Internet Payment Systems and their Security Risks

Publication Date01 Apr 1999
AuthorRussell G. Smith
SubjectAccounting & finance
Journal of Financial Crime Vol. 7 No. 2 Analysis
Internet Payment Systems and their Security Risks
Russell G. Smith
This paper examines the security risks associated with
conducting commercial transactions through the use
of electronic technologies such as the Internet. It
will not deal with the many other problems which
arise out of online commerce such as those relating
to misleading and deceptive practices which create
particular concerns for consumer protection agencies.
Instead, it focuses on the ways in which the various
electronic payment systems may be abused for frau-
dulent purposes.
The extent to which individuals arc using the Internet
for business transactions is increasing enormously.
The market is potentially great with approximately
171.25 million people estimated to be using the Inter-
net worldwide in May 1999. In terms of commercial
usage, Forrester Research has estimated that global
business-to-busincss online commerce could amount
to USS327bn by the year 2002. Although the rate
of increase in online commerce has slowed somewhat
recently, it will still represent an important part of
economic life in the years to come.
Surveys of Internet usage have shown that most
transactions which take place online involve small-
value purchases such as books, CDs, wine, compu-
and information technology products. The
potential exists, however, for anything to be pur-
chased electronically and we have recently seen the
establishment of a number of online auction houses
which deal in much higher-value goods.2 A large
proportion of Internet users also arrange travel
and holidays electronically. Jupiter Communications
for example, estimated that the online travel
market will be worth USS16.6bn by
The Internet is, arguably, at the moment an expan-
sive advertising medium in which information as
well as goods and services are made available to
users throughout the world. Most business transac-
tions take place by purchasers identifying goods and
services which they require by inspecting Internet
They are then able to pay for the product
chosen using conventional forms of payment, such
as money orders or cheques which may be sent by
post to the merchant before the product is despatched
or the service produced.
Alternatively, purchasers may pay for a product or
service by transferring funds electronically. This can
be done by disclosing bank account (usually a credit
card account) details and authorising the merchant
to debit the specified account to the value of the
sum in question. In this way it would be possible,
for example, sitting in Melbourne, to purchase a
book from an antiquarian bookshop in London, or
subscribe to an adult Internet site emanating from
More recent payment systems have been devel-
oped which make use of telephone accounts to
permit merchants to obtain access to a user's funds,
as well as forms of electronic cash in which value is
held electronically on the computer's hard drive
and debited or credited as and when the need arises.
New forms of stored value cards, which have been
designed to record monetary value, may also be
used to transfer funds from a bank's automated
teller machine to a personal computer, and thence
to a merchant. These systems arc obviously more effi-
cient as transactions may be carried out and paid for
instantaneously, permitting such activities as online
gambling to take place.
Each of these payment systems, however, creates
security vulnerabilities, and already we have seen
instances of fraud being perpetrated on the Internet
and funds being stolen electronically. A survey con-
ducted by the National Consumers League estimated
that over six million Internet users in the US had been
the victims of credit card fraud, representing 7 per
cent of online consumers in the US.4
It needs to be understood, however, that the con-
cept of transferring funds electronically is, concep-
tually, inaccurate. Bags of money do not travel in
dematerialised form along telephone wires.5 What
takes place is that a series of instructions arc given
to financial institutions to debit and credit accounts
of customers and merchants. Systems are then put
in place to ensure that these instructions arc not
Journal of Financial Crime
Vol 7 No 2. 1999, pp 155-160
© Henry Stewart Publications
ISSN 0969-6453
Page 155

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT