BCA-3005 (E- COMMERCE AND APPLICATIONS) Module-IV Overview of Electronic Payment Systems
E-payment systems To transfer money over the Internet Methods of traditional payment • Check, credit card, or cash Methods of electronic payment • Electronic cash, software wallets, smart cards, and credit/debit cards • Scrip is digital cash minted by third-party organizations 2
Requirements for e-payments Atomicity • Money is not lost or created during a transfer Good atomicity • Money and good are exchanged atomically Non-repudiation • No party can deny its role in the transaction • Digital signatures 3
Desirable Properties of Digital Money • Universally accepted • Transferable electronically • Divisible • Non-forgeable, non-stealable • Private (no one except parties know the amount) • Anonymous (no one can identify the payer) • Work off-line (no on-line verification needed) No known system satisfies all. 4
TYPES OF ELECTRONIC PAYMENT SYSTEMS Electronic payment system are proliferating in fact, health care, on-line markets, and even government – in fact anywhere money needs to change hands. Organization are motivated by the need to deliver products and services more cost effectively and to provide a higher quality of services to customers. In 1970 s, the emerging electronic payments technology, was labeled electronic funds transfer (EFT). EFT is defined as “Any transfer of funds initiated through as electronic terminal, Telephonic instrument (or) Computer (or) Magnetic tape so as to order, instruct of authorize a financial institution to debit (or) credit an account”. Transfer is Information- based and Intangible. Work on EFT can be segmented into 3 broad categories.
1) Banking & Financial Payments Large – Scale (or) wholesale payments, (eg. , Bank-to-Bank transfer) Small – Scale (or) Retail payments (e. g. , Automated Teller M/c’s cash dispensers). Home Banking (e. g. , Bill Payment) 2)Retailing Payment Credit cards (e. g. , VISA (or) Mastercard) Private Label credit/debit cards (e. g. , J. C. Penney card) Charge cards (e. g. , American Express) 3)On-Line Electronic Commerce Payments Digital Token-based payment systems Electronic Cash (e. g. , Digicash) Electronic checks (e. g. , Netcheque) Smart cards (or) debit cards (e. g. , Modex Electronic Currency card) Credit Card- based payment systems Encrypted credit cards (e. g. , world wide web form – based encryption) Third-party authorization numbers (e. g. , First Virtual)
Digital Token-based payment systems • Electronic token are equivalent to cash that is backed by a bank. • Electronic Tokens are of 3 types : Cash (or) Real-time Transaction are settled with the exchange of electronic currency Ex. of on-line currency exchange is electronic cash (e-cash). Debit (or) Prepaid User’s pay in advance for privilege of getting information. Prepaid payment mechanisms are stored in smart cards and electronic purses that store electronic money. Credit (or) Postpaid The server authenticates the customers and verifies with the bank that funds are adequate before purchase Ex. Postpaid mechanisms are credit / debit cards and electronic checks.
Four dimensions that are useful for analyzing the different initiatives or Issues Involving in token based Electronic Payment System: 1. The nature of the transaction for which the instrument is designed. Some tokens are specially designed to handle Micropayments that is payments for small bits of information. 2. The means of settlement used Tokens must be backed by cash, credit, electronic bill, payments, cashier’s checks, Letters and Lines of credit and wire transfers, to name a few. 3. Approach to security, anonymity and Authentication Electronic tokens very in the protection of privacy and confidentiality of the Transactions. 4. The question of risk Risk also arises if the transaction has long lag time b/w product delivery and payments to merchants.
Electronic Cash (e-Cash) • It’s a new concept in on-line payment systems because it combines computerized convenience with security and privacy that improve on paper cash. • It focuses on replacing cash as the principal payment, vehicle in consumeroriented electronic payments. • Cash remains the dominant form of payment for 3 reasons. 1. 2. 3. Lack of trust in the banking system. Inefficient clearing and settlement of non-cash transactions. Negative real interest rates paid on Bank deposits.
