89_EMV_ΠΡΟΛΗΨΗ ΑΠΑΤΗΣ_GR
Transcript of 89_EMV_ΠΡΟΛΗΨΗ ΑΠΑΤΗΣ_GR
-
8/9/2019 89_EMV_ _GR
1/393
-
8/9/2019 89_EMV_ _GR
2/393
-
8/9/2019 89_EMV_ _GR
3/393
M
_
atalia, lga, nder ,,
/
&
/ . 12, 15121 ,
. 210-6149149
. 6937097443
-mail real _ estate _ liapis @yahoo .gr
mailto:[email protected]:[email protected]:[email protected] -
8/9/2019 89_EMV_ _GR
4/393
210.8065618 6937097443
/
, , ,
. (, , ..). . , () , 250.000.000
. , ,
. .3499/2008 3956/2008 () "", ,
( ). .430/2005 () . ( 2,50%) .430/2005 ()
. 360 , 365 366 .
-
8/9/2019 89_EMV_ _GR
5/393
3956/2008 () (, , ..). . , ,
, ,, . , , , . ,
. , ,
M
&
,
!!
http://2.bp.blogspot.com/_eDWclxKoYjE/SYS3njmlaAI/AAAAAAAABBY/7a-EmEWrPjs/s1600-h/%CF%83%CF%85%CE%BD%CE%B8%CE%AE%CE%BC%CE%B1%CF%84%CE%B1+%CF%83%CE%B5+%CF%84%CE%BF%CE%AF%CF%87%CE%BF%CF%85%CF%82.jpg -
8/9/2019 89_EMV_ _GR
6/393
(FRAUD AUDITING)
: & ,
Compliance. . Risk Management. (CIA), (CFSA), (CFE)
- (CCSA)
: (Compliance Units), A, , ,
(), .
:
,
,
.
,
.
,
, (Fraud Cases)
-
8/9/2019 89_EMV_ _GR
7/393
.
-
8/9/2019 89_EMV_ _GR
8/393
-
8/9/2019 89_EMV_ _GR
9/393
-
8/9/2019 89_EMV_ _GR
10/393
-
8/9/2019 89_EMV_ _GR
11/393
-
8/9/2019 89_EMV_ _GR
12/393
-
8/9/2019 89_EMV_ _GR
13/393
[a'pati], E . (Standards for the Professional Practice of Internal Audit)
http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/
H M
!!!
28/01/2010 economics.gr
, : .
.
-
8/9/2019 89_EMV_ _GR
14/393
,
. Lucent,Xerox,Enron, Global Crossing, WoldCom, , , .. 500 . .
.
Ian Griffiths (1981)
. Berry et
al.
, ,
, 91%
, ,
.
, ,
. Parmalat Bank of America Corp. 2/3 , 1,35 . .
(.. 226/1992), (fairly) .
, , .
-
8/9/2019 89_EMV_ _GR
15/393
(American Institute ofCertified Public Accountants AICPA) Statement on
Auditing Standards (SAS) 99, (Fraud) , 1, .
( ).
,
.
, , , .
, , , , , ,
, ..
(, , ,, ..),
( , , ..), , , , .
240, , , ,
-
8/9/2019 89_EMV_ _GR
16/393
(misrepresentation) .
, 240 (fraud) :
() .() .() .() .() .
(2002) ( ) (fraud) .
, (creative accounting).
, (income smoothing), (managing earnings).
Oxford English .
Merriam Webster Unabridged (2002), .
, SAS 99 (2004)
.
-
8/9/2019 89_EMV_ _GR
17/393
Rezaee, (2003) :
I) , , , .
II) , , , .
III) , ,
.
IV) , .
V) .
VI) , .
SAS 47 . 82, (red flags) .
, SAS . 82 ( 16-17) :
http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/http://www.economics.gr/articleData/IS/2007/Zopounidis.htm -
8/9/2019 89_EMV_ _GR
18/393
1. .
, , , . .
.
2. . .
(.. ).
3. . , , ,
.
;
"" .
.
. :
) (inherent risk). (, ,..) .
) . .
http://www.caseplace.org/d.asp?d=1223http://www.corporatenarc.com/xeroxscandal.phphttp://en.wikipedia.org/wiki/Enron_scandalhttp://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/%20Global%20Crossing%20scandalhttp://www.associatedcontent.com/article/162656/worldcom_scandal_a_look_back_at_one.htmlhttp://www.caseplace.org/d.asp?d=1223http://www.corporatenarc.com/xeroxscandal.phphttp://en.wikipedia.org/wiki/Enron_scandalhttp://simatoros.wordpress.com/2010/01/28/%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%B7-%CE%BB%CE%BF%CE%B3%CE%B9%CF%83%CF%84%CE%B9%CE%BA%CE%B7-h-m%CE%B5%CE%B3%CE%B1%CE%BB%CF%85%CF%84%CE%B5%CF%81%CE%B7-%CE%B1%CF%80/%20Global%20Crossing%20scandalhttp://www.associatedcontent.com/article/162656/worldcom_scandal_a_look_back_at_one.html -
8/9/2019 89_EMV_ _GR
19/393
) . .
:
=
Montgomery et al.
.
2. :
) / (Incentive /Pressure) .
) (Opportunity) .
) , (Attitude /Rationalization) , .
E E
Spathis
, .
,
.
. (2005)
-
8/9/2019 89_EMV_ _GR
20/393
.
,
, -
, .
,
.
( ) .
, ,
.
, Enron
Arthur Andersen
.
. , ,
,
.
Se , ArthurAndersen .
(, , , , ,
, , , , , , )
-
8/9/2019 89_EMV_ _GR
21/393
H
!
T . . , 1990 , ,
. , ,, . , .
. , , , . , , , : , , , , .
-
8/9/2019 89_EMV_ _GR
22/393
() 2004 (22(III)/2004)
,
23.11.2001 (Convention on Cybercrime)
23.11.2001
...
, II ( ),
( )
:
2
3
4
5
6
7
8
9
10
11
-
8/9/2019 89_EMV_ _GR
23/393
12
13
.
() 2004 (22(III)/2004)
,
23.11.2001 (Convention on Cybercrime)
- ()
2004 (112(I)/2004)
( 14)
2002/58/
12 2002
-
8/9/2019 89_EMV_ _GR
24/393
(
)
14 (,
)
2004 (112(I)/2004).
14 (, )
2002/58/
12
2002
.
,
(Spam messages)
:
( )
2005.
(
) 2005.
2002/58/ 12 2002 ( )
, :
, 95, (1), (2),
-
8/9/2019 89_EMV_ _GR
25/393
, 251 (3), :(1) 95/46/ , 24 1995,
(4), , , .(2)
, ., 7 8 .(3) ,
.(4) 97/66/ , 15 1997, (5), 95/46/ . 97/66/
, , . , , . (5) ,
. . .
http://www.ypee.gr/ypeenew/PIndex.aspx?pid=23http://www.ypee.gr/ypeenew/PIndex.aspx?pid=23http://www.ypee.gr/ypeenew/PIndex.aspx?pid=23http://www.ypee.gr/ypeenew/PIndex.aspx?pid=23 -
8/9/2019 89_EMV_ _GR
26/393
. . (6) ,
. . (7) , , , , .(8) , , , 14 .
.
31.7.2002 EL L201/37(1) C 365 19.12.2000, . 223. (2) C 123 25.4.2001, . 53.(3) 13
2001 ( ), 28 2002 ( C 113 14.5.2002, . 39) 30 2002 ( ). 25 2002. (4) L 281 23.11.1995,. 31.(5) L 24 30.1.1998, . 1.(9) , , , , , ,
-
8/9/2019 89_EMV_ _GR
27/393
, .(10) , 95/ 46/ ,
. 95/46/ . (11) , 95/46/, ., 15 1 , , , ( ) . , , ,
, . , .
