Document Sample
ch11 Powered By Docstoc
					   Electronic Commerce
      Eighth Edition

         Chapter 11
Payment Systems For Electronic
                        Learning Objectives

In this chapter, you will learn about:
• The basic functions of online payment systems
• The use of payment cards in electronic commerce
• The history and future of electronic cash
• How electronic wallets work
• The use of stored-value cards in electronic
• Internet technologies and the banking industry

Electronic Commerce, Eighth Edition                 2
                    Online Payment Basics

• E-commerce
     – Exchange money for goods or services
     – Important function: handling Internet payments
     – B2B payment transactions
           • Electronic funds transfers (EFTs)
• B2C payment transactions
     – Evolving and competing for dominance
     – Customer convenience, saves companies money
           • Bill mailed by mail costs $1.00 to $1.50
           • Internet billing cost: 50 cents

Electronic Commerce, Eighth Edition                     3
         Online Payment Basics (cont’d.)

• Four basic means to purchase items in B2C
  (traditional and electronic)
     – Cash, checks, credit cards, debit cards
           • 90% of all United States consumer payments
• Electronic transfer: small but growing
• Most popular: automated payments
• Credit cards
     – Worldwide: 90% of online payments
     – United States: 97% of online payments

Electronic Commerce, Eighth Edition                       4
Electronic Commerce, Eighth Edition   5
         Online Payment Basics (cont’d.)
• Scrip
     – Digital cash minted by a company
           • Cannot be exchanged for cash
           • Exchanged for goods or services by company issuing
     – Like a gift certificate: good at more than one store
     – Current scrip offerings (eScrip)
           • Focus: not-for-profit fundraising market
• Merchant should offer customers payment options
     – Safe, convenient, widely accepted
     – Companies sell payment processing package service

Electronic Commerce, Eighth Edition                               6
Electronic Commerce, Eighth Edition   7
                             Payment Cards
• General term describing all types of plastic cards
  consumers (businesses) use to make purchases
     – Categories: credit cards, debit cards, charge cards
• Credit card (Visa, MasterCard)
     – Spending limit based on user’s credit history
           • Charge purchases against credit line
     – Options for user billing cycle payments
           • Pay off entire credit card balance; pay minimum
           • Card issuers charge unpaid balance interest
     – Accepted worldwide, 30-day dispute period

Electronic Commerce, Eighth Edition                            8
                  Payment Cards (cont’d.)

• Credit card (cont’d.)
     – Card not present transactions
           • Cardholder not present during transaction
           • Requires extra security
• Debit card
     – Removes sales amount from cardholder’s bank
     – Transfers sales amount to seller’s bank account
     – Issued by cardholder’s bank
           • Carries major credit card issuer name

Electronic Commerce, Eighth Edition                      9
                  Payment Cards (cont’d.)

• Charge card (American Express)
     –   No spending limit
     –   Entire balance due at end of billing period
     –   No line of credit or interest charges
     –   Examples: department store, oil company cards
• “Payment card”
     – Refers to credit cards, debit cards, and charge cards

Electronic Commerce, Eighth Edition                            10
                  Payment Cards (cont’d.)

• Single-use cards
     – Cards with disposable numbers
           • Addresses concern of giving online vendors payment
             card numbers
     – Not used much anymore
           • Problem: required consumers to behave differently

Electronic Commerce, Eighth Edition                               11
      Advantages and Disadvantages of
              Payment Cards
• Advantage for merchants
     – Fraud protection (built-in security)
           • Charge paid through issuer of payment card
• Advantage for U.S. consumers
     – Liability of fraudulent card use: $50
           • Card issuer frequently waives $50 charge if card stolen
• Good for merchants and consumers
     – Worldwide acceptance
           • Currency conversion handled by card issuer

Electronic Commerce, Eighth Edition                                12
      Advantages and Disadvantages of
          Payment Cards (cont’d.)
• Disadvantage for merchants
     – Per-transaction fees, monthly processing fees
           • Cost of doing business
     – Goods and services prices are slightly higher
           • As opposed to environment free of payments cards
     – For payment:
           • Merchant must first set up merchant account
• Disadvantage for consumers
     – Annual fee

