Security and data protection Customer-friendly payments on the Internet with free Software
Pay online quickly and securely in a customer-friendly way without completing forms, without accounts and passwords, and without sacrificing data protection – it’s not utopic! By combining the decentralized identity management system re:claimID with GNU Taler, it is possible to obtain certified customer data and to conduct a one-click payment process securely and without a login.
The Fraunhofer Institute for Applied and Integrated Security (AISEC) and the Bern University of Applied Sciences are collaborating with the EU as part of the Next Generation Internet Initiative funded project “Decentralized Identities for Self-Sovereign End-Users” (DISSENS) in order to build a solution.
For the demonstration, GNU Taler and re:claimID were integrated in WooCommerce, a WordPress extension. Firstly, the customer selects the products in the online shop. After that, the shop requires access to the delivery address. To do so, an OpenID Connect extension is used to obtain the data from re:claimID. Finally, the payment is made with GNU Taler.
re:claimID is a data privacy-friendly peer-to-peer-protocol for identity management. However, rather than entrusting private data to an identity provider (IdP), this data is stored in the GNUnet peer-to-peer network in encrypted form and is controlled by every individual user. Each user checks which of the requesting parties may access which attributes and when. The shop receives the key needed for the data– such as the desired delivery address – only if the user activates access for the specific shop in a browser extension. Cryptography ensures secure end-to-end encryption upon access by the shop, even if it takes place when the customer is offline.
Data protection for customers is equally important for GNU Taler: for the pure payment process, the customer is not required to provide any private data at all. Instead of personal account information or credit card details, the customer simply transmits impersonal digital coins with a single click. The shop submits them to the Taler payment service provider, receives a real-time confirmation at network speed – and the sum of money is transferred to the shop’s regular bank account a short time later. With Taler, cryptography protects private data and makes payment fraud impossible.
In terms of the outcome, the customer experience is similar to that of large providers, where significant amounts of personal data are stored permanently with an account – the only difference is that there are no accounts or passwords – and privacy remains protected at the same time. This means that smaller providers – whose customers are even less prepared to set up accounts and disclose private data – can offer a very good shopping experience.
Unfortunately, Connecta cannot be held as planned. Prof. Dr. Christian Grothoff would have been one of the 80 speakers at the event. An alternative programme is available through Connecta TV, Connecta Doc and Connecta Talk – find out more at www.swisspost.ch/connecta.
- (( comment.published ))