From electronic money to electronic cash: payment on the Net

Introduction

The discussion of online payments is notsomething that can wait for the InformationSuperHighway (ISH) but must be addressednow. The explosive increase in the use of theInternet, and especially the World Wide Web,has seen the introduction of commercialservices and pressures into what was previous-ly a safe, friendly medium for academia. Notonly has this resulted in the emergence of thekind of service previously restricted to the“Outernet” (commercial online services suchas Compuserve, Prodigy, America Online,eWorld, CIX) and the like, but the potentialsize of the market has made this a much morefrenetic and competitive activity. Everybodywants services. This has led to an equallyfrantic battle for payment mechanisms thatcan provide this new medium with the meansof conducting transactions.

The Internet is nowhere near as all-perva-sive or powerful as the idealized ISH longedfor by Al Gore. However it is viewed by manyas the natural precursor and testing groundfor that ISH. The technology may change,and many trials and experiments are beingconducted around the world to establish thetechnological basis of a practical ISH. Howev-er the underlying business models can be (andare being) developed on the Internet today.Any payment systems on a future ISH wouldbe based on the same principles and tech-niques as those for the Internet, and anypayment mechanism that becomes wide-spread and effective on the Internet can andwill be appropriate on the ISH.

Many predictions see this burgeoningelectronic marketplace becoming a significantcomponent of the world economy[1]. Howev-er this can only happen once two key prob-lems have been addressed[2], namely:• Protecting property rights (i.e. a mecha-

nism to ensure that the purchaser of digitalgoods such as images, software, music orvideos cannot offer illicit copies for resale);

• Making payments (a secure mechanismthat can cost-effectively support paymenttransactions in a distributed environment).

I will only address the second of these problems.In this paper I will identify the different

types of payment mechanisms that are propo-sed, on trial and in use on the Internet (alongwith some representative examples). I will thenidentify the key commercial requirements thatsuccessful use of the Internet will impose on

289

Logistics Information ManagementVolume 10 · Number 6 · 1997 · pp. 289–299© MCB University Press · ISSN 0957-6053

From electronic moneyto electronic cash:payment on the Net

S. Peter Buck

The authorS. Peter Buck is a Senior Consultant at Hyperion SystemsLtd, Guildford, Surrey, UK.

AbstractThe discussion of online payments, while ultimately beinga key issue for the future Information SuperHighway, is assignificant now as it ever will be. The explosive increase inthe use of the Internet has seen the emergence of commer-cial services and pressures previously restricted to Com-puserve and the like. Many predictions see this burgeoningelectronic marketplace becoming a significant componentof the world economy. However this can only happen oncetwo key problems have been addressed, namely, protect-ing property rights and making payments. This has led to afrantic battle for payment mechanisms that can providethe new medium with the means of conducting transac-tions. Briefly examines the inexorable evolution of moneyinto electronic forms and discusses the alternative types ofpayment mechanisms proposed, on trial or in use on theInternet. Identifies the key commercial requirements thatsuccessful use of the Internet will impose on a paymentmechanism, and use these requirements to evaluate eachof the mechanisms to determine which (if any) are reallysuitable for electronic commerce.

any payment mechanism. I will use theserequirements to evaluate each of the mecha-nisms to determine which (if any) are reallysuitable for electronic commerce.

Electronic money

The title of this paper is “From ElectronicMoney to Electronic Cash”. What is the difference?

Much of the money in use today is, inessence, electronic. In terms of value mosttransactions are now conducted in the “cyber-space” of banking computers and communi-cations networks, although in terms of sheernumber of transactions cash still accounts for90 per cent worldwide (in the UK cashaccounts for 70 per cent of transactions).However cash is a small component of money– in the UK M0 (cash) is about 3.8 per cent ofM4 (money). The distinction between cashand the rest (which is effectively almost allelectronic) is the physical nature of cash. Withthe advent of electronic cash, the last phase ofthe dematerialization of money can begin.

Payment mechanisms

There have been a number of proposals forpayment mechanisms on the Internet over thepast few months. For the purposes of this paper,I will use the following taxonomy of paymentmechanisms, in the real world to classify thesepotential electronic payment schemes:Credit credit mechanisms such as credit

cards or pre-arranged accounts withbilling in arrears.

Debit debit mechanisms such as debit cards,cheques, or pre-paid accounts.

Token pre-paid tokens such as traveller’scheques, bank drafts or phone cards.

Cash fungible assets such as cash (or gold!).

The myriad proposals for Internet paymentmechanisms fall into one or other of theseclassifications. The following subset of thesepayment mechanisms is representative ofthose in use or proposed (see Table I).

