Survey on Online Card Payments System Security

ABSTRACT With the developments in the Information Technology and improvements in the communication channels, fraud is spreading all over the world, resulting in huge financial losses. Online payment is apparently the key for the online transactions, so its security issue becomes the center of focus in the e-commerce development. We investigated the top-400 online merchants’ payment sites, and realized that the current landscape facilitates a distributed guessing attack. This attack subverts the payment functionality from its intended purpose of validating card details, into helping the attackers to generate all security data fields required to make online transactions. We will show that this attack would not be practical if all payment sites performed the same security checks. We will discuss potential solutions to the problem and the practical difficulty to implement these, given the varying technical and business concerns of the involved parties. Keywords—security; online payment; distributed attack; fraudulent transactions; survey; ethical disclosure