Electronic Commerce, Eighth Edition                             13
  Payment Acceptance and Processing

• Internet payment card process easier than physical
  store process
• EMV standard
     – Single standard handling payment card transactions
     – Visa, MasterCard, MasterCard International
• United States online stores, mail order stores
     – Must ship merchandise within 30 days of charging
           • Violation penalties are significant
           • Most do not charge payment card accounts until
             merchandise shipped
Electronic Commerce, Eighth Edition                           14
  Payment Acceptance and Processing
• General steps in payment card transactions
     – Merchant receives payment card information
     – Merchant authenticates payment
     – Merchant ensures funds are available and puts hold
       on credit line or funds to cover charge
     – Settlement occurs (few days after purchase); funds
       travel between banks and are placed into merchant’s

Electronic Commerce, Eighth Edition                      15
  Payment Acceptance and Processing
• Open and closed loop systems
     – Closed loop systems
           • Card issuer pays merchant directly
           • Does not use intermediary
           • American Express, Discover Card
     – Open loop systems (three or more parties)
           • Third party (intermediary bank) processes transaction
           • Visa, MasterCard: not issued directly to consumers
           • Credit card associations: operated by association
             member banks
           • Customer issuing banks: member banks
Electronic Commerce, Eighth Edition                                  16
  Payment Acceptance and Processing
• Merchant accounts (acquiring bank)
     – Bank doing business with sellers (Internet, non-
       Internet) wanting to accept payment cards
     – Merchant account
           • Required for online merchant to process payment cards
     – Acceptance by bank of merchant account
           • Merchant must provide business information
           • Risk of business type assessed
     – Bank collects credit card receipts on merchant’s
           • Credits value in merchant’s account
Electronic Commerce, Eighth Edition                             17
  Payment Acceptance and Processing
• Merchant accounts (cont’d.)
     – Chargeback
           • Cardholder successfully contests charge
           • Merchant bank must retrieve money from merchant
           • Merchant may have to cover chargeback potential
     – Problem facing online businesses
           • Level of online transaction fraud
           • Fewer than 5 percent of credit card transactions
             completed online; accounts for 60 percent of total credit
             card dollar amount fraud

Electronic Commerce, Eighth Edition                                 18
  Payment Acceptance and Processing
• Processing payment cards online
     – Payment processing service providers
           • Companies offering payment card processing
     – Example: InternetSecure
           • Supports Visa and MasterCard payments for Canadian
             and U.S. accounts
           • Provides risk management and fraud detection
           • Handles online merchants transactions
           • Uses existing bank-approved payment card processing
             infrastructure, secure links, and firewalls

Electronic Commerce, Eighth Edition                            19
  Payment Acceptance and Processing
• Processing payment cards online (cont’d.)
     – First Data
           • Provides merchant payment card processing services
             with ICVERIFY and WebAuthorize programs
           • ICVERIFY: for small retailers using Microsoft Windows
             electronic cash registers, point-of-sale terminal systems
           • WebAuthorize: for large enterprise-class merchant sites
     – ICVERIFY, WebAuthorize connect directly to:
           • Network of banks: Automated Clearing House (ACH)
           • Credit card authorization companies
           • Connect to ACH through highly secure, private leased
             telephone lines
Electronic Commerce, Eighth Edition                                 20
Electronic Commerce, Eighth Edition   21
  Payment Acceptance and Processing
• Processing payment cards online (cont’d.)
     – Merchant Warehouse’s PayFlow Link system
           • Online payment system developed by CyberCash
           • Now operated by VeriSign
     – InfoSpace’s Authorize.Net
           • Online, realtime payment card processing service
           • Merchants link to system by inserting small HTML code
             block into transaction page
           • Order encrypted, transferred to Authorize.Net server
           • Server relays transaction to bank network
           • Customers not aware of third-party supplier (usually)
Electronic Commerce, Eighth Edition                             22
                             Electronic Cash

• Electronic cash (e-cash, digital cash)
     – Describes any value storage and exchange system
       created by private (nongovernmental) entity
           • Does not use paper documents or coins
           • Can serve as substitute for government-issued physical
• Readily exchanged for physical cash on demand
• Problem
     – No standard among all electronic cash issuers
     – Not universally accepted

Electronic Commerce, Eighth Edition                              23
                  Electronic Cash (cont’d.)