Credit

There are many mechanisms available to usecredit cards on the Internet, with a range ofsecurity (from none at all to “military”strength encryption). The most interestingevent in the whole of this area has been the

off-again on-again liaison between Master-card and Visa to produce what is becomingthe de facto Internet standard for securebankcard payments.

E-mail, etc.Various online shopping malls and smallretailers such as the pioneering online bookstore (OBS) have for some years been usingthe basic mechanisms of the Internet to effectthe equivalent of a mail order/telesales transac-tion. To place an online order in the store aconsumer can supply credit card details usinga form on a Web page or via e-mail. Many Webbased sites offer the option to send card detailsseparately (by phone or fax) for consumerswho wish to avoid any potential insecurity.

First Virtual (FV)For online information services only – usersregister as a buyer or seller with FV, sendingthem bank/credit card details by post not viathe Internet. Registered users are issued withan account ID. Buyers use their FV accountID when buying, sellers verify it online withFV and supply the information purchased,buyers later confirm the transaction to FV viae-mail. Small value transactions are aggregat-ed until a reasonable amount ($10) is reachedand then the money is collected from thebuyer's credit card, with FV taking a small fee.Currently they can only apply transactions toVisa and Mastercard accounts and only in USdollars. Sellers receive funds into a nominatedbank account which must be in a US bank[6].

CyberCashFormed in 1994 by the founder of VeriFoneInc. (makers of credit authorization terminals)and TNS (a US financial transaction network),CyberCash provides free client software to

290

From electronic money to electronic cash: payment on the Net

S. Peter Buck

Logistics Information Management

Volume 10 · Number 6 · 1997 · 289–299

Table I Internet payment mechanisms in use or proposed

Scheme

Credit e-mail, etc.First Virtual (US)CyberCash (US)Microsoft/Visa (US)Netscape/Mastercard (US)

Debit BankNet (UK)FSTC Electronic check (US)

Token Digicash (NL)

Cash Mondex (UK)

Entries in bold are in use, in italics are in trials

users and merchants implementing theirSecure Internet Payment Service™ which usesproprietary encryption techniques. Thisenables users to submit credit card payments toretailers who then pass it to a CyberCash serverlinked to a number of US banks’ private net-works. The retailers do not get to see the creditdetails in the encrypted payment. CyberCashalso offer their Cyber Coin™ notational trans-fer micropayments system and PayNow™electronic check service allowing online pay-ments between bank accounts.

They intend to support all “standard” Inter-net payment mechanisms including SET[7].

SET (Visa/Mastercard)In the summer of 1995, Visa[8] and Master-card[9] announced that they were workingtogether to define a protocol that would enablesecure bankcard transactions on the Internetand would be adopted as the Internet standard.After a few months, Mastercard announcedthat they were no longer working with Visa,and complained that Visa’s protocol would notbe an open standard as their technology part-ner, Microsoft[10], intended to take a royaltypayment for each credit payment across theInternet[11]. Mastercard announced their ownprotocol developed in conjunction withNetscape, supported by IBM[12], GTE[13]and CyberCash. The Microsoft/Visa protocolSTT – Secure Transaction Technology[14]was planned to be incorporated into theMicrosoft browser by the end of 1995. TheMastercard/Netscape protocol SEPP – SecureElectronic Payments Protocol[15] was to beimplemented in Netscape Navigator 2.0 avail-able in Beta form from October 1995. Bothstandards were proposed as Internet standards,and there was much concern at the implica-tions of two separate (but very similar) proto-cols being in use.

Early in February 1996, Visa and Master-card announced that they were workingtogether to define a protocol that wouldenable secure bankcard transactions on theInternet and would be adopted as the Internetstandard (déjà vu?). The draft specification ofthe new protocol SET – Secure ElectronicTransaction[16] was published on 23rd Feb-ruary 1996, and has been produced by Visaand Mastercard in conjunction withMicrosoft, Netscape, IBM, GTE, Verisign[5]and Versign et al.[4]. The definitive version1.0 of the SET specification was finally pub-lished on 31 May 1997. It allows the credit

and order details to be separately encryptedand digitally signed by the consumer’s brows-er/wallet before being sent to the retailer. Theretailer will not get access to the credit detailswhich can only be decrypted once securelyinside the acquirer’s system – equally theacquirer does not get access to the orderdetails. This process involves the use of highlysecure encryption and digital signature tech-niques, as well as digital certificates. Thereshould, however, be no export problems (asthere have been with SSL – Secure SocketsLayer[3]) because these mechanisms areembedded in the payment process and are notaccessible to the users to secure other (non-financial) information.

