X9.59 mailing list

x959 Postings and Posting Index,
next, previous - home

Electronic Commerce and the Banking Industry: The Requirement and Opportunities for New Payment System Using the Internet
Nokia banks on movile banking
Almost Half UK E-Shopper's Fear Card Fraud (CC fraud increased by 50% in 2k)
BIS Papers No. 7 - Electronic finance: a new perspective and challenges
XML-based eBusiness Standards Convergence
Payment System description (from FRBNY)
Statistics for General and Online Card Fraud
VISA: All Your Password Are Belong to Us
Credit Card Fraud and E-Commerce: A Case Study
Project Corvalllis
account number & shared-secret vulnerabilities
ePSO-N 10 available on Internet
Microsoft Pushing for Bigger Share of Web Banking Market

Electronic Commerce and the Banking Industry: The Requirement and Opportunities for New Payment System Using the Internet

From: Lynn Wheeler
Date: 11/30/2001 07:26 AM
To: ansi-epay@xxxxxxxx
Subject: Electronic Commerce and the Banking Industry: The Requirement and Opportunities for New Payment System Using the Internet

http://www.enhyper.com/content/crede-payments-systems.htm

Abstract

With the rapid expansion of the Internet, there are a number of initiatives underway for the creation of a secure cost-effective payment system which will be able to support growing commercial activities on the network. Although electronic payment systems for large payments have been in operation for some time, rapidly expanding volumes of foreign exchange and securities trading are increasingly at variance with the requirements for a cost-effective and efficient electronic payment system for making low value payments. Current progress in establishing such payment systems on the Internet is examined. The paper argues that the ultimate vision could be for a truly global and virtual marketplace requiring completely new institutional and legal structures and having a similarly profound impact on economic life to the medieval trade fairs which emerged in Europe in the 12th century.

Nokia banks on movile banking

From: Lynn Wheeler
Date: 11/30/2001 07:35 AM
To: ansi-epay@xxxxxxxx
Subject: Nokia banks on movile banking

Nokia banks on mobile banking

By Ben Charny
Special to CNET News.com
November 29, 2001, 1:25 p.m. PT

Handset maker Nokia stepped up its march into the mercurial world of mobile banking on Thursday.

The world's leading handset maker announced its involvement in a software package that lets banks offer customers mobile-telephone access to checking accounts and stock portfolios.

The new offering is a result of a partnership between Nokia; venture capital firm 3i; Accenture, a management and technology consulting organization; and Finland-based financial services group Sampo.

The four have formed a new company, Meridea Financial Software, to sell the software worldwide.

Almost Half UK E-Shopper's Fear Card Fraud (CC fraud increased by 50% in 2k)

Refed: **, - **, - **, - **

From: Lynn Wheeler
Date: 11/30/2001 07:46 AM
To: ansi-epay@xxxxxxxx
Subject: Almost Half UK E-Shopper's Fear Card Fraud (CC fraud increased by 50% in 2k)

http://www.epaynews.com/index.cgi?survey=&ref=browse&f=view&id=1007122496621726189&block=

.....

Credit card fraud in Europe increased by 50 per cent in 2000, to ... 600 million, prompting the EC to begin a three-year campaign against fraud. Online transactions represented only 2 per cent of all credit card use in the EU last year, but accounted for over half of all customer complaints. As a result, the EU says the potential of eCommerce is "inhibited by lack of confidence ...in the security of payment transactions conducted over the Internet". In fact, an EC official stated, "credit cards were not made to function on the Internet", adding, "there is a real need of safer payment systems that we hope the industry will deliver".

....

BIS Papers No. 7 - Electronic finance: a new perspective and challenges

Refed: **, - **, - **, - **

From: Lynn Wheeler
Date: 11/30/2001 08:21 AM
To: ansi-epay@xxxxxxxx
Subject: BIS Papers No. 7 - Electronic finance: a new perspective and challenges

http://www.bis.org/publ/bispap07.htm

November 2001

A workshop on electronic finance was convened by the BIS on 2-3 July 2001. The internet and related technology has begun to have a profound effect on how financial services are delivered. Discussion about e-finance is widespread within the financial community, covering both its potential to improve efficiency but also possible challenges it poses to financial and monetary stability. Rapid innovation and the paucity of reliable data are creating considerable uncertainty about the nature and size of these challenges. The workshop brought together a diverse group of experts (listed on pages iii-vi) from a range of economies, backgrounds and sectors; including practitioners, academics and central bankers. It focused on current and potential changes in trading systems and exchanges, payment systems and financial institutions.

