=Paper=
{{Paper
|id=Vol-1830/Paper36
|storemode=property
|title=Integration of Parental Alert System into Students Online Payment System
|pdfUrl=https://ceur-ws.org/Vol-1830/Paper36.pdf
|volume=Vol-1830
|authors=A. O. Isah,John K. Alhassan,Victor O.Waziri,K. H. Lawal
}}
==Integration of Parental Alert System into Students Online Payment System==
https://ceur-ws.org/Vol-1830/Paper36.pdf
International Conference on Information and Communication Technology and Its Applications
(ICTA 2016)
Federal University of Technology, Minna, Nigeria
November 28 – 30, 2016
Integration of Parental Alert System into Students Online Payment System
A.O. Isah1, John K. Alhassan2, Victor O.Waziri3, and K.H. Lawal4
1, 2, 3
Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria
4
Information Technology Services, Federal University of Technology, Minna, Nigeria
1
ao.isah@futminna.edu.ng, 2jkalhassan@futminna.edu.ng, 3victor.waziri@futminna.edu.ng, 4kenny@futminna.edu.ng
Abstract—The introduction of online payment systems for internet network, power supplies and personnel [2].
tuition and other fees in institutions across the globe is a great Especially, in institution of higher learning where parents
breakthrough of Information and Communication Technology. and guardians are wholly responsible for the provision of
However, the attendant security risk has become a serious school and tuition fees of their children and wards. Feedback
concern to Information Technology experts and the individual to such parents and guardians is very important in order to
institution implementing the system. Of particular concern is monitor the activities of their children in respect of their
the limited knowledge of parents and guardians about the status since payment of prescribed fees is the first
status of their children or wards due to payment issues. This determining factor of studentship. This is the focus of this
paper seeks to solve this problem by integrating payment
paper.
transactions alert algorithm into an existing online payment
algorithm in order to provide feedback information from the A. Essentials of Online Payment
institution authority to parents or guardians by way of a Short
Message Service for all payments made or not by their children There are some essential elements that must be in place
or wards. By the codified SMS algorithm into the existing before an online payment system can be established. These
payment system, it is able to deliver feedback messages to are PCI compliance, A payment gateway, A merchant
parents. account, ACH payments, and A payment processor. The
payment gateway and the merchant account operators must
Keywords-online payments; parent, alert system; information set their operations be in total compliance with Payment
security; institutions. Card Industry Data Security Standard (PCI DSS). This
PCIDSS was established the Payment Card Industry Security
Standards Council to in order to ensure that security
I. INTRODUCTION
information of the card holder is not compromise by
Internet technology has rapidly made the world a global cybercriminals. The payment gateway act as the bridge
village in videos, pictures and audios communications. between the merchant and the payment processor and also
Exchange of ideas, goods and services are done in a matter between customer and the merchant, it ensures that the credit
of seconds with the application of online systems. The card information is securely passed through. The merchant
competitive nature of business transactions has forced any account is a particular account maintained by a bank through
company or business outfits to embrace online transactions if which payments are received from a debit or credit card. The
a company or an organization wants to continue to be ACH is the Automated Clearing House payments are credit
relevant in today’s Information Technology world. [1] and debit transfers where customers pays for services from
Thus, Companies and organizations either private or their bank accounts. Payment Processor is engaged by
government engaging in online transactions should be merchant to handle all debit and credit transactions on their
seriously concerned about the security implications of such behalf [3].
transactions, security implications consist of the efficiency,
confidentiality, reliability, availability. Doing business online B. Parental right to Their Children’s Information
is no longer an oddity, but the norm and companies desiring It is the right of every parent or guardian to have
to remain competitive have to maintain some form of online adequate information about their children or wards [4] in
presence. Doing business online is not limited to commercial order to have record of their academic and other activities
businesses only, institutions across the globe today engages while in the school
and rely on online systems for almost their activities This means that parent should be in possession of their
including advertisements, application, registrations , children information or data recorded in any medium,
academic activities and most importantly, all their payment including but not limited to handwriting, email, print, etc.
schedules. The attendant security risk that goes along such that is directly related to a student and maintained by the
payment has become an evolving problem to many institution. This may be the students’ grades, test scores,
institutions world over, it is important to ensure security of evaluations, courses taken, advising records, disciplinary
payment system in terms of reliability of hardware, software, actions, courses, exams and financial records and status.
