EVITAR LOS ENREDOS EMOCIONALES

According to the Federal Trade Commission (Anderson 2005) and Internet Fraud Watch (Fraud.org 2006) , the most frequently reported form of Internet fraud is that related to fraudulent schemes appearing on online auction sites. During 2004, Internet auction fraud comprised 71.2% of referred fraud complaints, a 16.7% increase from 2003 (Federal Bureau of Investigation (FBI) and National White Collar Crime Center (NW3C) 2006). These schemes typically purport to offer high-value items at significantly reduced prices so as to attract many consumers. Victims are induced to send money for the promised items, but then the seller delivers nothing or only an item far less valuable than what was promised e.g., counterfeit or altered goods. The SECURE risk assessment mechanism might be used to assess the impact, in terms of cost, of such an event occurring.

First, there are a number of acts, X, available to a SECURE decision-maker in the Internet auction environment. As outlined above, a seller may either decide to accept or reject a bid from a particular buyer, i.e., X1 = {accept_bid, reject_bid}; and a buyer may decide to either place or not place a bid for

an item/service with a given seller, i.e., X2 = {bid, don’t_bid}.

Second, in an Internet auction application, there are certain mutually exclusive states, Ζ, available to Nature. The most basic result of an auction is an interaction involving payment and delivery. That interaction results in a positive or negative state, which is recorded as feedback according to the specified event configurations. Each principal, having decided to engage in an interaction, may act in a positive or negative manner, wherein positive and negative behaviour can be defined according to various ranges of granularity, as illustrated in the discussion about event structures. For example, if a

seller accepts a high bid from a buyer, that buyer may choose to pay or not pay, i.e., Ζ1 = {pay,

not_pay}. Similarly, if a buyer chooses to bid on a seller’s item and wins the auction, the seller may ship the item as described, may ship an item that does not meet the description, or may not ship the item at all, i.e., Ζ2 = {ships_as_described, ships_not_as_described, does_not_ship}.

Next, we give two cost matrices below, expressing the results of the consequence function, i.e., sample costs under all possible combinations of acts and states.

X1/Z1 pay not_pay

accept_bid 0 current_price

reject_bid 0 0

X2/Z2 ships_as_described ships_not_as_described does_not_ship

bid 0 current_price current_price

don’t_bid 0 0 0

A probability function then expresses the decision-maker’s beliefs about the likelihood of an outcome occurring. The SECURE risk assessment mechanism takes a trust value, Tov, as input. Tov provides

evidence about the likelihood of the interaction outcome being, e.g., {i, s, d} for q in the role of a seller in item category 4 at time, t. This process exposes the information necessary to accurately derive risk in the risk engine.

The SECURE model incorporates a utility function at this stage, in order to assess the desirability of each given outcome. However, utility is highly subjective, and, in the Internet auction domain, is likely to differ greatly according to user. Rather than incorporating a utility function, therefore, we propose the use of an alternative risk assessment mechanism, i.e., the standard risk assessment calculation used by the information security community where risk is a function of the probability of a given outcome occurring and the amount of potential financial loss should that outcome occur. Therefore, at its most basic level, the overall risk in an Internet auction interaction is a function of the probability of a negative outcome occurring based on the trustworthiness of an interaction partner, p, and the amount of potential financial loss (current price), l, i.e., R≡

(

p lt,

)

. For example, p considers bidding in an auction in which q is the seller of an item in item category 4 for which the cost context is $100. TOVpqsc t4 = (2, 1, 1). The risk of a negative outcome occurring is 25%, i.e., there is a 25%

likelihood of p incurring a negative outcome, that is, an outcome that is not {i, s, d}, with an expected financial loss of $100. Traditionally in the cost-benefit analysis domain, risk is measured as

(

)

R= p l× . Using this formula in our example, then, p is exposing himself to a risk of .25 $100× , or $25, by entering into an interaction with q given TOVpqsc t₄ . A statement of financial risk can then be

3.4.9.1 Incorporating Context-Based Risk

Although the seller-related likelihood of fraud occurring can be captured by analyzing the seller’s trust value, it is also important to note that some categories, or contexts, of goods being auctioned online are more high-risk, regardless of which seller a buyer interacts with. For example, in a recent lawsuit against eBay, luxury jeweller Tiffany & Co. alleged that 73% of the ‘Tiffany’ jewellery sold on eBay in 2004 was counterfeit, 5% of it was genuine, and the rest was promoted as ‘Tiffany-like’ but not promoted as genuine (Reuters 2004). Similar cases demonstrate consumer electronics, sports memorabilia, and luxury handbags, among others, as categories with a higher risk of fraud. Unfortunately, in many of the categories in which counterfeiting is rampant, specific sellers may have good reputations because buyers are unable to distinguish, e.g., a real Louis Vuitton handbag from a fake one.

Therefore, in such categories, the SECURE risk assessment could be better informed by adding a context-based risk parameter to the calculation. To do so, the item context parameter is re-used. Therefore, the risk is evaluated as a function of likelihood of loss with respect to the trust value, likelihood of loss with respect to the item context, and the value of potential financial loss, i.e.,

(

t, c,

)

R≡ p p l .

We extend the previous example: p considers bidding in an auction in which q is the seller of an item in item category 4, i.e., Tiffany jewellery, for which the current price is $100 and TOVpqsc t₄ = (2, 1, 1).

Therefore,R pq

(

sc t4

) (

≡ .25,.73,$100

)

.

In order to arrive at a measure of expected financial loss in this dual-risk environment, we first configure a decision tree, illustrated in Fig. 33, which allows us to examine the different combinations of possible outcomes in order to make the most logical decision.

l `pt pt pt l `pt l pt pc l pc `pc `p_c pc p_t`p<sub>c</sub>l `pt pc l `pt`pcl

Figure 33: Risk decision tree

The decision tree illustrates that there are four possible combinations of likelihood factors: the likelihood of a good outcome in both trustworthiness and context, p p_{t c}; the likelihood of a good outcome based on trustworthiness and a bad outcome based on context, p pt` c; the likelihood of a bad

outcome based on trustworthiness and a good outcome based on context, `p pt c; and the likelihood of

according to the complement of the dual-good outcome,p pt c, i.e., R=

(

1−

(

wpt

( )

pt +wpc

( )

pc

))

l,

where

(

_{p p}

)

= 1 and

{

_p, _p

}

[ ]

0,1

t c t c

w +w w w ∈ . In this way, risk based on trustworthiness and risk based on context may each be weighted according to significance. In the above example, assigning equal weight to pt w and pc w , i.e., 0.5 pt w = and 0.5 pc

w = , risk would be measured as

(

sc t4

)

(

1

(

0.5 0.75

(

)

0.5 0.27

(

)))(

$100

)

$49

R pq = − + = . This makes sense intuitively, as the amount of

financial loss risked is higher than if contextual risk were not taken into account, but lower than the overall risk of interacting in item category 4 due to the trustworthiness of the seller. Based on this design of the risk assessment component, a statement of combined user- and context-specific financial risk can then be provided to the user.

In document VIVIENDO SOBRIO ". . . el tratamiento involucra primordialmente no tomar ni un solo trago . . ." Asociación Médica Norteamericana (página 76-79)