slip (check) confirming a completed payment transaction.

Card personalization also includes magnetic stripe coding or microchip programming.

The magnetic stripe is usually encoded using the same equipment as the embossing. In this case, part of the information about the card, containing the card number and the period of its validity, is the same both on the magnetic stripe and on the relief. However, there are situations when, after the primary encoding, it is required to additionally enter information on the magnetic track. In this case, special devices with the "read-write" function are used. This is possible, in particular, when the PIN code for using the card is not generated. special program, and can be chosen by the client at his discretion.

Programming a microcircuit does not require special technological methods, but it has some organizational features. In particular, to improve security and eliminate possible abuse, programming operations in various areas of the microcircuit are geographically separated and delimited according to the rights of various employees participating in this process.

This procedure is usually broken down into three stages:

* at the first workplace, the card is activated (put into operation);

* at the second workplace, operations related to safety are performed;

* at the third workplace, the actual personalization of the card is performed.

Traditionally, the authorization process is carried out either "manually", when the seller or cashier sends a request by phone to the operator (voice authorization), or automatically, when the card is placed in the POS terminal, the data is read from the card, the cashier enters the payment amount, and the cardholder from a special keyboard - secret PIN-code. After that, the terminal performs authorization, either by establishing connection with the payment system database (on-line mode), or by implementing additional data exchange with the card itself (off-line authorization). In the case of cash withdrawal, the process is similar, with the only peculiarity that money is automatically issued by a special device - an ATM, which performs authorization. Various methods and techniques are used to protect cards from counterfeiting and subsequent unauthorized use. For example, to personalize cards, a black-and-white or color photograph of the cardholder can be printed onto a plastic base using thermal printing. On any card there is always a special strip with a sample of the cardholder's signature. To protect the card as such, various payment communities use special three-dimensional images on the front and back of the card (holograms).

5. Personal identification number.

Proven method of holder identification bank card is the use of a secret personal identification number PIN. The PIN value should only be known to the cardholder. The length of the PIN must be large enough so that the probability of an attacker guessing the correct value using a brute-force attack is reasonably small. On the other hand, the length of the PIN should be short enough to enable cardholders to remember its meaning. The recommended PIN length is 4 ... 8 decimal digits, but can be up to 12.

Suppose that the PIN has a length of four digits, then the adversary, trying to find the PIN value for the bank card, is faced with the problem of choosing one of ten thousand possibilities. If the number of attempts to enter an incorrect PIN value is limited to five per card per day, this opponent has a chance of success less than 1 in 2000. But the next day the opponent can try again, and his chances increase to 1: 1000. Each next day increases the enemy's chance of success. Therefore, many banks impose an absolute limit on the number of incorrect attempts to enter a PIN on the card in order to exclude this kind of attack. If the specified limit is exceeded, it is considered that this card wrong, and it is taken away.

The PIN value is unambiguously associated with the corresponding attributes of the bank card; therefore, the PIN can be interpreted as the cardholder's signature. To initiate a transaction, the cardholder who uses the POS terminal inserts his card into the special Reader Slot and enters his PIN using the special keyboard of the terminal. If the entered PIN value and the customer's account number recorded on the magnetic stripe of the card agree with each other, then a transaction is initiated.

The protection of a personal identification number PIN for a bank card is critical to the security of the entire payment system. Bank cards can be lost, stolen, or tampered with. In such cases, the only countermeasure against unauthorized access remains the secret PIN value. This is why the open PIN form should only be known to the legitimate cardholder. It is never stored or transmitted within the framework of an electronic payment system. Obviously, the PIN value must be kept secret during the entire validity period of the card.

The method for generating the PIN value has a significant impact on the security of an electronic payment system. In general, personal identification numbers can be generated either by the bank or by cardholders. In particular, the client distinguishes between two types of PIN:

* PIN assigned to him by the bank that issued the card;

* PIN chosen by the cardholder himself.

If a PIN is assigned by a bank, the bank usually uses one of two options for generating a PIN.

In the first variant, the PIN is generated cryptographically from the cardholder's account number. The process of generating the assigned PIN from the account number is shown in Fig. 3. First, the customer account number is padded with zeros or another constant to 16 hexadecimal digits (8 bytes). The resulting 8 bytes are then DES encrypted using a secret key. From the received ciphertext with a length of 8 bytes, 4-bit blocks are alternately allocated, starting with the least significant byte. If the number formed by these bits is less than 10, then the resulting digit is included in the PIN, otherwise this value is not used. All 64 bits (8 bytes) are processed in this way.

The obvious advantage of this procedure is that the PIN value does not need to be stored inside the electronic payment system. The disadvantage of this approach is that if a PIN change is required, either a new customer account or a new cryptographic key must be selected. Banks prefer that the customer's account number remains fixed. On the other hand, since all PINs are calculated using the same cryptographic key, changing one PIN while maintaining the customer's account inevitably entails changing all personal identification numbers. In the second option, the bank selects the PIN value at random, storing the value of this PIN in the form of a corresponding cryptogram. The bank transfers the selected PIN values ​​to the cardholders using a secure channel.

The use of a PIN assigned by the bank is inconvenient for the client even if its length is small Such a PIN is difficult to keep in memory, and therefore the card holder can write it down somewhere The main thing is not to write the PIN directly to the card or some other prominent place. Otherwise, it is the attacker's task will be greatly facilitated.

For greater convenience of the client, use the PIN value chosen by the client himself. This way of determining the PIN value allows the client to:

* use the same PIN for different purposes;

* set PIN as a combination of letters and numbers (for ease of memorization).

Once the PIN has been selected by the customer, it must be communicated to the bank. The PIN can be sent to the bank by registered mail or sent through a secure terminal located at the bank office, which immediately encrypts it. If the bank needs to use the PIN chosen by the client, then proceed as follows. Each digit of the PIN chosen by the client is added modulo 10 (excluding transfers) with the corresponding digit of the PIN, withdrawn by the bank from the client's account. The resulting decimal number is called the "offset." This offset is stored on the customer card. Since the displayed PIN is random, the PIN chosen by the customer cannot be determined by its "offset".

The main security requirement is that the PIN value should be remembered by the cardholder and should never be stored in any readable form. But people are imperfect and very often forget their PIN values. Therefore, banks should prepare in advance special procedures for such cases. The bank can implement one of the following approaches. The first is based on restoring the PIN value forgotten by the client and sending it back to the cardholder. The second approach simply generates a new PIN value.