The first public transaction was demon-strated at the end of December 1996 by Mas-tercard, IBM and the Danish payments com-pany PBS[17]. On 17 April 1997 PBS demon-strated the first cross-border SET transactionbetween Norway and Denmark. Various trialsare currently underway around the world,including a European trial involving 38 banksfrom 14 different countries. There is still moreenthusiasm for SET in Europe and the FarEast, partly because most of the other propri-etary mechanisms only operate in the USA,but mostly because the use of strong SSL hasnot so far been allowed by the US governmentoutside North America. Both Netscape andMicrosoft have previously stated their inten-tion to incorporate SET into their browsers.Cybercash and Sun have also stated that theywill support SET in their wallets.

Debit

A number of Internet banks have startedoffering services (all claiming to be the firstelectronic bank on the Internet!) These offer avariety of services including payments usingelectronic cheques. BankNet is a UK basedexample. Meanwhile, FSTC, a US consor-tium of banks and government research insti-tutions is attempting to define a proposal forthe standardization of such mechanisms.

BankNetBankNet is a joint venture between MarketNetand Secure Trust Bank. They have establishedan Internet Bank, with online facilities forcustomers to query their account and submitpayment instructions. They provide electronicpayment instructions known as Echeques tobe used as payment for goods and services on

291


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

the Internet by their account holders. Theirbrowser allows the user to sign Echequesdigitally with a private key which must beregistered with BankNet. Currently in Betatrial, this system currently allows a BankNetcustomer to make payments to anotherBankNet customer. They intend to extend thesystem so that it will be possible for recipientsof an Echeque to credit it to a normal bankaccount in other banks via e-mail. Accountsand payments are in sterling only[18].

FSTCFSTC – Financial Service Technology Consor-tium, is a group of US banks and governmentresearch establishments looking at ways ofdeveloping the technology necessary to supportthe financial infrastructure into the future. Oneof their projects is to develop a standard forelectronic cheques, and though still in thediscussion and proposal stage, the list of partic-ipants adds credibility and hence significanceto whatever they eventually propose. So far,they appear to be in favour of external hard-ware devices to act as electronic cheque books(e.g. a smart card or PCMCIA card)[19].

Token

While there has been a lot of hype aboutelectronic cash on the Internet, it has centredaround mechanisms that are in fact tokensrather than cash. The best known is the Digi-cash system.

DigicashThe Digicash system involves the creation of“electronic coins” in the form of digitallysigned numbers in exchange for money fromthe user’s bank account. Each of these coinscan be spent, once and only once, with a ser-vice provider who accepts them. When the coinis spent, it is immediately sent by the recipientto the issuing bank for online verification andlogging (to ensure it is not spent again) beforeconfirming receipt to the payer, who thendiscards the used coins. The appropriateamount is credited to the recipient’s bankaccount. Much of the effort behind this systemhas been to develop very clever “blinding”techniques to ensure that the coin can beverified without revealing the identity of theconsumer to the retailer or the bank[20].However all transactions are processed central-ly and all received payments are paid into therecipient’s bank so the only anonymity gained

is by the payer of any individual transaction.This has been in Beta-trial world-wide sinceOctober 1994 using virtual money (Cyber-Bucks) with each participant given 100 Cyber-Bucks to spend. A number of shops are offeringvirtual services in exchange for the virtualmoney[21].

In October 1995 Mark Twain Bankannounced a trial using real money, by linkinga version of Digicash software to depositaccounts in their bank in St. Louis, USA.They are inviting retailers and serviceproviders to join the trial to accept their ver-sion of Digicash tokens in exchange for realgoods and services[22].

In March 1996, EUnet, a leading Euro-pean provider of Internet services announcedthe launch of a Digicash service in Finland, inconjunction with Merita Bank, Finland’slargest bank. Merchants accepting tokens onlaunch day included popular magazines,newspapers and one selling stock quotes.EUnet intended to roll out the service during1996, in more of the 41 countries in which itoperates, but so far this has not happened. InMay 1996 Deutsche Bank announced it wasto operate a pilot Digicash project with 1,000customers later in the year. In June 1997Advance Bank of Australia announced aDigicash service for its customers. In July1997 Nomura Research Institute announcedit was to operate a pilot service in Japan.

Recent exposure of security flaws andbreaches in the protocol and the bank servershave undermined confidence in the Digicashsystem[23]. What effect this will have on thebanks remains to be seen.

Cash

The only example of genuine electronic cashthat has been successfully demonstrated onthe Internet is Mondex.