Properties of Electronic Cash 1. Monetary value: It must be backed by either cash(currency) bank authorized credit or a bank certified casheir check, when e-cash created by one bank is accepted by others reconciliation must occur without any problem. 2. Interoperability: Exchangeable as payment for other e-cash , paper cash, goods or services, line of credit, deposit in banking acounts. 3. Retrievability and storable: allow user to exchange e-cash from home or office or while traveling. 4. exchanged
Electronic Cash in Action • Electronic cash is based on cryptographic system called “Digital Signatures”. • This method involves a pair of Numeric Keys (very large integers (or) numbers) that work in tendem : one for locking (or) encoding & the other for unlocking (or) decoding. • Messages encoded with one numeric key can only be decoded with the other numeric key and none other. • Encoding key is kept private and the decoding key is made public.
Purchasing E-Cash from currency servers • It involves 2 steps • Establishment of an account and • maintaining enough money in the account to back the purchase. • The protocol behind blind signatures is presented [XIWT 94] • The customer’s s/w chooses a blinding factor, R, independently and uniformly at random and presents the bank with (XR)E (mod PQ), where X is the note no 1 to be signed and E is the bank’s public key, • The bank sign it: (XRE)D = RXD (mod PQ). • D= Bank’s private key. • On receiving the currency, the customer devides out the blinding factor : • (RXD / R = XD (mod PQ) • The customer stores XD, the signed note that is used to pay for the purchase of products (or) services. Since ‘R’ is random, the bank cannot determine X and thus cannot connect the signing with the subsequent payment.
Using the Digital Currency • 2 Types of transaction are possible : • Bilateral (or) Two-party (Buyer & seller) transactions. • Trilateral (or) Three-Party (Buyer, Seller & Bank) transactions. • Double Spending becomes possible because it’s very easy to make copies of the e-cash, forcing banks & merchants to take extra precautions. • One drawback of e-cash is its inability to be easily divided into smaller amounts. • At payment time, e-cash s/w on the client, computer would create a note of the transaction value from the opencheck.
Detection of Double Spending Payer Payee Transfer Digital cash Issue cash Check for double spending Bank Digital Currency Server Database of Spend “notes”.
Business Issues & Electronic Cash E-Cash fulfills 2 main functions 1. Medium of exchange 2. Store of Value. • Digital Money is a perfect Medium of exchange • The controversial aspects of e-cash are those that relate to the other role, as a store of value. Operational Risk & Electronic Cash It can be mitigated by imposing constraints, such as limitation. The time over which a given electronic money is valid How much can be stored on and transferred by electronic money. The number of exchanges that can take place before a money needs to be redeposited with a bank (or) financial institution. • The number of such transaction that can be made during a given period of time. • • Legal Issues and Electronic Cash • E-cash will force bankers and regulators to make tough choices that will shape the form of lawful commercial activity related to e-commerce. • As the politics and business play out, the technology is forcing legal issues to be reconsidered.
Electronic Check • It’s the another form of Electronic-tokens. They are designed to accommodate the many individuals and entities that might prefer to pay on credit (or) through some mechanism other than cash. • Payment Transaction Sequences in an electronic check system: Payer Transfer electronic check Payee Forwarded check for payer Authantication Bank Deposit Check Accounting Server
• Buyer must register with a third-party account server before they are able to write electronic checks. • Account server also acts as a Billing Server. • The registration procedure can vary depending on the particular account server & may require a credit card (or) a bank account to back the checks. • Once registered, a buyer can then contact sellers of goods and services. • To complete a transaction, the buyer sends a check to the seller for a certain amount of money. • These checks may be sent using e-mail (or) other transport methods.
Electronic Checks – Advantages • They work in the same way as Traditional checks, thus simplifying customer education. • Electronic checks are well suited for clearing micropayments ; their use of conventional cryptography makes it much faster than systems based on public-key cryptography(e-cash) • Electronic checks create that and the availability of float is an important requirement for commerce. • Financial risk is assumed by the accounting server and may result in easier acceptance Reliability and scalability are provided by using Multiple accounting servers.
