Digital bastions

Since the cold metal picklock in the sure hands of the burglar has ceased to bring to the malefactors significant profits
that justified the risk, the world industry of burglary, thefts and swindle has gone over to the Internet. Having groped the necessary mechanism in an electronic sluice, burglars annually improve their skills, for the sake of illegal capture of somebody's money since the field for activity appears more than perspective. Today the turnover of  electronic payment system is calculated by the millions.

E-gold system solely has a daily turnover approximately equal to 1500000 $. And in fact besides E-gold there are such mastodons as Paypal, WebMoney, Fethard, E-bullion, etc. in the fields of virtual economy that play their significant role.  The turnovers of all EPS are constantly growing however the curve reflecting the dynamics of growth of EPS turnovers will constantly be hold back with one factor, which influence is very difficult to remove. It is a psychological fear of the unknown, and also the fact that wide enough layer of people do not consider the Internet as secure area for commercial transactions, and prefer more conservative methods of calculations to them.

To calm down the ones excited with uncountable films about hackers who find picklocks to any door of a cyberspace
and to influence favorably on the people's minds affected by the theft of passwords from their own computer, we shall
make a small excursus on the security means of world electronic payment systems

Kilobytes long fences

The most widespread security methods are coding, using of the so-called SSL protocols - the protocols of safe connection with 128-bits code keys and higher. Passwords, multilevel protection, dissymetric cryptographic algorithms and digital signatures are in use today. Widely widespread means of protection that provide fundamental safety, and
indicate the status of the participant in system is certification. The higher the status of the participant, the more services he got. Such approach is interesting especially with its psychological feature, in fact, as well as in real life,
the trust to the user is born by means of time and quality of dialogue with it.

But the initial security should be constructed on the basis of system approach. So, in the beginning of 2007 Step by Step marketing agency has made its own independent research and specified eight criteria of security:

• Authentication with the use of tokens
• Multi-factor authentication
• Enciphering
• Availability of SMS-service
• Transfer of funds among the private clients
• Anonymity of private clients
• Blacklist sytem
• Additional means of protection against the swindlers

During its research the agency had studied the security measures used by EPS for security of its clients and came to the following conclusion: only WebMoney system has all 8 levels of security, and another participant of Russian EPS market "Yandex.Money"  possesses only half of the offered parameters.

Who is Who?

So, what are the criteria that put a "D" to the majority of the systems?

The terrible word authentication in practice appears to be a quite harmless security method. It is just the entering
of the pair login - password known to any Internet user. Other thing is tokens that appeared to be the identifiers intended
for safe storage and use of passwords, digital certificates, enciphering keys. They are very simple in application and designed as a trinket that can be easily placed on a bunch of keys. If you have a token you needn't remember the passwords to enter the system. It is enough just to connect it to the computer and to enter your PIN code.

Multi-factor or multi-level authentication is a complex of several security components such as password, physical components (tokens or smarts - cards), the biometric data and many of the similar things. Thus, WM system uses password + file-key, and "Yandex.Money" uses the password + purse-program.

Enciphering

Enciphering is, probably, the most widespread kind of data security. At enciphering one uses various algorithms, such as RSA, and also the keys of various lengths. The popularity of mobile phones could not leave indifferent the founders of payment systems and that caused the creation of SMS-service. So, at attempt of entering your account some payment systems generate some special password and send it by means of SMS. As the operation specified above takes just several few seconds the swindlers and the lovers of easy money are completely deprived of the opportunities to find or intercept the password.

Almost any system guarantees the safety of client information and their confidentiality that is written in the contract on service rendering. So, our dear users please read contracts very carefully, and especially the lines that are written in small letters. Certainly each of us has heard about such thing as black list and for sure did anything not to get into it.
Payment systems also have these lists of "rejected ones" which consists of websites which distribute various system burglars, generators of funds in the purses of electronic payment systems or everything that prevents the normal system operation.  As a rule, after using the services of such "benefactors" the clients lose money in their electronic purses. Lists of such sites can be found on payment systems resources.

