Security Features Of Payment Gateway Information Technology Essay

With the high percentage of people in the world is on the internet today, online businesses are become more popular. When people do their transaction online the use of payment gateways come forward. Payment gateway is an essential part when considering about online transactions because it act as the intermediate between merchant and the bank. Since when customers do their payment through payment gateway they have to enter sensitive transaction information. With the rapid growing of online transactions threats of security also increased. That is the major issue for online transaction and gateway has the high responsible for protection of these information over hackers and fraudsters. So the security features of payment gateway become more important. With using various standards, protocols and encryption mechanisms gateways try to provide more secure and confident service to their customers. In this paper I will be discussing about few technologies and mechanisms that used by payment gateways to make online transaction more secure.

1. Introduction

The evaluation of business runs from barter system through bank notes, payment orders, checks, credit cards and now electronic payment systems and mobile payment systems. High percentage of people in the world is on the internet today. The Internet has become the preferred environment for different e-services like e-commerce, e-banking, e-voting, e-government, etc. Every company is trying to move into e-businesses. It makes online shopping easier and beneficial. It allows customers to sit in their homes and buy goods from all over the world. And also merchants can sell their products to all over the world very easily. So, online payment has become a very popular payment method in the world because of efficiency and effectiveness of online payments. Mobile Payments are also becoming a more important payment system with the increase of wireless services.

When most of the companies are moving into e-businesses, use of payment gateways to do online payments is needed. Payment gateway is a service

that authenticates payments for e-businesses and online retailers. It allows internet users to enter into other networks and pay online for their purchases through websites. Payment gateways are an essential part of online businesses. It provides many benefits such as authorizing transactions, being security, less frauds and depositing money automatically. Customers have to enter personal details like credit card numbers when they are doing online transactions. So payment gateway security has become a most important factor. Different payment gateways use different mechanisms to enhance the security features. Security features of the payment gateway are the main discussion area of this study.

As a student of Faculty of Information Technology, I have a good e-commerce background and I am interested in this area. Although security features of payment gateway is a new subject to me. I would like to get a clear idea about payment gateways and their security features through this study. Since online transactions are more popular today I hope the knowledge gain by this is very helpful to me in future.

In this review paper, section 2 provides an overview about the security features of payment gateway and the Section 3 describes the major researches are available on that area Applications of payment gateway security is discussed under the Section 4. The section 5 describes the future direction of payment gateway security. The paper concludes with Section 6 by briefing my findings in the research. And the last section includes my contribution of this study.

2. Overview – Security Features of Payment Gateway

Online business is a major part in the today’s business world. It is very easy way of purchasing and selling goods and services for the busy world. Payment gateways are integrated with online businesses. The general model for payment transaction is included five main parties. They are client, merchant, issuer which is the client’s financial institution, acquirer which is the merchant’s financial institution and the payment gateway. A payment gateway is a service that acts as an intermediary between the merchant’s web site, issuer and the acquirer. Customer is not directly interacts with the payment gateway. The process of how payment gateway works can be ordered as follows.

First customer selects items from the merchant’s web site and adds them into shopping cart.

Then the customer provides his credit card information to the merchant.

Merchant sends this information to the payment gateway for authorization purposes.

The payment gateway checks validity of the customer’s information by providing these data to the acquiring bank and it sends to the issuing bank.

After accept or reject the transaction, the bank sends response to the gateway and then gateway sends response to the merchant.

Read also  Creating an Efficient IT Infrastructure

Then the merchant sends response and provides purchased items to the customer and requests payments from the payment gateway.

Finally payment gateway verifies the merchant and deposit money in merchant’s account. [ 3]

Figure 1: The process of payment gateway

Payment gateways are an essential part of e-commerce. Customers have to enter personal details when they are doing online transactions. With rapid growing of online payments threats of security like theft, phishing, data security breaches, malware, spyware and hacking are increased. Therefore customers need payment gateways that fulfill their all requirements and provide security and privacy. There are four essential properties for secure, including authentication, integrity, confidentiality and non-repudiation.

Authentication means verifying identities of parties. There should be a mutual authentication between payment gateway and other parties. Integrity means the preventing unauthorized modification of data while it is in the communication media. Integrity of data between the merchant and the payment gateway and also the customer and the payment gateway is needed. Confidentiality means the preventing the disclosure of data from unauthorized parties. This is essential feature because customer’s credit card details are going through the payment gateway and it should guarantee about the secrecy of these details. Participants of transaction can’t claim that they didn’t participate transaction because of Non-repudiation. [4, 11]

Security is the utmost concern for customers. They would have no confidence if payment gateways are not ensuring security and authenticity. This important feature enhances the use of payment gateways and promotes the e-commerce also. So payment gateway security has become a most important factor. There are different techniques and protocols are used to enhance the security of payment gateways.

