View
36
Download
1
Category
Tags:
Preview:
DESCRIPTION
E-Business Eighth Edition. Chapter 11 Payment Systems For E-Business. Learning Objectives. In this chapter, you will learn about: The basic functions of online payment systems The use of payment cards in electronic commerce The history and future of electronic cash - PowerPoint PPT Presentation
Citation preview
E-BusinessEighth Edition
Chapter 11Payment Systems For E-Business
E-Business, Eighth Edition 22
Learning Objectives
In this chapter, you will learn about:
• The basic functions of online payment systems
• The use of payment cards in electronic commerce
• The history and future of electronic cash
• How electronic wallets work
• The use of stored-value cards in electronic commerce
• Internet technologies and the banking industry
E-Business, Eighth Edition 3
Online Payment Basics
• E-commerce– Exchange money for goods or services– Important function: handling Internet payments– B2B payment transactions
• Electronic funds transfers (EFTs)
• B2C payment transactions– Evolving and competing for dominance– Customer convenience, saves companies money
• Bill mailed by mail costs $1.00 to $1.50
• Internet billing cost: 50 cents
E-Business, Eighth Edition 4
Online Payment Basics (cont’d.)
• Four basic means to purchase items in B2C (traditional and electronic)– Cash, checks, credit cards, debit cards
• 90% of all United States consumer payments
• Electronic transfer: small but growing
• Most popular: automated payments
• Credit cards– Worldwide: 90% of online payments– United States: 97% of online payments
E-Business, Eighth Edition 5
E-Business, Eighth Edition 6
Online Payment Basics (cont’d.)
• Scrip – Digital cash minted by a company
• Cannot be exchanged for cash• Exchanged for goods or services by company issuing
scrip– Like a gift certificate: good at more than one store– Current scrip offerings (eScrip)
• Focus: not-for-profit fundraising market
• Merchant should offer customers payment options– Safe, convenient, widely accepted– Companies sell payment processing package service
E-Business, Eighth Edition 7
E-Business, Eighth Edition 8
Payment Cards
• General term describing all types of plastic cards consumers (businesses) use to make purchases– Categories: credit cards, debit cards, charge cards
• Credit card (Visa, MasterCard)– Spending limit based on user’s credit history
• Charge purchases against credit line– Options for user billing cycle payments
• Pay off entire credit card balance; pay minimum amount
• Card issuers charge unpaid balance interest– Accepted worldwide, 30-day dispute period
E-Business, Eighth Edition 9
Payment Cards (cont’d.)
• Credit card (cont’d.)– Card not present transactions
• Cardholder not present during transaction
• Requires extra security
• Debit card – Removes sales amount from cardholder’s bank
account – Transfers sales amount to seller’s bank account– Issued by cardholder’s bank
• Carries major credit card issuer name
E-Business, Eighth Edition 10
Payment Cards (cont’d.)
• Charge card (American Express)– No spending limit– Entire balance due at end of billing period– No line of credit or interest charges– Examples: department store, oil company cards
• “Payment card”– Refers to credit cards, debit cards, and charge cards
E-Business, Eighth Edition 11
Payment Cards (cont’d.)
• Single-use cards– Cards with disposable numbers
• Addresses concern of giving online vendors payment card numbers
– Not used much anymore• Problem: required consumers to behave differently
E-Business, Eighth Edition 12
Advantages and Disadvantages of Payment Cards
• Advantage for merchants– Fraud protection (built-in security)
• Charge paid through issuer of payment card
• Advantage for U.S. consumers– Liability of fraudulent card use: $50
• Card issuer frequently waives $50 charge if card stolen
• Good for merchants and consumers– Worldwide acceptance
• Currency conversion handled by card issuer
E-Business, Eighth Edition 13
Advantages and Disadvantages of Payment Cards (cont’d.)
• Disadvantage for merchants– Per-transaction fees, monthly processing fees
• Cost of doing business
– Goods and services prices are slightly higher• As opposed to environment free of payments cards
– For payment:• Merchant must first set up merchant account
• Disadvantage for consumers– Annual fee
Payment Acceptance and Processing
• Internet payment card process easier than physical store process
• EMV standard– Single standard handling payment card transactions– Visa, MasterCard, MasterCard International
• United States online stores, mail order stores– Must ship merchandise within 30 days of charging
payment• Violation penalties are significant
• Most do not charge payment card accounts until merchandise shipped
E-Business, Eighth Edition 14
Payment Acceptance and Processing (cont’d.)
