the economics of retail payment security
play

The Economics of Retail Payment Security Tyler Moore University of - PowerPoint PPT Presentation

Apr 05, 2023 •129 likes •756 views

The Economics of Retail Payment Security Tyler Moore University of Tulsa, OK tyler-moore@utulsa.edu CS 7403 Secure Electronic Commerce Outline Key Economic Principles for Retail Payments Security 1 Game Theory 2 Applying Game Theory to

  1. The Economics of Retail Payment Security Tyler Moore University of Tulsa, OK tyler-moore@utulsa.edu CS 7403 Secure Electronic Commerce

  2. Outline Key Economic Principles for Retail Payments Security 1 Game Theory 2 Applying Game Theory to Payments Security Example: EMV Adoption Case Studies 3 Card-Not-Present Security: 3DSecure Adoption Protecting Sensitive Payment Data Mobile Payments Cryptocurrencies Conclusion 4 2 / 32

  3. Motivation Payments system security is universally recognized as important Yet we continue to rely on less secure technologies Economics can help explain why, as well as offer guidance on how to improve security 3 / 32

  4. Outline Key Economic Principles for Retail Payments Security 1 Game Theory 2 Applying Game Theory to Payments Security Example: EMV Adoption Case Studies 3 Card-Not-Present Security: 3DSecure Adoption Protecting Sensitive Payment Data Mobile Payments Cryptocurrencies Conclusion 4 4 / 32

  5. Key Economic Principles for Retail Payments Security Outline Key Economic Principles for Retail Payments Security 1 Game Theory 2 Applying Game Theory to Payments Security Example: EMV Adoption Case Studies 3 Card-Not-Present Security: 3DSecure Adoption Protecting Sensitive Payment Data Mobile Payments Cryptocurrencies Conclusion 4 5 / 32

  6. Key Economic Principles for Retail Payments Security Two-sided market structure Cardholder Merchant Issuing bank Acquiring bank 6 / 32

  7. Key Economic Principles for Retail Payments Security Network externalities, two-sided markets and security Positive network externalities on both sides (cardholders, merchants) Two-sided markets impose extensive barriers to entry This makes displacing successful ones, like payment-card networks, very difficult Hard for the dominant platform to justify investing in more secure technologies 7 / 32

  8. Key Economic Principles for Retail Payments Security Key principles affecting retail payments security Economies of scale and scope Scale reduces cost per quantity, and multipurpose devices spread costs Tends towards small number of large platforms that deter new entrants 8 / 32

  9. Key Economic Principles for Retail Payments Security Key principles affecting retail payments security Economies of scale and scope Scale reduces cost per quantity, and multipurpose devices spread costs Tends towards small number of large platforms that deter new entrants Jointly produced goods Payment security depends on the efforts of many participants (e.g., merchant, merchant processor, acquirer, card network, issuer processor, and issuer all responsible to prevent data breaches) Interdependency can lead to coordination failures 8 / 32

  10. Key Economic Principles for Retail Payments Security Key principles affecting retail payments security Economies of scale and scope Scale reduces cost per quantity, and multipurpose devices spread costs Tends towards small number of large platforms that deter new entrants Jointly produced goods Payment security depends on the efforts of many participants (e.g., merchant, merchant processor, acquirer, card network, issuer processor, and issuer all responsible to prevent data breaches) Interdependency can lead to coordination failures Competition for the market Tension between backing proprietary security mechanisms (e.g., EMV) vs. open standards (e.g., AES) Proprietary mechanisms offer clear incentive to backers, but open standards can attract wider adoption Proprietary mechanisms are regularly found to be insecure due to hidden design 8 / 32

  11. Key Economic Principles for Retail Payments Security Misaligned incentives Systems often fail because people who could protect a system lack incentive to do so 9 / 32

  12. Key Economic Principles for Retail Payments Security Misaligned incentives Systems often fail because people who could protect a system lack incentive to do so Example: Retail banking in the 1990s US banks have long been required to pay for ATM card fraud In the UK, regulators favored banks, often made customer pay for fraud Which country suffered more ATM fraud? 9 / 32

  13. Key Economic Principles for Retail Payments Security Misaligned incentives Systems often fail because people who could protect a system lack incentive to do so Example: Retail banking in the 1990s US banks have long been required to pay for ATM card fraud In the UK, regulators favored banks, often made customer pay for fraud Which country suffered more ATM fraud? The UK 9 / 32