MondexTrue electronic cash, the Mondex system, isbased on a tamper-resistant smart card thatholds the cash (in multiple currencies) andthe software to make and receive payments.Invented by NatWest Bank, it has been devel-oped as an alternative to cash for global use inthe real world. It is marketed by a separatecompany, Mondex International, which isnow 51 per cent owned by Mastercard. Aprototype has been in every day use by 2,000staff at one of Nat West’s computer centres

292


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

since March 1992, users being able to paywith it in the on-site shops, restaurants andcafés and load money onto it from on-siteATMs. The millionth transaction wasannounced in 1994[24]. In the UK, Mondexis being operated jointly by NatWest andMidland banks in conjunction with BT. Apublic trial started in Swindon in July 1995 toinclude up to 40,000 consumers and the vastmajority of the town’s 1,000+ retailers, priorto national rollout. Elsewhere, Mondex isoperated by franchisees – HSBC have therights to operate Mondex in most of Asia andare operating a public trial in Hong Kong;CIBC[25] and RBC[26] have signed up forCanada and are running their own public trialin Guelph Ontario, in conjunction with BellCanada[27]; and Wells Fargo[28] are runningtrials in California.

Mondex payments can be made betweenindividuals using a hand-held “wallet” and alsousing specially adapted telephones from BT,which may also be used as “ATMs” to loadmoney remotely from a bank account. Equallyeasily, Mondex payments have been made overthe Internet and can be used for fund transfersbetween individual users as well as to retailersor service providers. As the software is residenton the smart card and authentication tech-niques are used, the (in)security of the commu-nications channel is irrelevant, making the useof Mondex on the Internet both simple andideal. No central processing is required, onlythe two participants’ cards are involved in thetransaction, so no central records can be keptor interrogated and hence the anonymity ofcash is maintained[29].

Although NatWest have been demonstrat-ing Mondex payments over the Internet sinceearly 1995, Mondex International have onlyrecently started to promote Mondex publiclyas an ideal Internet payment mechanism. Inconjunction with AT&T, HP and Verifone,Mondex International and Mastercard haveannounced an Online Trading Protocol(OTP) designed to be adopted as a de factoInternet standard, and intended to make theuse of various payment mechanisms includingSET and Mondex easier[30].

Requirements

If a cost effective payment mechanism is suchan essential prerequisite for the effective com-mercialization of cyberspace, can we quantify

(or at least qualify) what the requirements onsuch a payment mechanism should be?

As with so many new technologies in theirearly days, most of the published material isfrom technologists and theorists. Much of theliterature to do with electronic payment mech-anisms, whether on the Internet, ISH or else-where, has been dominated by academics andmathematicians. They have concentrated onthe advantages of one or other encryptionmechanism to provide security and/or privacy.A little of the literature has addressed economicand commercial issues while some is justhype[31-34].

But what has been sadly lacking is anyattention to what the potential users actuallywant from such a mechanism (and there are alot more potential users than mathematicians– even conservative estimates put the Internetcommunity at 20 million+ world-wide).

Any payment mechanism has three signifi-cant, and essentially discrete, groups of inter-ested parties:• the users (who can in turn be subdivided

into retailers and consumers depending onthe transaction model adopted);

• the issuers (banks and other financial insti-tutions who are providing the actual mech-anisms or the means to integrate them intoother financial systems);

• the regulators (who are concerned withissues ranging from assuring the integrityof the mechanism and its operators, to thepotential impact on the wider economyboth at a national level and, of course,globally given the nature of the Internet).

Without losing sight of the requirements ofthe last two groups, I intend to concentrate onthe requirements of the users, but not to theexclusion of the issuers or regulators.

Commercial requirementsAs a user I want:

Flexibility To be able to make and receivepayments without the interven-tion of an intermediary for eachtransaction.

Ease of use To be able to make or receivepayments as easily as takingmoney out of my wallet.

Cost No additional transaction effectiveness fee, hence no effective lower

limit to the value of a transaction.

Retailers may be keen to remove the need forbilling systems, one of the most expensive

293


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

parts of an operation. Collecting small pay-ments (micropayments) for each item of“information” as it is bought/used may bemuch simpler (cheaper) than maintainingbilling or invoicing systems and recoveringfees for total usage after the event.

Collecting small value transactions usingcredit cards is not economically viable forretailers if the cost of the transaction is greaterthan their profit margin. Hence removing theneed for a transaction fee will allow the lowerlimit to be removed. Issuers may also be keento remove the need for central transactionprocessing so that costs and complexity canbe reduced. Conversely, credit card compa-nies are unlikely to be keen on a large numberof low value transactions clogging their pro-cessing system.Fungibility The ability to re-use (some or

all of) the funds I receive tomake other payments, withouthaving to change it at a bank.

Universality The ability to use the same pay-ment mechanism not just on theNet but elsewhere too, to buy apaper in the high street, petrol ata garage, books over the phone,give my son his allowance, or paythe window cleaner.

The regulators will, of course, take moreinterest in “money” that can be used outsidethe Net, too. However, if this is “real” money,backed by funds in the same way as banknotes,but held electronically, it can be treated likeany other component of the money supply.

