Waqas Nawaz, profile picture
Uploaded byWaqas Nawaz
PPT, PDF22 views

Undergraduate Course Ecommerce Lecture 1.ppt

The document discusses the evolution, structure, and challenges of e-commerce, covering topics such as business models, web design, legal issues, and credit systems. It highlights the historical context and the transition from traditional mail-order to modern online platforms. Various resources and references related to e-commerce are also provided for further study.

Embed presentation

Download to read offline
E-Commerce E-Commerce Jack Lang Tim King Nicholas Bohm
Aims Aims  Outline issues involved  Lectures: – Historic and Economic Background (JL) – Business Models and Strategy (JL) – Web Design (TJK) – Implementation (TJK) – The Law and E-commerce (NB) – Making E-Commerce work (JL) – Finance and future opportunities (JL) – RIP, DCMA and other legal developments (RJA)
Resources Resources  Jack Lang “High Tech Entrepreneurs Handbook” – FT.COM; ISBN: 0273656155  Ross Anderson “Security Engineering” – John Wiley & Sons Inc; ISBN: 0471389226  Hal Varian “Intermediate Microeconomics” – W.W. Norton; ISBN: 0393973700  + Carl Shapiro “Information Rules” Harvard Business School Press; ISBN: 087584863X  Tom Standage “The Victorian Internet” – Orion Paperbacks; ISBN: 0753807033  John Kenneth Galbraith: A Short History of Financial Euphoria – Penguin Books; ISBN: 0140238565
Online Resources Online Resources  Andrew Odlyzko’s papers on e-commerce and network growth: http://www.dtc.umn.edu/~odlyzko/  Web Design: – http://www.wowwebdesigns.com – http://www.webpagesthatsuck.com  Draft regulations – http://www.dti.gov.uk/cii/ecommerce/ europeanpolicy/ecommerce_directive.shtml
What is E-commerce? What is E-commerce?  A course thought up by the Teaching committee… – Academic research on protocols, economics  Mail-order (‘B2C’)…amazon.com etc  New business models…Lastminute.com, ebay.com  Re-badging of Electronic Document Interchange (‘EDI’) – ‘B2B’: SWIFT.CREST,BOLERO,Just-in-Time  Disintermediation: E*Trade.com  CRM: Call-centres, credit-cards, cost-dumping, discrimination, customer aggravation, digital “haves and have nots”  EU “Information Society Services”  New opportunities for fraud • This list is not exclusive!
Bulla (Sumarian about 3500 Bulla (Sumarian about 3500 BC) BC)  Business-to-business communications go back into antiquity – believed to have driven the invention of writing and mathematics – Trust system
EDI (‘B2B’) EDI (‘B2B’)  Typical instruments include: – Warehouse receipts – Bills of Lading (“The holder is entitled to 100 amphorae of oil from the cargo of the ship Augusta”) – Purchase orders and invoices – Insurance certificates – Certificates of debt – Payment instructions: Bank-to-bank or bank- customer-bank (cheques), letters of credit – Banknotes  Negotiable/guaranteed – can be used for payment, security etc.
Remote transaction Remote transaction Customer Manufacturer Customer’s Bank 1. Please issue LoC: Here is deposit 2. LoC: “Pay bearer after 30 days if you have Bill of lading and Inspection Certificate 3. Order +LoC Shipper 4. Goods 5. Bill of Lading Correspondent Bank Inspector 6. Bill of Lading 7. Bill of Lading 8 Money 9. Goods 6. Bill of Lading Trust relationship and mutual accounts
B2B (2) B2B (2)  The invention of the telegraph led to the development of business use protocols – Huge boom in telegraph construction and applications (Standage) – Indirect effects included creation of national markets – price differences drove rapid shipment + arbitrage – Direct uses included purchase orders and queries. Easy where there is an exisiting relationship, otherwise intermediaries needed  Huge expansion in banking – Banks sent about 50% of telegraph traffic – Trusted intermediaries – Others (insurers, inspection agents, shipping agents) largely harnessed via bank mechanisms
B2B 3- Wiring Money B2B 3- Wiring Money  Interbank message e.g – “To: Lomarco Bank, Geneva. Please pay SFR 10,000 from our account to Herr Thilo Schmidt on presentation of his passport. Our test key is 254” – The 254 is a primitive MAC computed on significant data such as money, currency code, date etc.  SWIFT reimplement this using ‘email’ and proper MAC in mid 70’s. – First big ‘open’ EDI system – Swift II added PKI to manage MAC keys in early 1990’s. – Adapted to CREST (UK equity clearing)  Commercial transactions similar, but more complex conditions – E.g LoC needs Bill of Lading, insurance certificate and inspection certificate