  14. Key Economic Principles for Retail Payments Security Misaligned incentives Systems often fail because people who could protect a system lack incentive to do so Example: Retail banking in the 1990s US banks have long been required to pay for ATM card fraud In the UK, regulators favored banks, often made customer pay for fraud Which country suffered more ATM fraud? The UK Since US banks had to pay for disputed transactions, banks had strong incentive to invest in technology to reduce fraud Since UK banks could blame customers for fraud, they lacked incentive to invest in same anti-fraud mechanisms, hence the higher fraud 9 / 32

  15. Key Economic Principles for Retail Payments Security Markets with asymmetric information 10 / 32

  16. Key Economic Principles for Retail Payments Security Akerlof’s market for lemons Suppose a town has 20 similar used cars for sale 10 “cherries” valued at $2,000 each 10 “lemons” valued at $1,000 each What is the market-clearing price? 11 / 32

  17. Key Economic Principles for Retail Payments Security Akerlof’s market for lemons Suppose a town has 20 similar used cars for sale 10 “cherries” valued at $2,000 each 10 “lemons” valued at $1,000 each What is the market-clearing price? Answer: $1,000. Why? Buyers cannot determine car quality, so they refuse to pay a premium for a high-quality car Sellers know this, and only owners of lemons will sell for $1,000 The market is flooded with lemons (the bad drives out the good) 11 / 32

  18. Key Economic Principles for Retail Payments Security Information asymmetries in payments security 1 Secure software is a market for lemons Vendors may believe their software is secure, but buyers have no reason to believe them So buyers refuse to pay a premium for secure software, and vendors refuse to devote resources to do so 12 / 32

  19. Key Economic Principles for Retail Payments Security Information asymmetries in payments security 1 Secure software is a market for lemons Vendors may believe their software is secure, but buyers have no reason to believe them So buyers refuse to pay a premium for secure software, and vendors refuse to devote resources to do so 2 Lack of robust incident data on fraud and attacks Banks and merchants may not want to reveal fraud losses for fear it will scare away customers, embolden regulators or attract lawsuits But this makes it hard to understand the true magnitude of risks or efficiently allocate defensive resources 12 / 32

  20. Key Economic Principles for Retail Payments Security Consequences of asymmetric information 1 Adverse selection Low-quality more likely to participate than high-quality in efforts that cannot assess quality Insecure payment terminals more likely to seek (and receive) security certifications than secure ones 2 Moral hazard Engaging in risky behavior because one is protected from its consequences Sometimes claimed that consumers engage in moral hazard due to $0 card fraud liability Cuts both ways: if regulations favor banks, they may behave recklessly in combating fraud 13 / 32

  21. Game Theory Outline Key Economic Principles for Retail Payments Security 1 Game Theory 2 Applying Game Theory to Payments Security Example: EMV Adoption Case Studies 3 Card-Not-Present Security: 3DSecure Adoption Protecting Sensitive Payment Data Mobile Payments Cryptocurrencies Conclusion 4 14 / 32

  22. Game Theory Applying Game Theory to Payments Security Game theory and the challenge of interdependent security Game theory is the formal study of conflict and cooperation Can be applied whenever outcomes depend on actions taken by others Improvements to retail payments security often require the cooperation of stakeholders with different interests 15 / 32

  23. Game Theory Applying Game Theory to Payments Security Game theory Game theory is a useful tool for predicting the most likely outcomes and identifying sources of conflict, if any Game theory can also inform policymakers and payments operators about how to shift behavior towards more desirable outcomes We illustrate its power with a topical example: EMV adoption 16 / 32

  24. Game Theory Example: EMV Adoption Game for EMV adoption in US Two players: issuer vs. merchant Two possible actions for both players: No EMV (status quo) vs. Adopt EMV Adopting EMV costs 2 for each player Currently card-present fraud liability is on issuers If both adopt EMV, issuer can reduce fraud loss by 4 17 / 32

  25. Game Theory Example: EMV Adoption Game for EMV Adoption in US Issuer Adopt EMV No EMV 18 / 32

  26. Game Theory Example: EMV Adoption Game for EMV Adoption in US Issuer Adopt EMV No EMV No EMV Merchant Adopt EMV 18 / 32

  27. Game Theory Example: EMV Adoption Game for EMV Adoption in US Issuer Adopt EMV No EMV 0 Issuer’s utility No EMV 0 Merchant’s utility Merchant Adopt EMV 18 / 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Identifying Security Iss es in the Retail Issues in the Retail Payment System Federal Reserve

Identifying Security Iss es in the Retail Issues in the Retail Payment System Federal Reserve

Identifying Security Iss es in the Retail Issues in the Retail Payment System Federal Reserve Bank Chicago Chicago Ellen Richey Chief Enterprise Risk Officer Visa Inc. J June 5, 2008 5 2008 Visa Public Agenda 1. The Data Security

