International Journal of Engineering Insights: (2024) Vol. 2, Nro.1, Regular Paper

https://doi.org/10.61961/injei.v2i1.13

Security aspects in the implementation of blockchain in

payment gateway transactions in Ecuador

Kerly Naranjo Paez · Renato M. Toasa

Received: 20 Dec 2023 / Accepted: 24 Feb 2024 / Published: 15 May 2024

Abstract: This paper explores the security aspects in-

volved in implementing blockchain technology in pay-

ment gateway transactions within the Ecuadorian con-

text. Blockchain technology oﬀers numerous security

beneﬁts such as data security, immutability, decentral-

ization, authentication, and transparency. These fea-

tures contribute to enhancing the overall security and

trustworthiness of payment transactions. The decen-

tralized nature of blockchain reduces the risk of cy-

ber attacks targeting centralized servers, while its im-

mutability ensures the integrity of transactions. Addi-

tionally, authentication mechanisms such as digital sig-

natures and smart contracts help ensure that only au-

thorized parties can participate in and validate trans-

actions. Furthermore, blockchain’s transparency facil-

itates auditing and compliance with ﬁnancial regula-

tions. This paper discusses how leveraging blockchain

technology can signiﬁcantly improve security in pay-

ment gateway transactions in Ecuador and provides in-

sights into the potential challenges and opportunities

associated with its implementation.

Keywords Blockchain · Payment · Security · Trans-

actions · Ecuador

1 Introduction

1.1 Motivation

Currently, payment gateways have certain limitations

in terms of security and eﬃciency compared to solu-

tions based on blockchain. Payment gateways typically

centralize transaction data on servers controlled by the

entity operating the gateway. This can be a point of

Kerly Naranjo Paez

Universidad Tecnol´ogica Israel

Quito, Ecuador

E-mail: e1726773169@uisrael.edu.ec

Renato M. Toasa

Universidad Tecnol´ogica Israel

Quito, Ecuador

E-mail: rtoasa@uisrael.edu.ec

vulnerability, as if these servers are compromised by

attackers, there is a risk of ﬁnancial information and

personal data of users being stolen [1].

Traditional payment gateways may be exposed to fraud-

ulent attacks and unauthorized charges. Attackers could

exploit vulnerabilities in authentication systems or in-

tercept credit card data to carry out fraudulent trans-

actions [2].

It’s important to mention that security in traditional

payment gateways has signiﬁcantly improved over the

years, and many companies have implemented robust

security measures to protect transactions and user data.

However, blockchain technology has the potential to

revolutionize the security and eﬃciency of transactions

in payment gateways. Additionally, it oﬀers features

such as immutability, transparency, and decentraliza-

tion that can address some of the challenges mentioned

earlier in the context of online transactions [3].

The implementation of blockchain in payment gate-

ways can bring several signiﬁcant beneﬁts to society

[4]. These beneﬁts stem from the unique characteristics

of blockchain technology and its ability to enhance se-

curity, eﬃciency, and transparency in online ﬁnancial

transactions. The primary beneﬁciaries of this proposal

are users who make purchases of goods or services on-

line and use their bank cards to complete the order and

acquire the goods [5].

In particular, this proposal focuses on Sustainable De-

velopment Goal number nine, closely related to innova-

tion, which is considered key to ﬁnding a lasting solu-

tion that provides security, eﬃciency, and trust to peo-

ple when making an online purchase. Additionally, it

stimulates innovation in the ﬁnancial services sector. It

can lead to the development of new technological so-

lutions and business models that leverage the security

and eﬃciency features of blockchain.

1.2 Related Works

For the present article, references are taken from var-

ious research sources related to the security and pro-

2 International Journal of Engineering Insights, (2024) 2:1

tection of banking information, as well as documents

that detail in-depth fundamental concepts of blockchain

and its application in diﬀerent areas. Initially in [6], the

authors describe blockchain as a technology that goes

far beyond Bitcoin and cryptocurrencies. Although Bit-

coin was the ﬁrst successful application of blockchain,

this technology has a wide range of use cases in vari-

ous industries and ﬁelds. Based on the authors’ opinion,

this statement leads to further exploration of the pro-

posed topic and uncovering the potential of blockchain

in payment gateways. Furthermore, in [7], the author

examines how blockchain is transforming business mod-

els and provides an overview of the practical applica-

tions of this technology. There are also proposals for an

electricity billing system based on Ethereum blockchain

technology and Google’s Firebase mobile application

development platform. The system aims to enhance ef-

ﬁciency and transparency in the electricity billing pro-

cess, leveraging the security and decentralization fea-

tures of Ethereum and the rapid application develop-

ment capabilities of Firebase [8]. Finally, in [9], the au-

thors describe a blockchain design solution emphasizing

the unique features oﬀered by blockchain, such as de-

centralization, transparency, and security.

