skip to: main content | section menu | full site menu

Technology Transfer from the University of Oxford

SECURE FINANCIAL TRANSACTIONS - Isis Project No 3044

A new generation of protocols enhance the security of card-present financial transactions and enable secure card-not-present transactions to occur via insecure communications networks.

Marketing Opportunity

Financial transactions involving credit and debit cards present several challenges, most notably ensuring that confidential information (e.g. bank account number, PIN, etc) cannot be acquired fraudulently by third parties. In 2004, global credit and debit card fraud resulted in losses of approximately $8 billion, rising by an estimated 13% per annum. The introduction of CHIP and PIN has severely curtailed card-present fraud (e.g. due to counterfeiting, loss, theft), however, increased use of the Internet has led to significant growth in card-not-present (CNP) fraud. Evidently, protocols that provide a robust and ultimately secure means of performing financial transactions in a range of circumstances are of great economic importance.

The Oxford Invention

The Oxford Invention provides a unique method of ensuring the security of financial transactions. The protocol includes two main components; first, a means by which either party involved in the transaction can authenticate their identities to the other, and second, a method for achieving secure communications. This procedure, which represents a bespoke variant of a protocol (HCBK) developed by the Oxford Inventor, can achieve an exceptional level of security in highly efficient manner (cryptographically) and via a user-friendly interface. Further advantages of this method are that it:

  • Extends CHIP and PIN methodology to Internet/CNP transactions.
  • Enhances the security of card-present transactions.
  • Avoids the need to give the merchant the customer’s card number and PIN.
  • Affords unprecedented security of transactions on insecure networks (vital in ubiquitous applications),
  • Is immune to man-in-the-middle and combinatorial attacks, and
  • Does not require public key infra-structure (PKI) for security.

Patent Status

This technology is the subject of an international patent application, and Isis would like to talk to companies interested in developing the commercial opportunity that this represents. Please contact the Isis Project Manager to discuss this further.

Keywords

CHIP and PIN card, not present transactions, internet credit card, transactions credit card, fraud, HCBK security protocols, secure POS transactions, man-in-the-middle attack

Request Further Information: Project Number 3044 Secure Financial Transactions