DILEEP V K4NM10SCS08MTECH IINMAMITElectronic Payment Systems

- Introduction to electronic payment systems - Requirements of electronic payment - Classification of electronic payment systems and protocols - Account-Based Payment and Example - Electronic Check Payment and Example - Micro-Payment and ExamplePresentation Outline

What is a payment system? E-commerce application systems must provide payment processing and transaction service to buyers and sellers. A payment system, as a part of E-commerce application system, is a such system which support secured payment processes by providing reliable, secured, and efficient transaction services between sellers and buyers. The basic requirements of a payment system: - Provide secured and confidential transaction processes. - Conduct authentication and authorization for all involved parties. - Ensure the integrity of payment instructions for goods and services. - Availability, cost-effective, efficiency and reliability. - Global access and international useful Introduction to Electronic Payment and Systems

Electronic payment is implemented by a flow of money from the payer via the issuer and acquirer to the payee. Advantages: - Fast transaction processing - Flexible of use (24 hours available) - Low cost transactions - Global accessible to customers and businesses Disadvantages: High risks and security challenges due to: - Unlike paper, digital documents can be copied perfectly and arbitrarily often. - Digital signatures can be produced by anybody who knows the secret cryptographic key. - A buyers name can be associated with every payment.Introduction to Electronic Payment Systems

Electronic Payment Models: Direct-payment systems:--> require an interaction between payer and payee. - Cash-like payment systems - A certain amount of money is taken away from the payer before purchases are made. Example: Smart card-based electronic purses, electronic cash, and bank checks - Check-like payment systems - pay-now systems (like credit card-based payment systems) - pay-later systems (like ATM card-based payment systems) Indirect payment systems:--> the payer or the payee initiates payment without the other party involved online. (Example, electronic funds transfer)Introduction to Electronic Payment Systems

Classification of electronic payment systems: - Card-based payment systems: Examples: CyberCash, First Virtual (FV), VISA and MasterCard, CARI - Electronic checking systems: Examples: FSTC, NetBill - Electronic cash payment systems: Examples: Ecash (DgiCash), NetCash, CyberCoin, Mondex - Micro-payment systems: Examples: Millicent, SubScrip, PayWord, MicroMint, IKP micropayment.Introduction to Electronic Payment Systems

Classification of Electronic Payment ProtocolsE-Commerce Payment ProtocolsMacro-Payment ProtocolsElectronic Check Payment ProtocolsMicro-Payment ProtocolsDigital Cash Payment ProtocolsSETFVCyberCashCyberCoinDigiCashNetCashMondaxCafeMillicentPayWordNetBillFSTCiKPSEPPSubScrip

Different types of payment card schemes: (A) Credit cards, where payments are set against a special-purpose account associated with some form of installment-based repayment scheme or a revolving line of credit. - pay later with limit and interest rate. (B) Debit cards (paperless checks) are linked to a checking/saving account. - pay now with balance checking. (C)Charge cards: work in a similar way to credit cards in that payments are set against a special-purpose account. - payment must be made at the end of billing period without limit. (D) Travel and entertainment cards are charge cards whose usage is linked to airlines, hotels, restaurants, car rental companies, or particular retail outlets.Overview of Account-Based Payment

Overview of Credit Card-Based PaymentCard AssociationCard Issuers BankCard Acquirers BankMerchantCardHolderPayment Model:

Special Features of Account-Based Electronic Payment- Online Transaction.

- Anonymity: This ensure that no detailed cash transactions for customer are traceable. Even sellers do not know the identity of customers involved in the purchases - Security: High security and low risk due to the use of traditional banking system and user accounts. - Standardization: Use of the existing standardized payment model - Flexibility:consumers can have multiple cards used in different countries and concurrency

- All transactions can be easily traced by banking system and merchants.

