Upload
sakshi-nagpal
View
552
Download
1
Embed Size (px)
DESCRIPTION
modules
Citation preview
BIT Noida
E-Commerce Payment Systems
Module 4Mallika
BIT Noida
References
● E-Commerce books by– Laudon
– Brat Bhaskar
– Loshin
– Murthy
● Lot of stuff on Internet
BIT Noida
Concept of Money
● Trade began with barter● When goods of buyer and seller did not match,
problem arose, ● need for common medium of exchange (token)● Initially tokens had value● Maintaining tokens was costly● Thus leather and then paper currency came● Other forms of money evolved over a period
BIT Noida
Traditional Payment Systems
● Cash payments
– customer pays in currency
– may seek receipt for payment● Cheque payments
– backed by money in bank account
– customer has proof of payment● Value exchange systems
– transfer assets of value for buying goods
– ex: mutual funds, IOUs● Credit Card systems
BIT Noida
Traditional Payment SystemsCredit Cards
● Customer signs credit card receipt to buy goods● Vendor verifies card holders identity ● Vendor accepts credit card receipt● Merchant forwards the cc receipt to card-
issuing institution● Card-issuing institution transfers amount from
customer's account to vendor. It also sends bill (statement) and copy of cc receipt to customer
BIT Noida
Traditional Payment SystemsElectronic Funds Transfers
● Credit Transfer – Initiating institution sends funds through EFT system to deposit to recipients' accounts
Ex: automatic deposit of payrolls● Debit Transfer – initiating institution draws
funds from depositors' accounts
Ex: pre-authorised bill payments
BIT Noida
EFT contd
● Banking and financial payments – Wholesale payments – bank to bank transfers
– Retail payments – ATMs, cash dispensers
– Home banking – bill payments through banks
● Retailing payments– Credit cards
– Private cards
– Charge cards
BIT Noida
Traditional Payment SystemsAnother Perspective
● Cash● Credit and debit card● Personal cheques● Traveler's cheques● Money orders● Bank drafts● Postal orders
BIT Noida
Adapting Traditional Methods to E-Commerce
● Credit cards easiest to digitize
– card number, expiry date, holder's name
– Data is easy to transfer over Internet
● Cheques Conceptually simple
– documents with information on cheque number, holder's name, payee name, amount and date
– Data is easy to transfer over Internet
● Cash Allows anonymous payments
– Value transferred immediately
– Safest way in traditional systems
– Hardest to digitize
BIT Noida
E-Commerce Payment SystemsRequirements
● Acceptability – payment system must be robust, available and accessible to all buyers, sellers and financial institutions
● Flexibility – accept several forms of payment ● Reliability – ensure and infuse confidence in
users by protecting them from system failures● Efficiency – operational costs must be near
zero and must be easy to use● Privacy – to customers' spending habits
BIT Noida
E-Commerce Payment SystemsRequirements
● Security – from– Fraud
– Double spending
– Counter-feiting
– Hardware tamper
– Unauthorized use
– non-refutable – payments must be verifiable and records maintained
● Confidentiality – all information must be protected from intruders and hackers
BIT Noida
E-Commerce Payment SystemsRequirements
● Non-traceability – of payments to other payments by same consumer
● Scalability – offer same performance and cost per transaction overhead with up or down scaling. This involves support for
– Micro-payments
– Off line operation
– Low costs of transaction
– Macro payments
BIT Noida
Economic Issues of EC Payment Systems
● Operational Issues – easily deployable
● Large user base
● Low risk – of financial loss associated with use
● Conservation – refers to value stored in digital currency over a period of time
● Ease of integration with other processes
● Ease of use – refers to
– Unobtrusiveness
– Low transaction costs
– Hardware independence
BIT Noida
Ways to Reduce Operational Risks of E-Cash
● Time validity of e-cash● Limit of amount to store and transfers● Limit on number of exchanges before
encashing● Limit number of transactions before expiry● Restrict transactions to a class of goods
BIT Noida
Ways to Reduce Operational Risks of E-Cash
● Time validity of e-cash● Limit of amount to store and transfers● Limit on number of exchanges before
encashing● Limit number of transactions before expiry● Restrict transactions to a class of goods
BIT Noida
E-Transaction Characteristics
● Atomicity -no partial transactions take place● Transfer of funds without loss in transactions● Complete transfer of goods or no transfer for
