Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Personal Finance

Lecture 6

advertisement 
E-COMMERCE
CIT 245
By Mohammed A. Saleh
1
CONTENT
 The
Payment Revolution
 Using Payment Cards Online
 Smart Cards
 Store-Value Cards
 E-Micropayments
 E-Checking
 E-Bill Presentment and Payment
 B2B E-Payments
 The Sales Tax Issue
 PKI Infrastructure
2
FRAUDULENT CREDIT CARD
TRANSACTIONS
 In
the online world, merchants are held liable
for fraudulent transactions..
 Accepting
fraudulent transactions incurs
additional costs of fees and penalties imposed
by the credit card associations.
 Combating fraudulent transactions is costly, the
costs include costs of tools and systems to
review orders.
 Surveys have shown the fraudulent cases are a
growing problem for online merchants.
3
FRAUDULENT CREDIT CARD
TRANSACTIONS
 Documented
surveys by CyberSource 2004
depicts the following trends:
- fraud increased from $1.9 bil to $2.6 bil due to
increased number of businesses.
- 1.3% of merchant orders were fraudulent.
- Some merchants were more susceptible to
fraud than others. Reason being: merchant’s
visibility on the Web, ease of selling products
in an open market and the merchants size.
 CyberSource (2005) showed the surveys
conducted by merchants to combat fraud.
4
FRAUDULENT CREDIT CARD
TRANSACTIONS
 Merchants
spent a lot to combat fraud as
compared to the revenues they gained. Key
tools used were:
1. Address Verification System (AVS)
- used by 82% of merchants
- compares the address entered on a Web page
with the address information on file with
cardholder’s issuing bank.
- results in false positives.
1. Manual review
- used by 73% of all merchants
5
FRAUDULENT CREDIT CARD
TRANSACTIONS
-
1.
-
-
relies on staff to review suspicious orders
manually.
suitable for smaller merchants.
for larger merchants the method does not
scale well
Card Verification Number (CVN)
used by 56% of all merchants.
compares the verification number of the card
with the information file with the card holders
issuing bank.
If the card is stolen then this method is compromised
6
FRAUDULENT CREDIT CARD
TRANSACTIONS
1.
-
1.
-
Fraud screens and decision models
used by 53% of all the merchants.
based on various automated rules that
determine whether a transaction should
accepted, rejected or suspended.
merchant has the ability to change the rules to
reflect changing trends in the fraud.
Negative files
used by 45% of all merchants.
consists of the customers information (IP add,
name, shipping/billing add, contact)
7
FRAUDULENT CREDIT CARD
TRANSACTIONS

A transaction is matched against this file and
flagged if the customer is known problem.
Overall impact is that the merchants are
rejecting significant amount of orders due to
suspicion of fraud.
8
VIRTUAL CREDIT CARDS





Online purchases are growing fast.
Consumers are still cautious of using their
credit card numbers online.
Virtual does address these concerns.
Online buyers are provided by the card
company at the time of the purchase a
randomly generated tied to the buyer’s actual
card number.
Used only once and hence the name singleuse card numbers.
9
VIRTUAL CREDIT CARDS

i.
ii.



They combat certain types of fraud, but have
drawbacks.
Single-use numbers cannot be confirmed at a
later date
No way to pay recurring bills or subscriptions
This service was introduced in 2004 but later
discontinued. It was called Private Payment.
One exception is the Discover Card.
Discover Financial Services offers its
customers a single-use card service called
Discover Deskshop.
10
VIRTUAL CREDIT CARDS
-
Customers download a small piece of
software called Deskshop
Software pops up whenever a customer
encounters a checkout form.
Has the same expiration date as the actual
card means it can be used for recurring bills
but from the same site.
11
SMART CARDS




Used in place or addition of traditional credit
and debit cards.
Looks like a plastic payment card but it is
distinguished by the presence of an embedded
microchip.
The embedded chip may be a microprocessor
combined with a memory chip or just a
memory chip.
Information on the chip can be added, deleted
or manipulated.
12
SMART CARDS


This microprocessor is capable of running
programs but not as a stand-alone computer.
Programs and data must be downloaded from
and activated by some other device (ATM
machine)
13
SMART CARDS
14
TYPES OF SMART CARDS

-
-
-
Contact card
Activated when inserted into a smart card
reader and then passes data to and from the
embedded microchip.
Have a small gold plate, which when inserted
into the smart card reader it makes electronic
contact and data are passed to and from the
chip.
They have an EPROM or EEPROM.
15
TYPES OF SMART CARDS

-
-
-
Contactless (proximity) card
Card has only to be within a certain proximity
of a smart card reader to process a
transaction.
Has an embedded antenna, by means of
which data and applications are passed to and
from the card through the card’s antenna to
another antenna attached to the smart card
reader.
Used in applications where data needs to be
processed
quickly
e.g.
mass-transit
applications.
16
TYPES OF SMART CARDS




