• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1864-1876
• /
• 2016

Card-Not-Present (CNP) transactions taking place remotely over the Internet are becoming more prevalent. Cardholder authentication should be provided to prevent the CNP fraud resulting from the theft of stored credit card numbers. To address the security problems associated with CNP transactions, the use of a virtual card number derived from the transaction details for the payment has been proposed, instead of the real card number. Since all of the virtual card number schemes proposed so far are based on a password shared between the cardholder and card issuer, transaction disputes due to the malicious behavior of one of the parties involved in the transaction cannot be resolved. In this paper, a new virtual card number scheme is proposed, which is associated with the cardholder's public key for signature verification. It provides strong cardholder authentication and non-repudiation of the transaction without deploying a public-key infrastructure, so that the transaction dispute can be easily resolved. The proposed scheme is analyzed in terms of its security and usability, and compared with the previously proposed schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1175-1186
• /
• 2015

Financial fraud has been increasing along with credit card usage. Magnetic stripe cards have vulnerabilities in that credit card information is exposed in plaintext and cardholder verification is untrustworthy. So they have been replaced by a smart card scheme to provide enhanced security. Furthermore, the FinTech that combines the IT with Financial product is being prevalent. For that reason, many mobile device based payment schemes have been proposed for card present transaction. In this paper, we propose a virtual credit card number payment scheme based on public key system for efficient authentication in card present transaction. Our proposed scheme is able to authenticate efficiently in card present transaction by pre-registering virtual credit card number based on cardholder's public key without PKI. And we compare and analyze our proposed scheme with EMV.

• Journal of Korea Multimedia Society
• /
• v.14 no.1
• /
• pp.103-111
• /
• 2011

Legacy Java card which adapts a Java platform loads and executes an application when electronics power is provided. However, recently the most Java cards are embedded into a mobile terminal as USIM cards, therefore the power is continually provided for the smart cards. In this case, operation of a Java card system needs to consider its operating system to be advanced in memory management, object management and transaction mechanism. In this paper, we present a high performance Java Card system which is able to have efficient installation, loading and execution of application by applying a new memory management of the smart card that has safe power system.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.6
• /
• pp.60-67
• /
• 2008

At present, RFID system is highly welcomed as a substitute system with its bar code recognition system and self recognition equipment. Consequently, the system has multi applications and can be complementing to its security. In particular, RFID system is significantly related with electronic transaction equipments : transportation card, ID card in check point, attendance sheet. Based upon these characteristic, the system is becoming extremely popular in the field of logistics, harbor and stock management, animal control and product circulation & distribution. In this dissertation, I would like to present a more efficient and stable remote entry control system with the network-based TCP/IP. It is a simple example of ubiquitous computing function. Above all, approved protocol system should be applied to the remote entry control function. Its efficient function with the applied approval protocol based-remote entry control system should be confirmed. Therefore, a preliminary test should be prerequisite in automatic entrance function with the embedded and TCP/IP-based RFID system.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Korean Business Review
• /
• v.14
• /
• pp.1-30
• /
• 2001

To prevent the VAT evasion and to form a sound VAT paying culture, we can draw the policy directions for government as follows: First, it is necessary to strengthen the tax supervision of small business and the administration of tax sources of cash-income industry. Second, the tax-deductible rate of the received tax invoices should be increased in a short-term base, and a simplified taxation system should be abolished in a long-term base. Third, in cases a trader has not received a tax invoice, an additional tax should be applied. Forth, to issue the tax invoice faster and conveniently, it is requested to introduce a new system which issues electronic card of registration when a businessman applies for his/her business registration. Fifth, to make tax standard transparent, it is desirable to punish the violator, relating to credit card regulations, stricter than present and to enforce the electronic bookkeeping. Sixth, for the reduction of noncompliance rate and creating a climate for autonomous, faithful tax return, it is necessary to expand and intensify tax investigation. And also it is necessary to make the level of penalty tax higher up and the level of criminal punishment less down, to keep up tax audit coverage. Seventh, a trader who is eligible for simplified taxation, whose tax base is under 12,000 thousand won, should not be required to pay the value added tax. But it is desirable to cut down them for the fairness of tax burden. Eighth, the effective date of the revised tax law should be fixed. Ninth, it is necessary to reinforce publicity and to educate on tax system and administration, for reducing tax evasion or tax avoidance and encouraging faithful tax return. Tenth, as the tendency of VAT evasion of distribution industry turns out to be the highest, it is requested not only to intensify tax administration on them but also to establish system and incentives, for introducing information system in distribution industry(introducing POS system, computerization of transaction record, establishing EDI between traders).

• Journal of Intelligence and Information Systems
• /
• v.16 no.4
• /
• pp.213-225
• /
• 2010

Data mining has empowered the managers who are charge of the tasks in their company to present personalized and differentiated marketing programs to their customers with the rapid growth of information technology. Most studies on customer' response have focused on predicting whether they would respond or not for their marketing promotion as marketing managers have been eager to identify who would respond to their marketing promotion. So many studies utilizing data mining have tried to resolve the binary decision problems such as bankruptcy prediction, network intrusion detection, and fraud detection in credit card usages. The prediction of customer's response has been studied with similar methods mentioned above because the prediction of customer's response is a kind of dichotomous decision problem. In addition, a number of competitive data mining techniques such as neural networks, SVM(support vector machine), decision trees, logit, and genetic algorithms have been applied to the prediction of customer's response for marketing promotion. The marketing managers also have tried to classify their customers with quantitative measures such as recency, frequency, and monetary acquired from their transaction database. The measures mean that their customers came to purchase in recent or old days, how frequent in a period, and how much they spent once. Using segmented customers we proposed an approach that could enable to differentiate customers in the same rating among the segmented customers. Our approach employed support vector regression to forecast the purchase amount of customers for each customer rating. Our study used the sample that included 41,924 customers extracted from DMEF04 Data Set, who purchased at least once in the last two years. We classified customers from first rating to fifth rating based on the purchase amount after giving a marketing promotion. Here, we divided customers into first rating who has a large amount of purchase and fifth rating who are non-respondents for the promotion. Our proposed model forecasted the purchase amount of the customers in the same rating and the marketing managers could make a differentiated and personalized marketing program for each customer even though they were belong to the same rating. In addition, we proposed more efficient learning method by separating the learning samples. We employed two learning methods to compare the performance of proposed learning method with general learning method for SVRs. LMW (Learning Method using Whole data for purchasing customers) is a general learning method for forecasting the purchase amount of customers. And we proposed a method, LMS (Learning Method using Separated data for classification purchasing customers), that makes four different SVR models for each class of customers. To evaluate the performance of models, we calculated MAE (Mean Absolute Error) and MAPE (Mean Absolute Percent Error) for each model to predict the purchase amount of customers. In LMW, the overall performance was 0.670 MAPE and the best performance showed 0.327 MAPE. Generally, the performances of the proposed LMS model were analyzed as more superior compared to the performance of the LMW model. In LMS, we found that the best performance was 0.275 MAPE. The performance of LMS was higher than LMW in each class of customers. After comparing the performance of our proposed method LMS to LMW, our proposed model had more significant performance for forecasting the purchase amount of customers in each class. In addition, our approach will be useful for marketing managers when they need to customers for their promotion. Even if customers were belonging to same class, marketing managers could offer customers a differentiated and personalized marketing promotion.