Credit card transactions are a popular and diffused means of payment over the network. Unfortunately, current technology does not allow us to technically solve disputes that may arise in such transactions. Thus these disputes are often solved on legal and administrative basis. In these cases, responsibility is not necessarily allocated fairly and the problems of managing the resulting risks have proven to be an impediment to the growth of electronic commerce. In this paper we present a protocol for credit card transactions over the network that uses personal trusted devices (e.g., a cellphone or a PDA) to improve the technical management of disputes and permit a more fairly allocation of risks between customer and merchant. The protocol also defines a practical trade off between the security properties of these devices and the resource limitations deriving from their form factor. Furthermore, by means of formal methods, we specify the security requirements of a personal trusted dev...