Abstract
Credit and debit card data theft is one of the earliest forms of cybercrime. It is one of the most common problems now days. Attackers often aim at stealing such customer data by targeting the Point of Sale system, i.e. the point at which a retailer first acquires customer data. Modern Point of Sale systems are powerful computers equipped with a card reader and running specialized software. Increasingly often, user devices are leveraged as input to the Point of Sale. In these scenarios, malware that can steal card data as soon as they are read by the device has flourished. As such, in cases where customer and vendor are persistently or intermittently disconnected from the network, no secure on-line payment is possible. A secure online micro-payment solution that is resilient to Point of Sale data breaches. Our solution improves over up to date approaches in terms of flexibility and security. To the best of our knowledge, FRODO is the first solution that can provide secure fully on line payments while being resilient to all currently known POS breaches. In particular we detail FRODO architecture, components, and protocols. Further, a thorough analysis of FRODO functional and security properties is provided, showing its effectiveness and strong.