CARD COMPANIES AND THE
page last updated 2010 Jan 26
see also www.witiger.com/ecommerce/paymentmatrix.htm
|INTRODUCTION||The big three credit card
companies welcome e-business for the simple reason that in these early
stages of the first decade of the new millenium, the primary way that people
buy products online in B2C situations is with a major credit card - which
is good for the credit card business. What worries these credit card companies
of the Political Legal / Regulatory Environment
update Nov 2004
Credit Card scams
According to Samira Beavis, writing for ABC News, " The practice took off in the United States several years ago and is beginning to approach the scale of fraud that plagued credit cards in the early 1990s before new precautions were taken, according to Gregg James, a special agent with the Secret Service's Financial Crimes Division in Washington.
" Here’s how the scam is run. Criminal gangs recruit gofers, who then find temporary work within restaurants, hotels and retail outlets. The recruits are given small, illicit, electronic devices known as skimmers that capture all of the credit or debit card’s details in the few seconds that it takes to swipe the card through the machine.
When unsuspecting customers go to pay their bill, their card is first swiped through the legitimate credit card machine, but then, secretly, it is also swiped through the smaller skimmer machine. The gofers then pass the gadgets onto counterfeiters, who pay them the equivalent of around $150 for their part in the crime. Once the details have been given to counterfeiters, they download the information onto a computer and make up a fake card.
The "cloned" card is embossed with the details of the victim’s credit card and passed on to gang members who, police say, may sell it for between $400 and $700, depending on the perceived credit limit."
|Credit Card Skimming
University of Toronto (UTM) students Bashir K., and Jawad K., and Nomaan C. in MGD 415 in March 2008 created a kewl video in which they describe several components of how Skimming a credit card can lead to an Identity Theft situation. Watch the video carefully.
Often skimming is done at gas stations or restaurants, since those are the places that hire people who work for minimum wage, - and many times such businesses don't bother doing background checks cause the employees are mostly part-timers.
|Social Engineering / Identity Theft
- example of 2 techniques
1 - cross contamination re: RFID
2 - skimming Credit Cards
University of Toronto (UTM) students in MGD415 in early April 2009
Altin E, Trevor G
Mark Teh-Yu H, Gianmarco R
Nicholas S, Tiffany (Wutang) W.
created an informative video in which they mixed in Social Engineering tricks and Skimming which lead to an Identity Theft situation.
also posted at
|Identity Theft - example
- skimming Credit Cards at a gas station
from Seneca students in BCS555 in 2009
video created by Mark D.
|Skimming Prevention Tips
1. I (WTGR) always pay cash at gas stations, it is faster to lay down one or two twentys instead of waiting in line anyway - and with gas prices so high, nobody puts a lot of gas in anyways these days.
2. If you do use the card, don't let the attendant take it out of your hand (sometimes they just rudely grab it) and swip it on their keyboard, insist on swiping it on the terminal passed to customers.
3. At restaurants, don't put your card on the little tray they sometimes bring out, instead, walk back to the cash register and swipe it yourself, this way you can make sure it is not being swiped twice.
- ways small merchants can protect themselves
- ways small merchants can protect themselves
provides a list of steps to protect a business that wants to accept credit
cards for payment
1. Subscribe to checking
systems offered by your bank
- chip based cards
Business Reporter for the Toronto Star, wrote a piece in The
Jan 30th, 2007 titled
"Chip-based cards may cut fraud"
Flavelle writes "Credit and debit cards embedded with computer chips have virtually wiped out the kind of security breaches that compromised millions of cards used at Winners and HomeSense stores in Canada, industry officials say. But it will be another three years [from Jan 2007] before the cards are widely available in Canada."
|Mais G., BCS
555 student in Sept 2004, sent us a story from E-commerce Times www.ecommercetimes.com
about how credit card hackers sell stolen credit cards online in chat rooms.
Another good example of how the technology of the Internet is being used to facilitate crime ! - WTGR
Hackers Swap Tricks Online"
By Dinah Greek posted online July 28, 2003
|Greek says " Thieves
are using chat rooms to sell stolen credit-card details and advise others
how to hack Web sites containing credit information, security experts have
warned. Groups using Internet relay chat (IRC) are playing a growing role
in online credit-card fraud."
The thieves are also using advanced techniques to ascertain critical information about the stolen card numbers. Greek explains "Software programs can determine which bank issued a card, harvest the three-digit card verification number and even let thieves determine the available credit-card limit. They can check a card number's validity and personal information about its owner. "
|The thieves are not getting away with this completely, they are being tracked by Dr. Bill McCarty and his students at Azusa Pacific University who call their project the Honeynet Project.|
here is the story in Natalie's words
"On Tuesday October 21, 2003, my aunt received a call from Scotia Bank.o Never put your SIN number on a job application,
The bank was calling her informing her that they saw that she had received her new Visa card. To my aunts’ surprise, she started to question the representative because she had not done business with Scotia Bank in over a year. She had bought a brand new van in 2002, got a loan from Scotia Bank to finance the van but paid off the balance in cash months after the loan, since she had sold her house and moved to another one. She was informed by the bank that they had issued her a Visa card that she applied for with a $7600 limit and that she activated the card on October 13th, made purchases totaling over $800 on the same day, took $1000 cash advanced on the 14th and another on the 15th.As furious as my aunt was, she started asking the representative some questions. She asked her the maiden name that was given when the application was filled out and it was a different maiden name that the bank had in their records. This should have been the 1st red flag for the bank. The second was that on the application that was completed, they put the previous name of the company that she works for; her company had a name change just after she had the load to finance the purchase of her van and she sent them a letter in writing informing them of the name change. This information was in her records but the bank was so eager to send her a card that they didn’t even do a complete background check. It turned out that someone had applied for a Visa card from Scotia Bank in her name, had it sent to an address in Ajax (she lives in Brampton), had a Drivers License in her name and also a SIN card. How they got all of the info is a mystery. I am still puzzled about how all of this happened. The case is still under investigation. The fraud investigators gave her some points:
o Once you have received the job, then give then your SIN number.
o Avoid doing telephone/web banking. (though a lot of people do this safely)
o Never throw out your bills that contain your card numbers on them, always shred them."
Ed sent an email to Prof. Richardson Nov 2nd, 2005 in which he said;
did more research today on our case study and I found out something that
you may want to add to your website. IT goes under credit card, and probably
credit card fraud
|Creating Stores on the
Web Chpt 14, "Payment Acceptance and Processing"
Lowering your merchant rates
"VISA and Mastercard take
a cut of between two and three percent of each sale and American Express
takes even more... As you begin to sell a higher volume, your rates will
Reducing the number of times you have charge backs - will contribute to lowering your rate.
"Visa and MasterCard hold a 75 percent share of the general-purpose credit and charge card network market in the United States. In large part because board members of one serve on the governing committees of the other, Visa and MasterCard effectively act as a single entity, and have conspired to limit competition in the U.S. card industry.”
from the AMEX web site which also gleefully describes the current U.S. Justice Dept. case against VISA and MasterCard
Harvey Golub, chairman and chief executive officer of American Express...“Visa and MasterCard’s anticompetitive behavior has damaged the interests of consumers; eliminated banks’ freedom of choice to carry out business as they see fit; increased operating costs to merchants, particularly in the debit card arena; and retarded innovation in the credit card industry.”
|What you should
look for in reading the material in these next few boxes is information
about new products the big three are bringing out as they forecast what
the new payment processes are moving towards. Also, look for ways they
are trying to reinforce use of their existing product mainstays - the credit
card, at the same time hedge their bets by striking alliances with new
|Visa's section on their
web site titled "Internet shopping" unfortunately is not about the business
aspects involved but simply a portal to a lot of web sites were you can
buy product using your Visa card
Electronic Wallets are one of the new features being used in electronic payment systems, unfortunately, the link on Visa's site which is supposed to explain this was down in August 2000 when we first checked
"Visa Sets new security rules for online purchases"
title of Reuters story Aug 10th, 2000
Visa announced it was setting
10 new security rules for transactions done over the internet
These rules are in effect
things which merchants (who handle Visa cards) must do or Visa will withdraw
their merchant account. The rules are aimed at making sure these merchants
have more stringent security processes as well as better encryption etc.
Read about Visa's product "Visa ePay"
One of the selling points of this product, targeted at vendors who want a better way of collecting money, is that , your customers' financial institutions secure funds from their accounts before sending payment orders to your financial institution. This authorization and settlement of transactions in good funds means payment assurance and one-time processing
Visa has partnered with Palm. "The Palm VII organizer uses a wireless radio transmitter and web clipping technology along with the new Palm.Net(sm) service to let users get information, conduct e-commerce transactions, and perform instant messaging...Visa's ATM Locator pinpoints the location of any of Visa's 531,000 ATMs in 120 countries worldwide."
