Electronic commerce involves the use of the Internet and proprietary networks to facilitate business-to-business, consumer, and auction sales of everything imaginable, from computers and electronics to books, recordings, automobiles, and real estate. In such an environment consumer privacy is becoming a major concern although payments should be fulfilled. Credit card payment schemes have been developed and are employed to facilitate secure payment card transactions over the Internet. An open technical standard is called SET—Secure Electronic Transaction. Digital certificates create a trust chain throughout the transaction, verifying cardholder and merchant validity, a process unparalleled by other Internet security solutions. Merchants, financial institutions, and many customers believe in such payment schemes.
In SET, first, a cardholder, a merchant, and an acquirer exchange their public keys and the certificates on them and then verify these certificates. Then, the cardholder and the merchant exchange data to specify the purchase. From this data the cardholder then forms two messages mO and mP, where mO contains the transaction id, the order description, and the purchase amount and mP contains the transaction id, the purchase amount, merchant id, credit card number #C, and expiration date tC. Then, the cardholder signs hO, hP resulting in sigC, where hO=H(mO), hP=H(mP), and H is a one-way hash function, and encrypts mP under the acquirer's public key resulting in eA. Then the cardholder sends mO, sigC, hP, and eA together with a cardholders public key and certificate to the merchant. The merchant computes hO=H(mO) and checks whether sigC is a valid signature on (hO, hP) with respect the cardholder public key. Then the merchant forwards the public key and certificate of the cardholder and sends eA, hO, sigC, and some other (merchant related) details to the acquirer. The acquirer decrypts eA, computes hP=H(mP) and checks whether sigC is a valid signature on hO, hP with respect the cardholder public key. The acquirer also checks whether H(#C) and H(tC) are contained in the cardholder's certificate. Then, the acquirer uses #C, tC, and the purchase amount to get authorization for the purchase via a financial network. The acquirer notifies the merchant of the outcome, who notices the cardholder. If the outcome was successful, then the acquirer arranges that the merchant gets paid and the merchant delivers the goods or services to the cardholder, i.e., the customer.
However, current credit card payment schemes, like SET or iKP (Internet Keyed Payment Protocol), do not offer anonymity for a cardholder towards the merchant. This means that credit card transactions are not anonymous, i.e., the merchant gets to know the customer's name, the credit card number, and expiration date. Moreover, often this knowledge is sufficient to impersonate the customer and use the credit card illegitimately. Although in SET the merchant does not necessarily see the cardholder's name, he sees her public key and the certificate on it, i.e., the cardholder is known to the merchant under a pseudonym. If the customer uses the same pseudonym with different merchants or transaction, these transactions can be linked and a profile can be established. Such a profile is usually sufficient to identity a customer. Also, if a customer is requested to provide her/his name in one transaction, this name “propagates” to the other transactions. This problem could be solved, if the cardholder creates a new public key and get a new certificate for each transaction she/he does. However, this is not very efficient. Therefore, a system is desired that allows the cardholder to use her/his public key and the certificate on it unlimited times without that the transactions become linkable.
Due to the use of traditional financial networks to authorize payments, as does SET, the scheme does also not offer anonymity for the cardholder with respect to an acquirer.
To overcome the drawbacks, a scheme is required that allows the cardholder to remain anonymous to all parties apart from the card-issuer. The card-issuer should know the cardholder's identity in order to bill accordingly. However, all the parties should get convinced that the cardholder or customer has a valid credit card and that the payment is valid.