• General steps in payment card transactions – Merchant receives payment card information– Merchant authenticates payment – Merchant ensures funds are available and puts hold
on credit line or funds to cover charge– Settlement occurs (few days after purchase); funds
travel between banks and are placed into merchant’s account
E-Business, Eighth Edition 15
E-Business, Eighth Edition 16
Payment Acceptance and Processing (cont’d.)
• Open and closed loop systems– Closed loop systems
• Card issuer pays merchant directly
• Does not use intermediary
• American Express, Discover Card
– Open loop systems (three or more parties)• Third party (intermediary bank) processes transaction
• Visa, MasterCard: not issued directly to consumers
• Credit card associations: operated by association member banks
• Customer issuing banks: member banks
E-Business, Eighth Edition 17
Payment Acceptance and Processing (cont’d.)
• Merchant accounts (acquiring bank) – Bank doing business with sellers (Internet, non-
Internet) wanting to accept payment cards– Merchant account
• Required for online merchant to process payment cards
– Acceptance by bank of merchant account • Merchant must provide business information
• Risk of business type assessed
– Bank collects credit card receipts on merchant’s behalf
• Credits value in merchant’s account
E-Business, Eighth Edition 18
Payment Acceptance and Processing (cont’d.)
• Merchant accounts (cont’d.)– Chargeback
• Cardholder successfully contests charge
• Merchant bank must retrieve money from merchant account
• Merchant may have to cover chargeback potential
– Problem facing online businesses• Level of online transaction fraud
• Fewer than 5 percent of credit card transactions completed online; accounts for 60 percent of total credit card dollar amount fraud
E-Business, Eighth Edition 19
Payment Acceptance and Processing (cont’d.)
• Processing payment cards online– Payment processing service providers
• Companies offering payment card processing
– Example: InternetSecure• Supports Visa and MasterCard payments for Canadian
and U.S. accounts
• Provides risk management and fraud detection
• Handles online merchants transactions
• Uses existing bank-approved payment card processing infrastructure, secure links, and firewalls
Payment Acceptance and Processing (cont’d.)
• Processing payment cards online (cont’d.)– First Data
• Provides merchant payment card processing services with ICVERIFY and WebAuthorize programs
• ICVERIFY: for small retailers using Microsoft Windows electronic cash registers, point-of-sale terminal systems
• WebAuthorize: for large enterprise-class merchant sites
– ICVERIFY, WebAuthorize connect directly to: • Network of banks: Automated Clearing House (ACH)
• Credit card authorization companies
• Connect to ACH through highly secure, private leased telephone lines
E-Business, Eighth Edition 20
E-Business, Eighth Edition 21
E-Business, Eighth Edition 22
Payment Acceptance and Processing (cont’d.)
• Processing payment cards online (cont’d.)– Merchant Warehouse’s PayFlow Link system
• Online payment system developed by CyberCash
• Now operated by VeriSign
– InfoSpace’s Authorize.Net• Online, realtime payment card processing service
• Merchants link to system by inserting small HTML code block into transaction page
• Order encrypted, transferred to Authorize.Net server
• Server relays transaction to bank network
• Customers not aware of third-party supplier (usually)
E-Business, Eighth Edition 23
Electronic Cash
• Electronic cash (e-cash, digital cash)– Describes any value storage and exchange system
created by private (nongovernmental) entity• Does not use paper documents or coins
• Can serve as substitute for government-issued physical currency
• Readily exchanged for physical cash on demand
• Problem– No standard among all electronic cash issuers– Not universally accepted
E-Business, Eighth Edition 24
Electronic Cash (cont’d.)