(12) . 95/46/, , , - . 95/46/ -
. .(13)
http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=2&DF=10/03/05&CL=ENGhttp://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=2&DF=10/03/05&CL=ENGhttp://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=2&DF=10/03/05&CL=ENG -
8/9/2019 89_EMV_ _GR
28/393
. .(14) , , , ,
.(15) , , . , , . , , , , , , , , , . .(16)
. , , , .(17) , , ,
, 95/46/EK. , . (18) , , , , ,
.(19) ,
http://ec.europa.eu/information_society/topics/telecoms/regulatory/new_rf/documents/l_20120020731el00370047.pdfhttp://ec.europa.eu/information_society/topics/telecoms/regulatory/new_rf/documents/l_20120020731el00370047.pdf -
8/9/2019 89_EMV_ _GR
29/393
, __________ . , . L 201/38 EL
31.7.2002 (20) , , . , . . , , .
-, , , . ,
, , . 17 95/46/.(21) , , ,
. .(22)
-
8/9/2019 89_EMV_ _GR
30/393
, ,
- . , , , .(23) . , . 95/46/EK. , , . , ,
.(24) . , , (webbugs)
, , . . (25) , , cookies , , ..
(on-line). , cookies, ,
-
8/9/2019 89_EMV_ _GR
31/393
, 95/46/ cookies ,
. cookies . , , . , , . , . cookies ,
. 31.7.2002 EL L 201/39(26) , .
.K , ,
, .
-
8/9/2019 89_EMV_ _GR
32/393
. ,
.(27) , , , . , , , - . (28) , IP (DNS) , (log-in) .(29) . , .
(30) . , . ,
, .(31) ,
-
8/9/2019 89_EMV_ _GR
33/393
, , .(32)
, , 95/46/ EK. , , , .(33) .
. , , , , .. . ,
, .(34) ,
. ,
. , , .
-
8/9/2019 89_EMV_ _GR
34/393
, , .
, , . . , .(35) , . 6 . ,
, . . , , ,
.(36) , , , . ,
.
-
8/9/2019 89_EMV_ _GR
35/393
(37) . , , .
(38) . , . , , - .(39) , , .
, . , . , , ,
. (40) , , () , (SMS). ,
/ . , . ,
-
8/9/2019 89_EMV_ _GR
36/393
. .31.7.2002 EL L
201/41(41) , 95/46/. , . , . (42) , , .
, - , .(43) ,
.(44) , , ,
. . (45)
-
8/9/2019 89_EMV_ _GR
37/393
. , , , 7 2000/31/EK
, 8 2000, , , ( ) (1).(46) , . . 95/46/ . , ,
- . , , .
1999/5/E , 9 1999, (2) , , .
(47) , .
-
8/9/2019 89_EMV_ _GR
38/393
, .(48) ,
, 29 95/46/.(49) , , :
1 1. , , , .L 201/42 EL 31.7.2002
(1) L 178 17.7.2000, . 1. (2) L 91 7.4.1999, . 10.2. 95/46/ 1. , .3. ,
V VI , , , ( ) .
2 , 95/46/ 2002/21/ , 7 2002, ( ) (1).
-
8/9/2019 89_EMV_ _GR
39/393
, , :) , , ,
) , ) , ) , , . , ) , ) ,
, 95/46/E) , ) , , , ,
.
3 1. .2. 8, 10 11 ,
, .3. 8, 10 11.
-
8/9/2019 89_EMV_ _GR
40/393
4 1. , ,
. , .2. , , , , .
5 1. , , , . , , ,
, , , 15 1. , , . 31.7.2002 EL L 201/43 (1) L 108
24.4.2002, . 33.2. 1 .3.
95/46/,
-
8/9/2019 89_EMV_ _GR
41/393
, . ,
. 6 1. , , , 2,3 5 15 1.2. . .3. ,
1 , . .4.
2 , , 3.5. , 1, 2, 3 4,
, , , ,
-
8/9/2019 89_EMV_ _GR
42/393
.6. 1, 2, 3 5 , , .
7 1. .2. , .
8 1. ,
. .2. , , .3.
, , o .4. , , ,
.5. 1 . 2, 3 4 .
-
8/9/2019 89_EMV_ _GR
43/393
6. , / , , 1, 2, 3 4. L201/44 EL
31.7.2002 9 1. , , , . , , , , . ,
.2. , , , .3. , 1 2,
, .
10
/ :) , , .
-
8/9/2019 89_EMV_ _GR
44/393
, , / )
, , , , .
11 , , .
12 1. , ,
, , .2. ,
, , . , , .3. , , ,
.4. 1 2 . , ,
-
8/9/2019 89_EMV_ _GR
45/393
, .
13 1. ( ),
() .2. 1, , 95/46/, , , , , , .31.7.2002 EL L201/453. , ,
, , 1 2, , . .4. , ,
, .5. 1 3 . , , , .
14 1. , , 2 3,
-
8/9/2019 89_EMV_ _GR
46/393
, .2.
, , 98/34/ , 22 1998, (1).3. , , 1999/5/ 87/ 95/ , 22 1986, (2).
15 95/46/
1. 5 6, 8 1 4 9 , , ( ), , , , ,
, 13 1 95/46/. , , , - . , 6 1 2
.2. III 95/46/ , ,
-
8/9/2019 89_EMV_ _GR
47/393
.3. , 29 95/46/, 30
, , .
16 1. 12 off-line .2. 95/46/ 11 97/66/E , ,
, , 12 .
17 1.
, 31- 2003. .L 201/46EL 31.7.2002 (1) L204 21.7.1998, . 37 98/48/ ( L 217 5.8.1998, . 18). (2) L 36 7.2.1987, . 31 1994. , ,
. .2.
-
8/9/2019 89_EMV_ _GR
48/393
, .
18 ,
17 1, , , , . , , . , , , , .
19 97/66/ - 17 1. .
20
.
21 ., 12 2002. P. COX T. PEDERSEN
31.7.2002 EL L 201/47__
- , (dial up) Internet , .
-
8/9/2019 89_EMV_ _GR
49/393
, () . , 26 ,
( ). (audiotext), (901...) . -dialers, .
http://www.in.gr/news/article.asp?lngEntityID=832959&lngDtrID=252 : , , .
. .
Phishing
Pharming
Spam
Scam
Blog
Phishing
-
8/9/2019 89_EMV_ _GR
50/393
To "" . , , . ; "Phishing"
. , . , pop upwindows (Instant messaging). ; pop up windows (
). . . , . Web
; . , Web ( )., . .
"Issued to" ( ), . , , "spoofed" () . , .
. ; , . Web
-
8/9/2019 89_EMV_ _GR
51/393
, . spyware ( ) .
-
8/9/2019 89_EMV_ _GR
52/393
"" . , .
, , . , , .' ,
., , , . , .
, , .
.
,
. , .
, ,, , .
-
8/9/2019 89_EMV_ _GR
53/393
.
, .
.
(
) .
" " " " .
.
.
, .
.
.
, .
, ,
-
8/9/2019 89_EMV_ _GR
54/393
, .
' , .
, .
Microsofthttp://www.cnc.uom.gr/services/WEB_DECEPTION.pdf
Pharming
pharming (): browser . pharming, , ; "Pharming" ,
. , , , . Pharming (), , , . , . , , . , .
, browser ; " DNS"
-
8/9/2019 89_EMV_ _GR
55/393
. firewall () (pharming).
, , . , , .
link ; . "" link , . , links ,
, .
Spam
; e-mail spam . ;
, , . .
-
8/9/2019 89_EMV_ _GR
56/393
; spam , .M :
.
.
.
.
-
8/9/2019 89_EMV_ _GR
57/393
Downloading. : . screensaver ; ,
. . downloading; downloading CD, Web , Word Excel , .
. (malware) . , worm, . , . , ,
. , .
-
8/9/2019 89_EMV_ _GR
58/393
, . . ,
, "" . "" . . ,
.
.
.
, ' .
(spam). . Microsoft Outlook , .
. (ISP) . , MicrosoftWindows AntiSpyware (Beta) .
20 . 2009 ... MICROSOFT ANTIVIRUS .... ustopher nternet
http://www.cnc.uom.gr/services/WEB_DECEPTION.pdfhttp://www.cnc.uom.gr/services/WEB_DECEPTION.pdf -
8/9/2019 89_EMV_ _GR
59/393
50 20 ! , , Visa Hellas
. , ATM s 3,2 . . , 2007 5 . , 3,2. . ,
, chip EMV, .