SMART CARDS AND ELECTRONIC PAYMENT SYSTEMS • Smart cards have been in existence since the early 1980’s and hold promise for secure transactions using existing infrastructure. • Smart card are Credit and Debit cards and other card products enhanced with microprocessors capable of holding more information than the traditional magnetic stripe. TWO TYPES: • Relationship – based smart credit cards and • Electronic Purses which replace money are also known as Debit Cards and Electronic Money.
Smart Cards devices VCC Reset Clock Reserved GND VPP I/O
What’s in a Card? CLK RFU RST Vcc GND RFU Vpp I/O
Relationship based Smart Cards Credit Cards are fast evolving into smart cards as consumers demand payment and financial services products that are user-friendly, convenient and reliable. • Enhanced credit cards store card holder information including name, birth date, personal shopping preferences and Actual purchase records. • Relationship –based products are expected to offer consumers for grater options, including the following : • Access to Multiple accounts, such as debit, credit investments (or) stored value for e-cash, on one card (or) electronic device. • A variety of fn’s such as Cash access, bill payment, balance inquiry (or) Funds transfer for selected accounts. • Multiple access options at multiple locations using multiple device types such as an automated teller m/c, a screen phone, a personal computer, a personal digital assistant (PDA) (or) interactive TVs. • Companies are trying to incorporate these services into a personalized banking relationship for each customer. • Credit cards, banks may link up with health care provider telephone companies, Retailers and airlines to offer frequent shopping and flyer pgms and other services.
• Electronic Purses & Debit cards • Electronic purse works in the following manner. After the purse is loaded with money, at an ATM (or) through the use of an inexpensive special telephone, it can be used to pay for say candy in a vending m/c equipped with a card reader. • The value of the purchase is deducted from the balance on the card and added to an e cash box in the vendering m/c • The balance on an electronic purse is depleted, the purse can be Recharged with more money. • Smart – card Readers & Smart Phones • Benefits of smart cards will rely on the ubiquity of device called smart-card readers that can communicate with the chip on a smart card. • Some smart-card readers combine elements of a personal computer a point-of-sale terminal and a phone to allow consumers to quickly conduct financial transactions without leaving their homes.
• Business Issues and Smart Cards • For merchants, smart cards are a very convenient alternative to handling cash, which is becoming a nightmare. • Cash is expensive to handle count and deposit and incurs slippage, a commercial term for theft, fraud (or) misplacement.
CREDIT CARD – BASED ELECTRONIC PAYMENT SYSTEMS We can break credit card payment on on-line networks into 3 basic categories : 1) Payment using plain credit card details § The Easiest method of payment is the exchange of unencrypted credit cards over a public n/w such as telephone line (or) Internet. § Authentication is also a significant problem and the vendor is usually responsible to ensure that the person using the credit card is its owner § Without encryption there is no way to do this. Payment using encrypted credit card details § Encrypt your credit card details before sending them out. § cost of credit card transection itself. § Prohibit micropayments. 3) Payments using third – party verification. § Third part collects and approves payments from one client to another.
1) Players in on-line credit card Transaction Processing 1 First Virtual Holdings Interactive 2 Master Banking 4 VISA Interactive 5 Joint venture of EDS, France telecom, US west and H&R block for home A home banking service started by Master. Card & Check free corp. , an online payment processor. VISA International acquired US order, a screen phone manufacturer VISA Interactive has signed up more than 30 banks, including Nations Bank. This H&R Block unit owns managing your money personal finance S/W & Block Financial 6 credit card transactions on the Internet Transactions Partners banking & electronic payment services 3 San Diego-based start-up offers an Internet payment system to process Prodigy Compu. Serve. Provides electronic- banking services for VISA member banks Teaming up with Meridian Bank and other to offer PC based and home Banking via it’s on-line services.
2) Encryption & Credit Cards To make a credit card transaction truly secure & non refutable the following sequence of steps must occur before actual goods, services (or) funds flow. 1) A customer presents his (or) her credit card information securely to the merchant. 2) The Merchant validates the customer’s identity as the owner of the credit card account. 3) The Merchant relays the credit card charge information & signature to it’s bank (or) on-line credit card processors. 4) The Bank (or) processing party relays the information to the customer’s bank for authorization approval. 5) Customer’s bank returns the credit card data, charge authentication and Authorization to the merchant.