Single-use credit card numbers
"... By mid-October, consumers will be able to obtain a number from a secure Web site and use it - just once - to buy from any online merchant accepting Visa."
full story from Rachel Ross, Toronto Star Technology Reporter
On this page, Mastercard had an interesting little demo about how e-wallets work plus they have a link to another page that has some very good explanations of the fundamentals of e-wallets, including points explaining the difference between Server Based and Client Based systems
2006, Mastercard have a product called Tap N Go™
" The MasterCard PayPass card has built-in chip and antenna technology, as well as a standard magnetic stripe. The card and specially equipped PayPass terminals communicate payment card details using very short range radio waves."
|AMEX||AMEX use of Digital Certificates
"AMEX currently offers a blue card embedded with a smart chip containing a digital certificate. "Smart chip technology is very flexible, and we specifically designed the blue card on a multi-application platform," says AMEX spokesperson Molly South.
The card is inserted into a free smart card reader plugged into the user's computer. The card, together with a PIN number, allows consumers to buy on the Net using their certificate. The card allows access to an online wallet, which contains information such as shipping and ordering preferences. This information is automatically transmitted to the merchant's online order forms. The system provides instant user-friendly security for both consumer and merchant. AMEX officials are hoping it will encourage more widespread consumer acceptance of online shopping. Initiatives like this could, however, eventually become the thin edge of the wedge for developing a universal digital signature for individuals."
by Paul Zaleski, a reporter
and staff researcher for Offshore Finance USA magazine.
|AMEX||Single-use credit card
"Last week, (Sept 7th, 2000)
American Express announced it will issue single-use credit card numbers
to help reduce the risk posed by hackers who steal and reuse numbers from
story came from Rachel Ross,
Toronto Star Technology Reporter at www.thestar.com/
The use of single-use credit cards was announced in 2000 - Ronny P. in BCS555 Sept 2003 found a page in CIO.com that discusses AMEX's current situation with disposable credit card numbers.
details explain at http://www.cio.com/archive/020101/tl_security.html in an article written by Sarah D. Scalet titled Safer Plastic
Christi Frum writes [Aug. 15, 2000]
"Chargebacks are refunds issued to cardholders by card issuers in cases where there's been a dispute over a charge. Examples of such cases include fraudulent use of a card by a third party, or a cardholder's winning of a dispute with a merchant over whether a charge was actually authorized. Any time a chargeback occurs, the merchant pays a fee, on top of having to pay back the amount of the original charge."
"The new rules introduced by Visa and MasterCard consist of a classification of certain types of businesses into a high-risk category. Businesses considered high risk include travel agencies, taxi and limousine services, computer network and/or information services, mail-order houses, catalog merchants, membership clubs, and some online merchants.."..."If your e-business does fall into this high-risk category, the penalties Visa and MasterCard can enact for chargebacks rise exponentially"
|mastercard||MasterCard Rules and
A 2000 article by Peter Lucas suggests that credit card companies will make digital signatures more popular - though this technology had existed for some time - but was not widely known.
Peter Lucas wrote
"Online merchants face the inability to verify whether buyers are who they claim to be because no credit card is present or signature obtained at the time of purchase. This means when a customer claims a particular purchase was not made, an online merchant can't prove otherwise. This is the case whether or not the chargeback is fraudulent. The good news for online merchants: Several new technologies  can verify a customer's identity at the time of purchase, thereby reducing the rate of fraudulent chargebacks. Two of the most talked-about are digital signatures and smart cards."
By 2006 we can know that is has been 5 years later and this is still not a commonly used thing.
It is the opinion of witiger that the credit card oligopoly will push vendors too much - small and medium sized companies will aggressively look for alternate e-payment systems and eventually the credit card companies will either
On the plastic horizon in 2007
On this page there are several
quotes from ecommercetimes.com.
Permission was given by Richard Kern, Associate Publisher of the E-Commerce Times,
in an email to Prof. Richardson 2004 Dec 10th, a hard copy of the email is kep on file in Richardson's permissions binder.
||CONTACT I MAIN PAGE I NEWS GALLERY I E-BIZ SHORTCUTS I INT'L BIZ SHORTCUTS I MKTG&BUSINESS SHORTCUTS I TEACHING SCHEDULE|
|MISTAKES ITEXTS USED I IMAGES I RANK IDISCLAIMER I STUDENT CONTRIBUTORS I FORMER STUDENTS I|