Can smart cards reduce payments fraud and identity theft?

In the United States, when a consumer presents a payment to a merchant, the merchant typically makes a request for authorization before accepting the payment. Personal information, such as an account number, address, or telephone number, are often enough to initiate a payment. A serious weakness of this system is that criminals who obtain the correct personal information can impersonate an honest consumer and commit payments fraud. ; A key to improving security-and reducing payments fraud-might be payment smart cards. Payment smart cards have an embedded computer chip that encrypts messages to aid authorization. If properly configured, payment smart cards could provide direct benefits to consumers, merchants, banks, and others. These groups would be less vulnerable to the effects of fraud and the cost of fraud prevention would fall. Smart cards could also provide indirect benefits to society by allowing a more efficient payment system. Smart cards have already been adopted in other countries, allowing a more secure payments process and a more efficient payments system. ; Sullivan explores why smart cards have the potential to provide strong payment authorization and thus put a substantial dent into the problems of payments fraud and identity theft. But adopting smart cards in the United States faces some significant challenges. First, the industry must adopt payment smart cards and their new security standards. Second, card issuers and others in the payments industry must agree on the specific forms of security protocols used in smart cards. In both steps the industry must overcome market incentives that can impede the adoption of payment smart cards or limit the strength of their security.

The role of IT/IS in combating fraud in the payment card industry

The vast growth of the payment card industry (PCI) in the last 50 years has placed the industry in the centre of attention, not only because of this growth, but also because of the increase of fraudulent transactions. The conducted research in this domain has produced statistical reports on detection of fraud, and ways of protection. On the other hand, the relevant body of research is quite partial and covers only specific topics. For instance, the provided reports related to losses due to fraudulent usage of cards usually do not present the measures taken to combat fraud nor do they explain the way fraud happens. This can turn out to be confusing and makes one believe that card usage can be more negative than positive. This paper is intended to provide accumulative and organized information of the efforts made to protect businesses from fraud. We try to reveal the effectiveness and efficiency of the current fraud combating techniques and show that organized worldwide efforts are needed to take care of the larger part of the problem. The research questions that will be addressed in the paper are: 1) how can IT/IS help in combating fraud in the PCI?, and 2) is the implemented IT/IS effective and efficient enough to bring progress in combating fraud? Our research methodology is based on a case study conducted in a Macedonian bank. The research is explorative and will be mostly qualitative in nature; however some quantitative aspects will be included. The findings indicate that fraud can take up many forms. A classification of the different forms of data theft into different fraudulent appearances was made. We showed that the benefits from implementing the fraud reduction efforts are multiple. Results show that a bank has to be very small to experience losses from fixed expenditures coming from the implementation of the fraud reduction IT/IS. Medium-sized and large banks should not even see any problems arising from those expenditures. Based on the empirical data and the presented facts we can conclude that the fraud reduction IT/IS do have a positive effect on all sides of the payment process and fulfills the expectations of all stakeholders

Risky business: managing electronic payments in the 21st Century

On June 20 and 21, 2005, the Payment Cards Center of the Federal Reserve Bank of Philadelphia, in conjunction with the Electronic Funds Transfer Association (EFTA), hosted a day-and-a-half forum, “Risky Business: Managing Electronic Payments in the 21st Century.” The Center and EFTA invited participants from the financial services and processing sectors, law enforcement, academia, and policymakers to explore key topics associated with the challenge of effectively managing risk in a payments environment that is increasingly electronic. The meeting’s goal was to identify areas of potential risk and explore interindustry solutions. This paper provides highlights from the forum presentations and ensuing conversations.

The changing nature of U.S. card payment fraud: industry and public policy options

As credit and debit card payments have become the primary payment instrument in retail transactions, awareness of identity theft and concerns over the safety of payments has increased. Traditional forms of card payment fraud are still an important threat, but fraud resulting from unauthorized access to payment data appears to be rising, and we are only beginning to get a sense of the dimensions of the problem. ; Thus far, the role of public policy has been to encourage the card payment industry to limit fraud by developing its own standards and procedures. Whether this policy stance is sufficient depends on the effectiveness of industry efforts to limit fraud in light of the dramatic shift toward card payments. ; Sullivan provides an overview of card payment fraud in the United States. He develops a preliminary estimate of the rate of U.S. card payment fraud and suggests that such fraud is higher than in several other countries for which data are available. The U.S. payment industry is taking steps to combat payment fraud, but progress has been slowed by conflicts of interest, inadequate incentives, and lack of coordination. Thus, policymakers should monitor the card payment industry to see if it better coordinates security efforts, and if not, consider actions to help overcome barriers to effective development of security.

