Chapter 11 - SaigonTech
advertisement
E-Business Eighth Edition Chapter 11 Payment Systems For E-Business Learning Objectives In this chapter, you will learn about: • The basic functions of online payment systems • The use of payment cards in electronic commerce • The history and future of electronic cash • How electronic wallets work • The use of stored-value cards in electronic commerce • Internet technologies and the banking industry E-Business, Eighth Edition 2 Online Payment Basics • E-commerce – Exchange money for goods or services – Important function: handling Internet payments – B2B payment transactions • Electronic funds transfers (EFTs) • B2C payment transactions – Evolving and competing for dominance – Customer convenience, saves companies money • Bill mailed by mail costs $1.00 to $1.50 • Internet billing cost: 50 cents E-Business, Eighth Edition 3 Online Payment Basics (cont’d.) • Four basic means to purchase items in B2C (traditional and electronic) – Cash, checks, credit cards, debit cards • 90% of all United States consumer payments • Electronic transfer: small but growing • Most popular: automated payments • Credit cards – Worldwide: 90% of online payments – United States: 97% of online payments E-Business, Eighth Edition 4 E-Business, Eighth Edition 5 Online Payment Basics (cont’d.) • Scrip – Digital cash minted by a company • Cannot be exchanged for cash • Exchanged for goods or services by company issuing scrip – Like a gift certificate: good at more than one store – Current scrip offerings (eScrip) • Focus: not-for-profit fundraising market • Merchant should offer customers payment options – Safe, convenient, widely accepted – Companies sell payment processing package service E-Business, Eighth Edition 6 E-Business, Eighth Edition 7 Payment Cards • General term describing all types of plastic cards consumers (businesses) use to make purchases – Categories: credit cards, debit cards, charge cards • Credit card (Visa, MasterCard) – Spending limit based on user’s credit history • Charge purchases against credit line – Options for user billing cycle payments • Pay off entire credit card balance; pay minimum amount • Card issuers charge unpaid balance interest – Accepted worldwide, 30-day dispute period E-Business, Eighth Edition 8 Payment Cards (cont’d.) • Credit card (cont’d.) – Card not present transactions • Cardholder not present during transaction • Requires extra security • Debit card – Removes sales amount from cardholder’s bank account – Transfers sales amount to seller’s bank account – Issued by cardholder’s bank • Carries major credit card issuer name E-Business, Eighth Edition 9 Payment Cards (cont’d.) • Charge card (American Express) – – – – No spending limit Entire balance due at end of billing period No line of credit or interest charges Examples: department store, oil company cards • “Payment card” – Refers to credit cards, debit cards, and charge cards E-Business, Eighth Edition 10 Payment Cards (cont’d.) • Single-use cards – Cards with disposable numbers • Addresses concern of giving online vendors payment card numbers – Not used much anymore • Problem: required consumers to behave differently E-Business, Eighth Edition 11 Advantages and Disadvantages of Payment Cards • Advantage for merchants – Fraud protection (built-in security) • Charge paid through issuer of payment card • Advantage for U.S. consumers – Liability of fraudulent card use: $50 • Card issuer frequently waives $50 charge if card stolen • Good for merchants and consumers – Worldwide acceptance • Currency conversion handled by card issuer E-Business, Eighth Edition 12 Advantages and Disadvantages of Payment Cards (cont’d.) • Disadvantage for merchants – Per-transaction fees, monthly processing fees • Cost of doing business – Goods and services prices are slightly higher • As opposed to environment free of payments cards – For payment: • Merchant must first set up merchant account • Disadvantage for consumers – Annual fee E-Business, Eighth Edition 13 Payment Acceptance and Processing • Internet payment card process easier than physical store process • EMV standard – Single standard handling payment card transactions – Visa, MasterCard, MasterCard International • United States online stores, mail order stores – Must ship merchandise within 30 days of charging payment • Violation penalties are significant • Most do not charge payment card accounts until merchandise shipped E-Business, Eighth Edition 14 Payment Acceptance and Processing (cont’d.) • General steps in payment card transactions – Merchant receives