Evolution of the credit card
The credit card industry took off with the first "shoppers plate" by Western Union in 1914. This was essentially a metallic plate with the relevant details engraved, and the validity of the shoppers plate remained as long as the monthly tallied bill was paid off by the customer.
For use within a select chain of restaurants, the first plastic card was introduced as the Diners Club card. The first bank issued credit card was BankAmericard, which later went on to become American Express (mid-1900's).
The key takeaway here is that banks first introduced credit cards that could only be used locally, since a number of factors, including legal frameworks and interest rate applications, restricted their broader circulation. Gradually, networks were formed to broaden the use of plastic credit cards regionally, nationally, and internationally, with the first international electronic clearing house for credit card transactions established as VISA. MasterCard (initially Mastercharge) was a competitive response to VISA.
If you are interested in the details around credit card evolution specifically, do refer to some of the sources of information cited at the end of this post, they are quite comprehensive in their coverage.
Security protocols
Alongside the evolution of the credit card or personal finance industry there have been developments in the security mechanisms necessary to secure point of sale (POS) and online transactions.
It is important to understand that industry profits depend on a seamless and trustworthy transaction network that can engender trust and confidence among credit card holders (the end-users). Such relationships of trust can be enabled via secure linkages between the various actors in the ecosystem, namely the cardholder, the merchant, the merchant bank, the acquirer, the issuer, and finally, the local bank.
The key to modeling security in the credit card ecosystem, and therefore the key to fostering trust relationships, is the separation of the owner of the data, and the service being offered. Identifying critical transactions part of the service offering, and securing them, are key to this type of security model.
This approach, depicted below in Exhibit 1, is broadly indicative of the Secure Exchange Transaction (SET) security protocol developed by VISA and MasterCard. Though SET was never fully implemented, in my view the essential concept of separating ownership of data from the service offering remains central to effective security models.
Note that Exhibit 1 is from - Paolo Giorgine et al.'s Technical Report 2003 (see sources of information below) and has been adapted for use here with the additions in red.
POS credit card transactions also rely on similar security models, which do contribute towards resolving the asymmetry between privacy of information and access of information (a topic in itself that cannot be discussed here in any detail). POS transactions can "ping" for the balance on the credit card, while the credit card statement in full is not maintained in the transaction processing stream connected, thus maintaining privacy of the account holder and also providing requisite access to information.
Over time, other protocols such as SSL (Secure Sockets Layer), PCI-DSS (Payment Card Industry Data Security Standards), and Secure 3D, have also been developed, and are in various stages of evolution and implementation. These have not been explored here fully. Security protocols can only be under a continuous state of evolution are the payment card industry also evolves.
Sources of Information
Paolo Giorgini, Fabio Massaci and John Mylopoulos, "Requirement Engineering Meets Security: A Case Study on Modeling Secure Electronic Transactions by Visa and MasterCard", Technical Report # DIT-03-027, May 2003.
The credit card industry took off with the first "shoppers plate" by Western Union in 1914. This was essentially a metallic plate with the relevant details engraved, and the validity of the shoppers plate remained as long as the monthly tallied bill was paid off by the customer.
For use within a select chain of restaurants, the first plastic card was introduced as the Diners Club card. The first bank issued credit card was BankAmericard, which later went on to become American Express (mid-1900's).
The key takeaway here is that banks first introduced credit cards that could only be used locally, since a number of factors, including legal frameworks and interest rate applications, restricted their broader circulation. Gradually, networks were formed to broaden the use of plastic credit cards regionally, nationally, and internationally, with the first international electronic clearing house for credit card transactions established as VISA. MasterCard (initially Mastercharge) was a competitive response to VISA.
If you are interested in the details around credit card evolution specifically, do refer to some of the sources of information cited at the end of this post, they are quite comprehensive in their coverage.
Security protocols
Alongside the evolution of the credit card or personal finance industry there have been developments in the security mechanisms necessary to secure point of sale (POS) and online transactions.
It is important to understand that industry profits depend on a seamless and trustworthy transaction network that can engender trust and confidence among credit card holders (the end-users). Such relationships of trust can be enabled via secure linkages between the various actors in the ecosystem, namely the cardholder, the merchant, the merchant bank, the acquirer, the issuer, and finally, the local bank.
The key to modeling security in the credit card ecosystem, and therefore the key to fostering trust relationships, is the separation of the owner of the data, and the service being offered. Identifying critical transactions part of the service offering, and securing them, are key to this type of security model.
This approach, depicted below in Exhibit 1, is broadly indicative of the Secure Exchange Transaction (SET) security protocol developed by VISA and MasterCard. Though SET was never fully implemented, in my view the essential concept of separating ownership of data from the service offering remains central to effective security models.
 |
| Exhibit 1 - Security model for credit card transactions |
Note that Exhibit 1 is from - Paolo Giorgine et al.'s Technical Report 2003 (see sources of information below) and has been adapted for use here with the additions in red.
POS credit card transactions also rely on similar security models, which do contribute towards resolving the asymmetry between privacy of information and access of information (a topic in itself that cannot be discussed here in any detail). POS transactions can "ping" for the balance on the credit card, while the credit card statement in full is not maintained in the transaction processing stream connected, thus maintaining privacy of the account holder and also providing requisite access to information.
Over time, other protocols such as SSL (Secure Sockets Layer), PCI-DSS (Payment Card Industry Data Security Standards), and Secure 3D, have also been developed, and are in various stages of evolution and implementation. These have not been explored here fully. Security protocols can only be under a continuous state of evolution are the payment card industry also evolves.
Sources of Information
Paolo Giorgini, Fabio Massaci and John Mylopoulos, "Requirement Engineering Meets Security: A Case Study on Modeling Secure Electronic Transactions by Visa and MasterCard", Technical Report # DIT-03-027, May 2003.
Steve Worthington, "Affinity Credit Cards: A Critical Review", International Journal of Retail and Distribution Management, Volume 28, Number 11, 2001.
About the Author
The author holds a Masters degree (M.A.) in International Relations, University of Ottawa, Canada
About the Author
The author holds a Masters degree (M.A.) in International Relations, University of Ottawa, Canada
0 comments:
Post a Comment