Hi,
On 3 April I hope to graduate from the Erasmus University Rotterdam, The
Netherlands with a Master's in Managerial Computer Science. I wrote my
thesis on the use of credit cards on the Internet. The problem the study
investigated was the security of credit card based payment systems for
electronic commerce on Internet. Specially, the study seeked to
determine:
1) What are the issues for secure payment on the Internet?
2) How credit cards are used today for electronic commerce on Internet?
3) What will the future be for credit cards on Internet?
This study provides a useful overview of security issues involved with
(credit card based) payment systems on Internet. Secondly, this study
shows whether doing electronic commerce using credit card based payment
systems on Internet is attractive for buyer, merchant and financial
institution. All major credit card based systems took part in the study
(plain web forms, First Virtual, CyberCash, SET).
If people are intrested in a copy of my thesis (or have other related
questions) please contact me by e-mail (104951ar@student.eur.nl).
Avriel Rabenou
Short Summary (without conclusions/findings)
****************************************
Overview of the Study
As has been previously stated, the purpose of the study is to examine
how secure credit card based payment systems are for electronic commerce
on Internet. The second chapter provides an introduction on electronic
commerce and the Internet. Security issues are presented in the third
chapter. The fourth chapter deals with the traditional credit card
payment process. The fifth chapter provides an overview of the major
(credit card based) payment systems on Internet. The final chapter of
the study is concerned with analysis of the payment systems, summary of
findings, conclusions, implications and suggestions for further
research.
Electronic Commerce and the Internet
Electronic commerce is a hot topic. Many hope it will change the way
business is being done. It can shrink geographical distance, restructure
supply chains, cut distribution and transactions costs and improve the
efficiency of markets by giving more information and choice to both
buyers and sellers. The primary testing site for electronic commerce is
the Internet.
The Internet, an interconnected network which is seen as the precursor
of the Information Superhighway, consist of set of services like E-mail,
FTP, Gopher, Telnet, Netnews & the Web. The Web, which is currently the
most advanced and most popular service, offers an affordable opportunity
for commerce. Since the Internet as a commercial network is still in its
infancy we encounter critical factors which need to be resolved before
Internet commerce can flourish.
An important critical factor are the payment systems. A satisfactory
Internet payment system needs to be easy to use, fast, and especially
trusted. The most popular form of payment which is used today on the
Internet is based on the credit card. In this study the position of
credit cards on the Internet was analysed with special attention on
security issues involved.
Security
Security, and more specifically, security of payment is a the major
bottleneck which slows down the growth of Internet commerce. Security
today is made possible using encryption, digital signatures,
certificates, and certificate authorities. Encryption is the main
component providing security within payment systems. Payment systems
need to be evaluated on certain security criteria. In this study a list
was compiled of evaluation criteria for payment systems as illustrated
in table 6-1.
Authentication
Integrity
Confidentiality
Non-Repudiation
Clearing
Privacy
Table 6-1: Security evaluation criteria
The Credit Card
An overview of the usage of credit cards in the physical world was given
to get a better understanding of their use on the Internet. Table 6-2
shows which Table 6-2: Analysed credit card based Internet payment
systems credit card based Internet payment systems took part in the
study.
Insecure Credit Card Web Form
Secure Credit Card Web Form
First Virtual
CyberCash
SET
Credit card based Internet payment can be divided into three groups:
insecure credit card web form, secure credit card web form, and systems
which use a third party in the credit card transactions. The systems
based on a third party offer the best security. Of these systems the
following were analysed: First Virtual, CyberCash, and SET. SET is the
only system which can provide non-repudiation in addition to
confidentiality, integrity, and authentication. Non-repudiation in SET
is implemented using certificates and certificate authorities.
In addition, two other potential (non-credit card) systems were shortly
discussed, digital cash and smart cards. Many of these systems are still
in an experimental phase.