Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Electronic payment system


Published on

  • Be the first to comment

Electronic payment system

  1. 1. Electronic payment system
  2. 2. E-commerce Transactions In Several Steps <ul><li>The consumer places an order and transmits the payment card account number to the merchant. </li></ul><ul><li>The merchant stores the order and the account holder information in a database for future reference. </li></ul>
  3. 3. E-commerce Transactions In Several Steps <ul><li>The merchant transmits the amount of the purchase and the account holder information to a financial institution in order to obtain an authorization, indicating the reservation of funds that allows settling the transaction later. </li></ul><ul><li>Finally, after the delivery of goods to the consumer, the merchant asks the financial institution to settle the transaction and credit the merchant account. </li></ul>
  4. 4. The Hacker’s Ways <ul><li>The hacker can impersonate the merchant or make a bogus Web site. The consumer does not notice this and sends the order and credit information directly to the hacker. </li></ul><ul><li>Another scenario exists where the hacker installs a key-logger on the device of the consumer, logging all information typed on the keyboard, including account holder information including the payment card number. </li></ul>
  5. 5. The Hacker’s Ways <ul><li>The hacker observes the communication between the cardholder and the merchant. Transmitting credit card information on the network without encryption, allows the hacker to read this information. </li></ul><ul><li>The hacker can penetrate the merchant’s c-commerce environment and steal information in the database. </li></ul>
  6. 6. Protecting Internet Communication <ul><li>Encryption : Process of transforming plain text or data into cipher text that can not be read by anyone outside of sender and the receiver. Purpose of encryption: </li></ul><ul><ul><li>To secure stored information </li></ul></ul><ul><ul><li>To secure information transmission. </li></ul></ul>
  7. 7. Encryption <ul><li>The technique of modifying a known bit stream so that it appears to be random to an unauthorized observer. It often is done automatically before data is transmitted. </li></ul>
  8. 9. Cipher Text <ul><li>Text that has been encrypted and thus can not be read by any one besides the sender and the receiver. </li></ul><ul><li>Key (Cipher) : Any method for transforming plain text into cipher text. </li></ul><ul><li>Substitution Cipher : Every occurrence of a given letter is replaced systematically by another letter. Say letter plus 2 Substitution will make HELLO as JGNNQ </li></ul>
  9. 10. Characteristics of Digital Payment <ul><li>Acceptability : Robust, available and accessible to a vide range of consumers, and sellers of good and services </li></ul><ul><li>Convertibility : The electronic currency should be interoperable and interchangeable with other form of electronic cash, paper, currency and deposits in bank account. </li></ul>
  10. 11. Characteristics of Digital Payment <ul><li>Flexibility : Payment system should be in a position to accept several form of payment rather than limiting the user a single form of currency </li></ul><ul><li>Reliability : Payment system should ensure and infuse confidence in users The users should be completely shielded from systematic or one point failure </li></ul>
  11. 12. Characteristics of Digital Payment <ul><li>Efficiency : Cost of overhead involved in operation of digital payments. The cost per transaction should be close to zero. </li></ul><ul><li>Security : Digital currency should be stored in a form that is resistant to double spending, replication and tampering. It should offer protection from intruders trying to tap it and put it to unauthorized use when transmitting over internet. </li></ul>
  12. 13. Characteristics of Digital Payment <ul><li>Usability : The user of the payment mechanism should be able to use it as easily as real currency. It should be well integrated with the existing applications and processes. </li></ul><ul><li>Scalability : Should offer scalable solutions. Should range from micro payments to business payments. </li></ul>
  13. 14. Transaction Characteristics <ul><li>Atomicity : Transaction should occur completely or it should not occur at all </li></ul><ul><li>Transfer of Funds : There should not be any currency loss. Full transfer by debiting the payer and crediting the payee. </li></ul><ul><li>Complete Transfer : A complete exchange of currency with corresponding digital goods should take place. </li></ul>
  14. 15. Transaction Characteristics <ul><li>Consistency : All parties concerned must agree on relevant facts i.e. amount and reason of transfer, transaction. </li></ul><ul><li>Isolation : Transactions must be independent of each other. </li></ul><ul><li>Durability : In case of system failure, it should recover to a state where transaction and status information is consistant. </li></ul>
  15. 16. Types of Payment System <ul><li>Cash : Legal tender defined by national authority </li></ul><ul><ul><li>Instantly convertible </li></ul></ul><ul><ul><li>No intermediation of any institution </li></ul></ul><ul><ul><li>Popularity because portable </li></ul></ul><ul><ul><li>Requires no authentication </li></ul></ul><ul><ul><li>Instant purchasing power </li></ul></ul><ul><ul><li>Anonymous and difficult to trace </li></ul></ul><ul><ul><li>Limited to smaller transactions </li></ul></ul>