• Small purchases not profitable for merchants– Bank fees greater than profits
• Factors in favor of electronic cash– Potentially significant market for electronic cash
• Market for Internet small purchases (below $10)
– Most of world’s population does not have credit cards• Electronic cash: solution to paying for online purchases
• Idea of electronic cash refuses to die– Despite failures
E-Business, Eighth Edition 25
Micropayments and Small Payments
• Micropayments– Internet payments for items
• Costing few cents to a dollar
• Micropayments barriers– Not implemented very well on the Web yet– Human psychology
• People prefer to buy small value items in fixed price chunks
• Example: mobile phone has fixed monthly payment plans
E-Business, Eighth Edition 26
Micropayments and Small Payments (cont’d.)
• Small payments – All payments of less than $10
• Companies that have developed micropayment systems– Millicent, DigiCash, Yaga, BitPass
• All have failed
– No company has gained broad acceptance of its system despite industry observers seeing such a need
– No company devoted solely to offering micropayment services
Privacy and Security of Electronic Cash
• Electronic payment methods concerns– Privacy and security, independence, portability,
convenience– Privacy and security: most important to consumers
• Transactions vulnerable• Electronic currency: copied, reused, forged
• Unique security problems of electronic cash– Possible to spend only once
• Not counterfeit; used in two different transactions
– Anonymous use• Prevents sellers from collecting information
E-Business, Eighth Edition 27
Privacy and Security of Electronic Cash (cont’d.)
• Electronic cash companies– eCharge, InternetCash, Valista
• Advantages of electronic cash– Independent
• Unrelated to any network or storage device
• Ideally pass transparently across international borders; converted automatically to recipient country’s currency
– Portable• Freely transferable between any two parties
• Credit and debit cards: not portable or transferable
• Important characteristic of cash: convenienceE-Business, Eighth Edition 28
E-Business, Eighth Edition 29
Holding Electronic Cash: Online and Offline Cash
• Online cash storage– Consumer has no personal possession of electronic
cash• Trusted third party (online bank) involved in all
transfers, holds consumers’ cash accounts
• Online system payment– Merchants contact consumer’s bank
• Helps prevent fraud (confirm valid cash)
• Resembles process of checking with consumer’s bank to ensure valid credit card and matching name
Holding Electronic Cash: Online and Offline Cash (cont’d.)
• Offline cash storage– Virtual equivalent of money kept in wallet– Customer holds it
• No third party involved in transaction
– Protection against fraud concern• Hardware or software safeguards needed
– Double-spending• Spending electronic cash twice
• Too late to prevent fraudulent act by time same electronic currency clears bank for second time
• Prevent double-spending: use encryption techniquesE-Business, Eighth Edition 30
E-Business, Eighth Edition 31
Advantages and Disadvantages of Electronic Cash
• Traditional brick-and-mortar billing methods– Costly
• Generate invoices, stuff envelopes, buy and affix postage to envelopes, send invoices to customers
– Accounts payable department• Keeps track of incoming payments, posts accounts in
database, ensures current customer data
• Online stores have the same payment collection inefficiencies– Online customers use credit cards to pay for
purchases
E-Business, Eighth Edition 32
Advantages and Disadvantages of Electronic Cash (cont’d.)
• Online auction customers use conventional payment methods– Checks, money orders
• Electronic cash system– Less popular than other payment methods– Provides unique advantages and disadvantages
• Advantages of electronic cash transactions– More efficient (less costly)
• Efficiency fosters more business (lower prices)
– Occurs on existing infrastructure (Internet)
Advantages and Disadvantages of Electronic Cash (cont’d.)
• Advantages of electronic cash transactions (cont’d.)– Internet spans globe
• Distance transaction travels does not affect cost
– Does not require one party to obtain authorization
• Disadvantages of electronic cash transactions– No audit trail– Money laundering
• Technique criminals use to convert money illegally obtained into spendable cash
• Purchase goods, services with ill-gotten electronic cash
• Goods sold for physical cash on open marketE-Business, Eighth Edition 33
E-Business, Eighth Edition 34
Advantages and Disadvantages of Electronic Cash (cont’d.)
• Disadvantages of electronic cash transactions (cont’d.)– Susceptible to forgery– Other potentially damaging digital economic factors
• Expansion of money supply when banks loan electronic cash on consumer and merchant traditional bank accounts
• Electronic cash has not yet become a global success– Will require wide acceptance and solution to problem
of multiple electronic cash standards
E-Business, Eighth Edition 35
How Electronic Cash Works
• Consumer opens account with electronic cash issuer– Presents proof of identity
• Consumer withdraws electronic cash using issuer’s Web site– Presents proof of identity
• Digital certificate issued by certification authority
• Combination of credit card number and verifiable bank account
E-Business, Eighth Edition 36
How Electronic Cash Works (cont’d.)