When identifying a client by the PIN value and the presented card, two main ways of checking the PIN are used. non-algorithmic and algorithmic. The non-algorithmic method of PIN verification does not require the use of special algorithms. PIN verification is performed by directly comparing the PIN entered by the customer with the values ​​stored in the database. Typically, the client PIN database is transparently encrypted to increase its security without complicating the comparison process. The algorithmic method for verifying PIN is that the PIN entered by the client is converted according to a certain algorithm using a secret key and then compared with the PIN value stored in a certain form on the card. Advantages of this verification method:

* the absence of a copy of the PIN on the main computer excludes its disclosure by the bank personnel;

* the absence of PIN transfer between the ATM or POS-terminal and the main computer of the bank excludes its interception by an intruder or the imposition of comparison results;

* simplification of work on creation software system, since there is no longer a need for real-time action.

6. Securitysystems securityPOS

POS (Point-Of-Sale) systems, which provide settlements between the seller and the buyer at the point of sale, have become widespread in developed countries and, in particular, in the United States. POS systems verify and service customer debit and credit cards directly at the point of sale of goods and services within the framework of the electronic payment system. POS-terminals included in these systems are located at various trade enterprises - in supermarkets, at gas stations, etc.

POS terminals are designed to process transactions in financial settlements using plastic cards with a magnetic stripe and smart cards. The use of POS-terminals allows you to automate the operations of servicing these cards and significantly reduce the service time. The capabilities and equipment of POS terminals vary widely, but a typical modern POS terminal is equipped with readers for both magnetic stripe cards and smart cards; non-volatile memory; ports for connecting a PIN-keyboard (keyboard for a client to dial a PIN-code); printer; connections with personal computer or an electronic cash register.

Usually, a POS terminal is also equipped with a modem with auto-dialing capability. The POS terminal has "smart" capabilities - it can be programmed. Assembly language, as well as dialects of C and BASIC languages ​​are used as programming languages. All this makes it possible to authorize cards with a magnetic stripe in real time (on-line) and use offline mode (off-line) with the accumulation of transaction protocols when working with smart cards. These transaction protocols are transmitted to the processing center during communication sessions. During these sessions, the POS terminal can also receive and store information transmitted by the processing center's computer. These are mainly stop lists.

A diagram of the POS system is shown in Fig. 4. To pay for the purchase, the buyer presents his debit or credit card and enters the PIN value to verify his identity. The seller, in turn, enters the amount of money to be paid for the purchase or service. Then a money transfer request is sent to the acquiring bank (the seller's bank). The acquiring bank forwards this request to the issuing bank to verify the authenticity of the card presented by the buyer. If this card is genuine and the buyer has the right to use it to pay for products and services, the issuing bank transfers the money to the acquiring bank to the merchant's account. After the money is transferred to the merchant's account, the acquiring bank sends a notification to the POS terminal informing about the completion of the transaction. After that, the seller issues the goods and a notice to the buyer.

Attention should be paid to the difficult path that the purchase information must go through before the transaction is carried out. During the passage of this path, distortion and loss of messages are possible. To protect the POS system, the following requirements must be met:

* Verification of the PIN entered by the customer must be done by the system of the issuing bank. When sent over communication channels, the PIN value must be encrypted.

* Messages containing a request for a money transfer (or confirmation of a transfer) must be authenticated to protect against replacement and alteration while passing through the communication lines and processing processors.

The most vulnerable point of a POS system is its POS terminals. Unlike ATMs, in this case, it is initially assumed that the POS terminal is not protected from external influences. Threats to the POS terminal are associated with the possibility of disclosing the secret key, which is located in the POS terminal and serves to encrypt information transmitted by this terminal to the acquiring bank. The threat of the terminal key disclosure is quite real, since these terminals are installed in such unguarded places as shops, gas stations, etc. Potential threats due to the disclosure of the key have received such names.

* "Back tracing". The essence of this threat is that if an attacker obtains the encryption key, then he can try to recover the PIN values ​​used in previous transactions.

* "Direct tracing". The essence of this threat is that if an attacker obtains the encryption key, he will try to recover the PIN values ​​that will be used in subsequent transactions.

Three methods are proposed to protect against backtracking and forward tracing threats:

Derived key method;

Transaction Key Method;

Public key method.

The essence of the first two methods is that they provide a modification of the encryption key of the transmitted data for each transaction. The derived key method ensures that the key is changed with each transaction, regardless of its content. To generate an encryption key, a one-way function is used from the current key value and some random value. The process of obtaining (outputting) a key for encrypting the next transaction is a well-known "wandering" through the tree. The top of the fig tree. 5 is some initial value key I. To get the key number S, the number S is represented in binary form. Then, when calculating the value of the key, the structure of the binary representation of the number S is taken into account, starting with the most significant bit. If the L-th binary digit of the number S is 1, then the unidirectional function FL (K) is applied to the current value of the key K, where L is the number of the binary digit in question. Otherwise, proceed to the consideration of the next digit of the number S, without applying the unidirectional function. The latter is implemented on the basis of the DES algorithm. To obtain sufficient performance, the number of ones in the binary representation of the number S is usually limited - there should be no more than 10. This method provides protection only against the "backtrace" threat.

The transaction key method allows you to encrypt information transmitted between POS terminals and the acquiring bank on a unique key that can vary from transaction to transaction. The following components are used to generate a new transaction key:

* one-way function from the value of the previous key;

* information received from the card.

This assumes that the previous transaction completed successfully. The transaction key method provides protection against both "backtrace" and "forward tracing". Disclosure of one key prevents an attacker from opening all previous and all subsequent transactions. The disadvantage of this scheme is the complexity of its implementation. The public key method allows you to reliably protect yourself from any kind of tracing and provide reliable encryption of the transmitted information. In this case, the POS terminal is supplied with a secret key to decrypt messages from the acquiring bank. This key is generated when the terminal is initialized. After generating the private key, the terminal sends the associated public key to the acquiring bank's computer. The exchange between the participants in the interaction is performed using the public key of each of them. Authentication of participants is carried out by a special key registration center using their own pair of public and private keys. The disadvantage of this method is its relatively low performance.

7. Ensuring the security of electronic paymentsvia the Internet

Electronic commerce is gaining in importance. The number of card purchases will grow as online ordering systems are built on the Internet. Today, the Internet can be seen as a huge market that can cover almost the entire population of the planet Earth.

The term "electronic commerce" means the provision of goods and paid services through global information networks. types of e-commerce:

* sale of information, for example, subscription to databases operating on-line.

* an electronic store, which is a Web-site.

* electronic banks.

Basic methods of information protection

The traditional and proven method of e-commerce, which dates back to conventional directory trading, is to pay for goods and services by credit card over the phone. In this case, the customer orders a list of items they would like to buy on the Web server and then calls their credit card number to the merchant of the commercial firm. Then the usual authorization of the card takes place, and the money is debited from the buyer's account only at the moment the goods are sent by mail or by courier.