The analysis of this solution is closely related to

the present work due to the assessment of the needs

of implementing blockchain to contribute to the digital

transformation of the public sector in Ecuador.

The document is organized as follows: Section 1 in-

cludes the Introuction, Section 2 the Methodology, Sec-

tion 3 the Proposal and Section 4 the Conclusions.

2 Methodology

2.1 Focus

A bibliographic, analytical, and direct observational in-

vestigation is conducted aiming to identify and compre-

hend the techniques and strategies employed by pay-

ment gateways, while also devising action plans to ad-

dress the impacts of attacks and prevent future inci-

dents [10].

The aim is to create a proposal that facilitates the adap-

tation and integration of blockchain technology to en-

hance transaction security. This proposal aims to ensure

that transactions accurately reﬂect the corresponding

information regarding users’ actual consumption, while

maintaining immutable real-time data records without

the need for intermediaries. The methodology also aims

to streamline each stage of the process, ensuring eﬃ-

ciency, proﬁtability, and continuous measurement, while

preventing fraud. Additionally, it seeks to provide com-

plete and transparent visibility of the process for all

parties involved.

2.2 Analysis

According to the research and methodology described

above, the proposal to implement blockchain technol-

ogy in payment gateways in Ecuador, as well as in any

other country, is deemed feasible. The analysis con-

ducted through direct observation method entails de-

tailed observation of the processes involved in online

payment transactions to identify potential weak points

and security risks. The vulnerabilities and threats de-

tected through this method are described below.

Sensitive data leaks: By observing the data input

processes in payment gateways, possible vulnerabilities

in the protection of sensitive information, such as ad-

dresses and personal data, were revealed. The inadver-

tent exposure of this data could result in identity theft

or ﬁnancial fraud.

Intermediary attacks: Communication between

the user, the payment gateway, and the payment ser-

vice provider can uncover potential points of vulnera-

bility where attackers could intervene and manipulate

information during transmission. This could lead to in-

termediary attacks, such as data interception or iden-

tity impersonation.

Authentication vulnerabilities: When observ-

ing the user authentication process, eﬀective mecha-

nisms can be evidenced. Nevertheless, with blockchain,

the utilization of decentralized digital identities stored

in the blockchain can be implemented, ensuring the in-

tegrity and immutability of authentication information.

Software security ﬂaws: When examining the user

interaction with the payment gateway interface, it is de-

termined that there may be vulnerabilities in the under-

lying software, such as security breaches, injections of

malicious code, or weaknesses in session management.

Social Engineering Attacks: Observing the in-

teractions between the user and the payment gateway

reveals potential social engineering tactics used by at-

tackers to deceive users and obtain conﬁdential infor-

mation, such as login credentials or credit card details.

This analysis enables proactive steps to be taken to

mitigate risks and enhance system security. The pro-

posed implementation of blockchain oﬀers various tools

and techniques that can be utilized to improve authen-

tication and mitigate vulnerabilities in this critical se-

curity process. By implementing measures such as au-

thentication based on blockchain, multifactor authen-

tication, and decentralized identity management, it is

possible to create a more robust authentication system

3 International Journal of Engineering Insights, (2024) 2:1

resistant to attacks. Figure 1 depict the ﬂow of sensitive

information in an online payment process.

Fig. 1 Interface of a payment gateway ready for data entry

and online payment.

Figure 2 shows the metadata generated when a trans-

action is carried out, allowing us to highlight the low

level of security maintained by these processes.

Fig. 2 Recording a successful transaction through a payment

gateway.

3 Proposal

3.1 Current Payment Gateway Phases

Considering the research among payment gateway prov-

iders operating in the country, it has been identiﬁed

that the operational process of a payment gateway in-

volves a series of phases to facilitate a secure online

transaction between a buyer and a seller [11]. These

phases are detailed below. Figure 3, shows the current

operation of a payment gateway.

Transaction initiation: When a customer decides

to make an online purchase, they select the products

or services they wish to purchase and proceed to the

payment screen.

Choice of payment gateway: The user chooses

the payment method they wish to use, such as credit

card, debit card, or other methods accepted by the mer-

chant.

Redirection to the payment gateway: Once the

payment method is selected, the customer is redirected

to the payment gateway screen, where they enter their

information to complete the transaction.

Information processing: The payment gateway

processes the information provided by the customer and

veriﬁes its validity.

Authorization: The payment gateway communi-

cates with the card issuer bank to request authorization

and verify if the customer has suﬃcient funds to make

the purchase.

