关于法律桥 加入收藏 联系我们 网站地图 English

Electronic Money and Relevant Legal and Regulatory Issues(电子货币及相关法律、监管问题)(2000)

作者:杨春宝律师 来自:法律桥 时间:2004-12-19 20:40:20 点击:

III. Legal issues on issuing and using e-money

1. Security

Security issues are a major source of concern for everyone both inside and outside the banking industry. E-money increases security risks, potentially exposing hitherto isolated systems to open and risky environments. All retail payment systems themselves are vulnerable in some way, e-money products raise some more issues such as authentication and non-repudiation, integrity and privacy.

Security breaches could occur at the level of the consumer, the merchant or the issuer, and could involve attempts to steal consumer or merchant devices, to create fraudulent devices or messages that are accepted as genuine, to alter data stored on or contained in messages transmitted between devices, or to alter the software functions of a product. Security attacks would most likely be for financial gain, but could also aim to disrupt the system. Security breaches essentially fall into three categories: breaches with serious criminal intent (e.g. fraud, theft of commercially sensitive or financial information), breaches by ‘casual hackers?(e.g. defacement of web sites or ‘denial of service?- causing web sites to crash), and flaws in systems design and/or set up leading to security breaches (e.g. genuine users seeing / being able to transact on other users?accounts). All of these threats have potentially serious financial, legal and reputational implications.

Therefore, it is crucial important to assess whether the institution's proposed system is sound and the service provided through the Internet will have adequate security. Surely there no absolute security exists in either the electronic or physical world of banking. However, the level of security should be "fit for purpose". The fundamental objectives that security arrangements of e-money products should try to achieve are to:

a. restrict access to the system to those users who are authorised;
b. authenticate the identity and authority of the parties concerned to ensure the enforceability of transactions conducted through the internet;
c. maintain the secrecy of information while it is in passage over the communications network;
d. ensure that the data has not been modified either accidentally or fraudulently while in passage over the network; and
e. prevent unauthorised access to the bank's central computer system and database.

There are specific security features available to protect e-money products, which are perceived to lie in the use of encryption, electronic signatures and, in some cases, in certificates issued by third parties, known as Trusted Third Parties (TTPs). A key safeguard for card-based schemes is to make the microchip embedded in the card tamper-resistant. A critical safeguard for both card-based and software-based schemes is the encryption technology used to authenticate e-money devices and messages and to protect data on the devices from unauthorised alteration. Maximum limits on the amount that can be held on e-money devices and on the transaction value can play an important role in containing losses in the event of a security breach.

The use of all kinds of security tools can provide security that is comparable to that offered in physical transactions. However, as with a physical transaction, the effectiveness of such measures is largely dependent on their proper implementation and the establishment of a set of comprehensive policies and procedures that are rigorously enforced. Continuing developments in security technology are required to maintain the effectiveness of security measures on an ongoing basis as new threats to existing systems arise over time. Banks should accordingly be responsible for ensuring that they keep up with such developments on a continuing basis. Unless they do this, their existing security measures may quickly become obsolete. If security breaches arise from this, it would not only expose the banks to risk of loss, but also more generally undermine the confidence of their customers. All the evidence suggests that security is very much at the forefront of customers' minds in deciding whether to use this new medium.

2. Privacy

As mentioned above, sound practice requires the ability to track and verify that the proper exchanges occur which ensuring that only authenticated parties and payment mechanisms are involved in the exchange, and that they exchange only those items for which they are authorized. However, consumers may fear that their financial, credit and spending information derived from e-money transactions or products could be used without their knowledge or permission. And these fears will be widespread and strongly held when e-banking and the use of e-money becomes more widespread. With the growth of e-money, the spread of crime is likely to accompany the vastly increased storage and transmission of customer financial information. Therefore, many parties want the option of anonymous financial transactions. However, it is difficult to be widely accepted due to security concerns and money laundering. Even so, to achieve widespread confidence, all participants in the system such as banks, other issuers, consumers and merchants, must have certain basic information about the rules governing the use of e-money products. The consumer must be guaranteed that any information exchanged will be transmitted only to properly authenticated parties and only to the extent to which they are authorized to receive the information.

3. Legal risks

Other than the above-said security and privacy concerns, there are also some legal risks surrounding e-money. Legal risk arises from violation of laws, regulations or prescribed practices, such as money laundering, customer disclosures, privacy protection, etc. Legal risk may also arise when the legal rights and obligations of parties are not well established. The contractual and legal relationships between consumers, retailers, issuers and operators might be complex. Schemes differ as to when payment is final and also as to whether the consumer or the merchant bears the credit, settlement and other risks until settlement has occurred. A major concern is whether the rights and obligations of all the parties involved are certain and transparent. For example, issues could arise regarding liability in the event of fraud, counterfeiting, accident or the default of one or more of the participants.
[首页]    [上一页]    [下一页]    [末页]    

【本文作者:杨春宝律师,来自:法律桥,引用及转载应注明作者和出处。如需聘请律师,请立即致电杨春宝高级律师:1390 182 6830

关注法律桥微信公众平台 杨春宝高级律师电子名片



上海最早的70后高级律师,国际知名法律出版物Asia Pacific Legal 500和Asia Law Profiles多年推荐律师,入围Finance Monthly"2016年度中国公司法律师大奖",中国贸促会/中国国际商会调解中心调解员,具有上市公司独立董事任职资格、系上海国有企业改制法律顾问团成员,具有丰富的投资、并购法律服务经验。[详细介绍>>>]

© 法律桥 LawBridge.Org Since 2000,上海杨春宝高级律师 版权所有。欢迎链接,未经许可,不得转载、摘编。
中国上海市银城中路501号上海中心大厦15层、16层 电话:1390 182 6830 ICP备案序号:沪ICP备05006663号
法律桥网站群:投资并购律师[导航] 创业与法律 律师博客[导航] 法律论坛[导航] 法律网址大全[导航] 会见律师网 法律百科网 Law Bridge[导航]