Skip to Main Content
The deployment of payment systems protective of the customer privacy is an hard challenge. Accountability and payment seem to require a direct link to the customer credentials (e.g. his credit card number or bank account), this exposes the user to be profiled on his habits. Static and uniquely identified mappings to user credentials, hold by a trusted third party, may vanish all the parallel anonymization/pseudonymisation efforts done to avoid disclosure of the user identity to the provider of the service. This paper proposes P-DIBS (pseudonymised distributed billing system), a billing framework devised to protect user privacy. P-DIBS is developed as an extension of a previously proposed pseudonymization mechanism. It relies on an intermediate brokerage entity, referred to as "Accounting Server", operating between the bank and the service provider on behalf of the end user, yet having no knowledge neither about his real identity nor about his real account number. A fundamental novelty of the proposed approach is the possibility, through a distributed procedure involving mutual interaction across the various system components, to guarantee linkability upon improper user behavior (e.g. misuses) without requiring a single trusted third party in the system to possess all the knowledge necessary to disclose the user.