信用卡电子交易安全.ppt

,信用卡電子交易安全,經濟99D54951125王俊傑,Menu,信用卡交易流程 CSC(CVV2) (Card Security Code) SET (Secure Electronic Transaction) SSL(Https:/) (Secure Sockets Layer),信用卡安全碼Card Security Code,是信用卡在進行網路交易和電話交易時的一個安全特徵。它通常是印刷在信用卡上面的3或4位數字，用於證實付款人在交易時是擁有信用卡的，從而防止信用卡欺詐。,信用卡安全碼Card Security Code,CVV, CVC CVC2 and CVV2 values are generated when the card is issued. The values are calculated by encrypting the PAN(Primary Account Number), expiration date and service code with encryption keys ( Often called Card Verification Key or CVK ) known only to the issuing bank, and decimalising the result. Wiki,How does my Security Code protect me?,The security code is only printed the card and it is not contained in the magnetic stripe information nor does it appear on sales receipts or billing statements - you must have the card in your possession in order to use this code. Card Security Codes are not raised, so they are not scanned into standard credit card readers. In theory, these numbers are only visible to you. When you give your Card Security Code to a merchant, you assist the merchant in verifying that the order is being placed by you, the card holder. Also, it is illegal for merchants to keep records of your Security Code in any way. Merchants are only allowed to keep the Security Code for as long as it takes to bill your order. Once billing is complete, there must be no records of the code. Neither database storage nor physical document storage is allowed. BMT Micro follows these restrictions to the full extent.,CVV2實作,+,104,24,CVKA,CVKB,+,取前三位,數字部份,字母部份,轉換成10進制 (-10),Decode,夠安全嗎？ 有必要嗎？,另一種signature?,SET (Secure Electronic Transaction),提供秘密的傳送方式 確認當事人的身份 確定貨物與服務訂購資料的付款資訊的正確性 協助持卡者與商家確認彼此的身份,Https:/,Hypertext Transfer Protocol over Secure Socket Layer HTTPS以保密為目標研發，簡單講是HTTP的安全版。其安全基礎是SSL協議，提供了身份驗證與加密通訊方法，現在它被廣泛用於網際網路上安全敏感的通訊，例如交易支付方面。,SSL (Secure Sockets Layer),是一種通用的網路密碼通訊協定，用來保護雙向的通訊頻道。 機密性防止中間人攻擊 完整性防止重播攻擊 伺服端認證,SSL (Secure Sockets Layer),SSL實質上並無法提供多少保護，以對抗消費者和商家在網際網路上所經歷的真正的攻擊主要是因為SSL並沒有嘗試要解決網路商務裡主要的安全問題(如用戶端攻擊、商家攻擊)，而只專注在解決簡單且重要的問題。,消費者,商家,SSL,SET,Reference,上課投影片(Digital signature) 電子商務與網路安全(原文Web Security, Privacy & Commerce, 2e, Simson Garfinkel, Gene Spafford)莊友欣譯，歐萊禮(Ch5,Ch25) 電腦網際網路（第四版）(原文COMPUTER NETWORKING A TOP-DOWN APPROACH 4e, James F.Kurose, Keith W. Ross)陳大任譯，全華(Ch8) 許錦銘，趙惠美，涂世雄，“強化信用卡電子交易安全之研究”(論文) 網站： Wiki /wiki/Card_Security_Code 歌盟科技(CVV2實作) /download/VISA卡校验值CVV及PIN校验值PVV的计算.pdf 中華民國產物保險商業同業公會 .tw/modules/smartsection/item.php?itemid=224 VISA Americ