The changing nature of U.S. card payment fraud: industry and public policy options

As credit and debit card payments have become the primary payment instrument in retail transactions, awareness of identity theft and concerns over the safety of payments has increased. Traditional forms of card payment fraud are still an important threat, but fraud resulting from unauthorized access to payment data appears to be rising, and we are only beginning to get a sense of the dimensions of the problem. ; Thus far, the role of public policy has been to encourage the card payment industry to limit fraud by developing its own standards and procedures. Whether this policy stance is sufficient depends on the effectiveness of industry efforts to limit fraud in light of the dramatic shift toward card payments. ; Sullivan provides an overview of card payment fraud in the United States. He develops a preliminary estimate of the rate of U.S. card payment fraud and suggests that such fraud is higher than in several other countries for which data are available. The U.S. payment industry is taking steps to combat payment fraud, but progress has been slowed by conflicts of interest, inadequate incentives, and lack of coordination. Thus, policymakers should monitor the card payment industry to see if it better coordinates security efforts, and if not, consider actions to help overcome barriers to effective development of security.

Risk management and nonbank participation in the U.S. retail payments system

The retail payments system in the United States has changed significantly in recent years. Advances in technology have caused a greater reliance on electronic payment networks. And the industrial structure of the payment services industry has evolved, as more and more nonbanks deliver payment products to end users and supply back-end processing. In general, these changes have made the payments system more efficient and given more choices to consumers and more payment options to merchants and businesses. ; At the same time, however, the rapid pace of change has introduced new risks to the payments system. First, as more and more banks market payment services to nonbanks and outsource payments processing, the differences in information possessed by payments participants can magnify difficulties in managing risk. Second, electronic payments have a significantly different risk profile than paper checks. Third, greater complexity of the payments network potentially reduces incentives to manage risk and may cause difficulties in coordinating risk mitigation. ; Sullivan lays the groundwork for a dialogue on policy to control risk in the U.S. retail payments system. He concludes that a thorough review of supervisory authority relevant to retail payments would be valuable. In particular, the original authority to supervise nonbank payment processors was established over 40 years ago, when the primary reason for establishing that authority was the use of computer technology applied to bank accounting systems. Is that authority adequate given the revolutionary changes in the payments technology seen over the last four decades?Payment systems

Nonbanks and risk in retail payments

This paper documents the importance of nonbanks in retail payments in the United States and in 15 European countries and analyzes the implications of the importance and multiple roles played by nonbanks on retail payment risks. This paper also reviews the main regulatory safeguards in place, and concludes that there may be a need to reconsider some of them in view of the growing role of nonbanks and of the global reach of risks in the electronic era.

Data security, privacy, and identity theft: The economics behind the policy debates

Privacy ; Identity theft ; Data protection

Risks of identity theft: Can the market protect the payment system?

Identity theft has been a feature of financial markets for as long as alternatives have existed to cash transactions. But identity theft has recently occurred on a much larger scale. Data breaches often involve the apparent loss or acknowledged theft of the personal identifying information of thousands--or millions--of people. ; Identity theft poses risks, not only to individuals, but to the integrity and efficiency of the payment system--the policies, procedures, and technology that transfer information for authenticating and settling payments among participants. Identity theft can cause a loss of confidence in the security of certain payment methods and an unwillingness to use them. Markets can cease operating or switch to less efficient payment methods. Either represents a loss of efficiency for the economy. ; Schreft looks at the nature of identity theft today and the factors underlying its mounting risks. She also explores whether markets are able to limit the risks identity theft poses to the payment system.Identity theft ; Payment systems

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

Information security, data breaches, and protecting cardholder information: facing up to the challenges