!
ATM s
50 20 150.000 . , () .
(skimming) pin , .
, EMV
chip. .
-
8/9/2019 89_EMV_ _GR
60/393
.
,
, .
3,2 . 3,2 . , , .
, pin . .
ATMs . , . , , .
-
8/9/2019 89_EMV_ _GR
61/393
; sites , 80% . .
(Instant messaging,Messenger, IRC .) ( "spim"). . . , .
Scam
, . , , , , , . .
, , , ( ). , , . , .
. , , scam . . , , ( spam) . , , . .
-
8/9/2019 89_EMV_ _GR
62/393
, , , ,
, e-mail, , .
.
,
, , . , .
, ,
.
.
"" . ,
, , .
e-mail , e-mail . .
-
8/9/2019 89_EMV_ _GR
63/393
(URL) browser links phishing "pharming" ()
Web , .
.
,
, .
.
, .
Blog
blogging, , , blog . blog ,
. . blog, . . blog , , . :
-
8/9/2019 89_EMV_ _GR
64/393
.
.
, .
( ) . , .
blog
.
. .
blog blog.
, , , , , , , , .
.
background .
, . .
-
8/9/2019 89_EMV_ _GR
65/393
blog , blog . ( , ).
(bloggers).
blog .
. Internet , . , . , .
; :
,, , arcade , .
, .
, . .
Microsoft
VIRUS
Samsung,
Telefnica Visa
-
8/9/2019 89_EMV_ _GR
66/393
.
NFC SIM.
400 NFC VIP
.
75
30 .
VISA
,
GSMA,
.
,
Samsung NFC 10 . 10
.
,
La Caixa Visa.
,
.
- project, GSMA
. Pay-Buy-Mobile GSMA,
50
-
8/9/2019 89_EMV_ _GR
67/393
,
NFC
, SIM.
- Samsung Electronics Co. Ltd.
Samsung Star NFC, .
- Telefnica
?O2 Wallet?.
- Visa Visa Mobile Payment,
, La Caixa Telefnica
O2 SIM,
60.
Visa La Caixa,
Telefnica, Ingenico G&D , O2
Wallet, SIM
Visa .
- La Caixa
75.
.
- Giesecke & Devrient (G&D) SIM,
NFC
La Caixa
Visa Mobile Payment.
Samsung,
NFC, EMV
SIM Single Wire
Protocol (SWP).
- Ingenico
-
8/9/2019 89_EMV_ _GR
68/393
EFT930 G ,
.
- ITN International,
event marketing,
NFC
CYBERCOM GROUP
WSEAS
INFORMATION TECHNOLOGIES RESEARCH (ITR)
: . .
O .
,
Kiev Polytechnic Institute /
1995 1999
.
( ,
),
,
& .
-
8/9/2019 89_EMV_ _GR
69/393
,
,
C4ISR, ,
, , ,
- .
(), IEEE, WSEAS ITR.
:
CSI (Consulting Security Informatics),
. 20
(Information Security
Management ISM) (Risk
Management RM). M.Sc /
(Royal Institute of
Technology/SU).
,
. -
.
,
.
-
8/9/2019 89_EMV_ _GR
70/393
, ,
,
, 407,
,
,
: 30-40
:
.
()-2003
(
)
Henrik Johansson, Director Business Unit, Cybercom Sweden East
AB
: 30-40
:
.
-
8/9/2019 89_EMV_ _GR
71/393
.
.
, ,
, , ,
.
1) (Standards-
based).
,
- .
XACML .
2) (External toapplications).
.
(Policy Enforcement Points - PEP)
.
3) (Fine-grained).
, ,
. ,
.
4) (Context-aware).
-
8/9/2019 89_EMV_ _GR
72/393
, ,
.
: , ,
,
IT-Forensics
Bjrn Lindeberg, Director Business Development
: 30-40
:
Nordic Forensic Team (NFT) Cybercom Group
AB, , Nasaq-OMX,
. NFT
:
(Counter
Intelligence Services CIS).
, ,
PCI-DSS
QFI .
. NFT
PCI
n ,
,
http://www.wseas.org/http://www.wseas.org/http://www.itr.gr/http://www.cybergroup.com/http://www.wseas.org/http://www.itr.gr/ -
8/9/2019 89_EMV_ _GR
73/393
.
(Computer Emergency Response
Team C.E.R.T.) .
.
: , ,
, ,
.
PCI DSS
(Payment Card Industry Data Security Standard)
Bjrn Lindeberg, Director Business Development
: 30-40
:
PCI DSS -
.
,
.
,
Visa, MasterCard ,
. , Data Security Standard (DSS),
-
8/9/2019 89_EMV_ _GR
74/393
Payment Card Industry (PCI)
.
.
Cybercom
.
.
PCI DSS
.
: , ,
Henrik Johansson, Director Business Unit, Cybercom Sweden East
AB
: 30-40
:
.
AmbuLink () Mobile Cybercom.
,
, Cybercom
-
8/9/2019 89_EMV_ _GR
75/393
,
!
AmbuLink(R) Cybercom Mobile ,
. AmbuLink(R)
, National
Patient Summary.
, , .. .
AmbuLink(R) Mobile
/
,
.
AmbuLink(R)
.
:
Kaspersky Lab : Internet!!!
, Malware Statistics Kaspersky Lab Malware Statistics . , :
-
8/9/2019 89_EMV_ _GR
76/393
, Internet .
Internet . ,
. , , hackers , . (scrpt) . . , malware , . 20 . , 20 , 14 . , 20 ( Internet).
EDI
:
Mobile Payment:
, 2004
-
8/9/2019 89_EMV_ _GR
77/393
1.
2.
2.1
2.1.1 SMS
2.1.2 WAP
2.1.3 i-MODE
2.1.4 USSD
2.1.5 Cell Broadcast
2.1.6 SIM Toolkit2.1.7 Web Clipping
2.1.8 MexE
2.2
3. m-payment
3.1
3.2
3.3
3.4
4. m-payment
-
8/9/2019 89_EMV_ _GR
78/393
4.1 m-payment
4.2 m-payment
5.
5.1
5.1.1 Content Download
5.1.2 Point Of Sale
5.1.3 Content on Device
5.2
5.2.1 operator
5.2.1.1
5.2.1.2 5.2.2 Out-of-band
5.2.2.1
5.2.2.2 Reverse-Charge/Billed SMS
5.2.3 Proximity
5.2.3.1 Smartcards
5.2.3.2 Mobile Wallets
6. m-payment
7.
7.1 Encorus PaymentWorks Mobile
-
8/9/2019 89_EMV_ _GR
79/393
7.2 Enition
7.3 iPIN
7.4 Paybox
7.5 Nokia Payment Solution
7.6 Paypal
7.7 MobiPay
8.
8.1
http://www.akouseto.gr/internet-is-dangeroushttp://www.akouseto.gr/internet-is-dangerous -
8/9/2019 89_EMV_ _GR
80/393
. , m-
payment e-/m-commerce.
Wireless World Forum, 5.5 Euro 55.3 Euro 2006.
m-payment Mobile Payment Forum (2002): m-payment , ( ), . , , PDA. Celent,
, 2004 60, Visa
International Boston Consulting e-commerce m-commerce 38 2002 128 2004 [1].
2.
, m-payment . ,
, m-payment.2.1
2.1.1 SMS SMS (Short Messaging Service) [2] GSM Phase 1 .
-
8/9/2019 89_EMV_ _GR
81/393
2002, 24 SMS GSM, SMS, Netsize [3]. p2p 90% SMS ,
10% ,
, ..2.1.2 WAP WAP (Wireless Application Protocol) [2] Internet . format . WAP standard, WAP Forum, 500 Nokia, Ericsson, Motorola ..2.1.3 i-mode
i-mode NTT DoCoMo, Internet . I-mode m-commerce.
