ONLINE PAYMENT

SYSTEMSE-CASH

MONDEX

NETBILL

BY:VIJETHA V BHAT K

4/2/2017 1
 Various methods have been used for online payments.
In general, the various payment mechanisms can be broadly
classified in to three categories-cash, cheques and credit
cards.

Many virtual shops, on the internet, accept payment through

digital cash, electronic cheques or the credit card mechanism.

Digital cash is the electronic equivalent of physical cash, with

all the inherent properties of cash embedded in it.
 Digital cash represents, in a sequence of binary
numbers, an intrinsic value in a chosen currency.
During transmission from the buyer to the seller, the
binary numbers are susceptible to interception by
packet sniffing programs, and hence resultant fraud.
Encryption offers solutions to some of these
problems.
In order to implement versatile solutions, a payment
protocol and storage mechanism, for digital
currency, need to be implemented and followed by all
the parties involved in the transaction.

4/2/2017 3
 Security remains a paramount concern in an
electronic payment system.
As the payment systems involve direct financial
transaction, dealing with the movement of actual
money, they become prime targets for defrauders all
over the world.
Digital money is represented in bits and bytes, thus,
unlike minted money it is far easier to replicate, at
almost zero cost.
Even though they can be in a secure format locally,
the very nature of electronic commerce requires its
movement over the network.

4/2/2017 4
 open environment of the internet makes it
susceptible to interception, duplication, and
manipulation, Thus, the issue of ensuring
integrity, confidentiality and non-refutability
acquire an added Significance.
In order to become widely acceptable, the
digital financial transactions need to infuse a
degree of confidence in users.
Users of the system have to feel secure, not
only from intruders, but also from system
failures during the transaction.

4/2/2017 5
 These requirements include acceptability of the digital
currency across the commercial world, anonymity,
untraceability, reliability, scalability, convertibility, and
efficiency.
the important basic requirements are discussed as follows:
Acceptability: The payment infrastructure should not
only be robust, but also available and accessible to a
wide range of consumers and sellers of goods and
services.
Convertibility : The electronic currency should be
interoperable and exchangeable with the other forms of
electronic cash, paper currencies, deposits in bank
accounts, bank notes or any other financial instrument.
Flexibility: Payment systems should be in a position to
accept several forms of payments rather than limiting
the users to a single forma of currency.
4/2/2017 6
 Reliability: the payment system should ensure and
infuse confidence in users. The users should be
completely shielded from systemic or a single point
failure.
Efficiency: Efficiency here refers mainly to the cost
overheads involved in the operation of digital payments.
The cost of payment per transaction should be ideally
close to zero.
Security: Digital currency should be stored in a form that
is resistant to replication, double-spending, and
tampering. At the same time , it should offer protection
from the intruders trying to tap it and put it to
unauthorized use, when transmitted over the internet.
Usability: The user of the payment mechanism should
be able to use it as easily as real currency. This requires
that the payment system should be well integrated with
the existing applications and processes that acquire the
role of transacting parties in electronic commerce.
4/2/2017 7
 Scalability: the payment system should offer scalable solutions,
i.e., it should be able to offer the same performance and cost per
transactions overheads with a growing number of customers and
transactions.
With the growth of the internet economy, a variety of transactions
need to be handled. Based on the size of payment, all payment
transactions cane be classified in the following three categories.
Micro Payments: These transactions usually involve ones that
have very low payment value. At times, the value of a transaction
may be a fraction of a currency unit. Typically, transactions that
are of five or lesser currency units, in case of dollars, and fifty in
case of the rupee, are treated as micro payments.
Consumer Payments: These payments typically involve values
of five to five hundred currency units, in the case of dollars and
euros, and may be 50-5000 units, in case of the -rupee. These are
the dominant form of payment transactions, as most of the
consumers buying in a single shopping trip fall under this
category.