• After consumer identity is verified:– Electronic cash amount is issued
• Amount deducted from consumer’s account• Issuer may charge small processing fee
• Consumer stores electronic cash– In electronic wallet – On his or her computer– On stored-value card
• Consumer can authorize issuer to make third-party payments– From electronic cash account
E-Business, Eighth Edition 37
Providing Security for Electronic Cash
• Significant electronic cash problem– Potential for double-spending
• Main deterrent– Threat of detection and prosecution
• Keys to creating tamperproof electronic cash that can be traced back to origins– Cryptographic algorithms– Two-part lock
• Provides anonymous security
• Signals someone is attempting to double-spend cash
E-Business, Eighth Edition 38
Providing Security for Electronic Cash (cont’d.)
• When second transaction occurs– Complicated process reveals:
• Attempted second use
• Identity of original electronic cash holder
• Electronic cash used correctly– Maintains user’s anonymity
• Double-lock procedure– Protects anonymity of electronic cash users– Simultaneously provides built-in safeguards to
prevent double-spending
E-Business, Eighth Edition 39
E-Business, Eighth Edition 40
Providing Security for Electronic Cash (cont’d.)
• Double-spending– Neither detected nor prevented with truly anonymous
electronic cash
• Anonymous electronic cash– Cannot be traced back to person who spent it
• Tracing electronic cash– Attach serial number to each electronic cash
transaction• Cash positively associated with particular consumer
• Does not solve double-spending problem
E-Business, Eighth Edition 41
Providing Security for Electronic Cash (cont’d.)
• Single issuing bank can detect when two deposits of same electronic cash are about to occur– Impossible to ascertain fault (consumer or merchant)
• Electronic cash contains serial numbers– No longer anonymous
• One reason to acquire electronic cash
– Raises privacy issues• The use of serial numbers to track consumers’
spending habits
E-Business, Eighth Edition 42
Providing Security for Electronic Cash (cont’d.)
• Creating truly anonymous electronic cash– Bank issues electronic cash with embedded serial
numbers• Bank digitally signs electronic cash while removing
association of cash with particular customer
E-Business, Eighth Edition 43
Electronic Cash Systems
• Electronic cash– More successful in Europe and Japan
• Consumers prefer to use cash (does not work well for online transactions)
• Electronic cash fills important need– Not successful in United States
• Consumers have payment cards and checking accounts
• KDD Communications (KCOM)– Internet subsidiary: Japan’s largest phone company– Offers electronic cash through NetCoin Center
E-Business, Eighth Edition 44
Electronic Cash Systems (cont’d.)
• Reasons for failure of United States electronic cash systems – Electronic cash systems implementation
• Required to download and install complicated client-side software that ran in conjunction with browser
– Number of competing technologies• No standards developed
• Array of proprietary electronic cash alternatives
– No interoperable software• That runs transparently on variety of hardware
configurations and different software systems
E-Business, Eighth Edition 45
Electronic Cash Systems (cont’d.)
• CheckFree– Largest online bill processor (in the world)– Payment processing services since 1981 to:
• Large corporations, individual Internet users
– 2007 Fiserv bought CheckFree ($4.4 billion)• Offers online bill processing under CheckFree brand
E-Business, Eighth Edition 46
Electronic Cash Systems (cont’d.)
• Clickshare– Electronic cash system for magazines and newspaper
publishers– Uses technology called micropayment-only system– An ISP supporting Clickshare automatically registers
users – When users click links leading to Clickshare sites
• They can make purchases without registering again
• Clickshare keeps track of transactions and bills user’s ISP
E-Business, Eighth Edition 47
Electronic Cash Systems (cont’d.)
• Clickshare (cont’d.)– Tracks user on the Internet
• Significant value to advertisers, marketers
• Defeats anonymity
– Micropayment capability• By-product of core functionality of tracking identified
users
• Tracks users with standard HTTP Web protocol
• Does not require cookies or software wallets
E-Business, Eighth Edition 48
Electronic Cash Systems (cont’d.)
