Today’s technology offers us numerous online payment systems which enable us to easily execute financial transactions from almost any spot on the globe, in real time, using any device with internet access. Nevertheless, on the world wide web, there are multiple threat agents, malicious activities, and vulnerabilities, as well as the existence of security exploits; all of which are revealed on a daily basis.
The recent cyber-attacks on various online banking institutions in Croatia, and other countries across Europe, which took place in 2014-2015, along with the rising rate of online credit card fraud, fueled the demand for alternative payment systems such as cryptocurrencies. Bitcoins for example, offer higher levels of security when compared to conventional payment methods. Moreover, bitcoin promotes considerable levels of anonymity to its users, which accordingly renders it relatively hard to track the chain of a given transaction. Consequently, special security problems and security challenges exist, especially when the trust, security and integrity of this cryptographic system are considered, in addition to the inevitable risks which bitcoin carries for its users and the community as a whole.
A recently published research study aimed at analyzing specific information security concerns related to the present most commonly used online payment systems and comparing them to the security concerns associated with the use of bitcoin. The research aimed at answering the following questions:
1. How can institutions recognize and prioritize vulnerabilities and exposures related to a Multi-criteria Decision Analysis (MCDA)/ Multiple Criteria Decision Making (MCDM) technique to identify and minimize security threats that will have the biggest influence, and implement their limited resources as efficiently as possible?
2. Can the MCDA/MCDM model be used to prioritize critical information security threats and the evaluation of solutions to these threats?
The Online Payment Systems:
The study compared the security concerns of bitcoin to those of common online payment systems, which are:
E-banking is by far the oldest online payment system. For the purpose of this study, the security mechanisms of the applications of e-banking of the biggest Croatian banks were examined.
Mobile banking is considerably different from e-banking, when considering the methods commonly used to access the services, user interface and software, which are fully adapted for mobile phone screens. Also, security policies of mobile devices are somehow different from those of e-banking. M-banking utilizes a Wireless Application Protocol (WAP) to access the internet via GSM networks when Wi-Fi access in not available. Also, in this study the security mechanisms of Croatian banks’ M-banking applications were evaluated.
There are numerous payment providers for e-commerce websites today, which mostly rely on processing credit and debit card payments. For the purpose of this study, the security of Paypal was evaluated as it represents the most popular payment processor all over the world today.
Results of the study:
Using the Analytic Hierarchy Process (AHP) and the VECTOR Matrix Method to compare the security concerns of online payment systems with those of bitcoin, the study yielded some interesting results. E-banking was found to be the most critical online payment system (45.91%), followed by e-commerce (28.99%), then m-banking (19,4%), while bitcoin transactions were found to be the most secure with just (5.46%) security concerns.
Due to the fact that there are numerous security concerns and vulnerabilities, along with the lack of needed resources and time to counteract them effectively within the context of a business environment, prioritizing security risks, and mitigating the most critical ones represent a demanding necessity. The study introduced a novel model for prioritization of critical risks and the evaluation of potential security solutions. The model relies on the VECTOR matrix method which is combined with the AHP technique.
This AHP model represents a mere suggestion of how certain IT security problems can be solved, when multi-criteria decision making MCDM issues seem related to uncertainty and time constraints. To verify the validity of the postulated model and maximize its trustworthiness and credibility, the model has to be tested in further case studies. In other words, the applicability and feasibility of the proposed AHP model have to be confirmed.