Electronic Money
E-commerce currency
Will Banks Be Disintermediated?
Will Central Banks Be Disintermediated?
E-commerce
Prof. S. Rafaeli
2
E-commerce
Prof. S. Rafaeli
3
E-commerce
Prof. S. Rafaeli
4
E-commerce
Prof. S. Rafaeli
5
E-commerce
Prof. S. Rafaeli
6
E-commerce
Prof. S. Rafaeli
7
E-commerce
Prof. S. Rafaeli
8
What is a Commercial Transaction?
Customer walks into store, examines wares Customer decides to purchase item Customer pays for item Merchant delivers item Returns/exchanges
E-commerce
Prof. S. Rafaeli
9
Types of Money?
Method Anonymous Trail Credit/debit Peer to Peer
Cash
Credit Card
Check/Debit
E-commerce
Prof. S. Rafaeli
10
Types of Money? (2)
Method Immediate/delay Gross/net Fees: Fixed or fraction
Cash
Credit CardNetFraction
Check/Debit GrossFixed
In the physical world, check payments far outnumber credit card transactions. Not so on the internet.
E-commerce
Prof. S. Rafaeli
11
Types of Money (3)
Timing:contemporaneous, before or after transaction
Finality and Revocability
Privacy, Anonymity
Authentication(can I have 2 pieces of ID, please?”)
Vulnerability to Fraud or Loss
Convenience and Cost of Instrument
E-commerce
Prof. S. Rafaeli
12
E-commerce
Prof. S. Rafaeli
13
Rules That Govern Payment Systems
In the US, state law: the Universal Commercial Code: negotiable instruments, checking systems, deposits.
Federal Law regulates banks. Regulation Z protects consumer interests in credit card transactions (limiting liability). Regulation E governs electronic funds transfers.
E-commerce
Prof. S. Rafaeli
14
How is Commerce on the Internet Different?
“On the Internet, nobody knows you’re a dog.” Customer & merchant never meet Large potential for fraud Internet transactions easily intercepted
E-commerce
Prof. S. Rafaeli
15
Guiding Principles for Digital Money
Speedily move authentic, authorized, integrity-protected, confidential, non-repudiable messages over an untrustworthy medium between counterparties who need share no prior relationship.
E-commerce
Prof. S. Rafaeli
16
Guiding Principles for Digital Money
Not simple! For example: What does “authorized” mean?
Carrying two signatures?
Self-authorizing, like cash?
Having a delegation chain wired into it?
Provably logged into a repository?
E-commerce
Prof. S. Rafaeli
17
E-commerce
Prof. S. Rafaeli
18
Guiding Principles for Digital Money
Independence of location Security (no re-spending) Privacy (no traceability) Offline payment (independence of transport means)
Transferability (liquid + identity removed)
Divisibility and recombination There are currently more systems than there
ever will be
E-commerce
Prof. S. Rafaeli
19
Internet Payment Taxonomy
Wave 3:
Wave 2:
Wave 1:
Credit CardsCredit Cards
EDIEDI
SmartCardsSmartCards
Wave 4:
MicrocommerceMicrocommerce
E-commerce
Prof. S. Rafaeli
20
Building Trust Consumer skepticism [ATM saga] Bank conservatism another issue Authentication: merchant and customer Transaction security Transaction integrity Non-repudiability Consumer protection Authorization Confidentiality
E-commerce
Prof. S. Rafaeli
21
Parts of the Puzzle
Problem Solution
Transaction security encryptionConsumer authentication digital signature/certificateMerchant authentication digital signature/certificatetransaction integrity message digestsopen vs. closed models standards vs. proprietaryOperating costs for cash, check, credit
E-commerce
Prof. S. Rafaeli
22
Additional parts to the puzzle
Micropayments:
processing a transaction could cost $0.50 to $1.00
Pre- or post-paid tokens as a substitute
Transaction costs:
24 cents for automated call inquiry
$1.82 for call center rep $2.93 for rep. In a branch
E-commerce
Prof. S. Rafaeli
23
Electronic Payment Methods
Offline Systems Secure Servers Payment Systems Commerce Environments Digital Cash [smart cards]
E-commerce
Prof. S. Rafaeli
24
Electronic Payment Methods SET is the answer, but you have to phrase the
question very carefully… Sought after characteristics:
- Wide recognition- Preservation of value
- Hard to counterfeit- Convenient- Anonymous? (or maybe not?)- Legal? (or maybe not?)
