Directorate General Joint Research Centre European Commission
Building Security and Consumer Trust in Internet Payments
– The potential of “soft” measures –
Background Paper No. 7 Electronic Payment Systems Observatory (ePSO) April 2002 Clara Centeno EUR 20278 EN
IPTS, Edificio Expo-WTC, C/ Inca Garcilaso, s/n, E-41092, Seville, Spain Tel: +34 954488281, Fax: +34 954488208 URL : http://epso.jrc.es/
European Commission Joint Research Centre (DG JRC) Institute for Prospective Technological Studies http://www.jrc.es
Legal notice Neither the European Commission nor any person acting on behalf of the Commission is responsible for the use which might be made of the following information.
Report EUR 20278 EN
© European Communities, 2002
Reproduction is authorised provided the source is acknowledged
Abstract Lack of security and consumer trust in Internet payments (I-payments) has been repeatedly reported as one of the most important factors hindering the development of ecommerce. This seventh ePSO background paper focuses on the nature and size of the I-payment fraud problem, and, recognising the importance of the “human factor”, it analyses the potential that “soft” or non-technology based measures may have in increasing Ipayments security and consumer trust in I-payments. Most consumer surveys show that consumers’ lack of trust is linked to concerns on the security of payment data - mostly credit cards - and misuse of private data. However, consumer survey statistics from the available US consumer complaint registration centres report that the major problems reported in 2001 were auction fraud, products and services not as expected or products never delivered, while credit card (I-payment) fraud accounted only for 5-9% of the complaints. Therefore, a distinction between e-commerce fraud and I-payment fraud needs to be made. Investigation into I-payment fraud shows a lack of coherent, accurate and publicly available sources of information. Nevertheless, the analysis of available information indicates that although the volume of reported fraud is relatively small (estimated by credit card schemes at 0.025%-0.035% of the total e-commerce sales volume) and affecting less than 2% of consumers, it is expected to grow significantly with the development of e-commerce, card fraud in general, cybercrime and identity theft. Furthermore, striking levels of 75% - 95% of consumers surveyed have concerns about credit card data security and privacy. An analysis of the risks related to Internet shows that this media appears to offer an easy environment for the perpetration of fraud, due to a number of reasons such as its anonymity and easy access, the lack of risk awareness, the lack of cyber-security skills and the complex legal prosecution process for low value cross-border transactions. In this environment, a number of on-line payment risks are identified such as the risk of fraudulent merchants charging for unauthorised transactions, the risk of payment or identity data theft, the risk of misrepresentation and the risk of consumers fraudulently denying transactions. In order to increase I-payments security, the role of “soft” measures is analysed, with a focus on fraud prevention. The particular role risk awareness and security education of
service providers, merchants and consumers can play is analysed, as well as the current barriers to increasing the level of security and the potential role of policy makers and regulation in overcoming these barriers. In order to increase consumer trust, a broader perspective is taken, including elements of the complete shopping experience. An analysis of the nature of trust distinguishes between initial trust (necessary for consumers to make their first purchase) and maintained trust (for consumers to make further purchases). The different factors that build both initial and maintained trust are identified. These range...