Limitations: - Dependency: dependent on existing banking systems. - Transaction cost: high transaction cost compared with other approaches - Performance: slower performance due to the authentication and account validation using the existing banking systems - Privacy:consumer loss of the privacy of their transactionsSpecial Features of Account-Based Electronic Payment

About CyberCash: - CyberCash is a secure Internet payment system developed by CyberCash, Inc., which is located at Reston, VA, USA, and it was found in August 1994 to provide software and service solutions for secure financial transactions over the Internet. - CyberCash uses special wallet software, enable consumers to make secure purchases using major credit cards from CyberCash-affiliated merchants. - the CyberCash payment system was launched in April 1995. It had over half a million copies in circulation. - CyberCash has other payment systems, such as CyberCoin (electronic cash system) and PayNow (electronic check system). Credit Card-Based Electronic Payment System: CyberCash

Features of CyberCash: - Use the existing credit card infrastructure for settlement payments. - Use cryptographic techniques to protect the transaction data during a purchase. - Authenticate the identifies of both parties to the transaction. - Provide online transaction and online authentication. - Broker the transaction between merchants bank and cardholders bank. Credit Card-Based Electronic Payment System: CyberCash

Credit Card-Based Electronic Payment System: CyberCashWeb BrowserCustomerWalletWeb ServerMerchant SoftwareCyberCashServerShoppingPurchasePurchase messagesRegistration Card bindingBankingNetworkInternetCyberCash Payment Model

Credit Card-Based Electronic Payment System: CyberCashPayment Steps in a CyberCash PurchaseConsumerCybercashServer (CS)MerchantClick PAYorder formforwarddetailsissuereceiptauthorize+ clearwith bankCredit-card payPayment-reqCharge-card-resauth-capturecharge-action-resFinishshoppingChooseCC, addrlogtransaction

Credit Card-Based Electronic Payment System: CyberCashHeaderTransportTrailerOpaqueCyberCash Messages:Header: It indicates the start of a CyberCash message.

Transport: It contains the order information in a purchase, transaction ID, date, and the key ID to the encrypt the opaque part.

Opaque:The encrypted part of a message.

Trailer:the end of a CyberCash message.

**Payment Acceptance and ProcessingMerchants must set up merchant accounts to accept payment cards Law prohibits charging payment card until merchandise is shippedPayment card transaction requires:Merchant to authenticate payment cardMerchant must check with card issuer to ensure funds are available and to put hold on funds needed to make current chargeSettlement occurs in a few days when funds travel through banking system into merchants account

**Processing a Payment Card Order

**Open and Closed Loop SystemsClosed loop systemsBanks and other financial institutions serve as brokers between card users and merchants -- no other institution is involvedAmerican Express and Discover are examplesOpen loop systemsTransaction is processed by third partyVisa and MasterCard are examples

**Credit Card ProcessingSOURCE: PAYMENTPROCESSING INC.

**Secure Electronic Transaction (SET) ProtocolJointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM, GTE, SAIC, and othersDesigned to provide security for card payments as they travel on the InternetContrasted with Secure Socket Layers (SSL) protocol, SET validates consumers and merchants in addition to providing secure transmissionSET specificationUses public key cryptography and digital certificates for validating both consumers and merchantsProvides privacy, data integrity, user and merchant authentication, and consumer nonrepudiation

**The SET protocolThe SET protocol coordinates the activities of the customer, merchant, merchants bank, and card issuer. [Source: Stein]

**SET Payment TransactionsSET-protected payments work like this:Consumer makes purchase by sending encrypted financial information along with digital certificateMerchants website transfers the information to a payment card processing center while a Certification Authority certifies digital certificate belongs to senderPayment card-processing center routes transaction to credit card issuer for approvalMerchant receives approval and credit card is chargedMerchant ships merchandise and adds transaction amount for deposit into merchants account

**SET uses a hierarchy of trustAll parties hold certificates signed directly or indirectly by a certifying authority. [Source: Stein]

**SET ProtocolExtremely secureFraud reduced since all parties are authenticatedRequires all parties to have certificatesSo far has received lukewarm reception80 percent of SET activities are in Europe and Asian countriesProblems with SETNot easy to implementNot as inexpensive as expectedExpensive to integrated with legacy applicationsNot tried and tested, and often not neededScalability is still in question

Payment Cards

Online Credit Card Transaction

Payment Acceptance and ProcessingOpen and closed loop systems will accept and process payment cards. A merchant bank or acquiring bank is a bank that does business with merchants who want to accept payment cards. Software packaged with your electronic commerce software can handle payment card processing automatically.