• Small purchases not profitable for merchants
     – Bank fees greater than profits
• Factors in favor of electronic cash
     – Potentially significant market for electronic cash
           • Market for Internet small purchases (below $10)
     – Most of world’s population does not have credit cards
           • Electronic cash: solution to paying for online purchases
• Idea of electronic cash refuses to die
     – Despite failures

Electronic Commerce, Eighth Edition                                 24
   Micropayments and Small Payments

• Micropayments
     – Internet payments for items
           • Costing few cents to a dollar
• Micropayments barriers
     – Not implemented very well on the Web yet
     – Human psychology
           • People prefer to buy small value items in fixed price
           • Example: mobile phone has fixed monthly payment

Electronic Commerce, Eighth Edition                                  25
   Micropayments and Small Payments
• Small payments
     – All payments of less than $10
• Companies that have developed micropayment
     – Millicent, DigiCash, Yaga, BitPass
           • All have failed
     – No company has gained broad acceptance of its
       system despite industry observers seeing such a
     – No company devoted solely to offering micropayment
Electronic Commerce, Eighth Edition                     26
Privacy and Security of Electronic Cash

• Electronic payment methods concerns
     – Privacy and security, independence, portability,
     – Privacy and security: most important to consumers
           • Transactions vulnerable
           • Electronic currency: copied, reused, forged
• Unique security problems of electronic cash
     – Possible to spend only once
           • Not counterfeit; used in two different transactions
     – Anonymous use
           • Prevents sellers from collecting information
Electronic Commerce, Eighth Edition                                27
Privacy and Security of Electronic Cash
• Electronic cash companies
     – eCharge, InternetCash, Valista
• Advantages of electronic cash
     – Independent
           • Unrelated to any network or storage device
           • Ideally pass transparently across international borders;
             converted automatically to recipient country’s currency
     – Portable
           • Freely transferable between any two parties
• Credit and debit cards: not portable or transferable
• Important characteristic of cash: convenience
Electronic Commerce, Eighth Edition                                 28
    Holding Electronic Cash: Online and
               Offline Cash
• Online cash storage
     – Consumer has no personal possession of electronic
           • Trusted third party (online bank) involved in all
             transfers, holds consumers’ cash accounts
• Online system payment
     – Merchants contact consumer’s bank
           • Helps prevent fraud (confirm valid cash)
           • Resembles process of checking with consumer’s bank
             to ensure valid credit card and matching name