In order for the buyer - the owner of the credit card - to safely pay for the purchase through the network, it is necessary to have a more reliable, well-developed mechanism for protecting the transmission of electronic payments. This fundamentally new approach consists in immediate authorization and encryption of financial Information on the Internet using SSL and SET schemes.

SSL (Secure Socket Layer) protocol assumes data encryption at the data link layer.

Secure Electronic Transactions (SET), developed by Visa and MasterCard, encrypts financial information only.

Features of the SET protocol functioning

In order to ensure complete security and confidentiality of transactions, the SET protocol must ensure that the following conditions are met.

1. Absolute confidentiality of information. Cardholders must be sure that their payment information is reliably protected and available only to the specified addressee. This is a sine qua non for the development of e-commerce.

2. Complete safety of data. Participants in electronic commerce must ensure that the content of the message remains unchanged as it travels from sender to addressee. "Messages sent by cardholders to merchants contain order information, personal data and payment instructions. If at least one of the components changes during the transfer, the transaction will not be processed properly. Therefore, in order to avoid errors, the SET protocol must provide a means of guaranteeing safety and invariability of sent messages One of such means is the use of digital signatures.

3. Authentication (authentication) of the cardholder's account. The use of digital signatures and certificates of the cardholder guarantees the authentication of the cardholder's account and confirmation that the cardholder is the legal user of the given account number.

4. The cardholder must be sure that the merchant really has the right to conduct financial transactions with the financial institution. The use of digital signatures and merchant certificates assures the cardholder that it is safe to conduct electronic commerce.

Settlement system participants and cryptographic means of protecting transactions. The SET protocol changes the way the settlement system participants interact. V this case an electronic transaction begins with the cardholder and not with the merchant or acquirer.

A merchant offers goods for sale or provides services for a fee. The SET protocol allows a merchant to offer electronic interactions that cardholders can safely use.

An acquirer (recipient) is a financial institution that opens an account for a merchant and processes authorizations and credit card payments. The acquirer processes payment messages transferred to the merchant through the payment gateway. At the same time, the SET protocol ensures that the information about the credit card account will remain confidential during the interactions between the cardholder and the merchant.

Credit card systems have established themselves in large part as a means of payment for purchasing goods directly from a merchant. The main difference between the use of credit cards on the Internet is that, in accordance with the SET standard, encryption and digital signature procedures are used to protect e-commerce transactions.

The Internet is designed for the simultaneous operation of millions of users, so it is impossible to use only symmetric cryptosystems with secret keys in commercial Internet applications. In this regard, asymmetric public key cryptosystems are also used. Encryption using public keys assumes that the merchant and the buyer each have two keys - one public, which can be known to third parties, and the other private (secret), known only to the recipient of the information.

SET rules provide for the initial encryption of the message using a randomly generated symmetric key, which, in turn, is encrypted with the public key of the recipient of the message. The result is a so-called electronic envelope. The recipient of the message decrypts the electronic envelope using his private (secret) key to obtain the sender's symmetric key. Next, the sender's symmetric key is used to decrypt the sent message.

Similar documents

Principles of functioning of electronic payment systems. Basic concepts, algorithms and methods of information protection in electronic payment systems. Personal identification number. Implementation of a method for generating a PIN code from a client's account number.

term paper, added 07/13/2012


Security Principles for Electronic and Personal Payments individuals in banks. Implementation of information transmission and protection technologies; a systematic approach to the development of a software and hardware environment: coding information and access; encryption, cryptography.

abstract added on 05/18/2013


The value and problems of protecting banking information. Security Methods automated systems processing of bank information. Advantages and methods of cryptographic protection of electronic payments. Personal identification means in banking.

abstract, added 06/08/2013


Ways of unauthorized access, classification of methods and means of protecting information. Analysis of methods for protecting information in a LAN. Identification and authentication, logging and auditing, access control. Security concepts of computer systems.

thesis, added 04/19/2011


The concept and essence of traditional and electronic commerce, legal issues. Conditions for making payments via the Internet and the stages of their implementation. Security infrastructure and technological methods to reduce the risks of transactions in e-commerce systems.

term paper, added 11/10/2011


Information security problems in information and telecommunication networks. Study of threats to information and ways of their impact on objects of information protection. Enterprise information security concept. Cryptographic methods of information protection.

thesis, added 03/08/2013


Consideration of the basic concepts of information security in networks. Study of the types of existing threats, some of the security features of computer networks in the implementation of software abuse. Analysis of means and methods of software protection of information.

thesis, added 06/19/2015


Application aspects of modern information technologies in education. A systematic approach to the creation of electronic manuals. Tools and technology for designing an electronic textbook. Methods for protecting information and computer systems.

thesis, added 04/15/2012


The formation of a system of electronic libraries and related information infrastructures in modern Russia... Problems of creating electronic catalogs. Data array organization and development program code search engine in JavaScript.

term paper added 09/03/2012


History of appearance e-books, their types, characteristics. The use of e-books in libraries, their advantages and disadvantages. Formation of electronic libraries and collections. Criteria for the provision of e-books to users, storage of the fund.

Banking operations, trade transactions and mutual payments cannot be imagined without settlements using plastic cards. The system of cashless payments using plastic cards is called an electronic payment system. To ensure the normal operation of the electronic payment system, it must be reliably protected.

It is believed that there are vulnerabilities in information security in electronic payment systems:

Transfer of payment and other messages between banks, between a bank and an ATM, between a bank and a client;

Information processing by the organization of the sender and recipient;

Buyers' access to funds spent on accounts.

Forwarding payment and other messages is connected with the following features:

The internal systems of the sender and recipient organizations are obliged to provide suitable protection for the processing of electronic documents (protection of end systems);

The interaction between the sender and the recipient of an electronic document is performed directly through the communication channel.

These features cause difficulties:

Mutual identification of subscribers (the problem of establishing mutual authentication when establishing a connection);

Protection of electronic documents transmitted through communication channels (the problem of ensuring confidentiality and integrity);

Protection of the process of exchange of electronic documents (the problem of proof of departure and delivery of a document);

ensuring the execution of the act (the problem of mutual distrust between the sender and the recipient due to their belonging to different organizations and mutual independence).

To ensure information protection functions in some nodes of the electronic payment system, protection mechanisms must be implemented:

Access control on initial systems;

Monitoring the integrity of the message;

Ensuring the confidentiality of the message;

Mutual client authentication;

Guaranteed message delivery;

Impossibility of refusal to take action on the message;

Registration of a sequence of messages;

Monitoring the integrity of the message sequence.

Electronic plastic cards are used as means of payment in electronic payment systems.

An electronic plastic card is a carrier of certain information that identifies a user and stores certain data.

Distinguishing between credit and debit cards.

Electronic cards are the more common type of plastic cards. Electronic cards are used to pay for various goods and services. When paying with a credit card, the client's bank opens a loan for the purchase amount, and after a while it sends an invoice by mail for the amount of the purchase made. The buyer must return the paid check back to the bank. Of course, the bank can recommend a similar scheme only to the wealthier and more reliable of its own clients who have a good credit history with the bank or significant deposits in the bank in the form of deposits, valuables or real estate.

A plastic card is a plate made of special plastic that is resistant to mechanical and thermal action. According to the ISO 9001 standard, all plastic cards have dimensions of 85.6 x 53.9 x 0.76 mm.

To identify the owner, the following are applied to the plastic card:

the logo of the issuing bank;

the logo of the payment system serving this card;

Cardholder Name;

cardholder's account number;

card expiration date, etc.

In addition, the card may contain a photo of the owner and his signature.

Alphanumeric data (name, account number, etc.) can be embossed, i.e. applied in embossed type. This makes it possible to quickly transfer data to a check during manual processing of cards accepted for payment using a special device - an imprinter that "rolls" the card.

According to the principle of operation, passive and active plastic cards are distinguished. Passive plastic cards only store information. These include plastic cards with a magnetic stripe.

Magnetic stripe cards are still more common - there are over two billion analog-type cards in circulation. The magnetic stripe is located on the back of the card and, in accordance with the ISO 7811 standard, consists of 3 tracks. The first two of them are provided for storing identification data, and it is allowed to enter information on the third track (for example: the current value of the debit card limit). However, due to the low reliability of the repeatedly repeated write / read process, writing to a magnetic stripe is usually not practiced.

Magnetic stripe cards are relatively vulnerable to fraud. To increase the security of their cards, the Visa and MasterCard / Europay systems use additional graphic means of protection: holograms and non-standard fonts for embossing. Embossers (devices for embossing relief on the map) are produced by a limited number of manufacturers. In a number of Western countries, the free sale of embossers is prohibited by law. Special symbols confirming that the card belongs to a particular payment system are supplied to the owner of the embosser only with the permission of the governing body of the payment system.

Payment systems with such cards require on-line authorization at retail outlets and, as a result, the presence of branched, high-quality communication means (telephone lines).

A distinctive feature of an active plastic card is the presence of an electronic microcircuit built into it. The ISO 7816 standard defines the basic requirements for cards based on integrated circuits or chip cards.

Chip cards can be classified in two ways.

The first sign is the principle of interaction with the reader. Basic types:

cards with contact reading;

cards with contactless (induction) reading.

A card with contact reading has 8 to 10 contact plates on its surface. The location of the contact plates, their number and the purpose of the pins are different for different manufacturers and it is natural that readers for cards of this type differ from each other.

Data exchange between the contactless card and the reader is carried out inductively. Obviously, such cards are more reliable and durable.

The second feature is the functionality of the card. Basic types:

counter cards;

memory cards;

microprocessor cards.

Counter cards are used, as a rule, in cases where a particular payment operation requires a decrease in the balance on the cardholder's account by a certain fixed amount. Such cards are used in specialized prepaid applications (pay for using a pay phone, pay for parking, etc.). Obviously, the use of cards with a counter is limited and not very promising.

Memory cards are transitional between counter and microprocessor cards. A memory card is a rewritable counter card that has been designed to make it more secure against malicious attacks. The simplest memory cards have a memory capacity of 32 bytes to 16 KB. This memory can be organized as:

programmable read-only memory (EPROM), which can be written once and read many times;

an electrically erasable programmable read-only memory (EEPROM) that allows multiple writes and multiple reads.

Memory cards can be classified into two types:

with unprotected (fully accessible) memory;

with protected memory.

In cards of the first type, there are no restrictions on reading and writing data. These cards cannot be used as payment cards, as they can be easily “hacked”.

The second type of cards have an identity area and one or more application areas. The identification area can only be written once during personalization and is further read-only. Access to application areas is regulated and is carried out only when performing certain operations, in particular, when entering a secret PIN.

The security level of memory cards is higher than that of magnetic cards. As a means of payment, memory cards are used to pay for public payphones, travel in transport, in local payment systems (club cards). Memory cards are also used in systems of admission to premises and access to resources of computer networks (identification cards).

The smart card provides a wide range of functions:

delimitation of authority to access internal resources;

data encryption using various algorithms;

formation of an electronic digital signature;

maintaining a key system;

execution of all operations of interaction between the cardholder, the bank and the merchant.

Some smart cards have a "self-locking" mode when attempting unauthorized access.

Personalization and authorization are important stages in the preparation and use of a plastic card.

Personalization occurs when the card is issued to the buyer. The card contains data that allows identifying the card and its owner, as well as checking the card's solvency when paying or withdrawing cash. The original way of personalization was embossing.

Personalization includes magnetic stripe coding and chip programming.

As a rule, magnetic stripe coding is made using the same equipment as embossing. At the same time, part of the information about the card, storing the card number and the time of its validity, is the same both on the magnetic stripe and on the relief. But there are situations when, after the primary encoding, it is required to additionally enter information on the magnetic stripe. In this case, special devices with the "read-write" function are used. This is possible, in particular, when the PIN code for using the card is not generated by a special program, but is chosen by the client at his own discretion.

Programming a microcircuit does not require special technological methods, but it has some organizational features. So the programming operations of individual areas of the microcircuit are spaced geographically and delimited by the rights of various employees. This procedure is usually broken down into three stages:

at the first workplace, the card is activated (put into operation);

at the second workplace, safety-related operations are performed;

in the third workplace, the actual personalization is carried out.

Such measures increase safety and eliminate possible abuse.

Authorization is carried out either "manually" or automatically. In the first case, voice authorization is carried out, when the seller or the cashier sends the request to the operator by phone. In the second case, the card is placed in an automated POS terminal (Point-Of-Sale - payment at the point of sale), the data is read from the card, the cashier enters the payment amount, and the cardholder enters the PIN (Personal Identication Number) ... After that, the terminal performs authorization, establishing connection with the payment system database (on-line mode), or implementing additional data exchange with the card itself (off-line mode). When issuing cash, the process is similar, with the only peculiarity that money is automatically issued by an ATM, which performs authorization.

A proven method of identifying the owner of a plastic card is the use of a secret personal identification number (PIN). The PIN value should only be known to the cardholder. On the one hand, the PIN must be long enough so that the brute-force guessing probability is reasonably low. On the other hand, the PIN must be short enough for the owner to remember. Usually the PIN length ranges from 4 to 8 decimal digits, but can be up to 12.

The PIN value is unambiguously associated with the corresponding attributes of the plastic card, therefore, the PIN can be interpreted as the cardholder's signature.

The protection of the personal identification number PIN for a plastic card is critical to the security of the entire payment system. Plastic cards can be lost, stolen or tampered with. In such cases, the only countermeasure against unauthorized access remains the secret PIN value. Therefore, the open PIN form should only be known to the legal cardholder. It is never stored or transmitted within the framework of an electronic payment system.

The method of generating the PIN value has a significant impact on the security of an electronic payment system. In general, personal identification numbers can be generated either by the bank or by the cardholders.

If the PIN is assigned by the bank, then one of two options is usually used.

In the first option, the PIN is generated cryptographically from the cardholder's account number. Encryption is carried out using the DES algorithm using a secret key. Advantage: the PIN value does not need to be stored inside the electronic payment system. Disadvantage: if it is necessary to change the PIN, either the client's account number or the cryptographic key must be changed. But banks prefer to keep the customer's account number fixed. On the other hand, since all PINs are calculated using the same key, changing one PIN while maintaining a customer account entails changing all personal identification numbers.

In the second option, the bank chooses the PIN at random, storing this value in the form of a cryptogram. The selected PIN values ​​are transmitted to cardholders via a secure channel.

The use of the PIN assigned by the bank is inconvenient for customers even if it is short. Such a PIN is difficult to keep in memory, and therefore the cardholder can write it down somewhere. The main thing is not to write the PIN directly onto the card or other prominent place. Otherwise, the attackers' task will be greatly facilitated.

For greater convenience of the client, use the PIN value chosen by the client himself. This way of determining the PIN allows the client to:

use the same PIN for different purposes;

set in PIN not only numbers, but also letters (for ease of memorization).

The PIN chosen by the client can be sent to the bank by registered mail or sent through the secure terminal of the bank office, which immediately encrypts it. If the bank needs to use the PIN chosen by the client, then proceed as follows. Each digit of the PIN chosen by the client is added modulo 10 (excluding transfers) with the corresponding digit of the PIN, withdrawn by the bank from the client's account. The resulting decimal number is called the "offset". This offset is stored on the customer card. Since the withdrawn PIN is random, the PIN chosen by the client cannot be determined by its offset.

The main security requirement is that the PIN value should be remembered by the cardholder and should never be stored in any readable form. But people are imperfect and very often forget their PIN. But for such cases, special procedures are intended: restoring a forgotten PIN or generating a new one.

When identifying a client by the PIN value and the presented card, two main ways of checking the PIN are used: non-algorithmic and algorithmic.

The non-algorithmic method is carried out by directly comparing the PIN entered by the client with the values ​​stored in the database. Typically, the client PIN database is transparently encrypted to increase its security without complicating the comparison process.

The algorithmic method for verifying PIN is that the PIN entered by the client is converted according to a certain algorithm using a secret key and then compared with the PIN value stored in a certain form on the card. Advantages of this verification method:

the absence of a copy of the PIN on the main computer excludes its disclosure by the bank personnel;

the absence of PIN transmission between the ATM or POS-terminal and the main computer of the bank excludes its interception or imposition of comparison results;

Simplification of the work on the creation of system software, since there is no longer the need for action in real time.

Promising solutions. Mobile banking

The main field of application of the Mobil-ID SIM card + EDS is the use of a mobile phone to confirm transactions that require strict procedures for verifying the authenticity of data and subjects of information interaction. WirelessPKI Services for cellular operator must provide a special service provider called the Mobile Signature Service Provider (MSSP).

In practice, two-channel multifactor mobile authentication based on the Mobil-ID SIM card + EDS will allow not only identifying the owner in the system for the provision of electronic services, but also using electronic signatures during the entire communication session or even after completion phone call... The owner no longer has to remember all their passwords and usernames. He will be able to give up code bank cards and PIN calculators altogether. If for various services now the user is forced to use different identification data (passwords and usernames), then such a SIM card will allow authorization in all services and services with a single personal code. Functionally, the owner of the new SIM card will be able to do the same electronic operations as the owners of ordinary smart cards - go to the Internet bank, service portals, sign various contracts, etc. At the same time, the MSSP provides two-channel support for strong authentication based on combinations of many factors , including GOST R. 34.10-2001, GOST R. 34.11-94 (public key cryptography), GOST 28147-89.

For some time, the development of the WWW was constrained by the fact that the html pages that are the basis of the WWW are static text, i.e. with their help, it is difficult to organize an interactive exchange of information between the user and the server. Developers have proposed many ways to extend HTML in this direction, many of which have never been widely adopted. One of the most powerful solutions in a new stage in the development of the Internet was Sun's proposals to use Java applets as interactive components that connect to HTML pages.

Java applet is a program that is written in the language Java programming, and is compiled into special bytecodes, which are codes of some virtual computer - Java machine - and are different from the codes of Intel processors. Applets are hosted on a server on the Web and downloaded to the user's computer whenever an HTML page is accessed, which contains a call to this applet.

To execute applet codes, a standard browser includes a Java machine implementation that interprets bytecodes into machine instructions for Intel processors (or another family). The capabilities embedded in the technology of Java applets, on the one hand, make it possible to develop powerful user interfaces, organize access to any network resources by URL, easily use the TCP / IP, FTP, etc. protocols, and, on the other hand, make it impossible to implement access directly to computer resources. For example, applets do not have access to file system computer and connected devices.

A similar solution to expand the capabilities of the WWW is Microsoft's technology - Active X. The most significant differences of this technology from Java is that the components (analogs of applets) are programs in Intel processor codes and the fact that these components have access to all computer resources , as well as Windows interfaces and services.

Another less common approach to expanding the capabilities of the WWW is the plug-in for Netscape Navigator by Netscape. It is this technology that seems to be the most optimal basis for building information security systems for electronic payments via the Internet. For further presentation, we will consider how this technology is used to solve the problem of protecting information on a Web server.

Suppose there is a certain Web server and the administrator of this server needs to restrict access to some part of the server's information array, i.e. organize so that some users have access to some information, while others do not.

Currently, a number of approaches to solving this problem are proposed, in particular, many OS servers running on the Internet request a password to access some of their areas, i.e. require authentication. This approach has two significant drawbacks: firstly, the data is stored on the server itself in clear text, and secondly, the data is also transmitted over the network in clear text. Thus, an attacker has the opportunity to organize two attacks: the server itself (password guessing, password bypass, etc.) and traffic attacks. The facts of such attacks are widely known to the Internet community.

Another well-known approach to solving the problem of information security is an approach based on SSL (Secure Sockets Layer) technology. When using SSL, a secure communication channel is established between the client and the server, through which data is transmitted, i.e. the problem of transmitting data in clear text over the network can be considered relatively solved. the main problem SSL is about building and controlling a key system. As for the problem of storing data on the server in an open form, it remains unresolved.