Payment Acceptance and Processing

**Using Payments Cards OnlineKey participants in processing credit card payments online include the following:Acquiring bankCredit card associationCustomerIssuing bankMerchantPayment processing serviceProcessor

**Using Payments Cards OnlineFraudulent Credit Card TransactionsAddress Verification System (AVS)Detects fraud by comparing the address entered on a Web page with the address information on file with cardholders issuing bank

**Using Payments Cards Onlinecard verification number (CVN)Detects fraud by comparing the verification number printed on the signature strip on the back of the card with the information on file with the cardholders issuing bank

**Using Payments Cards OnlineFraudulent Credit Card TransactionsAdditional tools used to combat fraud include:Manual reviewFraud screens and decision modelsNegative filesCard association payer authentication services

**Using Payments Cards Onlinevirtual credit cardAn e-payment system in which a credit card issuer gives a special transaction number that can be used online in place of regular credit card numbers

Stored-Value CardsA stored-value card can be an elaborate smart card or a simple plastic card with a magnetic strip that records the currency balance. A smart card is better suited for Internet payment transactions because it has limited processing capability.

**Smart CardsPlastic card containing an embedded microchip Available for over 10 yearsSo far not successful in U.S., but popular in Europe, Australia, and JapanSmart cards gradually reappearing in U.S.; success depends on:Critical mass of smart cards that support applicationsCompatibility between smart cards, card-reader devices, and applications

**Smart Card ApplicationsTicketless travelSeoul bus system: 4M cards, 1B transactions since 1996Planned the SF Bay Area systemAuthentication, IDMedical recordsEcashStore loyalty programsPersonal profilesGovernmentLicensesMall parking . . .

**Advantages and Disadvantages of Smart CardsAdvantages:Atomic, debt-free transactionsFeasible for very small transactions (information commerce)(Potentially) anonymousSecurity of physical storage(Potentially) currency-neutralDisadvantages:Low maximum transaction limit (not suitable for B2B or most B2C)High Infrastructure costs (not suitable for C2C)Single physical point of failure (the card)Not (yet) widely used

**Mondex Smart CardHolds and dispenses electronic cash (Smart-card based, stored-value card)Developed by MasterCard InternationalRequires specific card reader, called Mondex terminal, for merchant or customer to use card over InternetSupports micropayments as small as 3c and works both online and off-line at stores or over the telephoneSecret chip-to-chip transfer protocolValue is not in strings alone; must be on Mondex cardLoaded through ATMATM does not know transfer protocol; connects with secure device at bank

**Mondex Smart Card Processing

**Mondex transactionHere's what happens "behind the scenes" during a Mondex transaction between a consumer and merchant. Placing the card in a Mondex terminal starts the transaction process: Information from the customer's chip is validated by the merchant's chip. Similarly, the merchant's card is validated by the customer's card. The merchant's card requests payment and transmits a "digital signature" with the request. Both cards check the authenticity of each other's message. The customer's card checks the digital signature and, if satisfied, sends acknowledgement, again with a digital signature. Only after the purchase amount has been deducted from the customer's card is the value added to the merchant's card. The digital signature from this card is checked by the customer's card and if confirmed, the transaction is complete.

**Mondex Smart CardDisadvantagesCard carries real cash in electronic form, creating the possibility of theftNo deferred payment as with credit cards -cash is dispensed immediatelySecurityActive and dormant security softwareSecurity methods constantly changingITSEC E6 level (military)VTP (Value Transfer Protocol)Globally unique card numbersGlobally unique transaction numbersChallenge-response user identificationDigital signaturesMULTOS operating systemfirewalls on the chip

Smart Cardssmart cardAn electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card

Smart CardsTypes of Smart Cardscontact cardA smart card containing a small gold plate on the face that when inserted in a smart card reader makes contact and passes data to and from the embedded microchipcontactless (proximity) cardA smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device without contact between the card and the card reader

Smart Cardssmart card readerActivates and reads the contents of the chip on a smart card, usually passing the information on to a host system

smart card operating systemSpecial system that handles file management, security, input/output (I/O), and command execution and provides an application programming interface (API) for a smart card

Smart CardsSecuring Smart CardsSmart cards store or provide access to either valuable assets or to sensitive informationBecause of this, they must be secured against theft, fraud, or misuseThe possibility of hacking into a smart card is classified as a class 3 attack, which means that the cost of compromising the card far exceeds the benefits

E-Cards (cont.) Optical memory cardsStores 4MB of data; once written, data cannot be changed or removedIdeal for keeping records (medical files)Require expensive card readersCategorize smart cards by how they store dataContact cardinsert in smart card readerContactless cardembedded antenna read by another antenna (mass-transit applications)

E-Cards (cont.)Smart cards are computer devices and require:Chip with an operating system to run applicationsProgramming language to write applicationsMultipurpose cards use new operating systemsMultOSJavaCardMicrosoft windows for smart cards

Figure 14-8Smart Card Image Embedded chipSource: Visa.

Smart CardsApplications of Smart CardsRetail Purchasese-purseSmart card application that loads money from a card holders bank account onto the smart cards chipCommon Electronic Purse Specification (CEPS)Standards governing the operation and interoperability of e-purse offeringsTransit FaresE-Identification

Smart CardsApplications of Smart CardsTransit FaresTo eliminate the inconvenience of multiple types of tickets used in public transportation, most major transit operators in the United States are implementing smart card fare-ticketing systems

E-IdentificationBecause they have the capability to store personal information, including pictures, biometric identifiers, digital signatures, and private security keys, smart cards are being used in a variety of identification, access control, and authentication applications

Electronic ChequesLeverages the check payments system, a core competency of the banking industry. Fits within current business practicesWorks like a paper check does but in pure electronic form, with fewer manual steps. Can be used by all bank customers who have checking accountsDifferent from Electronic fund transfers

How does echeck work?Exactly same way as paper Check writer "writes" the echeck using one of many types of electronic devices Gives" the echeck to the payee electronically. Payee "deposits" echeck, receives credit, Payee's bank "clears" the echeck to the paying bank. Paying bank validates the echeck and "charges" the check writer's account for the check.

E-CheckingElectronic checkbookCounterpart of electronic walletTo be integrated with the accounting information system of business buyers and with the payment server of sellersTo save the electronic invoice and receipt of payment in the buyers and sellers computers for future retrievalExample : SafeCheckUsed mainly in B2B

Figure 14-14Digital of Signatures in E-Check ProcessingSource: Anderson (1998).

E-Checking (cont.)Treasury Department expects e-checks to:Enhance security through use of public key cryptographyPush a payment to the payee and not pull funds from general account of the U.S.Leverage Internet for its strength as ubiquitous communication vehicleIncrease payment choices for U.S. Treasury payees

E-CheckingBenefits of e-check processing:It reduces the merchants administrative costs by providing faster and less paper-intensive collection of fundsIt improves the efficiency of the deposit process for merchants and financial institutionsIt speeds the checkout process for consumersIt provides consumers with more information about their purchases on their account statementsIt reduces the float period and the number of checks that bounce because of insufficient funds (NSFs)

Exhibit 12.3 Processing E-Checks with Authorize. Net

Overview of NetBill: - NetBill is a dependable, secure and economical payment method for purchasing digital goods and services through the Internet. - NetBill protocol is developed by Carnegie Mellon University. - In partnership with Visa International and Mellon Bank, the first trial of the system was installed in early 1996. Major goals of NetBill: - Support high transaction volumes at low cost - Provide authentication, privacy, and security for transactions - Provide account management and administration for consumers and merchantsElectronic Check Payment System: NetBill