XML-based eBusiness Standards Convergence

From: Lynn Wheeler
Date: 11/30/2001 09:05 AM
To: ansi-epay@xxxxxxxx
Subject: XML-based eBusiness Standards Convergence

http://www.businessinternetconsortium.org/members/docs/XMLWhitePaper.html

XML-based eBusiness Standards Convergence Workgroup white papers

Throughout Phase 1, the XML Convergence Workgroup has been focusing on developing a conceptual model that describes the architectural components needed for B2B Automation. Input from various expert sources resulted in several iterations of reconciliation and modifications to the model. The result is documented in the "High Level Conceptual Model for B2B Integration" white paper. Three case studies from the member companies link their current implementation with the conceptual model and enforce its validity. The point of these case studies is to show that the conceptual model is not just a collection of colorful 3D boxes stacked together with creative names. They actually relate to real systems in production.

The Workgroup's Phase 1 goal was to define such a conceptual model and make it credible to describe the realities of today's business environment, and what needs to happen in the future to drive continued success in the B2B Automation space. Delivery of this set of white papers achieves this goal.

Summary of Phase-1 XML Convergence Workgroup Deliverables: Summarizes the white papers developed by the BIC XML Convergence Workgroup in Q3 of 2001 and establishes connections among them in order to help the reader to understand their relevance.

High Level Conceptual Model for B2B Integration: Introduces the conceptual model and definitions of each layer.

Ford Motor Company Case Study: Describes Ford Motor's current B2B implementation, which is based on the OAGI specification and other technologies. It shows a strong relationship of Ford Motor's implementation with the conceptual model.

RosettaNet Case Study: Documents the current RosettaNet architecture components and connections with the conceptual model. It is an instantiation of the model with their current, generalized RosettaNet implementation.

Intel Case Study: Describes Intel's specific implementation of RosettaNet. Intel added its own touch to the backend integration, which is not specified by RosettaNet. It also worked with vendors to interpret the RosettaNet specifications in the context of Intel's business environment. Again, this case study shows that the conceptual model is a true reflection of components needed for B2B Automation.

Payment System description (from FRBNY)

From: Lynn Wheeler
Date: 11/30/2001 09:10 AM
To: ansi-epay@xxxxxxxx, internet-payments@xxxxxxxx
Subject: Payment System description (from FRBNY)

http://www.ny.frb.org/bankinfo/payments/

(also
http://www.ny.frb.org/bankinfo/payments/open2.htm )

Payments Systems

These pages provide a consolidated information resource on payment systems.

For a basic overview of different payments systems and how they work, the General Information section is the best place to begin. Here we answer basic questions about payments systems and define important terms. You'll also find diagrams that demonstrate the flow of payments.

Clicking on Payments Links will give you a more detailed look at any particular part of payments systems. This page has important links to the different types of payment systems and to the players involved. Within this page, by clicking on the more details link, you can see further description of a player's role along with details on where additional information can be found.

Finally, the Articles & Speeches page collects some of the research done on payments issues by members of the New York Fed and the Payments Studies staff.

Statistics for General and Online Card Fraud

Refed: **, - **, - **

From: Lynn Wheeler
Date: 11/30/2001 10:54 AM
To: ansi-epay@xxxxxxxx, internet-payments@xxxxxxxx
Subject: Statistics for General and Online Card Fraud

... there are quite a few statistics at the following

http://www.epaynews.com/statistics/fraud.html#12

Statistics for General and Online Card Fraud

Meridien Research says online credit card fraud will total USD 9 billion by 2001, despite the success of Visa and MasterCard in reducing the total volume of bank card fraud to 6 cents in every 100 dollars.

VISA: All Your Password Are Belong to Us

Refed: **, - **, - **

From: Lynn Wheeler
Date: 12/04/2001 08:17 AM
To: ansi-epay@xxxxxxxx, internet-payment@xxxxxxxx
Subject: VISA: All Your Password Are Belong to Us

http://www.nytimes.com/2001/12/03/technology/ebusiness/03CARD.html?todaysheadlines

December 3, 2001

Visa Starts Password Service to Fight Online Fraud

By SAUL HANSELL

Something seems backward about the way that credit card companies have used the Internet. If you want to see your balance or pay your bill online, you will need to log on to the credit card company's site with a password. But to spend money on other sites, all you need is the card number itself, the same one available to anyone who finds a stray receipt or picks the wallet from your pocket.

Of course, the cardholder is not liable if someone goes on a cybershopping spree with a purloined number. But disentangling the fraud is a problem. And the banks and merchants have to absorb the loss.