Other types include the hybrid and dualinterface smart cards.
Hybrid smart card has two separate chips
embedded in the card; contact and contactless
In contrast, dual-interface has a single chip
that supports both types of interfaces.
The benefit of either cards is it eliminates the
need to carry multiple cards to support
various smart card readers and applications.
17
TYPES OF SMART CARDS
Smart card reader
- read/write device
- Purpose is to act as a mediator between the
card and the host system that stores
application data and processes transactions.
- There a two types basic types contact and
proximity – which match the particular type
of card.
- May be transparent, requiring a host device to
operate,
or
stand-alone,
function
independently.
18
TYPES OF SMART CARDS
A single reader is low in cost but may rise the
costs if there is a large population of users to
be serviced.
 Widespread use of smart cards for multiple
applications requires standardization and
interoperability among various card and card
reader technologies.
Q: What if there were no standards ?
-
19
TYPES OF SMART CARDS
20
TYPES OF SMART CARDS
Global Platform (globalplatform.org)
- An
international, nonprofit smart card
association.
- Main goal is to create and advance inter
operable technical specifications for smart
cards, acceptance devices and systems
infrastructure.
 Technical standards governing smart cards are
set by ISO.
 ISO/IEC 7816 and ISO/IEC 14443 are the
main standards pertaining to contact and
contactless cards respectively.
21
TYPES OF SMART CARDS



Smart cards have an underlying OS, just like
computers.
A smart card OS handles file management,
security I/O, command execution and
provides an API (Application Programming
Interface).
Example operating systems are MULTOS
(multos.com)
and
Java
Card
(java.sun.com/products/javacard)
22
APPLICATION OF SMART CARDS


i.
-
-
Growth of smart cards is driven by
applications.
Important applications include:
Retail purchases
Smart cards are more secure than credit cards
and can be extended with other payment
services.
Used to speed up transactions and bring
convenience.
In stores, gas stations, fast-food and cinemas.
E.g. e-purses and contactless payments
23
APPLICATION OF SMART CARDS
-
-
e-purses is a smart card application.
Money is loaded onto the card from the card
holder’s account.
Account is debited and the value transferred
at the bank or system operator.
Transaction is PIN protected.
Whenever used the value in the e-purse is
adjusted.
Behind the scenes the e-purse host system
debits the account of the issuing bank and
credits the merchant’s account.
24
APPLICATION OF SMART CARDS
-
i.
-
e-purse can only be used to conduct business
on the terminal within its host system.
The Common Electronic Purse Specification
(CEPS) is designed to standardize and
achieve global interoperability among varied
e-purse offerings.
Transit fares
Use of cash and multiple tickets is a hassle
for commuters
SmarTrip is an example smart card used in
the transportation system. (in the US)
25
APPLICATION OF SMART CARDS
-
i.
-
-
-
It is a permanent, contactless, rechargeable
fare card that can hold up to $300 in fare
value.
E-Identification
They have a capability to store personal
information; pictures, biometric identifiers,
digital signatures, and private security keys.
For this reason they are used for
identification,
access
control
and
authentication applications.
Countries are launching a national ID smart
card.
26
APPLICATION OF SMART CARDS
-
-
China rolled out its pilot ID program in 2004
The cards reduced widespread forging of ID
papers.
Chinese could also move freely into the
country.
Size of the card will be the same as a bank
card and will use contact less chips.
Other countries with e-ID initiatives are
Belgium, India and USA.
27
APPLICATION OF SMART CARDS
i.
-




Health care
They have a functional possibility to be used.
This includes:
Storing vital info. in case of emergencies
Preventing patients from obtaining multiple
prescriptions from different physicians.
Verifying patients identity and insurance
coverage
Speeding up the payment and claims process.
28
APPLICATION OF SMART CARDS
-
-
health-care smart cards have large data
storage capability (e.g., storing vital medical
information)
Germany and France have the largest health –
care programs in the world.
Health care uses PKI to secure access to
health-care data stored on networks.
Smart cards then do not only contain
encrypted keys but also pointers to data that
may be housed in different databases on
different networks.
29
APPLICATION OF SMART CARDS
Due to privacy and civil liberties people are
hesitant about having their personal data
mixed with other data on the same card.
Securing smart cards
 Smart cards store or provide access to either
valuable assets (e-cash) or sensitive info
(medical records)
 They must be secured against theft, fraud or
misuse.
 Smart cards are more secure than payment
cards. (CVN is clearly visible)
30
-
APPLICATION OF SMART CARDS



Before a smart card is used the holder may be
required to enter a PIN that is matched with
the card.
They encrypt and decrypt downloaded data
or read from the card.
Hacking a smart card is classified as a “class
3” attack, which means the cost of
compromising the card far exceeds the
benefits.
31
Related documents
The 7 th International Conference on Ubiquitous Intelligence and
The 7 th International Conference on Ubiquitous Intelligence and
Marketing Objectives
Marketing Objectives
Ramsey
Ramsey
File
File
1B-0830-BIRCH - National Town Meeting on Demand Response
1B-0830-BIRCH - National Town Meeting on Demand Response
presentation slides
presentation slides
Goal Setting Presentation
Goal Setting Presentation
project smart
project smart
Download
advertisement