Security requirements

Security requirements, from a user’s point ofview, fall into three categories relating to theprivacy of the consumer, the trustworthinessof the retailer, and the safety of the paymentitself. I want a payment mechanism to beSafe I want to be able to make or

receive a payment and beassured that no-one else candivert it or impersonate me inorder to steal my funds or usethem for nefarious purposes.

Safety can be assured by a variety of methods.The simplest and oldest is to send criticalinformation (such as a credit card number)via a separate medium (e.g. phone or fax) thusreducing the risk of interception. Morerecently, encryption techniques have been

developed to ensure that the data could not beunderstood if it were to be intercepted. Addi-tional techniques such as digital signaturescan also be used both to assure the integrity ofthe data and the identity of the originator.Issuers and regulators are keen on safety toensure not only that customer’s funds cannotbe stolen but also that counterfeit transactionscannot be introduced.Private I do not want anyone else to

know about my transactionsapart from the other party I amdealing with in each individualpayment.

Privacy can be assured by the removal of anydirect indication of the identity of a consumerin the payment mechanism itself. This is clearlymore difficult where third parties are involved,or where checking the identity of the consumeris an integral part of the process. Once again,encryption techniques can be used to removethe opportunity for eavesdroppers to compre-hend the details of any payment, and digitalsignatures provide a means of confirming thevalidity of a payment without necessarilydivulging the identity of the consumer.Trustworthy I want to be able to rely on the

mechanism itself and the otherparty in the transaction.

Trust does not mean that there are no bugs (aforlorn hope!). One of the significant differ-ences between current everyday transactionsand commerce on the Internet is the potentialremoteness of the retailer from the consumer.Combined with the predicted increase in“cottage industries”, this will lead to manyusers attempting to conduct transactions withother individuals elsewhere in the world. Thisremoteness and relative anonymity of partiesto the transaction implies a need for the certi-fication of (at least) the payee. Such a mecha-nism may require the use of (a hierarchy of)certification authorities or trusted intermedi-aries[35].

Constraints

As well as meeting these commercial andsecurity requirements, there are additionalconstraints that may (or should) be imposed.

Some relate to the retailers and are of acommercial nature:Integration Larger retailers and issuers will

want to ensure that any pay-ment mechanism on the Net

294


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

will integrate with their existingpayment mechanisms or at leasttheir back end systems.

Acceptability Small retailers and sole traderswill want to ensure that they arenot forced to use a paymentmechanism that they find unac-ceptable in the “real” world.

Some of them relate to users and have a socialdimension:Portability Individuals whose access to the

Net is from shared or publicaccess workstations will need tobe able to carry their paymentmechanism around with them,rather than be tied to a specificworkstation or Internet address.

Non- Individuals do not want to beexclusivity excluded from the Net by the

widespread use of a paymentmechanism that is not availableto them.Small retailers and sole tradersequally do not want to beexcluded from the Net by thewidespread use of a paymentmechanism that is only availableto large organizations or byparticipating in a consortium.

Mechanics vs requirements

Looking at each group of payment mecha-nisms in terms of the requirements and con-straints identified above provides a review ofthe essential differences between the alterna-tive approaches (see Table II).

Commercial requirements

Clearly all are easy to use, although the securi-ty mechanism employed for debit/credit mayimpose a significant burden on the userdependent on such issues as the complex key

management and distribution infrastructuresimplemented.

Both credit/debit mechanisms and tokensrequire an intermediary to effect a transac-tion. This central processing incurs a transac-tion cost. Neither allows the funds received tobe respent without first banking them.

Bankcard mechanisms cannot be used forperson-to-person transactions (apart from viaan intermediary such as First Virtual), andthe token mechanisms are only available onthe Net. Just as physical cash has a universali-ty within a defined boundary, (e.g. legal ten-der within national borders), electronic cashwill have boundaries either defined by thecommercial/political imposition of geographi-cal borders or implicitly defined by the cur-rency(ies) being transacted.

Only cash fulfils all our requirements.

Transaction model

As the review above shows there are somesignificant differences between the paymentmechanisms which are largely brought about bythe assumption of different transaction models.

Post-paid modelWidely implemented in credit/debit mecha-nisms (see Figure 1).(1) Credit/debit details sent by user to retailer;(2) Retailer verifies details with issuer;(3) Issuer logs details;(4) Issuer confirms details;(5) Goods sent by retailer to user … (some

time later);(6) Transaction sent to issuer for settlement;(7) User account debited by issuer;(8) Retailer account credited by issuer.

This offers all the usual benefits of adebit/credit card transaction such as deferredpayment (pay soon or pay later) and a degreeof guarantee/insurance provided by the cardissuer, but also incurs the costs. It can only beeffected with a merchant authorized by theissuer, and has a minimum transaction valuebelow which it is not economic, due to thecentral transaction processing costs. Theremay also be additional overheads imposed bythe security mechanism used.