17
� International Conference on Information and Communication Technology and Its Applications (ICTA 2016)
Behavioural attitudes of students as observed by the
institution authority can also form part of the information
due for the parent’s knowledge.
C. Information security concern
Imbibing the culture of information Security is very
critical in parent and institution relationship as regards
children and wards in the institution
If there exist some gaps in identifying factors that have
significant influence on information security culture
adoption. Current information security culture existing
literatures have not agreed on principle on what factors needs
to be presented to create such environment that promotes the
creation of security culture. [5]
The author identifies top critical factors that are
necessary for information security culture existence. These
factors are: top management support for information
security, establishing an effective information security
policy, information security awareness, information security
training, education, information security risk analysis and Figure 2. Genuine student being impassionated (Source: e-portal of the
assessment, information security compliance, ethical conduct Anonymous University)
policies, and organization culture.
Figure 2 show the admission data of a genuine student of
D. A case study of admission and payment fraud due to the anonymous University whose Identification number was
lack of parental information used to defraud an unsuspecting candidate shown in figure 1.
Knowing the status of students in an institution cannot be
overemphasized. When parents and guardians do not have
adequate information of their children or wards from the E. The implication of figure 1 and figure 2
institution’s authority, students would have field day in all The victim that was defrauded had thought that he was
manners of deceitful acts, cheatings, truancy, absenteeism, already a student and he started attending lectures until when
examination malpractice and other vices on the campus that the semester examination was approaching and he could not
may have made them to be suspended, rusticated or outright register on the school porter for continuous assessment tests.
withdrawer from school. Such students may not disclose The Continuous Assessments (CAs) test in this particular
their situation to their parents are often involved in. University is being conducted by Computer Base Test
(CBT). The porter rejected the student’s Identification
number that the victim entered because, he was never
admitted in the first place and so could not be found in the
admission data base.
A careful look at figure 1 and 2 revealed some
discrepancies in Student ID numbers and other features in
the genuine payment receipt (figure 2) with those in the fake
payment receipt (figure 1). In the end when the guardian
discovered, he was very surprised to know that his ward was
not even admitted in the university; this is largely because
there was no feedback channel from the University to him to
know the true status of his ward.
This is the motivation for this research and hence the
author wants to solve this problem by codifying the Short
Message Service (SMS) algorithm and integrating into
Figure 1. Fake online payment receipt with impassionate candidate existing institution online payment system.
(Source: Exhibit from the victim’s guardian)
Figure 1 shows fake online payment information II. REVIEW OF EXISTING ONLINE PAYMENT SYSTEMS
generated to defraud a prospective candidate seeking
admission into a University (Anonymous) by some Exchange of goods and services are mainly based and
admission fraudsters. The candidate whose photograph evaluated in terms of money all over the world today as
appeared in figure 1 was assured that his admission was civilization advances from the primitive era where trade by
successful and therefore went ahead to release money to the barter and other forms of methods were used in the exchange
fraudsters to pay the school fees. The student’s Identification of goods and services.
number that the fraudsters claimed to be for the victim Payment for goods and services is the only authentication
belongs to a genuine and bonafide student of the university that ensures that such exchange has occurred. Several
whose particulars are shown in figure 2. payment methods or systems has been in use such as, Cash
18
� International Conference on Information and Communication Technology and Its Applications (ICTA 2016)
payment, payment through banks, payment through checks, of a trusted third party called identity provider, IP, and a
payments by credit transfer, automated clearing house, wire commitment scheme called Pedersen commitment. An IP
transfer services payments cards. verifies the identity of a merchant before processing the
Researchers have been extensively researching on general payment. This Pedersen commitment helps to validate
e-payment systems [6] observed the rapid Evolution of transactions.