, I-mode . standard PDC cHTML(compact HTML) [4].2.1.4 USSD
USSD (Unstructured Supplementary ServicesData) [2] GSM . SMS, . USSD .2.1.5 Cell Broadcast
Cell broadcast [2] . SMS, -- --. , . operator
-
8/9/2019 89_EMV_ _GR
82/393
, .2.1.6 SIM Toolkit
-
8/9/2019 89_EMV_ _GR
83/393
SIM Toolkit [5] ETSI/SMG standard valueadded e-commerce GSM . SIM Toolkit GSM SIM SIM , GSM handset,
. GPRS ,
WAP. Web Clipping Web clipping 3Com Palm handheld , 75% PDA . web-based Palm . 2.1.8 MexE
MexE (Mobile Station Application ExecutionEnvironment) [2] Java VirtualMachine .2.2
Symbian [6] 1998 Nokia, Motorola, Ericsson Psion ( PDA). Psion, EPOC, smartphones communicators. EPOC release 5, Symbian OS. Series 60 [6], Symbian OS
mobile browsing, MMS, content downloading . Series 60 Platform 1.0 smartphone, e-mail,WAP 1.2.1 stack, Bleuetooth GPRS. Microsoft Windows, Windows CE palm-size, hand-held PCs . PC, HP, Compaq, Philips CE. 3COM ,
-
8/9/2019 89_EMV_ _GR
84/393
PDA . Palm OS, .
3. m-payment
m-payment . , . , Nokia, Mobey Forum, 3 :
(Remote environment)
(Local environment)
(Personal environment)
, .
3 :
Pay-before
Pay-now
Pay-later
-
8/9/2019 89_EMV_ _GR
85/393
Web Clipping Web clipping 3Com Palmhandheld , 75% PDA . web-based Palm .
2.1.8 MexE MexE (Mobile Station Application Execution
Environment) [2] Java VirtualMachine .2.2
Symbian [6] 1998 Nokia, Motorola, Ericsson Psion ( PDA). Psion, EPOC, smartphones communicators. EPOC release 5, Symbian OS. Series 60 [6], Symbian OS
mobile browsing, MMS, content downloading
. Series 60 Platform 1.0 smartphone, e-mail,WAP 1.2.1 stack, Bleuetooth GPRS. Microsoft
Windows, Windows CE palm-size,hand-held PCs . PC, HP, Compaq, Philips CE. 3COM
, PDA . Palm OS, .
3. m-payment
m-payment . , . , Nokia, Mobey Forum, 3 :
-
8/9/2019 89_EMV_ _GR
86/393
(Remote environment) (Local environment) (Personal environment)
,
. 3 :
Pay-before
Pay-now
Pay-later2.1.7
-
8/9/2019 89_EMV_ _GR
87/393
pay-before SIM . pay-now,
(debit card) Point Of Sale (POS) .
PIN, . check pay-later .
, :
(Content type)
(Content value)
(Transaction type)
(Transaction settlementmethod)
3.1 :
1. Pre-paid (debit): . voice pre-paid electronic wallets .
2. Post-paid (credit): . , ringtone TTP.
3.2 m-payment :
-
8/9/2019 89_EMV_ _GR
88/393
1. Pay Per View (PPV): . MP3 m-commerce
site. , , .
2. Pay Per Unit (PPU): . ( ) . ( ) 50cent .
3. Recurrent Subscription:
. , . 3.3 :
(Digital goods): MP3s, downloadedringtones
(Hard goods): TV, CDROM
(Voting)
(Ticketing)
-
8/9/2019 89_EMV_ _GR
89/393
3.4
(payer) (payee)
[7]., :
Picopayments:
-
8/9/2019 89_EMV_ _GR
90/393
PSP, (authorization) , .
Trusted Third Party (TTP):
(authentication) (authorization)
-
8/9/2019 89_EMV_ _GR
91/393
(settlement) . TTP operators , . PSP, TTP (content provider).
(Payment Service Provider- PSP) , . TTP. , , e-wallet
, , server
.. PSP network operator,
. . 1: m-payment .
, m-payment (authentication) . , 3 [11]:
1. Single chip: chip
2. Dual chip: chip, .
3. Dual slot: ( ) ,
-
8/9/2019 89_EMV_ _GR
92/393
.
-
8/9/2019 89_EMV_ _GR
93/393
m-payment, , . ,
. 2: m-payment . ,
. (ServiceRegistration): , . (User Registration): .
. , PIN (Personal IdentificationNumber) , . , User IdentificationNumber, . (Request Service): , . (Request Charging Session): , . id id , , Session Identification Number..
-
8/9/2019 89_EMV_ _GR
94/393
(RequestAuthorization and Authentication): , .
, . . . , ,
. , , PIN . (User Authenticated):
. , . id , .
(Provide Content orService): .
-
8/9/2019 89_EMV_ _GR
95/393
(Charge): , . ,
2 . , , .5. 5.1
. , [10] . 3: ., 2 :
.
3 m-payment .
5.1.1 Content Download ,
. (metered pricingmodel) (eventpricing model).
, , video . , .
-
8/9/2019 89_EMV_ _GR
96/393
, , . ,
. , .
PC Internet, ( ).
, PSP. PSP (authentication) , pre-paid post-paid .
4: Content Download 5.1.2Point of Sale , (POS), taxi . POS . PSP , sms pin , , Bluetooth . .
, . Bluetooth InfraRed . 5: POS5.1.3 Content on Device
, , . , . 6: Content on Device
-
8/9/2019 89_EMV_ _GR
97/393
-
8/9/2019 89_EMV_ _GR
98/393
5.2.1 operator
. in-band [7], , WAP GPRS. .
videostreaming video messaging. : Bob , MMS(Multimedia Messaging Service). 1 Euro prepaid . MMS 2.5G , -.
5.2.1.1
, [7]. , standalone , (infrastructure) . .
.
ASP (ApplicationService Provider), ,
.
-
8/9/2019 89_EMV_ _GR
99/393
5.2.1.2 5.2
GPRS 3G Amdocs, Cerillion Technologies, Convergys, EHPT, Geneva
Technology, Kenan Systems, Portal, Sema TelesensKSCL [12]. CRM (CustomerRelationship Management) .
5.2.2 Out-of-band
[7]
, .. . , . , PKI, ..
: SMS U2. Internet caf site Visa. SMS PIN, . .
. GSM SMS USSD . , Authentication Source (AS) (.. issuer), . AS AuthenticationGateway (AGW). AGW . 7: Out-of-band GSM .
AWG Short Message Switching Centre ( SMS ) Unstructured Supplementary Services Data Centre(USSDC) ( USSD ).
-
8/9/2019 89_EMV_ _GR
100/393
Signaling System 7 (SS7), . SS7 MobileSwitching Centre (MSC) Base Station System (BSS),
-
8/9/2019 89_EMV_ _GR
101/393
. BSS Mobile Station (MS).5.2.2.1
[7]. , , . , dual slot , PIN SMS PKI . PKI 2.5G . ,
PIN.
, . Paybox MobiPay.
5.2.2.2 Reverse-Charge/Billed SMS reverse-billed SMS [13]. (premium) . SMS textmessaging . reverse-charge SMS .
, infrastructure (operators) .
5.2.3 Proximity
m-commerce [14] proximity , POS, , . ,
-
8/9/2019 89_EMV_ _GR
102/393
Bleutooth 802.11, micro macro [7].
-
8/9/2019 89_EMV_ _GR
103/393
: Bob Bluetooth . , Bluetooth ,
POS . Bluetooth, , java applet POS .
5.2.3.1 Smartcardssmartcards, .. chip cards
GeldKarte, Proton, Mondex, credit/debit
electronic wallet. SIM GSM smartcards. standard smartcards. Visa, , , Open-Platform,
standards. standard, EMV(European MasterCard Visa). , ,
standards EMV. EMV m-commerce
m-payment. 2-slot . EMV mobile wallet .
5.2.3.2 Mobile Wallets, wallet , , , third-party , ,
-
8/9/2019 89_EMV_ _GR
104/393
. , Amazon eBay wallets server, . Nokia wallets
. H m-wallets e-wallets, m-wallet Mobipay Vodafone m-pay. - - 2000 2005 [15].
-
8/9/2019 89_EMV_ _GR
105/393
1
6. M-Payment m-payment, 3 :
m-payment .
(encryption) (confidentiality) . plaintext (
) . .
public key cryptosystem , 2 :
(private key)
(public key)
2 . 8: private public.