  16. 17. Float <ul><li>The period of time between a purchase and actual payment for the purchase </li></ul><ul><li>Cash does not provide any float. </li></ul><ul><li>Cash purchase are final and irreversible unless otherwise agreed by the seller </li></ul>
  17. 18. Cheque Transfer <ul><li>Funds transferred directly via bank draft or cheque from consumer’s account </li></ul><ul><li>Used for both small and large transactions, not used for micro payments </li></ul><ul><li>Provide some float (can take up to 10 days), Unspent amount can earn interest </li></ul><ul><li>Can be forged easily than cash </li></ul><ul><li>They can be cancelled before encashment </li></ul><ul><li>May bounce if inadequate money in account </li></ul>
  18. 19. Credit Cards <ul><li>Represents an account that extends credit to consumers </li></ul><ul><li>Permits consumers to purchase items while deferring payment </li></ul><ul><li>Allows consumers to make payments to multiple vendors at one time. </li></ul>
  19. 20. Credit cards Associations <ul><li>VISA and MasterCard are non profit associations </li></ul><ul><li>Set standards for issuing banks- that actually issue the cards and process transactions </li></ul><ul><li>Third Parties, processing centres and clearinghouse, usually handle verification of accounts and balances </li></ul><ul><li>Offers considerable float </li></ul>
  20. 21. Stored Value Payment System <ul><li>Accounts credited by depositing funds into an account and from which funds are paid out or withdrawn as needed </li></ul>
  21. 22. Debit Cards <ul><li>Immediately debit a checking or demand-deposit account. </li></ul><ul><li>Eliminates writing of a cheque. </li></ul><ul><li>Dependant on funds being available in the consumer’s bank account </li></ul><ul><li>Do not provide any float </li></ul>
  22. 23. Accumulating Balance <ul><li>Accounts that accumulate expenditures and to which consumers make periodic payments. </li></ul><ul><li>Traditional examples include electricity, phone bills which gets accumulated for a specific period and then paid in full </li></ul>
  23. 24. Consumer's Preference of Payment System <ul><li>Low risk </li></ul><ul><li>Low cost </li></ul><ul><li>Convenient </li></ul><ul><li>Reliable payment mechanism </li></ul><ul><li>Will not use new mechanism unless they are more beneficial than the existing system </li></ul>
  24. 25. Merchant <ul><li>Low risk </li></ul><ul><li>Low cost </li></ul><ul><li>Secure </li></ul><ul><li>Reliable payment mechanism </li></ul><ul><li>Cash, debit cards, Demand drafts </li></ul>
  25. 26. Current Online Payment Systems Consumer Purchases Merchant Clearing house Card Issuing Bank Merchant Bank Monthly statement Merchant software contacts clearinghouse CH verifies account and balance from issuing bank Issuing bank credits merchant account SSL provide secure connection
  26. 27. SET Protocol <ul><li>(Secure Electronic Transaction protocol) </li></ul><ul><li>An open standard for E-Commerce industry developed and offered by VISA and MasterCard as a way to facilitate and encouraged improved security for credit card transactions </li></ul><ul><li>SET uses a digital certificate that verify a sender’s identity, as one way of improving security. </li></ul>
  27. 28. How SET Transactions Work Consumer make purchases select payment with SET Merchant Clearing house Card Issuing Bank Merchant Bank Monthly statement Merchant software forwards encrypted messages CH verifies account and balance from issuing bank Issuing bank credits merchant account Merchant and consumer computers verify each other identity
  28. 29. Digital Wallets <ul><li>Authenticates the consumers through the use of digital certificates or other encryption methods, stores and transfer values and secures the payment process from the consumer to the merchant </li></ul><ul><li>A wallet in your pocket contains your ID, cash, Phone cards, credit /debit cards, old receipts and photos of those close to you etc. </li></ul>
  29. 30. Promised Functionality of Digital Wallets <ul><li>Confirms identity via digital certificates </li></ul><ul><li>Pay bills via alliances with credit cards associations and banks </li></ul><ul><li>Helps customer control their environments, PIN, Card No </li></ul><ul><li>Present and pay bills at a single location </li></ul><ul><li>Authentication </li></ul><ul><li>Payments </li></ul><ul><li>Privacy </li></ul><ul><li>Bills Presentment </li></ul>
  30. 31. Client Based Digital Wallets <ul><li>Software applications that consumers install on their computers, and that offer consumers convenience by automatically filling out forms at online stores. </li></ul><ul><li>Merchant install software on their servers to receive information from client based wallets </li></ul>
  31. 32. Server Based Digital Wallets <ul><li>Software based authentication and payment services and products sold to financial institutions that market the system to merchants either directly or as a part of their financial service package </li></ul><ul><li>Fastest growing server based digital wallets system is Microsoft Passport that offers a consumer Single Sign-In service (SSI) </li></ul><ul><li>A user obtains a passport by opening a e-mail account at or </li></ul>