550 views • 10 slides
- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops Did you know? Our payment system has ZERO FEES for processing payments How it works? It takes only a few minutes to complete Merchant Initiate

269 views • 11 slides
RETAIL SECURITY Characteristics, challenges and solutions for retail security High street and

RETAIL SECURITY Characteristics, challenges and solutions for retail security High street and

RETAIL SECURITY Characteristics, challenges and solutions for retail security High street and mall stores Different types of retail require different security Low-high value goods systems, but there are Medium volume of goods several

598 views • 11 slides
Payment Schedules under the Building Industry Fairness (Security of Payment) Act 2017 Presented

Payment Schedules under the Building Industry Fairness (Security of Payment) Act 2017 Presented

Payment Schedules under the Building Industry Fairness (Security of Payment) Act 2017 Presented by: Jacques Nel Senior Solicitor at NECA Legal QLD Office Introduction Overview of Scheme of the Act Time Limits Form requirements

385 views • 23 slides
Payment Claims under the Building Industry Fairness (Security of Payment) Act 2017 Presented by:

Payment Claims under the Building Industry Fairness (Security of Payment) Act 2017 Presented by:

Payment Claims under the Building Industry Fairness (Security of Payment) Act 2017 Presented by: Jacques Nel Senior Solicitor at NECA Legal QLD Office Introduction Overview of Scheme of the Act 4 Essential elements of a valid

263 views • 23 slides
National Payment Switch D. THAKOOR 23 APRIL 2019 1 ASSISTANT DIRECTOR PAYMENT SYSTEMS

National Payment Switch D. THAKOOR 23 APRIL 2019 1 ASSISTANT DIRECTOR PAYMENT SYSTEMS

National Payment Switch D. THAKOOR 23 APRIL 2019 1 ASSISTANT DIRECTOR PAYMENT SYSTEMS Agenda Con oncep cept t of of P Payment nt Sw Switch itch Retail Payments The current payment landscape The case for a National

251 views • 21 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
CRASH AND PAY Cloning and Fuzzing the NFC world. PAYMENT SECURITY CONSULTING 1 WWW.PSCCO.COM.AU

CRASH AND PAY Cloning and Fuzzing the NFC world. PAYMENT SECURITY CONSULTING 1 WWW.PSCCO.COM.AU

CRASH AND PAY Cloning and Fuzzing the NFC world. PAYMENT SECURITY CONSULTING 1 WWW.PSCCO.COM.AU 15/09/2014 ABOUT ME Principle Consultant at Payment Security Consulting Banking, Payments, Certifications, breaking stuff; repairing

867 views • 52 slides
Security of Payment Legislation in South Australia David Putland / Tom Earls Introduction

Security of Payment Legislation in South Australia David Putland / Tom Earls Introduction

Security of Payment Legislation in South Australia David Putland / Tom Earls Introduction Building and Construction Industry Security of Payment Act 2009 (SA) (The Act) Creates a statutory right to progress payments Broad

523 views • 31 slides
PCI-DSS Compliance and Protection Payment Card Industry Data Security Standards Network

PCI-DSS Compliance and Protection Payment Card Industry Data Security Standards Network

PCI-DSS Compliance and Protection Payment Card Industry Data Security Standards Network Security February 2013 What is PCI-DSS The Payment Card Industry Data Security Standards is a set of comprehensive requirements for enhancing payment

293 views • 11 slides
S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

FAKULTT FR !NFORMATIK Faculty of Informatics S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks Pedro Moreno-Sanchez Blockchain Summer School BDLT19 Vienna, Sep 2nd 2019 Blockchain Research

1.41k views • 73 slides
Retail security gate solutions Industrial security gate solutions Institutional

Retail security gate solutions Industrial security gate solutions Institutional

PHYSICAL SECURITY SOLUTIONS Quantum security gates can help you improve security quickly. Before or after a break-in. Retail security gate solutions Industrial security gate solutions Institutional security gate solutions Office

215 views • 18 slides
Xpanda security gates Security solutions Retail security gate solutions Industrial

Xpanda security gates Security solutions Retail security gate solutions Industrial

STOREFRONT PROTECTION Xpanda security gates Security solutions Retail security gate solutions Industrial security gate solutions Institutional security gate solutions Access control security gate solutions Office building

406 views • 13 slides
of Payment for Environmental Service (PES) Program Wenting Chen Department of Economics

of Payment for Environmental Service (PES) Program Wenting Chen Department of Economics

1 Does Off-farm Labour Market Accessibility Matter for the Efficiency of Payment for Environmental Service (PES) Program Wenting Chen Department of Economics Norwegian University of Technology and Science 19 June 2009 2 General overview of