Approval or rejection in the transaction: The

card issuer bank or digital wallet provider responds to

the payment gateway’s authorization request, indicat-

ing whether the transaction is approved or rejected.

Transaction conﬁrmation: The payment gate-

way sends a conﬁrmation message to the merchant’s

website or application, indicating whether the transac-

tion was successful. If successful, a purchase conﬁrma-

tion is displayed to the customer.

Transaction recording: The payment gateway rec-

ords the transaction in its system, generating an elec-

tronic receipt with details such as the amount, date,

merchant, and transaction information.

Settlement and deposit: The payment gateway

initiates the settlement process, transferring funds from

the customer’s account to the merchant. This process

may occur immediately or according to a predetermined

schedule, depending on the payment gateway and the

commercial agreement.

3.2 Blockchain Payment Gateway

The operation of a blockchain payment gateway in-

volves several steps that combine blockchain technology

with traditional payment processes [12]. The general

components are:

Transaction initiation: The process begins when

a customer makes an online purchase and chooses to

pay using a payment gateway.

Transaction generation: Once the user selects

the payment option, a transaction is generated on the

blockchain containing relevant information about the

purchase, such as the amount, seller, and buyer.

Digital signature: The buyer digitally signs the

transaction using their private key, ensuring the authen-

ticity and integrity of the transaction.

4 International Journal of Engineering Insights, (2024) 2:1

Fig. 3 Operation of an online payment gateway.

Transaction validation: The transaction is trans-

mitted to the blockchain network, where it is validated

by network nodes using consensus algorithms. Nodes

verify the validity of the transaction and its compliance

with the predeﬁned rules of the blockchain.

Inclusion in a block: Once validated, the trans-

action is included in a block along with other pending

transactions. This block is then added to the existing

blockchain, creating an immutable record of the trans-

action.

Payment conﬁrmation: After the block has been

added to the blockchain, the transaction is considered

conﬁrmed, and the payment process is completed. Con-

ﬁrmation can take several minutes or more, depending

on the speed and capacity of the blockchain network

used.

Merchant notiﬁcation: Once the transaction is

conﬁrmed, the seller is notiﬁed that the payment has

been successfully made, and authorization is granted

for the delivery of the product or service to the buyer.

Permanent record: The transaction is recorded

on the blockchain permanently, providing a transparent

and veriﬁable record of all transactions conducted.

The operation of a payment gateway with block-

chain security involves the generation, signing, valida-

tion, inclusion, and conﬁrmation of transactions in the

blockchain, providing a secure, transparent, and eﬃ-

cient way to process online payments. Figure 4 shows

the Payment ﬂow of a blockchain gateway.

Fig. 4 Payment ﬂow of a blockchain gateway.

3.3 Proposal Structure

A payment gateway plays a crucial role in the online

purchasing process, ensuring that ﬁnancial information

is transmitted securely, transactions are authorized, and

funds are transferred appropriately between the involved

parties. Below is the proposal for the adaptation and

implementation of blockchain aimed at securing the

transaction process of e-commerce businesses, focusing

on data security fundamentals using blockchain tech-

nology. Every event or modiﬁcation of data is written

as a new block in a chain, thus creating a certiﬁed, set-

tled record, ensuring its integrity and availability [13].

Additionally, if the content is encrypted, reliability is

ensured. Figure 5 illustrates the stages comprising the

current proposal that will enable the achievement of the

objective.

It is proposed to utilize smart contracts and a de-

centralized network to ensure payment integrity and re-

5 International Journal of Engineering Insights, (2024) 2:1

Fig. 5 Proposal designed for blockchain implementation.

duce risks associated with fraud and data manipulation.

Additionally, the aim is to eliminate unnecessary in-

termediaries and streamline settlement processes. This

implementation will beneﬁt both merchants and con-

sumers, providing a more secure and reliable payment

experience.

3.4 Proposal validation

The proposal was carried out with the support and as-

sessment of two specialists in the ﬁeld of data security

and cybersecurity. The experts believe that a proposal

to implement blockchain in payment gateway trans-

actions is a valuable idea. Blockchain technology of-

fers several advantages that could signiﬁcantly enhance

the security, transparency, and eﬃciency of transac-

tions in payment gateways. However, it is important to

note that the successful implementation of blockchain

in payment gateways will require careful planning, de-

velopment, and collaboration among various stakehold-

ers. Additionally, challenges such as scalability, interop-

erability, and regulation need to be addressed to ensure

the long-term success of this proposal. In conclusion,

although there are challenges to overcome, the appli-

cation of blockchain in payment gateway transactions

has the potential to generate signiﬁcant value for the in-

dustry and users. The experts validated indicators such

as: impact, applicability, conceptualization, relevance,

technical quality, feasibility, and relevance, through a

scale of 1 - 5, with an average score greater than 4 con-

sidered positive, thus validating the proposal and its

future implementation in real scenarios.

