Security Aspects of e-Payment System and Improper Access Control in Microtransactions

E-payment system has paved the way for many problems of physical money transfers. Nowadays financial services are one of the most attractive targets for cyber attackers. Some involved components (sub-systems) with the e-payment system are- customer, merchant infrastructure, payment service provider and banking server. In this paper, a study of security aspects of these involved components is conducted. It is found that attack on customer can be carried out by lower-skilled attackers and a specific system will face a limited loss. On the other hand, other components can be compromised with less effort by high skilled attackers which can have a devastating effect on the financial infrastructure. A closer look is given at the improper access control in e-payment system, which will give a proper idea about the attackers' entry points from an attacker's point of view. It also shows how an attacker escalates such an ignorant flaw to gain financial benefit.

Keyphrases: access control, ecommerce security, online payment, Secure Transaction

