Researchers show ease of exploiting online payments
14 April 2011 - 14:07 by Simon Crisp
Some of the world's biggest e-commerce services and payment providers have come under criticism after a team of researchers at the University of Indiana in the US outlined how they could trick retailers into selling goods free or for a small proportion of their real value, just by manipulating the overly complex system of transactions in place in the world of e-commerce.
The research, which was partly funded by Microsoft, is set to be presented in full next month at the IEE Symposium on Security and Privacy, according to The Register.
In many online transactions there are three parties involved; the consumer, the retailer's site and the transaction services such as PayPal and Google Checkout. It is the three-way interaction between these that allows malicious shoppers to fleece businesses and individual sellers out of cash.
According to the researchers, it is the relative complexity of the so-called trilateral interaction which takes place in many sessions of safe shopping online that makes it easier to find flaws and exploit holes in the logic of each system.
The researchers carried out several trials of their theories and were indeed able to get DVDs and e-journals free of charge, while buying other products for a tenth of what they were actually worth. All items were returned and resellers reimbursed so that there were no legal ramifications.
Various tricks were employed by those involved, none of which were particularly complicated. Although these findings are not going to directly affect whether or not a site can claim to offer safe shopping online, they will show how browser-based transactions can harm the reputation of the retailer as well as the payment firms, who make a living from their ability to handle cash for consumers and sellers safely and securely.