Description
E-TRANSACTION
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION”
Abstract.
There has been enormous increase in e-transactions and cooperative computing services on the internet. Transactions and services over the internet have global reach and users, known or unknown to the service provider. Thus, it is very important for service providers (company websites) to identify and establish trustworthiness of potential collaborators, without violating the privacy and confidentiality laws that prevail across geographical boundaries. But as the system becomes complex and dynamic, contractual incompleteness arises Trust plays a crucial role in the design of optimal contracts; not all the relevant, valuable information on the user’s choice of action is incorporated in the equilibrium contract. However, in e-transactions, this is not the case. The challenge is to see how in such a scenario trust can indeed be generated. Note that the presence of trust facilitates cooperative behaviour and allows for exchange to occur in situations where its absence would preclude trade. In this paper, we shall present a comparative analysis of various approaches of trust management in practice that integrates technology with other factors. We shall also bring out the relative deficiencies and how these issues are tackled in our ongoing work that facilitates execution of optimal contracts. Keywords. E-transaction; security;
Introduction.
The utility and benefits of e-transaction are well known. Internet has become an important medium for disseminating information, doing commerce and business. The enabling technologies are helping the organizations to put their resources and work-flow systems etc over the internet. The expansion of network access is driving an increase in interactions among people and between people and businesses (a set of interacting parties often called electronic community). It is widely acknowledged that e-commerce has fallen short of its expected potential in terms of applications. This can be attributed, among many factors, to the lack of trust that participants have in e- transactions. For making transactions, in the context of transactions over the Internet, it is not possible to use factors as mentioned above as such trust models do not exist. Before discussing the issues and approaches for trust Management (TM) in ecommerce,. Trust is the extent to which one party is willing to depend on somebody, or something, in a given situation with a feeling of relative security, even though negative consequences are possible. Trust is not symmetric: two individuals do not need to have similar levels of trust in each other. Even if two entities get the same evidence, they might not necessarily interpret this information in the same way. It is self-preserving and self-amplifying, and increases through periodic successful interactions, and degrades through disuse
1
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” or misuse. It is becoming increasingly important for the electronic community to have means and methods for tackling trust related issues for e-transactions. In this study, we shall discuss technological issues involved in e-transaction to develop security; other issues are out of the scope of this study. It is important to note that in the technology involved in present day.
Problem statement.
The internet is currently helping and facilitating online purchase and makes payments very flexible. This has lead to a new market for firms on which the numbers of customers is frequently increasing. With internet came, the concept of e-shop or virtual shops that existed only on internet and this has resulted in popularity of e-transaction and online credit card fraud. Numerous type of fraud has been developed over the years. Detection and prevention of frauds in an extremely important through gaining knowledge of how to be secure on Etransaction.
Research objective:
The aim of this study is to find out the mechanisms that banks and other websites put into place in order to minimize these increasing frauds transaction. We also seek to describe the security features and investigate how to secure from fraudsters on e- transaction.
Research question:
“HOW MUCH SAFE IS E-TRANSACTION?”
Literature review.
Online payments using credit cards: A credit card is a card that allows you to borrow money to pay for things. There will be a limit to how much you can spend .at the end of month you can either pay off whole of the amount or minimum repayment. It is most popular way of e- transaction because of simple process and comfortable. Just enter the relevant details and merchant’s gets these validated and payment goes through. (Tej Paul Bhatla 2003)
Credit card hacking:
2
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” In an e- transaction, the payment data transfer between the customer pc and the vendors shop over the internet. That raises concern about credit card online security and identifies theft. Most online shops are secured to prevent unauthorised people from seeing that information, including the credit card data; it could be exposed and subject to theft. One should be very careful while entering data as it is difficult to intercept information transferred over a secure connection. (Tej Paul Bhatla 2003)
Attack a shop to access the customer database: It is very difficult to get the credit card details, but thousands of credit cards are compromised in a successful attack. The intellectual hackers and poor web-shop security lead to major breaking that are happening frequently .hopefully, if a site detects an attack, you might be notified in time to protect your card and prevent unauthorised charges. (Tej Paul Bhatla 2003)
Fool customer into submitting card information voluntarily: The unknown person have created fake on-line store that use a simulated orders process designed. They use these kinds of site only to record and to steal credit card information. Another way is by sending fraudulent e-mail (email fishing) asking the person to update his registration and credit card data for a web service to use. Many users have become victim of these credit card scams. (Tej Paul Bhatla 2003)
