E-Government

"Electronic Wallets are Secure"

Introduction

The idea for paying for goods and services electronically is not a new one. The search for more efficient ways of doing business is now driving another revolution in the conduct of business and in our concept of money. This revolution is known as electronic commerce, which is the symbiotic integration of communications, data management, and security capabilities to allow business applications within different organizations to automatically exchange information related to the sale of goods and services. With the advent of the electronic age the concept of value was transferred to plastic cards with a magnetic stripe which securely carried personal account information. These cards are referred to as electronic or digital wallets. Many challenge how secure electronic wallets can be versus cash payments. This paper will attempt to present to you how the technology involved in electronic "digital wallet" transactions can be more secure and untraceable than cash.

Analysis

The security of a cash payment depends on the hardness of making acceptable reproductions of banknotes. When using application-level protocols such as SET (Secure Electronic Transactions) and SEPP (Secure Electronic Payment Protocol), one can construct payment systems guaranteeing security. There are several major business requirements addressed by SEPP;

1. To enable confidentiality of payment information

2. To ensure integrity of all payment data transmitted

3. To provide authentication that a cardholder is the legitimate owner of a card account

Implementing a security mechanism (SEPP and SET) provides owners of information and administrators with some peace of mind, but not without a trade-off: the more secure one attempts to make a network/server the more difficult it makes it users to access information. SEPP is the electronic equivalent of the paper charge slip, signature, and submission process. The negotiation process happens via a three-way communication among the cardholder, merchant and acquirer. It is suggested that SEPP communication be encrypted at lower layer and other protocols handle the delivery. SEPP is just one of the multi-user electronic wallet applications that enable consumers to securely and conveniently access information, make payments and conduct other forms of commerce over the internet. The features of SEPP have been folded into SET. SET is becoming the de facto standard in security. SET provides for confidential information and enable confidentiality of order information that is transmitted with payment information, ensures integrity for all transmitted data and provides authentication that a buyer is a legitimate user of the branded (e.g., Visa, MasterCard, American Express) bankcard account. Such payment systems as digital wallets makes life easier for us buyers, but the security of our personal information remains a major concern. SET offers buyers that security, instead of providing merchants with access to credit card numbers, SET encodes the numbers so only the consumer and financial institution have access to them. A third party provides digital certificates to the card-issuing financial institution; the institution then provides a digital certificate to the card holder. A similar process takes place for the merchant. A digital certificate is a foolproof way of identifying both consumers and merchants; it verifies the user's identity. These are a just a few approaches to safe electronic commerce.

There are people who are regular internet users who show a high level of trust in electronic payments, although there are significant doubts about security, privacy threats and fraud. The least secure system on this basis is "card not present" payment over the Internet when no specific means of cardholder authentication are used. This threat to security is primarily due to authentication procedures heavily based on credit card numbers and expiration dates that cannot be considered secrets. In addition, further elements of potential risk are the usage of weak versions of SSL (Secure Sockets Layer) or no SSL at all. As the number of people utilizing the internet increases, the risk of security violations increases with it. It is true that sometimes the cost of protecting the network outweighs the cost of just leaving it unprotected, but it is undeniable that the cost of protecting the network becomes nontrivial as more services such as electronic wallets become available. Some of the threats that stimulated the upsurge for people with the lack of security were compromise of clients' financial details (credit card numbers, etc) which may result in the unauthorized transfer of funds, development of a method of obtaining the goods or services without making the appropriate payment and other methods permitting the unauthorized transfer of funds. Regardless of how a payments system is constructed these attacks are always more or less practical although some techniques can virtually eliminate the risk of one or another.

The

...