Abstract:
An online payment system is an Internet-based method of processing economic transactions. It allows a vendor to selling and obtains payments over Internet. The main components of online payment system are: customer who asked for a service, merchant who provides a services and bank who transfer a fund between them; to accomplish these processes customers are asked to providing personal details along with additional bank details, the major problem here is the responsibility of protecting customer’s information from being misused or being exposed. The thesis provides solution to protecting information of a customer by using cryptographic techniques that restricting who see what and to prevent customer against anti-phishing attack. Some of these techniques like technique based on secret sharing that allow secret to be share among set of participants to make the recovering of a secret from set of shares is difficult, Advanced Encryption Standard (AES) is applied on shares to provide confidentiality and steganography as extra security layer. The main part of the solution that provide privacy and authority to customer’s information is the use of certified authority as trusted third party between merchant and customer, it’s extracting secret info and send least of customer info as account number to the merchant and secret info like PIN number to the bank. This solution prevent merchant from misused of customer info and if merchant side is a phishing website, it’ll not gain any secret info about a customer so that is providing privacy to the customer.