• PayPal– Payment processing services to businesses,
individuals– Earns profit from float
• Money deposited, not used immediately– Charges transaction fee
• Businesses using service to collect payments– Peer-to-peer (P2P) payment system
• Free payment clearing service for individuals• Payments from one type of entity to another of the
same type
E-Business, Eighth Edition 49
Electronic Cash Systems (cont’d.)
• PayPal (cont’d.)– Eliminates writing and mailing checks or payment
cards– Send money instantly and securely to anyone with an
e-mail address– Convenient for auction bidders to pay for purchases– Convenient for auction sellers
• Eliminates risks posed by other online payment types– Transactions clear instantly– Redemption
• PayPal check• Direct deposit to checking accounts
E-Business, Eighth Edition 50
E-Business, Eighth Edition 51
Electronic Cash Systems (cont’d.)
• PayPal (cont’d.)– Merchants and consumers first register for PayPal
account• No minimum amount account balance
• Add money by authorizing checking accounts transfer, using credit card
• Merchants need PayPal accounts to accept PayPal payments
E-Business, Eighth Edition 52
Electronic Cash Systems (cont’d.)
• PayPal (cont’d.)– Competition from Billpoint
• Joint venture between eBay, Wells Fargo
• PayPal maintained first-mover advantage– Remained most widely used eBay payment processing
system
• eBay purchased PayPal
– Other peer-to-peer payment business companies• First Data Corporation offered electronic money orders
through BidPay site (closed in 2007)
• Citibank’s c2it payments service (closed in 2003)
E-Business, Eighth Edition 53
Electronic Wallets
• Concerns of consumers when shopping online– Entering detailed shipping and payment information
for each online purchase– Filling out forms
• Solution– Electronic commerce sites allows customer to store
name, address, credit card information on the site– Problem
• Consumers must enter information at each site
E-Business, Eighth Edition 54
Electronic Wallets (cont’d.)
• Electronic wallet (e-wallet)– Holds credit card numbers, electronic cash, owner
identification, owner contact information– Provides information at electronic commerce site
checkout counter– Benefit: consumer enters information once
• More efficient shopping
• Server-side electronic wallet– Stores customer’s information on remote server of
merchant or wallet publisher– No download time or installation on user’s computer
E-Business, Eighth Edition 55
Electronic Wallets (cont’d.)
• Server-side electronic wallet (cont’d.)– Main weakness
• Security breach can reveal thousands of users’ personal information (credit card numbers)
• Servers must employ strong security measures to minimize possibility of unauthorized disclosure
• Client-side electronic wallet– Stores information on consumer’s computer– Disadvantages
• Must download wallet software onto every computer• Not portable
E-Business, Eighth Edition 56
Electronic Wallets (cont’d.)
• Client-side electronic wallet (cont’d.)– Advantage
• Sensitive information stored on user’s computer
– Sensitive information safer on client machine• Attackers must launch many attacks on user computers
(more difficult to identify)
• Prevents easily identifiable wallet vendor’s servers from attack
E-Business, Eighth Edition 57
Electronic Wallets (cont’d.)
• Characteristics of useful wallets– Wallet accessibility
• Populate data fields in any merchant’s forms for any site consumer visits
– Electronic wallet manufacturer and merchants from many sites must coordinate efforts
• Wallet recognizes consumer information going into each field of given merchant’s forms
E-Business, Eighth Edition 58
Electronic Wallets (cont’d.)
• Electronic wallets – Store shipping and billing information
• Consumer’s first and last names, street address, city, state, country, postal code
– Hold credit card names, numbers• Offers consumer choice of credit cards at online
checkout
– Hold electronic cash from various providers
E-Business, Eighth Edition 59
Electronic Wallets (cont’d.)
• Electronic wallet used by business companies – Example: MasterCard– Most abandoned efforts
• Current major browsers include feature to remember names, addresses, other commonly requested information
• Browsers provides one-click Web form field completion
– Two e-wallet arena survivors • Microsoft Windows Live ID
• Yahoo! Wallet
E-Business, Eighth Edition 60
Microsoft Windows Live ID
• Formerly called Passport, Microsoft .NET Passport
• Single sign-in service– Includes server-side electronic wallet
• Operated by Microsoft
• All personal data entered into Windows Live ID wallet– Encrypted and password protected
E-Business, Eighth Edition 61
Microsoft Windows Live ID (cont’d.)