-
8/9/2019 89_EMV_ _GR
106/393
public key . , . , ,
. (digital signatures)
. . . . , hashfunctions . , .. , .
(digital certificates) .
. -(public-key certificate) , . 4 :
(issuer)
-
8/9/2019 89_EMV_ _GR
107/393
Public Key Infrastructure (PKI) PKIXWorking Group , , , ,, .
m-commerce. WTLS, WAP, .. WTLS WAP gateway.
SET (Secure ElectronicTransaction), MasterCard Visa PKI .
7.
m-payment ,
, m-payment. ePayment SystemsObservatory ( European CentralBank)
-
8/9/2019 89_EMV_ _GR
108/393
m-payment , , m-payment [16].
.7.1 ENCORUS PAYMENTWORKS MOBILE
Encorus eONE, First Data, . Encorus, Mobile Paymnet, PaymentWorksMobile, . 9: Encorus PaymentWorks Mobile.
, HTML, WAP/SMS InteractiveVoice Recognition (IVR). Wallet Server,
, -. Wallet Server . mobile wallet , . , .
2002, T-Mobile Vodafone PaymentWorks Mobile., Vodafone , . , m-pay, wallet.
-
8/9/2019 89_EMV_ _GR
109/393
7.2 ENITION NetToll Enition
, (.. ISPs, ISPs, )
. Enition IP
(Internet Protocol) (overhead) . (encapsulation) (decapsulation) (tokens). 10: Enition.
tokens Internet . Internet, tokens gateway (.. ). tokens :
(Toll Unit). (Toll Policy) .
token( ).
token.
7.3 iPIN iPIN Payment
, m-payment. 7 :
-
8/9/2019 89_EMV_ _GR
110/393
The Commerce Router: .
The Repository:
( , ..) .
The Billing Engine:
.
The Merchant POS Controller: POS.
Commerce Router.
The Payment Gateway: .
The Business Intelligent module: .
The iPIN Multiple Payment Instrument Module:
.
, iPIN , France Telecom (OrangeFrance), HSBC, British Telecom. 11: iPIN.7.4 PAYBOX
, PIA (Paybox.nets IntelligentArchitecture), POS , P2P .. Paybox 2:
-
8/9/2019 89_EMV_ _GR
111/393
, Paybox , .
, Paybox
Router, (settlement) 2 , .
Paybox.net AG 1999 m-payment. 700000 , , , Deutsche Bank , 50% 2003., Paybox Austria AG Mobilkom Austria (A1) , p2p, POS, .. ,
operator , .,
PIN ( ). , Paybox . operator , 15 Euro.
7.5 NOKIA PAYMENT SOLUTION
, Nokia m-payment,
. server SMS,WAP Internet. (authentication) WIM
-
8/9/2019 89_EMV_ _GR
112/393
module ( WAP 2.0), .
-
8/9/2019 89_EMV_ _GR
113/393
(content provider).
, ...
Nokia Payment. 12: Nokia Payment Solution.7.6 PAYPAL
Paypal e-mail. , Paypal , check Paypal . 2002, Paypal eBay, 1.5 $.
2004, Paypal 31 , 38 .
, .
7.7 MOBIPAY
MobiPay , m-payments. operators . MobiPay Banco Bilbao Vizcaya Argentaria Santander CentralHispano, mobile network operators( Vodafone, 2). MobiPay . ,
-
8/9/2019 89_EMV_ _GR
114/393
barcode . POS , MobiPay. MobiPay USSD (Unstructured SupplementaryServices Data)
the invoice and amount. PIN .
( POS , ) . 2 :
pre-paid network wallet ( pre-paidwallet operator)
post-pay (against a bank account)
USSD , MobiPay .
8. m-payment . , , - - .
m-payment, .
, .
m-commerce .
-
8/9/2019 89_EMV_ _GR
115/393
, m-payment.8.1
8.1.1
, :
(confidentiality): (.. );
(authentication): ;
-
8/9/2019 89_EMV_ _GR
116/393
(integrity):
;
(authorization): ;
(non-repudiation): ;
8.1.2 ,
:
: ,
.
: .
: .
, , .
8.1.3 standard operators ,
Standards [17]:
,
-
8/9/2019 89_EMV_ _GR
117/393
. MeT (MobileElectronic Transactions), Nokia,
Motorola Ericsson m-commerce.
E-Commerce Expert Group(ECOMEG), WAP Forum(Wireless application Protocol) WAP m-commerce , .
Mobile Payment Forum (MPF) , , m-payment. 2004, AmericanExpress, MasterCard, Nokia, NTT DoCoMo, Oracle, TIM, T-Mobile, Visa Vodafone., 2003, 4 operators Orange, Telefonica Moviles, T-Mobile Vodafone Mobile Payment Services
Association (MPSA), 2003
-
8/9/2019 89_EMV_ _GR
118/393
Simpay. m-payment . 2004, Simpay ,
2005.
8.2 m-payment , , ..
, - . ,
[18]. , ,
. , p2p POS
. SVA (storedValue Account) , . , , . , , . , Paypal . , New York, California,Idaho Paypal FDIC (Federal Deposit Insurance Corporation) . [19]. 2000, UMSA (Uniform
Money Services Act) [18].
-
8/9/2019 89_EMV_ _GR
119/393
California, ringtones. ,
, , third-party .
, , .9. m-payment
operators m-payment, :
-
8/9/2019 89_EMV_ _GR
120/393
-
8/9/2019 89_EMV_ _GR
121/393
[5] GemPlus, SIM Toolkit, White Paper, version 3, May2001[6] DIGIA Inc., Programming for the Series 60 Platformand Symbian OS, Helsinki, 2003[7] Mobile Payments: Preparing for the mCommerce
Revolution: White Paper,Trintech, March 2002[8] Varshney, Upkar; Vetter, Ron. Mobile Commerce:Framework, Applications and Networking Support, MobileNetworks and Applications 7, 2002[9] Castello, Denis (2003), Mobility and Micropayment,June, Zafion[10] Kreyer, N., Pousttchi, K., Turowski, K. -Characteristics of Mobile Payment Procedures, In:Maamar, Z., Mansoor, W., van den Heuvel, W.-J. (Hrsg.):Proceedings of the ISMIS 2002 Workshop on M-Services,Lyon (preprint), 2002[11] Hort Christian, Gross Sandra, Fleisch Elgar, CriticalSuccess Factors of Mobile Payment, Working Paper 13,Version 1.0, 24.09.2002
[12] Charging Mechanisms for Mobile Services:NorthStream, 2002[13] Reverse-Billed Premium Rate SMS: ICSTIS Guideline,May 2002[14] Online Publishers Association (2003), Online PaidContent U.S. Market Spending Report
-
8/9/2019 89_EMV_ _GR
122/393
[15] Mobile Payments Slow Start, Forrester Research,May 2001 quoted in GSM [16] Faber, Edward et al. (2003),Current innovation in commerce-enabling services,March 12, Telematica Instituut. BITA/2002/D1.1.2.[17] Cox, Alan. The M-COMM Maze - is there a Role for
Standards?, April 10, 2003[18] Boehle Knud, Krueger Malte, Payment-CultureMatters A comparative EU-USperspective on Internet payments. August 2001[19] Muller John D., Selected U.S. Legal Issues in Issuanceof Electronic Money, The Journal of Internetbanking andCommerce, March 1997, vol. 2, no. 2[20] M2 Presswire (2003) - BWCS: Small payments tolead m-commerce revival[21] Parsons, R.: Mobile Proximity Payment Services,BWCS 2003MoU Association (2002)
-
8/9/2019 89_EMV_ _GR
123/393
-
8/9/2019 89_EMV_ _GR
124/393
-
8/9/2019 89_EMV_ _GR
125/393
-
8/9/2019 89_EMV_ _GR
126/393
-
8/9/2019 89_EMV_ _GR
127/393
-
8/9/2019 89_EMV_ _GR
128/393
-
8/9/2019 89_EMV_ _GR
129/393
-
8/9/2019 89_EMV_ _GR
130/393
-
8/9/2019 89_EMV_ _GR
131/393
-
8/9/2019 89_EMV_ _GR
132/393
-
8/9/2019 89_EMV_ _GR
133/393
-
8/9/2019 89_EMV_ _GR
134/393
-
8/9/2019 89_EMV_ _GR
135/393
-
8/9/2019 89_EMV_ _GR
136/393
-
8/9/2019 89_EMV_ _GR
137/393
-
8/9/2019 89_EMV_ _GR
138/393
-
8/9/2019 89_EMV_ _GR
139/393
-
8/9/2019 89_EMV_ _GR
140/393
-
8/9/2019 89_EMV_ _GR
141/393
-
8/9/2019 89_EMV_ _GR
142/393
-
8/9/2019 89_EMV_ _GR
143/393
-
8/9/2019 89_EMV_ _GR
144/393
-
8/9/2019 89_EMV_ _GR
145/393
-
8/9/2019 89_EMV_ _GR
146/393
-
8/9/2019 89_EMV_ _GR
147/393
-
8/9/2019 89_EMV_ _GR
148/393
-
8/9/2019 89_EMV_ _GR
149/393
-
8/9/2019 89_EMV_ _GR
150/393
-
8/9/2019 89_EMV_ _GR
151/393
EDI
:
Mobile Payment:
, 2004
-
8/9/2019 89_EMV_ _GR
152/393
1.
