Mokėjimo kortelių ir kitų mokėjimo priemonių išleidimas ir operacijų su jomis atlikimas / Issuance of payment cards and other means of payment and carrying out of operations therewith

Lukšė, Erika

25 January 2008

Telekomunikacijų ir informacinių technologijų plėtra iš pagrindų pakeitė komercinės veiklos pobūdį. Verslas, visai dar neseniai egzistavęs tradicinėje (popierinėje) aplinkoje, įgavęs kitas formas, persikėlė į naujas skaitmenines erdves. Ši veiklos sfera praplėtė tradicinę komerciją iki elektroninės, kur visi finansiniai, atsiskaitymo ar kiti santykiai yra palaikomi moderniomis ryšio priemonėmis. Tačiau naujosios technologijos, plačios jų panaudojimo galimybės bei augantys vartotojų poreikiai kelia iššūkius susiklosčiusiai tradicinei tvarkai. Atsiranda poreikis ir net būtinybė suformuoti pakankamą teisinę bazę, kuri reglamentuotų naujų mokėjimo priemonių prigimtį, įtvirtintų šių priemonių naudotojų ir leidėjų teisinius santykius, šalių tarpusavio įsipareigojimus, civilinės atsakomybės principus. Todėl neatsižvelgiant į tai, kad mokėjimo kortelės tapo savaime suprantamu reiškiniu, vis dėlto šios elektroninės mokėjimo priemonės reglamentavimas nėra pakankamas. Nėra teisinio tikrumo ir dėl kitų elektroninių mokėjimo priemonių. Dėl šios priežasties šiame magistro darbe pateikiama mokėjimo kortelių ir kitų elektroninių mokėjimo priemonių teisinė analizė Lietuvos bei Europos Sąjungos teisės kontekste, nustatomos galimos reglamentavimo spragos, jų atsiradimo priežastys bei pateikiami pasiūlymai. / The development of telecommunications and information technologies changed in the essence the character of commercial activity. Business, which quite recently existed only in the traditional (paper) medium, having acquired other forms, got transferred into new digital spaces. This sphere of activity expanded traditional commerce to electronic one, where all financial, settlement and other relations are being maintained by modern means of communication. Nevertheless, new technologies, wide opportunities of their application and increasing needs of consumers give challenge to the traditional procedure. A need and even necessity emerges to form the sufficient legal basis, which would regulate the origin of new instruments of payment, would enforce the legal relations between consumers and issuers, the mutual obligations of the parties, and principles of civil liability. Therefore, notwithstanding the fact that payment cards have become a comprehensible phenomenon, however, the regulation of those instruments of electronic payment is insufficient. Legal certainty does not exist in respect of other instruments of electronic payment either. Due to this reason, in this Master thesis, a legal analysis of payment cards and electronic payment instruments is given in the context of Lithuania and European Union, possible gaps in the regulation, causes of their emergence are identified, and proposals are provided.

Law

Mokėjimo kortelė

Mokėjimo kortelės turėtojas

Mokėjimo kortelės išleidėjas

Elektroniniai pinigai

Mokėjimo kortelių sistema

Payment card

Payment cardholder

Payment card issuer

Electronic money

Payment card system

Analýza požadavků ba bezpečnost karetního průmysli a problémy při jejich implementaci / Analysis of security requirements for payment card industry and problems with their implementation

Klečka, Jakub

January 2008

Rapid development of new technologies and their easy implementation introduces new risks that must be faced. This diploma thesis concentrates at payment card industry. Payment card industry come through significant development. Billions of dollar each year flow through these systems. New technologies like contactless cards, prepaid brand cards are emerging, ATM and payment terminal support new services and products. Merchant are looking for new opportunities. This situation brings along new threats and introduces new vulnerabilities. These are not necessarily new, only the whole environment got much more complicated and digger. Unfortunately the acting threats and vulnerabilities were not eliminated. Missing legislation measures and restricted enforceability are not sufficient to effectively fight against crime in this area. On the other hand sever organizations are aware of these threats and tries to face them. New security requirements were introduced for each separate subjects of payment card industry so that the risks are eliminated or their impact is reduced to an acceptable degree. Some of these requirements were already implemented and are in the scope of this work. The goal of this work is to explore these requirements. To find out what risks they are affecting and how effective they are. And in case of need help to implement the appropriate security measure. This work is practically oriented and can help responsible persons to ensure compliance with the requirements and face all effecting threats.