Merchant related fraud: Merchant related frauds are initiated either by owners of the merchant establishment or their employees. The type of frauds initiated by merchants is described below:
1) Merchant collusion:
3
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” This type of fraud occurs when merchant owners or their employee conspire to commit fraud using the cardholder accounts or by using the personal information. They pass on the information about cardholder to fraudsters. (Tej Paul Bhatla 2003) 2) Triangulation: Triangulation is type of fraud which is done and operates from a web site. The products or goods are offered at heavily discounted rates and are shipped before payment. The customer while browser the site and if he likes the product he place the online information such as name, address and valid credit card detail to the website. When the fraudsters receive these details, they order goods from a legitime site using stolen stolen credit card details. The fraudsters then by using the credit card information purchase the products. This process is designed to cause a great deal of initial confusion, and the fraudulent internet company in this manner can operate long enough to accumulate vast amount of goods purchased with stolen credit card numbers. (Tej Paul Bhatla 2003)
Internet related frauds: The internet is the base for the fraudster to make the fraud in the simply and the easiest way. Fraudsters have recently begun to operate on a truly transnational level. Today internet has its own world market attracting most customers around the world. Site cloning: Site cloning is where fraudsters close an entire site or just the pages from which the customer made a purchase. Customers have no reason to believe they are not dealing with the company that they wished to purchase goods or service from because the page that they are viewing are identical to those of the real site. The cloned site will receive this detail and send the customer suspect a receipt of the transaction through the email just as the real company would do. The consumer suspects nothing, while the fraudsters have all the detail they need to commit credit card fraud. (Tej Paul Bhatla 2003)
False merchant sites:
4
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” Some sites often offer a cheap service for the customer. This site requests the customer to fill his complete details such as name and address the webpage where the customer gets his required products. Many of this site claim to be free, but require a valid credit card numbers to verify an individual’s age. These kinds of sites in this way collect as many as credit card details. The site are usually part of a large criminal network that either uses the detail it collect to raise revenue or sells valid credit card detail to small fraudsters. (Tej Paul Bhatla 2003) Credit card generators: These are the computer programs that generate valid credit card number and expiry date. This generator work by generating lists of credit card accounts numbers from a single account number. The software works by using the mathematical and algorithm that card issuers use to generate other valid card numbers combinations. This makes the user to allow to illegally generating as many numbers as he desire, in the form of any of the credit card formats. (Tej Paul Bhatla 2003) Application process: Common practice for card issuer to confirm applicant information through multiple data source. Issuers call a number mention on the document and confirm address for security verification. Applications are also tested for inconsistencies with information received from credit bureaus. This might include name, address, phone no. and birthdates to match if detail doesn’t match, the activation could be put on hold or stopped for further investigation. (The silver lake 2002) Transaction behaviour monitoring: All type of frauds predominantly occur and are identified during and after trasaction.the transaction behaviour monitoring process could therefore prevent almost all identifiable frauds after effective tracking albeit, it may take longer periods. It is quite difficult however to detect first time frauds using the transaction behaviour monitoring process which require tracking of transaction emanating from the credit card source. (Woldgang r, 2003)
Detection and fraud prevention on the internet:
5
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” There are no universally accepted solutions. As a result, credit card fraud on the internet is substantially greater than in the physical or even phone environment. One approach to combat internet fraud, which is supported by many issuers, is card verification value 2(cvv2).the set of digits found on the reverse side of the most credit card is unique to that card. This adds security to the transaction. But lost or stolen card fraud can hardly be prevented by the introduction of CVV2. (Arata Michael j, 2004)
Research design:
Exploratory studies are the valuable mean to find out what is happening, seeking new insight, ask question and phenomena in a new light. The purpose of exploratory research is to gather as much information as possible about an etransaction security through searching leatreture, talking expert’s opinion and conduction group-focused interview. Research approach: Qualitative research is characterised by the opportunity to explore a subject in a manner as real as possible. Qualitative data are based on meaning expressed through words, non-standardised data classified into categories and analysis from conceptualization (case studies) Qualitative approach would be appropriate since the aim of this study is do described and get a better understanding of security system in e-transaction. Research strategy: Research strategy is how we will lead to the use of the research approach. Different strategies are experiments, survey, archival and case studies. We decide to use the “case studies” as the research question includes “How”. Sample selection: Due to time and financial limitation, we will investigate four groups 1) bank managers 2) shopping websites 3) online booking agents and sellers 4) online traders.