B2B 4 B2B 4  “Electronic Document Interchange” (EDI) – Proprietary systems built late 60’s/early 70’s • General Motors ordering car components (EDS) • Marks & Spencer’s clothes ordering  Big problem not security or DoS or lost systems but standards – 1980’s agreeing common message formats • UN, specific country/industry e.g NHS – Being redone as XML • e.g BOLERO (www.bolero.net) – Many players – slow progress
B2C Mail Order B2C Mail Order  Book printers in C15th – Aldus Manutius of Venice 1498. His mail-order offerings included 15 texts that he had published.  (UK version) William Lucus, Gardener, 1667 – Army and Navy Stores supplied British Forces and others in India ~1871  (US Version) Tiffany of Fifth Ave 1845 – Montgomery Ward 1872  Sears, Roebuck made it possible to settle the West(1886) – US Postal services subsidised shipping by having flat rates nationwide. • Still critical in some places!  Need guarantee to provide customer confidence – Brand (e.g Sears, Amazon…) • Sears unique innovation: “Satisfaction guaranteed or your money back” – Industry (ABTA, MOPS) – Intermediary (VISA, Access etc)
Credit Cards Credit Cards  Consumer credit goes back to 18th Century – “The Tallyman” – Some US stores offer “shopper's plate” from 1920’s  Diners Club offered first credit card – NY 1951: 27 Restaurants, 200 customers  Barclaycard offered as incentive to high-value Barclays customers in late 60s; Access started as rival  Classic “Network effect” – Need enough shops to attract customers and vice versa  Took off in early 1980’s suddenly turning from loss leader to main profit centre. – Some countries (e.g. Germany, Japan) only just taking off  Earnings from online trades starting to be significant – Competition starting e.g Paypal
Credit Cards 2 Credit Cards 2 Brand e.g. VISA Issuer e.g. Bank Acquirer Merchant
Credit Cards 3 Credit Cards 3  Merchant is paid for goods by acquiring bank, less merchant discount (typically 2- 10%, often 4-5%)  Transactions over floor limit checked with acquirer: hot card list or credit check with issuer  Brand takes a cut; acquirer makes money from merchant discount; issuer from selling revolving credit - expensive money, often over 20% APR
Credit Cards 4 Credit Cards 4  Originally fraud risk borne by banks  Introduction of mail order and telephone (and web) order (MOTO) risk for transactions with the cardholder not present passed to merchant.  MOTO have lower floor limits, and in delivery only to cardholder address (but not possible to be checked for e-delivery or services like Worldpay) – 40% fraud fro some sites – Paypal fraud  Traditional frauds: – Stolen cards – Pre-issue – Identity theft
Cards 5 Cards 5  Evolution of forgery Attack Countermeasure Simple copy Hologram Alter embossing Check mag strip Emboss mag strip # TDC Make up strip CVV, CVC Skimming Intrusion detection Free Lunch
Cards 6 Cards 6  Overall cost of fraud – Spain 0.01% – UK 0.2% – USA 1.0%  Motivation – who gets the reward? – Huge hyoe “Evil Hackers” – No case of fraud resulting from interception! • Getting sense from mail is hard – Real problem: hacked or crooked end systems  Overall pattern – cyclical: Best defences not always high-tech!
Cards 7 Cards 7  Bigger problem: disputes – Porn sites – Paypal etc  Incompetence, fraudulent denial by customers, outright fraud by merchants  Control mechanisms poor and slow – e.g acquirer call centre can only check country, not cardholder address  Technology? – SET failed – Other formats, e.g stored value cards, cell-phones
PKI PKI  Hyped technology – Verisign, Baltimore had 11 figure market caps – Sanity returns…  Closed PKI, such as SWIFT or corporate network make sense (and ship with W2K)  Open PKI (everyone has a certificate) less successful – Masquerade not a real issue – Who is Certification Authority? • Why should Verisign certify Foo com is Foo Inc? • “Let a thousand CA’s bloom” – Or why should your bank warrant your identity for a drivers licence?
PKI 2 PKI 2  TSL (was SSL) – Used for every secure web-page – Certificate exchange -> session key – It’s the ends that leak: Transmission has “adequate” security • “Moving information by armoured truck from one cardboard box to another” • No known instance of commercial eavesdropping  Anonymous money – Chaum: e-cash – Hettinga: Internet Bearer Underwriter Corp • More theoretical than practical – Stored value cards • HK Octopus
PKI 3 PKI 3  Hot topics: – Who controls your identity? • Government, Bank, or Microsoft? – Identity cards, MS .Net  Lots of issues: – liability, control, civil liberties, protocol attacks, etc