Platební karty v České republice / Payment cards in the Czech republic

Švirk, Jan

January 2014

This master thesis "Payment cards in the Czech republic" deals with payment cards, which are currently the most widely used payment instrument. Theoretical part is focused on the formation and development of the first ancestors of payment cards, various kinds of payment cards, there is historical development, basic characteristic, division, possibilities of their current use and future of payment cards. Also there are introduced different types of the payment cards according to different criteria, according to their mode of operation and safety. In the first part practical part of the work is an analysis of the current situation and developments in the payment cards market in the Czech Republic. Subsequently, there is analysis of the payment cards, current accounts and related services at selected bank in the Czech republic mBank S.A., Fio banka a.s., Equabank a.s., Zuno bank a.s. and Air bank a.s. When the objective of the thesis is to find out whether these banks target the same segments of clients. There is a comparation of payment card payment from the perspective of the monthly cost of using payment card from four basic segments of one bank, while there is a comparison of services related to payment card and in the end for every client is chosen the best alternative of payment card and the current account from the perspective of the average monthly cost.

L'expertise et la lutte contre la fraude monétique / Solid forensic assessment and the fight against payment card fraud

Souvignet, Thomas

18 December 2014

Le montant annuel de la fraude européenne à la carte de paiement se monte à plus d’1,5 milliard d’euros. Cette manne aiguise l’appétit des groupes criminels qui exploitent la moindre faille de la monétique (écosystème de la carte de paiement). Les cinq principaux acteurs de la monétique (porteurs, émetteurs, accepteurs, acquéreurs et systèmes de paiement) s’appuient pourtant sur des systèmes et réseaux normalisés dont la sécurité est encadrée par des standards internationaux contraignants. Néanmoins, la fraude monétique ne cesse de progresser alors que les moyens de lutte (étatiques, collaboratifs ou individuels) restent limités.Après étude de la fraude monétique, cette thèse propose différentes actions (passives,réactives et proactives) visant à améliorer la lutte contre la fraude monétique. D’abord,il convient de mieux connaître la fraude en étudiant la provenance des données volées et plus seulement leur usage. Ensuite l’expertise de ces fraudes doit être améliorée, en développant par exemple une captation du progrès scientifique. Une expertise qui doit être en partie transmise aux enquêteurs afin qu’ils puissent conduire leurs enquêtes. Enquêtes qui peuvent être dynamisées par des opérations réactives associant investigateurs et sachants techniques. Enfin, de manière proactive, les enquêtes et analyses de demain doivent être facilitées par les technologies monétiques conçues aujourd’hui. / Every year, payment card fraud exceeds 1.5 billion euros in Europe. Organised crime groups are exploiting any vulnerability possible to take a piece of this lucrative activity. Even though the five principal entities in the payment card industry (cardholders, issuers,acceptors, acquirers and payment system providers) are implementing binding security measures through out standardized systems and networks, fraud continues to increase. Efforts by the state, industry collaboration, and individuals have been unsuccessful in decreasing criminal advances. Having analysed the elements of payment card fraud, this thesis proposes several actions (passive, reactive and proactive) to help improve the fight against this fraud. First, itis relevant to gain knowledge of the source of the card details and not to focus only on its reuse. Next, forensic assessment has to be improved, for example by developing an increased scientific understanding of the technology. Such an expertise should then be passed on to investigators through effective training and knowledge transfer. Investigations should also be made more dynamic with reactive operations conducted in concert by investigators and technicians. Finally, in an ideal proactive spirit, future investigations and assessments should be oriented and facilitated by studying and influencing current payment card technology developments.

Fraude monétique

Terminaux

Carte de paiement

Expertise

Enquête

Cybercriminalité

Outils criminalistiques

Pays de l'Union européenne

Payment card industry

Forensic assessment

Investigation

Cybercrime

Forensic tools

Terminals

Payment card

Effect of Nutrition Merchandising and Consumer Preferences on Willingness to Pay for Local Tomatoes and Strawberries in Kentucky and Ohio

Kompaniyets, Lyudmyla

01 January 2012

This project investigates the impacts of nutrition merchandising on consumers’ willingness to pay for local tomatoes and strawberries. The data come from survey of Kentucky and Ohio residents in June 2011. Two thousand one hundred twelve individuals from Kentucky and Ohio were surveyed, to find out the impact of selfawareness of health benefits and health benefits information on their willingness to pay. The consumers were offered one of the three survey versions. The versions varied by how much nutrition information was provided to the consumer related to both strawberries and tomatoes – otherwise identical. A had the most, B had text only, and C omitted any nutritional benefits. This nutrition preamble was offered just before doing a payment card willingness-to-pay experiment. Standard demographic data were also included. The goal of the study was to see if and in what way the provision (or nonprovision) of this information, as well as consumers’ own knowledge of nutritional benefits of local foods, their beliefs and lifestyle influenced their willingness to pay for these local products.

Local produce

nutrition merchandising

willingness to pay

health benefits

payment card

Agricultural and Resource Economics

Other Economics

Analýza užívání platebních karet v maloobchodě. / Analysis of the use of payment cards in retail

PETERKOVÁ, Michaela

January 2013

This thesis deals with the issue of payment cards. The current situation of payment cards on the Czech market is described and statistically verified in the practical part. The analysisis performed using a questionnaire survey of customer and retailers. The aim of this thesis is using its own research to determine to what extent the payment cards in the Czech Republic used in retail.