4/2/2017 8
 Business Payments: Usually transactions that are
of higher amounts-five hundred and above in case of
dollars or five thousands and above in case of rupee-
are treated as business payments.
Businesses payments usually have an invoice
associated with them.
Business-to-Business payment transactions are in the
higher range, and fall in this category.

4/2/2017 9
 PRE-PAID ELECTRONIC PAYMENT SYSTEMS

eCash is a purely software based, anonymous,

untraceable, online token payment system, available on
Unix, Windows, as well as Macintosh platforms.
Customers as well as merchants require graphical wallet
software that can also be accessed via command line
interface.
eCash allows for bi-directional payments.
There is no distinction between customers and
merchants with-regards to payments.
Both sides can give and receive payments.
However, since the system is coin based, it requires
clearing of coins by it issuing bank.

4/2/2017 10
 The implementation of various transactions with
eCash are as follows:
Withdrawal:
There are two participants in the withdrawal
transaction, the bank and the customer.
A customer connects to an eCash issuer and
purchases electronic coins of the required value.
These coins are generated, involving the blind
signature scheme to
the tokens anonymous.
The customer generates the token ids, blinds
them, determines their denominations, transmits
them to the issuer that blind signs them and
returns them to the customer, who in turn unbinds
them and stores them on his PC, in a wallet.

4/2/2017 11
 physical coins are involved in the actual
system; the messages include strings of
digits, and each string corresponds to a
different digital coin, with each coin
having a denomination or value.
The wallet of digital coins is managed
automatically by the customer's eCash
software.
It decides which denominations to
withdraw and which to spend in
particular payments.

4/2/2017 12
 Purchase:
Once a customer has some eCash on his hard drive, he can
buy things from the merchant's shop.
If the customer shows the intent to purchase a product, he
receives a payment request from the merchant, which he has
to confirm.
His eCash software chooses coins with the desired total
value from the wallet on his hard disk.
It then removes these coins and sends them over the network,
to the merchant's shop.
When it receives the coins, the merchant's software
automatically sends them on to the bank and waits for
acceptance before sending the goods to the customer, along
with a receipt.
To ensure that each coin is used only once, the bank records
the serial number of each coin in its spent-coin database.
If the coin serial number is already recorded, the bank detects
that someone is trying to spend the coin more than once and
informs the merchant.
4/2/2017 13
Customer-to-Customer: When a customer receives a
payment, the process would be the same.
But some people may prefer that when they receive money,
it be made available on their hard disk immediately, ready
for spending.
The only difference between this payment from a customer
to another customer and the earlier one is what happens
after the bank accepts the cash.
Once the second consumer has configured his software, he
requests the bank to withdraw the eCash just deposited,
and send it back to his PC as soon as the coins are accepted.
Privacy Protection (Blind Signature): In the simple
withdrawal described earlier, the bank creates unique blank
digital coins, validates them with its special digital stamp,
and supplies them to the customer.
This would normally allow the bank to recognize the
particular coins when they are later accepted in a payment,
and also it
exactly which payments were made by the customer.
4/2/2017 14
 By using 'blind signatures', the bank is able to
validate coins without tracing them to a particular
account.
Instead of the bank creating a blank coin, the
customer's computer creates the coin itself at
random.
Then it hides the coin in a special digital envelope
and sends it off to the bank.
The bank withdraws one dollar from the customer's
account and makes its special 'worth-one-dollar'
digital validation, like an embossed stamp, on the
envelope before returning it to the customer's
computer.

4/2/2017 15
 Mondex

The Mondex purse is a smart card alternative to

cash.
The Mondex purse, a self-standing value store,
requires no remote approval of individual
transactions.
Rather, the Mondex value equivalent to cash is
stored in the cards microchip.
The purse also stores secure programs for
manipulating that value and for interfacing with
other Mondex cards or terminals.