492 views • 12 slides
Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement

Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement

Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement Analysis 2 System Architecture 3 Solution Introduction 4 Representative Cases Vertical Requirement - Current Situation Traditional retail industry

761 views • 61 slides
THE EVOLUTION OF THE RETAIL PAYMENT SYSTEMS IN PERU Central Bank of Reserve of Peru October 2010

THE EVOLUTION OF THE RETAIL PAYMENT SYSTEMS IN PERU Central Bank of Reserve of Peru October 2010

THE EVOLUTION OF THE RETAIL PAYMENT SYSTEMS IN PERU Central Bank of Reserve of Peru October 2010 MACROECONOMIC STABILITY Sustained growth, low inflation and debt reduction Macroeconomic figures 2010 1/ 2005 2006 2007 2008 2009 Junio

320 views • 13 slides
SET Secure Electronic Transactions Original participants: VISA and MasterCard, GTE, IBM,

SET Secure Electronic Transactions Original participants: VISA and MasterCard, GTE, IBM,

SET Secure Electronic Transactions Original participants: VISA and MasterCard, GTE, IBM, Microsoft, Netscape, SAIC, Terisa, Verisign. Officially announced February 1, 1996. SET enables safe business over insecure networks - i.e.,

643 views • 32 slides
PETALS: Improving Learning of Expert Skill in Humanitarian Demining Lahiru Jayatilaka (Red Lotus

PETALS: Improving Learning of Expert Skill in Humanitarian Demining Lahiru Jayatilaka (Red Lotus

PETALS: Improving Learning of Expert Skill in Humanitarian Demining Lahiru Jayatilaka (Red Lotus Technologies) David M. Sengeh (IBM Research - Africa) Charles Herrmann (Cornell University) Luca Bertuccelli (Sensitech) Dimitrios Antos (Verily Life

801 views • 52 slides
Pollys Polyhedral Scheduling in the Presence of Reductions Johannes Doerfert Kevin Streit

Pollys Polyhedral Scheduling in the Presence of Reductions Johannes Doerfert Kevin Streit

Pollys Polyhedral Scheduling in the Presence of Reductions Johannes Doerfert Kevin Streit Sebastian Hack Zino Benaissa Saarland University Qualcomm Innovation Center Saarbr ucken, Germany San Diego, USA saarland

780 views • 65 slides
Text-based captchas strengths and weakness Elie Bursztein, Matthieu Martin, John Mitchell

Text-based captchas strengths and weakness Elie Bursztein, Matthieu Martin, John Mitchell

Text-based captchas strengths and weakness Elie Bursztein, Matthieu Martin, John Mitchell Stanford University 1 About this Research Presenter: Elie Bursztein (http://elie.im) Conference: ACM CCS 2011 Slides and paper freely

1.56k views • 110 slides
The EU Work on Payments W3C Workshop on Web Payments Paris, 2425 March 2014 Alexander Gee

The EU Work on Payments W3C Workshop on Web Payments Paris, 2425 March 2014 Alexander Gee

The EU Work on Payments W3C Workshop on Web Payments Paris, 2425 March 2014 Alexander Gee DG Competition European Commission The views expressed are purely those of the author and may not be regarded as stating an official position of

348 views • 18 slides
Experience Spillovers across Corporate Development Activities Maurizio Zollo Strategy and

Experience Spillovers across Corporate Development Activities Maurizio Zollo Strategy and

Experience Spillovers across Corporate Development Activities Maurizio Zollo Strategy and Management Department INSEAD Boulevard de Constance 77305 Fontainebleau Cedex, France Tel.: (33) 1 60 72 44 74 Fax: (33) 1 60 74 55 00 E-mail:

810 views • 40 slides
Creating a North American Utility Leader July 19, 2017 A preliminary short form prospectus

Creating a North American Utility Leader July 19, 2017 A preliminary short form prospectus

Hydro One To Acquire Avista Creating a North American Utility Leader July 19, 2017 A preliminary short form prospectus containing important information relating to securities described in this document has not yet been filed with the securities

305 views • 19 slides
Financial Intermediation and Credit Policy in Business Cycle Analysis Gertler and Kiotaki 2009

Financial Intermediation and Credit Policy in Business Cycle Analysis Gertler and Kiotaki 2009

Financial Intermediation and Credit Policy in Business Cycle Analysis Gertler and Kiotaki 2009 Professor PengFei Wang Fatemeh KazempourLong 1 Motivation Bernanke, Gilchrist and Gertler (1999) studied great depression and the crisis in the

679 views • 53 slides

More recommend