Systém pro integraci platebních terminálů / System for Integration of Payment Terminals

Randa, Jakub

January 2014

This master's thesis describes the process of integration of electronic payment terminals into another technological solutions and eventually enabling the opportunity to make electronic payments using these solutions. It analyses the current situation on the field of electronic payments and the possibilities of own solution for these payments. It discusses the security aspects of payment operations and terminals and it also describes current legal situation involving the electronic payments in Czech Republic. It describes the process of implementation of the application for payment terminal integration and analyses the results of testing.

From Theory to Practice: Deployment-grade Tools and Methodologies for Software Security

Rahaman, Sazzadur

25 August 2020

Following proper guidelines and recommendations are crucial in software security, which is mostly obstructed by accidental human errors. Automatic screening tools have great potentials to reduce the gap between the theory and the practice. However, the goal of scalable automated code screening is largely hindered by the practical difficulty of reducing false positives without compromising analysis quality. To enable compile-time security checking of cryptographic vulnerabilities, I developed highly precise static analysis tools (CryptoGuard and TaintCrypt) that developers can use routinely. The main technical enabler for CryptoGuard is a set of detection algorithms that refine program slices by leveraging language-specific insights, where TaintCrypt relies on symbolic execution-based path-sensitive analysis to reduce false positives. Both CryptoGuard and TaintCrypt uncovered numerous vulnerabilities in real-world software, which proves the effectiveness. Oracle has implemented our cryptographic code screening algorithms for Java in its internal code analysis platform, Parfait, and detected numerous vulnerabilities that were previously unknown. I also designed a specification language named SpanL to easily express rules for automated code screening. SpanL enables domain experts to create domain-specific security checking. Unfortunately, tools and guidelines are not sufficient to ensure baseline security in internet-wide ecosystems. I found that the lack of proper compliance checking induced a huge gap in the payment card industry (PCI) ecosystem. I showed that none of the PCI scanners (out of 6), we tested are fully compliant with the guidelines, issuing certificates to merchants that still have major vulnerabilities. Consequently, 86% (out of 1,203) of the e-commerce websites we tested, are non-compliant. To improve the testbeds in the light of our work, the PCI Security Council shared a copy of our PCI measurement paper to the dedicated companies that host, manage, and maintain the PCI certification testbeds. / Doctor of Philosophy / Automatic screening tools have great potentials to reduce the gap between the theory and the practice of software security. However, the goal of scalable automated code screening is largely hindered by the practical difficulty of reducing false positives without compromising analysis quality. To enable compile-time security checking of cryptographic vulnerabilities, I developed highly precise static analysis tools (CryptoGuard and TaintCrypt) that developers can use routinely. Both CryptoGuard and TaintCrypt uncovered numerous vulnerabilities in real-world software, which proves the effectiveness. Oracle has implemented our cryptographic code screening algorithms for Java in its internal code analysis platform, Parfait, and detected numerous vulnerabilities that were previously unknown. I also designed a specification language named SpanL to easily express rules for automated code screening. SpanL enables domain experts to create domain-specific security checking. Unfortunately, tools and guidelines are not sufficient to ensure baseline security in internet-wide ecosystems. I found that the lack of proper compliance checking induced a huge gap in the payment card industry (PCI) ecosystem. I showed that none of the PCI scanners (out of 6), we tested are fully compliant with the guidelines, issuing certificates to merchants that still have major vulnerabilities. Consequently, 86% (out of 1,203) of the e-commerce websites we tested, are non-compliant. To improve the testbeds in the light of our work, the PCI Security Council shared a copy of our PCI measurement paper to the dedicated companies that host the PCI certification testbeds.

Cryptographic API misuses

Static program analysis

Benchmark

Payment card industry

Internet measurement

Website scanning

Web security

Systémy platebních karet / Payment card systems

Flégl, Jan

January 2011

The work is about payment card systems. We’d like to describe infrastructure of credit cards, ATMs, POS terminals , focusing on the EMV standard. In theoretical part we will be introduced with the history and development of credit cards, ATMs and POS terminals. Then we focus on a detailed description of payments terminals and possibilities of payment via the Internet. The most extensive theoretical part deals width EMV standard. In practical part we will make our own program, which authenticates the user based on his credit card and it will allow the user to login in the system. Source codes of this application can be found on enclosed CD.

Bezkontaktní platby – budoucnost platebních karet / Contactless Payments – Future of Payments Cards

Chludilová, Eliška

January 2014

This diploma thesis deals with the development of payments instruments, contactless technologies and instruments of contactless payments. This thesis describes intentions of card associations VISA and MasterCard in area contactless payments. It also contains a questionnaire survey, on the basis of which was carried out an evaluation and comparison with intentions associations. At the same was recommend of development for a provider of services in the area.