Another important drawback of the approaches described above is the need for their support from the software of both the server and the network client, which is not always possible and convenient. Especially in systems focused on the mass and unorganized client.

The approach proposed by the author is based on the protection of html-pages directly, which are the main carrier of information on the Internet. The essence of protection lies in the fact that files containing HTML pages are stored on the server in an encrypted form. In this case, the key on which they are encrypted is known only to the encrypting it (administrator) and clients (in general, the problem of building a key system is solved in the same way as in the case of transparent file encryption).

Customers access protected information using Netscape's Plug-in for Netscape technology. These modules are programs, or rather software components, that are associated with certain types of files in the MIME standard. MIME is an international standard that defines file formats on the Internet. For example, the following file types exist: text / html, text / plane, image / jpg, image / bmp, etc. In addition, the standard defines a mechanism for specifying custom file types that can be defined and used by independent developers.

So, plug-ins are used, which are associated with certain MIME file types. The connection consists in the fact that when the user accesses files of the appropriate type, the browser launches the associated Plug-in and this module performs all the actions to render the file data and process user actions with this files.

The most famous Plug-in modules include modules that play videos in avi format. Viewing these files is not included in staffing capabilities browsers, but by installing the appropriate Plug-in, you can easily view these files in the browser.

Further, all encrypted files in accordance with the set international standard order are defined as MIME type files. "application / x-shp". Then, in accordance with Netscape technology and protocols, a Plug-in is developed that associates with this type of file. This module performs two functions: firstly, it asks for a password and user ID, and secondly, it does the work of decrypting and outputting the file to the browser window. This module is installed in accordance with the standard procedure established by Netscape on the browsers of all client computers.

At this preparatory stage of work is completed, the system is ready for operation. When working, clients access encrypted html pages at their standard address (URL). The browser determines the type of these pages and automatically launches the module developed by us, passing it the contents of the encrypted file. The module authenticates the client and, upon successful completion, decrypts and displays the page content.

When performing this entire procedure, the client has a feeling of “transparent” encryption of pages, since all the above-described system operation is hidden from his eyes. At the same time, all the standard features inherent in html pages, such as the use of pictures, Java applets, CGI scripts, are preserved.

It is easy to see that this approach solves many information security problems, since in clear form, it is only on clients' computers; data is transmitted over the network in encrypted form. An attacker, in pursuit of the goal of obtaining information, can only carry out an attack on a specific user, and none of the server's information protection systems can protect against this attack.

Currently, the author has developed two information security systems based on the proposed approach for the Netscape Navigator (3.x) and Netscape Communicator 4.x browser. During preliminary testing, it was found that the developed systems can function normally under MExplorer control, but not in all cases.

It is important to note that these versions of the systems do not encrypt objects associated with an HTML page: pictures, script applets, etc.

System 1 offers protection (encryption) of the actual html pages as a single object. You create a page and then encrypt it and copy it to the server. When accessing an encrypted page, it is automatically decrypted and displayed in a special window. Security support from the server software is not required. All work on encryption and decryption is carried out on workstation client. This system is universal, i.e. does not depend on the structure and purpose of the page.

System 2 offers a different approach to security. This system provides display of protected information in a certain area of ​​your page. The information is stored in an encrypted file (not necessarily in html format) on the server. When you go to your page, the protection system automatically accesses this file, reads data from it and displays it in a specific area of ​​the page. This approach allows you to achieve maximum efficiency and aesthetic beauty, with minimal versatility. Those. the system turns out to be focused on a specific purpose.

This approach can be applied to the construction of electronic payment systems via the Internet. In this case, when a page of the Web server is accessed, the Plug-in module is launched, which displays the payment order form to the user. After the client fills it in, the module encrypts the payment data and sends it to the server. In doing so, he can request an electronic signature from the user. Moreover, encryption and signature keys can be read from any medium: floppy disks, electronic tablets, smart cards, etc.

Today it is difficult to imagine a serious - and not necessarily large - business without Internet support in the form of its own resource, selling pages or online store. It allows you to turn an ordinary electronic catalog into a functioning virtual store with the ability to select a product on the seller's website and pay for it. It is not surprising that the issue of effective organization of the security of electronic payments is important for the owner of any Internet service specializing in financial settlements.

Information protection in electronic payment systems implies the fulfillment of the following conditions:

• confidentiality - in the process of online settlements, the buyer's data (number of a plastic credit card or other payment means) should remain known only to institutions and structures that have a legal right to do so;
• authentication - most often a PIN code or a message, thanks to which the client (or the seller) can make sure that the second party to the transaction is exactly who he claims to be;
• authorization - makes it possible, before the start of the transfer of money, to determine whether the buyer has a sufficient amount in order to pay for the order.

All of this is aimed at providing a secure payment algorithm that can minimize the risks of electronic financial settlements for both the buyer and the seller.

Modern methods of protecting information of electronic payment systems

Today, the protection of information of electronic payment systems is carried out mainly with the help of:

• instant authorization of the payer;
• encryption of financial information on the Internet;
• special certificates.

Providing for the simultaneous interaction with thousands of users, modern applications of a purely commercial nature cannot work with classical "unambiguous" systems - both with operating exclusively on public keys and with functioning only on private keys. Interception by malefactors of at least one key of a completely "closed" system automatically leads to a complete opening of its entire protection chain. In turn, encryption with only public keys requires significant computing resources.

In this regard, today the security of payment systems in e-commerce is ensured by the simultaneous use of protocols with private and public keys. Information that travels over networks is encrypted using a private key. In this case, its generation is carried out dynamically, and it is transferred to the second party to the transaction with a cipher based on the public key. As a rule, encryption is carried out using the Secure Sockets Layer (SSL) protocol, as well as Secure Electronic Transaction (SET) - it was developed by the financial giants MasterCard, VISA. The first protocol performs channel-level encryption, while the second encrypts financial data directly. In the process of using applications with the SET protocol, a double electronic signature algorithm is used.

One part of it is sent to the seller, and the other to the bank. Thanks to this scheme, the buyer has access to all data on orders, but he does not have access to the settlement details of the selling party, and the bank, in turn, has all the financial data of both parties to the transaction in the absence of information about the composition of the order. To improve the protection of virtual transactions, virtual certification authorities are also called upon to issue e-commerce representatives unique "certificates" in electronic format with a signed personal public key. Electronic certificate issued by the center based on the identification documents of the parties to the transaction and is valid for a certain period of time. With such a certificate, a participant in a commercial transaction can perform financial transactions, checking the validity of the public keys of other participants.