  32. 33. Passport <ul><li>A registered user clicks the passport logo at a participating site; the site displays a passport sign-in page where the user enter his login name and password. </li></ul><ul><li>The sign-in page redirects it to MS Passport server for authentication. </li></ul><ul><li>Passport authenticates the user and writes a cookie to the user browser containing encrypted authentication and passport profile information </li></ul>
  33. 34. Passport Manager <ul><li>Passport manager at the participating site decrypts the information </li></ul><ul><li>Passport manager then caches the user authentication and profile information on the user’s browser and silently revies them as user moves from page to page at the site . </li></ul>
  34. 35. Digital Cash (e-cash) <ul><li>Digital forms of value storage and value exchange that have limited convertibility into other forms of value and require intermediary to convert </li></ul><ul><li>To use DigiCash, a consumer first establish an account at a bank that is using DigiCash system. </li></ul><ul><li>Load digital wallet software to his machine. </li></ul><ul><li>Then consumer requests transfer of digital cash to his wallet </li></ul>
  35. 36. Digital Cash (e-cash) <ul><li>Consumer then could spend the cash at a merchant site who is willing to accept it </li></ul><ul><li>The software would deduct the cash from the wallet and transfer it to merchant. </li></ul><ul><li>Merchant then transfer the cash back to bank. </li></ul><ul><li>Bank would cancel the e-coin and credit the amount to merchant </li></ul>
  36. 37. Online Stored Value System <ul><li>Permit consumers to make instant, online payments to merchants and other individuals based on value stored in an online account </li></ul><ul><li>It rely on the value stored in a consumer bank, checking or credit card account </li></ul><ul><li>ECOUNT.COM runs a stored value system </li></ul>
  37. 38. ECOUNT.COM <ul><li>Establish account funded by credit or debit card with ecount. </li></ul><ul><li>Verify account and balances. Account information is transferred via web using SSL </li></ul><ul><li>Consumer can shop anywhere on the web where MasterCard is accepted. Ecount is treated as if were MasterCard. </li></ul><ul><li>Ecount transfers funds to merchant or individuals </li></ul><ul><li>Monthly statements issued to individuals showing debit to ecount </li></ul>
  38. 39. Smart Card <ul><li>A credit or debit card containing a computer chip with memory and interactive capabilities used to identify and store additional data about the cardholder, cardholder account, or both. Also called an integrated circuit card or a chip card. </li></ul><ul><li>It can hold 100 times more data than a credit card including multiple credit card numbers and information regarding health, insurance, personal identification, bank accounts etc. </li></ul><ul><li>Security: If the card is lost or stolen, the holder looses the real money. However you can lock it with a PIN no </li></ul>
  39. 40. Limitations of Online Credit Card Payment Systems <ul><li>Security </li></ul><ul><li>Merchant risk </li></ul><ul><li>Cost </li></ul><ul><li>Social equity </li></ul>
  40. 41. Public Key Cryptography <ul><li>Two mathematically related digital keys are used: </li></ul><ul><ul><li>Public key: is widely disseminated </li></ul></ul><ul><ul><li>Private Key: is kept secret by owner </li></ul></ul><ul><li>Both keys can be used to encrypt and decrypt the message. However, once the keys are used to encrypt the message, same key can not be used to decrypt the message. </li></ul><ul><li>Mathematical algorithm used to produce the keys are one-way functions </li></ul><ul><li>Keys are sufficiently long 128, 256 and 512 bit keys </li></ul>
  41. 42. The Digital Signature technology involves:- <ul><li>Private key: A unique combination known only to signer. It is used to encrypt the message. </li></ul><ul><li>Public key: A code is sent to the receiver separated to enable decryption of the message digest. It is also available on the web site of the Certification Authority. </li></ul>
  42. 43. Hash Function <ul><li>It can be complex to produce a 128 bit number that reflects the number of 1’s and 0’s in the message </li></ul><ul><li>Result of applying the Hash function are sent by the sender to the recipient </li></ul><ul><li>Recipient applies the same hash function to verify the same results are produced. </li></ul>
  43. 44. Digital Signature <ul><li>To ensure authenticity of message </li></ul><ul><li>Sender encrypts the entire block of cipher text one more time using sender’s private key. This produces a Digital Signature or termed a e-signature </li></ul><ul><li>A digital signature is a close parallel to handwritten signatures </li></ul>
  44. 45. Digital Certificate <ul><li>A digital document issued by the certification authority contains: </li></ul><ul><ul><li>The name of the subject or company </li></ul></ul><ul><ul><li>The subject’s public key </li></ul></ul><ul><ul><li>A digital certificate serial number </li></ul></ul><ul><ul><li>An expiration date </li></ul></ul><ul><ul><li>An issuance date </li></ul></ul><ul><ul><li>The digital signatures of the certification authority </li></ul></ul><ul><ul><li>And other identifying information. </li></ul></ul>