Back
  1. Home
  3. Detailed Reference
Request a copy
Paper published on a website (Scientific congresses, symposiums and conference proceedings)
Private authorization codes: data minimization in card not present transactions
ABELLÁN ÁLVAREZ, Iván
20252nd IEEE International Workshop on Programmable Zero-Knowledge Proofs for Decentralized Applications
Peer reviewed
Permalink
https://hdl.handle.net/10993/64823
DOI
10.1109/ICBC64466.2025.11185111
 

Files (1)Send toDetailsStatisticsBibliographySimilar publications

Files

Full Text
zkdapps25_preprint_private_auth_codes.pdf
Author preprint (333.13 kB)
Source code: https://github.com/ivabe/private-authcodes
Request a copy

All documents in ORBilu are protected by a user license.

Send to


Details


Abstract :
[en] Web-based credit card payments require complete disclosure of all payment card details for transaction authorization. The card’s CVV (Card Verification Value) is the secret code that authorizes remote card payments. Currently, all payment card details must be shared among various intermediaries involved in processing the transaction. To mitigate the risks associated with fraudulent transactions, industries have adopted security standards such as the PCI DSS. Credit card data confidentiality rests on all involved stakeholders adhering to best security practices, including data communication encryption, and do not misuse the payment information. However, this security posture does not prevent potential credit card data leaks. We propose an alternative method for conducting remote card payments that does not require disclosing the authorization code while ensuring high interoperability with existing payment networks. Our approach demonstrates how designated verifier Zero-Knowledge Proofs (ZKP) enable minimal disclosure of card details, particularly protecting the confidentiality of authorization codes.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > FINATRAX - Digital Financial Services and Cross-organizational Digital Transformations
NCER-FT - FinTech National Centre of Excellence in Research
Disciplines :
Computer science
Author, co-author :
ABELLÁN ÁLVAREZ, Iván ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
External co-authors :
no
Language :
English
Title :
Private authorization codes: data minimization in card not present transactions
Publication date :
2025
Event name :
2nd IEEE International Workshop on Programmable Zero-Knowledge Proofs for Decentralized Applications
Event organizer :
IEEE International Conference on Blockchain and Cryptocurrency
Event place :
Pisa, Italy
Event date :
2-6 of June
Peer reviewed :
Peer reviewed
Source :
IEEE Xplore
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR16326754 - PABLO - Privacy-preserving Tokenisation Of Artworks, 2021 (01/06/2022-31/05/2025) - Gilbert Fridgen
FNR13342933 - DFS - Paypal-fnr Pearl Chair In Digital Financial Services, 2019 (01/01/2020-31/12/2024) - Gilbert Fridgen
Name of the research project :
U-AGR-7110 - C21/IS/16326754/PABLO - FRIDGEN Gilbert
Funders :
FNR - Fonds National de la Recherche
Funding number :
16326754; 13342933; 16570468
Funding text :
This research was supported in part by the Luxembourg National Research Fund (FNR) (grant ref. NCER22/IS/16570468/NCER-FT), the Ministry of Finance of Luxembourg through the FutureFinTech National Centre of Excellence in Research & Innovation, PayPal (PEARL grant ref. 13342933/GF), and PABLO (grant ref. 16326754). In fulfillment of the obligations arising from the grant agreements, the authors have applied a Creative Commons Attribution 4.0 International (CC BY 4.0) license to any Author Accepted Manuscript version arising from this submission.
Available on ORBilu :
since 28 April 2025

Statistics

Number of views
172 (28 by Unilu)
Number of downloads
6 (6 by Unilu)
More statistics
OpenCitations
 
0
OpenAlex citations
 
0

Bibliography

Similar publications


Contact ORBilu