With the growing number of digital transactions in e-and m-commerce scenarios, Intelligent Enterprises' Information and Communications Technology will be faced with enormous challenges for their information and communications technology in the near future. One of the most important prerequisites for the success of this technology will be secure and efficient electronic payment systems enabling financial transactions. Just as traditional payment instruments like cash, cheque or billing, these electronic payment systems should enable value transfers at low transaction costs, manageable security level and usability for users. Consider, for example, the traditional payment instrument cash, which offers an almost perfect degree of anonymity.
Currently, the evolution of new payment systems, especially for mobile payment, as well as the persistence of traditional payment methods can be observed. This adherence to traditional methods (Kurbel & Teuteberg, 1998) is due to a lack of users' confidence and additionally opacity in the digital transaction infrastructures. These arguments are consistent with an online-survey (Stroborn, 2001) aimed at drawing a picture of Internet payment preferences outlining that consumers prefer conventional payment systems. When asked how they wish to pay, invoices are ranked first by consumers (55.1 percent). This fits with consumers' needs in an anonymous Internet world. Payments via direct debits are preferred by 15 percent, followed by credit card payments at 13.2 percent (insecured, via SSL and via SET). Cash on delivery payments sum up to 10.1 percent. M-payments, (micro)billing and pre-paid systems together only account for roughly 5 percent. There are several reasons for this: the systems are relatively new on the market and, as a consequence, they are not well known. Additionally, it takes a long time before consumers change their payment habits—just think of the introduction of the debit-(ec)-card in Germany, which took about 10 years. The participants articulated the need for improved service and more information: "... complete cost listing at an early stage (packaging and delivery included)," "terms and conditions written out explicitly," "complete business address," "improved delivery service," "the order's status via e-mail," etc. Low costs, ease of use as well as the possibility of cancellation are consumers' main requirements for payment systems. Moreover, coverage in case of loss and the point of time when the customer gets charged play an important role (payment after delivery).
After all, the users' confidence in digital transaction infrastructures is unsatisfactory because users either naively trust information systems like electronic payment systems (Kiefer, 2001), or are insecure about the security of their digital transactions. "Trusted third parties" are not really trusted yet, either. Security is not a built-in feature of payment systems. As an example, ECash and CyberCoin, both prototypes of electronic money, have consistently been discussed among experts. They have completely disappeared. Their failure is symptomatic for certain problems of acceptance of innovative payment schemes. The focus has always been on technical sophistication, while neglecting the consumers' wishes. Even the most advanced electronic payment systems cannot emulate the anonymity, unobservability, and untraceability of traditional cash transactions.
One more aspect might be the kind of goods or services sold on the Internet. The new systems have their strength in providing a possibility to pay for intangible goods and services, but there is still not enough digital content available.
Beyond that, one can detect opacity for users due to the huge number of different payment systems and their obscure influence on individual security and efficiency requirements. Often a payment occurs regardless of user requirements concerning risk management. Furthermore, users are often swamped with the cognition of conflicting security goals. Requiring a high degree of anonymity generally contradicts a demand for liability.
Despite existing security standards and security technologies, such as secure hardware, gaps between users' demand for security and the security offered by a payment system can still remain. These security gaps imply risks for users. In the end, users are coerced to "juggle" with the payment systems available in their portfolio and to make a selection. They remain in the dark about the effects of their choice.
Studies show a growing demand for privacy control while users are conducting payment transactions (Faith Cranor & Reagle Jr., 1998). Since data collection is rapidly becoming an important corporate asset, the users' privacy and communication security are increasingly being threatened (Jendricke & Markotten, 2000).
This chapter focuses, therefore, on the question of how users can handle the risks of making digital payments and thus, gain confidence in the payment systems. It focuses on the definition of user requirements. As a result, it shows a concept for the user-oriented risk management of electronic payments. The chapter begins by defining the term "risk." The next two sections describe the evaluation of electronic payment systems as a precondition for risk management and introduce the concept of Individual Risk Management. Finally, an outlook on trends is given.