payment card information – Merchant authenticates payment – Merchant ensures funds are available and puts hold on credit line or funds to cover charge – Settlement occurs (few days after purchase); funds travel between banks and are placed into merchant’s account E-Business, Eighth Edition 15 Payment Acceptance and Processing (cont’d.) • Open and closed loop systems – Closed loop systems • Card issuer pays merchant directly • Does not use intermediary • American Express, Discover Card – Open loop systems (three or more parties) • Third party (intermediary bank) processes transaction • Visa, MasterCard: not issued directly to consumers • Credit card associations: operated by association member banks • Customer issuing banks: member banks E-Business, Eighth Edition 16 Payment Acceptance and Processing (cont’d.) • Merchant accounts (acquiring bank) – Bank doing business with sellers (Internet, nonInternet) wanting to accept payment cards – Merchant account • Required for online merchant to process payment cards – Acceptance by bank of merchant account • Merchant must provide business information • Risk of business type assessed – Bank collects credit card receipts on merchant’s behalf • Credits value in merchant’s account E-Business, Eighth Edition 17 Payment Acceptance and Processing (cont’d.) • Merchant accounts (cont’d.) – Chargeback • Cardholder successfully contests charge • Merchant bank must retrieve money from merchant account • Merchant may have to cover chargeback potential – Problem facing online businesses • Level of online transaction fraud • Fewer than 5 percent of credit card transactions completed online; accounts for 60 percent of total credit card dollar amount fraud E-Business, Eighth Edition 18 Payment Acceptance and Processing (cont’d.) • Processing payment cards online – Payment processing service providers • Companies offering payment card processing – Example: InternetSecure • Supports Visa and MasterCard payments for Canadian and U.S. accounts • Provides risk management and fraud detection • Handles online merchants transactions • Uses existing bank-approved payment card processing infrastructure, secure links, and firewalls E-Business, Eighth Edition 19 Payment Acceptance and Processing (cont’d.) • Processing payment cards online (cont’d.) – First Data • Provides merchant payment card processing services with ICVERIFY and WebAuthorize programs • ICVERIFY: for small retailers using Microsoft Windows electronic cash registers, point-of-sale terminal systems • WebAuthorize: for large enterprise-class merchant sites – ICVERIFY, WebAuthorize connect directly to: • Network of banks: Automated Clearing House (ACH) • Credit card authorization companies • Connect to ACH through highly secure, private leased telephone lines E-Business, Eighth Edition 20 E-Business, Eighth Edition 21 Payment Acceptance and Processing (cont’d.) • Processing payment cards online (cont’d.) – Merchant Warehouse’s PayFlow Link system • Online payment system developed by CyberCash • Now operated by VeriSign – InfoSpace’s Authorize.Net • Online, realtime payment card processing service • Merchants link to system by inserting small HTML code block into transaction page • Order encrypted, transferred to Authorize.Net server • Server relays transaction to bank network • Customers not aware of third-party supplier (usually) E-Business, Eighth Edition 22 Electronic Cash • Electronic cash (e-cash, digital cash) – Describes any value storage and exchange system created by private (nongovernmental) entity • Does not use paper documents or coins • Can serve as substitute for government-issued physical currency • Readily exchanged for physical cash on demand • Problem – No standard among all electronic cash issuers – Not universally accepted E-Business, Eighth Edition 23 Electronic Cash (cont’d.) • Small purchases not profitable for merchants – Bank fees greater than profits • Factors in favor of electronic cash – Potentially significant market for electronic cash • Market for Internet small purchases (below $10) – Most of world’s population does not have credit cards • Electronic cash: solution to paying for online purchases • Idea of electronic cash refuses to die – Despite failures E-Business, Eighth Edition 24 Micropayments and Small Payments • Micropayments – Internet payments for items • Costing few cents to a dollar • Micropayments barriers – Not implemented very well on the Web yet – Human psychology • People prefer to buy small value items in fixed price chunks • Example: mobile phone has fixed monthly payment plans