Pre-paid modelImplemented by Digicash (see Figure 2). (1) Money debited from user account by bank(2) Tokens issued to user;

295


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

Table II Payment mechanisms in terms of requirements

Debit/Credit Token Cash

Flexibility ✘ ✘ ✓

Ease of use ✓ ✓ ✓

Cost effectiveness ✘ ✘ ✓

Fungibility ✘ ✘ ✓

Universality ✘ ✘ ✓

(3) User sends tokens to retailer;(4) Retailer sends tokens to bank to verify;(5) Bank logs use of tokens;(6) Bank credits retailer’s account;(7) Bank confirms to retailer;(8) Retailer sends goods to user.

This allows the transfer between users as wellas to retailers, of pre-paid tokens which canthen be exchanged for money at the issuingbank. It also incurs central transaction pro-cessing costs that impose a minimum eco-nomic transaction value. The central process-ing must occur as part of the critical transac-tion path and hence runs the risk of becominga bottleneck for all transactions. In the Digi-cash implementation the security overheads(blinding, random number generation, etc.)can be transparent to the user if the interfacesoftware is well designed.

Cash modelImplemented by Mondex (see Figure 3). (1) User sends cash to retailer;(2) Retailer sends goods to user.

This allows the transfer of cash between usersand to retailers, which can then be used forfurther transactions (pay now). There is nocentral transaction processing, no additionaltransaction costs and hence no minimumeconomic transaction value. In the Mondeximplementation all security processing iscarried out on the Mondex cards and is com-pletely transparent to the users.

Constraints

Both credit and cash mechanisms are in useoutside the Internet so their use online can bereadily integrated and meet our portability

296


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

Account details – user

acme co 15.50online pix 25.75payment 40.00–

Balance 1.25

Account details –retailer

P Buck 25.50–User 25.75–

Balance 51.25–

VISAAccess

11

5

2

6

8

4

7

3

Figure 1 Transaction model – post-paid

010010100101010100110101010101001010101010101010101010101010101010100101010101010101001010101110100100

010010100101010100110101010101001010101010101010101010101010101010100101010101010101001010101110100100

Account details – user

Withdrawn 15.50Withdrawn 25.75Deposited 40.00–

Balance 1.25

Account details –Retailer

Deposited 25.50–Deposited 25.75–Withdrawn 11.25

Balance 40.00–

Access

3

8

7

6

4

1

5

010010100101010100110101010101001010101010101010101010101010101010100101010101010101001010101110100100

2

Figure 2 Transaction model – pre-paid

constraints. Current token mechanisms areunique to the Net and hence do not easilyintegrate without being turned into someother form of financial instrument; nor arethey readily portable although as they areentirely software-based, mechanisms could befound to achieve portability using removablestorage media.

Credit and debit mechanisms are onlyavailable to users subject to status. Creditmechanisms are only available to accreditedmerchants and may not be cost effective forsmall retailers or sole traders with predomi-nantly low value transactions.

Once again only cash meets all our con-straints (see Table III).

Security requirements

Achieving the security requirements, howev-er, is much more closely determined by thedetails of the payment mechanism and mustbe assessed for each scheme separately.What follows is an assessment of the repre-sentative schemes, compared against equiv-alent use in the non-online “real world” SeeTable IV.

Most online schemes are safe, and whilethe credit/debit schemes can offer a degree oftrust (by virtue of their inherent certificationmechanism) it is at the expense of privacy.The use of certification in conjunction withthe token or cash schemes would allow allthree requirements to be met.

Conclusion

There are many payment mechanisms beingproposed for the Internet. Most are beingproposed by technologists and concentrate onovercoming the insecurity of the Internet toenable existing credit/debit card mechanismsto be used.

While this is a first step towards electronic commerce it only addresses a partof the potential market. The flexibility ofthis new medium requires the flexibility ofalternative payment mechanisms – evenmore so than in the real world – if it is to beexploited to its true potential as a globalmarketplace.

In other words what is needed is both• credit/debit facilities – guaranteed

safe high value transactions with certifi-cated retailers. The cost of the “guaran-tee” and the convenience of pay later orpay soon is a transaction fee and a loss ofprivacy.