Data collection method:
6
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” The information for case studies may come from documents, interviews, participants and direct observation.strenght and weakness mention below
Data analysis:
Researcher will collect data with the research question and previous studies as a basis.Moreever we wanted to compare the data, which we gathered of different groups. After finishing the data collection, we organised the data for each case based on the variable sets that has been selected from the literature review and the research question. We firstly used the within-case analysis and then crosscase analysis and finally compare the analysis with different groups.
Qualification of researcher:
Six members of M.B.A students would be conducting study with basic skills and knowledge of operating internet, recorder, and recording the details.
Budget:
7
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” Budget would be needed for travelling, phone calls, paper and stationary per head Rs.50.
Schedule:
As per time allocated.
Bibliography
Tej paul bhatla.,2003-at.all-“understanding credit card frauds” card business review. http://www.tcs.com/0_whitepapers/htdocs/credit_card_fraud_white_paper_v_1. 0.pdf The silver lake 2002: identity theft: how to protect your name, your credit and vital information, and what to do when someone hijacks any of these Vensa hassle, 2001 –“security fundamentals for E-commerce”, computer security series.
Appendix:
Interview question for customers: 1) Do you prefer doing e-transaction? 2) How long you have been doing e-transaction? 3) Which aspect of security is most important while doing e-transaction? 4) Have you ever been victim if online fraud? 5) What will you do if you have been victim of online fraud? 6) What system does your service provider use to detect fraud? 7) How effective has that system is? 8) What suggestion would you like to give to your service provider in context to security in E-transaction? Interview question for service provider or banks: 1) What occupation or service you provide?
8
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION”
2)
How long you been working in bank or operation online shop?
3) What aspect of security do you specially deal with?(related to etransaction) 4) Do you encounter frauds on E-transaction? 5) How do you detect such frauds? 6) Can you tell us the counter-measures you use to prevent fraud in Etransaction?
7)
How effective are you systems?
8) What advice do you have for your clients who use credit cards as far as security is concern?
9
doc_907969206.doc
E-TRANSACTION
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION”
Abstract.
There has been enormous increase in e-transactions and cooperative computing services on the internet. Transactions and services over the internet have global reach and users, known or unknown to the service provider. Thus, it is very important for service providers (company websites) to identify and establish trustworthiness of potential collaborators, without violating the privacy and confidentiality laws that prevail across geographical boundaries. But as the system becomes complex and dynamic, contractual incompleteness arises Trust plays a crucial role in the design of optimal contracts; not all the relevant, valuable information on the user’s choice of action is incorporated in the equilibrium contract. However, in e-transactions, this is not the case. The challenge is to see how in such a scenario trust can indeed be generated. Note that the presence of trust facilitates cooperative behaviour and allows for exchange to occur in situations where its absence would preclude trade. In this paper, we shall present a comparative analysis of various approaches of trust management in practice that integrates technology with other factors. We shall also bring out the relative deficiencies and how these issues are tackled in our ongoing work that facilitates execution of optimal contracts. Keywords. E-transaction; security;
Introduction.
The utility and benefits of e-transaction are well known. Internet has become an important medium for disseminating information, doing commerce and business. The enabling technologies are helping the organizations to put their resources and work-flow systems etc over the internet. The expansion of network access is driving an increase in interactions among people and between people and businesses (a set of interacting parties often called electronic community). It is widely acknowledged that e-commerce has fallen short of its expected potential in terms of applications. This can be attributed, among many factors, to the lack of trust that participants have in e- transactions. For making transactions, in the context of transactions over the Internet, it is not possible to use factors as mentioned above as such trust models do not exist. Before discussing the issues and approaches for trust Management (TM) in ecommerce,. Trust is the extent to which one party is willing to depend on somebody, or something, in a given situation with a feeling of relative security, even though negative consequences are possible. Trust is not symmetric: two individuals do not need to have similar levels of trust in each other. Even if two entities get the same evidence, they might not necessarily interpret this information in the same way. It is self-preserving and self-amplifying, and increases through periodic successful interactions, and degrades through disuse
1
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” or misuse. It is becoming increasingly important for the electronic community to have means and methods for tackling trust related issues for e-transactions. In this study, we shall discuss technological issues involved in e-transaction to develop security; other issues are out of the scope of this study. It is important to note that in the technology involved in present day.