Electronic Check Payment Process: NetBillNetBillServerCustomerMerchantBankNetwork

Electronic Check Payment System: NetBill1. Consumers application send a price quote request to the merchants application through a checkbook library.2. Merchants application sends back the price quote the consumers application.3. Consumer accepts the price quote, and then sends a purchase request through the Checkbook library.4. Merchants application sends to the consumers Checkbook encrypted in a one-time key.5.Consumer sends a electronic payment order (EPO) to merchants application.6. The merchants application sends the endorsed EPO to the NetBill server.7. NetBill server verifies that the consumer and merchant signatures are valid. Then, return the merchant a digitally signed receipt with a decryption key.8. The merchants application forward the NetBill servers receipt to the Check book.NetBillServerCustomerMerchant12348675

Electronic Check Payment System: NetBillNetBill Archecture: (Source: NetBill 1994 Prototype)ConsumerApplication

CheckbookMerchantApplication

TillUser Admin.ServerTransactionServerSecurityServerSystem Admin.ServerPayment &Collection ServerDB

Electronic Check Payment System: NetBillMajor features of NetBill: - Certified delivery: delivering encrypted information goods and then charging against the consumers NetBill account. Then, decryption key registration are used at both the merchants application and the NetBill server. - Scalability: the bottleneck in the NetBill model is the NetBill Server which supports many different merchants. - Support for flexible pricing: by including the steps of offer and acceptance. The merchant can calculate a customized quote for individual consumer. - Protection of consumer accounts against unscrupulous merchants in a conventional credit card transaction.

Electronic Check Payment System: NetBillSecurity Mechanisms of NetBill: - Create a NetBill account for each consumer by using a unique user ID and the RSA public key. - the key pair is certified by NetBill and is used for signatures and authentication in the system. -These signatures are used to check the elements of NetBill transactions (the price quote, the acceptance, etc) really came from the right parties. - NetBill uses symmetric cryptogrphy method for message authentication and encryption and decryption.

- Objectives: ---> Micro-payment situations: Although micro-payment systems share the similar requirements of other payment systems, they focus on special markets, where: - Low-value transactions involved less than the value of smallest coin. - Non-tangible and network-deliverable merchandise examples: archived magazines, journals, CD, software, - Special requirements: - Fast and low cost payment transactions. - Very small amount of value - Reduced the number of involved parties - High scalable The issues of other payment systems: - Account-based systems have high transaction costs. - Transaction speed in electronic checking systems is slow. - Electronic money systems involve more parties, have low transaction speed, and cause poor scalability.Micro-Payment Systems

- Objectives: ---> Micro-payment situations: Although micro-payment systems share the similar requirements of other payment systems, they focus on special markets, where: - Low-value transactions involved less than the value of smallest coin. - Non-tangible and network-deliverable merchandise examples: archived magazines, journals, CD, software, - Special requirements: - Fast and low cost payment transactions. - Very small amount of value - Reduced the number of involved parties - High scalable The issues of other payment systems: - Account-based systems have high transaction costs. - Transaction speed in electronic checking systems is slow. - Electronic money systems involve more parties, have low transaction speed, and cause poor scalability.Micro-Payment Protocols

Micro-payment Protocols: - Millicent, developed by Digital Equipment Corp. in 1995. - SubScrip, developed at the University of Newcastle, Australia. - PayWord, developed by Ron Rivest (MIT) and Adi Shamir. - MicroMint, developed by Ron Rivest and Adi Shamir. - iKP micropayment protocol Micro-payment systems do not available in conventional commerce. They open many new areas of business. Examples: - Millicent payment system - Micro Payment Transfer Protocol (MPTP) based on PayWord.Micro-Payment Protocols and Systems

- Important features of Micro-payment protocols and systems: - Simplified verification - Simple security mechanisms - Very low cost transactions - Very fast speed - Simplified architecture - Major factors on transaction costs: - Payment methods - Complexity of security mechanisms - The number of involved parties - Transaction model (on-line/off-line)Micro-Payment Systems