297


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

Table III Payment mechanisms in terms of constraints

Debit/Credit Token Cash

Integration ✓ ✘ ✓

Acceptability ✘ ✓ ✓

Portability ✓ ✘ ✓

Non-exclusivity ✘ ✓ ✓

Table IV Comparison between online payment mechanisms and “real world” payment

Credit Safe Private Trustworthy

real world ✘ ✘ ✓

E-mail etc. ✘ ✘ ✘

SSL ✓ ✘ ✓

First Virtual ✓ ✘ ✓

CyberCash ✓ ✘ ✓

SET ✓ ✘ ✓

Debitreal world ✘ ✘ ✘

BankNet ✓ ✘ ✓

FSTC ✓ ✘ ✓

Tokenreal world ✘ ✓ ✓

Digicash ✓ ✓ ✘

Cashreal world ✘ ✓ ✓

Mondex ✓ ✓ ✘

2

1

Figure 3 Transaction model – cash

• electronic cash – private safe low valuetransactions with anyone. The cost of theprivacy and lack of transaction fee is paynow and increased risk if transacting withuncertificated counterparties.

The future

The impending migration of credit/debitcards from magnetic stripe to smart cardtechnology, the likely adoption of smart cardsas electronic chequebooks, and the existinguse of smart cards for electronic cash will leadto smart card readers becoming as ubiquitousas PCMCIA or even floppy disc drives[36].

In this smart environment, the choice ofpayment mechanism will return to the con-sumer on an individual transaction basis.The increasing use of applets and helperapplications interfacing with the ubiquitousbrowser will allow proponents of each pay-ment mechanism to ensure that appropriate(branded?) software can be easily and cheap-ly (probably freely) distributed to users overthe Internet itself. The widespread adoptionof a standard for secure financial transac-tions (SET being the most likely candidate)that does not fall foul of US export laws andits support by the international financialcommunity will also move the problem ofintegration from the service provider to theacquirer. However the desire for cheapanonymous electronic cash transactions willundoubtedly continue to increase and willneed to be supported by large organizationsas well as individuals.

Summary

Each of the many payment mechanismsproposed, on trial, or in place on the Internet,can be classified as one of Credit, Debit, Tokenor Cash (see Figure 4).

The majority are schemes offering a securemeans to transfer credit/debit details for

settlement in the existing financial systems.This allows transactions with accreditedmerchants but cannot offer facilities to trans-fer funds between consumers. It also suffersfrom a transaction processing overhead ensur-ing that low value transactions cannot be costeffective. The security of these mechanismshas been a key factor in their development,due to the inherent insecurity of the Internet.The most advanced mechanisms use highlysecure transmission protocols to ensure thesafety of the financial information beingtransmitted.

A token-based mechanism, such as Digi-cash, can offer transactions with retailers orbetween consumers, but still requires alltransactions to be centrally processed andlogged as part of the transaction path, henceintroducing a potential bottleneck as well astransaction processing charges that willaffect the cost effectiveness of low valuetransactions. The security mechanisms usedto ensure the safety of the transactions areindependent of the transmission protocol inuse.

An electronic cash scheme, such as Mon-dex, offers the user the ability to pay retailersand other consumers on the Internet as wellas in the high street, over the phone and in thehome. The payment requires no other partici-pants than the payer and payee, thus imposingno transaction processing overhead and henceallowing low value transactions (even 1 or 2pence) to be cost effective. This uses inherentsecurity mechanisms to ensure the safety oftransactions independent of the transmissionprotocol being used.

Electronic commerce on the Internet needspayment mechanisms that can cater for asmuch diversity as commerce in the real world.Large value transactions will require secureways to use existing debit/credit mechanisms.Low value transactions (micropayments) willrequire the equivalent of cash.

Restricted to secure debit/credit, onlineservices will be no more than a small evolu-tionary step from existing services, relying onbilling and invoicing systems and incurringtheir concomitant overheads.

With electronic cash the revolutionpromised by the heralds of the informationeconomy can be effected, allowing onlineservices to collect micropayments in real-time, with no need to establish the identity ofend-users or maintain bills and invoices forthem.

298


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

VISAAccess CREDIT

Credit cardsPre-arranged accounts

Traveller’s chequesBanker’s draftsPre-paid phone cards

TOKEN

DEBITDebit cardsChequesPre-paid accounts

CASHCashGold

Figure 4 Payment mechanism classifications

References and further reading

1 Birch, D., Downloading Software, Uploading Money –Business on the Infobahn, Internet and the EnterpriseConference, London, June 1994, which can also beobtained from http://www.hyperion.co.uk/

2 A discussion of these problems can be found inLawrence, A., “Publish and be robbed?”, NewScientist, 18 February 1995, pp. 32-7.

3 The SSL specification can be obtained fromhttp://home.netscape.com/newsref/std/SSL.html

4 The recent announcement by Netscape, Microsoftand Verisign of a “supercertificate” agreed by theUS government for issue to “approved” foreignfinancial institutions, will enable full 128 bit keys tobe used internationally (except in France) by cus-tomers communicating with bank servers havingsuch a supercertificate. It remains to be seenwhether this crypto imperialism on the part of theUS will be unquestioningly accepted by the rest ofthe world.