More Related Content

PPTX
E business fundamentals
byArnav Chowdhury
 
PPT
Ecommerce1
byecommerce
 
PPTX
E commerce infrastructure
bySovan Kundu
 
PPTX
contemporary application of information technology
byPANKHURI JAIN
 
PPTX
III B.COM E-COMMERCE
by99857
 
PPT
E Com
byguest092a44
 
PPT
E Commerce
byjroloff
 
PPTX
Part i
byOnkar Sule
 
E business fundamentals
byArnav Chowdhury
 
Ecommerce1
byecommerce
 
E commerce infrastructure
bySovan Kundu
 
contemporary application of information technology
byPANKHURI JAIN
 
III B.COM E-COMMERCE
by99857
 
E Com
byguest092a44
 
E Commerce
byjroloff
 
Part i
byOnkar Sule
 

Similar to Undergraduate Course Ecommerce Lecture 1.ppt

PPT
Web payment system
bySyed Waqar Hussain Shah
 
PPTX
E commerce PPT
byShivam Saini
 
PPTX
E commerce in the current scenario
byAkshit Pathela
 
PPTX
e-Commerce
byIranna Teggi
 
PPTX
Industrial application on online banking
byAbhilash Kallayil
 
PPT
Mini Project- Shopping Cart Development
byUniversity of Hertfordshire, School of Electronic Communications and Electrical Engineering
 
PPTX
E-commerce
byMarcioveras
 
PPTX
Foundation of e- commerce-basic introduction
byBrainware University
 
PPTX
Foundation of e commerce- Basic Introduction
byBrainware University
 
DOCX
E commerce for tybcom introduction
byAditya
 
PPT
E payment systemsEcommerceEcommerce
byyugraj shukla
 
PPT
11
byirshad_bhaldar
 
PPT
Ecommerce
byecommerce
 
PDF
Lecture 13 -_e-commmerce_e-banking_and_advanced_tech
bySerious_SamSoul
 
PPT
B Hkorba
byecommerce
 
PPT
The lecturer
byndifuna
 
PPTX
CS7330 - Electronic Commerce - lecture (2)
byDilawar Khan
 
PPTX
E commerce kunal
byKUNAL_SHINGALA
 
PPTX
E commerce
byAnkur Kumar
 
PPTX
Ecommerce2
byOnkar Sule
 
Web payment system
bySyed Waqar Hussain Shah
 
E commerce PPT
byShivam Saini
 
E commerce in the current scenario
byAkshit Pathela
 
e-Commerce
byIranna Teggi
 
Industrial application on online banking
byAbhilash Kallayil
 
Mini Project- Shopping Cart Development
byUniversity of Hertfordshire, School of Electronic Communications and Electrical Engineering
 