Visa is trying to change that, albeit very slowly. Starting today, it will invite cardholders to link their cards to a password. People using those cards at online stores set up to handle the new system, called Verified by Visa, will be asked for the password as they check out. MasterCard is working on a slightly more complex approach to verifying cardholders' identities; it plans to introduce the changes next year.

At first, both of these systems will be optional for cardholders, online stores and the various banks that issue the cards. Visa predicts that only 6 percent of its cards will have passwords in the first year.

That means that 94 percent of cards will still be an open invitation to crooks. And even those cards that do have passwords can still be used at sites - including Amazon.com (news/quote) - that do not want to ask for the passwords. Indeed, Visa's software does not even work on Macintosh computers, so a Mac-using card thief would not be deterred by the system.

Visa argues that it is taking the first steps in a long process to make online buying more secure. It says it will write software for the Mac and find ways to encourage participation. Visa, which is an association owned by the banks, hints that if the system works as it hopes, it will ultimately require passwords for online purchases.

"If the market accepts this over the next year, we have levers we can pull to increase adoption," said James McCarthy, a senior vice president at Visa's eVisa business unit.

So far, even some of the biggest Visa banks are not so sure they want to force any cardholder to obtain a password who does not want one.

"The last thing we want to do is curtail any purchase activity from someone because they don't want to take the time to sign up for the system," said Hugh Bleemer, executive vice president for e-business at First USA, the largest Visa card issuer.

First USA, which will be among the first to let cardholders sign up for Verified by Visa, says it is not so much concerned about fraud itself as simply the fear of fraud felt by some of its cardholders.

"When we look at research and talk to our customers, we know there is a group that would like us to provide an added level of security," Mr. Bleemer said.

For the banks, moving shopping online can have a big effect. In stores, only 30 percent of dollars spent are with general- purpose credit cards. On the Internet, that share is 90 percent.

Fraud, meanwhile, is hardly a major problem for the credit card issuers. Visa says that just 7 cents for every $100 in card purchases is lost to fraud, half the rate of 10 years ago. But 25 cents for every $100 in online purchases is fraud. The online fraud rate has been stable in recent years, but the overall number has grown, as e-commerce now represents just under 4 percent of Visa card purchases.

"If we don't get to the root causes of this, the losses will continue to grow," Mr. McCarthy said.

One reason the banks have not been so concerned about fraud losses is that under credit card rules, online stores - and other mail order merchants - must cover the costs of any charge that the consumer says was unauthorized. (In a store, where the customer signs a charge slip, the bank issuing the card is liable for fraud.)

Moreover, in 2003, Visa expects to change these rules so that merchants that accept Verified by Visa will not be liable for unauthorized charges.

That promise is not enough to get Amazon.com, the largest online store, to participate in Verified by Visa.

"From our standpoint, the amount of friction that Verified by Visa introduces for the customer outweighs the benefit from reducing fraud," said Mark Britto, Amazon's director of corporate development. "It would turn one-click ordering into four- point, three-click ordering," he said, referring to the online store's trademark method of fast checkout.

Dell Computer (news/quote), by contrast, signed on to be among the first merchants to participate in the Verified by Visa program, but mainly to reduce the number of people who call to order computers because they are afraid to enter their card numbers on the Web.

"We're not greatly concerned about fraud levels," said Sam Decker, Dell's senior manager for consumer e-business. "We want to give customers more confidence in buying online."

Visa argues its security system is more efficient than a previous effort, developed in 1996 by a consortium of credit card companies, that proved too complex. Consumers do not need to use any new software, and merchants simply need to open a new window on shoppers' Web browsers in which they can send their password to the bank that issued their card.

"Visa's architecture is simple but quite elegant," said Stephen Ryan, a vice president of Arcot Systems, a company that makes software used by banks and merchants to participate in the program.

MasterCard's approach, called secure payment authorization, requires the user to download a small program, a method it says is more secure than passwords alone.

American Express (news/quote) says that it does not see a compelling reason to press for a new user identification system as it is comfortable with its fraud losses. But the company said it might move to a new password system if the industry agreed on a standard.

"With any new authentication program, you need to have a critical mass of cardholders who can use them and merchants that accept them," said David Bonalle, the American Express vice president in charge of advanced payments enterprise development. "As long as Visa and MasterCard don't agree, we're not going to make any progress."

