Security in Online Payment Services - Implementing automatic payment services in fastlegevakten
MetadataVis full innførsel
Online payment services are becoming increasingly simple and easy to integrate. A few years ago implementing a payment service required an extensive amount of resources and special competence. This changed with the arrival of services like Paypal, and now new services like Stripe is making it increasingly easier for small organizations and even private actors to integrate payment services into their online applications. The main goal of this thesis is to review the security of modern payment services. To investigate the security of different services, a prototype web application was created. This prototype was implemented with the two payment services Stripe Checkout and Paypal Express Checkout. A comparative case study was then performed to evaluate and compare the two payment services. In addition to performing a technical evaluation, the social aspects of e-commerce were also examined. A questionnaire was created with the aim to identify the most important factors for consumers when they are using online payment services. This thesis found that both Stripe and Paypal's security requirements are easy to implement. Properly configured HTTPS and standard Cross Site Scripting protection is enough to protect the payment services. All websites that handle any type of user data should have these two security mechanisms in place anyway. In the comparative case study, Stripe was found to be the best payment service from a developer s viewpoint. Stripe Checkout was better than Paypal in every category, except for end-user usability. However, based on the results from the questionnaire, the majority of the participants were familiar (and more comfortable) with Paypal. The average rating for applications providing Paypal as a payment option was higher than for those without Paypal. In conclusion, Paypal is likely the best option in cases where only one payment service can be implemented. However, this might change as Stripe becomes more established in Norway.