A comparative study of card-not-present e-commerce architectures with card schemes: What about privacy?

Internet is increasingly used for card-not-present e-commerce architectures. Several protocols, such as 3D-Secure, have been proposed in the literature by card schemes or academics. Even if some of them are deployed in real life, these solutions are not perfect considering data security and user's privacy. In this paper, we present a comparative study of existing solutions for card-not-present e-commerce solutions. We consider the main security and privacy trends of e-payment in order to make an objective comparison of existing solutions. This comparative study illustrates the need to consider privacy in deployed e-commerce architectures. This has never been more urgent with the recent release of the new specifications of 3D-secure.