Middleman:
Can be the phone company, ISP, credit card, etc.
E-commerce
Prof. S. Rafaeli
25
Electronic Payment Methods
E-commerce
Prof. S. Rafaeli
26
Electronic Payment Methods
Basic Architecture: 3 basic pieces:- Wallet- Cash Register- Gateway
2 Basic forms: - Conventional payment over new vehicle, or- Fundamentally new type
SEIGNORAGE - a “Holy Grail”
E-commerce
Prof. S. Rafaeli
27
Offline (?) Systems PO Orders, 800, 900 numbers, etc. Cellular phone as debit/credit device First Virtual (credit cards) Digicash (eCash) Mark Twain Bank (chapter 11 in
1998) -- hard drive wallet Cybercash, cybercoin, electronic wallet Mondex ISP (ipin) eCharge (phone & AT&T), Qpass (credit
card)
E-commerce
Prof. S. Rafaeli
28
First Virtual Internet Payment System
No use of secure protocols No sensitive information transmitted over
Internet Reliance on off-line channels Non-tangible merchandise only
E-commerce
Prof. S. Rafaeli
29
How First Virtual Worked (overview)
Customer Merchant
Online Third PartyProcessors
ClientBrowser
Merchant’sServer
VISA
DigiCash
AmericanExpress
BankAccounts
Private Label Cards
Charge CardsCredit Cards
DebitCards
J.C. Penney
PaymentServer
Request
AuthorizationVerification
E-commerce
Prof. S. Rafaeli
30
Why First Virtual Worked
Credit card # never transmitted over Internet
Customer can cancel sales in cases of fraud, unsuitability of merchandise
E-commerce
Prof. S. Rafaeli
31
Advantages/Limitations of FV Credit card # not transmitted over Internet Customer can cancel sales in cases of fraud,
unsuitability of merchandise Customers who abuse system Can’t be used for tangible goods Adoption spotty MOVE TO MESSAGEMEDIA, Only (?) 150,000
accounts First mover, 1995
E-commerce
Prof. S. Rafaeli
32
Secure Servers Use SSL or S-HTTP to
– encrypt transmission– identify merchant to customer– [identify customer to merchant]
Simple: customer types credit card # into fill-out form
BankMerchant
?
E-commerce
Prof. S. Rafaeli
33
Secure Servers: Limitations
Roll-your-own credit card validation No built-in transaction processing No customer authentication (yet) Crippled cryptography on “export” versions Credit card #’s not necessarily secure on
merchant’s server
E-commerce
Prof. S. Rafaeli
34
Online Payment Systems: CyberCash
Essentially, an encrypted card Both credit card and debit card models Secure online payment for tangible goods Supported by many banks “CyberCoin” system for small purchases of
intangible items Discontinued in 1999
E-commerce
Prof. S. Rafaeli
35
How CyberCash Worked
Bank
Merchant
Bank
$
Virtual Wallet Virtual Cash Register
E-commerce
Prof. S. Rafaeli
36
What CyberCash Cost
Free to consumer Software free to merchant
– Transaction fees set by credit card and issuing bank
– Fee schedules similar to those of a mail order house: 2-3% of transaction price + fixed fees
E-commerce
Prof. S. Rafaeli
37
SFNB:
Security First Network Bank http://www.sfnb.com Pineville, KY to Atlanta, GA Complete internet solution Competitive banking rates, products and and
costs Used to be a much bigger deal
now usurped by “me-too” regular banks
E-commerce
Prof. S. Rafaeli
38
Secure Electronic Transaction Specification (SET)
VISA, Mastercard, Netscape, Microsoft A standard, not a product Specifies
– Customer authentication– Merchant authentication– Transaction encryption– Transaction validation
E-commerce
Prof. S. Rafaeli
39
SET objectives:
Information confidentiality Data integrity Authentication (as above) Interoperability
•Card details not disclosed to merchant
• Both merchant and customer identified
•Prevents fraud
•Eliminates middleman
•Incredibly complex, slow, lots of crypto
E-commerce
Prof. S. Rafaeli
40
SET
$
SET supports DES for bulk data encryption and RSA for signatures and encryption of keys and bankcard numbers.
