Despite the flourishing
research on formal modeling and analysis of privacy and authentication issues
in E-commerce, little research concentrates on the possible security risk due
to business logic specification. In E-commerce systems, an aspect of this logic
is to promise fairness. As the feature ensuring parties conduct their business
to their mutual moral standards, fairness is one of the paramount features for
E-commerce payment systems. In this case study of the AARN payment system, we
apply form-oriented analysis to formally model the simple business logic behind
this way of arranging payment. The model solves a fair exchange issue for
security purposes at the business logic level, which changes further design and
implementation for the payment system. It is the first time that Data Type Interchange Model diagram and
other models in form-oriented analysis method have been applied in security
analysis. This form-oriented analysis method helps designers not only on
security analysis, but also on understanding and communication between business
experts and software designers.