E-commerce liability and security breaches in mobile payment for e-business sustainability

This study investigates liability issues in electronic transactions when security or privacy breaches occur. As data is transferred using various devices, such as PCs, mobile phones, tablets, sensors, smart meters, and cars, and various architecture, such as the cloud, IoT, as well as in well-defined network structures in electronic commerce, privacy and security breaches happen. These have become a major hindrance to the development and use of commercial activities on the Internet. There have been many security breach cases, such as those of Target Corporation's security and payment system (2013), eBay's cyberattack (2014), Uber's hacking incident (2016), Facebook's personal data use and privacy breach (2018), and many others. Therefore, when a dispute regarding electronic transactions arises between a customer and a firm, the allocation of liability is very important for the sustainability of e-businesses. Many cases show that firms are held liable for those incidents. However, the liability allocation rule tends to vary slightly from country to country depending on the application areas. EU countries seem to favor customers. In the United States, there are actually no uniform federal laws relating to business cybersecurity. Also, in the case of cryptocurrency, liability tends to lie with customers. Why is the ruling different? In this regard, this paper analyses the legal framework for security and privacy breaches for sustainable e-businesses. In particular, this paper focuses on the optimal liability in terms of enhancing social welfare when considering both sides-the customer and the firm (or service provider). This paper shows that liability can be generally imposed on the firm's side when the possibility of security or privacy breaches is high, and the customer's loss is relatively large. However, the liability depends on the customer's attitude towards risk, customer's losses, and the efficiency of security investment.