2.
2.1
2.1.1 SMS
2.1.2 WAP
2.1.3 i-MODE
2.1.4 USSD
2.1.5 Cell Broadcast
2.1.6 SIM Toolkit2.1.7 Web Clipping
2.1.8 MexE
2.2
3. m-payment
3.1
3.2
3.3
3.4
4. m-payment
-
8/9/2019 89_EMV_ _GR
153/393
4.1 m-payment
4.2 m-payment
5.
5.1
5.1.1 Content Download
5.1.2 Point Of Sale
5.1.3 Content on Device
5.2
5.2.1 operator
5.2.1.1
5.2.1.2 5.2.2 Out-of-band
5.2.2.1
5.2.2.2 Reverse-Charge/Billed SMS
5.2.3 Proximity
5.2.3.1 Smartcards
5.2.3.2 Mobile Wallets
6. m-payment
7.
7.1 Encorus PaymentWorks Mobile
-
8/9/2019 89_EMV_ _GR
154/393
7.2 Enition
7.3 iPIN
7.4 Paybox
7.5 Nokia Payment Solution
7.6 Paypal
7.7 MobiPay
8.
8.1 8.1.1
8.1.2
8.1.3 standard
8.2
9. m-payment
10.
-
8/9/2019 89_EMV_ _GR
155/393
1. , m-
payment e-/m-commerce.
Wireless World Forum, 5.5 Euro 55.3 Euro 2006.
m-payment Mobile Payment Forum (2002): m-payment , ( ), . , , PDA. Celent,
, 2004 60, Visa
International Boston Consulting e-commerce m-commerce 38 2002 128 2004 [1].
2.
, m-payment . ,
, m-payment.2.1 2.1.1 SMS
SMS (Short Messaging Service) [2] GSM Phase 1 .
-
8/9/2019 89_EMV_ _GR
156/393
2002, 24 SMS GSM, SMS, Netsize [3]. p2p 90% SMS ,
10% ,
, ..2.1.2 WAP
-
8/9/2019 89_EMV_ _GR
157/393
WAP (Wireless Application Protocol) [2] Internet . format .
standard, WAP Forum, 500 Nokia, Ericsson, Motorola ..2.1.3 i-mode
i-mode NTT DoCoMo, Internet . I-mode m-commerce. , I-mode . standard PDC cHTML(compact HTML) [4].2.1.4 USSD
USSD (Unstructured Supplementary ServicesData) [2] GSM . SMS, . USSD .2.1.5 Cell Broadcast
Cell broadcast [2] . SMS, -- --. , . operator , .2.1.6 SIM Toolkit
SIM Toolkit [5] ETSI/SMG standard value added e-commerce GSM . SIM Toolkit GSM SIM
-
8/9/2019 89_EMV_ _GR
158/393
SIM , GSM handset, . GPRS ,
WAP.WAP 2.1.7 Web Clipping
Web clipping 3Com Palm handheld , 75% PDA . web-based Palm .
-
8/9/2019 89_EMV_ _GR
159/393
2.1.8 MexE MexE (Mobile Station Application Execution
Environment) [2] Java VirtualMachine .
2.2 Symbian [6] 1998
Nokia, Motorola, Ericsson Psion ( PDA). Psion, EPOC, smartphones communicators. EPOC release 5, Symbian OS. Series 60 [6], Symbian OS
mobile browsing, MMS, content downloading . Series 60 Platform 1.0 smartphone, e-mail,WAP 1.2.1 stack, Bleuetooth GPRS. Microsoft
Windows, Windows CE palm-size, hand-held PCs . PC, HP,Compaq, Philips CE. 3COM , PDA .
Palm OS, .
3. m-payment m-payment
. , . , Nokia, Mobey Forum, 3 :
(Remote environment)
(Local environment)
-
8/9/2019 89_EMV_ _GR
160/393
(Personal environment)
,
. 3 :
Pay-before
Pay-now
Pay-later
pay-before SIM . pay-now,
(debit card) Point Of Sale (POS)
-
8/9/2019 89_EMV_ _GR
161/393
. PIN, . check pay-later .
,
:
(Content type)
(Content value)
(Transaction type)
(Transaction settlementmethod)
3.1 :
1. Pre-paid (debit): . voice pre-paid electronic wallets .
2. Post-paid (credit): . , ringtone TTP.
3.2 m-payment :
1. Pay Per View (PPV): . MP3
-
8/9/2019 89_EMV_ _GR
162/393
m-commerce site. ,, .
2. Pay Per Unit (PPU):
. ( ) . ( )50 cent .
3. Recurrent Subscription: . , .
-
8/9/2019 89_EMV_ _GR
163/393
3.3 :
(Digital goods): MP3s,
downloaded ringtones
(Hard goods): TV, CDROM
(Voting)
(Ticketing)
3.4
(payer) (payee) [7]., :
Picopayments:
-
8/9/2019 89_EMV_ _GR
164/393
4. m-payment4.1 m-payment
m-payment :
(consumer): (content) (content provider). , PSP .
(content provider) (merchant): / . PSP, (authorization)
, .
Trusted Third Party (TTP): (authentication) (authorization)
-
8/9/2019 89_EMV_ _GR
165/393
(settlement) . TTP operators , . PSP, TTP (content provider).
(Payment Service Provider- PSP) , . TTP. , , e-wallet
, , server
.. PSP network operator,
. . 1: m-payment .
, m-payment (authentication) . , 3 [11]:
1. Single chip: chip
2. Dual chip: chip, .
3. Dual slot: ( ) ,
-
8/9/2019 89_EMV_ _GR
166/393
.
-
8/9/2019 89_EMV_ _GR
167/393
4.2 m-payment m-payment, , . ,
. . 2: m-payment .
, . (Service Registration): , . (User Registration):
-
8/9/2019 89_EMV_ _GR
168/393
. . ,
PIN (Personal Identification Number) , .
, User Identification Number, . (Request Service): , . (Request Charging Session): , . id id , ,
Session Identification Number. (RequestAuthorization and Authentication): , . , . . . , ,
. , , PIN . (User Authenticated):
. , . id
-
8/9/2019 89_EMV_ _GR
169/393
, . (Provide Content orService): .
(Charge): , . , 2
-
8/9/2019 89_EMV_ _GR
170/393
. , , .
5. 5.1
. , [10] . 3: ., 2 :
.
3 m-payment .
5.1.1 Content Download ,
. (metered pricingmodel) (event
pricing model). ,
, video . , .
-
8/9/2019 89_EMV_ _GR
171/393
-
8/9/2019 89_EMV_ _GR
172/393
5: POS
5.1.3 Content on Device ,
,
. , . 6: Content on Device
-
8/9/2019 89_EMV_ _GR
173/393
5.2
5.2.1 operator
. in-band [7], , WAP GPRS. .
videostreaming video messaging. : Bob , MMS(Multimedia Messaging Service). 1 Euro prepaid . MMS 2.5G , -.
