Study on the Security of Web-ATM Payment Mechanisms

• Main Authors: Wu Chengtao, 吳政道
• Other Authors: 吳宗成
• Format: Others
• Language: zh-TW
• Published: 2005
• Online Access: http://ndltd.ncl.edu.tw/handle/28644102096870201353

碩士 === 國立臺灣科技大學 === 資訊管理系 === 94 === Due to the secret mechanisms of the magnetic stripe card is insufficiently, it’s easy to be recorded and to counterfeit fraudulent ATM card. in order to solve the similar problem completely , The Bank Society announce will stop the magnetic stripe card trade since March 1 , 2006, nearly 40 million IC card will be circulated on the market when the time comes. The IC card of ATM possesses the functions：card holder Authentication and discerns, card legitimacy, Transaction Authentication code, TAC, and reach the trade undeniably, it is safe and difficult to be recorded the advantage of forging etc. the chip card can be used at many payment environment, except to offer the entity withdraw deposit and transfer account , it’s also can do the payment mechanism for B2C e-commerce . In order to cooperate with the government to promote the construction of e-Taiwan, the bank society popularize the application system of ' network ATM ' (also name Web ATM ) of the chip card actively, it offer a convenient, safe and saving time payment service through the internet network. The safe payment mechanism will help the development of e-commence , Using Web ATM as on will also results to the whole economic benefits , cost-effective in Taiwan. The Web ATM application is used in the open environment of internet, its safe mechanism involves various kinds of potential risks, on-line invading , hacker's Trojan procedure ,etc., The security of payment in the network will effect the consumer’s confidence and it’s also affect the bank industry image, Therefore , the security of Web ATM is worth to study and concern 。. This research carry on the study of the Payment security of Web ATM which transfer account on-line, to analyze the risk of Web ATM’s design architecture , trade procedure and security structure , and to state the potential threat of Web ATM payment system under the open environment . in the meantime，through the detail systematic analysis of Web ATM trade course and demonstrate that the risk of Man-in-the-Middle is existence in the Web ATM payment system .therefore ,this research propose some improve method to avoid or reduce the potential risk from the hacker’s attack by WEB ATM Transaction . At the same time this research utilize Web ATM architecture to design remote authentication method with IC card, effectively to solve the Login problem of network banking which is attacked by Spyware or Keylogger .