Electronic Payment Systems Observatory (ePSO). Newsletter Issues 9-15

Abstract not availableJRC.J-Institute for Prospective Technological Studies (Seville

Defending networked resources against floods of unwelcome requests

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2008.Includes bibliographical references (p. 172-189).The Internet is afflicted by "unwelcome requests'" defined broadly as spurious claims on scarce resources. For example, the CPU and other resources at a server are targets of denial-of-service (DOS) attacks. Another example is spam (i.e., unsolicited bulk email); here, the resource is human attention. Absent any defense, a very small number of attackers can claim a very large fraction of the scarce resources. Traditional responses identify "bad" requests based on content (for example, spam filters analyze email text and embedded URLs). We argue that such approaches are inherently gameable because motivated attackers can make "bad" requests look "good". Instead, defenses should aim to allocate resources proportionally (so if lo% of the requesters are "bad", they should be limited to lo% of the scarce resources). To meet this goal, we present the design, implementation, analysis, and experimental evaluation of two systems. The first, speak-up, defends servers against application-level denial-of-service by encouraging all clients to automatically send more traffic. The "good" clients can thereby compete equally with the "bad" ones. Experiments with an implementation of speak-up indicate that it allocates a server's resources in rough proportion to clients' upload bandwidths, which is the intended result. The second system, DQE, controls spam with per-sender email quotas. Under DQE, senders attach stamps to emails. Receivers communicate with a well-known, untrusted enforcer to verify that stamps are fresh and to cancel stamps to prevent reuse. The enforcer is distributed over multiple hosts and is designed to tolerate arbitrary faults in these hosts, resist various attacks, and handle hundreds of billions of messages daily (two or three million stamp checks per second). Our experimental results suggest that our implementation can meet these goals with only a few thousand PCs.(cont) The enforcer occupies a novel design point: a set of hosts implement a simple storage abstraction but avoid neighbor maintenance, replica maintenance, and mutual trust. One connection between these systems is that DQE needs a DoS defense-and can use speak-up. We reflect on this connection, on why we apply speak-up to DoS and DQE to spam, and, more generally, on what problems call for which solutions.by Michael Walfish.Ph.D

Cashless welfare payments and everyday life: a study of South Africa and Australia

This thesis investigates the emergence of cashless welfare payments (CWP) and their effect on everyday life. It argues that CWP create a space in everyday life in which social relations and social behaviours are restructured. This restructuring is considered as a process and consolidation of neoliberalisation. The precise form of CWP are contingent on the social and policy contexts in which they are embedded, the contradictory nature of neoliberalism, and crucially, the effects on the everyday lives being targeted and responses to this. In South Africa it has taken an inclusive form that has facilitated state-society social relations and enabled financial accumulation. In Australia it takes a disciplinary form that has sought to control consumption and encourage capitalist social relations. The thesis draws on two main theoretical influences: ‘neoliberalisation’ as an understanding of the restructuring of contemporary welfare, and Henri Lefebvre’s theorisation of Everyday Life. The framework developed from these influences is used to analyse two case studies. Firstly, the South African ‘SASSA card’ that was introduced in 2012, and distributed cards and bank accounts to people who received a social grant. Secondly, the Australian ‘Cashless Debit Card’ (CDC), which was introduced in specific sites across Australia from 2016. Data was gathered through a combination of semi-structured interviews, ethnographic observations and documentary and policy analysis. This thesis contributes to academic knowledge in three central areas. Firstly, it offers a new example and interpretation to contribute to the field of everyday IPE. Drawing on Lefebvre’s approach, it demonstrates the value of the study of the everyday by offering a sociological, experiential dimension to contemporary welfare restructuring. It also deepens studies of neoliberalisation by addressing contingency at an everyday level and the variegated outcomes this produces. The second area is in the study of welfare. Empirically, the thesis draws attention to the importance of the mode of payment in shaping people’s lives, providing new empirical material on welfare systems in South Africa and Australia. Finally, it contributes to the study of everyday financialisation by drawing on social meanings of money, and offers new examples of the way linkages are developed between finance capital and welfare recipients

