E-commerce: who carries the risk of fraud?

Electronic commerce: who carries the risk of fraud?

Ian Brown

Non-repudiation and contracts A non-repudiable contract signature

removes risk that signer will later disavow the signature

Obvious benefit in risk reduction for relying party

“Non-repudiable digital signature” makes eyes light up

Overview The trouble with non-repudiation Legal consequences Where should fraud risk belong?

Vulnerable private keys Key files not adequately protected - no

access control in consumer Windows; access by backup operators and administrators in almost all other OSes

Passwords/passphrases, even if chosen properly, vulnerable - no SAS

Most PCs defenceless against viruses - checkers reactive, user understanding low

Key viruses Signed code no panacea Peter Gutmann’s ActiveX key-stealing

virus (Where do your encryption keys want to go today?) http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt

Key export functions should be very restricted

What about private key tokens? If even you can’t access your private

key, you must have made that signature!

But what is your smartcard/iButton signing?

A bigger TCB You need a secure display to show

what is being signed… and secure input for access control

Is m-commerce the answer? Mobile phones certainly far more secure

at the moment… but feature creep (WAP is just the

beginning!) will inevitably reduce this security

Token attacks Anderson, Kuhn, Kocher and many

others have shown existing tokens are far from tamper-proof

Is best we can hope for tamper-evident? Severe problems with zombie

signatures

Government attacks RIP non-repudiation GTAC, forensic hacking

The obvious conclusion Non-repudiation is not a magic bullet for

e-commerce Unfortunately, few legislators or banks

have yet realised this...

Digital signature laws Governments rushing to pass laws to

make their country “the best in the world for e-commerce”

Some reverse allocation of risk for forgeries - signer is responsible

EU Signature Directive (1999/93/EC) “Advanced electronic signatures” must be

“created using means that the signatory can maintain under his sole control”

No direct consequences, but misleading that such signatures currently exist

Member states’ determination of signature security must be recognised EU-wide

Member states’ implementations UK Electronic Communications Act 2000

section 8 allows legislation to be amended to require signer to prove forgeries

Ireland’s Electronic Commerce Bill: “The contents of an electronic communication shall be presumed to be that of the person or public body by whom it purports to have been sent, unless… the contrary is proved.”

Contract law Contracts may always provide that

signatures should be relied upon Fine between businesses with

appropriate legal and technical resources

Not for general consumers

Cheques Banks bear entire risk of cheque fraud under

s.24 Bills of Exchange Act 1882: “where a signature on a bill is forged… the forged … signature is wholly inoperative”

Banks decide level of signature verification necessary

Cannot be changed by contract in Britain

Cheque guarantee cards Merchants bear some risk in accepting

cheques that may be forgeries Banks introduced cheque guarantee

cards to delegate signature verification for small amounts to merchant

Signature verification Reasonably accurate with care (93.5%

by professionals in 1997 study) But banks balance cost of fraud against

that of verification: risk management is a major part of their business

Credit/debit cards Bills of Exchange Act not applicable Customers generally responsible for

fraudulent transactions up to £50 before loss is reported: banks carry remainder

Provides customer incentive to look after cards and report loss

Card as token Possession of card is major security

check: signatures not checked in US, merchant keeps carbon copy of receipt in UK

Risk allocation very different for “cardholder not present” transactions

Remote transactions Effectively use card number, expiry date

and owner as shared secret for authentication - no signature

Address can be checked for physical goods delivery

Merchants bear entire risk without voucher or proof of delivery

On-line services Makes provision of information services

over Internet particularly risky SSL/TLS protects information in transit,

but provides no card authorisation SET is unpopular and still vulnerable to

all problems with private key management

Big problems for little firms SMEs can most benefit from Internet

sales channel, but are least able to afford high chargebacks

But some banks are trying to shift risk to consumers

Personal banking terms Some Internet banking terms and

conditions modelled on credit cards: customer liable up to £50 for fraudulent transactions (Co-op, Lloyds TSB)

But others place entire liability on consumer: Prudential Banking, Halifax, Bank of Scotland

Bad Egg? 3.2: “Until you tell us, you will be responsible for

any instruction in writing or by telephone or Internet which we receive and act on, even if it was not given by you… if we can show you… have not kept your security details and password secret you will be responsible for all payments we make and all losses on your account.”

3.8: “Our records of your Internet instructions will be conclusive unless there is a clear mistake”

Bank insecurity Ironic given Anderson’s demonstrations

of the insecurity of many bank systems Even better: almost all banks using

symmetric authentication How would terms look if “non-

repudiable” instructions were possible?!

Where should the risk fall? Until consumers have truly secure

signature devices, should they carry any risk?

Will chargebacks drive SMEs from the Internet?

IS UK Government doing anything for e-commerce?

Back to the banks Entire financial industry is based on one

function: risk management Banks have successfully managed current

account risk for more than a century They need incentives to develop security of

online banking and e-commerce Online transaction risk is perhaps the best