Problem statement.
The internet is currently helping and facilitating online purchase and makes payments very flexible. This has lead to a new market for firms on which the numbers of customers is frequently increasing. With internet came, the concept of e-shop or virtual shops that existed only on internet and this has resulted in popularity of e-transaction and online credit card fraud. Numerous type of fraud has been developed over the years. Detection and prevention of frauds in an extremely important through gaining knowledge of how to be secure on Etransaction.
Research objective:
The aim of this study is to find out the mechanisms that banks and other websites put into place in order to minimize these increasing frauds transaction. We also seek to describe the security features and investigate how to secure from fraudsters on e- transaction.
Research question:
“HOW MUCH SAFE IS E-TRANSACTION?”
Literature review.
Online payments using credit cards: A credit card is a card that allows you to borrow money to pay for things. There will be a limit to how much you can spend .at the end of month you can either pay off whole of the amount or minimum repayment. It is most popular way of e- transaction because of simple process and comfortable. Just enter the relevant details and merchant’s gets these validated and payment goes through. (Tej Paul Bhatla 2003)
Credit card hacking:
2
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” In an e- transaction, the payment data transfer between the customer pc and the vendors shop over the internet. That raises concern about credit card online security and identifies theft. Most online shops are secured to prevent unauthorised people from seeing that information, including the credit card data; it could be exposed and subject to theft. One should be very careful while entering data as it is difficult to intercept information transferred over a secure connection. (Tej Paul Bhatla 2003)
Attack a shop to access the customer database: It is very difficult to get the credit card details, but thousands of credit cards are compromised in a successful attack. The intellectual hackers and poor web-shop security lead to major breaking that are happening frequently .hopefully, if a site detects an attack, you might be notified in time to protect your card and prevent unauthorised charges. (Tej Paul Bhatla 2003)
Fool customer into submitting card information voluntarily: The unknown person have created fake on-line store that use a simulated orders process designed. They use these kinds of site only to record and to steal credit card information. Another way is by sending fraudulent e-mail (email fishing) asking the person to update his registration and credit card data for a web service to use. Many users have become victim of these credit card scams. (Tej Paul Bhatla 2003)
Merchant related fraud: Merchant related frauds are initiated either by owners of the merchant establishment or their employees. The type of frauds initiated by merchants is described below:
1) Merchant collusion:
3
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” This type of fraud occurs when merchant owners or their employee conspire to commit fraud using the cardholder accounts or by using the personal information. They pass on the information about cardholder to fraudsters. (Tej Paul Bhatla 2003) 2) Triangulation: Triangulation is type of fraud which is done and operates from a web site. The products or goods are offered at heavily discounted rates and are shipped before payment. The customer while browser the site and if he likes the product he place the online information such as name, address and valid credit card detail to the website. When the fraudsters receive these details, they order goods from a legitime site using stolen stolen credit card details. The fraudsters then by using the credit card information purchase the products. This process is designed to cause a great deal of initial confusion, and the fraudulent internet company in this manner can operate long enough to accumulate vast amount of goods purchased with stolen credit card numbers. (Tej Paul Bhatla 2003)
Internet related frauds: The internet is the base for the fraudster to make the fraud in the simply and the easiest way. Fraudsters have recently begun to operate on a truly transnational level. Today internet has its own world market attracting most customers around the world. Site cloning: Site cloning is where fraudsters close an entire site or just the pages from which the customer made a purchase. Customers have no reason to believe they are not dealing with the company that they wished to purchase goods or service from because the page that they are viewing are identical to those of the real site. The cloned site will receive this detail and send the customer suspect a receipt of the transaction through the email just as the real company would do. The consumer suspects nothing, while the fraudsters have all the detail they need to commit credit card fraud. (Tej Paul Bhatla 2003)
False merchant sites:
4