Electronic Commerce, Eighth Edition                              29
    Holding Electronic Cash: Online and
           Offline Cash (cont’d.)
• Offline cash storage
     – Virtual equivalent of money kept in wallet
     – Customer holds it
           • No third party involved in transaction
     – Protection against fraud concern
           • Hardware or software safeguards needed
     – Double-spending
           • Spending electronic cash twice
           • Too late to prevent fraudulent act by time same
             electronic currency clears bank for second time
           • Prevent double-spending: use encryption techniques
Electronic Commerce, Eighth Edition                               30
      Advantages and Disadvantages of
              Electronic Cash
• Traditional brick-and-mortar billing methods
     – Costly
           • Generate invoices, stuff envelopes, buy and affix
             postage to envelopes, send invoices to customers
     – Accounts payable department
           • Keeps track of incoming payments, posts accounts in
             database, ensures current customer data
• Online stores have the same payment collection
     – Online customers use credit cards to pay for
Electronic Commerce, Eighth Edition                                31
      Advantages and Disadvantages of
          Electronic Cash (cont’d.)
• Online auction customers use conventional payment
     – Checks, money orders
• Electronic cash system
     – Less popular than other payment methods
     – Provides unique advantages and disadvantages
• Advantages of electronic cash transactions
     – More efficient (less costly)
           • Efficiency fosters more business (lower prices)
     – Occurs on existing infrastructure (Internet)
Electronic Commerce, Eighth Edition                            32
      Advantages and Disadvantages of
          Electronic Cash (cont’d.)
• Advantages of electronic cash transactions (cont’d.)
     – Internet spans globe
           • Distance transaction travels does not affect cost
     – Does not require one party to obtain authorization
• Disadvantages of electronic cash transactions
     – No audit trail
     – Money laundering
           • Technique criminals use to convert money illegally
             obtained into spendable cash
           • Purchase goods, services with ill-gotten electronic cash
           • Goods sold for physical cash on open market
Electronic Commerce, Eighth Edition                                33
      Advantages and Disadvantages of
          Electronic Cash (cont’d.)
• Disadvantages of electronic cash transactions
     – Susceptible to forgery
     – Other potentially damaging digital economic factors
           • Expansion of money supply when banks loan electronic
             cash on consumer and merchant traditional bank
• Electronic cash has not yet become a global
     – Will require wide acceptance and solution to problem
       of multiple electronic cash standards
Electronic Commerce, Eighth Edition                            34
              How Electronic Cash Works

• Consumer opens account with electronic cash
     – Presents proof of identity
• Consumer withdraws electronic cash using issuer’s
  Web site
     – Presents proof of identity
           • Digital certificate issued by certification authority
           • Combination of credit card number and verifiable bank

Electronic Commerce, Eighth Edition                              35
   How Electronic Cash Works (cont’d.)
• After consumer identity is verified:
     – Electronic cash amount is issued
           • Amount deducted from consumer’s account
           • Issuer may charge small processing fee
• Consumer stores electronic cash
     – In electronic wallet
     – On his or her computer
     – On stored-value card
• Consumer can authorize issuer to make third-party
     – From electronic cash account
Electronic Commerce, Eighth Edition                    36
  Providing Security for Electronic Cash

• Significant electronic cash problem
     – Potential for double-spending
• Main deterrent
     – Threat of detection and prosecution
• Keys to creating tamperproof electronic cash that
  can be traced back to origins
     – Cryptographic algorithms
     – Two-part lock
           • Provides anonymous security
           • Signals someone is attempting to double-spend cash

Electronic Commerce, Eighth Edition                               37
  Providing Security for Electronic Cash
• When second transaction occurs
     – Complicated process reveals:
           • Attempted second use
           • Identity of original electronic cash holder
• Electronic cash used correctly
     – Maintains user’s anonymity
• Double-lock procedure
     – Protects anonymity of electronic cash users
     – Simultaneously provides built-in safeguards to
       prevent double-spending

Electronic Commerce, Eighth Edition                        38
Electronic Commerce, Eighth Edition   39
  Providing Security for Electronic Cash
• Double-spending
     – Neither detected nor prevented with truly anonymous
       electronic cash
• Anonymous electronic cash
     – Cannot be traced back to person who spent it
• Tracing electronic cash
     – Attach serial number to each electronic cash
           • Cash positively associated with particular consumer
           • Does not solve double-spending problem

Electronic Commerce, Eighth Edition                                40
  Providing Security for Electronic Cash
• Single issuing bank can detect when two deposits of
  same electronic cash are about to occur
     – Impossible to ascertain fault (consumer or merchant)
• Electronic cash contains serial numbers
     – No longer anonymous
           • One reason to acquire electronic cash
     – Raises privacy issues
           • The use of serial numbers to track consumers’
             spending habits

Electronic Commerce, Eighth Edition                          41
  Providing Security for Electronic Cash
• Creating truly anonymous electronic cash
     – Bank issues electronic cash with embedded serial
           • Bank digitally signs electronic cash while removing
             association of cash with particular customer

Electronic Commerce, Eighth Edition                                42
                 Electronic Cash Systems
• Electronic cash
     – More successful in Europe and Japan
           • Consumers prefer to use cash (does not work well for
             online transactions)
           • Electronic cash fills important need
     – Not successful in United States
           • Consumers have payment cards and checking
• KDD Communications (KCOM)
     – Internet subsidiary: Japan’s largest phone company
     – Offers electronic cash through NetCoin Center

Electronic Commerce, Eighth Edition                                 43
       Electronic Cash Systems (cont’d.)

