簡易檢索 / 詳目顯示
| 研究生: |
張書豪 Shu-Hao Chang |
|---|---|
| 論文名稱: |
信用卡網路刷卡安全性 |
| 指導教授: |
蘇坤良
Kuen-Liang Sue |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
管理學院 - 資訊管理學系 Department of Information Management |
| 論文出版年: | 2015 |
| 畢業學年度: | 103 |
| 語文別: | 中文 |
| 論文頁數: | 87 |
| 中文關鍵詞: | 信用卡 、網路購物 、線上刷卡 |
| 相關次數: | 點閱:11 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
網路購物已成為目前購物的主要方式之一,其中信用卡付款占據了相當大的比例,隨著實體信用卡交易移到網路上進行時,問題也隨之產生,由於網路上無法透過簽名來確認持卡人身分,購物網站便要求消費者必須輸入信用卡資訊以外的個人資料,以便購物網站能向銀行核對持卡人身分。時至今日,購物網站要求持卡人的個人資料已成為常態,但這卻衍生出一個相當嚴重的問題,當購物網站擁有持卡人的全部資料時,網站就有能力使用持卡人的信用卡進行交易,銀行也無從判斷到底是否為真正的持卡人在使用。因此本研究以購物網站取得過多個人資訊為出發點,分析此情況對消費者、購物網站和銀行可能造成的風險,也實際操作了國內外購物網,了解這些網站取得個人資料的多寡,再根據取得個人資料多寡將購物網站分為三大類,之後針對購物網站、消費者和銀行有惡意的情況,探討這三大類網站的安全程度。在論文後半也分別針對購物網站取得個人資料多寡的情況提出相對應的安全刷卡機制,不取得資料的情況使用公開金鑰刷卡機制,獲取部分資料的情況使用驗證碼刷卡機制,獲取全部資料的情況使用信用卡資訊動態驗證機制,並分析提出之安全機制在遺失不同個人資訊時的安全性,同時和現有刷卡機制比較其安全性、消費隱私性和操作便利性上的差異,最後說明本研究提出之安全機制的潛在缺點和研究限制及未來研究方向。
Online shopping has become one of ways for shopping, where credit card payments account a large proportion, as the physical credit card transaction move to the internet, here comes the problem, we can’t confirm the cardholder’s identity through the signature on the internet, so online stores ask the consumer to enter their personal information to check cardholder’s identity from bank. Today it has become the norm that the online stores ask the cardholder’s personal information, but it causes a serious problem, when online stores have all the cardholder's information, they have the ability to use the cardholder's credit card to pay, and the bank have no way to find out who is the real cardholder. Therefore, this study start from the point where online stores have too much personal information, analyze what risk may happen to the consumer, online store, and bank under this situation, we also test on different online stores to realize how many personal information they get, and divide these online stores into three categories according to the amount of personal information they have, and then discuss the safety of these three categories of online stores when they are dealing with attack from online store, consumer, and bank. After the related work and discussion, we propose three security credit card mechanism corresponding to the amount of personal information the online store have, first is public key credit cart mechanism for situation where online store have rare information, second is verification code credit card mechanism for situation where online store have some information, third is dynamic credit card information verification mechanism for situation where online store have all information, and then analyze the safety of different mechanism we proposed, comparing the difference between our mechanism and existing mechanism in security, consumer privacy, and operation convenience, at the end of this study we describe some potential drawbacks of our mechanism.
[1]Zhang Yifei. “Research on Online Payment Pattern and Security Strategy of E-Commerce.” Internet Technology and Applications, 2010 International Conference on, pp.1-4, 20-22 Aug 2010.