E-commerce
byMarcioveras
 
Foundation of e- commerce-basic introduction
byBrainware University
 
Foundation of e commerce- Basic Introduction
byBrainware University
 
E commerce for tybcom introduction
byAditya
 
E payment systemsEcommerceEcommerce
byyugraj shukla
 
11
byirshad_bhaldar
 
Ecommerce
byecommerce
 
Lecture 13 -_e-commmerce_e-banking_and_advanced_tech
bySerious_SamSoul
 
B Hkorba
byecommerce
 
The lecturer
byndifuna
 
CS7330 - Electronic Commerce - lecture (2)
byDilawar Khan
 
E commerce kunal
byKUNAL_SHINGALA
 
E commerce
byAnkur Kumar
 
Ecommerce2
byOnkar Sule
 

More from Waqas Nawaz

PPTX
aaaaaaaaaaaaaaaaaaaaaaaaaachap1_intro.pptx
byWaqas Nawaz
 
PDF
Andrewng webinar moocs
byWaqas Nawaz
 
PPTX
Design and analysis of algorithms - Abstract View
byWaqas Nawaz
 
PPT
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee220s03lec1.ppt
byWaqas Nawaz
 
PPTX
Fast directional weighted median filter for removal of random valued impulse ...
byWaqas Nawaz
 
PPTX
(Icmia 2013) personalized community detection using collaborative similarity ...
byWaqas Nawaz
 
PPTX
(Icca 2014) shortest path analysis in social graphs
byWaqas Nawaz
 
PPTX
Big data
byWaqas Nawaz
 
PPTX
Social Media and We
byWaqas Nawaz
 
PPT
강의(영어) 한국의Smu(이재창)-2012
byWaqas Nawaz
 
PPTX
ICDE-2015 Shortest Path Traversal Optimization and Analysis for Large Graph C...
byWaqas Nawaz
 
PPTX
Fourteen steps to a clearly written technical paper
byWaqas Nawaz
 
PPTX
Collaborative Similarity Measure for Intra-Graph Clustering
byWaqas Nawaz
 
PPTX
Oritentation session at Kyung Hee University for new students 2014
byWaqas Nawaz
 
PPTX
Presentation on Graph Clustering (vldb 09)
byWaqas Nawaz
 
PPTX
Social Media vs. Social Relationships
byWaqas Nawaz
 
aaaaaaaaaaaaaaaaaaaaaaaaaachap1_intro.pptx
byWaqas Nawaz
 
Andrewng webinar moocs
byWaqas Nawaz
 
Design and analysis of algorithms - Abstract View
byWaqas Nawaz
 
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee220s03lec1.ppt
byWaqas Nawaz
 
Fast directional weighted median filter for removal of random valued impulse ...
byWaqas Nawaz
 
(Icmia 2013) personalized community detection using collaborative similarity ...
byWaqas Nawaz
 
(Icca 2014) shortest path analysis in social graphs
byWaqas Nawaz
 
Big data
byWaqas Nawaz
 
Social Media and We
byWaqas Nawaz
 
강의(영어) 한국의Smu(이재창)-2012
byWaqas Nawaz
 
ICDE-2015 Shortest Path Traversal Optimization and Analysis for Large Graph C...
byWaqas Nawaz
 
Fourteen steps to a clearly written technical paper
byWaqas Nawaz
 
Collaborative Similarity Measure for Intra-Graph Clustering
byWaqas Nawaz
 
Oritentation session at Kyung Hee University for new students 2014
byWaqas Nawaz
 
Presentation on Graph Clustering (vldb 09)
byWaqas Nawaz
 
Social Media vs. Social Relationships
byWaqas Nawaz
 

Recently uploaded

PPTX
Dividend Decision Policy - "Walter Model"
byMr. Mustaq Mulla, SRFGCC,Rani Channamma University Belagavi
 
PDF
How to Buy eBay Seller Account in first year in 2026.pdf
bymarketing
 
PDF
How to Buy TikTok Seller Account9.99.pdf
byk5vy9ikhkb2vsmlhc47g
 
PDF
giáo trình tcdn dành cho sinh viên kinh tế
bylehongha225
 
PDF
How to Buying Verified Cash App Accounts_ A Comprehensive Guide.pdf
byHow to Safely Buying Verified Cash App Accounts: A Comprehensive Guide
 
DOCX
Buy Instagram Followers_ Top 13 Sites with Instant Results.docx
bymarketing
 
DOCX
Best Top Instagram Accounts Safe and Easy _ Social .docx
bymarketing
 
DOCX
How to Safely Buying Verified Cash App Accounts : A Comprehensive Guide.docx
byHow to Safely Buying Verified Cash App Accounts: A Comprehensive Guide
 