On September 13 and 14, 2006, the Payment Cards Center of the Federal Reserve Bank of Philadelphia and the Electronic Funds Transfer Association (EFTA) hosted a conference entitled “Information Security, Data Breaches, and Protecting Cardholder Information: Facing Up to the Challenges.” The two-day event was designed to bring together a diverse set of stakeholders from the U.S. payments industry to discuss a framework to guide industry practices and inform public policy. This paper summarizes key highlights from this event. Conference participants emphasized that the industry must address two fundamental issues: (1) increasingly dangerous threats to sensitive consumer information and (2) public perception and understanding of the risks from data breaches. These challenges are related but need different solutions. A consensus emerged that while the situation is not yet dire, it is serious, and warrants attention from all payments stakeholders.Data protection ; Payment systems ; Computer security

Case Study On Social Engineering Techniques for Persuasion

There are plenty of security software in market; each claiming the best, still we daily face problem of viruses and other malicious activities. If we know the basic working principal of such malware then we can very easily prevent most of them even without security software. Hackers and crackers are experts in psychology to manipulate people into giving them access or the information necessary to get access. This paper discusses the inner working of such attacks. Case study of Spyware is provided. In this case study, we got 100% success using social engineering techniques for deception on Linux operating system, which is considered as the most secure operating system. Few basic principal of defend, for the individual as well as for the organization, are discussed here, which will prevent most of such attack if followed.Comment: 7 Page

Credit Cards: Weapons for Domestic Violence

The objectives of this study were to describe the intra-specific variation in herbicide response of weed populations when subjected to new vs. well-established herbicides, and to assess distributions of logLD(50)- and logGR(50)-estimates as a potential indicator for early resistance detection. Seeds of two grass weeds (Alopecurus myosuroides, Apera spica-venti) were collected in southern Sweden, mainly in 2002. In line with the objectives of the study, the collections sites were not chosen for noted herbicide failures nor for detected herbicide resistance, but solely for the presence of the target species. For each species, seedlings were subjected to two herbicides in dose-response experiments in a greenhouse. One herbicide per species was recently introduced and the other had been on the market for control of the species for a decade, with several reports of resistance in the literature. Fresh weight of plants and a visual vigour score were used to estimate GR(50) and LD50, respectively. Resistance to fenoxaprop-P-ethyl in A. myosuroides was indicated by the LD50-estimates to be present in frequencies sufficient to affect the population-level response in 9 of 29 samples, and was correlated to response to flupyrsulfuron, while low susceptibility to isoproturon in A. spica-venti populations was not linked to the response to sulfosulfuron. In the study as a whole, the magnitude of the estimated herbicide susceptibility ranges differed irrespective of previous exposure. No consistent differences were found in the distribution of LD50-estimates for new and "old" herbicides, and normality in the distribution of estimates could not be assumed for a non-exposed sample, even in the absence of an indication of cross-resistance.Original Publication:Liv A Espeby, Hakan Fogelfors and Per Milberg, Susceptibility variation to new and established herbicides: Examples of inter-population sensitivity of grass weeds, 2011, CROP PROTECTION, (30), 4, 429-435.http://dx.doi.org/10.1016/j.cropro.2010.12.022Copyright: Elsevier Science B.V., Amsterdam.http://www.elsevier.com

The fusion of law and information technology

In information society, legal norm communications have been never established in certain fields for a long time. That is, a few legal norms have never obeyed in the fields. Above all, legal norms which relate to data protection, information contents and information security, would often infringed. Most violation would be conducted by using information technologies. Information technologies would often be used in these infringing incidents. It can be said that these infringing incidents would have never been conducted without information technology. These infringing incidents include hacking actions, personal data abuse, personal information disclosure, unauthorized access, infringing copyrights, infringing privacy rights, and so on. A way of preventing those infringements is to raise the level of punishment against the violators. But, it will prove to be disappointing. Furthermore, it would be an ex post facto measure to the last. It would be needed to invent an ex ante measure, if it is possible. As the ex ante measure, the author proposes a fusion of law and information technology. An information technology will lead people to a lawful deed when they conduct actions in using computers and networks. They say that information technology cures information technology. After all, the fusion will aim at realizing laws, and it will contribute to recover a social justice