The document discusses electronic payment systems. It defines electronic payments as using an electronic surrogate for financial tender backed by financial institutions. It discusses different types of electronic payment methods including card-based payments, direct account debiting, electronic wallets, digital cheques, and security protocols like SET. It also covers principles for secure electronic payments such as trust, security, identification, authorization, integrity and accountability.

4. Aqib Farooq Kunal Bhatt

5. Is a system that permits online payment between parties using an electronic surrogate of a financial tender The electronic surrogate is backed by financial institutions and/or trusted intermediaries The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tender

6. New ePayment Solutions Security Infrastrucure Business Realities Authentication Models Spa Customer Profiles Payment Types

7. Defined as the medium in which the value is recognised in a payment transaction Card-based such as Credit and charge cards buy now, pay later Debit cards buy now, pay now Cash cards, stored-valued, e-cash buy now, prepaid or pay before

8. Most widely used banks able to leverage existing card infrastructure appears ‘defacto’ online payment Largely unencrypted ‘ card-not-present’ transactions processed without customer & merchant authentication Charge back risk for merchants charge-back is when customer demands a refund banks transfer liabilities of charge-backs to the merchants merchants need to have a bond to cover such charges

9. Direct electronic transfer of account - direct account debiting Uses chip/smart eWallets Digital signature to secure access Connected to eBanking solution

10. A system of purchasing cash and storing the credits in consumer’s computer Computerised stored value is used as a form of cash to be spent in small increments A third party is involved in the payment transactions Examples: Beenz, Billpoint, Paypal

11. Payment solution on a proprietary protocol that allows payment over the Internet A digital/virtual wallet with prepaid credit-based/token-based payment system Enables low-value electronic payments on the Internet Limited distribution, proprietary solutions Needs to install card reader and download free eWallet

12. A formatted email message that consists of payee name, amount, payment date, payer’s account number, and payer’s bank Digital certificate and signature are used to secure the cheque so that the contents are not tampered with A signed electronic cheque is exchanged between the parties’ financial institutions through automated clearing house

13. Use of stolen card Credit card number or password stolen from computer Unauthorised access Information modified in transit Payment info stolen from merchant Masquerading as legitimate merchant Key info stolen by merchant staff Information modified in transit Information stolen Buyer Merchant Payment gateway Internet Private network Internet Bank network

14. The Trust Principle The parties to the transaction must trust each other Buyer must believe that seller is legitimate and will deliver the goods Buyer must believe that goods are as represented and are worth the price Seller must believe that buyer is legitimate and will pay for the goods purchased

15. The Security Principle Parties need a secure environment in which to conduct the electronic transactions Seller needs to protect the details of the transactions Buyer needs to be certain that his/her information is securely handled and stored Buyer needs to be certain that information is not stolen that it can be inappropriately used

16. Identification and authenticate the ability to verify both the transacting parties Authorisation the ability to validate the rightful owner to the transaction Integrity and confidentiality the ability to transmit the transaction securely the ability to store the transaction properly Accountability The ability to provide audit trail as evidence in dispute Policies for sharing risks and liabilities the mechanism to settle disputes/non-repudiation

17. Protocol by Visa and MasterCard released in 1996 3 party system - cardholder, merchant and bank using SET-enabled systems Uses digital certificate to ensure cardholder is who he/she says he/she is or claims to be Credit card details are invisible to merchants, protected by encryption for clearing bank

18. Bills buyer Pays bank Orders goods Deliver goods Reimburses merchant Voucher to Acquiring Bank Transaction voucher to Issuing Bank Issuing Bank pays Visa / Mastercard Sends transaction voucher to Visa / Mastercard Visa / Mastercard reimburses Acquiring Bank 1 2 7 4 5 3 6 8 9 Buyer Issuing Bank Merchant Acquiring Bank Visa/Mastercard

19. SPA is an authenticated payment system that involves participation of the cardholder, cardholder’s issuer, and merchant Cardholder needs authentication mechanism from the issuer such as a browser plug-in or an electronic wallet in their computers Merchants needs plug-in from the acquirer in shopping cart to carry hidden fields of transaction-specific information which can be checked with the security token…..