Overview of Millicent: Millicent payment protocol is designed for low-amount transactions over the Internet. It is developed by Digital - Support low-cost, secured transactions (less than one cent) - Use non-expensive symmetric crytographic algorithms - Use scrip as digital cash for customers to make purchases from vendors - Provide decentralized validation of electronic cash at the vendors server - Provide no additional communications, off-line processing. Business market: electronic publishing, software and game industries. Performance: 14,000 pieces of Scrip can be produced per second. 8,000 payments can be validated per second, with change Scrip being produced. A public trial of the Millicent system was scheduled for the summer of 1997.Micro-Payment Protocol: Millicent

MilliCent model: MilliCent protocols use a form of electronic currency called Scrip to connect three involved parties: - vendors, customers, and brokers. Scrip is vendor specific. A Millicent broker: --> medicate between vendors and customers to simplify the tasks they perform. --> aggregate micro-payments --> sell vendor Scrip to customers --> handle the real money in the Millicent system. --> maintain customer accounts and vendors (subScription services) --> buy and produce large chunks of vendor Scrips (for licensed vendors) Vendors: --> are merchants selling low-value services or information to customers Customers: --> buy broker Scrip with real money from selected brokers. --> use the vendor Scrips to make purchases.Micro-Payment Protocol: MilliCent

31. Customer sends broker-scripts.

2. Customer gets dealer-script.

3. Customer send dealer-scripts.BrokerCustomerDealerMicro-Payment Protocol: MilliCent12Internet

Electronic CashElectronic cash is a general term that describes the attempts of several companies to create a value storage and exchange system that operates online in much the same way that government-issued currency operates in the physical world. Concerns about electronic payment methods include:PrivacySecurityIndependencePortabilityConvenience

How Electronic Cash WorksTo establish electronic cash, a consumer goes in person to open an account with a bank. The consumer uses a digital certificate to access the bank through the Internet to make a purchase. Consumers can spend their electronic cash at sites that accept electronic cash for payment. The electronic cash must be protected from both theft and alteration.

Providing Security for Electronic CashTo prevent double spending, the main security feature is the threat of prosecution. A complicated two-part lock provides anonymous security that also signals when someone is attempting to double spend cash. One way to trace electronic cash is to attach a serial number to each electronic cash transaction.

Providing Security for Electronic Cash

*Electronic Cash -- Idea 1Bank issues character strings containing:denominationserial numberbank ID + encryption of the aboveFirst person to return string to bank gets the moneyPROBLEMS:Cant use offline. Must verify money not yet spent.Not anonymous. Bank can record serial number.Sophisticated transaction processing system required with locking to prevent double spending.

*eCash (Formerly DigiCash)Withdrawal(Minting):Spending:Personal Transfer:ALICE BUYS DIGITALCOINS FROM A BANKALICE SEND UNSIGNEDBLINDED COINS TO THE BANKBANK SIGNS COINS, SENDS THEM BACK. ALICE UNBLINDS THEMALICE PAYS BOBBOB VERIFIES COINSNOT SPENTALICE TRANSFERS COINS TO CINDYCINDY VERIFIES COINSNOT SPENTBOB DEPOSITSCINDY GETS COINS BACKWALLETSOFTWARE

*Minting eCashAlice requests coins from the bank where she has an accountAlice sends the bank { { blinded coins, denominations }SigAlice }PKBankBank knows they came from Alice and have not been altered (digital signature)The message is secret (only Bank can decode it)Bank knows Alices account numberBank deducts the total amount from Alices account

*Minting eCash, cont.Bank now must produce signed coins for AliceEach of Alices blinded coins has a serial#Banks public key for $5 coins is (e5, m5) (exponent and modulus). Private key is d5.Alice selects blinding factor rAlice blinds serial# by multiplying by r e5 (mod m5) (serial# r e5) (mod m5) Banks signs the coin with its private d5 key: (serial# r e5)d5 (mod m5) = (serial#)d5 r (mod m5)Alice divides out the blinding factor r. Whats left is (serial#)d5 (mod m5) = { serial# } SKBank5 Just as if bank signed serial#. But Bank doesnt know serial#. e5 d5 = 1 (mod m5)

