A Resourceful Approach in Security Testing to Protect Electronic Payment System Against Unforeseen Attack

Q4 Computer Science

International Journal of Open Source Software and Processes Pub Date : 2017-07-01 DOI:10.4018/IJOSSP.2017070102

Rajat Kumar Behera, A. Sahoo, A. Jena

{"title":"A Resourceful Approach in Security Testing to Protect Electronic Payment System Against Unforeseen Attack","authors":"Rajat Kumar Behera, A. Sahoo, A. Jena","doi":"10.4018/IJOSSP.2017070102","DOIUrl":null,"url":null,"abstract":"This article describes how electronic payments are financial transactions made over the internet for goods or services. In the digital era, the e-commerce industry has gone beyond the traditional in-store service due to the wide spread of internet-based shopping. Developed countries are greatly relying on e-commerce business and a sizable number of countries have shown concern in regard to the online payment cards such as credit cards, debit cards, e-cash, e-cheques, e-wallets and smart card security. The main downsides are concerns over privacy or a malicious attack and hence safeguard mechanisms are required to protect personal information from falling into the hands of intruders. Before commercializing electronic payment systems (EPS), security tests play a significant role in the software development life cycle to check whether the system is secure and it is safe to use. A resourceful approach covering security policies, secure coding, security attack prevention methodology, security testing tool, security testing metrics, security test case prioritization techniques and a model for effective project management methodology are presented in this article. Early detection and resolution of security weaknesses can be achieved with the authors' proposed approach and would certainly reduce the time, effort and cost of a project. The proposed approach is likely the best-fit implementation of the payment industry, covering channels like B2C (Business to Consumer), C2C (Consumer to Consumer), C2B (Consumer to Business), B2B (Business to Business), People to People (P2P), G2C (Government to Citizen) and C2G (Citizen to Government).","PeriodicalId":53605,"journal":{"name":"International Journal of Open Source Software and Processes","volume":"88 1","pages":"24-48"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Open Source Software and Processes","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJOSSP.2017070102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

Abstract

This article describes how electronic payments are financial transactions made over the internet for goods or services. In the digital era, the e-commerce industry has gone beyond the traditional in-store service due to the wide spread of internet-based shopping. Developed countries are greatly relying on e-commerce business and a sizable number of countries have shown concern in regard to the online payment cards such as credit cards, debit cards, e-cash, e-cheques, e-wallets and smart card security. The main downsides are concerns over privacy or a malicious attack and hence safeguard mechanisms are required to protect personal information from falling into the hands of intruders. Before commercializing electronic payment systems (EPS), security tests play a significant role in the software development life cycle to check whether the system is secure and it is safe to use. A resourceful approach covering security policies, secure coding, security attack prevention methodology, security testing tool, security testing metrics, security test case prioritization techniques and a model for effective project management methodology are presented in this article. Early detection and resolution of security weaknesses can be achieved with the authors' proposed approach and would certainly reduce the time, effort and cost of a project. The proposed approach is likely the best-fit implementation of the payment industry, covering channels like B2C (Business to Consumer), C2C (Consumer to Consumer), C2B (Consumer to Business), B2B (Business to Business), People to People (P2P), G2C (Government to Citizen) and C2G (Citizen to Government).

查看原文本刊更多论文

一种保护电子支付系统免受意外攻击的安全测试方法

本文描述了电子支付是如何通过互联网为商品或服务进行的金融交易。在数字时代，由于网上购物的广泛普及，电子商务行业已经超越了传统的店内服务。发达国家在很大程度上依赖电子商务，相当多的国家对信用卡、借记卡、电子现金、电子支票、电子钱包和智能卡安全等在线支付卡表示关注。主要的缺点是担心隐私或恶意攻击，因此需要保障机制来保护个人信息不落入入侵者手中。在电子支付系统(EPS)商业化之前，安全性测试在软件开发生命周期中起着重要的作用，检查系统是否安全，使用是否安全。本文介绍了一种资源丰富的方法，包括安全策略、安全编码、安全攻击预防方法、安全测试工具、安全测试度量、安全测试用例优先级技术和有效项目管理方法的模型。使用作者提出的方法可以实现安全弱点的早期检测和解决，并且肯定会减少项目的时间、精力和成本。提议的方法可能是最适合支付行业的实施，包括B2C(企业对消费者)、C2C(消费者对消费者)、C2B(消费者对企业)、B2B(企业对企业)、人与人(P2P)、G2C(政府对公民)和C2G(公民对政府)等渠道。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Open Source Software and Processes Computer Science-Software

CiteScore

1.90

自引率

0.00%

发文量

期刊介绍： The International Journal of Open Source Software and Processes (IJOSSP) publishes high-quality peer-reviewed and original research articles on the large field of open source software and processes. This wide area entails many intriguing question and facets, including the special development process performed by a large number of geographically dispersed programmers, community issues like coordination and communication, motivations of the participants, and also economic and legal issues. Beyond this topic, open source software is an example of a highly distributed innovation process led by the users. Therefore, many aspects have relevance beyond the realm of software and its development. In this tradition, IJOSSP also publishes papers on these topics. IJOSSP is a multi-disciplinary outlet, and welcomes submissions from all relevant fields of research and applying a multitude of research approaches.