*** The Evolution of Online Marketing and Finance | THE DAILY TRIBUNE | KINGDOM OF BAHRAIN

The Evolution of Online Marketing and Finance

With the introduction of the Internet and the connected digital world, many businesses have realized that they could target a wide-range of potential customers through the online marketing by placing ads over many of the commonly used websites. Some businesses have leveraged this need by introducing the pay-per-click Internet advertising model, where advertisers pay the website hosting an ad-based on the number of times an ad is clicked. However, the simplicity of this model made it an easy target for fraud. Almost as soon as the first ads appeared, some corrupt hosting sites realized they could generate ad revenue by fraudulently clicking on ads, and they could use scripts to automate the process. Click fraud doesn’t steal data, but it threatens the Internet commerce models and drives up the cost of online advertising through fraud. And like denial of service attacks, click fraud can be perpetrated simply to damage advertisers. Accordingly, the need for analysis software to identify potential click fraud and prevent and report any suspicious activity has grown. In some cases, perpetrators have been arrested and indicted, and advertisers have sued ad publishers to force better surveillance and enforcement.

Businesses, however, did not stop at online marketing – neither did the attackers. These innovations have created an entire business function generally referred to as electronic commerce (or e-commerce), which facilitates the trading of products and services through the Internet. This allowed businesses to list their products and services online, showing their specifications and catalogue prices. CompuServe UK Shopping Centre was the first to open its doors with nine merchants back in 1994. Online banking via the Internet was slower to gain traction, but by 1995, major banks in the US and UK offered banking services via websites.

To increase security of online banking and reduce credit card fraud, the Payment Card Industry Security Standards Council defined and mandated a series of basic security practices for organizations that handle branded credit cards. Compliance is verified each year by a self-assessment or an external audit. Among the requirements is that card data must be encrypted when transmitted over public networks. The standard introduced is a global industry initiative that, while not exhaustive, enhances security and security awareness and has denied attackers a one-stop-shopping opportunity for consumer credit card data. It’s made it harder for attackers to steal consumer financial and identity data, and it’s been a major enabler of Internet commerce.

Still, consumers of the banking industry were at risk of credit card fraud or damage from lost cards and copied card stripe information. Accordingly, to reduce the impact of these risks, Europay, MasterCard, and Visa (EMV) credit card standards now require card data to be stored in a chip embedded in the card rather than a magnetic stripe. And they must be validated by a user personal identification number (PIN) rather than a signature, providing two-factor authentication. While there were many early deployments, liability shift (from banks to merchants) didn’t occur in the United States and European Union until 2015.

Chip and PIN technology makes it more difficult for attackers to clone cards. And while it improves security at the point of sale, card-not-present (CNP) transactions—including online payments—receive less protection. As a result, development continues on software solutions that replace the standard, static PIN with a dynamically generated code for online transactions. Such innovations keep hackers searching for ways to break the new systems, and it increases their cost of doing business. But it also offers them more opportunity, because stolen chip-and-PIN-card data is more valuable in cybercrime markets.

While these innovations attempt to enhance the world we live in today, every advancement is dynamic and involves multiple benefits as well as risks. Businesses must be intelligent in choosing the right, affordable and effective security defense mechanisms to facilitate their continuity and growth.