*Spending eCashAlice orders goods from BobBobs server requests coins from Alices wallet:payreq = { currency, amount, timestamp, merchant_bankID, merchant_accID, description }Alice approves the request. Her wallet sends:payment = { payment_info, {coins, H(payment_info)}PKmerchant_bank } payment_info = { Alices_bank_ID, amount, currency, ncoins, timestamp, merchant_ID, H(description), H(payer_code) }

*Depositing eCashBob receives the payment message, forwards it to the bank for deposit by sendingdeposit = { { payment }SigBob }PKBank

Bank decrypts the message using SKBank.Bank examines payment info to obtain serial# and verify that the coin has not been spentBank credits Bobs account and sends Bob a deposit receipt:deposit_ack = { deposit_data, amount }SigBank

*Proving an eCash PaymentAlice generates payer-code before paying BobA hash of the payer_code is included in payment_infoBob cannot tamper with H(payer_code) since payment_info is encrypted with the banks public keyThe merchants bank records H(payer_code) along with the depositIf Bob denies being paid, Alice can reveal her payer_code to the bankOtherwise, Alice is anonymous; Bob is not.

*Lost eCashEcash can be lost. Disk crashes, passwords forgotten, numbers written on paper are lost.Alice sends a message to the bank that coins have been lostBanks re-sends Alice her last n batches of blinded coins (n = 16)If Alice still has the blinding factor, she can unblindAlice deposits all the coins bank in the bank. (The ones that were spent will be rejected.)Alice now withdraws new coinseCash demo

**E-cash ConceptMerchantConsumerBank123451. Consumer buys e-cash from Bank2. Bank sends e-cash bits to consumer (after charging that amount plus fee)3. Consumer sends e-cash to merchant4. Merchant checks with Bank that e-cash is valid (check for forgery or fraud)5. Bank verifies that e-cash is valid6. Parties complete transaction: e.g., merchant present e-cash to issuing back for deposit once goods or services are delivered

Consumer still has (invalid) e-cash

**Electronic Cash SecurityComplex cryptographic algorithms prevent double spendingAnonymity is preserved unless double spending is attemptedSerial numbers can allow tracing to prevent money launderingDoes not prevent double spending, since the merchant or consumer could be at fault

Anonymous payments1. Withdraw money:cyrpographically encodedtokens2. Transform so merchant can check validity

but identity hidden3. Send token after addingmerchants identity4. Check validity and send goods5. Deposit token at bank.If double spent reveal identity and notify policecustomermerchant

Problems with the protocolNot money atomic: if crash after 3, money lostif money actually sent to merchant: returning to bank will alert policeif money not sent: not sending will lead to lossHigh cost of cryptographic transformations: not suitable for micropaymentsExamples: Digicash

**Electronic CashPrimary advantage is with purchase of items less than $10Credit card transaction fees make small purchases unprofitableMicropaymentsPayments for items costing less than $1

**Past and Present E-cash SystemsCyberCashCombines features from cash and checksOffers credit card, micropayment, and check payment servicesConnects merchants directly with credit card processors to provide authorizations for transactions in real timeNo delays in processing prevent insufficient e-cash to pay for the transactionCyberCoinsStored in CyberCash wallet, a software storage mechanism located on customers computerUsed to make purchases between .25c and $10PayNow -- payments made directly from checking accounts

**Past and Present E-cash SystemsDigiCashTrailblazer in e-cashAllowed customers to purchase goods and services using anonymous electronic cashRecently entered Chapter 11 reorganizationCoin.NetElectronic tokens stored on a customers computer is used to make purchasesWorks by installing special plug-in to a customers web browserMerchants do not need special software to accept eCoins.eCoin server prevents double-spending and traces transactions, but consumer is anonymous to merchant

Advantages of Electronic CashElectronic cash transactions are more efficient and less costly than other methods. The distance that an electronic transaction must travel does not affect cost. The fixed cost of hardware to handle electronic cash is nearly zero. Electronic cash does not require that one party have any special authorization.