[2]曹易崴,「非現金付款行為之風險分配問題研究」,國立東華大學,碩士論文,2010。
[3]蘋果日報,2015,momo盜刷卡 百人受害,http://www.appledaily.com.tw/appledaily/article/headline/20150308/36424874/。
[4]王慧雯,「影響兩岸網路購物付款方式偏好差異之探討」,雲林科技大學,碩士論文,2011。
[5]陳怡錚,「付款工具的安全風險對消費者使用意圖影響之研究」,東吳大學,碩士論文,2013。
[6]Pavía, Jose M., Ernesto J. Veres-Ferrer, and Gabriel Foix-Escura. “Credit card incidents and control systems.” International Journal of Information Management, vol.32, no.6, pp.501-503, 2012.
[7]李嘉峻,「網路時代的新非傳統安全威脅-電子商務詐欺之研究」,中央警察大學,碩士論文,2012。
[8]張喬媖,「拍賣網站之相關議題影響消費者信任、消費者滿意度與購買意圖-以淘寶網為例,國立高雄第一科技大學」,碩士論文,2013。
[9]El Ismaili, H., Houmani, H., & Madroumi, H. “Secure End-to-End Architecture for E-commerce Security-Oriented Transaction.” Journal of Communication and Computer, vol.10, pp.937-943, 2013.
[10]El Ismaili, H., Houmani, H., and Madroumi, H. “A Secure Electronic Payment Protocol Design and Implementation.” IJACSA, vol.5, no.5, pp.173-180, 2014.
[11]麻少華,「信用卡網路安全機制探討」,國立臺灣大學,碩士論文,2003。
[12]Freier, Alan, Philip Karlton, and Paul Kocher. “The secure sockets layer (SSL) protocol version 3.0.” 2011.
[13]林耀庭,「結合QR Code及SET機制之簡易手機信用卡系統」,國立屏東商業技術學院,碩士論文,2012。
[14]Juan Carlos Roca, Juan José García, Juan José de la Vega. “The importance of perceived trust, security and privacy in online trading systems.” Information Management & Computer Security, vol.17, no.2, pp.96-113, 2009.
[15]卡優新聞網,2012,失卡零風險有兩種 承擔損失不一樣,http://www.cardu.com.tw/news/detail.php?nt_pk=4&ns_pk=17622。
[16]Alnatheer, M. A. “Secure Socket Layer (SSL) Impact on Web Server Performance.” Journal of Advances in Computer Networks, vol.2, no.3, 2014.
[17]Rathour, Shweta. “Review of 3-D Secure Protocol.” International Journal of Science and Modern Engineering (IJISME), vol.1, no.8, 2013.
[18]VISA,2001,認識「Visa驗證」服務,http://www.visa.com.tw/personal/security/verifiedbyvisa.shtml。
[19]李嘉明,網路交易用一次性密碼產生及應用方法及執行該方法之系統,中華民國專利第I288554號,2007。
[20]Aloul, F.; Zahidi, S.; El-Hajj, W. “Two factor authentication using mobile phones.” Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS International Conference on, pp.641-644, 10-13 May 2009.
[21]中國信託銀行,2007,網路刷卡驗證服務https://family.chinatrust.com.tw/acs/。
[22]番新聞,2015,網購詐欺盜刷信用卡 行動電話停話躲簡訊,http://history.n.yam.com/cardu/life/20150310/20150310905400.html。
[23]中國農業銀行,2007,動態口令卡,http://www.abchina.com/zt/EBanking/Safety/Authentication/DynamicPasswordCard/201201/t20120116_199346.htm。
[24]中信銀行,2009,手機動態口令,http://bank.ecitic.com/personal/enetwork/ework/four_10.shtml。
[25]Alzomai, M., Alfayyadh, B., Jøsang, A. “Display security for online transactions: SMS-based authentication scheme.” Internet Technology and Secured Transactions (ICITST), 2010 International Conference for, pp.1-7, 8-11 Nov, 2010.
[26]張哲綸,「以隱匿信用卡卡號為基礎之改良式電子付款機制」,亞洲大學,碩士論文,2009。
[27]Muscato, Michael A. “Dynamic card validation value.” U.S. Patent No. 7,922,082, 2011.
[28]William Stallings,網路安全精要,第三版,賴榮樞譯,碁峰資訊,2009。