Credit Card Fraud and E-Commerce: A Case Study

Refed: **, - **, - **

From: Lynn Wheeler
Date: 12/04/2001 10:08 AM
To: ansi-epay@xxxxxxxx
Subject: Credit Card Fraud and E-Commerce: A Case Study

another paper mentioning X9.59

http://students.depaul.edu/~echeck/582casestudy.htm

Project Corvalllis

From: Lynn Wheeler
Date: 12/04/2001 05:38 PM
To: ansi-epay@xxxxxxxx
Subject: Project Corvalllis

also from information security group at Oregon State University ...

https://www.garlic.com/~lynn/aepay7.htm#orst

Project Corvalis

http://security.ece.orst.edu/corvallis/Private/Docs/proposal.pdf

also another paper on account based electronic payment protocol

http://www.datensicherheit.nrw.de/dokumente/ws001129/talk2.pdf

from:

http://www.datensicherheit.nrw.de/dokumente/ws001129/

account number & shared-secret vulnerabilities

Refed: **, - **, - **, - **, - **

From: Lynn Wheeler
Date: 12/05/2001 03:27 PM
To: ansi-epay@xxxxxxxx
Subject: account number & shared-secret vulnerabilities

--26 & 28 November 2001 Google Search Results Could Present Security Problem
A new tool in the Google search engine can return results not intended for public viewing. Not only can the searches turn up credit card numbers and other sensitive information, but they are capable of pinpointing sites running software with known vulnerabilities.
http://news.cnet.com/news/0-1005-200-7946411.html?tag=prntfr
http://www.theregister.co.uk/content/55/23069.html

--29 November 2001 Russian Man Arrested in ATM Fraud Case
A Russian organized crime ring stole account and personal identification numbers (PINs) from people using point of sale ATMs in Manhattan, New Your City. The group allegedly stole $1.5 million from the victims, who are largely Chase and Citibank customers. The US Treasury's Secret Service police have arrested one man in connection with the thefts and are looking for another.

http://www.msnbc.com/news/664990.asp?0dm=T217T

ePSO-N 10 available on Internet

Refed: **, - **, - **, - **

From: Lynn Wheeler
Date: 12/11/2001 01:09 PM
To: ansi-epay@xxxxxxxx
Subject: ePSO-N 10 available on Internet

ELECTRONIC PAYMENT SYSTEMS OBSERVATORY-NEWSLETTER
ePSO-Newsletter - No 10 - November 2001
http://epso.jrc.es/newsletter

OVERVIEW of ePSO-N 10

[10&1]

Editorial: Authentication, Privacy and Regulation

Simon Lelieveldt (simonl@xxxxxxxx), Amsterdam, The Netherlands, and Arnd Weber (arnd.weber@xxxxxxxx), ITAS, Karlsruhe, Germany

/security/privacy/regulation

This issue focuses on authentication and privacy. The development of credit card charge backs is addressed, these being a major driving force for proposals such as 3D Secure (Verified by Visa), SPA/UCAF, and pseudo card numbers. The pros and cons of these technical solutions are reviewed. Furthermore, this issue addresses the achievability of unobservable purchases and payments on networks. In addition there are comments on the demise of Flooz and Beenz, there is a review of the new "Blue Book" of the European Central Bank, and the ePSO Conference taking place in Brussels on February 19, 2002 is announced.

http://epso.jrc.es/newsletter/vol10/1.html

__________________________________________________

[10&2]

Guaranteed Transactions, the Quest for the 'Holy Grail'

Oliver Steeley (oliver.steeley@xxxxxxxx), Consult Hyperion, Guildford, United Kingdom

/credit cards/Internet payment systems/security

In a change to their previous strategy of collaboration, Visa and MasterCard have recently announced their own separate initiatives with regards to securing Internet transactions. 3D Secure and SPA/UCAF are variations on a theme of passing the cardholder back to their card-issuer to authenticate themselves before the merchant seeks an authorisation. This is one more step in a long and arduous journey, which shows no signs of coming to a speedy conclusion.

http://epso.jrc.es/newsletter/vol10/2.html

__________________________________________________

[10&3]

Interview: Largest German Credit Card Issuer on Massive Reduction of Charge Backs

Ulrich Riehm (ulrich.riehm@xxxxxxxx) and Arnd Weber (arnd.weber@xxxxxxxx), ITAS, Karlsruhe, Germany, talk to Tilo Sch�rer (tilo.schuerer@xxxxxxxx), Bankgesellschaft Berlin, Germany

/credit cards/security

Tilo Sch�rer is responsible for product management in the field of electronic business at Bankgesellschaft Berlin, Germany's largest credit card issuer. Sch�rer points out that the charge back problem in the Internet business has massively lost importance during recent years. The decisive measure was not improved technology but economic penalties imposed by the credit card organisations. In the interview, there is also a discussion of the viability of new authentication measures (e.g. 3D-Secure or SPA/UCAF). Sch�rer subsumes that charge back figures are currently so low that the banks could theoretically announce zero liability, at least once a new user of the Internet has registered for a new authentication process.