E-Business, Eighth Edition 25 Micropayments and Small Payments (cont’d.) • Small payments – All payments of less than $10 • Companies that have developed micropayment systems – Millicent, DigiCash, Yaga, BitPass • All have failed – No company has gained broad acceptance of its system despite industry observers seeing such a need – No company devoted solely to offering micropayment services E-Business, Eighth Edition 26 Privacy and Security of Electronic Cash • Electronic payment methods concerns – Privacy and security, independence, portability, convenience – Privacy and security: most important to consumers • Transactions vulnerable • Electronic currency: copied, reused, forged • Unique security problems of electronic cash – Possible to spend only once • Not counterfeit; used in two different transactions – Anonymous use • Prevents sellers from collecting information E-Business, Eighth Edition 27 Privacy and Security of Electronic Cash (cont’d.) • Electronic cash companies – eCharge, InternetCash, Valista • Advantages of electronic cash – Independent • Unrelated to any network or storage device • Ideally pass transparently across international borders; converted automatically to recipient country’s currency – Portable • Freely transferable between any two parties • Credit and debit cards: not portable or transferable • Important characteristic of cash: convenience E-Business, Eighth Edition 28 Holding Electronic Cash: Online and Offline Cash • Online cash storage – Consumer has no personal possession of electronic cash • Trusted third party (online bank) involved in all transfers, holds consumers’ cash accounts • Online system payment – Merchants contact consumer’s bank • Helps prevent fraud (confirm valid cash) • Resembles process of checking with consumer’s bank to ensure valid credit card and matching name E-Business, Eighth Edition 29 Holding Electronic Cash: Online and Offline Cash (cont’d.) • Offline cash storage – Virtual equivalent of money kept in wallet – Customer holds it • No third party involved in transaction – Protection against fraud concern • Hardware or software safeguards needed – Double-spending • Spending electronic cash twice • Too late to prevent fraudulent act by time same electronic currency clears bank for second time • Prevent double-spending: use encryption techniques E-Business, Eighth Edition 30 Advantages and Disadvantages of Electronic Cash • Traditional brick-and-mortar billing methods – Costly • Generate invoices, stuff envelopes, buy and affix postage to envelopes, send invoices to customers – Accounts payable department • Keeps track of incoming payments, posts accounts in database, ensures current customer data • Online stores have the same payment collection inefficiencies – Online customers use credit cards to pay for purchases E-Business, Eighth Edition 31 Advantages and Disadvantages of Electronic Cash (cont’d.) • Online auction customers use conventional payment methods – Checks, money orders • Electronic cash system – Less popular than other payment methods – Provides unique advantages and disadvantages • Advantages of electronic cash transactions – More efficient (less costly) • Efficiency fosters more business (lower prices) – Occurs on existing infrastructure (Internet) E-Business, Eighth Edition 32 Advantages and Disadvantages of Electronic Cash (cont’d.) • Advantages of electronic cash transactions (cont’d.) – Internet spans globe • Distance transaction travels does not affect cost – Does not require one party to obtain authorization • Disadvantages of electronic cash transactions – No audit trail – Money laundering • Technique criminals use to convert money illegally obtained into spendable cash • Purchase goods, services with ill-gotten electronic cash • Goods sold for physical cash on open market E-Business, Eighth Edition 33 Advantages and Disadvantages of Electronic Cash (cont’d.) • Disadvantages of electronic cash transactions (cont’d.) – Susceptible to forgery – Other potentially damaging digital economic factors • Expansion of money supply when banks loan electronic cash on consumer and merchant traditional bank accounts • Electronic cash has not yet become a global success – Will require wide acceptance and solution to problem of multiple electronic cash standards E-Business, Eighth Edition 34 How Electronic Cash Works • Consumer opens account with electronic cash issuer – Presents proof of identity • Consumer withdraws electronic cash using issuer’s Web site – Presents proof of identity • Digital certificate issued by certification authority • Combination