payment models, and discovered that there have been According to [10], the online payment is an ecosystem
numerous payment systems with both new and variations on which is mostly being targeted by cybercriminals. Since
established models. The author also take a look at some online payment system involves the use credit and debit
development in this regard, in January of 2012, one of the cards, there will be many stages of interaction for a cycle of
leading social media company Facebook launched its own transaction this includes consumers and their payment cards,
payment card which is a normal plastic gift card that allows merchants and their point-of-sale (POS) payment systems,
users to order for small mail delivery to recipients. The card the card brands (i.e. Visa, MasterCard, Discover Network,
is in addition to Facebook’s Gifts feature that was launched American Express), issuing banks, and card processors. The
in September 2012, the card allows users purchase physical author explains that end-to-end encryption is needed to
goods such as chocolate, shirts, or flowers for friends, make maintain the integrity of transactions carried out online,
charitable donations, buy subscriptions, purchase gift cards, because highly sensitive information is involve in the
and more. this card the author observed, is different from exchange of yearly traction running into billions of dollars
other prepaid competitors because it can be accepted by which is very attractive to cybercriminals.
retailers like: Jamba Juice, Target, Sephora, and Olive The author submit that software are not save just like the
Garden, the card can also be integrated with the Facebook internet that was primarily designed for connection and not
mobile app. necessarily designed for security, although, the author agreed
[7] Noted that most communication channels are no that some software based encryption can remedy the security
longer one to one, as other devices in the network also issue to some extent but cannot give a total guarantee. Like:.
receives data generated by a device in the same network AES (Advanced Encryption Standard) which is presently the
through multicast transmission architecture. This is due to best encryption available. Hardware security and
the fast improvement of information and network implementing multi-criterion authentication in mobile
technologies. These multicast systems that enhance rapid platform is also very important measure to be considered in
delivery of messages in the network also open up loopholes the security of online payment system, [11]. This is achieved
to snooping attacks in the network. The study submits that by introducing a hardware-protected tamper-resistant
one to one encryption is no longer effective for the security security module (TRSM) [10], it ensures that data is
of data. So, the authors proposed a novel anonymous multi- protected at the beginning of card transaction before passing
receiver encryption, in which receiver’s decryption key is through the merchant system,
fixed. Furthermore, the model provided anonymity of While the security measures suggested by the author has
receivers, performance analysis and comparisons with other a far reaching effect on online payment systems, the
schemes. challenge of feedback information to some stake holders
[8] Present a resource efficient reconfigurable hardware who sometimes are the financier of the whole transaction is
implementation of Advanced Encryption Standard (AES) still posing a lot of challenges that we seek to solve with this
using an object oriented programming language approach on paper. In our case, the stake holders are the parents that are
Field Programmable Gate Array (FPGA) for rapid providing the funds for their children’s school fees.
development. In order to boost performance, the authors use [12] The authors did extensive work that highlights the
Xilinx System Generator that utilizes efficient conventional significance of university portal for Nigerian universities, the
blocks, having used primitive level approach and customize paper also discussed the best practices that could be put in
all the operations in the design of the study. place to avoid redundancies in future system and processes.
The common process to purchase anything online is for Various uses were also highlighted by the authors. Although,
the prospective customer to visit the merchant’s site for the information and inquiries tracking was explained as
products of interest and select the product [9],. When he is important features of University portal system, however,
ready to buy those products, he proceeds to provide his their paper did not look at payment system which is an
shipping and billing address, his payment information (e.g., integral part of university portal system and was not able to
debit or credit card information) to the merchant. This deal in details with the security issues involved in the
payment information is sent to the merchant in an encrypted universities’ portal system. This gap in security issues was
or hashed form so that the merchant cannot obtain it. In order the focus of this very paper.
to receive payment for his sale, the merchant forwards the
customer’s payment information to the payment gateway.
The author observed that in these existing payment A. Example of stages and interfaces involved in a typical
systems, information must go through a payment gateway
institution’s online payment system
which makes the system vulnerable to hackers and other
cyber criminals. The authors therefore developed an Figure 3 is the personal data interface where the student
approach for online payment which ensures that customer enters all his or her relevant Biodata. The students are
payment information is provided directly to the payment required to fill in their own name, age, sex, permanent home
gateway instead of routing the financial information through address, state and local government of origin and most
a merchant. The author discovered some design issues importantly, the name and telephone number of his parent or
arising from this approach which was also addressed the use guardian.
