Risk Analysis: The Evaluation of Electronic Payment Systems

Generally, the security of complex information systems, such as payment systems, can never be absolute. Not all leaks can be known and rectified by technical means at the outset. The relationships of parties involved in each transaction are far too complex and points of attack in an open communication system similar to the Internet are numerous. However, identifying security, not as some static value, but rather by analyzing the fundamental information flows from a dynamic point of view, is the first step towards handling risks of each participant in the system.

Security must, however, be economically feasible. Thus, even the theoretically maximal conceivable "technical" security (the largest achievable security level) need not necessarily be implemented. Increasing usage of technical means is combined with decreasing rates of growth of security, and therefore with disproportionate increases in costs. Thus, the problem arises that a given security level (given by technical means) can be lower than required by users. In other terms, remaining (security) risks must be handled, either by institutional constraints or by individually applicable economic instruments. Economic instruments providing non-technical security for transactions, e.g., insurance or liability limits, are shifting risks even further away from users, facilitating the usage of electronic payment systems.

In order to evaluate the security ^[4] of electronic payment systems, the concept generates profiles expressing the security levels of the payment systems examined. The criteria of Multilateral Security themselves do not, however, support the generation of these security levels. They are too abstract and may serve only as generic security criteria. Therefore, in a first step, these generic criteria have been detailed and adapted to meet the specific attributes of electronic payment systems (cf., Reichenbach, Grzebiela, K ltzsch & Pippow, 2000; Reichenbach, 2001), giving detailed security characteristics. For instance, the generic main criterion "security" has been categorized into the sub-criteria "confidentiality," "integrity," "availability," and "accountability." Subsequently, the sub-criterion "confidentiality" has been further categorized into "anonymity," "pseudonymity," "unlinkability," "unoberservability," "confidentiality of product, payment and security information" and so forth. The comprehensive list of detailed security characteristics concerning electronic payment systems and an evaluation of actual payment systems is in Reichenbach (2001).

The evaluation process takes account of the payment systems' information flows, assessing the fulfillment of the detailed security characteristics of each payment system examined (cf., Figure 1). During this process each detailed criterion is assigned a value between "2" and "0" (fulfillment "ensured," "to a limited degree" or "not ensured"). Security experts or legal institutions may further utilize this list of detailed security characteristics in order to both build up new and to maintain existing electronic payment systems' profiles. After setting up those profiles, the detailed security characteristics can be matched with users' security requirements in order to determine the security scale of—and the remaining risks using—a payment system at one point in time.

Figure 1: Payment System Profiles.

The overall assessment yielding the security scales has been realized technically by applying the scoring method. This method has several advantages for the purposes focused on in this chapter. On the one hand, non-quantifiable criteria like the ones mentioned above can be assessed. On the other hand, this method supports users to weight each criterion in order to attain, as a result, an individual order (ranking) of their requirements. The weighting expresses the meaning of a criterion during a (single/ special) transaction for users and makes the criteria comparable.

The profiles generated are an image of the overall fulfillment of single criteria by the payment systems examined. They reveal which security requirements are met by the payment system, to what extent they are met, and thus the remaining risk for the user.

A comparison of the payment systems' profiles facilitates a prioritization of these payment systems, enabling users to choose among different payment systems in a more systematical way.

^[4]Since the approach presented in this paper also examines the functional and economic aspects of payment systems, the term 'security' is used in an equivalent way to functional and economic efficiency.