PPTX
2. Interest Rates Risks and types of its
by1amaadirajpooot
 
PPTX
1. An Overview of Financial Systems and it’s important
by1amaadirajpooot
 
PDF
How to Buying Verified Cash App Accounts in Update 2025.pdf
byHow to Safely Buying Verified Cash App Accounts: A Comprehensive Guide
 
PDF
Robust_regulation_of_labour_contracts.pdf
byGRAPE
 
PDF
DSWD-SLP-presentation.pdf A SUSTAINABLE LIVELIHOOD PROGRAM
byjvboyfermasis
 
PDF
Robust_regulation_of_labour_contracts.pdf
byGRAPE
 
PPTX
Medical Billing Services in NY by Revenue Cycle Management
byRevenue Cycle Management
 
PDF
Population aging through the lens of DSGE-OLG-NK model: implications for unem...
byGRAPE
 
PDF
4.2 Demand for labour and Supply of Laborl.pdf
byBegetaChalkut
 
PPTX
chapter 05 advance accounting 1 beams edition
byJuwitaNurcahyani
 
PPTX
Global understanding PROMOTING GENERAL SCIENCE
byjohannajohn22
 
PPTX
Marxism to social justice and economic development
bycuaresmajerome3
 
Dividend Decision Policy - "Walter Model"
byMr. Mustaq Mulla, SRFGCC,Rani Channamma University Belagavi
 
How to Buy eBay Seller Account in first year in 2026.pdf
bymarketing
 
How to Buy TikTok Seller Account9.99.pdf
byk5vy9ikhkb2vsmlhc47g
 
giáo trình tcdn dành cho sinh viên kinh tế
bylehongha225
 
How to Buying Verified Cash App Accounts_ A Comprehensive Guide.pdf
byHow to Safely Buying Verified Cash App Accounts: A Comprehensive Guide
 
Buy Instagram Followers_ Top 13 Sites with Instant Results.docx
bymarketing
 
Best Top Instagram Accounts Safe and Easy _ Social .docx
bymarketing
 
How to Safely Buying Verified Cash App Accounts : A Comprehensive Guide.docx
byHow to Safely Buying Verified Cash App Accounts: A Comprehensive Guide
 
2. Interest Rates Risks and types of its
by1amaadirajpooot
 
1. An Overview of Financial Systems and it’s important
by1amaadirajpooot
 
How to Buying Verified Cash App Accounts in Update 2025.pdf
byHow to Safely Buying Verified Cash App Accounts: A Comprehensive Guide
 
Robust_regulation_of_labour_contracts.pdf
byGRAPE
 
DSWD-SLP-presentation.pdf A SUSTAINABLE LIVELIHOOD PROGRAM
byjvboyfermasis
 
Robust_regulation_of_labour_contracts.pdf
byGRAPE
 
Medical Billing Services in NY by Revenue Cycle Management
byRevenue Cycle Management
 
Population aging through the lens of DSGE-OLG-NK model: implications for unem...
byGRAPE
 