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” Some sites often offer a cheap service for the customer. This site requests the customer to fill his complete details such as name and address the webpage where the customer gets his required products. Many of this site claim to be free, but require a valid credit card numbers to verify an individual’s age. These kinds of sites in this way collect as many as credit card details. The site are usually part of a large criminal network that either uses the detail it collect to raise revenue or sells valid credit card detail to small fraudsters. (Tej Paul Bhatla 2003) Credit card generators: These are the computer programs that generate valid credit card number and expiry date. This generator work by generating lists of credit card accounts numbers from a single account number. The software works by using the mathematical and algorithm that card issuers use to generate other valid card numbers combinations. This makes the user to allow to illegally generating as many numbers as he desire, in the form of any of the credit card formats. (Tej Paul Bhatla 2003) Application process: Common practice for card issuer to confirm applicant information through multiple data source. Issuers call a number mention on the document and confirm address for security verification. Applications are also tested for inconsistencies with information received from credit bureaus. This might include name, address, phone no. and birthdates to match if detail doesn’t match, the activation could be put on hold or stopped for further investigation. (The silver lake 2002) Transaction behaviour monitoring: All type of frauds predominantly occur and are identified during and after trasaction.the transaction behaviour monitoring process could therefore prevent almost all identifiable frauds after effective tracking albeit, it may take longer periods. It is quite difficult however to detect first time frauds using the transaction behaviour monitoring process which require tracking of transaction emanating from the credit card source. (Woldgang r, 2003)
Detection and fraud prevention on the internet:
5
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” There are no universally accepted solutions. As a result, credit card fraud on the internet is substantially greater than in the physical or even phone environment. One approach to combat internet fraud, which is supported by many issuers, is card verification value 2(cvv2).the set of digits found on the reverse side of the most credit card is unique to that card. This adds security to the transaction. But lost or stolen card fraud can hardly be prevented by the introduction of CVV2. (Arata Michael j, 2004)
Research design:
Exploratory studies are the valuable mean to find out what is happening, seeking new insight, ask question and phenomena in a new light. The purpose of exploratory research is to gather as much information as possible about an etransaction security through searching leatreture, talking expert’s opinion and conduction group-focused interview. Research approach: Qualitative research is characterised by the opportunity to explore a subject in a manner as real as possible. Qualitative data are based on meaning expressed through words, non-standardised data classified into categories and analysis from conceptualization (case studies) Qualitative approach would be appropriate since the aim of this study is do described and get a better understanding of security system in e-transaction. Research strategy: Research strategy is how we will lead to the use of the research approach. Different strategies are experiments, survey, archival and case studies. We decide to use the “case studies” as the research question includes “How”. Sample selection: Due to time and financial limitation, we will investigate four groups 1) bank managers 2) shopping websites 3) online booking agents and sellers 4) online traders.
Data collection method:
6
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” The information for case studies may come from documents, interviews, participants and direct observation.strenght and weakness mention below
Data analysis:
Researcher will collect data with the research question and previous studies as a basis.Moreever we wanted to compare the data, which we gathered of different groups. After finishing the data collection, we organised the data for each case based on the variable sets that has been selected from the literature review and the research question. We firstly used the within-case analysis and then crosscase analysis and finally compare the analysis with different groups.
Qualification of researcher:
Six members of M.B.A students would be conducting study with basic skills and knowledge of operating internet, recorder, and recording the details.
Budget:
7
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION” Budget would be needed for travelling, phone calls, paper and stationary per head Rs.50.
Schedule:
As per time allocated.
Bibliography
Tej paul bhatla.,2003-at.all-“understanding credit card frauds” card business review. http://www.tcs.com/0_whitepapers/htdocs/credit_card_fraud_white_paper_v_1. 0.pdf The silver lake 2002: identity theft: how to protect your name, your credit and vital information, and what to do when someone hijacks any of these Vensa hassle, 2001 –“security fundamentals for E-commerce”, computer security series.
Appendix:
Interview question for customers: 1) Do you prefer doing e-transaction? 2) How long you have been doing e-transaction? 3) Which aspect of security is most important while doing e-transaction? 4) Have you ever been victim if online fraud? 5) What will you do if you have been victim of online fraud? 6) What system does your service provider use to detect fraud? 7) How effective has that system is? 8) What suggestion would you like to give to your service provider in context to security in E-transaction? Interview question for service provider or banks: 1) What occupation or service you provide?
8
RESEARCH PROPOSAL “HOW SAFE IS E-TRANSACTION”
2)
How long you been working in bank or operation online shop?
3) What aspect of security do you specially deal with?(related to etransaction) 4) Do you encounter frauds on E-transaction? 5) How do you detect such frauds? 6) Can you tell us the counter-measures you use to prevent fraud in Etransaction?
7)
How effective are you systems?
8) What advice do you have for your clients who use credit cards as far as security is concern?
9
doc_907969206.doc