the funds transfer● Consistency in transaction policies● Isolation of transactions with one another● Durability – of transactions in cases of system
crash
BIT Noida
Types of Transactions● Based on volume
– Micro payments
– Consumer payment
– Business payments
● Based on parties involved– ATM model payments
– Unmediated 2-party payments
– Mediated 3-party payments
– Micropayments
– Anonymous payments
BIT Noida
Types of Transactions (contd)
● Based on payment protocol– Token-based payments
– Purse-based payments are prepaid
– Card or postpaid payments
● Based on traceability– Identified e-money
– Anonymous e-money
BIT Noida
E-Money Comparison Criteria
● Nature of transactions for which money is designed
● Means of settlement used to backup payments
● Approach to security, anonymity and authentication
● Risk factor – Due to expiry of e-cash
– Due to delay between goods delivery and payment
BIT Noida
Token-based Payment Systems(E-Cash)
● Combines convenience of cash with security and privacy
● Aims to be used in consumer-oriented EC
● Dominant form of payment because
– Lack of trust in banking system
– Inefficient clearing and settlement of payments
– Negative real interest rates on bank deposits● Must have same characteristic s of cash
● Must have monetary value, be interoperable, retrievable and secure
BIT Noida
Characteristics of Cash
● Negotiable – given or traded to others● Legal tender – payee is obliged to accept cash● Bearer instrument – possessor is prima facie
proof of ownership● Can be held and used by anyone● No risk on part of acceptor● Allows anonymous spending
BIT Noida
E-Cash Operation
● A pair of cryptographic keys work in tandem● One key is private and used for encoding ● Other is public and for decoding● Bank supplies public key to all customers● Users buy e-cash from a currency server
– Establish account a bank
– Maintain enough cash in the account
– When required, exchange cash in account with e-cash
BIT Noida
E-Cash Operation (contd)
● Customer uses e-cash software
● Customer generates a random number (note)
● Note sent to bank with requested amount
● Bank debits requested amount from customer's account, signs note for amount and returns
● Customer stores e-cash for further use in two ways
– Bilateral transactions -vendor verifies notes with bank's public key, if satisfied, stores it and delivers goods
– Trilateral transactions – vendor sends notes to his bank, which verifies it and credits amount to vendor's account. Note is spent only once
BIT Noida
E-Cash Issues
● Bank keeps database of issued and spent notes to avoid double spending
– expensive to bank
– unproductive
– Large overhead of verifications of notes
– E-cash issuing charges are not profitable
– Can be avoided if anonymity is removed, but bank knows one's spending habits
●
BIT Noida
E-Cash Issues (contd)
● Customer can store e-cash – Must have ability to convert into legal tender
– Ie for every e-cash unit, there would be cash in real world, for which digital proxies exist -and available - problem
– +ve balances of e-cash do not earn interests
● E-cash has divisibility issues. – Problem to issue various denominations
– Problem to return change after a sale
BIT Noida
E-Cash Issues (contd)
● Customer can store e-cash – Must have ability to convert into legal tender
– Ie for every e-cash unit, there would be cash in real world, for which digital proxies exist -and available - problem
– +ve balances of e-cash do not earn interests
● E-cash has divisibility issues. – Problem to issue various denominations
– Problem to return change after a sale
BIT Noida
E-Cash MiliCent
● Proprietary system by Digital Equipment for micro payments from 1/10th C to few tens of $
● Involves brokers who supply scrips, buyers and sellers
● Buyer acquires a quantum of broker scrip for real money
● Buyer acquires seller's scrips with broker scrip
● Buyer buys goods from seller and pays in his scrip
● Seller delivers goods and any change to buyer
● Seller converts scrip for real money with broker
BIT Noida
E-Cash MiliCent
● Efficient for sub-cent transactions● Does not use tight security mechanisms● Not complient with atomicity and consistency● Interoperability
– Many vendors use same broker, so vendor operability is possible
– Cooperation amongst brokers makes scrips generally available
● Vendors issue their won scrip and maintain its purchasing power
BIT Noida
E-Cash MicroMint
● Brokers authorize customers to make payments in MicroMints (coins) to vendors
