Information Technology Reference
In-Depth Information
Businesses must deal with a host of issues to ensure that e-commerce and m-commerce
transactions are safe and consumers are protected. The following sections summarize a
number of threats to the continued growth and success of e-commerce and m-commerce and
present practical ideas on how to minimize their impact.
Security
Many organizations that accept credit cards to pay for items purchased via e-commerce have
adopted the Payment Card Industry security standard. This standard spells out measures and
security procedures to safeguard the card issuer, the cardholder, and the merchant. Some of
the measures include installing and maintaining a firewall configuration to control access to
computers and data; never using software/hardware vendor-supplier defaults for system pass-
words; and requiring merchants to protect stored data, encrypt transmission of cardholder
information across public networks, use and regularly update antivirus software, and restrict
access to sensitive data on a need-to-know basis.
Various measures are being implemented to increase the security associated with the use
of credit cards at the time of purchase. Address Verification System is a check built into the
payment authorization request that compares the address on file with the card issuer to the
billing address provided by the cardholder. The Card Verification Number technique is a
check of the additional digits printed on the back of the card. Visa has Advanced Autho-
rization, a Visa-patented process that provides an instantaneous rating of that transaction's
potential for fraud to the financial institution that issued the card. The card issuer can then
send an immediate response to the merchant whether to accept or decline the transaction.
The technology is now being applied to every Visa credit and check card purchase today.
Visa estimates that this technique will reduce fraudulent credit card charges by 40 percent
The Federal Financial Institutions Examination Council has developed a new set of
guidelines called “Authentication in an Internet Banking Environment,” recommending
two-factor authorization. This approach adds another identity check along with the password
system. A number of multifactor authentication schemes can be used, such as biometrics,
one-time passwords, or hardware tokens that plug into a USB port on the computer and
generate a password that matches the ones used by a bank's security system. Currently, the
use of biometric technology to secure online transactions is rare for both cost and privacy
reasons. It can be expensive to outfit every merchant with a biometric scanner, and it is
difficult to convince consumers to supply something as personal and distinguishing as a
fingerprint. In spite of this, a growing number of financial service firms from large
(e.g., Citibank) to small (e.g., Perdue Employees Federal Credit Union) are considering
biometric systems.
Theft of Intellectual Property
Intellectual property
includes works of the mind such as books, films, music, processes, and
software, which are distinct somehow and are owned or created by a single entity. The
owner of the intellectual property is entitled to certain rights in relation to the subject matter
of the intellectual property. Thus, copyright law protects authored works such as books, film,
images, music, and software from unauthorized copying. Patents can also protect software
as well as business processes, formulae, compounds, and inventions. Information that has
significant value for a firm and for which strong measures are taken to protect it are trade
secrets. They too are protected under various laws. Although concerns about intellectual
property and digital rights management (discussed next) apply to creative works distributed
traditionally through brick-and-mortar retailers and libraries, these issues are more urgent
for e-commerce because computers and the Internet make it easy to access, copy, and dis-
tribute digital content.
Digital rights management (DRM)
refers to the use of any of several technologies to
enforce policies for controlling access to digital media such as movies, music, and software.
Many digital content publishers state that DRM technologies are needed to prevent revenue
intellectual property
Includes works of the mind such as
books, films, music, processes, and
software, which are distinct
somehow and are owned and/or
created by a single entity.
digital rights management
(DRM)
Refers to the use of any of several
technologies to enforce policies for
controlling access to digital media
such as movies, music, and
software.