Disadvantages of Electronic CashElectronic cash provides no audit trail. Because true electronic cash is not traceable, money laundering is a problem. Electronic cash is susceptible to forgery. So far, electronic cash is a commercial flop.

Electronic WalletsAn electronic wallet serves a function similar to a physical wallet; itholds credit cards, electronic cash, owner identification, and owner contact informationprovides owner contact information at an electronic commerce sites checkout counter Some electronic wallets contain an address book.

Electronic Wallets (cont.)Electronic wallets make shopping more efficient. Electronic wallets fall into two categories based on where they are stored:Server-side electronic walletClient-side electronic wallet

Electronic Wallets (cont.)Electronic wallets store shipping and billing information, including a consumers first and last names, street address, city, state, country, and zip or postal code. Electronic wallets automatically enter required information into checkout forms.

**An Electronic Checkout Counter Form

**Electronic WalletsAgile WalletDeveloped by CyberCashAllows customers to enter credit card and identifying information once, stored on a central serverInformation pops up in supported merchants payment pages, allowing one-click paymentDoes not support smart cards or CyberCash, but company expects to soon eWalletDeveloped by Launchpad TechnologiesFree wallet software that stores credit card and personal information on users computer, not on a central server; info is dragged into payment form from eWalletInformation is encrypted and password protectedWorks with Netscape and Internet Explorer

**Electronic WalletsMicrosoft WalletComes pre-installed in Internet Explorer 4.0, but not in NetscapeAll information is encrypted and password protectedMicrosoft Wallet Merchant directory shows merchants setup to accept Microsoft Wallet

**Entering Information Into Microsoft Wallet

**W3C Proposed Standard for Electronic WalletsWorld Wide Web Consortium (W3C) is attempting to create an extensible and interoperable method of embedding micropayment information on a web pageExtensible systems allow improvement of the system without eliminating previous workMerchants must accept several payment options to insure the widest possible Internet audienceMerchants must embed in their Web page payment information specific to each payment system This redundancy spurred W3C to develop common standards for Web page markup for all payment systemsMust move quickly to prevent current methods from becoming entrenched

**The ECML StandardElectronic Commerce Modeling Language (ECML) proposed standards for electronic walletsCompanies forming the consortium are America Online, IBM, Microsoft, Visa, and MasterCardUltimate goal is for all commerce sites to accept ECMLUnclear how this standard will incorporate privacy standards W3C set forthElectronic Commerce Modeling Language (ECML) Wallet/Merchant Standards Initiative, July 1999

**ECML - Wallet/Merchant Standard Creating a standard approach for the exchange of information will enhance the ability for digital wallets to be used at all merchant sites and therefore facilitate the growth of e-commerceECML is a universal, open standard for digital wallets and online merchants that facilitates the seamless exchange of payment and order information to support online purchase transactionsUniform field names only to start; will evolve over timeThe ECML Alliance today: America Online, American Express, Brodia (formerly Transactor Networks), Compaq, CyberCash, Discover, Financial Services Technology Consortium (FSTC), IBM, MasterCard, Microsoft, Novell, SETCo, Sun Microsystems, Trintech, and VisaECML is designed to be security protocol independent, support global implementations, and support any payment instrumentECML does not change the look and feel of a merchants site

Microsoft .NET PassportMicrosoft Passport Wallet comes preinstalled in Internet Explorer 4.0 and higher versions. All the personal data you enter into your Microsoft Passport, including; your name, address, and credit card information, are encrypted and password-protected. Passport consists of four integrated services: Passport single sign-in service, Passport Wallet Service, Kids Passport service, and public profiles.

The W3C Proposed StandardThe W3C Electronic Commerce Interest Group (ECIG) developed a set of standards called the the Common Markup for Micropayment Per-Fee-Links. This standard identifies existing system micropayment types of online connections, stored-value systems, and combined online-offline systems.

**Q&AThank You.

***52****52*52*52*52*52*52*52*52****