E-commerce
Prof. S. Rafaeli
41
SET
Bank
Merchant
Bank
$
E-commerce
Prof. S. Rafaeli
42
Example - Payment MethodMMS/Verifone option “out of the box”
MerchantMerchant
CardholderCardholder
Acquirer/processorAcquirer/processorMS Wallet andMS Wallet andclient controlclient control
vGATEvGATEPayment serverPayment server
$$
MERCHANT & COMPANYMERCHANT & COMPANY
$$
MerchantMerchantServerServer
MicrosoftMicrosoft
CardCardnetworknetwork
vPOSvPOS
Cleartext/SSLCleartext/SSL
Issuing financial institutionIssuing financial institution
VeriFone SETVeriFone SET
E-commerce
Prof. S. Rafaeli
43
DigiCash True anonymous peer-to-peer currency -
“CyberBucks” Handful of banks and merchants Now in chapter 11
Bank Bank
E-commerce
Prof. S. Rafaeli
44
Digital Cash
Bi-lateral transaction (all other forms are Tri-lateral) Purchase digital cash from bank. Cash must be backed by
legal tender Use digital cash at stores which accept it Stores redeem digital cash at the bank Bank does not know who was the actual buyer of the cash
(anonymity)
Problems: Just like cash if you lose it ..... Problems: Legal/government problems
E-commerce
Prof. S. Rafaeli
45
Digi-Cash
Bank Digital CurrencyServer
Transfer digital cash
Payor Payee
Check for Double Spending
IssueCash
Database ofspent “notes”
E-commerce
Prof. S. Rafaeli
46
Electronic Checks
Accounting Server
Transfer electronic check
Payor Check forPayor Authenitcation
Payee
checkdeposit
Bank
E-commerce
Prof. S. Rafaeli
47
Banks prefer Electronic Checks
They work in the same way as traditional checks.
Electronic checks are well suited for clearing micropayments; their use of conventional cryptography makes it much faster than systems based on public-key cryptography (e-cash).
Electronic checks create float and the availability of float is an important requirement for commerce.
The third-party accounting server can make money by charging the buyer or seller a transaction fee or a flat rate fee, or it can act as a bank and provide deposit accounts and make money on the deposit account pool.
E-commerce
Prof. S. Rafaeli
48
Banks prefer Electronic Checks
Financial risk is assumed by the accounting server and may result in easier acceptance.
Reliability and scalability are provided by using multiple accounting servers.
There can be an interaccount server protocol to allow buyer and seller to "belong" to different domains, regions, or countries.
FSTC-Electronic Check Project
Payer’s BankDebit Account
Payee
SignatureCard
Payer
Check
SignatureCertificateCertificate
Payee’s BankCredit Account
AccountsReceivable
ACH or ECP
Deposit check
Clear check
Remittance
Mail statementE-Check line item
Remittance
Signature “Card”
Remittance
E-Mail or WWW
Check
SignatureCertificateCertificate
Deposit
SignatureCertificateCertificate
CONCEPT
E-commerce
Prof. S. Rafaeli
50
Micro-Payments
E-commerce
Prof. S. Rafaeli
51
Micropayment Applications
To Meter/Audit Access
To Buy InformationArticles
Stock quotes and database queries
Cartoons and clip-art
Music and videos
To applications
For services
By security clearance
To shared resources
To Buy SoftwareJava applets
ActiveX Controls
Software add-ons
Games
E-commerce
Prof. S. Rafaeli
52
Internet Payment Transaction Ranges
Payment:
Maximum Maximum TransactionTransaction
ValueValue
TypicalTypicalTransactioTransactio
nnValueValue
MinimumMinimumTransactionTransaction
ValueValue
Mini $10.00$0.10 $1.00
Macro $5.00 $500.00$50.00
Micro $0.001 $1.00$0.01
Source Digital Equipment Corp.
E-commerce
Prof. S. Rafaeli
53
Who is the Micropayment Customer?