Legal and regulatory aspects of mobile financial services

The thesis deals with the emergence of bank and non-bank entities that provide a range of unique transaction-based payment services broadly called Mobile Financial Services (MFS) to unbanked, underserved and underbanked persons via mobile phones. Models of MFS from Mobile Network Operators (MNOs), banks, combinations of MNOs and banks, and independent Mobile Financial Services Providers are covered. Provision by non-banks of ‘bank-type’ services via mobile phones has been termed ‘transformational banking’ versus the ‘additive banking’ services from banks. All involve the concept of ‘branchless banking’ whereby ‘cash-in/cash out’ services are provided through ‘agents.’ Funds for MFS payments may available through a Stored Value Product (SVP), particularly through a Stored Value Account SVP variant offered by MNOs where value is stored as a redeemable fiat- or mobile ‘airtime’-based Store of Value. The competitive, legal, technical and regulatory nature of non-bank versus bank MFS models is discussed, in particular the impact of banking, payments, money laundering, telecommunications, e-commerce and consumer protection laws. Whether funding mechanisms for SVPs may amount to deposit-taking such that entities could be engaged in the ‘business of banking’ is discussed. The continued use of ‘deposit’ as the traditional trigger for the ‘business of banking’ is investigated, alongside whether transaction and paymentcentric MFS rises to the ‘business of banking.’ An extensive evaluation of ‘money’ based on the Orthodox and Claim School economic theories is undertaken in relation to SVPs used in MFS, their legal associations and import, and whether they may be deemed ‘money’ in law. Consumer protection for MFS and payments generally through current statute, contract, and payment law and common law condictiones are found to be wanting. Possible regulatory arbitrage in relation to MFS in South African law is discussed. The legal and regulatory regimes in the European Union, Kenya and the United States of America are compared with South Africa. The need for a coordinated payments-specific law that has consumer protections, enables proportional risk-based licensing of new non-bank providers of MFS, and allows for a regulator for retail payments is recommended. The use of trust companies and trust accounts is recommended for protection of user funds. | viPublic, Constitutional and International LawLL. D

Incentive-driven QoS in peer-to-peer overlays

A well known problem in peer-to-peer overlays is that no single entity has control over the software, hardware and configuration of peers. Thus, each peer can selfishly adapt its behaviour to maximise its benefit from the overlay. This thesis is concerned with the modelling and design of incentive mechanisms for QoS-overlays: resource allocation protocols that provide strategic peers with participation incentives, while at the same time optimising the performance of the peer-to-peer distribution overlay. The contributions of this thesis are as follows. First, we present PledgeRoute, a novel contribution accounting system that can be used, along with a set of reciprocity policies, as an incentive mechanism to encourage peers to contribute resources even when users are not actively consuming overlay services. This mechanism uses a decentralised credit network, is resilient to sybil attacks, and allows peers to achieve time and space deferred contribution reciprocity. Then, we present a novel, QoS-aware resource allocation model based on Vickrey auctions that uses PledgeRoute as a substrate. It acts as an incentive mechanism by providing efficient overlay construction, while at the same time allocating increasing service quality to those peers that contribute more to the network. The model is then applied to lagsensitive chunk swarming, and some of its properties are explored for different peer delay distributions. When considering QoS overlays deployed over the best-effort Internet, the quality received by a client cannot be adjudicated completely to either its serving peer or the intervening network between them. By drawing parallels between this situation and well-known hidden action situations in microeconomics, we propose a novel scheme to ensure adherence to advertised QoS levels. We then apply it to delay-sensitive chunk distribution overlays and present the optimal contract payments required, along with a method for QoS contract enforcement through reciprocative strategies. We also present a probabilistic model for application-layer delay as a function of the prevailing network conditions. Finally, we address the incentives of managed overlays, and the prediction of their behaviour. We propose two novel models of multihoming managed overlay incentives in which overlays can freely allocate their traffic flows between different ISPs. One is obtained by optimising an overlay utility function with desired properties, while the other is designed for data-driven least-squares fitting of the cross elasticity of demand. This last model is then used to solve for ISP profit maximisation

Factors Influencing Customer Satisfaction towards E-shopping in Malaysia

Online shopping or e-shopping has changed the world of business and quite a few people have decided to work with these features. What their primary concerns precisely and the responses from the globalisation are the competency of incorporation while doing their businesses. E-shopping has also increased substantially in Malaysia in recent years. The rapid increase in the e-commerce industry in Malaysia has created the demand to emphasize on how to increase customer satisfaction while operating in the e-retailing environment. It is very important that customers are satisfied with the website, or else, they would not return. Therefore, a crucial fact to look into is that companies must ensure that their customers are satisfied with their purchases that are really essential from the ecommerce’s point of view. With is in mind, this study aimed at investigating customer satisfaction towards e-shopping in Malaysia. A total of 400 questionnaires were distributed among students randomly selected from various public and private universities located within Klang valley area. Total 369 questionnaires were returned, out of which 341 questionnaires were found usable for further analysis. Finally, SEM was employed to test the hypotheses. This study found that customer satisfaction towards e-shopping in Malaysia is to a great extent influenced by ease of use, trust, design of the website, online security and e-service quality. Finally, recommendations and future study direction is provided. Keywords: E-shopping, Customer satisfaction, Trust, Online security, E-service quality, Malaysia

How digital data are used in the domain of health: A short review of current knowledge

In the era of digitalization, digital data is available about every aspect of our daily lives, including our physical and mental health. Digital data has been applied in the domain of healthcare for the detection of an outbreak of infectious diseases, clinical decision support, personalized care, and genomics. This paper will serve as a review of the rapidly evolving field of digital health. More specifically, we will discuss (1) big data and physical health, (2) big data and mental health, (3) digital contact tracing during the COVID-19 pandemic, and finally, (4) ethical issues with using digital data for health-related purposes. With this review, we aim to stimulate a public debate on the appropriate usage of digital data in the health sector