EPS-unit 2a
-
Upload
wasim-akram -
Category
Documents
-
view
227 -
download
0
Transcript of EPS-unit 2a
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 1/53
UNIT 2
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 2/53
Electronic Payment Systems
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 3/53
Work on EFT (Electronic Fund Transfer)• What is EFT?
• Banking and Financial Payments
(Wholesale payments, Small scale payments and Homebanking)
• Retailing Payments(Credit Cards, Debit Cards, Charge Cards)
• Online Electronic Commerce Payments – Token-based payment systems
Electronic Cash(digicash), Electronic Checks(NetCheque)& Smart cards (Mondex Electronic Currency Card)
– Credit card based payment systems Encrypted credit cards (WWW form-based encryption)Third party authorization numbers (First Virtual)
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 4/53
Electronic Fund Transfer
EFT: Transfer of funds through an electronicterminal, telephonic instrument, or computeror magnetic tape so as to order/authorize a
financial institution to debit or credit anaccount.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 5/53
Digital Token-based EPS
• Electronic token
designed as electronic analogs of various forms of payment backed by a bank or
financial institution.
3 types
Cash or real-time - Electronic Cash (E-cash)
Debit or prepaid - Smart Card/debit Card
Credit or postpaid - Credit Card/Debit Card & Electronic checks
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 6/53
Four dimensions
• Nature of transaction for which the instrument is
designed
• Means of settlement
• Approach to security, anonymity, and
authentication
• Question of risk
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 7/53
Electronic Cash(E-Cash/Digital Cash)
• Term that describes any value storage and
exchange system created by a private entity that
– Does not use paper documents or coins
– Can serve as a substitute for government-issuedphysical currency
• Attractive in two arenas
– Sale of goods and services of less than $10 – Sale of higher-priced goods and services to those
without credit cards
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 8/53
Micropayments and Small Payments
• Micropayments
– Internet payments for items costing from a few
cents to approximately a dollar
• Small payments
– Payments of less than $10
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 9/53
Properties of E-cash
• E-cash must have a monetary value.
• E-cash must be interoperable.
• E-cash must be storable and retrievable.• E-cash should not be easy to copy or tamper
while being exchanged.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 10/53
Privacy and Security of Electronic Cash
• Concerns about electronic payment methodsinclude
– Privacy and security issues
• E-cash should have two importantcharacteristics with physical currency
–spend e-cash only once.
–ought to be anonymous
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 11/53
Advantages and Disadvantages ofElectronic Cash
Advantages of electronic cash
• Independence (unrelated to any network or storage device)
• Portability (freely transferable between two parties)
• Convenience (doesn’t require special hardware and software)
• Transactions are more efficient
• Transfer on the Internet costs less than processing credit cardtransactions
Disadvantages of electronic cash
– Use provides no audit trail
– Problem of money laundering arises
– Susceptible to forgery
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 12/53
Purchasing E-cash from CurrencyServers
• The purchase of e cash from an on-line currencyserver (or bank) involves two steps:
(1) Establishment of an account and
(2) Maintaining enough money in the account toback the purchase.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 13/53
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 14/53
Purchasing E-cash from Currency Servers
How does this process work?
- User should have an e-cash account at a digital bank on the
internet.- When an e-cash withdrawal is made, the PC of user calculates
how many digital coins of what denominations are needed to
withdraw the requested amount.
- Random numbers of these coins will be generated and theblinding (random number) factor will be included.
- The result of these calculations will be sent to the digital bank.
- The bank encode the blinded numbers with its secret key (digital
signature) and at the same time debit the account of the client
for the same amount.
- The authenticated coins are sent back to the user and finally user
will take out the blinding factor.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 15/53
In cryptography, a blind signature , as
introduced by David Chaum, is a form of
digital signature in which the content of amessage is disguised (blinded) before it is
signed.
Purchasing E-cash from Currency
Servers
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 16/53
Purchasing E-cash from CurrencyServers
• This method of note generation is very secure, as neither
the customer (payer) nor the merchant (payee) can
counterfeit the bank’s digital signature (analogous to the
watermark in paper currency).• Payer and payee can verify that the payment is valid,
since each knows the bank’s public key. The bank is
protected against forgery, the payee against the bank’s
refusal to honor a legitimate note, and the user against false
accusations and invasion of privacy.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 17/53
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 18/53
Double Spending
• Spending a particular piece of electronic cash
twice by submitting the same electronic currency
to two different vendors.