• Reasons for failure of United States electronic cash
     – Electronic cash systems implementation
           • Required to download and install complicated client-
             side software that ran in conjunction with browser
     – Number of competing technologies
           • No standards developed
           • Array of proprietary electronic cash alternatives
     – No interoperable software
           • That runs transparently on variety of hardware
             configurations and different software systems
Electronic Commerce, Eighth Edition                                 44
       Electronic Cash Systems (cont’d.)

• CheckFree
     – Largest online bill processor (in the world)
     – Payment processing services since 1981 to:
           • Large corporations, individual Internet users
     – 2007 Fiserv bought CheckFree ($4.4 billion)
           • Offers online bill processing under CheckFree brand

Electronic Commerce, Eighth Edition                                45
       Electronic Cash Systems (cont’d.)

• Clickshare
     – Electronic cash system for magazines and newspaper
     – Uses technology called micropayment-only system
     – An ISP supporting Clickshare automatically registers
     – When users click links leading to Clickshare sites
           • They can make purchases without registering again
           • Clickshare keeps track of transactions and bills user’s

Electronic Commerce, Eighth Edition                                    46
       Electronic Cash Systems (cont’d.)

• Clickshare (cont’d.)
     – Tracks user on the Internet
           • Significant value to advertisers, marketers
           • Defeats anonymity
     – Micropayment capability
           • By-product of core functionality of tracking identified
           • Tracks users with standard HTTP Web protocol
           • Does not require cookies or software wallets

Electronic Commerce, Eighth Edition                                    47
       Electronic Cash Systems (cont’d.)
• PayPal
     – Payment processing services to businesses,
     – Earns profit from float
           • Money deposited, not used immediately
     – Charges transaction fee
           • Businesses using service to collect payments
     – Peer-to-peer (P2P) payment system
           • Free payment clearing service for individuals
           • Payments from one type of entity to another of the
             same type

Electronic Commerce, Eighth Edition                               48
       Electronic Cash Systems (cont’d.)
• PayPal (cont’d.)
     – Eliminates writing and mailing checks or payment
     – Send money instantly and securely to anyone with an
       e-mail address
     – Convenient for auction bidders to pay for purchases
     – Convenient for auction sellers
           • Eliminates risks posed by other online payment types
     – Transactions clear instantly
     – Redemption
           • PayPal check
           • Direct deposit to checking accounts
Electronic Commerce, Eighth Edition                                 49
Electronic Commerce, Eighth Edition   50
       Electronic Cash Systems (cont’d.)

• PayPal (cont’d.)
     – Merchants and consumers first register for PayPal
           • No minimum amount account balance
           • Add money by authorizing checking accounts transfer,
             using credit card
           • Merchants need PayPal accounts to accept PayPal

Electronic Commerce, Eighth Edition                             51
       Electronic Cash Systems (cont’d.)

• PayPal (cont’d.)
     – Competition from Billpoint
           • Joint venture between eBay, Wells Fargo
           • PayPal maintained first-mover advantage
                – Remained most widely used eBay payment processing
           • eBay purchased PayPal
     – Other peer-to-peer payment business companies
           • First Data Corporation offered electronic money orders
             through BidPay site (closed in 2007)
           • Citibank’s c2it payments service (closed in 2003)

Electronic Commerce, Eighth Edition                                   52
                          Electronic Wallets

• Concerns of consumers when shopping online
     – Entering detailed shipping and payment information
       for each online purchase
     – Filling out forms
• Solution
     – Electronic commerce sites allows customer to store
       name, address, credit card information on the site
     – Problem
           • Consumers must enter information at each site