● Brokers generate MicroMints in bulk ● Brokers issue new coins every month for real
money or unused coins of previous month● Coins are valid for one month or less if broker
so decides● Vendors convert coins with broker at their
convenience
BIT Noida
E-CashMicroMint - Security
● Any forged coins become invalid at the end of the month
● Forging possible only after broker releases coins for the month
● Broker can detect forged coins ● Broker can cancel and recall coins at any time● Broker can detect double spending of coins
BIT Noida
E-CashNetBill
● Designed for buying information goods
● Customer buys goods from seller
● Seller delivers goods in encrypted form and bill
● Customer verifies goods for integrity, sends payment message to merchant
● Merchant submits payment message, buyer's account information and product decryption key to NetBill server
● Server verifies and confirms buyer to seller
● Merchant delivers decryption key to buyer
● All communications use a combination of public- and private- key encryptions
BIT Noida
E-CashDigiCash
● Uses digital coins called CyberBucks● CyberBucks are exchanged between parties● Users pay for DigiCash client software called
ecash through password and user ID● Users open account with DigiCash from client
to get a wallet● Wallet enables users to get CyberBucks from
DigiCash server
BIT Noida
E-CashDigiCash - Transactions
● Buyer orders products from EC site● Merchant makes payment request to buyer● Request includes merchand ID, amount● User authorises payment ● CyberBucks are exchanged between wallets● DigiCash provides remote shop server for small
retail merchants that maintains their wallets
BIT Noida
Smart Card Payment Systems
● Smart cards are credit-, debit- or other cards
● Tried since 1990's. Popular since advent of mobile phones
● Classified based on
– Technology
● Passive cards● active cards
– Connectivity
● Contactful● contactless
– Application
– Relationship cards
– Electronic purses
BIT Noida
Smart CardsMondex - Hardware
● Smart card to store digital money● Retailer terminal transfers funds from card to
terminal● Wallet stores larger amounts than card● Balance reader reveals balance on a card● Hotline accesses accounts, transfers money to
cards, check balance etc● ATM to recharge card, transfer money from
card to account
BIT Noida
Smart CardsMondex – Transaction Sequence
● Customer loads money on card from ATM● When buying, produces card to point-of-sale
device and authorizes money transfer● Point-of-sale device deducts required amount
from card and adds to retailer's chip in device
BIT Noida
Mondex – Pros and Cons
● Mondex can be connected to PCs● Highly secure● Buyers' details do not travel over Internet, only
money value travels● Tamper-proof ● Uses proprietary hardware ● Banks can trace all transactions and can build
customer profiles to sell
BIT Noida
Smart Card Payment SystemsNetFare
● Merchants– Establish account with NetFare
– Use NetFare-provided codeto link to it
– NetFare server responds with go/nogo to buyer authentication
– NetFare credits merchant's payments to his bank account monthly
BIT Noida
Smart Card Payment SystemsNetFare
● Customers– Purchase NetFare card of some denomination
– Shops on Internet and pays with card by entering his/her ID and PIN
– Can check his NetFare balance at its server
– Credit card or bank account information never goes on network, so safe
BIT Noida
Cheque Payment Systems
● Another form of electronic tokens
● Buyers register with cheque issuer for e-cheques
● On purchases, sends cheque to merchant for a certain amount over email
● Cheque bears payer's account details, amout, payee's details, peyer's digital sign and bank's sign
● Payee endorses cheque to his accounting for verification and payment
● will be cleared through ACH
BIT Noida
Cheque Payment Pros
● Works the same way as traditional cheque● Well suited for micropayments● Use of private key encryption makes it faster● Financial risk is assumed by accounting server
– Acceptable to many
– Scalability is good
● Create float in business
BIT Noida
Cheque Payments FSTC E-Cheque
● All electronic payment and deposit system
● Can work from a variety of devices
● Fast and secure settlement of accounts
● No need for prearrangement with bank, works with existing system
● Uses digital signs and endorsing cheques
● Can work with various scenarios
– Deposit and clear- seller deposits cheque in his bank account
– Cash and transfer – seller presents cheque at buyer's bank