4 Conclusions

The theoretical foundations on security and blockchain

uncovered during the research development enable us

to appraise the proposal as it provides a high level of

conﬁdence by drawing upon expert sources and books

delving into the application of blockchain across various

areas beyond the realm of Bitcoin.

The vulnerabilities and threats detected in the ﬂow

of a bank transaction through a payment gateway have

allowed us to understand that currently, companies pro-

viding this service face signiﬁcant challenges and possi-

bilities of being attacked due to handling sensitive and

valuable user information in e-commerce. By design-

ing a proposal that promotes the implementation of

blockchain as a security technique in the online pay-

ment transaction process, we have paved the way for

enhancing security and trust in digital commerce. This

proposal not only oﬀers an innovative and eﬀective so-

lution to address security challenges in online transac-

tions but also paves the way for increased adoption and

acceptance of blockchain technology in the ﬁnancial and

commercial sectors.

Conﬂict of interest

The authors declare that they have no conﬂict of inter-

est.

References

1. M. Di Pierro, “What is the blockchain?” Computing in

Science & Engineering, vol. 19, no. 5, pp. 92–95, 2017.

2. Sumanjeet, “Emergence of payment systems in the age

of electronic commerce: The state of art,” in 2009 First

Asian Himalayas International Conference on Internet.

IEEE, 2009, pp. 1–18.

3. D. S. W. Khan, “Cyber security issues and challenges in

e-commerce,” in Proceedings of 10th international con-

ference on digital strategies for organizational success,

2019.

4. S.-I. Kim and S.-H. Kim, “E-commerce payment model

using blockchain,” Journal of Ambient Intelligence and

Humanized Computing, vol. 13, no. 3, pp. 1673–1685,

2022.

5. Y. Hu, A. Manzoor, P. Ekparinya, M. Liyanage,

K. Thilakarathna, G. Jourjon, and A. Seneviratne, “A

delay-tolerant payment scheme based on the ethereum

blockchain,” IEEE Access, vol. 7, pp. 33 159–33 172, 2019.

6. D. Tapscott and A. Tapscott, Blockchain revolution: how

the technology behind bitcoin is changing money, busi-

ness, and the world. Penguin, 2016.

7. W. Mougayar, The business blockchain: promise, prac-

tice, and application of the next Internet technology.

John Wiley & Sons, 2016.

8. K. M. Hlaing and D. E. Nyaung, “Electricity billing

system using ethereum and ﬁrebase,” in 2019 Interna-

tional Conference on Advanced Information Technolo-

gies (ICAIT). IEEE, 2019, pp. 217–221.

9. A. R. Ramos Rodr´ıguez, “An´alisis de pertinencia de una

soluci

On de dise˜no de bloques de seguridad en transac-

ciones descentralizadas para el gobierno electr´onico ecua-

toriano.” Master’s thesis, Quito, Ecuador: Editorial UIS-

RAEL, 2023.

10. N. Gal´ı Espelt and J. A. Donaire, “Direct observation as

a methodology for eﬀectively deﬁning tourist behavior,”

e-Review of Tourism Research (eRTR), 2010 (Enter

2010 Short papers), vol. 1, 5 p., 2010.

6 International Journal of Engineering Insights, (2024) 2:1

11. M. A. Hassan, Z. Shukur, and M. K. Hasan, “An eﬃ-

cient secure electronic payment system for e-commerce,”

computers, vol. 9, no. 3, p. 66, 2020.

12. U. Bodkhe, P. Bhattacharya, S. Tanwar, S. Tyagi, N. Ku-

mar, and M. S. Obaidat, “Blohost: Blockchain enabled

smart tourism and hospitality management,” in 2019

international conference on computer, information and

telecommunication systems (CITS). IEEE, 2019, pp.

1–5.

13. I. Yaqoob, K. Salah, R. Jayaraman, and Y. Al-Hammadi,

“Blockchain for healthcare data management: opportu-

nities, challenges, and future recommendations,” Neural

Computing and Applications, pp. 1–16, 2022.

License

M. Toasa.

This text is protected under an international Cre-

ative Commons 4.0 license.

You are free to share, copy, and redistribute the ma-

terial in any medium or format — and adapt the docu-

ment — remix, transform, and build upon the material

— for any purpose, even commercially, provided you

comply with the conditions of Attribution. You must

give appropriate credit to the original work, provide a

link to the license, and indicate if changes were made.

You may do so in any reasonable manner, but not in

a way that suggests endorsement by the licensor or ap-

proval of your use of the work.

License summary - Full text of the license