And last "nail" is the additional means of swindler security, which are certification and arbitration.
We spoke about certification earlier, but what is the arbitration? The arbitration is a structure, which aims to settle out all the disputes arising between participants, identical to conservative system of court. Such form of security, for example, is provided by WebMoney system. And if anybody has deceived you, the arbitration will necessarily find the justice on
your offender, but first you should issue everything correctly and to submit the claim for a start.

Generally speaking, exactly WebMoney, serves as pattern to other Russian companies.
To show its security measures which should followed even by some western EPS we shall stop on it more in detail and tell that length of the keys used by WebMoney for digital signatures is 1024 bit, that considerably contrasts with "just" 128 bits of the known companies, such as MoneyBookers. For convenience and mobility the system uses e-num, or authentication method that provides the participant with unique disposable cipher worksheet as java the appendix which can be utilized with the help of mobile phone or any computer in Internet - cafe. Thus any information leakage is excluded. To the honour of the company it is necessary to notice, that for today it is not noted any infringement of system work.

However the largest portion of world flows of electronic cash is passed through the companies which authority had been constructed for the years.  Brought up on the American land, fertilized with the American laws and mentality they have laid the foundation of today's EPS industry. In view of this it is necessary to pay a special attention to their approach to security.

They are known by sight

E-gold system is the largest and probably the most popular system in the world.  
This American payment system has earned such reputation due to its simplicity and comfort of use.
However, the optional submission of personal data of the account owner has attracted not only the respectable interested persons but also the crowds of the swindlers, thirsty for easy money. This fact has spurred on the administration of E-gold to reflect seriously on a security policy. So, they developed the methods preventing the non-authorized access to clients' actives including the use of special SRK form. It works at constant clicking of the images of SRK inscriptions the entering of which can provide a complete secure from various programs that remember the information entered from the keyboard.

Other giant of American origin that is far from playing of the minor role on a world scene is a gold and exchange payment system E-bullion. It uses personal ID account, and also the passwords which are sent to the e-mail right after the registration in system. By the way, it is necessary to note that the period of staying inside the personal account is limited by 15 minutes. As practice has shown, this time is quite enough for performance of all necessary operations. Another secure method is the use of crypto cards. After activization of the given cards the account owner needn't to enter the password as the entering of account number is quite sufficient to enter number of the account enough. Technological decisions E-bullion independently determine the belonging of the account to the crypto card and automatically enter the password. And it's necessary to note that each time the password varies and deprives the watchful swindlers of an opportunity to  break-in                                        

PayPal system crowns the three world leaders. As the previous business colleagues this company was founded by the representatives of North American continent. This system has the similar security mechanisms, but it also has its own methods of struggle against swindlers. PayPal uses coding of the top level.
At performance of this or that financial transaction the system automatically sends a detailed report on the performed transaction to the user's e-mail that allows the controlling of all the account charges.  Moreover, the payments are transferred only to the approved addressees that are listed in a special address book.
The system also uses the certification program mentioned above and sorts all users for "approved" and "disapproved".

Summing up our excursion on security systems of Internet payment systems of safety of payment systems of the Internet, it is necessary to say that the client security was, will be and should be a priority task of any self-respecting system. It is a point of honor, asserting the authority of EPS. But it is necessary to add that regardless the system and its security measures the greatest threat is always proceeding from the account owner. Here takes place the notorious human factor. Very often people due to their ignorance or even the banal carelessness entrust all the keys to swindlers themselves.

According to the statistics exactly this factor heads the list of the reasons of purses break-in and stealage of money. Therefore we want to advise our readers to find a free minute for acquaintance with elementary security rules, and to shift all other cares to the strong shoulders of the founders of your EPS security system.
Remember your cooperation with EPS is secure not when your payment systems creates the digital bastions for you and you just use them as a consumer but when you together with the system take care about the security of your funds and make your best to achieve your goal.

Aynny, reporter of Ecommerce Journal