19
� International Conference on Information and Communication Technology and Its Applications (ICTA 2016)
Figure 3. Personal data (Source: e-portal of the Anonymous University) Figure 5. Payment voucher generated by interswitch payment gateway
(Source: e-portal of the Anonymous University)
Figure 4. Admission data (Source: e-portal of the Anonymous University) Figure 6. Successful transaction (Source: e-portal of the Anonymous
University)
Figure 4 is the admission data interface containing some
of student’s data again like ; age, sex, state, local government III. INTEGRATION OF THE PARENTAL ALERT ALGORITHM
area, student’s identification number, course of study, level INTO THE EXISTING ONLINE PAYMENT SYSTEM
and department.
Figure 5 is the interface showing the payment agent A. The model of institution online payment system
which generate payment voucher containing the amount of
fees required of student to pay. The payment agent for this The method used by the authors to solve this problem can
particular university is the inter-switch; there are several be said to be straight forward and simple, but the complexity
other online payment agents. was in the coding and stringing of the parental SMS alert
Figure 6 is the interface showing payment transactions. model into the main existing payment model.
When student initiate payment, transaction details are Figure 7 and 8 shows the existing model and the
shown whether payment is successful or unsuccessful. At implemented model with the parental alert system
this stage, the transaction details are being sent to the respectively.
telephone number of the parent or guardian of the student In the usual online payment system, the focus of the
automatically as Short Message Service (SMS). This is authors which is institution online payment portal, candidates
where the work of this research comes to function. registered on the portal to have students’ Identification
20
� International Conference on Information and Communication Technology and Its Applications (ICTA 2016)
number(ID number), or user name and a passwaord, for a Figure 8 is the institution online payment system
freash student, while a returning students who already has an integrated with the parental alert SMS algorithm. As
ID or usaul name will have to login with the ID or user proposed by this paper, the processes involved in the
namee to access his or her page on the portal on the student’s institution payments is the same as figure 7 but the parental
page as were shown earlier by the interfaces of figurs 1 to 6 alert system is introduced at the stage of transaction
in the review chapter of this paper, the student then click and interactions between the student making the payment , the
navigate to the payment Data link .the payment data interface institution payment server and the payment gateway
is linked with any of the payment gateway that the otherwise known as the third party.
instittution is in collaboration with for the financial
transaction proper which in this case, is the paymayment of
tuition or any other fees payable to the institution by the B. Algorithm for institution online payment system
concerned student. START
The student gets all transaction details from the payement SELECT TARGET FILE
gateway via the institution portal. ENTER STUDENT ID AND PASSWORD
GOTO PAYMENT RECORDS
IF FRESH STUDENT/RETUNING STUDENT
CHECK STATUS
GOTO PAYMENT
IF PAYMENT UNSUCCESSFUL
SEND UNSUCCESSFUL_
_FEEDBACK TRANSACTION_
_DETAILS
ELSE
GOTO PAYMENT
ENDIF
IF PAYMENT SUCCESSFUL
SEND SUCCESSFUL FEEDBACK_
_TRANSACTION DETAILS
ENDIF
ENDIF
STOP
C. Algorithm for institution online payment system with
Figure 7. A typical existing Online payment system for an institution integrated parental alert system
START
SELECT TARGET FILE
ENTER STUDENT ID AND PASSWORD
GOTO PAYMENT RECORDS
IF FRESH STUDENT/RETUNING STUDENT
CHECK STATUS
GOTO PAYMENT
IF PAYMENT UNSUCCESSFUL
SEND UNSUCCESSFUL FEEDBACK_
_TRANSACTION DETAILS
SEND UNSUCCESSFUL SMS/EMAIL TO_
_PARENT
ELSE
GOTO PAYMENT
ENDIF
IF PAYMENT SUCCESSFUL
SEND SUCCESSFUL FEEDBACK_
_TRANSACTION DETAILS
SEND SUCCESSFUL SMS/EMAIL TO_
_PARENT
ENDIF
ENDIF
Figure 8. Parental SMS alert system integrated online payment system STOP
21
� International Conference on Information and Communication Technology and Its Applications (ICTA 2016)
IV. DISCUSSION REFERENCES
In the existing online payment systems, the actors that [1] D. Montague,”Essentials of Online Payment Security and Fraud
are acting on the system are; the candidate (student) making Prevention,” John Wiley& Sons, Inc., Hoboken, NewJersey, 2011.