Processing Payments using encrypted credit cards
3) Third- party Processors & Credit Cards • In third-party processing, consumers real. With a third party on the Internet to verify electronic micro transactions. • Verification mechanisms can be designed with many of the attributes of electronic tokens, including anonymity. • They differ from electronic token systems in that, ü They depend on existing financial instruments and ü They require on On-line involvement of at least one additional party and is some cases, multiple parties to ensure extra security. • On-line third-party processors (OTPP) have created a seven step, step process that they believe will be a fast & efficient way to buy information on-line. 1. The consumer acquires an OTTP account number by filling out a registration form. 2. To purchase an article, s/w (or) other info on-line, the consumer requests the item from the merchant by quoting her OTPP account number. 3. The merchant contacts the OTPP payment server with the customer’s account number
4. 5. 6. 7. The OTPP payment server verifier the customer’s account no 1. vender and checks for sufficient funds. OTPP payment server sends an electronic manage to the buyer responds to the forms (or) e-mail in one of 3 ways : yes, I topay; No, I will not pay; (or) fraud, I never asked for this. If the OTPP payment server gets a Yes from the customer, the merchant is informed and the customer is allowed to download material immediately. The OTPP will not debit the buyer's account until it receives confirmation of purchase completion. for the The agree the Ex: www. openmarket. com , www. fv. com are already providing third party payments services on the internet.
On-Line payment process using a third-party processor :
E-Commerce Payment Technologies Payment technologies include: • Electronic Funds Transfer (EFT) • Payment gateways • Secure Electronic Transactions (SET) • Open Trading Protocol (OTP) • Secure Sockets Layer (SSL) / Transport Layer Security (TLS)
Electronic Funds Transfer (EFT) • A generic term that describes the ability to transfer funds using computers rather than paper • Also known as wire transfer • Major payment system in banking, retail • Variety of information technologies capture and process money and credit card transfers • Most point-of-sale terminals in retail stores are networked to bank EFT systems must ensure: ØConfidentiality of payment information ØIntegrity of payment information ØMerchant authentication ØInteroperability • Automated Clearing House (ACH) Governed in the United States by the National Automated Clearing House Association used in EFT and US Federal Reserve Board which implements the EFTA (Electronic Fund Transfer Act).
Secure Electronic Transaction (SET) Protocol • Jointly designed by Master. Card and Visa with backing of Microsoft, Netscape, IBM, GTE, SAIC, and others • Designed to provide security for card payments as they travel on the Internet • Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers and merchants in addition to providing secure transmission • SET specification • Uses public key cryptography and digital certificates for validating both consumers and merchants • Provides privacy, data integrity, user and merchant authentication, and consumer nonrepudiation
The SET protocol coordinates the activities of the customer, merchant’s bank, and card issuer.
SET Payment Transactions • SET-protected payments work like this: • Consumer makes purchase by sending encrypted financial information along with digital certificate • Merchant’s website transfers the information to a payment card processing center while a Certification Authority certifies digital certificate belongs to sender • Payment card-processing center routes transaction to credit card issuer for approval • Merchant receives approval and credit card is charged • Merchant ships merchandise and adds transaction amount for deposit into merchant’s account
SET uses a hierarchy of trust All parties hold certificates signed directly or indirectly by a certifying authority.
SET Protocol. . . • Extremely secure • Fraud reduced since all parties are authenticated • Requires all parties to have certificates • So far has received lukewarm reception • 80 percent of SET activities are in Europe and Asian countries • Problems with SET • • • Not easy to implement Not as inexpensive as expected Expensive to integrated with legacy applications Not tried and tested, and often not needed Scalability is still in question
Скачать презентацию BCA-3005 E- COMMERCE AND APPLICATIONS Module-IV Overview of
b6b56ebd08cabf914ba6399c94b4db34.ppt