Meanwhile, the US government is trying hard torestrict domestic use of strong crypto not just itsexport. The “Secure Public Network Act’, recentlyrushed through the Senate Commerce Committeewith virtually no debate, aims to make the use of non-escrowed strong cryptography a criminal offencewithin the US.

5 VeriSign, founded as an off-shoot of RSA Data Securityand with financial backing from Visa International,launched the first online Certification Authority on theWeb in September 1995, and started issuing “DigitalIds” for individuals using Netscape in May 1996. Theycan be browsed on http://www. verisign.com/

6 First Virtual (Holdings) can be browsed on http://www.fv.com/

7 CyberCash can be browsed on http://www.cybercash.com/

8 Visa can be browsed on http://www.visa.com/visa/

9 Mastercard can be browsed on http://www.mastercard.com/

10 Microsoft can be browsed on http://www.microsoft.com/

11 This view is supported by an analysis of Bill Gates inSchlender, B., “Keeping up with Moore’s Law”,Fortune, 16 January 1995, pp. 35-63.

12 In fact the Mastercard protocol SEPP was based verylargely on the IKP protocol developed by IBM’s Zurichresearch laboratories and used as the basis of aEuropean research project into electronic commerce –SEMPER (also supported by Europay). IBM can bebrowsed on http://www.ibm.com/

13 GTE have been operating key management servicesfor the US Department of Defense since the 1980s.They are in the process of establishing commercialcertification authority services as part of theirCyberTrust service. CyberTrust can be browsed onhttp://www. cybertrust.gte.com/

14 Details of STT can be obtained from http://www.microsoft.com/windows/ie/stt.htm

15 Details of SEPP can be obtained from http://www.mas-tercard.com/Sepp/sepptoc.htm

16 Details of SET can be obtained from http://www.mas-tercard.com/set/set.htm

17 PBS can be browsed on http://www.pbs.dk

18 BankNet can be browsed on http://mkn.co.uk/bank

19 FSTC can be browsed on http://www.llnl.gov/fstc/

20 For a comprehensible explanation see Chaum, D.,“Achieving electronic privacy”, Scientific American,August 1992, pp. 96-101.

21 Digicash can be browsed onhttp://digicash.support.nl/

22 Mark Twain Bank can be browsed on http://www.marktwain.com/

23 Details of the security flaws so far found by IanGoldberg have been widely discussed on the cypher-punks mailing list – the archives of which are availableat http://infinity.nus.sg/cypherpunks/

24 “Mondex Byte Scheme Completes Millionth Transac-tion”, Mondex UK News Release, 2 December 1994.

25 CIBC can be browsed on http://www.cibc.com/

26 RBC can be browsed on http://www.royalbank.com/

27 Bell Canada can be browsed on http://www.bell.ca/

28 Wells Fargo can be browsed on http://www.wellsfargo.com/

29 Mondex information is available by e-mail from [email protected] or can be browsed on http://www.mondex.com/mondex/

30 Details of OTP will be released this summer and will beavailable from http://www.mondex.com/

31 Much of the literature has been produced by technolo-gists and has concentrated on the mathematics ofsecurity mechanisms. See for example, Brands, S.,“Electronic cash on the Internet”, Proceedings of theInternet Society 1995 Symposium on Network andDistributed System Security, San Diego, February1995.

32 Some of the literature is government sponsored, forexample “Digital cash, tokens and payments on theNII”, a report by the Cross-Industry Working Team(XIWT), which can be obtained fromhttp://www.cnri.reston. va.us:3000/XIWT/public.html

33 Some of the literature is actually written from aneconomist’s point of view, for example “So much forthe cashless society”, The Economist, 26 November1994, pp. 25-30.

34 A small (thankfully increasing) subset of the literatureis written from the viewpoint of the eventual users, forexample Levy, S., “E-money (that’s what I want)”,Wired, December 1994, pp. 174-9, 213-8.

35 For a good overview of security implications ofcommerce on the Internet, and especially the ways inwhich certification authorities may operate seeNeuman, B.C., “Security, payment, and privacy fornetwork commerce”, IEEE Journal on Selected Areasin Communications, Vol. 13 No. 8, Oct 1995,pp. 1523-31, which is also available online from theIEEE SEPTEMBER service at http://www.research.att.com/jsac/

36 “Survey: smart cards and the Internet”, Card Technol-ogy Today, September 1995, pp. 12-16.

299


S. Peter Buck


Volume 10 · Number 6 · 1997 · 289–299

From electronic money to electronic cash: payment on the Net

Documents

Transcript of From electronic money to electronic cash: payment on the Net