• By the time the same electronic currency clears
the bank for second time, it is too late to prevent
the fraudulent act.
• Encryption techniques used to prevent doublespending.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 19/53
Transfer digital cash
Check for doublespending
Issue cash
Payer Payee
Bank Digital Currency ServerBank
Detection of double spending
Database of spent
“notes”
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 20/53
Business Issues and Electronic Cash
E-cash fulfills the two main functions:
• As a medium of exchange• As a store of value
- Intangible cash
- Enormous currency fluctuations in international finance
- Bank could not create new money via lending in thedigital world; Bank would see electronic money as
unproductive.
- E-cash started to bypass regulated foreign exchange
markets.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 21/53
Operational Risk and Electronic Cash
• Operational risk associated with e-cash can bemitigated by imposing constraints, such as limits
on
1. Time over which a given electronic money is valid
2. How much can be stored on and transferred byelectronic money
3. No. of exchanges that can take place before a
money needs to be redeposited with a bank or
financial institution
4. No. of such transactions that can be made during
a giving period of time
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 22/53
Legal Issues and Electronic Cash
• The impact of e-cash on taxation. (transactionbased taxes – sales tax)
• Easy use of cash leads to expand the
underground economy (money laundering)
• These legal issues to be considered.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 23/53
Providing Security for Electronic Cash
• Cryptographic algorithms
– Keys to creating tamperproof electronic cashthat can be traced back to its origins
• Anonymous electronic cash
– Electronic cash that cannot be traced back tothe person who spent it
• Creating truly anonymous electronic cash – Requires bank to issue electronic cash with
embedded serial numbers
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 24/53
Electronic Check
• Another form of electronic tokens• An e-Check is an electronic transfer of funds in
which the money is taken from a bank account,
typically a checking account.
• The account's routing number and account number
are used to draw funds from the account.
• e-Checks can clear much faster than written
checks.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 25/53
Electronic Check
Transfer electronic check
Forward check for
payer authentication
Deposit check
PayerPayee
Accounting ServerBank
Payment transaction sequence in an
electronic check system
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 26/53
Electronic Check - Advantages
• Work in the same way as traditional checks• Well suited for micropayments; the use of
conventional cryptography makes it much faster
than systems based on public key cryptography (e-
cash)
• E-checks create float and availability of float.
(third party- accounting server make money by
charging)• Financial risk is assumed by the accounting server
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 27/53
Cryptography
• Public key cryptography (E-cash)
When X wants to send a secure message to Y, he uses Y's public key
to encrypt the message. Y then uses private key to decrypt it.
• Conventional cryptography (E-check)
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 28/53
NetCheque
• A prototype electronic check system
• Developed at the Information Sciences Institute of theUniversity of Southern California.
• Registered users may write checks to other registered usersthrough e-mail or other network protocols.
• When the check is deposited, it authorizes the transfer of
funds from the issuer's account to the receiver's account.All information is kept on a netcheque server, which isresponsible for keeping accounts for customers, approvingpayments, and making the necessary changes in clientaccounts.
• Security wise, Netcheque uses Kerberos for signatureauthentication, and it uses conventional cryptography, notpublic key cryptography.
S t C d d El t i P t
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 29/53
Smart Cards and Electronic PaymentSystems
Smart Card
• Credit and debit cards and other card products enhanced
with microprocessors capable of holding more information
than the magnetic stripe.
• The chip can store greater amounts of data (80 times more
than a magnetic stripe)
• Two types of smart cards:
– Relationship-based smart credit cards
– Electronic purses
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 30/53
Relationship-based Smart Cards
• An enhancement of existing card services and/or the
addition of new services that financial institution delivers
to its customers via a chip-based card or other device.
