• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.9-21
• /
• 2010

Recently, famous online shopping websites were hit by hacking attack, and many users' personal information such as ID, password, account number, personal number, credit card number etc. were compromised. Hackers are continuing to attack online shopping websites, and the number of victims of these hacking is increasing. Especially, the exposure of credit card numbers is dangerous, because hackers maliciously use disclosed card numbers to gain money. In 2007 Financial Cryptography Conference, Ian Molly et al. firstly proposed dynamic card number generator, but it doesn't meet reuse resistant. In this paper, we analyzed security weaknesses of Ian Molly's scheme, and we proposed a new one-time virtual card number generator using a mobile device which meets security requirements of one-time virtual card numbers. Then, we propose one-time credit card number generation and transaction protocol using Integrated Authentication Center for user convenience and security enhancement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.579-590
• /
• 2018

In May 2014, AppCard(Which is a smartphone application designed to register and use a credit card in a mobile phone by credit card company.) was attacked by smshing and a vulnerability which could not obtainable phone number. After that, credit card companies have supplemented and operated by introducing additional authentication methods to supplement the vulnerability. However, The analysis of the authentication environments, purposes and methods is not enough to lower the level of vulnerability and risk from existing accidents. This study analyzes the authentication process of the AppCard in the electronic financial service by applying the NIST's authentication guidelines, identifies the problems and suggests improvement directions. The method analyzed in this study can be applied to the analysis of the authentication method in addition to the application card, so that it will be highly utilized.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.861-863
• /
• 2013

국내 신용카드 이용금액은 민간소비지출 영역에서 62%의 비중을 차지하고 있으며, 이용실적은 2011년 452조원을 기록하였다. 하지만, 신용카드 서명란에 서명을 하지 않은 채 신용카드를 사용하는 경우가 약 33%이상을 차지하고 있으며, 결제 후 서명을 제대로 하지 않는 신용카드 부정사용 사례가 신용카드 결제 중 과반수를 차지하고 있고, 가맹점에서 서명을 확인하는 경우는 전무한 상황이다. 이에 본 논문에서는 Secret Sharing을 기반으로 하는 NFC 모바일 결제방안을 제안하였다. 제안하는 결제방안은 결제 과정에서 부정사용을 원천적으로 차단하였으며, 재사용 공격, 도청 공격 등에 안전하다.

• Journal of Digital Convergence
• /
• v.13 no.9
• /
• pp.89-98
• /
• 2015

To celebrate the convergence era, Park Geun-Hye government has adhered to the principle sets out to secure revenue no tax increase due to the underground economy legalization, etc. Recently due to the tax deduction policies such as cash receipts and credit card is like getting better transparency on income. However, focusing on the self-employed Evaded income scale is increasing steadily. For the underground economy legalization, it has the plan to increase the transparency of the capital market due to the strengthening of the cash receipt system and the mobile payment market. The purpose of this study is that it hopes the domestic mobile payment market is expanding for the underground economy legalization. To this end, domestic financial companies are hoping to develop a variety of additional services. And the mobile payments market is hoping to gain the trust our customers due to safety and security, etc. As a result the underground economy is expected to disappear naturally.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1525-1540
• /
• 2015

Due to a rapid advancement in the electronic commerce technology, the payment method varies from cash to electronic settlement such as credit card, mobile payment and mobile application card. Therefore, financial fraud is increasing notably for a purpose of personal gain. In response, financial companies are building the FDS (Fraud Detection System) to protect consumers from fraudulent transactions. The one of the goals of FDS is identifying the fraudulent transaction with high accuracy by analyzing transaction data and personal information in real-time. Data mining techniques are providing great aid in financial accounting fraud detection, so it have been applied most extensively to provide primary solutions to the problems. In this paper, we try to provide an overview of the research on data mining based fraud detection. Also, we classify researches under few criteria such as data set, data mining algorithm and viewpoint of research.

• Journal of Digital Convergence
• /
• v.16 no.9
• /
• pp.421-426
• /
• 2018

This study is meant to derive what is needed to enhance the convenience and satisfaction of users of mobile credit card applications. For the first step, the current status of simple payment service using application has been identified and in-depth interview by reorganizing Peter Morvile's Honeycomb model into the five usage principle based on the main function of the application card. As a result, it was found that users prefer personalized services that fulfill the purpose and key functions of the app card and take into account their consumption patterns rather than too many additional functions. Based on this study, it is expected that it would help card companies increase their experience with app card users and strengthen their platforms.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.273-276
• /
• 2014

In 2014, the leakage of personal information from 3 credit card companies resulted in divulging approximately 10,000 customers' personal information. Although the credit card companies concluded that there was no secondary loss due to the leakage of personal information, secondary financial losses resulting from the leakage of personal information currently occur. In particular, hackers who employ smishing masquerade acquaintances by using the divulged personal information to ask payment for Ms. Kim's Sochi Olympics legal processing or exposed traffic violations. The hackers cause secondary financial losses through smartphones. This study aims to conduct a forensic analysis of smishing incidents in smartphones through the leakage of personal information, and to make a forensic analysis of financial losses due to the smishing incidents.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.11a
• /
• pp.86-87
• /
• 2010

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.220-222
• /
• 2002

WPP 지불 프로토콜[3]은 WAP 프로토콜을 이용하여 무선인터넷에거 신용카드 지불을 수행한다. 그러나 WPP 지불 프로토콜은 WAP의 보안 프로토콜인 WTLS를 사용함으로써 종단간 보안을 제공하지 못하는 문제점을 가지고 있다. 본 논문에서는 공개키 암호 시스템과 Mobile Gateway를 사용하여 특정 무선인터넷 플랫폼과 독립적인, 종단간 보안이 제공되는 안전한 신용카드 지불 프로토콜을 제안한다.

• Informatization Policy
• /
• v.22 no.4
• /
• pp.22-44
• /
• 2015

With the growing interest being reflected in the FinTech industry, much attention has been paid to mobile easy payment services as well. In the era of mobile commerce, the core advantage of using mobile easy payment services(simplifying complex payment procedures and thus facilitating user convenience and reducing the chance of giving up payment) are being more emphasized. Mobile easy payment service market not only includes mobile easy payment service providers but also users, non-users, affiliates, banks, and credit card companies as main stakeholders. Exploring those stakeholders is thus important to thoroughly understand such market. However, extant literature on mobile easy payment services mostly focuses on examining adoption intention of users or non-users. This study, an exploratory research based on interviews, thus aims to extract driving as well as inhibiting factors of mobile easy payment service use from six different perspectives (i.e., social platform, bank, credit card company, affiliate, user, and non-user) and analyze a sequence of cause and effect for each factor. For this, the causal loop diagram was developed to deduce key issues and propose an alternative. Theoretical and practical implications of this study will also be discussed.