• Four integrated services– Single sign-in service (SSI)
• Allows user to sign in at participating Web site using username and password
– Wallet service• Provides electronic wallet functions (secure storage,
form completion of credit card, address information)– Kids service
• Helps parents protect, control children’s online privacy– Public profiles
• Allows consumers to create public page of information about themselves
E-Business, Eighth Edition 62
Yahoo! Wallet
• Server-side electronic wallet offered by Yahoo!• Completes order forms automatically
– Identifying information, credit card payment information
• Stores information– Several major credit, charge cards, Visa and
MasterCard debit cards• Accepted by:
– Thousands of Yahoo! Store merchants, Yahoo! Travel– Yahoo! Services
• Premium e-mail storage, Web hosting fees
E-Business, Eighth Edition 63
Yahoo! Wallet (cont’d.)
• Yahoo! Advantage– Number of services and shops accommodate own
wallet• Large number of merchants accept wallet
• Privacy concern– Company issuing wallet has access to great deal of
information about individual using wallet
E-Business, Eighth Edition 64
Stored-Value Cards
• Microchip smart card or magnetic strip plastic card– Records currency balance
• Microchip versus magnetic strip– Microchip stores more information– Tiny microchip computer processor
• Performs calculations and storage operations on card
– Different microchip card reader needed
• Examples: prepaid phone, copy, subway, bus cards
• “Stored-value card” and “smart card” used interchangeably
E-Business, Eighth Edition 65
Magnetic Strip Cards
• Holds rechargeable value
• Passive magnetic strip cards cannot:– Send or receive information– Increment or decrement cash value stored
• Processing done on device into which card inserted
• Magnetic strip cards and smart cards store electronic cash– Smart card better suited for Internet payment
transactions• Has processing capability
E-Business, Eighth Edition 66
Smart Cards
• Stored-value card – Plastic card with embedded microchip
• Credit, debit, charge cards store limited information on magnetic strip
• Store information– About 100 times more than magnetic strip plastic card
• Hold private user data– Financial facts, encryption keys, account information,
credit card numbers, health insurance information, medical records
E-Business, Eighth Edition 67
Smart Cards (cont’d.)
• Safer than conventional credit cards– Information encrypted on smart card
• Popular in Europe, parts of Asia– Public telephone calls, cable television programs– Hong Kong
• Retail counters, restaurant cash registers have smart card readers
• Octopus is the public transportation smart card: can be reloaded at transportation locations, 7-Eleven stores
E-Business, Eighth Edition 68
E-Business, Eighth Edition 69
Smart Cards (cont’d.)
• Beginning to appear in United States– San Francisco TransLink integrated ticketing system
for public transportation– Smart Visa card (2000)– Target Visa smart card (2002)
• Smart Card Alliance– Advances smart card benefits– Promotes widespread acceptance of multiple-
application smart card technology– Promotes compatibility among smart cards, card
reader devices, applications
E-Business, Eighth Edition 70
Internet Technologies and the Banking Industry
• Paper checks– Largest dollar volume of payments– Processed through world’s banking system
• Other major payment forms– Involve banks one way or another
• Banking industry Internet technologies– Providing new tools– Creating new threats
Check Processing
• Physical check processing (banks, clearinghouses)– Person wrote check; retailer deposited check in bank
account– Retailer’s bank sent paper check to clearinghouse
• Clearinghouse managed fund transfer (consumer’s bank to retailer’s account)
– Paper check transported to consumer’s bank– Send cancelled check to consumer
• Many banks stopped sending cancelled checks to consumer – Provide PDF images of processed checks
E-Business, Eighth Edition 71
E-Business, Eighth Edition 72
Check Processing (cont’d.)
• Disadvantage of paper checks – Cost of transporting tons of paper checks– Float
• Delay between the time person writes check and the time check clears person’s bank
• Bank’s customer obtains free use of funds for few days
• Bank loses use of funds for same time period
• Can become significantly longer than a few days
E-Business, Eighth Edition 73
Check Processing (cont’d.)
• Technologies helping banks reduce float– 2004 U.S. law: Check Clearing for the 21st Century
Act (Check 21)• Banks eliminate movement of physical checks entirely
• Check 21-compliant world– Retailer scans customer's check– Scanned image transmitted instantly
• Through clearing system
– Posts almost immediately to both accounts • Eliminates transaction float
Phishing Attacks
• Phishing expedition– Technique for committing fraud against online
businesses customers– Launched against all online business types– Particular concern to financial institutions
• Customers expect high degree of personal information security
• Basic structure– Attacker sends e-mail message
• Large number of recipients
• Account at targeted Web site
E-Business, Eighth Edition 74
Phishing Attacks (cont’d.)
• Basic structure (cont’d.)– E-mail message tells recipient account is compromised
• Recipient must log on to account to correct problem
– E-mail message includes link• Appears to be Web site login page • Actually disguised perpetrator’s Web site
– Recipient enters login name, password• Perpetrator captures• Uses to access recipient’s account• Access personal information, make purchases, withdraw
funds
E-Business, Eighth Edition 75
E-Business, Eighth Edition 76
E-Business, Eighth Edition 77
Phishing Attacks (cont’d.)
• Spear phishing – Phishing expedition that is carefully designed to target
particular person or organization– Requires considerable research– Increases chance of e-mail being opened– Example: 2008 government stimulus checks
• Phishing e-mails appeared within one week of passage
E-Business, Eighth Edition 78
Phishing Attacks (cont’d.)
• E-mail link disguises and tricks– Example of Web server that ignores all characters
preceding “@”:https://www.paypal.com@218.36.41.188/fl/login.html
– Example of disguised link:https://www.paypal.com@218.36.41.188/fl/login.html
– Example of invisible phony site displayed due to JavaScript code:
http://leasurelandscapes.com/snow/webscr.dll
E-Business, Eighth Edition 79
Phishing Attacks (cont’d.)
• E-mail link disguises and tricks (cont’d.)– Pop-up windows
• Look exactly like browser address bar
– Including Web site graphics of financial institutions • Looks more convincing
E-Business, Eighth Edition 80
E-Business, Eighth Edition 81
Organized Crime, Identity Theft, and Phishing Attacks
• Organized crime (racketeering)– Unlawful activities conducted by highly organized,
disciplined association for profit– Differentiated from less organized terrorist groups– Internet providing new criminal activity opportunities
• Generates spam, phishing, identity theft– Identity theft
• Criminal act where perpetrator gathers victim’s personal information
• Uses information to obtain credit• Perpetrator runs up account charges and disappears
E-Business, Eighth Edition 82
E-Business, Eighth Edition 83
Organized Crime, Identity Theft, and Phishing Attacks (cont’d.)
• Large criminal organizations– Efficient perpetrators of identity theft
• Exploit large amounts of personal information quickly and efficiently
– Sell or trade information that is not of immediate use• Other worldwide organized crime entities
– Zombie farm• Large number of computers implanted with zombie
programs– Pharming attack
• Hacker sells right to use zombie farm to organized crime association
E-Business, Eighth Edition 84
Organized Crime, Identity Theft, and Phishing Attacks (cont’d.)
• Two elements in phishing– Collectors: collect information– Cashers: use information – Require different skills
• Crime organizations facilitate transactions between collectors and cashers– Increases phishing activity efficiency, volume
• Each year– More than a million people fall victim– Financial losses exceed $500 million
E-Business, Eighth Edition 85
Phishing Attack Countermeasures
• Change protocol– Improve e-mail recipients’ ability to identify message
source– Reduce phishing attack threat
• Educate Web site users
• Contract with consulting firms specializing in anti-phishing work
• Monitor online chat rooms used by criminals
Summary
• Online stores payment forms– Credit, debit, charge cards (payment cards)
• Ubiquitous, convenient, easy to use
– Electronic cash advantages and potential uses• Making micropayments, stored online or offline
– Convenience of electronic wallets
– Stored-value cards• Smart cards, magnetic strip cards
• Banks process most monetary transactions– Use Internet technologies to process checks
• Concerns: phishing expeditions, identity theft
E-Business, Eighth Edition 86
Recommended