A Thesis Proposal
This work is a contribution to the security of e-payments system: the efforts to make them able to continue to fulfill their mission even in adverse environments or conditions - despite attacks failures or accidents - and hence confidence earning. Globally, the use of non-cash payments is increasingly being adopted. The global volume of non-cash payments has continued to grow, even quickly in developing countries, and payments have proved resilient to the effects of the financial crisis. Although macroeconomic weakness decreased the rate of growth in non-cash payments volumes in 2008-09, the initial data suggests that volumes resumed a higher growth rate in 2010, World Payments Report (2011). Impressive as these findings may be, they never-the-less intensify the concern for the security of e-payment systems. As the use of non-cash payment instruments grows, so does concern about the potential for fraud. For example, global card fraud has increased consistently along with card usage in recent years with the scale of card-fraud losses growing as a percentage of total transaction values, ((Financial Fraud Action Report (2011), World Payments Report (2011). This rapid growth is largely because e-payment system adversaries have found more ways to compromise merchants’ databases and processor data centers, gaining access to far more accounts than they could through traditional means such as stealing physical cards from wallets or mailboxes. A number of efforts have been made, including the carrying out of studies and embarking on initiatives such as the introduction of new technologies, to engender security, (Financial Fraud Action Report (2011), World Payment Report (2011)). This work is yet another in the same direction, a contribution specifically, to complement that in Dawodu and Obi (2012). 2.Theoretical Background
The traditional e-payment system is presented in several works for example (Kungpisdan, S. (2005), Kou, W. (2003), O’Mahony, D.: (2001) and Visa International, (2002)), as consisting of five principal inter-related interacting entities. a).Client (CL): The entity who seeks to buy goods or to be rendered services. b).Merchant (MT): The entity who delivers the goods or renders the services to the client, when payment shall have been made by the client. c).Issuer (IR): The financial organization that issues the valid electronic payment instrument (for example, credit/debit card, account and others). The issuer transfers funds from the client’s account to the financial organization of the merchant in payment for the related goods or services. d).Acquirer (AQ): The financial organization of the merchant. The acquirer verifies the validity of the deposited payment made by the issuer and on being satisfied informs the payment system provider who in turn informs the merchant. e).Payment system provider (PP): The entity which performs payment interactions on behalf of IR and AQ on the one hand, and on behalf of CL and MT on the private financial network side, on the other. The PP receives the request of payment authorization from the merchants and communicates with the issuer or, depending on the e-payment instrument, with the client for some information (account, password, etc.). If this payment authorization request is successful, the PP informs the merchant and, on the merchants concurrence, the acquirer. The principal flow of messages in the payment process is:
1.Payment ordering: PO is the interaction between CL and MT, where CL requests to purchase goods from, or use the services of, MT. The required information (amount of purchases, issuer identification by payment instruments, etc.) is sent to MT by CL, 2.Authorization request is the interaction by which MT requests a payment authorization from the issuer of the client and waits for a response. The payment authorization process is handled through...