3. Major Researches in Security Features of payment Gateway

Researches on payment gateway security consider about different security mechanisms to enhance the security of transferring sensitive customer information. These mechanisms include security standards, protocols, hashing methods and encryption methods. Major research areas are can be described as follows.pg-process.jpg

3.1Data Encryption

One of the main security method used in payment gateways is the data encryption. When the customer enter their payment information like credit and debit card details, payment gateway should protect them by the different network attackers. Payment gateways pass these sensitive customer details securely between merchants and customers by using this method. Transformation of data depends on the data encryption algorithm and the key value. After got the payment information payment gateway encrypt that information using payment gateway’s public key. It can be only decrypted by using payment gateway’s private key. The security of this encryption process depends on the secrecy of these keys. That prevents the decrypting the encrypted data from the unauthorized parities.

Other persons cannot modify these data while transmitting through the network. So it enhances the integrity of data between the merchant and the payment gateway and also the customer and the payment gateway. Therefore this data encryption method protects customer information from being stolen or misused. [3]

3.1.1 Data Field Encryption

Data field encryption method is also called as end to end encryption. It prevents the reading sensitive data at the point of entry by using the industry standard encryption. Only authorize parties can access to the decryption key. Therefore after payment gateway encrypted these sensitive credit card data, only acquire has the decryption key to read that encrypted data. So this reduces the possibility for access to customer’s data by unauthorized parities while it transmits from gateway to acquiring bank. [10]

3.1.2 Cryptography

Symmetric Cryptography

Plain Text Cipher Text Encryption Plain Text Cipher Text Decryption

Cryptographic Key

In symmetric cryptography uses the same key for encryption and also the decryption. This method is like a traditional mechanical lock and key. The encryption algorithm is worked as the lock and cryptographic key can both lock and unlock the credit card details. [2, 10, 15]

lock.png

images.jpg

Figure 2: Symmetric Cryptography

Asymmetric Cryptography

In asymmetric cryptography uses two different keys for encryption and decryption. This method is like an electronic lock on a safe. The two keys are the public key and the private key. The public key is used for the encryption and private key is used for decryption. Payment gateway encrypts sensitive customer’s information by the public key which can be known by anyone. The acquiring bank decrypts these data by the gateway’s private key which must be kept secret. But the problem of asymmetric cryptography is this slower than the symmetric cryptography. And also the keys shared between parties are needed to be updated periodically for provide more secure service. [2, 10, 15]

Read also  Defining The Advanced Product Quality Planning Information Technology Essay

Plain Text Cipher Text Encryption lock.png

Public Key

Plain Text Cipher Text Decryption

Private Key

images.jpg

lock.png

images.jpg

Figure 3: Asymmetric Cryptography

3.2 Secure Sockets Layer

Secure Sockets Layer (SSL) is a secure network protocol used in web browsers and servers. It creates a uniquely encrypted channel for transferring private data over public channels with the certificate authentication. SSL is used in payment gateways to provide more secure service for both customer and merchant. Basically SSL secures point-to-point links at session layer. [3] SSL uses two main encrypting methods. They are asymmetric and symmetric encryptions. RSA (Rivest-Shamir-Adelman) algorithm, DSA (Digital Signature Algorithm) and the Diffie-Hellman key exchange algorithm are used in asymmetric encryption. AES (Advanced Encryption Standard), Camellia, DES (Data Encryption Standard), Triple-DES, IDEA (International Data Encryption Algorithm), RC4 (Rivest Cipher 4), and RC2 (Rivest Cipher 2) are used for symmetric encryption. [9] SSL encodes whole session for provide secure communication. There are some other protocols used in SSL.

SSL Record Protocol :- Used to encapsulate data with high level protocols

SSL Handshake Protocol :- Used to authenticate client and server

SSL is independent from the application layer, so higher level protocols can be built in SSL protocol transparently. It is a great advantage of SSL. Most of the payment gateways use this protocol to transfer data between different parties more secure. [9]

3.3 Secure Electronic Transaction

Secure Electronic Transaction (SET) is a standard protocol which was developed by the Visa and Master card in cooperation with various other companies like Microsoft, Netscape and VeriSign. SET transaction involves three main parities. They are customer, merchant and the payment gateway. SET provides following security features;

Provides a secure communications channel among all parties.

Provides the privacy by providing information only to necessary parties.

Provides trust by using digital signature.[2]

It uses different encryption mechanism like symmetric encryption, asymmetric encryption and public key encryption to transfer data between parties more secure. SET uses customer digital signatures to send Customer’s credit card number (PAN : Primary Account Number) hidden from the merchant. That data item called PANSecret which is only known by the customer and the gateway. So SET protocol prevents merchants from seeing the customer payment information. When payment gateway received hidden data, gateway encrypts that data by using its public key. It checks the validity of purchase amount by comparing the hash values. And also verifies the PAN and PANSecret for the purpose of cardholder account authentication. By using these mechanisms it fulfills the fundamental security requirements such as confidentiality, authentication and data integrity. So SET provides a high level of security and privacy for the participants due to the extensive use of public key certificates and digitally signed and verified messages. [2, 9]

