Documente Academic
Documente Profesional
Documente Cultură
Electronic Payment Systems: The most common internet payment method for the B2C EC is credit card. However, a concern for customers is security while sending over the internet, credit card information, including name, card number, and expiration date. Buyers also are concerned with privacy. They do not want others to know who they are, or what they buy. At present most companies use Security Socket Layer (SSL) Protocol allows customers to encrypt (coding or decoding of data in transmission) their order at their PC. Another secure protocol, called Secure Electronic Transaction (SET). It is a perfect protocol.
Electronic Payments and Protocols: Secured payment systems are critical to the success of EC. The emergence of electronic shopping on the Internet has necessitated new payment methods. Cash cannot be a medium of payment between remote buyers and sellers in cyberspace. Therefore, the credit card has become the most popular payment method for consumer-initiated cyber shopping. In online credit card payment system, the computer asks the buyer to input the card number, buyers name and expiration date. In most e-mails, the answers to these questions are encrypted. However, not all consumers are confident with the safety of online message delivery. Therefore, sellers are obliged to offer multiple options for transmission of credit card information, so that buyers can select their preferred method. (The customer may send the card information online or by making a toll-free telephone call)
Security Schemes in Electronic Payment System: The key security schemes adopted for electronic payment systems are: Encryption. Digital Signature Message Digest Use of Certificates and Certifying Authority/Authorities
Encryption: It means coding or decoding of the date in transmission. There are two types of encryption. Symmetric or Private Key Encryption. Asymmetric or Public Key Encryption.
Symmetric or Private Key Encryption: In this type of encryption the sender and receiver are used a single secret key. The most widely accepted algorithm for secret key encryption is the Data Encryption Standard (DES). The problem with a single key is that it needs to be transmitted to a counterpart.
Key receiver
Digital Signature
It is used for the authentication of senders by applying public key cryptography in reverse. To make a digital signature, a sender encrypts a message with his private key. In this case, any receivers with his public key can read it, but the receiver can be sure that the sender is really the author of the message. A digital signature is usually attached to the sent message, just like the handwritten signature
Message digest
Message digest is a process required when to make a digital signature, the base message needs to be normalized to a predetermined length of 160 bits, regardless of the length of the original message. The normalization process can be achieved by hashing the original message. This hashed message is called a message digest.
A certificate authority is a body, either public or private, that seeks to fill the need for trusted third-party services in EC. A CA accomplishes this by issuing digital certificates that attest to certain facts about the subject of the certificate. In the context of credit cards, the cardholder certificate authority (CCA) issues the certificate to cardholders, the merchant certificate authority (MCA) to merchants who operate e-stores, and the payment gateway certificate authority (PCA) to payment gateway service provider. The above CAs need their own certificates from a nationally designated CA, which is called a geopolitical certificate authority (GCA). For the internal exchange of certificates, a brand certificate authority (BCA). Eventually, a single root certificate authority (RCA) needs to certify the BCAs. So far, it is not decided who will become the RCA.
BCA
GCA
CCA
MCA
PCA
3.
4. 5. 6.
CardBand
Payment request
Electronic Fund Transfer and Debit cards are used as the second most popular electronic payment method on the Internet Electronic Fund Transfer (EFT) EFT, designed to transfer a certain amount of money from one account to another, existed a long time before the initiation of Internet Commerce. This money may be transferred to another bank through automated clearing house.
Bank
Electronic Fund Transfer Process The customers terminal can be an automatic teller machine (ATM), PC, or telephone terminal. Traditionally, a dedicated financial VAN was used to link the banks through ACHs. Customers were expected to link up to the banks server by a dial-up connection. The security on the VAN, as indicated earlier, is higher than that of the internet. As the Internet propagates and becomes a charge-free medium of public data communication, it is becoming the most economical medium of EFT.
Many cyber banks like bank of America and Citibank also support internet based transfers. However, to transfer funds on the internet safely, the encryption of messages is essential. Currently, most cyberbanks do not utilize certificates. To adopt the concept of a certificate for EFT, a SET- like protocol for pure cyberbanks and for legacy bank systems that are linked with the internet through payment gateways, need to be developed.
Customer (payer)
Cyber Bank Payment Gateway
Debit card
Bank