4/2/2017 16
 After withdrawal from an ATM, the value can be transferred
from an ATM, the money can be transferred from one card to
another via a special, password protected, electronic wallet.
The first implementation of Mondex supports upto five different
currencies, each separately accounted for by the card.
The Mondex system uses the following hardware:

1. Mondex smart card.

2. Mondex retailer terminal: to transfer funds from the customer
card to the merchant terminal.
3. Mondex wallet: a pocket sized unit to for storing larger sums
of digital money than the card.
4. Mondex balance reader: a small device to reveal the balance
remaining on the Mondex card.
5. Mondex hotline: to access the bank account, to transfer
money to the card, to check the balance, and to transfer
money to other cardholders.
4/2/2017 17
 Mondex ATM: to recharge cards or to transfer money
back into the account.
Transaction:
1. Customer loads money onto the card, either from an
ATM machine or from phone.
2. On purchase of an item, the customer provides his card
to the merchants point of sale device and authorizes the
transfer of a certain value.
3. the amount is electronically deducted from the chip
inside the customers card and added to the amount on
the retailers chip.
All this is accomplished without accessing the customers
bank balance or checking their credit worthiness.

4/2/2017 18
 Value Value Mercha
ATM Custom
er nt
smartca device
Transaction Flow rd
in Mondex
System

4/2/2017 19
 for use over the internet, a Mondex compatible card reader
will be attached to the computer. When a transaction takes
place the computer talks to the card through the interface.
an electronic handheld device lets cardholders check their
balances.
Security: just like cash , if a smart card is lost or stolen, the
cardholder loses real money on the card with a four digit
personal number, thereby safeguarding the value held on
the card.
the system uses special purpose hardware on smart cards
to ensure its cryptographic security.
An important point about Mondex transactions is that value
can only move from one Mondex card to another, and can
only be stored on Mondex cards.
apart from making the system fraud resistant, Mondex also
aims to make it uneconomical for frauds to be committed,
by ensuring the requirement for state of the art hardware
technology.
4/2/2017 20
NetBill
NetBill has been conceived to address the problem of buying

information goods over the internet.

As
opposed to the physical goods purchased on the internet, and
shipped later by the merchant, the information goods are
themselves transferred over the internet, to the customer.

Preferably,
this transfer should take place immediately after
purchase.

Hence,
the issues to be addressed in such a transaction are very
different from these on transactions involving physical goods.

4/2/2017 21
Transaction:
The transaction flow and the sequence of
transactions using NetBill is described as
follows:
1. The customer buys information goods from
the merchant.
2. The Merchant sends goods, in encrypted form,
to the customer.
3. The customer software verifies that the goods
were received correctly, and sends verification
of this to the merchant software.

4/2/2017 22
4. The merchant submits the verification message
received from customer, the account information
provided by customer, and the decryption key to the
NetBill server.
5. The NetBill server verifies that the customer has
sufficient money in the account to pay for the goods.
In case of sufficient funds, it transfers funds, stores
the decryption key, and sends the report to the
merchant software.
The NetBill server keeps accounts for all merchants
and customers.
The accounts are linked accounts at a traditional
bank.
The NetBill server operates transitionally, to ensure
that the
consumer does not get billed for goods he cannot
decrypt, or receive goods without paying for them.
4/2/2017 23
4/2/2017 24
Security:
NetBill uses a combination of public key cryptography and
symmetric key cryptography to make sure that all NetBill
communications are secure, and all transactions are
authorized.
NetBills approach is based on the well tested kerberos
protocol, which has been widely used for nearly s decade by
most major computer manufacturers.
kerberos is a network authentication system for use on
physically insecure networks, based on the key distribution
model.
it allows entities communicating over networks to prove
their identity to each other, while preventing eavesdropping.
It also providers for data stream integrity and secrecy, using
cryptography systems such as DES.
Kerberos works by providing the principals, with tickets that
they can use use to identify themselves to other principals,
and secret cryptographic keys for secure communication with
other principals.
4/2/2017 25
4/2/2017 26
END OF PRESENTATION

4/2/2017 27