3.4 Public Key Infrastructure

Payment gateways always contain sensitive information such as credit card numbers. So there should be some mechanisms to protect them from unauthorized users. Public Key Infrastructure (PKI) is a system to enhance the security of mobile commerce which consists with digital certificates, certification authorities and other registration authorities. PKI based on public key cryptography which uses two keys, private key and public key. The private key is used for computing signatures and is kept secret and the public key is used to verify signatures. In this mechanism to decrypt messages which are encrypted with one need the other. [3, 4]

In digital signature mechanism owner encrypt the message only by using private key and recipients can verify signed message by decrypting using the public key. Sometimes it uses hash functions. Digital signatures can ensure the authenticity, integrity, and non-repudiation of transactions. [4]

3.5 Certification Authority

Stephen Kent presented a new approach to enhance the security of payment gateway. It provides online transactions secure by authenticating the authorities by doing certification. In this approach, first user generates Certificate Signing Request (CSR) to the Certification Authority. Certification Authority hashes the unsigned certificate and hashed certificate is encrypted by using asymmetric algorithm. Then Certification Authority issues the signed certificate to the user. So according to this model any user who generate certificate signing request, certification authority verify it and provides digital certificates. [7]

4. Applications of Payment Gateway Security

There are more payment gateways all over the world today. Such as Authorize.Net, PayPal, Google Checkout, CCAvenue, HSBC, NetBanx, Secpay and DirecPay. These gateways use different security mechanisms like encryption, protocols, firewalls and certification. Through this review I will be more consider about following payment gateways.

Read also  The Core Objective Of JWD Organisations

4.1 Authorize.Net

Authorize.Net payment gateway use different mechanisms to provide more secure solutions for their merchants and customers. They safeguard customer information from various frauds. They use strongest encryption methods and security protocols to protect their merchants.

Protecting Transaction Data

Authorize.Net uses the latest 128-bit Secure Socket Layer (SSL) technology for secure Internet Protocol (IP) transactions.

Securing Customer Data

They use industry leading encryption hardware and software methods and security protocols to protect customer information.

Preventing Fraud

They use Industry initiatives such as Address Verification Service (AVS) and Card Code Verification (CCV) to provide a high level of protection. Their exclusive Fraud Detection Suite (FDS) helps Web merchants identify and evaluate insecure transactions. And also they support cardholder authentication programs Verified by Visa and MasterCard SecureCode. [5, 6]

4.2 PayPal

PayPal payment gateway is another secure and reliable way to do transactions online. They store customer’s sensitive data like credit card numbers more securely in their servers. When doing the payment, customers only need enter their email address. They follow an email confirmation process to safe customers from thefts. They use powerful encryption methods and information is automatically sent with high level protection. They use 128-bit SSL encryption to transfer sensitive information with secure and customer confident. And also they use Transaction Monitoring process to protect information from thefts. They meet industry leading certification standards like PCI, SAS 70, and SDP. [13, 17]

4.3 CCAvenue

In CCAvenue is another payment gateway with more security features. When the customer enter their personal details and sensitive credit card details gateway encrypts these data before it transmit over the network. They do not store any of customer details in their databases because of the security reasons. They use firewalls to provide maximum security and guarantee that the any third party cannot access the information of customers. CCAvenue use 128 bit Standard Sockets Layer for data encryption. And also follows the strict in-house security guidelines for ensuring confidentiality of customer information. [16]

5. Future direction of Payment Gateway Security

When most of the businesses try moving to online business and most of the customers likely to do their payment online payment gateway security become more important and this research area have a wide spreading, speedy and long future.

Different payment gateways use various technologies and mechanisms to provide secure transaction. But there are some security issues in these methods. With the increase of online transactions the amount of hackers and the impact of phishing activities are also increased. So we need continue development of security features to protects the transaction information and provide a better service with high security. Therefore the future researches will be on to find protocols and algorithms with better security and better user friendliness.

6. Discussion

Security features of payment gateway is the topic of my review paper. In this paper, I have discussed what is the payment gateway, payment gateway process on the online transactions and the different security mechanisms used in payment gateways. According to the security mechanisms, first I consider about different protocols and other techniques and then discussed about the applications of these security techniques. Further I discussed about future directions of payment gateway security. Therefore if I consider all facts given I notice that there is huge requirement of more secure algorithms and protocols.

7. My Contribution

By doing this research I was able to got wide knowledge about the payment gateway and the different security techniques. I have identified that although online transactions are more popular today and people use payment gateways to do payment, it has some security issues. By going through research papers I gained valuable knowledge about currently available payment gateways and their security mechanisms. Also I understood the difficulties of improving the current payment gateway Security mechanism to build a safer environment. Now I got a clear idea about how the payment gateways implement security mechanism in order to give maximum protection while providing more customer satisfaction.

8. Acknowledgments

I heartily thankful to my supervisor, Mrs. Ruvini Weerasinghe, who introduced me to this subject and encouraged me to take up this important research area. Her encouragement, supervision and support from the preliminary were vastly helpful me to develop this research work. Lastly, I would like to put forward my sincere thanks to my family members, my friends and those who supported me in any respect during the completion of this research work.

Order Now

Order Now

Type of Paper
Subject
Deadline
Number of Pages
(275 words)