5.2.1.1
, [7]. , standalone , (infrastructure) . .
.
ASP (ApplicationService Provider), ,
.
-
8/9/2019 89_EMV_ _GR
174/393
5.2.1.2
GPRS 3G Amdocs, Cerillion Technologies, Convergys, EHPT, Geneva Technology, Kenan Systems, Portal, Sema
TelesensKSCL [12]. CRM (CustomerRelationship Management) .
5.2.2 Out-of-band
-
8/9/2019 89_EMV_ _GR
175/393
[7] , .. .
, . , PKI, ..
: SMS U2. Internet caf site Visa. SMS PIN, . .
. GSM SMS USSD . , Authentication Source (AS) (.. issuer), . AS Authentication Gateway (AGW). AGW . 7: Out-of-band GSM .
AWG Short Message Switching Centre ( SMS ) UnstructuredSupplementary Services Data Centre (USSDC) ( USSD ). Signaling System 7 (SS7), . SS7 Mobile Switching Centre (MSC)
-
8/9/2019 89_EMV_ _GR
176/393
Base Station System (BSS),
-
8/9/2019 89_EMV_ _GR
177/393
. BSS Mobile Station (MS).
5.2.2.1
[7]. , , . , dual slot , PIN SMS PKI . PKI 2.5G . ,
PIN.
, . Paybox MobiPay.
5.2.2.2 Reverse-Charge/Billed SMS reverse-billed SMS
[13]. (premium) . SMS textmessaging . reverse-charge SMS .
, infrastructure (operators) .
5.2.3 Proximity m-
commerce [14] proximity , POS,
-
8/9/2019 89_EMV_ _GR
178/393
, . , Bleutooth 802.11, micro macro [7].
: Bob
Bluetooth . , Bluetooth , POS . Bluetooth,
-
8/9/2019 89_EMV_ _GR
179/393
, java applet POS .
5.2.3.1 Smartcardssmartcards, .. chip cards
GeldKarte, Proton, Mondex, credit/debit
electronic wallet. SIM GSM smartcards. standard smartcards. Visa, , , Open-Platform, standards.
standard, EMV (EuropeanMasterCard Visa). , , standards EMV.
EMV m-commerce m-payment. 2-slot .
EMV mobile wallet .5.2.3.2 Mobile Wallets, wallet , , , third-party , ,
. , Amazon eBay wallets server, . Nokia wallets
.
-
8/9/2019 89_EMV_ _GR
180/393
H m-wallets e-wallets, m-wallet Mobipay Vodafone m-pay. - - 2000 2005 [15].
-
8/9/2019 89_EMV_ _GR
181/393
1
6. M-Payment m-payment, 3 :
m-payment .
(encryption) (confidentiality) . plaintext (
) . .
public key cryptosystem , 2 :
(private key)
(public key)
2 . 8: private public.
-
8/9/2019 89_EMV_ _GR
182/393
public key . , . , ,
. (digital signatures)
. . . . , hashfunctions . , .. , .
(digital certificates) .
. -(public-key certificate) , . 4 :
(issuer)
-
8/9/2019 89_EMV_ _GR
183/393
Public Key Infrastructure (PKI) PKIXWorking Group , , , ,, .
m-commerce. WTLS, WAP, .. WTLS WAP gateway.
SET (Secure ElectronicTransaction), MasterCard Visa PKI .
7.
m-payment ,
, m-payment. ePayment SystemsObservatory ( European CentralBank)
-
8/9/2019 89_EMV_ _GR
184/393
m-payment , , m-payment [16].
.7.1 ENCORUS PAYMENTWORKS MOBILE
Encorus eONE, First Data, . Encorus, Mobile Paymnet, PaymentWorksMobile, . 9: Encorus PaymentWorks Mobile.
, HTML, WAP/SMS InteractiveVoice Recognition (IVR). Wallet Server,
, -. Wallet Server . mobile wallet , . , .
2002, T-Mobile Vodafone PaymentWorks Mobile., Vodafone , . , m-pay, wallet.
-
8/9/2019 89_EMV_ _GR
185/393
7.2 ENITION NetToll Enition
, (.. ISPs, ISPs, )
. Enition IP
(Internet Protocol) (overhead) . (encapsulation) (decapsulation) (tokens). 10: Enition.
tokens Internet . Internet, tokens gateway (.. ). tokens :
(Toll Unit). (Toll Policy) .
token( ).
token.
7.3 iPIN iPIN Payment
, m-payment. 7 :
-
8/9/2019 89_EMV_ _GR
186/393
The Commerce Router: .
The Repository:
( , ..) .
The Billing Engine:
.
The Merchant POS Controller: POS.
Commerce Router.
The Payment Gateway: .
The Business Intelligent module: .
The iPIN Multiple Payment Instrument Module:
.
, iPIN , France Telecom (OrangeFrance), HSBC, British Telecom. 11: iPIN.7.4 PAYBOX
, PIA (Paybox.nets IntelligentArchitecture), POS , P2P .. Paybox 2:
-
8/9/2019 89_EMV_ _GR
187/393
, Paybox
-
8/9/2019 89_EMV_ _GR
188/393
, .
, PayboxRouter, (settlement) 2 ,
. Paybox.net AG 1999
m-payment. 700000 , , , Deutsche Bank , 50% 2003., Paybox Austria AG Mobilkom Austria (A1) , p2p, POS, .. , operator , .
, PIN ( ). , Paybox . operator , 15 Euro.
7.5 NOKIA PAYMENT SOLUTION
, Nokia m-payment, . server SMS,
WAP Internet. (authentication) WIMmodule ( WAP 2.0),
-
8/9/2019 89_EMV_ _GR
189/393
.
(content provider).
, ... Nokia Payment.
-
8/9/2019 89_EMV_ _GR
190/393
12: Nokia Payment Solution.7.6 PAYPAL
Paypal e-mail.
, Paypal , check Paypal . 2002, Paypal eBay, 1.5 $.
2004, Paypal 31 , 38 . , .
7.7 MOBIPAY MobiPay ,
m-payments. operators . MobiPay Banco Bilbao Vizcaya Argentaria Santander CentralHispano, mobile network operators( Vodafone, 2). MobiPay . ,
-
8/9/2019 89_EMV_ _GR
191/393
barcode . POS , MobiPay. MobiPay USSD (Unstructured SupplementaryServices Data)
the invoice and amount. PIN .
( POS , ) . 2 :
pre-paid network wallet ( pre-paidwallet operator)
post-pay (against a bank account)
USSD , MobiPay .
8. m-payment . , , - - .
m-payment, .
, .
m-commerce .
-
8/9/2019 89_EMV_ _GR
192/393
, m-payment.8.1
8.1.1
, :
(confidentiality): (.. );
(authentication): ;
-
8/9/2019 89_EMV_ _GR
193/393
(integrity):
;
(authorization): ;
(non-repudiation): ;
8.1.2 ,
:
: ,
.
: .
: .
, , .
8.1.3 standard operators ,
Standards [17]:
,
-
8/9/2019 89_EMV_ _GR
194/393
. MeT (MobileElectronic Transactions), Nokia,
Motorola Ericsson m-commerce.
E-Commerce Expert Group(ECOMEG), WAP Forum(Wireless application Protocol) WAP m-commerce , .
Mobile Payment Forum (MPF) , , m-payment. 2004, AmericanExpress, MasterCard, Nokia, NTT DoCoMo, Oracle, TIM, T-Mobile, Visa Vodafone., 2003, 4 operators Orange, Telefonica Moviles, T-Mobile Vodafone Mobile Payment Services
Association (MPSA), 2003
-
8/9/2019 89_EMV_ _GR
195/393
Simpay. m-payment . 2004, Simpay ,
2005.
8.2 m-payment , , ..
, - . ,
[18]. , ,
. , p2p POS
. SVA (storedValue Account) , . , , . , , . , Paypal . , New York, California,Idaho Paypal FDIC (Federal Deposit Insurance Corporation) . [19]. 2000, UMSA (Uniform
Money Services Act) [18].
