Dynamic Virtual Credit Card Numbers
Author
Ian Molloy, Jiangtao Li, and Ninghui Li
Tech report number
CERIAS TR 2007-46
Abstract
Theft of stored credit card information is an increasing threat to e-commerce. We propose a dynamic virtual credit card number scheme that reduces the damage caused by stolen credit card numbers. A user can use an existing credit card account to generate multiple virtual credit card numbers that are either usable for a single transaction or are tied with a particular merchant. We call the scheme dynamic because the virtual credit card numbers can be generated without online contact with the credit card issuers. These numbers can be processed without changing any of the infrastructure currently in place; the only changes will be at the end points, namely, the card users and the card issuers. We analyze the security requirements for dynamic virtual credit card numbers, discuss the design space, propose a scheme using HMAC, and prove its security under the assumption that HMAC is a PRF.
Note
In Proceeding of 11th Financial Cryptography and Data Security Conference (FC), Lowlands, Scarborough, Trinidad and Tobago, February
Publication Date
2007-01-01
Contents
1. Introduction
2. Related Work
3. Problem Description
4. Our Proposed Scheme
5. Security
6. Closing Remarks
Keywords
e-commerce, credit card theft
Subject
Credit Card Fraud Prevention