Forms of electronic cash came about in the 1990s with the rise of the Internet and a new way to do business. Smart cards were among the new forms. When purchasing products over the Internet, consumers have concerns about the privacy of their information with electronic payments. Some studies were conducted to evaluate the pros and cons of smart cards, how the security is designed in the payment systems, and if the use of smart cards can change the addictive behavior of gamblers.
What it is
It is claimed the Mondex smart card can be used the same as cash and have the advantage of not having to carry cash at the same time. It was conceived as a technological solution to the handling of money and undermining the traditional role of the circuit of money. (Knights, 2007) The aim was to replace the need for cash. The Mondex smart card contains a microchip that holds the value of money. It can be downloaded to from a bank account and is held electronically. The card also stores the account holder's name, a unique identification number, and a record of the last ten transactions. (Knights, 2007) The value of money can be transferred on or off the card by telephone, the Internet, digital TV, mobiles, or other Mondex cards. Retail transactions are carried out by swiping the card through a reader. Peer to peer transfers are possible by using a card reading device. The value is debited to the payer and credited to the payee. No bank authorization is required. The cards authenticate each other through secret cryptographic algorithms.
The benefits to the consumer are convenience and security. Merchants avoid costs and risks associated with carrying large sums of cash to the bank, as well as the ability to press a button to that adds up the cash for the day. The cards are locked at the point of sale, so cash shrinkage is eliminated. The cards are locked until the consumer uses a unique pin number that authorizes the transaction. The degree these benefits play depends on the degree that consumers accept the cards. The limitation to the smart card is the fact that the consumer's unique pin is the only thing that unlocks it. If the card is lost, stolen, or the consumer forgets or loses the pin number, the value that is on the card is lost, with no additional way to recover the value.
It was argued that systems like Mondex were not viable due to embodiment of necessary preconditions to retrieve key encryption material. They held a high financial incentive and unhindered access to the encrypted material needed to regain the value if the card was lost or broken. The monitoring of privacy implications brought fear of personal data being offered for sale. With the unhindered encryption of the smart card, there was no way to monitor private information to ensure its security from being sold or hacked. Researchers did not try to hack the system because of being held liable for prosecution under the UK Computer Misuse Act of 1990. Spokespersons appeared contradictory on assurances of privacy and money laundering. The success or failure of the organization appeared to depend on the ability to forge ICT connections to a network of networks effectively. In the virtual world, money becomes a flow of information. Not everyone used the virtual means of money, so the flow of cash disrupts the network and becomes a missing link. Cash posed a problem of dislocation.
Today, smart cards compete with cash, as well as, alternative electronic cash systems. Digicash and Visacash are two of the best known systems of different technological configurations and organizational arrangements. For the smart card to survive, it has to convince enough merchants and consumers to join the network. Mondex was not appealing or compelling enough to get consumers to enroll and pay a fee. Consumers have failed to understand the culture of smart card as cash. Mondex now claims the smart cards are a supplement of physical cash and acts as a platform to use multiple channels where cash cannot be used. They have added add-ons and extensions of existing services, such as debit and credit cards. By 2005, Mondex had become a feature of MasterCard's OneSMART program. The Mondex case taught that rumors of getting rid of paper money should be viewed with caution.
Because consumers are concerned about security of private information in electronic cash payments, there are a number of proposals for electronic cash systems that lack the flexibility in anonymity. (Wang, 2004) Online payment systems protect the merchant and bank by requiring bank authorization. This increases the computation costs depending on the size of the database. Offline payment systems are designed to lower the costs of transactions. But, the delay of verification can cause potential double spending where electronic currency can be duplicated and spent more than once. Offline systems need more computing resources and do not provide for anonymity effectively.
The role based access control (RBAC) involves users, roles, and permissions. It has been widely used in management and operating system products. RBAC involves users being associated with roles and roles being associated with permissions. For example, a bank employee that is associated with customer service is given permission, or approval, of managing money for customers. RBAC creates problems if the bank employee is given a high level of authority involving private information.
A new method is presented consisting of three parts, the bank, consumer, and shop, and three main procedures, withdrawal, payment, and deposit. Once the consumer and shop have set up accounts with the bank, the consumer withdraws a coin over an authenticated channel, the consumer spends the coin with the shop over an anonymous channel, and then the shop makes a deposit with the bank. The system is offline if the shop does not communicate with the bank during the payment. It is untraceable if there is no identity of the coin's origin. And, it is anonymous if the bank cannot trace the coin to the consumer.
There are three additional processes, the bank, consumer, and the shop setups. The setups describe the system initialization, creating and posting of public keys and opening accounts. A third party, the anonymity provider (AP) agent is involved to help the consumer get the required anonymity without being involved in the purchase process. The consumer re-encrypts the coin into a certificate, provides an undeniable signature, and confirms the validity of the signature to the AP agent. Once the AP agent is convinced of the validity of the signature, a new coin and certificate is issued to the consumer with a high level of anonymity. The identity of the consumer is only revealed if they spend the same coin twice. An offline system is secure if the coin is unreusable, cannot be used more than once, untraceable, unforgeable, or unexpandable, no identity can be computed.
SSD and DSD are two types of duty separation constraints. SSD is between the bank and AP agent, or the bank and the shop. DSD is between the customer and the bank, or shop, or AP agent. Because different roles are best assigned by different administrators, the SSD builds a role hierarchy of management roles that grant different authority. This includes senior roles and junior roles with varying degrees of authority. These permissions can be granted and revoked by the senior roles.
This new scheme allows the consumer to decide on the level of anonymity they will use in a transaction process. They can have a low level or go through an AP agent to obtain a high level of anonymity without revealing private information. The scheme is more secure for a bank because it comes from an AP agent that is not involved in the payment process. The duty separation constraints provide a higher level of security control within the organization.
Studies show a problem with gambling associated to particular structural characteristics of electronic gambling machines. Faster speeds, available lines, and sound contributed to gambling. Minimizing speeds did not reduce rates of gambling among machine players. Differences in recreational and problem gamblers can be attributed to the use of electronic gambling machines. One area that was not explored in research was the adopting of a pre-session spending limit. A proposed suggestion was the use of a smart card that had pre-determined amounts of money deposited. (Nower, 2010)
It was 127 patrons that participated in the study. Questions asked of the participants included reasons for gambling, preferred gambling activities, demographics, willingness to gamble with pre-committed money, perceived effectiveness of pre-commitment on limiting gambling expenditures, compensatory strategies for pre-commitment, funding preferences, and overall perceptions of money-related harm reduction strategies. It was explained to participants that smart cards are used in place of cash, usually the size of a credit card, and have a magnetic strip that records an…