Abstract: | 網路購物已成為目前購物的主要方式之一,其中信用卡付款占據了相當大的比例,隨著實體信用卡交易移到網路上進行時,問題也隨之產生,由於網路上無法透過簽名來確認持卡人身分,購物網站便要求消費者必須輸入信用卡資訊以外的個人資料,以便購物網站能向銀行核對持卡人身分。時至今日,購物網站要求持卡人的個人資料已成為常態,但這卻衍生出一個相當嚴重的問題,當購物網站擁有持卡人的全部資料時,網站就有能力使用持卡人的信用卡進行交易,銀行也無從判斷到底是否為真正的持卡人在使用。因此本研究以購物網站取得過多個人資訊為出發點,分析此情況對消費者、購物網站和銀行可能造成的風險,也實際操作了國內外購物網,了解這些網站取得個人資料的多寡,再根據取得個人資料多寡將購物網站分為三大類,之後針對購物網站、消費者和銀行有惡意的情況,探討這三大類網站的安全程度。在論文後半也分別針對購物網站取得個人資料多寡的情況提出相對應的安全刷卡機制,不取得資料的情況使用公開金鑰刷卡機制,獲取部分資料的情況使用驗證碼刷卡機制,獲取全部資料的情況使用信用卡資訊動態驗證機制,並分析提出之安全機制在遺失不同個人資訊時的安全性,同時和現有刷卡機制比較其安全性、消費隱私性和操作便利性上的差異,最後說明本研究提出之安全機制的潛在缺點和研究限制及未來研究方向。;Online shopping has become one of ways for shopping, where credit card payments account a large proportion, as the physical credit card transaction move to the internet, here comes the problem, we can’t confirm the cardholder’s identity through the signature on the internet, so online stores ask the consumer to enter their personal information to check cardholder’s identity from bank. Today it has become the norm that the online stores ask the cardholder’s personal information, but it causes a serious problem, when online stores have all the cardholder′s information, they have the ability to use the cardholder′s credit card to pay, and the bank have no way to find out who is the real cardholder. Therefore, this study start from the point where online stores have too much personal information, analyze what risk may happen to the consumer, online store, and bank under this situation, we also test on different online stores to realize how many personal information they get, and divide these online stores into three categories according to the amount of personal information they have, and then discuss the safety of these three categories of online stores when they are dealing with attack from online store, consumer, and bank. After the related work and discussion, we propose three security credit card mechanism corresponding to the amount of personal information the online store have, first is public key credit cart mechanism for situation where online store have rare information, second is verification code credit card mechanism for situation where online store have some information, third is dynamic credit card information verification mechanism for situation where online store have all information, and then analyze the safety of different mechanism we proposed, comparing the difference between our mechanism and existing mechanism in security, consumer privacy, and operation convenience, at the end of this study we describe some potential drawbacks of our mechanism. |