– New services include access to multiple financial accounts
(debit, credit, investment, e-cash)
– value-added marketing programs
– Variety of functions such as cash access, bill payment,
balance enquiry, electronic transfer
– other information.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 31/53
Mondex
• Smart card that holds and dispenses electronic
cash
• Introduced in 1990 and now part of MasterCard
International
• Can accept electronic cash directly from a user’s
bank account
• Card carries real cash in electronic form – Risk of theft may deter users from loading it with
very much money
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 32/53
Mondex (Continued)
• Steps in using a Mondex card to transfer electronic cash from buyerto seller
1. Card user inserts Mondex card into reader
2. Merchant’s terminal requests payment
3. Customer’s card checks merchant’s digital signature4. Merchant’s terminal checks customer’s just-sent digital signature
for authenticity
5. Once electronic cash is deducted from the cardholder’s card
• Same amount is transferred into the merchant’s electroniccash account
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 33/53
Mondex Smart Card Processing
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 34/53
Electronic Wallets
• Hold credit card numbers, electronic cash,owner identification and contact information
• Give consumers the benefit of entering theirinformation just once
• Make shopping more efficient
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 35/53
Electronic Wallets (Continued)
• Server-side electronic wallet
– Stores customer’s information on a remote
server belonging to a particular merchant orwallet publisher
• Client-side electronic wallet
– Stores consumer’s information on his or her
own computer
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 36/53
Microsoft .NET Passport
• An electronic wallet operated by Microsoft
• Passport consists of four integrated services
– Passport single sign-in service (SSI)
– Passport Wallet service
– Kids Passport service
– Public profiles
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 37/53
Microsoft .NET Passport Home Page
PayPal Payment Method Search Option on eBay Main Search Page
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 38/53
PayPal Payment Method Search Option on eBay Main Search Page
• PayPal is an account-based system that lets anyone with an email addresssecurely send and receive online payments using their credit card or bankaccount. It is the most popular way to electronically pay for eBay auctions and
it is becoming a cheap way for merchants to accept credit cards on their on-line storefronts instead of using a traditional
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 39/53
Online Payment Basics (Continued)
• Scrip
– Digital cash minted by a company instead of by agovernment
– Cannot be exchanged for cash
– Like a gift certificate that is good at more than one
store
– eScrip, National Scrip Center and Scrip.com focus on not-for-profit fundraising market.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 40/53
Credit card
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 41/53
Credit card
• Visa or MasterCard
– Has spending limit based on user’s credit history
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 42/53
Credit Card
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 43/53
Debit Card
- Removes amount from cardholder’s bank account
- Transfers it to seller’s bank account
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 44/53
Charge Card
– Carries no spending limit
– Amount charged is due at end of billing period
Credit Card-based Electronic Payment
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 45/53
Credit Card-based Electronic PaymentSystems
To avoid complexity associated with digital cash and
electronic checks, consumers and vendors are also
looking at credit card payments on the internet.
Credit card payment on online network:
- Payments using plain credit card details
- Payments using encrypted credit card details
- Payments using third-party verification
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 46/53
Encryption and Credit Cards
Processing payments using encrypted credit cards
Third party processors and Credit
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 47/53
Third party processors and CreditCards
Payment
Server
Merchant
Server
Client
Browser
Online third party
processors with
links to multiple
payment systems
Customer Merchant
On-line payment process using a third-party
processor
Online Third Party Processor (OTPP)
• OpenMarket www.openmarket.com
• First Virtual www.fv.com
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 48/53
Pros and Cons of Credit Card-basedpayment
Advantages:• Credit card company assumes a large share of
financial risk for both buyer and seller in atransaction.
• Record keeping with credit cardDisadvantages• Transactions are not anonymous.• Disputes may arise because different services may
have different policies.
• Complexity of credit card processing takes placein the verification phase. If there is a lapse in timebetween the charging and the delivery of goods orservices, the customer verification process is simple.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 49/53
Risk and Electronic Payment Systems
• One essential challenge of E-Commerce isrisk management.
• Operation of Payment system incurs:
- Fraud or mistake
- Privacy Issues
- Credit Risk
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 50/53
Risks from Mistake and disputes
• Record keeping
• Includes
– Permanent storage
– Traceability and accessibility
– Payment system database
– Data transfer to payment maker, bank or
monetary authorities• Customers might feel that all this record keeping
is an invasion of privacy
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 51/53
Managing information privacy
• EPS must ensure and maintain privacy.
Managing Credit Risk
• Credit or Systemic risk is a major concern innet settlement system.
• Digital central bank must develop policies todeal with this possibility.
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 52/53
Designing Electronic PaymentSystems
• Privacy
• Security
• Intuitive interfaces
• Database Integration
• Brokers
• Pricing
• Standards
8/3/2019 EPS-unit 2a
http://slidepdf.com/reader/full/eps-unit-2a 53/53
Exercise
• How debit card is different from credit card?
• Discuss the various Electronic Payment Systems.
• What are electronic cheques ? How they are
different from traditional cheques?• How electronic purses work?
• What are smart cards?
• How electronic checks are differ from credit card?
• How On-line third-party processors (OTPPs)differ from electronic token system?