NCJ Number
87428
Journal
Government Data Systems Dated: (November/December 1982) Pages: 12-14,16,18
Date Published
1982
Length
5 pages
Annotation
The overall integrity and security of an electronic transaction system that uses cards to encode, store, and retrieve data depends upon card properties, administrative procedures, supervisory controls, card issuing procedures, and applicant processing.
Abstract
Electronic transaction systems can be categorized as personal identification systems, financial services systems, fare card systems, entry control systems, and history card systems. Many card systems use one or more physiological identifiers on or in the card (fingerprints, eyeprints, etc.), although most physiological indicators prove to be unreliable, because they are objectionable to potential customers and card holders; some require unreliable and subjective human interpretation; and most of such cards do little to combat the counterfeit card threat. A risk assessment study of the total projected system should be made before system technologies are selected. Factors that should be examined in such a study include the types of fraud most likely to affect a particular system. Although many system managers focus almost entirely on the card itself, the security of applicant processing may be more important, especially in a point-of-sales transaction system. Nearly all identification card systems and financial services systems, such as bank cards and credit cards, use some kind of central data base in which are recorded lists of all authorized users and their transactions. Serious problems emerge with large central data bases. Individual files must be kept current if the data base is to be used to cross-check card transactions in an on-line manner, and keeping a large central data base current enough for on-line use requires very expensive data management services. Reliability problems frequently affect data communications circuits, and large central data bases are susceptible to large-scale fraud. Factors that determine when a given central data base becomes too large include data volatility, communications costs and reliability, and security against fraud.