Stakeholders Driving Payment Evolution and Digital Identity

Articles - Privacy & Security

I. ELECTRONIC FRAUD: A GROWING CRIME IN CANADA

As internet applications expand with the development of technology, electronic fraud is becoming a growing problem in Canada.

Personal information is often a requirement to open new e-mail accounts, enter contests and make purchases on-line, and the information you give out is not necessarily private. As a result, often times, we intentionally provide false information, thus skewing the results of the data being gathered.

According to the Canadian Bankers Association, no-card, or card-not-present, credit card fraud accounted for 10 per cent of total losses for Visa and MasterCard in the last fiscal year, ending June 30,2000. In this instance, telemarketers and web sites will obtain personal information to fill out fraudulent applications for credit cards in the victim's name.

No-card fraud is similar to fraudulent card applications, which is defined by the CBA as "the criminal impersonation of credit-worthy persons to acquire credit cards". This type of fraud accounted for five per cent of total losses and affected more than 4,000 Canadian credit card accounts. Both types of fraud represent the growing trend of electronic fraud in Canada.

II. DON'T FEEL SO INSECURE

There is a growing concern that the information we provide about ourselves is not being used properly.

Smart cards offer high levels of security using a number of methods such as encryption, biometrics, PIN, password protection, digital authentication or signature and data segregation.

Privacy protection begins at the manufacturing level when each chip is given a unique number and software locks on the operating system and backup copies are put into place. Specific data fields are written into the chip, so that if the system does not receive correct or complete information a lock will be placed on the card to prevent further unauthorized use.

Two types of locks can be placed on the card when fraudulent use is suspected: a soft or hard lock. A soft lock is applied by the system administrator and can be removed once the system receives correct information. Hard locks are permanent, disabling the card and the chip without allowing any data to escape.

Encryption

This security tool ensures that no clear text or data is transmitted. Only the intended recipient is able to view the information and if any data is lost while it is being sent or received it will be unreadable.

Biometrics

Smart cards have the memory to apply this advanced security method using fingerprint matching, digital signatures for compatibility, voice recognition and the experimental methods of iris and facial recognition.

Data Segregation

The user can control who accesses the information being transmitted; commonly the cardholder and specific third parties. Users also have the option to control how third parties access the data. The data can be read-only or information can be added, modified or deleted.

III. SMART CARD USE TO IMPROVE SECURITY

In the world of e-commerce, we have lost that across-the-counter safety. You might not know the merchant you are dealing with and there is a good chance that the merchant might be at the other end of the world. As a result of this long distance relationship between merchant and buyer, payment information must be secure. Smart cards are the ideal tool for this type of security.

After a four-year pilot, American Express introduced the Blue Card in 1999. This card is available for all qualified applicants and cardholders in the United States and the United Kingdom. It is scheduled to rollout in Canada by the end of 2001.

A smart card reader is connected with the cardholder's PC to secure personal information when placing orders on-line, to ensure data security (money or personal information). The Blue Card system provides identification of the cardholder, and also provides authentication, which details what the cardholder is allowed to do (i.e, transfer money or make purchases).