UNIT-V

Electronic Payment Systems: The most common internet payment method for the B2C EC is credit card. However, a concern for customers is security while sending over the internet, credit card information, including name, card number, and expiration date. Buyers also are concerned with privacy. They do not want others to know who they are, or what they buy. At present most companies use Security Socket Layer (SSL) Protocol allows customers to encrypt (coding or decoding of data in transmission) their order at their PC. Another secure protocol, called Secure Electronic Transaction (SET). It is a perfect protocol.

Electronic Payments and Protocols: Secured payment systems are critical to the success of EC. The emergence of electronic shopping on the Internet has necessitated new payment methods. Cash cannot be a medium of payment between remote buyers and sellers in cyberspace. Therefore, the credit card has become the most popular payment method for consumer-initiated cyber shopping. In online credit card payment system, the computer asks the buyer to input the card number, buyers name and expiration date. In most e-mails, the answers to these questions are encrypted. However, not all consumers are confident with the safety of online message delivery. Therefore, sellers are obliged to offer multiple options for transmission of credit card information, so that buyers can select their preferred method. (The customer may send the card information online or by making a toll-free telephone call)

Electronic Payments and Protocols cont..

A )Secure Electronic Transaction Protocol for Credit Card Payment: The risk of faked use of another persons credit card is inherent unless a protocol can confirm the truthfulness of the cardholder on the other side of cyberspace. In fact, appropriate encryption techniques are the most secure protection against wiretapping during transmission. Not only does security during transmission need to be resolved but also authentication of the cardholder.

Electronic Payments and Protocols cont..

b) Electronic Fund Transfer and Debit Cards on the Internet: Electronic Fund Transfer (EFT), a popular electronic payment method, transfers a money value from one bank account to another in the same or a different bank.

Security Schemes in Electronic Payment System: The key security schemes adopted for electronic payment systems are: Encryption. Digital Signature Message Digest Use of Certificates and Certifying Authority/Authorities

Encryption: It means coding or decoding of the date in transmission. There are two types of encryption. Symmetric or Private Key Encryption. Asymmetric or Public Key Encryption.

Symmetric or Private Key Encryption: In this type of encryption the sender and receiver are used a single secret key. The most widely accepted algorithm for secret key encryption is the Data Encryption Standard (DES). The problem with a single key is that it needs to be transmitted to a counterpart.

The process of sending messages using secret key

Original Message message Scrambled message
Internet Scrambled Message Original Message

Key Sender(= Key receiver)

Key receiver

Asymmetric or Public Key Encryption.

Public Key encryption, also known as asymmetric encryption, uses two different keys: a public key and a private key. the public key is known to all authorized users but the private key is known only to one person- its owner. The private key is generated at the owners computer and is not sent to anyone. To send a message safely using public key cryptography, the sender encrypts the message with the receivers public key. This requires that the receivers public key be delivered in advance. The message encrypted in this manner can only be decrypted with the receivers private key.

The process of sending messages using public key cryptography

Original Message message Scrambled message
Internet Scrambled Message Original Message

Public Key receiver

Private Key receiver

Digital Signature
It is used for the authentication of senders by applying public key cryptography in reverse. To make a digital signature, a sender encrypts a message with his private key. In this case, any receivers with his public key can read it, but the receiver can be sure that the sender is really the author of the message. A digital signature is usually attached to the sent message, just like the handwritten signature

Message digest
Message digest is a process required when to make a digital signature, the base message needs to be normalized to a predetermined length of 160 bits, regardless of the length of the original message. The normalization process can be achieved by hashing the original message. This hashed message is called a message digest.

Certificates and Certificate Authority

A certificate usually implies an identifying certificate that is issued by a trusted third-party certificate authority (CA). A certificate includes records such as a serial number, name of owner, owners public keys (one for secret key exchange as receiver and one for digital signature as sender) an algorithm that uses these keys, certificate type (cardholder, merchant, or payment gateway), name of CA, and CAs digital signature.

A certificate authority is a body, either public or private, that seeks to fill the need for trusted third-party services in EC. A CA accomplishes this by issuing digital certificates that attest to certain facts about the subject of the certificate. In the context of credit cards, the cardholder certificate authority (CCA) issues the certificate to cardholders, the merchant certificate authority (MCA) to merchants who operate e-stores, and the payment gateway certificate authority (PCA) to payment gateway service provider. The above CAs need their own certificates from a nationally designated CA, which is called a geopolitical certificate authority (GCA). For the internal exchange of certificates, a brand certificate authority (BCA). Eventually, a single root certificate authority (RCA) needs to certify the BCAs. So far, it is not decided who will become the RCA.