4.2 Demand for labour and Supply of Laborl.pdf
byBegetaChalkut
 
chapter 05 advance accounting 1 beams edition
byJuwitaNurcahyani
 
Global understanding PROMOTING GENERAL SCIENCE
byjohannajohn22
 
Marxism to social justice and economic development
bycuaresmajerome3
 

Undergraduate Course Ecommerce Lecture 1.ppt

  • 1.
  • 2.
    Aims Aims  Outline issuesinvolved  Lectures: – Historic and Economic Background (JL) – Business Models and Strategy (JL) – Web Design (TJK) – Implementation (TJK) – The Law and E-commerce (NB) – Making E-Commerce work (JL) – Finance and future opportunities (JL) – RIP, DCMA and other legal developments (RJA)
  • 3.
    Resources Resources  Jack Lang“High Tech Entrepreneurs Handbook” – FT.COM; ISBN: 0273656155  Ross Anderson “Security Engineering” – John Wiley & Sons Inc; ISBN: 0471389226  Hal Varian “Intermediate Microeconomics” – W.W. Norton; ISBN: 0393973700  + Carl Shapiro “Information Rules” Harvard Business School Press; ISBN: 087584863X  Tom Standage “The Victorian Internet” – Orion Paperbacks; ISBN: 0753807033  John Kenneth Galbraith: A Short History of Financial Euphoria – Penguin Books; ISBN: 0140238565
  • 4.
    Online Resources Online Resources Andrew Odlyzko’s papers on e-commerce and network growth: http://www.dtc.umn.edu/~odlyzko/  Web Design: – http://www.wowwebdesigns.com – http://www.webpagesthatsuck.com  Draft regulations – http://www.dti.gov.uk/cii/ecommerce/ europeanpolicy/ecommerce_directive.shtml
  • 5.
    What is E-commerce? Whatis E-commerce?  A course thought up by the Teaching committee… – Academic research on protocols, economics  Mail-order (‘B2C’)…amazon.com etc  New business models…Lastminute.com, ebay.com  Re-badging of Electronic Document Interchange (‘EDI’) – ‘B2B’: SWIFT.CREST,BOLERO,Just-in-Time  Disintermediation: E*Trade.com  CRM: Call-centres, credit-cards, cost-dumping, discrimination, customer aggravation, digital “haves and have nots”  EU “Information Society Services”  New opportunities for fraud • This list is not exclusive!
  • 6.
    Bulla (Sumarian about3500 Bulla (Sumarian about 3500 BC) BC)  Business-to-business communications go back into antiquity – believed to have driven the invention of writing and mathematics – Trust system
  • 7.
    EDI (‘B2B’) EDI (‘B2B’) Typical instruments include: – Warehouse receipts – Bills of Lading (“The holder is entitled to 100 amphorae of oil from the cargo of the ship Augusta”) – Purchase orders and invoices – Insurance certificates – Certificates of debt – Payment instructions: Bank-to-bank or bank- customer-bank (cheques), letters of credit – Banknotes  Negotiable/guaranteed – can be used for payment, security etc.
  • 8.
    Remote transaction Remote transaction CustomerManufacturer Customer’s Bank 1. Please issue LoC: Here is deposit 2. LoC: “Pay bearer after 30 days if you have Bill of lading and Inspection Certificate 3. Order +LoC Shipper 4. Goods 5. Bill of Lading Correspondent Bank Inspector 6. Bill of Lading 7. Bill of Lading 8 Money 9. Goods 6. Bill of Lading Trust relationship and mutual accounts
  • 9.
    B2B (2) B2B (2) The invention of the telegraph led to the development of business use protocols – Huge boom in telegraph construction and applications (Standage) – Indirect effects included creation of national markets – price differences drove rapid shipment + arbitrage – Direct uses included purchase orders and queries. Easy where there is an exisiting relationship, otherwise intermediaries needed  Huge expansion in banking – Banks sent about 50% of telegraph traffic – Trusted intermediaries – Others (insurers, inspection agents, shipping agents) largely harnessed via bank mechanisms
  • 10.
    B2B 3- WiringMoney B2B 3- Wiring Money  Interbank message e.g – “To: Lomarco Bank, Geneva. Please pay SFR 10,000 from our account to Herr Thilo Schmidt on presentation of his passport. Our test key is 254” – The 254 is a primitive MAC computed on significant data such as money, currency code, date etc.  SWIFT reimplement this using ‘email’ and proper MAC in mid 70’s. – First big ‘open’ EDI system – Swift II added PKI to manage MAC keys in early 1990’s. – Adapted to CREST (UK equity clearing)  Commercial transactions similar, but more complex conditions – E.g LoC needs Bill of Lading, insurance certificate and inspection certificate
  • 11.
