Online Payment:
Issues and Solutions

S.M.O.K.E TECHNOLOGIES

1
What is Electronic Payment?
Is

a system that permits online payment
between parties using an electronic surrogate
of a f...
Current Status
ePayment
New

opportunities are growing albeit slowly

players are entering ePayment marketplace

Variet...
ePayment is still evolving ...
Security
Infrastructure

Business
Realities

Customer
Profiles

New ePayment Solutions
Auth...
ePayment Channels
Defined

as ‘touch points’ where a payment
transaction is originated or initiated

Can

be executed th...
ePayment Instruments
Defined

as the medium in which the value is
recognised in a payment transaction

Card-based

such ...
Credit Cards
Most

widely used

◦ banks able to leverage existing card infrastructure
◦ appears ‘defacto’ online payment
...
Debit Cards
Direct

electronic transfer of account - direct
account debiting

Uses

chip/smart eWallets

Digital

signa...
Digital Cash
A

system of purchasing cash and storing the
credits in consumer’s computer

Computerised

stored value is ...
Cazh
A

project by ABN-Amro

A

debit system that creates network between
merchant and bank to allow customers pay for
t...
Cash Card
Payment

solution on a proprietary protocol that
allows payment over the Internet

A

digital/virtual wallet w...
eCheque
A

formatted email message that consists of
payee name, amount, payment date, payer’s
account number, and payer’s...
Mobile Wallet
Relatively

new space exploited by telcos and nonfinancial enterprises

Provides

ePurse functionality to ...
Components of Online Payment
System
Consumer

Online
Merchants

Payment
Enablers

Payment
Clearinghouses

• Merchant
Acqui...
ePayment Risks
Buyer

Merchant

Private
network

Payment
gateway
Bank
network

Internet

• Use of stolen
card
• Credit car...
Research on online shopping
Survey By

Question Asked

Results

Odyssey, 2000

Features that will increase the
likelihood ...
How can we secure
ePayment?
The

Trust Principle

◦ The parties to the transaction must trust each
other
◦ Buyer must bel...
How can we secure
ePayment?
The

Security Principle

◦ Parties need a secure environment in which to
conduct the electron...
ePayment Solutions
 Must

provide security: resistance to fraud and online
attacks

 Reliable:

highly available and acc...
Securing ePayments
 Identification

and authenticate
◦ the ability to verify both the transacting parties
 Authorisation...
Authentication Models
Something

you have and something you know –
ATM card model

Known

to the back-end (server), sync...
ePayment Transaction Cycle
er

Pa 9
ys
ba
nk
Transaction
4

bu
ye

r

t

8

s
od
go
rs
rde 1
O

an

Bil
ls

ch

Issuing Ba...
Secure Sockets Layer
(SSL)
A

security protocol to protect sensitive data
transmitted over the Internet

Uses

data

enc...
Secure Electronic Transfer
- SET
Protocol

1996

by Visa and MasterCard released in

3

party system - cardholder, merch...
3D SET (Server-based SET)
Overcome
Uses

the resistance of original SET

server-based implementation of SET

Reduces

t...
How 3D SET works ...
Cardholder
Certificates

WTLS
SSL

Customer
1. Cardholder
Authentication

Merchant
Certificates

Wall...
Features of 3D SET
Certificate

is stored in a central server of the
issuer and not at the cardholder computer

Cardhold...
Thank You …
S.M.O.K.E TECHNOLOGIES

28
Upcoming SlideShare
Loading in …5
×

S.m.o.k.e. technologies

703 views

Published on

S.M.O.K.E. TECHNOLOGIES is the best company for website design, web development, e-commerce solutions,web hosting, Payment getway solution, Mobile website, Mobile Development, SEO, other expert IT outsourcing services. Get started with affordable packages or hire dedicated resources.Keywords:-web development company | web hosting | Payment getway solution Jaipu

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
703
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Source: Achex, February 2002
  • Source: Visa International, 2002
  • Source: Authentication - The missing element in online payment security, www.gpayments.com
  • S.m.o.k.e. technologies