Hierarchy of Certificate Authority

RCA

BCA

GCA

CCA

MCA

PCA

Electronic Credit Card System on the Internet

Today Credit Cards are the most popular payment method for cyberspace consumer shopping hence first we should identify the players in the credit card system and their role and importance.
The cardholder The Merchant The Card Issuer The Acquirer The Card Brand
A consumer or a corporate purchaser who uses credit cards The entity that accepts credit cards and offers goods or services in exchange for payment. A financial institution (usually a bank) that establishes accounts for cardholders and issues credit cards. A financial institution (usually a bank) that establishes an account for merchants and acquires the vouchers of authorized sales slips. Bank card associations of issuers and acquirers (like Visa and MasterCard), which are created to protect and advertise the card brand, establish and enforce rules for use and acceptance of their bank cards, and provide networks to connect the involved financial institutions.

The process of using credit cards

1. 2. Issue a credit card to a potential cardholder The cardholder shows the card to merchant when purchase The merchant then asks for approval from the brand company, and the transaction is paid by credit. The merchant keeps a sales slip The merchant sells the slip to the acquiring bank and pays a fee for the service. This is called a capturing process The acquiring bank request the brand to clear for the credit amount and gets paid. Then the brand asks for clearance to the issuer bank. The amount is transferred from issuer to brand. The same amount is deducted from the cardholders account in the issuing bank.

3.
4. 5. 6.

The process of using credit cards

1. Issue credit card 2. Show Credit Card 3. Authorization 4. Capture Cardholder Merchant

CardBand

Issuer Bank Cardholder Account Amount transfer

Payment request

Acquirer Bank Merchant Account

Electronic Fund Transfer and Debit Cards on the Internet

Electronic Fund Transfer and Debit cards are used as the second most popular electronic payment method on the Internet Electronic Fund Transfer (EFT) EFT, designed to transfer a certain amount of money from one account to another, existed a long time before the initiation of Internet Commerce. This money may be transferred to another bank through automated clearing house.

ELECTRONIC FUND TRANSFER

Banks are connected to ACH by VAN
Customer (payer) Merchant (payee)

Bank Automated Clearing House (ACH)

Bank

Electronic Fund Transfer Process The customers terminal can be an automatic teller machine (ATM), PC, or telephone terminal. Traditionally, a dedicated financial VAN was used to link the banks through ACHs. Customers were expected to link up to the banks server by a dial-up connection. The security on the VAN, as indicated earlier, is higher than that of the internet. As the Internet propagates and becomes a charge-free medium of public data communication, it is becoming the most economical medium of EFT.

Electronic Fund Transfer Process

Many cyber banks like bank of America and Citibank also support internet based transfers. However, to transfer funds on the internet safely, the encryption of messages is essential. Currently, most cyberbanks do not utilize certificates. To adopt the concept of a certificate for EFT, a SET- like protocol for pure cyberbanks and for legacy bank systems that are linked with the internet through payment gateways, need to be developed.

EFT DEBIT CARD

A debit card, also known as a check card, is a card that authorizes the EFT. When you use a debit card, the amount is immediately deducted from your saving account. The debit card allows you to spend only what is in your bank account. You can use your card anywhere merchants display the debit cards brand name or logo. A debit card is an alternative to carrying a checkbook or cash. Many ATM cards have the features of a debit card.

An architecture of Electronic Fund Transfer on the Internet (using Debit Card)

Customer (payer)
Cyber Bank Payment Gateway

Debit card

Merchant (payee) Cyber bank Payment Gateway ACH Bank

Bank

Advantages of using Debit Card

1. It is easy to obtain 2. Saves you from showing personal identification 3. It frees you from carrying cash, travelers checks, or a checkbook 4. It is more readily accept by merchant

Disadvantages of using Debit Card

1. Debit card purchases can have less protection for items that never delivered or are defective 2. Returning goods or canceling services is treated as if the purchase were made with cash or check.

Electronic payment instruments

Electronic cash (e-cash) Cash in an electronic form, usually stored on a smart card and/or in a software called digital wallet. Smart Card The concept of e-cash has been in use in the noninternet environment under the name of smart cardsince the 1970s smart cards were used to store a value of money, which decreased with use. The current generation of smart cards includes internet card chip with programmable functions. The value of money can then be deleted and recharged.

Electronic payment instruments

Digital Wallet E-cash can be moved from one card to another as simply as one person can give another person physical cash. It is a process of paying on the internet. Parents will be able to use the wallet to give electronic pocket money to their children E-cash system can be either closed or open. In open system transfer of money value between IC cards is possible. In closed system cash value in IC can only be recharged from banks account