One solution to the problem of commercial credit card fraud in payment schemes is to use disposable credit card numbers (DCCNs) for identifiers. This paper asserts an improvement over the current state of this art by taking away the need for an embedded computer (thus enabling the use of a standard mobile phone with Java support and Bluetooth) and by allowing the DCCN format to be the same as the current format. For further research, the paper suggests the possibility of investigating an extension to cover all financial activities and transactions beyond payments.
The introduction discusses the need for this research, as well as other solutions to credit card fraud. Next, the credit card processing system is covered, including the format of credit card identifiers and the processing of the same during payments. An overview of the authors’ proposal, including both the DCCN-generating scheme and the application (including installation, activation, payment, and personal identification number (PIN) change), follows. Implementation and computation issues are discussed next, followed by security issues.
The research is interesting for its use of noncryptographic methods in the DCCN generation scheme, particularly the scheme’s reversible function (basic function) to modify the seed, after which the noncryptographic hash function is applied, followed by the projection function to produce a DCCN from a 64-bit string.