What actions are being taken to create secure payment systems on the Internet and what technological means of protection are used? And why, despite supposedly strong security, do online fraud and theft continue to flourish?

Better to be safe than sorry.
American proverb

Not so long ago, the author had a chance to talk with one of his friends, who, in an ordinary drinking conversation, suddenly became interested in how safe plastic cards are in general and their use in payments for purchases on the Internet in particular. Attempts to dismiss him with the already classic phrase "Only an insurance policy can give a full guarantee" have led nowhere. Raising the topic, he immediately harnessed the entire Kipling six “What? Why? When? How? Where? Who?" and, having fastened his favorite "But if?" Probably, one could answer him with great zeal and try to sort everything, as they say, on the shelves, only now his interest was idle ...

However, the issues of security of payments for goods and services on the Internet are not at all idle, especially given the widespread onset of e-commerce, the success of which is the constant increase in the number of Internet users attracted by lower prices and the absence of the need to leave home or office to purchase a product or service. ... As you know, the victims of online fraudsters are not only cardholders who use e-commerce services, but also sellers themselves who offer their goods and services on the Internet.

When buying in an online store and using a card to pay for a purchase, the holder risks losing his money if his card details become known to fraudsters, while the online seller, in turn, bears the risk of financial losses if goods or services were paid for with a stolen card by a fraudster.

Issuers, acquirers, extreme ...

Recall that in payment systems, participants are divided into issuing banks that issue cards for holders, and acquiring banks (in a particular case, the issuer and acquirer may be one credit institution / bank), which ensure the acceptance of issued cards at points of sale of goods and services. In accordance with this division, the following interaction model is built: the cardholder makes a purchase in the store, information from the magnetic stripe of the card from the store in the form of a request is transmitted to the acquiring bank serving this store, from there, through the services of the payment system itself, to the issuing bank. The issuing bank checks the received information about the card and the holder, as well as the status of the authorization limit and, based on the results of the check, allows (or does not allow) the transaction. A positive response from the issuing bank to the authorization request is a kind of guarantee that the acquiring bank will receive the funds and transfer them to the store's account. According to the rules of international payment systems in traditional trade, responsibility for fraudulent card transactions is distributed approximately in equal proportions between the issuing bank and the acquiring bank, that is, in the event of fraud, the holder returns the debited funds or the issuer (a rarity in Russian banks, where responsibility is often shifted to holder), or an acquirer at the expense of a merchant. In online commerce, the responsibility for fraudulent transactions is unequivocally borne by the acquirer, who in turn transfers it to the store, as a result, the refund to the cardholder is carried out at the expense of the online store through which the fraudulent transaction passed. Hence, it follows that the most unprotected link in the payment scheme on the Internet is the online point of sale, since, ultimately, it is at its expense that the cardholder is reimbursed for losses. A significant number of online stores that accept cards for payment operate according to the described scheme, which implies the presence of some security mechanisms that can relatively successfully resist fraud.

Protocols and other security methods

The measures taken by e-commerce participants to ensure secure payments on the Internet have always been quite diverse.

First of all, this is training cardholders in the minimum skills to ensure their own security: using only familiar Internet resources, studying the procedure for delivering goods and providing services, checking the use of certified protocols by an Internet merchant that guarantee the security of transmitted information.

Besides such simple methods Of course, technological means are also used to protect against fraud, as the education of holders.

Widely used and made almost mandatory in internet commerce SSL protocol(Secure Socked Layer) allows all traders to easily transfer a variety of information. When an attempt is made to intercept data, they will be closed with a cipher, which cannot be broken in any adequate period of time.

A competent cardholder using the services of Internet resources that sell goods and services will react with a prejudice to the lack of SSL at the e-commerce point. SSL uses public key encryption technology and digital certificates to identify the server involved in a transaction and protect information as it travels from one side to the other over the Internet. SSL transactions do not require client authentication. First, the client sends a message to the server. The server responds and sends its digital certificate to the client as a means of identification. Before proceeding with the transaction, the client and server agree on session keys. Session keys - symmetric private keys - are used only in this transaction. Once the keys are selected, the communication between the client and the server continues, using the session keys and digital certificates.

So, while SSL reliably protects information transmitted over the Internet, it cannot protect private information stored on the merchant's server, such as credit card numbers. When the merchant receives the credit card information along with the purchase requisition, the information is decrypted and stored on the server until the requisition is completed. If the server is not protected and the data is not encrypted, then unauthorized access to private information and its further use for fraudulent purposes is possible.

In addition to using the encryption protocol for transmitted data, Internet commerce participants use such well-known methods of cardholder identification as checking CVV2 / CVK2 codes (CVV2 code for Visa cards and CVK2 for MasterCard).

It is worth adding an AVS (Address Verification Service) address verification to the identification methods. This procedure is more typical for the North American e-commerce market, but, nevertheless, cardholders of Russian banks who tried to use cards to pay for goods with delivery in the United States had to deal with it.

However, all these security measures are clearly insufficient to ensure a high level of security for payments on the Internet.

The share of online commerce is steadily growing from year to year, the turnover from the sale of goods and services on the network is increasing, and the number of fraudulent transactions is growing proportionally, but few people want to give up the benefits, so all participants in the process are increasingly concerned about the security of payments and settlements.

3-D is not only about exciting movies

The issue of security concerns not only the cardholder who pays for goods in the online store, but also the online store, and the acquirer, and the issuer, and most of all - payment systems that invest huge amounts of money to ensure the security of payments and protect against fraud.

Numerous attempts by international payment systems to make e-commerce settlements as secure as possible led to the emergence of the 3-D Secure protocol developed by the Visa International payment system.

3-D Secure technology is a cardholder authentication protocol for making purchases on the Internet, designed to ensure the security of Internet payments: identity verification is carried out online.

The main operating principle of the 3-D Secure technology has become a guarantee of the security of settlements in the e-commerce system. Moreover, this technology not only guarantees the safety of information about customers, but also largely contributes to the preservation of financial resources of the rest of the payment participants.

The 3-D Secure technology is implemented on the basis of three domains (which is what its name implies), in which it begins and ends life cycle transactions. This is the issuer's domain, in which the holder is authenticated, the acquirer's domain, which includes the acquiring bank and the online store, and, finally, the interaction domain containing the services and services of the payment system.

The chain that provides 3-D Secure security consists of such links as:

- verification of the identity of the cardholder in real time, which begins after entering the card number on the payment page of the electronic store, from where the buyer is redirected to the server of his issuing bank. A password known only to the cardholder and the bank is used for verification;

- formation of a response message by the issuing bank based on the verification results, which the issuing bank protects from unauthorized changes using a digital signature;

- protection confidential information user, for example card number, for which the secure pages of the payment server are used, on which the entered information is saved. The recipient of the payment - the online store - does not have access to this information, which protects against theft.