    B2B 4 B2B 4 “Electronic Document Interchange” (EDI) – Proprietary systems built late 60’s/early 70’s • General Motors ordering car components (EDS) • Marks & Spencer’s clothes ordering  Big problem not security or DoS or lost systems but standards – 1980’s agreeing common message formats • UN, specific country/industry e.g NHS – Being redone as XML • e.g BOLERO (www.bolero.net) – Many players – slow progress
  • 12.
    B2C Mail Order B2CMail Order  Book printers in C15th – Aldus Manutius of Venice 1498. His mail-order offerings included 15 texts that he had published.  (UK version) William Lucus, Gardener, 1667 – Army and Navy Stores supplied British Forces and others in India ~1871  (US Version) Tiffany of Fifth Ave 1845 – Montgomery Ward 1872  Sears, Roebuck made it possible to settle the West(1886) – US Postal services subsidised shipping by having flat rates nationwide. • Still critical in some places!  Need guarantee to provide customer confidence – Brand (e.g Sears, Amazon…) • Sears unique innovation: “Satisfaction guaranteed or your money back” – Industry (ABTA, MOPS) – Intermediary (VISA, Access etc)
  • 13.
    Credit Cards Credit Cards Consumer credit goes back to 18th Century – “The Tallyman” – Some US stores offer “shopper's plate” from 1920’s  Diners Club offered first credit card – NY 1951: 27 Restaurants, 200 customers  Barclaycard offered as incentive to high-value Barclays customers in late 60s; Access started as rival  Classic “Network effect” – Need enough shops to attract customers and vice versa  Took off in early 1980’s suddenly turning from loss leader to main profit centre. – Some countries (e.g. Germany, Japan) only just taking off  Earnings from online trades starting to be significant – Competition starting e.g Paypal
  • 14.
    Credit Cards 2 CreditCards 2 Brand e.g. VISA Issuer e.g. Bank Acquirer Merchant
  • 15.
    Credit Cards 3 CreditCards 3  Merchant is paid for goods by acquiring bank, less merchant discount (typically 2- 10%, often 4-5%)  Transactions over floor limit checked with acquirer: hot card list or credit check with issuer  Brand takes a cut; acquirer makes money from merchant discount; issuer from selling revolving credit - expensive money, often over 20% APR
  • 16.
    Credit Cards 4 CreditCards 4  Originally fraud risk borne by banks  Introduction of mail order and telephone (and web) order (MOTO) risk for transactions with the cardholder not present passed to merchant.  MOTO have lower floor limits, and in delivery only to cardholder address (but not possible to be checked for e-delivery or services like Worldpay) – 40% fraud fro some sites – Paypal fraud  Traditional frauds: – Stolen cards – Pre-issue – Identity theft
  • 17.
    Cards 5 Cards 5 Evolution of forgery Attack Countermeasure Simple copy Hologram Alter embossing Check mag strip Emboss mag strip # TDC Make up strip CVV, CVC Skimming Intrusion detection Free Lunch
  • 18.
    Cards 6 Cards 6 Overall cost of fraud – Spain 0.01% – UK 0.2% – USA 1.0%  Motivation – who gets the reward? – Huge hyoe “Evil Hackers” – No case of fraud resulting from interception! • Getting sense from mail is hard – Real problem: hacked or crooked end systems  Overall pattern – cyclical: Best defences not always high-tech!
  • 19.
    Cards 7 Cards 7 Bigger problem: disputes – Porn sites – Paypal etc  Incompetence, fraudulent denial by customers, outright fraud by merchants  Control mechanisms poor and slow – e.g acquirer call centre can only check country, not cardholder address  Technology? – SET failed – Other formats, e.g stored value cards, cell-phones
  • 20.
    PKI PKI  Hyped technology –Verisign, Baltimore had 11 figure market caps – Sanity returns…  Closed PKI, such as SWIFT or corporate network make sense (and ship with W2K)  Open PKI (everyone has a certificate) less successful – Masquerade not a real issue – Who is Certification Authority? • Why should Verisign certify Foo com is Foo Inc? • “Let a thousand CA’s bloom” – Or why should your bank warrant your identity for a drivers licence?
  • 21.
    PKI 2 PKI 2 TSL (was SSL) – Used for every secure web-page – Certificate exchange -> session key – It’s the ends that leak: Transmission has “adequate” security • “Moving information by armoured truck from one cardboard box to another” • No known instance of commercial eavesdropping  Anonymous money – Chaum: e-cash – Hettinga: Internet Bearer Underwriter Corp • More theoretical than practical – Stored value cards • HK Octopus
  • 22.
    PKI 3 PKI 3 Hot topics: – Who controls your identity? • Government, Bank, or Microsoft? – Identity cards, MS .Net  Lots of issues: – liability, control, civil liberties, protocol attacks, etc