Security of Electronic Payment Systems: A Comprehensive Survey (1701.04556v1)

Abstract: This comprehensive survey deliberated over the security of electronic payment systems. In our research, we focused on either dominant systems or new attempts and innovations to improve the level of security of the electronic payment systems. This survey consists of the Card-present (CP) transactions and a review of its dominant system i.e. EMV including several researches at Cambridge university to designate variant types of attacks against this standard which demonstrates lack of a secure "offline" authentication method that is one of the main purpose of using the smart cards instead of magnetic stripe cards which are not able to participate in authentication process, the evaluation of the EMV migration from RSA cryptosystem to ECC based cryptosystem 3. The evaluation of the Card-not-present transactions approaches including 3D Secure, 3D SET, SET/EMV and EMV/CAP, the impact of concept of Tokenization and the role of Blind Signatures schemes in electronic cash and E-payment systems, use of quantum key distribution (QKD) in electronic payment systems to achieve unconditional security rather than only computational assurance of the security level by using traditional cryptography, the evaluation of Near Field Communication (NFC) and the contactless payment systems such as Google wallet, Android Pay and Apple Pay, the assessment of the electronic currency and peer to peer payment systems such as Bitcoin. The criterion of our survey for the measurement and the judgment about the quality of the security in electronic payment systems was this quote: "The security of a system is only as strong as its weakest link"