of credit card number and verifiable bank account E-Business, Eighth Edition 35 How Electronic Cash Works (cont’d.) • After consumer identity is verified: – Electronic cash amount is issued • Amount deducted from consumer’s account • Issuer may charge small processing fee • Consumer stores electronic cash – In electronic wallet – On his or her computer – On stored-value card • Consumer can authorize issuer to make third-party payments – From electronic cash account E-Business, Eighth Edition 36 Providing Security for Electronic Cash • Significant electronic cash problem – Potential for double-spending • Main deterrent – Threat of detection and prosecution • Keys to creating tamperproof electronic cash that can be traced back to origins – Cryptographic algorithms – Two-part lock • Provides anonymous security • Signals someone is attempting to double-spend cash E-Business, Eighth Edition 37 Providing Security for Electronic Cash (cont’d.) • When second transaction occurs – Complicated process reveals: • Attempted second use • Identity of original electronic cash holder • Electronic cash used correctly – Maintains user’s anonymity • Double-lock procedure – Protects anonymity of electronic cash users – Simultaneously provides built-in safeguards to prevent double-spending E-Business, Eighth Edition 38 E-Business, Eighth Edition 39 Providing Security for Electronic Cash (cont’d.) • Double-spending – Neither detected nor prevented with truly anonymous electronic cash • Anonymous electronic cash – Cannot be traced back to person who spent it • Tracing electronic cash – Attach serial number to each electronic cash transaction • Cash positively associated with particular consumer • Does not solve double-spending problem E-Business, Eighth Edition 40 Providing Security for Electronic Cash (cont’d.) • Single issuing bank can detect when two deposits of same electronic cash are about to occur – Impossible to ascertain fault (consumer or merchant) • Electronic cash contains serial numbers – No longer anonymous • One reason to acquire electronic cash – Raises privacy issues • The use of serial numbers to track consumers’ spending habits E-Business, Eighth Edition 41 Providing Security for Electronic Cash (cont’d.) • Creating truly anonymous electronic cash – Bank issues electronic cash with embedded serial numbers • Bank digitally signs electronic cash while removing association of cash with particular customer E-Business, Eighth Edition 42 Electronic Cash Systems • Electronic cash – More successful in Europe and Japan • Consumers prefer to use cash (does not work well for online transactions) • Electronic cash fills important need – Not successful in United States • Consumers have payment cards and checking accounts • KDD Communications (KCOM) – Internet subsidiary: Japan’s largest phone company – Offers electronic cash through NetCoin Center E-Business, Eighth Edition 43 Electronic Cash Systems (cont’d.) • Reasons for failure of United States electronic cash systems – Electronic cash systems implementation • Required to download and install complicated clientside software that ran in conjunction with browser – Number of competing technologies • No standards developed • Array of proprietary electronic cash alternatives – No interoperable software • That runs transparently on variety of hardware configurations and different software systems E-Business, Eighth Edition 44 Electronic Cash Systems (cont’d.) • CheckFree – Largest online bill processor (in the world) – Payment processing services since 1981 to: • Large corporations, individual Internet users – 2007 Fiserv bought CheckFree ($4.4 billion) • Offers online bill processing under CheckFree brand E-Business, Eighth Edition 45 Electronic Cash Systems (cont’d.) • Clickshare – Electronic cash system for magazines and newspaper publishers – Uses technology called micropayment-only system – An ISP supporting Clickshare automatically registers users – When users click links leading to Clickshare sites • They can make purchases without registering again • Clickshare keeps track of transactions and bills user’s ISP E-Business, Eighth Edition 46 Electronic Cash Systems (cont’d.) • Clickshare (cont’d.) – Tracks user on the Internet • Significant value to advertisers, marketers • Defeats anonymity – Micropayment capability • By-product of core functionality of tracking identified users • Tracks users with standard HTTP Web protocol • Does not require cookies or software wallets E-Business, Eighth Edition 47 Electronic Cash Systems (cont’d.) • PayPal – Payment processing services