Thus, 3-D Secure not only ensures secure payment, but also delimits the risks of transaction participants due to a clear separation of functions when processing a payment transaction: the issuing bank verifies the identity of the cardholder, since it is he who has the information about the client, and the acquiring bank automatically organizes communication with the issuer's authentication system using the services of payment systems. Note that if a fraudulent transaction went through an online store using 3-D Secure technology, according to the rules of payment systems, it will no longer be the acquirer, but the issuer, and it does not matter if the issuer uses 3-D Secure technology. D Secure or not. The benefits of using the 3-D Secure protocol for an e-commerce point are clear, but issuers find themselves in a difficult situation, because they face a choice: either purchase a very expensive 3-D Secure solution and protect their customers and themselves from fraudsters, or prohibit cardholders from using them in online stores and lose a significant part of customers using online commerce, or do nothing and hope that the fraud will not affect them.

It is safe to say that the use of this protocol guarantees the security of payments over the Internet for all users in any electronic store.

In the fight for the security of Internet payments, international payment systems work together, therefore, the 3-D Secure protocol proposed by Visa Int. Was supported by the MasterCard Worldwide system. The result of cooperation in the field of security of Internet settlements was the emergence of the Verified by Visa and MasterCard SecureCode programs. Both programs offer the use of 3-D Secure technology for secure payments on the Internet.

In its most general form, both programs offer the cardholder to register on the website of the issuing bank for making online payments and receive from him a certain code word (number), which will need to be entered in a pop-up window after the cardholder decides to pay for the selected product / service on the website of the online seller. It is by this word (number), which is known only to the issuing bank and the holder, that the issuer identifies the holder and confirms the possibility of a successful payment transaction. Alternatively, a code word or number can be generated once for each payment and sent by SMS to the cardholder's phone. In this case, during registration, the holder will need to inform the issuing bank of his mobile phone number, make sure that at the time of the operation the phone is within the coverage of the telecom operator, and have a positive balance on the account to successfully receive an SMS message. Thus, by checking the entered code information and sending a response message by the issuing bank, the transaction is successfully completed. Guarantees were given for the security of payment and the safety of individual information, the issuer and the acquirer ensured a safe payment, the online merchant sold the goods, and the cardholder received not only the goods, but also new benefits from making a purchase via 3-D Secure: a special registration record is created in the system that fixes payments on the Internet, the holder does not need to have special card to pay for goods or services on the Internet. In addition, holders of registered Visa Int. provides additional conveniences: the possibility of a refund, guaranteed protection against fraud.

After reading all of the above, it is reasonable to ask the question, why is not everything so good, if everything is so good? Why do cases of fraud and identity theft continue to occur, why is the Internet teeming with communities of online shoppers who share information about lost money and refusals to make payments? The answer is simple - the entire beautiful model of 3-D Secure operation is based on the indispensable participation of the issuer, acquirer, and online merchant in these programs. If the cardholder visits the website of an online merchant participating in any of the Verified by Visa or MasterCard SecureCode programs and receives a refusal to carry out the transaction, this will mean that the issuing bank that issued the cardholder has not joined the 3-D Secure protocol. ...

According to MasterCard Worldwide, more than 470 thousand online stores are registered in the world participating in the MasterCard SecureCode program, and about the same number participating in the Verified by Visa program.

And what about Russia?

In 2003, the ASSIST system became the first Russian electronic payment system certified by Visa International for new technology 3-D Secure, which can be considered both a significant event for the company itself and an important stage in the development of e-commerce in Russia as a whole. Since that time, the ASSIST system has been acting as an independent provider of Verified by Visa cardholder authentication.

Banks, principal members of the IPS, who have a license for Internet acquiring and are interested in it, can connect their processing centers to the ASSIST gateway.

PayOnline System, the most modern of the Russian Internet payment systems, has been actively launched to enable e-commerce participants to accept cards of international payment systems. The company is certified for compliance with PCI DSS and has been certified in the international payment systems Visa International and MasterCard Worldwide.

The Dutch company CronoPay is a solid player in the field of Internet processing for bank cards operating in the Russian market.

In our opinion, an interesting phenomenon on the Russian market has become the HandyBank system, which is an Internet banking service for individual users. This service is provided by banks - members of the system. HandyBank enables the bank's client to make online payments from any computer or mobile phone from his / her bank card account around the clock. The system is just beginning its development, but already now it has a number of real advantages over conventional card payments on the Internet. At first, high level security: the system allows you to make transactions without transferring to the Internet neither your card number, nor its PIN-code, nor its other details. Second, a wider range of payment transactions. HandyBank customers can pay for many services in a simplified mode, make bank transfers, pay taxes and fines (state payments), make online purchases with bank guarantee money back for any problems with the delivery of the goods. TO additional benefits can also include mobile banking and account replenishment through terminal networks.

Thus, the Russian Internet commerce has all the necessary resources in order to attract a large number of Internet buyers, providing them with a wide range of offered goods and services and demonstrating a high degree of payment security.

***

According to the latest reports in the media, Microsoft is involved in an anti-fraud campaign. According to the press service of the corporation, Microsoft together with the National Cybercrime Association (NCFTA) have developed the Internet Fraud Alert system, designed to counter Internet fraudsters. The initiative was supported by eBay, PayPal, Citizens Bank, as well as the US Federal Trade Commission and some other organizations.

Internet Fraud Alert allows you to create a database of stolen network accounts or credit cards. The information will be transmitted as quickly as possible to the organization serving the owner of the data. Thus, banks and other companies will be able to ensure the safety of the user and, by analyzing the mechanism of data theft, prevent new cases.

All of the above suggests that the protection of payments on the Internet is a cornerstone in the further development of e-commerce, and the participation of such monsters as Visa International, MasterCard Worldwide and Microsoft Corporation in this work will lead to an increase in the security of Internet payments and, as a result, to an increase in the level of trust of cardholders and users of Internet commerce.

Finally, don't forget about the good old form of protection - the insurance policy, which is currently offered mainly by active issuing banks. Banks, concluding agreements with insurance companies, offer holders risk insurance against fraudulent transactions, and due to the increase in the number of such transactions, insurance of plastic cards is becoming more and more popular both from issuing banks and from cardholders. Among the main risks covered by card insurance are fraudsters receiving money from ATM using a stolen card or a fake card, using a fake card and a fake signature on payment documents, and committing fraudulent transactions with stolen card data on the Internet.

Issuing banks looking to break the tradition of passing fraudulent losses onto cardholders should take this promising way to protect customer funds and their own image more seriously.