Security of electronic money
In November 1995, the central bank Governors of the Group of Ten (G-10) countries commissioned a series of studies on specific issues related to electronic money, in view of the potential importance of this new form of money and its implications for monetary policy, consumer protection and payment systems. These studies were carried out by the Committee on Payment and Settlement Systems (CPSS). For the examination of the security aspects of electronic money schemes the CPSS sought the assistance of the Group of Computer Experts, which established for that purpose the Task Force on Security of Electronic Money, chaired by Mr. Israel Sendrovic from the Federal Reserve Bank of New York. At their meeting in July 1996 the G-10 Governors discussed the various reports that had been commissioned and agreed on the publication of the present report on Security of Electronic Money. The report is not necessarily intended to represent the official views of the Governors.
The Task Force on Security of Electronic Money met regularly between January and March 1996 and during that period also organised meetings with potential suppliers of various types of electronic money products. The intention was neither to cover the entire spectrum of products nor to assess individual systems, but to understand and evaluate the relevant security aspects relating to electronic money.
This report highlights the main design features and functional aspects of electronic money products and analyses the technical risks specific to these products. It also describes the possible security measures that can be relied upon to prevent, detect and contain fraud.
One conclusion of the report is that a range of measures exist which would enable the risks inherent in using these products to be controlled. However, there is no single security measure or set of measures that can be said to provide a guarantee of complete protection. It is the combination of measures together with the rigour with which they are implemented and administered that will serve to reduce risks most effectively. The report also underlines the importance of an overall approach to risk management, which might involve assessments by independent bodies.
It should be stressed that the report is based on knowledge of schemes that are currently under development or at a pilot stage. The analysis contained in the report as well as its conclusions might therefore need to be reviewed in the future in the light of expected technical and operational innovations and adaptations. Nevertheless, it is felt that the report can contribute to improving the general understanding of the technical aspects of electronic money products and to raise the awareness of the specific risks that might be involved and of the security measures available to counter those risks. The report does not evaluate any specific product.
Mr. Sendrovic and his colleagues are to be congratulated on having completed this important undertaking within tight time constraints. Able assistance in editing and publishing the report was provided by the BIS.
|William J. McDonough, Chairman||Henri J. Barbé, Chairman|
|Committee on Payment and Settlement Systems||Group of Computer Experts|
|President of the Federal Reserve Bank of New York|