VIEWS: 2 PAGES: 3 POSTED ON: 5/18/2012
Hemis number: 630975 Number of words 1500 Percentage from Turnitin Report: 25% The technologies used in security in online payments The purpose of this review is to critically review what has been published so far and look for ways research could be improved in the future. To do this I have researched previous publications from across the world to find out how research is being carried out and what is being discovered. From what I have found there seems to be a glaring void in reputable publication of findings. The main research comes from companies with a vested interest in selling their service in these matters. From my research there seems to be a real lack in user information available for the general public. They are expected to understand the technology behind it and trust what the guidelines say without any real evidentiary material being freely available. The technologies used in online payments is an important area of research. With ever increasing online transactions throughout the world "Us eCommerce and online retail sales projected to reach $197 billion in 2011, an increase of 12% over 2010." (Andrew Bartels, Forrester Research, 01/04/2011), there is also an increasing amount of fraudulant activity although overall losses are down .For online transactions to continue to grow the consumers must feel safe making the transaction. To sustain growth in the area the technologies used must be constantly checked. I will look at some of the different types of technologies used and how effective the research carried out deems them. Security Socket Layer Protocol (SSL): SSL was developed by Netscape to provide a level of protection when transferring payment online. Standard SSL protects these details using 40-bit encryption. During the process the browser requests that the web server identify itself, the server then sends a copy of its SSL certificate. This certificate is checked to see whether it is trustworthy, if so it returns a message to the server. The server then starts a SSL encrypted session. Encypted data is then shared between the server and browser. The user is made aware of the use of SSL by the padlock symbol in the bottom left corner of their browser. This encryption is considered weak by many and as put by Dhirendra Pandey and Dr A Rastogi(2010. p. 12) " Though the E-commerce development is accumulated by credit payment under base of SSL, yet more advanced technology of payment system should be adopted to make the E-commerce spread its area more broadly". Davis Wagner and Bruce Sneier (1997) note in their paper that "In summary, the protection of application data by the SSL record layer is, on the whole, quite good. The preceding section indicated a few small areas of concern, but they should be considered minor and the exception to the rule". The paper published in 1997 highlights, although minor, problems in the protocol that have been there since inception. SSL is the most common forms of online payment detail protection but as has been noted it is not considered to be sufficient by all. There are ever growing commercially available forms of SSL the current highest utilises 128- bit encryption and is employed by, amongst other, PayPal. Secure Electronic Transaction (SET): SET was originally developed by Visa and Mastercard in conjunction with leading technology providers to provide security when using cards to purchase online. This technology encrypts and verifies data so that both parties are genuine. This is considered safer than SSL by many as it requires the card companies to validate the authenticity of the payment. Pandey, D et al, (2010, p. 13)"Currently, SET is widely applied as the public standard of safety payment of E-commerce. SET an enable the information of the cardholder to be reached, read and verified only by the bank, while supplier has the right to extend payment request and accept the payments" There has been research into slimming down the electronic footprint of SET by many. Hanaoka et al, (2001, p. 2042) states "While SET has a number of advantages over other protocols in terms of simplicity and openness, there seems to be a consensus regarding the relative inefficiency of the protocol". Mastercard and Visa two of the main developers of SET have since moved to 3-D Secure. They both call it by a different name, “Mastercard SecureCode” and “Verified by Visa”, but essentially it is the same. The technology involves authentication between all three parties, the vendor, the acquiring bank and Visa or Mastercard. This new technology has itself has been berated by reviewers. Murdoch, J., & Anderson, R. (2010) surmise “But 3DS ignores the other lessons learnt from earlier systems. The result is that customers receive little benefit in security, while suffering a huge increase in their liability for fraud. They are also trained in unsafe behaviour online. Now our experience in recent years is that when attacks can be profitably industrialised, they will be; the growth of man-in-the-middle attacks and malware will ensure that 3DS is not sustainable in its present form.” In conclusion the technologies used are on the face of it adequate but continuing and more specialised research should be carried out by governing bodies. As stated by Murdoch et al (2010) “What is needed now is for regulators to intervene on behalf of the consumer”. There seems to be a failing in general from all governing bodies involved in these technologies to regulate and push for better quality technologies to be used. This research and investigation should be made more publically available. The UK government does not deal specifically with the technologies in any published paper that during my research phase I could find. I believe that there must have been some research done, but the simple fact I was unable to find it leads me to the conclusion that it is hidden from general view. References Bartels, A (2011, April 1).Forrester Projects *% Growth In US IT Retrieved from http://blogs.forrester.com/andrew_bartels/11-04-01- forrester_projects_8_growth_in_us_it_purchases_in_2011_and_10_in_2012 Pandey, D., & Rastogi, Dr A.(2010). A critical Research on threats and security technology related to Payment System on E-commerce Network. International Journal of Computer Applications, Volume 8- No 3, Page 11 to 14. Wagner, D., & Schneier, B (1997). Analysis of the SSL 3.0 Protocol. Hanoaka et al (2001) Improving the Secure Electronic Transaction Protocol by Using Signcryption. IECE trans. Fundamentals, Volume E84-A, No 8, Page 2042 to 2051. Murdoch, J., & Anderson, R. (2010). Verified by Visa and Mastercard SecureCode: or, How Not to Design Authentication.
Pages to are hidden for
"literatureReview"Please download to view full document