Electronic Commerce, Eighth Edition                          53
               Electronic Wallets (cont’d.)
• Electronic wallet (e-wallet)
     – Holds credit card numbers, electronic cash, owner
       identification, owner contact information
     – Provides information at electronic commerce site
       checkout counter
     – Benefit: consumer enters information once
           • More efficient shopping
• Server-side electronic wallet
     – Stores customer’s information on remote server of
       merchant or wallet publisher
     – No download time or installation on user’s computer

Electronic Commerce, Eighth Edition                          54
               Electronic Wallets (cont’d.)
• Server-side electronic wallet (cont’d.)
     – Main weakness
           • Security breach can reveal thousands of users’
             personal information (credit card numbers)
           • Servers must employ strong security measures to
             minimize possibility of unauthorized disclosure
• Client-side electronic wallet
     – Stores information on consumer’s computer
     – Disadvantages
           • Must download wallet software onto every computer
           • Not portable

Electronic Commerce, Eighth Edition                              55
               Electronic Wallets (cont’d.)

• Client-side electronic wallet (cont’d.)
     – Advantage
           • Sensitive information stored on user’s computer
     – Sensitive information safer on client machine
           • Attackers must launch many attacks on user computers
             (more difficult to identify)
           • Prevents easily identifiable wallet vendor’s servers from

Electronic Commerce, Eighth Edition                                 56
               Electronic Wallets (cont’d.)

• Characteristics of useful wallets
     – Wallet accessibility
           • Populate data fields in any merchant’s forms for any
             site consumer visits
     – Electronic wallet manufacturer and merchants from
       many sites must coordinate efforts
           • Wallet recognizes consumer information going into
             each field of given merchant’s forms

Electronic Commerce, Eighth Edition                                 57
               Electronic Wallets (cont’d.)

• Electronic wallets
     – Store shipping and billing information
           • Consumer’s first and last names, street address, city,
             state, country, postal code
     – Hold credit card names, numbers
           • Offers consumer choice of credit cards at online
     – Hold electronic cash from various providers

Electronic Commerce, Eighth Edition                                   58
               Electronic Wallets (cont’d.)

• Electronic wallet used by business companies
     – Example: MasterCard
     – Most abandoned efforts
           • Current major browsers include feature to remember
             names, addresses, other commonly requested
           • Browsers provides one-click Web form field completion
     – Two e-wallet arena survivors
           • Microsoft Windows Live ID
           • Yahoo! Wallet

Electronic Commerce, Eighth Edition                              59
                Microsoft Windows Live ID

• Formerly called Passport, Microsoft .NET Passport
• Single sign-in service
     – Includes server-side electronic wallet
           • Operated by Microsoft
• All personal data entered into Windows Live ID
     – Encrypted and password protected

Electronic Commerce, Eighth Edition                   60
     Microsoft Windows Live ID (cont’d.)
• Four integrated services
     – Single sign-in service (SSI)
           • Allows user to sign in at participating Web site using
             username and password
     – Wallet service
           • Provides electronic wallet functions (secure storage,
             form completion of credit card, address information)
     – Kids service
           • Helps parents protect, control children’s online privacy
     – Public profiles
           • Allows consumers to create public page of information
             about themselves
Electronic Commerce, Eighth Edition                                     61
                               Yahoo! Wallet
• Server-side electronic wallet offered by Yahoo!
• Completes order forms automatically
     – Identifying information, credit card payment
• Stores information
     – Several major credit, charge cards, Visa and
       MasterCard debit cards
• Accepted by:
     – Thousands of Yahoo! Store merchants, Yahoo! Travel
     – Yahoo! Services
           • Premium e-mail storage, Web hosting fees

Electronic Commerce, Eighth Edition                     62
                    Yahoo! Wallet (cont’d.)

