Electronic payment and security on the Internet

Description

Thesis (MBA)--Stellenbosch University, 2002. / ENGLISH ABSTRACT: The greatest potential worry that an on-line shopper has is what happens to his/her credit
card details from the moment "submit" is pressed on the computer. Is it possible for someone
on the Internet to intercept the message and use credit card details maliciously? Also, there is
a lot of talk about personal details being encrypted, but how sure is one that this was indeed
the case once "submit" has been pressed? Is there a way in which one can be sure that a
transaction will occur only once? Many of the security issues are new and many experts are
only learning how to deal with these now. This thesis offers suggestions and strategies a user
can follow to minimize misuse and abuse of payment details.
Electronic payment is the backbone of e-commerce, and the biggest threat towards
widespread acceptance and usage of e-commerce is security. Many innovative solutions
have been developed by vendors to address security issues. For example, the Secure
Electronic Transfer (SET) protocol was developed to ensure that credit card transactions
could be conducted safely and securely on the Internet. Secure Socket Layer (SSL) ensures
that all communications and transactions are conducted in a tightly secure environment. This
is critical for online or mobile banking and other financial activities. Others developments
include payment systems that ensure that credit card details are never exposed to a merchant
(e.g. SET), while some ensure that credit card numbers never enter the Internet.
The five corner stones of security are confidentiality, privacy, authentication, integrity and
non-repudiation. Authentication, non-repudiation and integrity can be resolved with digital
certificates, digital timestamps and digital signatures. Message confidentiality, on the other
hand, is ensured through the use of strong encryption.
Encryption systems mutilate data or a message to such an extent that it is totally useless to
someone who does not have the appropriate algorithm and key to decode it. The most widely
used encryption schemes are the secret key and public key encryption systems. The public
key cryptosystem generates two keys, called a public and private key. The public key can be
made generally known, but the private key must be kept secret. A unique property of the
scheme is that once data is encrypted with one key, only the corresponding other key of the
pair can decrypt it. This makes it possible to address issues of authentication, integrity and
non-repudiation.
Traditional payment instruments such as cash, cheques, debit and credit card transactions
are being replaced by their electronic equivalents. The driving forces behind these are
transactional security, efficiency and speed. Novel payment solutions and strategies have
been devised to meet the challenges of this new economy. For example, smart cards can act
as an electronic purse that can hold electronic money. Other information, such as personal
details, medical records, driver's licence, etc. can also be stored on the card.
Whilst many security experts are in agreement that security is not a barrier anymore for wider
usage of the Internet for financial transactions, many consumers are still apprehensive about
how secure and safe it really is. This work aims to diminish those fears and show that the
Internet is safe for business. / AFRIKAANSE OPSOMMING: Een van die grootste bekommernisse wat 'n kliënt met aankope op die Internet kan
ondervind, is die onsekerheid wat presies gebeur nadat betalings aangegaan is en "Submit" is
gedruk. Is dit moontlik dat iemand die boodskap kan onderskep en betaling besonderhede vir
eie gebruik kan herwin? Daar is ook baie publisiteit oor kodifisering, maar hoe kan die klient
verseker wees dat betalings besonderhede wel gekodifiseer is wanneer "Submit" gedruk
was? Is daar 'n manier waarmee 'n mens verseker kan wees dat betaling slegs eenkeer gaan
geskied? Baie van die sekuriteits lokvalle is nuut en sekuritiets kenners is tans besig om te
leer hoe om die probleme te hanteer. Die werkstuk offer wenke en strategieë vir die
verbruiker om die misbruik van betaling besondehede op die Internet te minimiseer.
Elektronies betalings meganisme is die ruggraat van elektroniese besigheid, en die grootste
struikelblok tot die grootskaalse gebruik daarvan is sekuriteit. Daar is baie innoverende
oplossings om die probleme hok te slaan. By voorbeeld, die Secure Electronic Transfer (SET)
protokol was ontwikkel om te verseker dat betalings met kredietkaart met hoë sekuriteit en
veiligheid aangegaan kan word. Secure Socket Layers (SSL), verseker dat alle
kommunikasies en transaksies in 'n sekuur en veilige omgewing plaasvind. Dit is veral krities
wanneer die verbruiker gebruik maak van die Internet of vanaf selfone om transaksies aan te
gaan met 'n bank. Ander ontwikkelinge sluit in betalings metodes wat verseker dat die
handelaar nooit die kredietkaart besonderhede sien nie (bv. SET). Ander verseker weer dat
die betalings besonderhede nooit oor die Internet hoef gestuur te word nie.
Die vyf hoekstene van sekuriteit is konfidensialiteit, privaatheid, outentisiteit, integriteit en
non-repudiasie. Outentisiteit, integriteit en non-repudiasie word opgelos deur die gebruik
maak van digitale sertifikate, digitale tydstempels en digitale handtekeninge. Konfidensialiteit
kan verseker word deur die boodskap te kodifiseer.
Kodifikasie behels die verandering van data of boodskappe op so 'n wyse dat dit van geen
betekenis is vir 'n persoon wat nie die korrekte algoritme en sleutel het om dit te dekodifiseer
nie. Die geheime en publieke kodifiserings stelsels word die meeste gebruik om data te
kodifiseer. Die publieke kodifiserings stelsel genereer twee sleutels, naamlik 'n privaat en
publieke sleutel. Die publieke sleutel kan alom bekend gemaak word, maar die private sleutel
moet slegs bekend wees aan sy gebruiker. 'n Unieke eienskap van die stelsel is dat indien 'n
boodskap gekodifiseer is met een sleutel, slegs die ander sleutel van die paar dit sal kan
dekodifiseer. Dit maak dit moontlik om outentisiteit, integriteit en non-repudiasie toe te pas.
Die tradisionele metodes van betaling soos kontant, tjek en debiet of kredietkaart, gaan
mettertyd vervang word deur hul elektroniese eweknie. Die dryfkrag agter die verskynsel is
die hoë sekuriteit, doeltreffendheid en spoed waarmee transaksies op die manier gehanteer
kan word. Vindingryke betaling metodes is ontdek om die besondere uitdagings van die nuwe
ekonomie aan te speek. Byvoorbeeld, knap kaarte kan gebruik word as 'n elektroniese
beursie wat elektroniese geld bêre. Ander persoonlike inligting, mediese records,
bestuurlisensies, ens. kan ook op die kaart geberg word.
Terwyl baie sekuriteits kenners glo dat sekuriteit nie meer 'n stuikelblok is om die Internet vir
besigheids transaksies te gebruik nie, bly baie van die verbruikers skepties. Die werkstuk se
doel is om daardie onsekerhede uit die weg te ruim, deur te verduidelik hoe sekuriteit toe
gepas word, en om te bewys dat die Internet interdaad veilig is as a medium vir besigheids
transaksies.

Links & Downloads

1. http://hdl.handle.net/10019.1/52819

Tags

Electronic funds transfers

Internet

Dissertations -- Business management

Theses -- Business management

Additional Fields

Identifer	oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:sun/oai:scholar.sun.ac.za:10019.1/52819
Date	12 1900
Creators	Marais, Terrence K.
Contributors	Wessels, P. L., Stellenbosch University. Faculty of Economic & Management Sciences. Graduate School of Business.
Publisher	Stellenbosch : Stellenbosch University
Source Sets	South African National ETD Portal
Language	en_ZA
Detected Language	English
Type	Thesis
Format	129 p.
Rights	Stellenbosch University