Prezi

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in the manual

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

The Economics of Payment Card Security and Shifting Fraud Liability

Talk at MAS Cybercrime, eBanking and Payment Card Security Seminar (17 March 2011, DBS Tower 1 Auditorium, Singapore)
by Steven Murdoch on 20 April 2011

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of The Economics of Payment Card Security and Shifting Fraud Liability

The Economics of Payment Card Security and Shifting Fraud Liability Security Economics Maybe we have security problems because we don't have enough of
Cryptography
Authentication
Firewalls
... Moral Hazard Partial Information Network Effects New Uses of Security Technology Understanding technology is only part of the problem Incentives Externalities When someone takes different risk decisions because they are insulated from the consequences e.g. traders who receive bonuses when they make a profit, and lose nothing when they make a loss Individuals will make decisions which optimize their expected gains e.g. Medical systems are supposed to serve patients but are bought by hospitals so actually serve those interests first Sometimes the consequences of decisions falls on others e.g. malware installed on a PC harms other computers through a denial-of-service attack, not the PC owner Market for Lemons:
good cars cost more than bad cars
customers can't tell the difference
eventually nobody sells good cars Same situation with security tools Value of network grows faster than its size If a network with 5 members is worth $10, a network with 10 members is worth $40 Consequence: there is one Internet, there are few payment systems (might be one if not for anti-monopoly regulations) Cryptography now protects business models e.g. stopping printer cartridges from being refilled Steven Murdoch
University of Cambridge Liability Engineering Fraud liability was changed to encourage Chip & PIN adoption Moral Hazard Once a party does the minimum to shift liability, there is less incentive to improve security further Customer Liability British Crime Survey reports that 44% of card fraud victims do not get all their money back Law Prior to Chip & PIN, customers signed for transactions
Law was clear: forged signatures are null and void
With PIN transactions (ATM and since 2005, Point of Sale), the law was unclear
Sometimes the customer was held liable
Clarity improved by Payment Services Regulations Enforcement Despite more clarity, it is hard for a customer to sue a bank in the UK
Loser pays
No such thing as class action Lessons Payment card security is a technical and economic problem
All those involved should know something of both
The market cannot solve all problems: regulatory influence may be required
See the full transcript