• Yahoo! Advantage
     – Number of services and shops accommodate own
           • Large number of merchants accept wallet
• Privacy concern
     – Company issuing wallet has access to great deal of
       information about individual using wallet

Electronic Commerce, Eighth Edition                         63
                        Stored-Value Cards

• Microchip smart card or magnetic strip plastic card
     – Records currency balance
• Microchip versus magnetic strip
     – Microchip stores more information
     – Tiny microchip computer processor
           • Performs calculations and storage operations on card
     – Different microchip card reader needed
• Examples: prepaid phone, copy, subway, bus cards
• “Stored-value card” and “smart card” used
Electronic Commerce, Eighth Edition                                 64
                      Magnetic Strip Cards

• Holds rechargeable value
• Passive magnetic strip cards cannot:
     – Send or receive information
     – Increment or decrement cash value stored
• Processing done on device into which card inserted
• Magnetic strip cards and smart cards store
  electronic cash
     – Smart card better suited for Internet payment
           • Has processing capability

Electronic Commerce, Eighth Edition                    65
                                 Smart Cards

• Stored-value card
     – Plastic card with embedded microchip
• Credit, debit, charge cards store limited information
  on magnetic strip
• Store information
     – About 100 times more than magnetic strip plastic card
• Hold private user data
     – Financial facts, encryption keys, account information,
       credit card numbers, health insurance information,
       medical records

Electronic Commerce, Eighth Edition                         66
                      Smart Cards (cont’d.)

• Safer than conventional credit cards
     – Information encrypted on smart card
• Popular in Europe, parts of Asia
     – Public telephone calls, cable television programs
     – Hong Kong
           • Retail counters, restaurant cash registers have smart
             card readers
           • Octopus is the public transportation smart card: can be
             reloaded at transportation locations, 7-Eleven stores

Electronic Commerce, Eighth Edition                                67
Electronic Commerce, Eighth Edition   68
                      Smart Cards (cont’d.)
• Beginning to appear in United States
     – San Francisco TransLink integrated ticketing system
       for public transportation
     – Smart Visa card (2000)
     – Target Visa smart card (2002)
• Smart Card Alliance
     – Advances smart card benefits
     – Promotes widespread acceptance of multiple-
       application smart card technology
     – Promotes compatibility among smart cards, card
       reader devices, applications

Electronic Commerce, Eighth Edition                          69
 Internet Technologies and the Banking
• Paper checks
     – Largest dollar volume of payments
     – Processed through world’s banking system
• Other major payment forms
     – Involve banks one way or another
• Banking industry Internet technologies
     – Providing new tools
     – Creating new threats

Electronic Commerce, Eighth Edition               70
                          Check Processing

• Physical check processing (banks, clearinghouses)
     – Person wrote check; retailer deposited check in bank
     – Retailer’s bank sent paper check to clearinghouse
           • Clearinghouse managed fund transfer (consumer’s
             bank to retailer’s account)
     – Paper check transported to consumer’s bank
     – Send cancelled check to consumer
• Many banks stopped sending cancelled checks to
     – Provide PDF images of processed checks
Electronic Commerce, Eighth Edition                            71
               Check Processing (cont’d.)

• Disadvantage of paper checks
     – Cost of transporting tons of paper checks
     – Float
           • Delay between the time person writes check and the
             time check clears person’s bank
           • Bank’s customer obtains free use of funds for few days
           • Bank loses use of funds for same time period
           • Can become significantly longer than a few days

Electronic Commerce, Eighth Edition                               72
               Check Processing (cont’d.)