– Lock box - cheques go into postbox and transferred directly to bank
– Funds transfer – buyer sends cheque to his bank, which transfers money to seller
payments collected at a secure post office box and transported directly to the bank for processing
BIT Noida
Cheque Payment SystemsMandate
● A bank issues Mandate machine to customer with requested number of cheques of requested denomination
● Bank issues two public-key pairs for customer● One's private-key for sign, bank's public-key to
encrypt cheque● Mandate generates cheque, signs, encrypts
and sends them to merchant's Mandate● Seller endorses and sends cheque to his bank●
BIT Noida
Cheque Payment SystemsNetCheque
● Users maintain accounts with NetCheque servers
● Buyers write cheques with their digital sign using write-cheque function
● Sellers endorse cheques to accounting servers using deposit-cheque function
● Users can find status of account and cheques using statement function
● NetCash is designed for micro payments and anonymity of customers
● Can work with various currencies
● Uses Kerberos for authentication
BIT Noida
Cheque Payment SystemsMiniPay
● From IBM for open standard, low-cost system
● Each day, buyer acquires spending and authentication certificate from MiniPay server
● When buyer needs, MiniPay client generates payment order and sends to merchant
● Seller verifies payment order with server for buyer authentication and sufficiency of money
● If satisfied, merchant delivers requested information and stores payment order
● Each day, seller sends pay orders to server for clearing
BIT Noida
Card Payment Systems
● Each user generates a key-pair.
● User sends public key to bank to its public key center
● Secret key is encrypted with password
● Bank gives user card number and card limit
● Buyer generates message with card number, amount, expiry date and time stamp
● Buyer signs and encrypts message
● Sender signs message and resends for verification
BIT Noida
Card Payment Systems
CustomerMerchantServer
Credit card Processor
Customer's Bank
1. encrypted card number
2. verify card
3. verify card
5. ok or not ok
4. authorize
6. deliver goods
7. monthly settlement
BIT Noida
Card Payment SystemsCyberCash
● Buyers and sellers acquire software from CyberCash
● Buyers get a wallet with CyberCash pay button
● Merchants have account with bank that deals with CyberCash
● Uses combination or RSA and DES for security
● Authentication uses MD5
● Signatures use RSA
● Users' information is kept private
● Not economical for micro payments
● CyberCoin is designed for mecro payments
BIT Noida
Card Payment SystemsCyberCash
Card issuer
Customer Merchant
Acquirer
CyberCash
1. place order
2. receive invoice
3. encrypted payment
10. deliver goods
4. Payment message
9. go or no go
5. decrypted authorization request and capture
8. authorization response.
6. authorization request
7. authorization response
11. account settlement
12. statement
BIT Noida
Card Payment SystemsFirstVirtual
● Designed for information goods● Does not use encryption● Sensitive data does not travel over network● Works with existing software on users' PCs● Small retailers can use InfoHaus – vertual mall
run by FirstVirtual
BIT Noida
Card Payment SystemsFirstVirtual
● Makes following assumptions
– Merchants can produce goods at no incremental cost
● Stolen goods do not cost merchant anything– Buyers need to examine goods before deciding to
buy
– Buying and selling should be simple and has as low entry cost in time, money and effort as possible
● Goods can be delivered on any Internet application
● Depends on automation of business processes
● Keeps extensive documentation of transactions
BIT Noida
FirstVirtual – Merchant Accounts
● With Pioneer application – FV gives sellers a application number and
instructions to send bank account information to FV via mail
– FV deposits merchant's money through ACH
● With Express application– For merchants with existing merchant accounts
● Buyers pay initiation fee● Sellers pay setup fee, transaction on sale,
transaction fee on bank deposits
BIT Noida
FirstVirtual – Transaction Process
● Customer downloads offered information form merchant's server giving FV ID
● Merchant's server sends information
● Server emails price of information to customer and FV
● FV emails customer to ask if he/she would pay
● If customer agrees to pay, merchant's account is credited for the price of information
● If customer reports fraud, transaction and his ID are cancelled
● FV terminates customers who consistantly download information without pay