-
8/9/2019 89_EMV_ _GR
196/393
California, ringtones. ,
, , third-party .
, , .9. m-payment
operators m-payment, :
-
8/9/2019 89_EMV_ _GR
197/393
POS, SMS , .
, parking p2p .
pre-paid , (.. ).
, m-payment [9], . ,
, .,
m-payment . M2Presswire [20] BWCS [21], proximity m-payments POS , .10. [1] Amit Vyas, Peter OGrady, A Review of MobileCommerce Technologies,
Department of Industrial Engineering, University of Iowa,May 2001[2] Kathleen De Clercq, Dividing the pie of mobilepayment revenues: opportunity or threat to thetraditional banking sector, Lessius Hogeschool, 2001-2002[3] Netsize, European SMS Guide, Mobile Business andEntertainment, February2003[4] Digital 4Sight Corporation, NTT DoCoMos I-Mode,White Paper, 2001
-
8/9/2019 89_EMV_ _GR
198/393
[5] GemPlus, SIM Toolkit, White Paper, version 3, May2001[6] DIGIA Inc., Programming for the Series 60 Platformand Symbian OS, Helsinki, 2003[7] Mobile Payments: Preparing for the mCommerce
Revolution: White Paper,Trintech, March 2002[8] Varshney, Upkar; Vetter, Ron. Mobile Commerce:Framework, Applications and Networking Support, MobileNetworks and Applications 7, 2002[9] Castello, Denis (2003), Mobility and Micropayment,June, Zafion[10] Kreyer, N., Pousttchi, K., Turowski, K. -Characteristics of Mobile Payment Procedures, In:Maamar, Z., Mansoor, W., van den Heuvel, W.-J. (Hrsg.):Proceedings of the ISMIS 2002 Workshop on M-Services,Lyon (preprint), 2002[11] Hort Christian, Gross Sandra, Fleisch Elgar, CriticalSuccess Factors of Mobile Payment, Working Paper 13,Version 1.0, 24.09.2002
[12] Charging Mechanisms for Mobile Services:NorthStream, 2002[13] Reverse-Billed Premium Rate SMS: ICSTIS Guideline,May 2002[14] Online Publishers Association (2003), Online PaidContent U.S. Market Spending Report[15] Mobile Payments Slow Start, Forrester Research,May 2001 quoted in GSM
MoU Association (2002)
-
8/9/2019 89_EMV_ _GR
199/393
-
8/9/2019 89_EMV_ _GR
200/393
1.3 ...... 91.4 ...131.5 , .................................................................................................17 2 : , , . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292.1 ..........................................................30
2.2 ..........................................342.3 ........................................382.4 ..................................44 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 4 63.1 ....................................473.2 ..............................................493.2 ...............................................................................523.4
.....................583.5 .....................................................................73 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . 8 64.1
..............................................................87
-
8/9/2019 89_EMV_ _GR
201/393
4.2 ..........................................................894.3 ......................................974.4 ............................................1084.5 Bayes112 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 3 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 3 4 . . . . . . . . . . . . . . 1 3 5
3
(e-government), , , . , , ., ,
. , eEurope, (), , .
, (. 1 2). ,
-
8/9/2019 89_EMV_ _GR
202/393
, . , (evoting) (smart cards). ,
(. 3). , , . (.4). , (. 5).
1 1.1 , , . ,
, , [1]. , , 1992 Reinventing Government, David Osborne Ted Gaebler customer-driven .
. (e-government) online . , ,
-
8/9/2019 89_EMV_ _GR
203/393
, . , , .
, , .1.2 H ( ) , , . , , , . , , . , .
. , , (B2B) (B2C). H , (G2C), (G2B) (G2G). 4 : 1) ,
2) , 3) 4) . . Anderson Consulting . 20% . , . , . :
-
8/9/2019 89_EMV_ _GR
204/393
, . . : .
, . , , . .
.
. , , (non-repudiation), . , outsourcing . (Public Key Infrastructure PKI) . PKI enabled . : : . :
( ). :
-
8/9/2019 89_EMV_ _GR
205/393
. : . :
, , . : (audit trail facility): . . , ( logons). . . (firewalls): (secure) _______ , LAN/Intranet . . , , , (port
numbers), . ( / ): , . , HTTPS, . .
: , (modules) ( , LDAP, ) (TripleDES, AES, BLOW FISH, ...). . , , . . : (assets) ,
-
8/9/2019 89_EMV_ _GR
206/393
(vulnerabilities), , (risk assessment) ,
. ,
, , : , , ,
, 1
. : .
, . PKI. LDAP PKI , (accountability), - (nonrepudiation) . .
(role-basedaccess control). , . . . . (logging, audit trail facility) .
-
8/9/2019 89_EMV_ _GR
207/393
21 22 2002. , , ,
. eEurope2005 , , . o 2005 Internet IPv6 , , e-Learning, e-Health e-. eEurope
2010. eEurope2002, Internet. ,
. . internet , on-line on-line.
. 1
-
8/9/2019 89_EMV_ _GR
208/393
14, internet 3G.
. , , . ., .
. : .
, . eEurope , .
. eEurope 2005 . , , e-health, e-learning and ebusiness .
-
8/9/2019 89_EMV_ _GR
209/393
. , . .
eEurope 2005 . . . eEurope , online , 1
15 , . eEurope . , , .
. eEurope2005: online (e-Government) (e-Learning) (e-Health) (e-Business) :
o o 4 . , , .
: , , , ,
-
8/9/2019 89_EMV_ _GR
210/393
-
8/9/2019 89_EMV_ _GR
211/393
1.5 , , .
(G2C), (G2B), (G2G).
, , .
. , , , _______ ., web sites
(computerkiosks). . 1
18
non-stop shopping site , . G2C .
1999, . (3
-
8/9/2019 89_EMV_ _GR
212/393
). , , Internet. 500
( ). . , . , . . . .
, . . , supermarkets, on-line.
. internet . website 1
19 . internet .
-
8/9/2019 89_EMV_ _GR
213/393
, , . ? .
. , , internet. web . on-line . Internal Revenue website 1/3
2000. internet. 1% 20% . , ,
. , . , mail .
. 50 online 50 .
-
8/9/2019 89_EMV_ _GR
214/393
75% website ATO(Australian Tax 1
20
Office). , 60% zero touch approach. website ATO , online . software , .
. 70 URL . , . ,
. ,, , , ,, .. Portal, . , . , Portal,
. , . portal . , Portal.
-
8/9/2019 89_EMV_ _GR
215/393
Portal 2000 500 27 . , .
, 1
21 , , .. Portal NEC3 (USNATIONAL ELECTRONIC COMMERCE Coordinating Council)
. . 1 2 3 . 4 5 . 5 :
. . online , , , . . , , . , Portal . . . . . . 1
-
8/9/2019 89_EMV_ _GR
216/393
22 Portal Singapores Citizen Center 5. Portal, . , . . click. , ,
. , , . , ,
. , , . , (), . 3 . , , . , , .
- . 4.6
-
8/9/2019 89_EMV_ _GR
217/393
, . , 700
. 1 50 3 1000 . 1
23
. . , , .
. 2000 Madhya Pradesh online . internet cafe
soochanalayas . . soochaks modem . 50 cents 90% .
extra , .
-
8/9/2019 89_EMV_ _GR
218/393
. 40% . . . ,
, . , . 1
24 . , .
, .
(G2B) . G2B . web site . , . .
, . 1
25 .
. 12 . 2.5
-
8/9/2019 89_EMV_ _GR
219/393
. 9000 , , . . . , web. internet 200 web site. , . . 1
26 G2G
, G2G . . G2G .
., 1
27 . custom . . . . Beaumont Hospital . 15 . , 4 5 . internet . . , web enabled. GUI (graphic user interface) intranet, extranet internet. web,
-
8/9/2019 89_EMV_ _GR
220/393
standalone.H XML (Extensible Markup Language) internet. W3C ( WorldWide Web Consortium) online text . web . . web enabled smart cards, , .. . .[4]
2
: , ,
. eEurope, (cable, mobile networks, internet) (, , , ). , . ,
- .
, , . . . , . . SIBIS (Statistical Indicators Benchmarking theInformati