    1. 1. Online Payment: Issues and Solutions S.M.O.K.E TECHNOLOGIES 1
    2. 2. What is Electronic Payment? Is a system that permits online payment between parties using an electronic surrogate of a financial tender The electronic surrogate is backed by financial institutions and/or trusted intermediaries The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tender S.M.O.K.E TECHNOLOGIES 2
    3. 3. Current Status ePayment New opportunities are growing albeit slowly players are entering ePayment marketplace Variety of ePayment mechanisms and devices creating state of chaos Infrastructure for ePayment is complex and expensive to deploy Lack of critical mass adoption and acceptance Online payment is hard to implement globally S.M.O.K.E TECHNOLOGIES 3
    4. 4. ePayment is still evolving ... Security Infrastructure Business Realities Customer Profiles New ePayment Solutions Authentication Models Payment Types Spa S.M.O.K.E TECHNOLOGIES 4
    5. 5. ePayment Channels Defined as ‘touch points’ where a payment transaction is originated or initiated Can be executed through a variety of channels ◦ Internet based ◦ Kiosks ◦ Contactless or proximity sensors ◦ Mobile eg mobile phones, PDA S.M.O.K.E TECHNOLOGIES 5
    6. 6. ePayment Instruments Defined as the medium in which the value is recognised in a payment transaction Card-based such as ◦ Credit and charge cards  buy now, pay later ◦ Debit cards  buy now, pay now ◦ Cash cards, stored-valued, e-cash  buy now, prepaid or pay before S.M.O.K.E TECHNOLOGIES 6
    7. 7. Credit Cards Most widely used ◦ banks able to leverage existing card infrastructure ◦ appears ‘defacto’ online payment Largely unencrypted Charge back risk for merchants ◦ ‘card-not-present’ transactions processed without customer & merchant authentication ◦ charge-back is when customer demands a refund ◦ banks transfer liabilities of charge-backs to the merchants ◦ merchants need to have a bond to cover such charges S.M.O.K.E TECHNOLOGIES 7
    8. 8. Debit Cards Direct electronic transfer of account - direct account debiting Uses chip/smart eWallets Digital signature to secure access Connected to eBanking solution S.M.O.K.E TECHNOLOGIES 8
    9. 9. Digital Cash A system of purchasing cash and storing the credits in consumer’s computer Computerised stored value is used as a form of cash to be spent in small increments A third party is involved in the payment transactions Examples: Beenz, Billpoint, Paypal S.M.O.K.E TECHNOLOGIES 9
    10. 10. Cazh A project by ABN-Amro A debit system that creates network between merchant and bank to allow customers pay for the goods by direct debit of customers’ bank account Once customer has been authenticated by his/her bank, he/she can authorise the bank to pay the merchant on the goods purchase Similar to Nets POS but in cyberspace S.M.O.K.E TECHNOLOGIES 10
    11. 11. Cash Card Payment solution on a proprietary protocol that allows payment over the Internet A digital/virtual wallet with prepaid creditbased/token-based payment system Enables low-value electronic payments on the Limited distribution, proprietary solutions Internet Needs to install card reader and download free eWallet S.M.O.K.E TECHNOLOGIES 11
    12. 12. eCheque A formatted email message that consists of payee name, amount, payment date, payer’s account number, and payer’s bank Digital certificate and signature are used to secure the cheque so that the contents are not tampered with A signed electronic cheque is exchanged between the parties’ financial institutions through automated clearing house S.M.O.K.E TECHNOLOGIES 12
    13. 13. Mobile Wallet Relatively new space exploited by telcos and nonfinancial enterprises Provides ePurse functionality to replace card-type payments Aggregating phone bill micro-payments onto the mobile Can use mobile access device to authenticate payer’s identity SIM card well placed to function and control payment process and authentication S.M.O.K.E TECHNOLOGIES 13
    14. 14. Components of Online Payment System Consumer Online Merchants Payment Enablers Payment Clearinghouses • Merchant Acquirers • Payment Gateways Competing Authentication Services • Shopping Cart Vendors • Non-bank payment Processors S.M.O.K.E TECHNOLOGIES 14
    15. 15. ePayment Risks Buyer Merchant Private network Payment gateway Bank network Internet • Use of stolen card • Credit card number or password stolen from computer • Unauthorised access • Information modified in transit • Payment info stolen from merchant Internet • Masquerading as legitimate merchant • Information stolen • Information modified in transit • Key info stolen by merchant staff S.M.O.K.E TECHNOLOGIES 15
