Java Forum

Ask Question   UnAnswered
Home » Forum » Java       RSS Feeds

Authenticate person for the reson of security.

  Asked By: Darcy    Date: Nov 26    Category: Java    Views: 545

I wanted to know if anybody has a solution to this problem,
think that we have an online shopping store that is based under trust.
we want to authenticate each person for the reson of security.
is there any way for us to do these?
as we know unfortunately there is no credit card in Iran and we have
to use Debit card(prepaid card) for the reason of payment or some othr
solution such as Saman Bank online payment.
but I dont see any way to authenticate one whan he has a debit card.
I will be happy if you friend help me with that



7 Answers Found

Answer #1    Answered By: Jawna Mohammad     Answered On: Nov 26

So, what do you mean by 'based under trust'?
Let me explain you a scenario we have used for Saman Bank. You go to the seller's website, select your favorite goods and click on the 'purchase' button, then you are redirected to the bank's site, there you have multiple choices of payment. One of these options is to enter your debit card's number, check digit, expiration date, and pin. If they are entered correctly the due amount is deduced from your account and you are redirected back to the seller's site with your transaction's result included. I think  it doesn't matter of what kind your card  is (debit or credit). I THINK IN NO CIRCUMSTANCES YOU MUST ASK FOR USER'S BANKING CREDENTIALS AT A SELLER'S SITE.

Answer #2    Answered By: Venkat Rulez     Answered On: Nov 26

I guess it would be easier to establish a secure connection with the bank (whoever holds the details of the card  and perform the debit). and then upon confirmation of the card details, create a secure two phase commit transation with bank and the produce provider for further processing. you can make this completely transparent from user's view.

Make sure what secure technologies are supported by the bank (card issuer), the first think  comes to mind is SSL.

Answer #3    Answered By: Minal Nayak     Answered On: Nov 26

I meant "product provider" + the bank system should obviously provide the interface (services) for your application to perform the transactions

Answer #4    Answered By: Haru Tanaka     Answered On: Nov 26

but the problem  is that if we want to authenticate
people and be sure that he is who he says we have to
use a system that already has database and eith debit
card I dont think  it be possible and at the other hand
it is not easy for everybody to have an account in
Saman bank or other online  banks(currently none)
and if the system wants to be successful it has to
make it easy for people to use it.

Answer #5    Answered By: Jacob Evans     Answered On: Nov 26

Let's compare it with Amazon.com for the moment,

For online  shopping you either have to use a credit card  or pay for transaction by a cheque. The later will suspend the shippment of the item until they receive the payment from the user,

but for the first one you need to confirm the card details with the bank before commiting the transaction. In either of the cases above, the user needs to register with the online shopping  system to have a login details (UI/PW), This login details is only for accesing the online shopping system and is separate from the bank details. For this you can use one of the 4 types of creating secure session with the user, it might be a combination of declarative and programmatic ways,

At the login, system authenticats the user with its internal database to validate the user (This is what you are looking for) and upon confirmation of the purchase, system will validate the payment details with the bank and the finalizes the transaction.

So you have multiple steps to validate user and user details.

1. Validate the logged in user with the system internal database
2. Ask the bank to confirm the credit card details or availability of the balance

In case of the payment by cheque, step 2 will be replaced by "suspend the transaction until the payment is manually confirmed"

For step 1, you can use one of the existing secure connections (any of the 4 types) and for the second one, you need to have an interface with the bank to pass the card details to the bank in a secure way.

Your system might OR might not store  the card details, ( you leave it to the users pace) but having card details is not enough and you need to make sure as if the card holder has enough credit for the purchase, so you need to confirm that with the bank before finalizing the process

Having a clear problem  statement, will help  you to have a clear flow for this use case

Answer #6    Answered By: Chaths Massri     Answered On: Nov 26

How can you prevent the abuse of user's credentials by yourself? It was 3-4 years ago and I was working at ITRC (Iran Telecom Research Center). There we had web-based registration form for an intl. conference. I can tell you that so many people around the world had entered their credit card  information there. At the end of the conference we came up with hunderds of credit card information stored in a database which would suffice you for the rest of your life.

Answer #7    Answered By: Tarron Thompson     Answered On: Nov 26

I'm not sure if I understand what you’re asking,

Are you saying that users may enter invalid card  details? Or

Are you saying how users can trust your system?

The first one is easy,

1. Start the registration

2. Confirm the details with the bank of card issuer

3. Charge them on their account

4. Commit the transaction

5. Create an online  receipt for the user for their further query

For the second one it’s even easier,

People will not enter their credit card details just anywhere, and if they have entered their details in your system, they must have thought that your system is legitimate enough.

One more thing is that, they might have used a certain type of credit cards that banks issue for only a single transaction with a limited amount.

For instance you want to register somewhere which you are not really happy with using your regular card (the one that you usually use) so you ask the bank to give you a card that is only valid for one transaction with amount of i.e. $100. You use this for a registration somewhere. Once you used this card, you can no longer use it again as it was for a single-use purpose. So the user is guaranteed that they are not going to be charged on that card twice.

Didn't find what you were looking for? Find more on Authenticate person for the reson of security. Or get search suggestion and latest updates.