E-Payments: Cardholder Privacy and Non-Repudiation by David John Boyd RHUL-MA-2009-25 Abstract: The development of electronic payment cards has been evolutionary, of late pushing to protect the card issuers' financial interests by counteracting an increase in the number of fraudulent payments made with falsified cards. The cardholders have a different emphasis: only to be liable for their own payments and to be able to evidence the payments that they have or have not made. Card payments tend not to keep the cardholder's details private, which can facilitate fraud, and it can be exceedingly difficult for a cardholder to repudiate a completed payment. This thesis aims to support cardholders by enhancing their privacy and non-repudiation capabilities. This thesis is divided into four parts. The first part looks at how privacy and non-repudiation fit into the information security hierarchy, and then the cryptographic mechanisms and algorithms used in this thesis are described. The widely-used EMV electronic payment card system is reviewed; followed by card-not-present transactions, which are particularly problematical. The main contribution follows where four novel schemes are proposed that provide enhanced privacy and non-repudiation services for both card-present and card-not-present payments. Each of these four categories of payment and security service requires its own scheme. Privacy is enhanced by stripping out personally identifiable information and using a different account number for each transaction. Non-repudiation is enhanced by leaving an electronic footprint after each transaction. Web payments require particular attention. Banks are adept at authenticating clients. The third part of this thesis brings together those factors and proposes two further schemes that provide a single sign-on service to the Web and client authentication for the Transport Layer Security communications protocol. The card issuer provides privacy by vouching that it knows the cardholder and some non-repudiation properties by maintaining an audit trail. Finally the thesis concludes and outlines some opportunities for further research.