the payment, the university portal administrator, the [2] Nasashi Nakajima, “Payment system technologies and functions:
innovations and developments,” Reitaku University, Japan, 2011, pp.
merchant account bank and the payment processor as 89.
explained in figure 7. All transaction details and feedbacks [3] R. Meyer, “10 excellent online payment systems”
are only to candidate, the parent is not among the actors http://sixrevisions.com/tools/online-payment-systems, 2012.retrieved
interaction with the system directly. The normal payment 22.02 2016
algorithm as shown in (b), does not accommodate external [4] California Department of Education, “Information for parents and
actor. The integrated alert algorithm (c) has now extended family members about becoming involved in the education of their
some aspect of the transaction information to the parent or children” http://www.cde.ca.gov/ls/pf/pf/, June 2016.
guardian in a way that when even the student make an [5] M. A. Alnatheer, Information Security Culture Critical Success
unsuccessful attempt to pay any fees, the feedback will be Factors 2015 12th International Conference on Information
Technology - New Generations King Abdul-Aziz City for Science
sent to parent(s), when the payment is successful, the parent and Technology (KACST) Riyadh, Saudi Arabia
is also aware. [6] J. R. Ross, “Electronic payments industry explodes with new
developments in everything from social media-marketed gift cards to
V. CONCLUSION AND RECOMMENDATIONS city-sponsored debit/ID cards,” http://www.mozido.com/electronic-
payments-industry-explodes-with-new-developments-in-everything-
In this research, an automated instant alert message from-social-media-marketed-gift-cards-to-city-sponsored-debitid-
(SMS) into the online payment system was designed and cards/ 2013 Retrieved 22.07.2016
tested. The payment portal delivers information to parent [7] L. Harn, C.C. Chang, and L. W. Hsiao, “An Anonymous Multi-
and guardians the very moment payments were made by Receiver Encryption Based on RSA” International Journal of
their children or ward. This allows the parent or guardian to Network Security 15(4) 307-312. www.ijns.femto.com, 2013.
keep track of the status of their children or wards in the [8] A. Aziz and N. Ikram, “Hardware Implementation of AES-CCM for
Robust Secure Wireless Network” Available online at
institution. The SMS alert algorithm that instantly provides http://www.academicjournals.org/JEAPS
payment information to parents was introduced to existing [9] S. Pant, “A Secure Online Payment System”, University of Kentucky,
system as one of the contributions to the security features of 2011, pp 13, 51.
students’ online payment. This paper utilized the integrated [10] M. steven elefant, “secure online payment system requires end-to-end
SMS codes as a metric to compare other reviewed papers encryption”,
that were not able to integrate parental automated feedback http://searchsecurity.techtarget.com/magazinecontent/secure-online-
mechanism in their works payment-system-requires-end-to-end-encryption retrieved july 23,
2016.
It is recommended that students’ examination result
could also be sent to the parent or guardian through this [11] P. Smita and D. Noumita, “Study and Implementation of Multi-
Criterion Authentication Approach to Secure Mobile Payment
integrated system. Also the institution authority should verify System”, International Journal of Engineering Science and Advanced
the data of the parents or guardian entered in the personal Technology, (IJEAST), 2014, 3(3), 117-122.
data page on the portal shown in figure 3. There are license [12] S. M. Abdulhamid, and I. Idris, “Design Evaluation of Some Nigerian
software the institution’s authority can use to verify the University Portals: A Programmer's Point of View”. GESJ: Computer
authentic owner of telephone numbers supplied by the Science and Telecommunications, 2010 5(28), 21–28.
students.
22