Body language, security and e-commerce

Security is becoming an increasingly more important concern both at the desktop level and at the network level. This article discusses several approaches to authenticating individuals through the use of biometric devices. While libraries might not implement such devices, they may appear in the near future of desktop computing, particularly for access to institutional computers or for access to sensitive information. Other approaches to computer security focus on protecting the contents of electronic transmissions and verification of individual users. After a brief overview of encryption technologies, the article examines public-key cryptography which is getting a lot of attention in the business world in what is called public key infrastructure. It also examines other efforts, such as IBM’s Cryptolope, the Secure Sockets Layer of Web browsers, and Digital Certificates and Signatures. Secure electronic transmissions are an important condition for conducting business on the Net. These business transactions are not limited to purchase orders, invoices, and contracts. This could become an important tool for information vendors and publishers to control access to the electronic resources they license. As license negotiators and contract administrators, librarians need to be aware of what is happening in these new technologies and the impact that will have on their operations

Secure Mobile Payment Architecture Enabling Multi-factor Authentication

The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security features. This has become a major concern in the rapidly growing mobile payment market. To address these security concerns,in this paper we propose new mobile payment architecture. This architecture leverages the advanced capabilities of modern smartphones to verify various aspects of a payment, such as funds, biometrics, location, and others. The proposed system aims to guarantee the legitimacy of transactions and protect against identity theft by verifying multiple elements of a payment. The security of mobile payment systems is crucial, given the rapid growth of the market. Evaluating mobile payment systems based on their authentication, encryption, and fraud detection capabilities is of utmost importance. The proposed architecture provides a secure mobile payment solution that enhances the overall payment experience by taking advantage of the advanced capabilities of modern smartphones. This will not only improve the security of mobile payments but also offer a more user-friendly payment experience for consumers

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information

Data breaches are an increasingly common part of consumers’ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumers’ personally identifiable information and the strong possibility of identity theft. Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism. This Note argues that proactive solutions are required. First, a national data security law—setting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commission—is imperative to protect consumers’ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companies’ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers

Credit Card Fraud: A New Perspective On Tackling An Intransigent Problem

This article offers a new perspective on battling credit card fraud. It departs from a focus on post factum liability, which characterizes most legal scholarship and federal legislation on credit card fraud and applies corrective mechanisms only after the damage is done. Instead, this article focuses on preempting credit card fraud by tackling the root causes of the problem: the built-in incentives that keep the credit card industry from fighting fraud on a system-wide basis. This article examines how credit card companies and banks have created a self-interested infrastructure that insulates them from the liabilities and costs of credit card fraud. Contrary to widespread belief, retailers, not card companies or banks, absorb much of the loss caused by thieves who shop with stolen credit cards. Also, credit card companies and banks earn fees from every credit card transaction, including those that are fraudulent. In addressing these problems, this article advocates broad reforms, including legislation that would mandate data security standards for the industry, empower multiple stakeholders to create the new standards, and offer companies incentives to comply by capping bank fees for those that are compliant, while deregulating fees for those that are not compliant

Identity Theft in Cyberspace: Issues and Solutions

Cet article présente et analyse la menace grandissante que représente le vol d’identité dans le cyberespace. Le développement, dans la dernière décennie, du commerce électronique ainsi que des transactions et des communications numériques s’accélère. Cette progression non linéaire a généré une myriade de risques associés à l’utilisation des technologies de l’information et de la communication (les TIC) dans le cyberespace, dont un des plus importants est sans conteste la menace du vol d’identité. Cet article vise à donner un aperçu des enjeux et des risques relatifs au vol d’identité et cherche à offrir certaines solutions basées sur la nécessité d’opter pour une politique à trois volets qui englobe des approches stratégiques et règlementaires, techniques et culturelles.This article addresses and analyses the growing threat of identity theft in cyberspace. E-commerce and digital transactions and communications have, over the past decade, been increasingly transpiring at an accelerated rate. This non-linear progression has generated a myriad of risks associated with the utilization of information and communication technologies (ICTs) in cyberspace communications, amongst the most important of which is: the threat of identity theft. On such account, this article aims to provide an overview of the issues and risks pertinent to identity theft and seeks to offer some solutions based on the necessity of pursuing a tri-fold policy encompassing strategic and regulatory, technical, and cultural approaches