Anglia Ruskin University researchers show the benefits of off-line generated DCCN-based transactions

Researchers describe how DCCNs could be generated ‘off-line’ using a pre-shared secret key between the issuer and the customer. The customers need to register their credit card with the card issuer in order to receive an associated key. Then, they will use this secret key together with a simple calculation device such as a smart card, PDA or mobile phone to generate an encrypted code, known as hash, which is based on the price of the goods intended to be purchased and other details pertinent to the e-commerce website. The resulting code is adapted to form the DCCN, and then sent over the internet instead of the actual credit card details.To complete the authenticating process, the e-commerce website validates the DCCN as any normal credit card without ever seeing or having to store clients’ real credit card details. As a result, researchers suggest clients can shop with no need to worry about confidential data being comprised.This DCCN concept is similar to the credit voucher and gift certificate systems used by some e-commerce websites, the only difference being the off-line system does not send credit card details across the internet to create the voucher code. The system would also overcome the Private Payment and SecureClick potential security and implementation issues that are currently associated with online DCCNs.The report also presents the flaws in normal credit card transactions. The client authentication remains the biggest authentication problem because most-ecommerce websites only require the customer’s credit card details to validate the sale. Since websites cannot certify the buyer, anyone who steals a person’s credit card information could use it to buy products and services online fraudulently. Moreover, researchers say that merchant do not encrypt the credit card details, thus exposing them to anyone who has access to that database. Researchers also indicated that more than a decade has passed since computer security experts asked the Secure Electronic Transaction (SET) protocol to try to solve this problem by sending the client’s credit card details via an encrypted channel. The system has not been adopted because e-merchants deemed the system is too complicated.