• Technologies helping banks reduce float
     – 2004 U.S. law: Check Clearing for the 21st Century
       Act (Check 21)
           • Banks eliminate movement of physical checks entirely
• Check 21-compliant world
     – Retailer scans customer's check
     – Scanned image transmitted instantly
           • Through clearing system
     – Posts almost immediately to both accounts
           • Eliminates transaction float

Electronic Commerce, Eighth Edition                                 73
                            Phishing Attacks
• Phishing expedition
     – Technique for committing fraud against online
       businesses customers
     – Launched against all online business types
     – Particular concern to financial institutions
           • Customers expect high degree of personal information
• Basic structure
     – Attacker sends e-mail message
           • Large number of recipients
           • Account at targeted Web site
Electronic Commerce, Eighth Edition                             74
                 Phishing Attacks (cont’d.)
• Basic structure (cont’d.)
     – E-mail message tells recipient account is
           • Recipient must log on to account to correct problem
     – E-mail message includes link
           • Appears to be Web site login page
           • Actually disguised perpetrator’s Web site
     – Recipient enters login name, password
           • Perpetrator captures
           • Uses to access recipient’s account
           • Access personal information, make purchases,
             withdraw funds
Electronic Commerce, Eighth Edition                                75
Electronic Commerce, Eighth Edition   76
                 Phishing Attacks (cont’d.)

• Spear phishing
     – Phishing expedition that is carefully designed to target
       particular person or organization
     – Requires considerable research
     – Increases chance of e-mail being opened
     – Example: 2008 government stimulus checks
           • Phishing e-mails appeared within one week of passage

Electronic Commerce, Eighth Edition                             77
                 Phishing Attacks (cont’d.)

• E-mail link disguises and tricks
     – Example of Web server that ignores all characters
       preceding “@”:
     – Example of disguised link:
     – Example of invisible phony site displayed due to
       JavaScript code:

Electronic Commerce, Eighth Edition                             78
                 Phishing Attacks (cont’d.)

• E-mail link disguises and tricks (cont’d.)
     – Pop-up windows
           • Look exactly like browser address bar
     – Including Web site graphics of financial institutions
           • Looks more convincing

Electronic Commerce, Eighth Edition                            79
Electronic Commerce, Eighth Edition   80
    Organized Crime, Identity Theft, and
             Phishing Attacks
• Organized crime (racketeering)
     – Unlawful activities conducted by highly organized,
       disciplined association for profit
     – Differentiated from less organized terrorist groups
     – Internet providing new criminal activity opportunities
           • Generates spam, phishing, identity theft
     – Identity theft
           • Criminal act where perpetrator gathers victim’s
             personal information
           • Uses information to obtain credit
           • Perpetrator runs up account charges and disappears

Electronic Commerce, Eighth Edition                               81
Electronic Commerce, Eighth Edition   82
    Organized Crime, Identity Theft, and
        Phishing Attacks (cont’d.)
• Large criminal organizations
     – Efficient perpetrators of identity theft
           • Exploit large amounts of personal information quickly
             and efficiently
     – Sell or trade information that is not of immediate use
           • Other worldwide organized crime entities
     – Zombie farm
           • Large number of computers implanted with zombie
     – Pharming attack
           • Hacker sells right to use zombie farm to organized
             crime association
Electronic Commerce, Eighth Edition                                  83
    Organized Crime, Identity Theft, and
        Phishing Attacks (cont’d.)
• Two elements in phishing
     – Collectors: collect information
     – Cashers: use information
     – Require different skills
• Crime organizations facilitate transactions between
  collectors and cashers
     – Increases phishing activity efficiency, volume
• Each year
     – More than a million people fall victim
     – Financial losses exceed $500 million
Electronic Commerce, Eighth Edition                     84
      Phishing Attack Countermeasures

• Change protocol
     – Improve e-mail recipients’ ability to identify message
     – Reduce phishing attack threat
• Educate Web site users
• Contract with consulting firms specializing in anti-
  phishing work
• Monitor online chat rooms used by criminals

Electronic Commerce, Eighth Edition                             85
• Online stores payment forms
     – Credit, debit, charge cards (payment cards)
           • Ubiquitous, convenient, easy to use
     – Electronic cash advantages and potential uses
           • Making micropayments, stored online or offline
     – Convenience of electronic wallets
     – Stored-value cards
           • Smart cards, magnetic strip cards
• Banks process most monetary transactions
     – Use Internet technologies to process checks
• Concerns: phishing expeditions, identity theft
Electronic Commerce, Eighth Edition                           86

Shared By: