Friday, May 6, 2011

Online Payments Security Part. I


The credit card is by far the payment method preferred by two third of the people in the world by using the Internet regularly to access their purchases directly on the Internet. But it is also the use of the card that is increasingly threatened by fraud. Indeed, the total amount of fraudulent transactions on the Internet is growing much larger than the amount of fraud carried out by other channels (using a stolen use card number to purchase by mail order over the phone etc.).

This observation, which is not new, had led banks and systems vendors to offer more secure during the 2000s. The generalization of SSL (Secure Socket Layer) has limited the flight card numbers during data transfers between bank buyer, seller, and their respective banks. Adding a cipher text security "arbitrary" helped to stem the proliferation of generating fraudulent card numbers with valid 16 digits (which follow a very specific algorithm). Sellers have also limited the storage of this information in their databases, to prevent intrusion attempts in their massive e-commerce platforms. Finally, the payment terminal are masking a part of the card number on the invoice slips and allows the payer to introduce its own map without intervention by the cashier, which limits data retrieval via the retail channel. But other fraud techniques have over taken it.

The major risk lies in failure to identify the buyer as the rightful holder of the card that is a strong authentication. It leaves the door open to other techniques for recovering the coordinates, such as "phishing" (to believe that a cardholder is for an interlocutor trusted by mail or through a fake website) particularly popular in recent years.

Certainly, if the buyer is not the rightful holder, then the genuine holder may challenge the transaction as the law allows it and then be reimbursed free of transaction amount. But this leads to increasing costs for banks and continues to fuel some psychological barriers among potential users of e-commerce.

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.