http://epso.jrc.es/newsletter/vol10/3.html

__________________________________________________

[10&4]

Hi-tech Payment Technologies in Russia: The Case of Paycash

Victor Dostov (vd@xxxxxxxx), Paycash Group, St. Petersburg, Russia

/electronic money/privacy/Internet payment systems/Russia

Paycash is a Russian-born Internet payment system based on digital cash. With Paycash, an account can be opened pseudonymously on the Internet. The payments are untraceable, though payments of a single "Paybook" can be linked. In Russia, 200 shops are connected, and more than 400 transactions per day are processed. The company is expanding its business to abroad.

http://epso.jrc.es/newsletter/vol10/4.html

__________________________________________________

[10&5]

JAP: A Cloak of Invisibility on the Internet

Hannes Federrath (Federrath@xxxxxxxx), Dresden University of Technology, Germany/privacy/electronic commerce/JAP is an Internet service designed to enable the unobservable use of the world wide web. In the future, JAP could also be used for anonymous shopping or banking. Invisibility is achieved by communication not taking place directly with the web server, but by detour through a so called mix proxy cascade.

http://epso.jrc.es/newsletter/vol10/5.html __________________________________________________

[10&6] Failure of Beenz and Flooz Indicates the End of Digital Web-Currencies?

Hugo Godschalk (hgodschalk@xxxxxxxx), PaySys Consultancy, Frankfurt, Germany/electronic money/InternetThe article provides an overview of the business of Beenz and Flooz, which started as micropayment solutions, and blurred the line between incentive points and currencies. Saying the end of these pioneers indicates the failure of private currencies would be a rash conclusion and rather wishful thinking of players within the traditional payment industry (central banks included).

http://epso.jrc.es/newsletter/vol10/6.html

__________________________________________________

[10&7]

ePSO Final Conference on Consumer Online Payments: Trends and Challenges for Europe

Ioannis Maghiros (ioannis.maghiros@xxxxxxxx), IPTS, Seville, Spain /electronic payment systems/European Commission/ePSOAs part of the ePSO project deliverables, a one day conference entitled "ePSO Final Conference on Consumer Online Payments: Trends and Challenges for Europe", will be held in Brussels on February 19, 2002. The conference will: (a) set the stage for state-of-the-art e-payment systems presentations; (b) allow actors to exchange views on existing trends and future developments, and (c) reinforce and extend the interaction links established by ePSO during its operation.

http://epso.jrc.es/newsletter/vol10/7.html

__________________________________________________

[10&8]

Meet the Heavyweight of Payment System Statistics: ECB's 'Blue Book'

Leo Van Hove (Leo.Van.Hove@xxxxxxxx), Free University of Brussels, Belgium

/review/statistics/payment systems/settlement systems/EU

Not counting the yearly statistical addenda, the previous edition of "Payment and Securities Settlement Systems in the European Union" dated back from 1996. In the meantime advances in technology have had a profound effect on payment systems. It was therefore a timely decision of the European Central Bank to publish an update of its 'Blue Book'. An overview and some personal observations are provided.

http://epso.jrc.es/newsletter/vol10/8.html

__________________________________________________

[10&9] Masthead

Electronic Payment Systems Observatory-Newsletter ePSO-Newsletter - 2001 - No 10 - November 2001

The Electronic Payment Systems Observatory-Newsletter (ePSO-N) is an activity within the "electronic Payment Systems Observatory" (ePSO) project of the Institute for Prospective Technological Studies (IPTS), one of the eight institutes of DG Joint Research Center. The Institute for Technology Assessment and Systems Analysis (ITAS) of Karlsruhe Research Centre edits this newsletter.

Michael Rader co-ordinating editor rader@xxxxxxxx

Yannis Maghiros ePSO project leader ioannis.maghiros@xxxxxxxx

For subscription you may go directly to
http://epso.jrc.es/newsletter/subscribe.cfm

Complete Masthead: http://epso.jrc.es/newsletter/vol10/9.html

Microsoft Pushing for Bigger Share of Web Banking Market

From: Lynn Wheeler
Date: 12/13/2001 10:02 AM
To: ansi-epay@xxxxxxxx
Subject: Microsoft Pushing for Bigger Share of Web Banking Market

ONLINE BANKING

Microsoft Pushing for Bigger Share of Web Banking Market After years of lying low, Microsoft Corp. is making its presence felt at this year's annual gathering of retail bankers.

http://www.americanbanker.com/cgi-bin/read_tagstory?20011213OLBK751

x959 Postings and Posting Index,
next, previous - home