    16. 16. Research on online shopping Survey By Question Asked Results Odyssey, 2000 Features that will increase the likelihood to buy online? 88% of online shoppers said “guaranteed credit card security”, 2nd highest feature cited. Cyber Dialogue, 2000 Important features of online shopping sites? 85% of online shoppers said “secure transactions,” the highest cited feature. Pricewaterhouse Coopers, 2000 Barriers to online purchasing? 79% of Internet users said “credit card security,” the number one cited barrier. Greenfield Online, 2000 Barriers to online purchasing? 47% of Internet users said “credit card security,” the 3rd highest barrier cited. Pew Internet & Am Life Project, June 2000 Worries and concerns regarding online activities? 68% of Internet users said “hackers getting credit card number,” 2nd highest concern cited Jupiter Research, May 2000 Factors that would motivate new users to purchase online? 58% of new Internet users said “better security,” the 3rd highest factor cited. Odyssey, 2000 Factors that would convert nonbuyers to buyers online? 60% of non-buyers said “credit card security,” the highest factor cited. S.M.O.K.E TECHNOLOGIES 16
    17. 17. How can we secure ePayment? The Trust Principle ◦ The parties to the transaction must trust each other ◦ Buyer must believe that seller is legitimate and will deliver the goods ◦ Buyer must believe that goods are as represented and are worth the price ◦ Seller must believe that buyer is legitimate and will pay for the goods purchased S.M.O.K.E TECHNOLOGIES 17
    18. 18. How can we secure ePayment? The Security Principle ◦ Parties need a secure environment in which to conduct the electronic transactions ◦ Seller needs to protect the details of the transactions ◦ Buyer needs to be certain that his/her information is securely handled and stored ◦ Buyer needs to be certain that information is not stolen that it can be inappropriately used S.M.O.K.E TECHNOLOGIES 18
    19. 19. ePayment Solutions  Must provide security: resistance to fraud and online attacks  Reliable: highly available and accessible at all times  Cost effective: cost per transaction should be low even for micro-payment  Integrated and scaleable: interoperable amongst different systems, payment methods and multiple servers distributed across the Internet  Convenient devices and easy to use: should support several  Anonymity: should protect the identities of parties to the transactions and should not monitor the sources of finance S.M.O.K.E TECHNOLOGIES 19
    20. 20. Securing ePayments  Identification and authenticate ◦ the ability to verify both the transacting parties  Authorisation ◦ the ability to validate the rightful owner to the transaction  Integrity and confidentiality ◦ the ability to transmit the transaction securely ◦ the ability to store the transaction properly  Accountability ◦ The ability to provide audit trail as evidence in dispute  Policies for sharing risks and liabilities ◦ the mechanism to settle disputes/non-repudiation S.M.O.K.E TECHNOLOGIES 20
    21. 21. Authentication Models Something you have and something you know – ATM card model Known to the back-end (server), synchronize with each transaction using a one time random number – Secur-ID model “Sign” Tie each transaction – PKI-model into a real person – Biometrics S.M.O.K.E TECHNOLOGIES 21
    22. 22. ePayment Transaction Cycle er Pa 9 ys ba nk Transaction 4 bu ye r t 8 s od go rs rde 1 O an Bil ls ch Issuing Bank pays Visa / 5 Mastercard i B k M I u ss ng an ds oo rg live Voucher to De Acquiring Bank Buyer voucher to Issuing Bank 2 7 Reimburses merchant is as te rc A M cq a/ 3 B uir an in k g V Sends transaction voucher to Visa / Mastercard ar 6 d Visa / Mastercard reimburses Acquiring Bank S.M.O.K.E TECHNOLOGIES 22
    23. 23. Secure Sockets Layer (SSL) A security protocol to protect sensitive data transmitted over the Internet Uses data encryption to protect the transmission of When SSL session starts, server sends key to the browser, which returns random key to the server Ensures that data are not tampered with or stolen en route S.M.O.K.E TECHNOLOGIES 23
    24. 24. Secure Electronic Transfer - SET Protocol 1996 by Visa and MasterCard released in 3 party system - cardholder, merchant and bank using SET-enabled systems Uses digital certificate to ensure cardholder is who he/she says he/she is or claims to be Credit card details are invisible to merchants, protected by encryption for clearing bank S.M.O.K.E TECHNOLOGIES 24
    25. 25. 3D SET (Server-based SET) Overcome Uses the resistance of original SET server-based implementation of SET Reduces technology that must be deployed by merchant and customer ◦ Merchants use ‘thin’ modules ◦ Customers use ‘slim’ digital wallets Not inter-operable with SSL websites S.M.O.K.E TECHNOLOGIES 25
    26. 26. How 3D SET works ... Cardholder Certificates WTLS SSL Customer 1. Cardholder Authentication Merchant Certificates Wallet Server Issuer API or URL SET Merchant 2. Wallet Initiates Purchase Payment Gateway SET Acquirer 3. Payment Request 4. Payment Authorisation S.M.O.K.E TECHNOLOGIES 26
    27. 27. Features of 3D SET Certificate is stored in a central server of the issuer and not at the cardholder computer Cardholder is flexible to use certificates with other devices Cardholder can only use certificate issued by the CA - a limitation Theft of certificate is still possible from the server-based SET - a problem S.M.O.K.E TECHNOLOGIES 27
    28. 28. Thank You … S.M.O.K.E TECHNOLOGIES 28

    ×