Traditional
Content Providers
New Age
Content Providers
“Home Alone”
Content Providers
Applet developers
Search engines
Rating services
Serialized soaps
Interactive games
Software add-ons
Shopping agents
Buyer/Seller brokering
Newspapers
Magazines
Directories
Book publishers
Newsletters
Photo libraries
Music publishers
Clip-art
e-zines
Personal essays
Subject indexes
How-To Guides
Cookbooks
Annotated bookmark files
Personalized filtering
E-commerce
Prof. S. Rafaeli
54
Per-access purchasingBased on user needInfrequent users
Bulk purchasing (aka subscriptions)Fixed price/fixed durationFrequent users
Advertising rebatesAds separate from contentUser are paid to read advertising
Content Provider Requirements
Three usage scenarios...
E-commerce
Prof. S. Rafaeli
55
Micropayment System Requirements
Support increasingly smaller transaction values Support payments both from users and to users Scale to support 100K Web sites by year 2000, 1M sites
by 2005 Be inclusive in nature Be global in scope Provide both public domain and commercial components
Overall scheme must:
E-commerce
Prof. S. Rafaeli
56
Proposed Micropayment Schemes
Carnegie Mellon
ClickShare Corp.
CyberCash
DigiCash
Digital Equipment
First Virtual
IBM
W3C
Advocate Name Basis
Netbill
ClickShare
CyberCoin
ecash
Millicent
Virtual PIN
micropayment iKP
MPTP
aggregate credit card
aggregate credit card
electronic coin
digital cash
scrip
credit card
vendor accounts
vendor accounts
Source Digital Equipment Corp.
E-commerce
Prof. S. Rafaeli
57
Digital’s Micropayment System Millicent(now Compaq)
Vendor-specific currency, called scrip Transactions:
Values down to 0.1 centsCost down to 0.002 cents
Distributed design scales well with high transaction volumes
Millicent V1.0 trial ended in November 1998 Digital (Compaq) will not be a “broker”
Source Digital Equipment Corp.
E-commerce
Prof. S. Rafaeli
58
How Millicent Worked
CustomerCustomerContentContentProviderProvider
BrokerBroker$ Money
Scrip
Scrip License
Soft goods
$ Money
Source Digital Equipment Corp.
E-commerce
Prof. S. Rafaeli
59
Micropayments Issues
Adoption by Internet users? How can anyone make money on
such small transactions? What about marginal cost of reproduction? Will different micropayment systems
ever interoperate? Risk Management: What about fraud and
control?
E-commerce
Prof. S. Rafaeli
60
Other govt. / legal / political issues
Money supply issues? Money Laundering? Govt. backdoor, trapdoor, Clipper? Munitions?
E-commerce
Prof. S. Rafaeli
61
New generation?
iPIN http://www.ipin.com(ISP)
eCHARGE http://www.echarge.com(phone)
E-commerce
Prof. S. Rafaeli
62
New generation?
CheckFree Transpoint PayMyBills.
com
E-commerce
Prof. S. Rafaeli
63
New generation?
1ClickCharge http://www.1clickcharge.com(thin client,pre-pay)
Qpass http://www.qpass.com
E-commerce
Prof. S. Rafaeli
64
New generation?
BEENZ
: Websites reward you with beenz for your presence on their site or for a little interaction.
http://www.beenz.com
E-commerce
Prof. S. Rafaeli
65
Stamps as currency?
E-Stamp http://www.estamp.com
Stamps.com
E-commerce
Prof. S. Rafaeli
66
New generation, still
Pay-Pal(x.com)
E-commerce
Prof. S. Rafaeli
67
URLs (1)
First Virtual– http://www.fv.com/
CyberCash– http://www.cybercash.com/
Open Market– http://www.openmarket.com/
E-commerce
Prof. S. Rafaeli
68
URLs (2) SET
– http://www.visa.com/ Microsoft Merchant
– http://www.microsoft.com Netscape LivePayment
– http:://home.netscape.com/ Millicent
http://www.millicent.digital.com/ DigiCash
– http://www.digicash.com/
E-commerce
Prof. S. Rafaeli
69
URLs (3)
iPIN http://www.ipin.com eCHARGE http://www.echarge.com 1ClickCharge
http://www.1clickcharge.com Qpass http://www.qpass.com