Electronic payment and security on the Internet

Marais, Terrence K. (2002-12)

Thesis (MBA)--Stellenbosch University, 2002.

Thesis

ENGLISH ABSTRACT: The greatest potential worry that an on-line shopper has is what happens to his/her credit card details from the moment "submit" is pressed on the computer. Is it possible for someone on the Internet to intercept the message and use credit card details maliciously? Also, there is a lot of talk about personal details being encrypted, but how sure is one that this was indeed the case once "submit" has been pressed? Is there a way in which one can be sure that a transaction will occur only once? Many of the security issues are new and many experts are only learning how to deal with these now. This thesis offers suggestions and strategies a user can follow to minimize misuse and abuse of payment details. Electronic payment is the backbone of e-commerce, and the biggest threat towards widespread acceptance and usage of e-commerce is security. Many innovative solutions have been developed by vendors to address security issues. For example, the Secure Electronic Transfer (SET) protocol was developed to ensure that credit card transactions could be conducted safely and securely on the Internet. Secure Socket Layer (SSL) ensures that all communications and transactions are conducted in a tightly secure environment. This is critical for online or mobile banking and other financial activities. Others developments include payment systems that ensure that credit card details are never exposed to a merchant (e.g. SET), while some ensure that credit card numbers never enter the Internet. The five corner stones of security are confidentiality, privacy, authentication, integrity and non-repudiation. Authentication, non-repudiation and integrity can be resolved with digital certificates, digital timestamps and digital signatures. Message confidentiality, on the other hand, is ensured through the use of strong encryption. Encryption systems mutilate data or a message to such an extent that it is totally useless to someone who does not have the appropriate algorithm and key to decode it. The most widely used encryption schemes are the secret key and public key encryption systems. The public key cryptosystem generates two keys, called a public and private key. The public key can be made generally known, but the private key must be kept secret. A unique property of the scheme is that once data is encrypted with one key, only the corresponding other key of the pair can decrypt it. This makes it possible to address issues of authentication, integrity and non-repudiation. Traditional payment instruments such as cash, cheques, debit and credit card transactions are being replaced by their electronic equivalents. The driving forces behind these are transactional security, efficiency and speed. Novel payment solutions and strategies have been devised to meet the challenges of this new economy. For example, smart cards can act as an electronic purse that can hold electronic money. Other information, such as personal details, medical records, driver's licence, etc. can also be stored on the card. Whilst many security experts are in agreement that security is not a barrier anymore for wider usage of the Internet for financial transactions, many consumers are still apprehensive about how secure and safe it really is. This work aims to diminish those fears and show that the Internet is safe for business.

AFRIKAANSE OPSOMMING: Een van die grootste bekommernisse wat 'n kliënt met aankope op die Internet kan ondervind, is die onsekerheid wat presies gebeur nadat betalings aangegaan is en "Submit" is gedruk. Is dit moontlik dat iemand die boodskap kan onderskep en betaling besonderhede vir eie gebruik kan herwin? Daar is ook baie publisiteit oor kodifisering, maar hoe kan die klient verseker wees dat betalings besonderhede wel gekodifiseer is wanneer "Submit" gedruk was? Is daar 'n manier waarmee 'n mens verseker kan wees dat betaling slegs eenkeer gaan geskied? Baie van die sekuriteits lokvalle is nuut en sekuritiets kenners is tans besig om te leer hoe om die probleme te hanteer. Die werkstuk offer wenke en strategieë vir die verbruiker om die misbruik van betaling besondehede op die Internet te minimiseer. Elektronies betalings meganisme is die ruggraat van elektroniese besigheid, en die grootste struikelblok tot die grootskaalse gebruik daarvan is sekuriteit. Daar is baie innoverende oplossings om die probleme hok te slaan. By voorbeeld, die Secure Electronic Transfer (SET) protokol was ontwikkel om te verseker dat betalings met kredietkaart met hoë sekuriteit en veiligheid aangegaan kan word. Secure Socket Layers (SSL), verseker dat alle kommunikasies en transaksies in 'n sekuur en veilige omgewing plaasvind. Dit is veral krities wanneer die verbruiker gebruik maak van die Internet of vanaf selfone om transaksies aan te gaan met 'n bank. Ander ontwikkelinge sluit in betalings metodes wat verseker dat die handelaar nooit die kredietkaart besonderhede sien nie (bv. SET). Ander verseker weer dat die betalings besonderhede nooit oor die Internet hoef gestuur te word nie. Die vyf hoekstene van sekuriteit is konfidensialiteit, privaatheid, outentisiteit, integriteit en non-repudiasie. Outentisiteit, integriteit en non-repudiasie word opgelos deur die gebruik maak van digitale sertifikate, digitale tydstempels en digitale handtekeninge. Konfidensialiteit kan verseker word deur die boodskap te kodifiseer. Kodifikasie behels die verandering van data of boodskappe op so 'n wyse dat dit van geen betekenis is vir 'n persoon wat nie die korrekte algoritme en sleutel het om dit te dekodifiseer nie. Die geheime en publieke kodifiserings stelsels word die meeste gebruik om data te kodifiseer. Die publieke kodifiserings stelsel genereer twee sleutels, naamlik 'n privaat en publieke sleutel. Die publieke sleutel kan alom bekend gemaak word, maar die private sleutel moet slegs bekend wees aan sy gebruiker. 'n Unieke eienskap van die stelsel is dat indien 'n boodskap gekodifiseer is met een sleutel, slegs die ander sleutel van die paar dit sal kan dekodifiseer. Dit maak dit moontlik om outentisiteit, integriteit en non-repudiasie toe te pas. Die tradisionele metodes van betaling soos kontant, tjek en debiet of kredietkaart, gaan mettertyd vervang word deur hul elektroniese eweknie. Die dryfkrag agter die verskynsel is die hoë sekuriteit, doeltreffendheid en spoed waarmee transaksies op die manier gehanteer kan word. Vindingryke betaling metodes is ontdek om die besondere uitdagings van die nuwe ekonomie aan te speek. Byvoorbeeld, knap kaarte kan gebruik word as 'n elektroniese beursie wat elektroniese geld bêre. Ander persoonlike inligting, mediese records, bestuurlisensies, ens. kan ook op die kaart geberg word. Terwyl baie sekuriteits kenners glo dat sekuriteit nie meer 'n stuikelblok is om die Internet vir besigheids transaksies te gebruik nie, bly baie van die verbruikers skepties. Die werkstuk se doel is om daardie onsekerhede uit die weg te ruim, deur te verduidelik hoe sekuriteit toe gepas word, en om te bewys dat die Internet interdaad veilig is as a medium vir besigheids transaksies.

Please refer to this item in SUNScholar by using the following persistent URL: http://hdl.handle.net/10019.1/52819
This item appears in the following collections: