A semi-automated HTTP traffic analysis for online payments for empowering security, forensics and privacy analysis

Abstract

The paper discusses means to identify potential impacts of data flows on customers’ security, and privacy during online payments. The main objectives of our research are looking into the evolution of cybercrime new trends of online payments and detection, more precisely the usage of mobile phones, and describing methodologies for digital trace identification in data flows for potential online payment fraud. The paper aims to identify potential actions for identity theft while conducting the Reconnaissance step of the kill chain, and documenting a forensic methodology for guidance and further data collection for law enforcement bodies. Moreover, a secondary objective of the paper is to identify, from a user’s perspective, transparency issues of data sharing among involved parties for online payments. We thus declare the transparency analysis as the incident triggering a forensic examination. Hence, we devise a semi-automated traffic analysis approach, based on previous work, to examine data flows, and data exchanged among parties in online payments. For this, the main steps are segmenting traffic generated by the process payment, and other sources, subsequently, identifying data streams in the process. We conduct three tests which include three different payment gateways: PayPal, Klarna-sofort, and Amazon Pay. The experiment setup requires circumventing TLS encryption for the correct identification of forensic data types in TCP/IP traffic, and potential data leaks. However, it requires no extensive expertise in mobile security for its installation. In the results, we identified some important security vulnerabilities from some payment APIs that pose financial and privacy risks to the marketplace’s customers.