to businesses, individuals – Earns profit from float • Money deposited, not used immediately – Charges transaction fee • Businesses using service to collect payments – Peer-to-peer (P2P) payment system • Free payment clearing service for individuals • Payments from one type of entity to another of the same type E-Business, Eighth Edition 48 Electronic Cash Systems (cont’d.) • PayPal (cont’d.) – Eliminates writing and mailing checks or payment cards – Send money instantly and securely to anyone with an e-mail address – Convenient for auction bidders to pay for purchases – Convenient for auction sellers • Eliminates risks posed by other online payment types – Transactions clear instantly – Redemption • PayPal check • Direct deposit to checking accounts E-Business, Eighth Edition 49 E-Business, Eighth Edition 50 Electronic Cash Systems (cont’d.) • PayPal (cont’d.) – Merchants and consumers first register for PayPal account • No minimum amount account balance • Add money by authorizing checking accounts transfer, using credit card • Merchants need PayPal accounts to accept PayPal payments E-Business, Eighth Edition 51 Electronic Cash Systems (cont’d.) • PayPal (cont’d.) – Competition from Billpoint • Joint venture between eBay, Wells Fargo • PayPal maintained first-mover advantage – Remained most widely used eBay payment processing system • eBay purchased PayPal – Other peer-to-peer payment business companies • First Data Corporation offered electronic money orders through BidPay site (closed in 2007) • Citibank’s c2it payments service (closed in 2003) E-Business, Eighth Edition 52 Electronic Wallets • Concerns of consumers when shopping online – Entering detailed shipping and payment information for each online purchase – Filling out forms • Solution – Electronic commerce sites allows customer to store name, address, credit card information on the site – Problem • Consumers must enter information at each site E-Business, Eighth Edition 53 Electronic Wallets (cont’d.) • Electronic wallet (e-wallet) – Holds credit card numbers, electronic cash, owner identification, owner contact information – Provides information at electronic commerce site checkout counter – Benefit: consumer enters information once • More efficient shopping • Server-side electronic wallet – Stores customer’s information on remote server of merchant or wallet publisher – No download time or installation on user’s computer E-Business, Eighth Edition 54 Electronic Wallets (cont’d.) • Server-side electronic wallet (cont’d.) – Main weakness • Security breach can reveal thousands of users’ personal information (credit card numbers) • Servers must employ strong security measures to minimize possibility of unauthorized disclosure • Client-side electronic wallet – Stores information on consumer’s computer – Disadvantages • Must download wallet software onto every computer • Not portable E-Business, Eighth Edition 55 Electronic Wallets (cont’d.) • Client-side electronic wallet (cont’d.) – Advantage • Sensitive information stored on user’s computer – Sensitive information safer on client machine • Attackers must launch many attacks on user computers (more difficult to identify) • Prevents easily identifiable wallet vendor’s servers from attack E-Business, Eighth Edition 56 Electronic Wallets (cont’d.) • Characteristics of useful wallets – Wallet accessibility • Populate data fields in any merchant’s forms for any site consumer visits – Electronic wallet manufacturer and merchants from many sites must coordinate efforts • Wallet recognizes consumer information going into each field of given merchant’s forms E-Business, Eighth Edition 57 Electronic Wallets (cont’d.) • Electronic wallets – Store shipping and billing information • Consumer’s first and last names, street address, city, state, country, postal code – Hold credit card names, numbers • Offers consumer choice of credit cards at online checkout – Hold electronic cash from various providers E-Business, Eighth Edition 58 Electronic Wallets (cont’d.) • Electronic wallet used by business companies – Example: MasterCard – Most abandoned efforts • Current major browsers include feature to remember names, addresses, other commonly requested information • Browsers provides one-click Web form field completion – Two e-wallet arena survivors • Microsoft Windows Live ID • Yahoo! Wallet E-Business, Eighth Edition 59 Microsoft Windows Live ID • Formerly called Passport, Microsoft .NET Passport • Single sign-in service – Includes server-side electronic wallet • Operated by Microsoft • All personal data entered