当商品の販売は、2011年07月19日を持ちまして終了しました。
NEW RESEARCH REPORT BY MERCATOR ADVISORY GROUP
The fear of online card fraud has been the topic of much press coverage
recently, with the horrors of identity theft and phishing attacks leaving the
public in a state of anxiety. This heightened fear can have a seriously
detrimental effect on e-commerce. Cardholders need reassurance that
merchants aren't unscrupulous criminals, merchants need to know that the
cardholders are legitimate and both parties need to know that the transaction
cannot be intercepted.
The latest report by Mercator Advisory Group, titled, "E-Payment
Security and Online Fraud Prevention: Self Defense for the Merchants and
Cardholders", takes an in-depth look at the world of online card payments,
the fraud loopholes that are open to criminals and the methods and systms that
have been developed to prevent attacks from happening.
Nick Holland, Director of Emerging Technologies Research at Mercator Advisory
Group and the author of the report sees a problem of fraud as an arms race
between the criminals and the stakeholders in online card payments:
"As with the physical world, the key to fraud control is making the
activity of fraud unfeasibly expensive for the fraudsters and still affordable
for the stakeholders. The gap between the two is a fine one..."
The report details a range of different initiatives including VbV (and
SecureCode), single use card numbers, password generating tokens and others
designed to secure the cardholder/merchant interaction and offers metrics
addressing the question: just how bad is online fraud?
Holland sees a major component of the skepticism relating to online
transactions to be a result of the fear of the unknown:
"Whatever fear there is of online card theft, the overwhelming opinion
among cardholders seems to be 'it's not going to happen to me', But, there are
clearly concerns that it might. The $50 liabillity cap offered on most
credit cards provides financial protection from fraud, but it is well known that
an incident of identity theft results in not just financial losses, but
substantial time and effort to undo the damage to a consumer's credit status.
Moreover, the enduring image of the Internet as a gaping black hole still
exists. At least in a real world incident of card theft or loss, you have
some idea of where and when you lost the card, some feeling of control.
The Internet removes time and place and that scares people..."
Table of Contents
Introduction: Fraud - As Old as Money
1. Attack
- 1.1. Know the Criminal
- 1.2. Know the Crime
- 1.2.1. Stolen consumer identities
- 1.2.2. Stolen merchant identities
- 1.2.3. Access to payment networks
2. Defense
- 2.1. Vulnerability: Message Interception. Countermeasure: Encryption
- 2.1.1. Secure Socket Layer (SSL)
- 2.2. Vulnerability: Fraudulent Consumer Activity. Countermeasure: Consumer
Authentication
- 2.2.1. 3D Secure
- 2.2.2. Card Verification Value and Address Verification Service
- 2.2.3. Password Generating Devices
- 2.2.4. Distributed EMV
- 2.2.5. Cellphone Authentication
- 2.2.6. Transaction History Analysis
- 2.3. Vulnerability: Fraudulent Merchant Activity. Countermeasures:
Merchant Authentication & Card
- Number Protection
- 2.3.1. Merchant Authentication
- 2.3.2. Card Number Protection
- 2.4. Defensive Measures Summary
3. How Bad is Online Card Fraud?
4. Conclusion
List of Exhibits
- Exhibit 1: Physical World Card Transaction
- Exhibit 2: Virtual World Card Transaction
- Exhibit 3: The Three Opportunities for Online Payment Fraud
- Exhibit 4: Portable Magnetic Stripe Reader (E-Bay Price: $220)
- Exhibit 5: Securing the Message Pipeline
- Exhibit 6: SSL Sequence
- Exhibit 7: Authenticating the Cardholder
- Exhibit 8: 3D Secure Transaction Sequence
- Exhibit 9: SET Protocol Transaction Sequence
- Exhibit 10: Uptake of 3D Secure by Association Members
- Exhibit 11: Global VbV and SecureCode Cardholder Uptake (# of cardholders
in millions, percentage)
- Exhibit 12: Card Verification Value
- Exhibit 13: Vasco ‘DigiPass' Token
- Exhibit 14: Cellphone Authentication
- Exhibit 15: Merchant Authentication
- Exhibit 16: Sample E-Bay Vendor Comments Page
- Exhibit 17: Card Number Protection
- Exhibit 18: Summary of Defensive Tools
- Exhibit 19: Complaints to Internet Fraud Complaint Center, 2003
- Exhibit 20: US Holiday Season Online Spend, 2002 / 2003
- Exhibit 21: Percentage of Fraudulent Card Transactions Online
- Exhibit 22: Global Credit Card Financial Losses by Type