into Windows Live ID wallet – Encrypted and password protected E-Business, Eighth Edition 60 Microsoft Windows Live ID (cont’d.) • Four integrated services – Single sign-in service (SSI) • Allows user to sign in at participating Web site using username and password – Wallet service • Provides electronic wallet functions (secure storage, form completion of credit card, address information) – Kids service • Helps parents protect, control children’s online privacy – Public profiles • Allows consumers to create public page of information about themselves E-Business, Eighth Edition 61 Yahoo! Wallet • Server-side electronic wallet offered by Yahoo! • Completes order forms automatically – Identifying information, credit card payment information • Stores information – Several major credit, charge cards, Visa and MasterCard debit cards • Accepted by: – Thousands of Yahoo! Store merchants, Yahoo! Travel – Yahoo! Services • Premium e-mail storage, Web hosting fees E-Business, Eighth Edition 62 Yahoo! Wallet (cont’d.) • Yahoo! Advantage – Number of services and shops accommodate own wallet • Large number of merchants accept wallet • Privacy concern – Company issuing wallet has access to great deal of information about individual using wallet E-Business, Eighth Edition 63 Stored-Value Cards • Microchip smart card or magnetic strip plastic card – Records currency balance • Microchip versus magnetic strip – Microchip stores more information – Tiny microchip computer processor • Performs calculations and storage operations on card – Different microchip card reader needed • Examples: prepaid phone, copy, subway, bus cards • “Stored-value card” and “smart card” used interchangeably E-Business, Eighth Edition 64 Magnetic Strip Cards • Holds rechargeable value • Passive magnetic strip cards cannot: – Send or receive information – Increment or decrement cash value stored • Processing done on device into which card inserted • Magnetic strip cards and smart cards store electronic cash – Smart card better suited for Internet payment transactions • Has processing capability E-Business, Eighth Edition 65 Smart Cards • Stored-value card – Plastic card with embedded microchip • Credit, debit, charge cards store limited information on magnetic strip • Store information – About 100 times more than magnetic strip plastic card • Hold private user data – Financial facts, encryption keys, account information, credit card numbers, health insurance information, medical records E-Business, Eighth Edition 66 Smart Cards (cont’d.) • Safer than conventional credit cards – Information encrypted on smart card • Popular in Europe, parts of Asia – Public telephone calls, cable television programs – Hong Kong • Retail counters, restaurant cash registers have smart card readers • Octopus is the public transportation smart card: can be reloaded at transportation locations, 7-Eleven stores E-Business, Eighth Edition 67 E-Business, Eighth Edition 68 Smart Cards (cont’d.) • Beginning to appear in United States – San Francisco TransLink integrated ticketing system for public transportation – Smart Visa card (2000) – Target Visa smart card (2002) • Smart Card Alliance – Advances smart card benefits – Promotes widespread acceptance of multipleapplication smart card technology – Promotes compatibility among smart cards, card reader devices, applications E-Business, Eighth Edition 69 Internet Technologies and the Banking Industry • Paper checks – Largest dollar volume of payments – Processed through world’s banking system • Other major payment forms – Involve banks one way or another • Banking industry Internet technologies – Providing new tools – Creating new threats E-Business, Eighth Edition 70 Check Processing • Physical check processing (banks, clearinghouses) – Person wrote check; retailer deposited check in bank account – Retailer’s bank sent paper check to clearinghouse • Clearinghouse managed fund transfer (consumer’s bank to retailer’s account) – Paper check transported to consumer’s bank – Send cancelled check to consumer • Many banks stopped sending cancelled checks to consumer – Provide PDF images of processed checks E-Business, Eighth Edition 71 Check Processing (cont’d.) • Disadvantage of paper checks – Cost of transporting tons of paper checks – Float • Delay between the time person writes check and the time check clears person’s bank • Bank’s customer obtains free use of funds for few days • Bank loses use of funds for same time period • Can become significantly longer than a few days E-Business, Eighth Edition 72 Check Processing (cont’d.) • Technologies helping banks reduce float – 2004 U.S. law: Check Clearing for the 21st Century Act (Check 21) • Banks eliminate movement of physical checks entirely • Check 21-compliant world – Retailer scans customer's check – Scanned image transmitted instantly • Through clearing system – Posts almost immediately to both accounts • Eliminates transaction float E-Business, Eighth Edition 73 Phishing Attacks • Phishing expedition – Technique for committing fraud against online businesses customers – Launched against all online business types – Particular concern to financial institutions • Customers expect high degree of personal information security • Basic structure – Attacker sends e-mail message • Large number of recipients • Account at targeted Web site E-Business, Eighth Edition 74 Phishing Attacks (cont’d.) • Basic structure (cont’d.) – E-mail message tells recipient account is compromised • Recipient must log on to account to correct problem – E-mail message includes link • Appears to be Web site login page • Actually disguised perpetrator’s Web site – Recipient enters login name, password • Perpetrator captures • Uses to access recipient’s account • Access personal information, make purchases, withdraw funds E-Business, Eighth Edition 75 E-Business, Eighth Edition 76 Phishing Attacks (cont’d.) • Spear phishing – Phishing expedition that is carefully designed to target particular person or organization – Requires considerable research – Increases chance of e-mail being opened – Example: 2008 government stimulus checks • Phishing e-mails appeared within one week of passage E-Business, Eighth Edition 77 Phishing Attacks (cont’d.) • E-mail link disguises and tricks – Example of Web server that ignores all characters preceding “@”: https://www.paypal.com@218.36.41.188/fl/login.html – Example of disguised link: https://www.paypal.com@218.36.41.188/fl/login.html – Example of invisible phony site displayed due to JavaScript code: http://leasurelandscapes.com/snow/webscr.dll E-Business, Eighth Edition 78 Phishing Attacks (cont’d.) • E-mail link disguises and tricks (cont’d.) – Pop-up windows • Look exactly like browser address bar – Including Web site graphics of financial institutions • Looks more convincing E-Business, Eighth Edition 79 E-Business, Eighth Edition 80 Organized Crime, Identity Theft, and Phishing Attacks • Organized crime (racketeering) – Unlawful activities conducted by highly organized, disciplined association for profit – Differentiated from less organized terrorist groups – Internet providing new criminal activity opportunities • Generates spam, phishing, identity theft – Identity theft • Criminal act where perpetrator gathers victim’s personal information • Uses information to obtain credit • Perpetrator runs up account charges and disappears E-Business, Eighth Edition 81 E-Business, Eighth Edition 82 Organized Crime, Identity Theft, and Phishing Attacks (cont’d.) • Large criminal organizations – Efficient perpetrators of identity theft • Exploit large amounts of personal information quickly and efficiently – Sell or trade information that is not of immediate use • Other worldwide organized crime entities – Zombie farm • Large number of computers implanted with zombie programs – Pharming attack • Hacker sells right to use zombie farm to organized crime association E-Business, Eighth Edition 83 Organized Crime, Identity Theft, and Phishing Attacks (cont’d.) • Two elements in phishing – Collectors: collect information – Cashers: use information – Require different skills • Crime organizations facilitate transactions between collectors and cashers – Increases phishing activity efficiency, volume • Each year – More than a million people fall victim – Financial losses exceed $500 million E-Business, Eighth Edition 84 Phishing Attack Countermeasures • Change protocol – Improve e-mail recipients’ ability to identify message source – Reduce phishing attack threat • Educate Web site users • Contract with consulting firms specializing in antiphishing work • Monitor online chat rooms used by criminals E-Business, Eighth Edition 85 Summary • Online stores payment forms – Credit, debit, charge cards (payment cards) • Ubiquitous, convenient, easy to use – Electronic cash advantages and potential uses • Making micropayments, stored online or offline – Convenience of electronic wallets – Stored-value cards • Smart cards, magnetic strip cards • Banks process most monetary transactions – Use Internet technologies to process checks • Concerns: phishing expeditions, identity theft E-Business, Eighth Edition 86
