payment and cash standards content 1. credit-card transactions 2. digital currency, e-wallets, smart...
TRANSCRIPT
Payment and Cash Standards
Content
1. Credit-Card Transactions2. Digital Currency, E-Wallets, Smart Cards3. Secure Electronic Transactions (SET)4. Online Banking
• The electronic transfer of funds is key to conducting e-business successfully
• Discussion includes:– How individuals and organizations perform monetary
transactions on the Internet
– Payments by credit card, cash, and check; payments to businesses; peer-to-peer payments; banking and bill paying
– Companies who are developing online payment technology
– Products, software, and services that these companies produce
Introduction
Introduction (cont.)
• Secure e-transactions crucial to e-commerce– Internet and wireless monetary transactions
• Credit-card transactions
• Digital cash
• Electronic wallets
• Smart cards
• Micropayments
– Payment transaction organizations and standards
• Standards: guidelines for technologies, formats or processes– Approved by standards committee
– Or widely adopted by an industry without formal process
• Online transaction standards– Security protocols to ensure safe transactions
• SSL which uses public-key cryptography
– Open Financial Exchange organization• Internet standard for exchanging financial information
Online Transaction Standards
Credit-Card Transactions • Customers fear credit-card fraud
– Credit cards have been developed to accommodate online and offline payments
• The Prodigy Internet Mastercard guarantees online fraud protection
• To accept credit-card payments, a merchant must have a merchant account with a bank– Specialized Internet merchant accounts have been
established to handle online credit-card transactions• Transactions are processed by banks or third-party services
• Traditional merchant accounts accept only POS (point-of-sale) transactions– Those that occur when you present your credit card at a
store
Credit-Card Transactions (cont.) • Companies enable merchants to accept credit-card
payments online. – These companies have established business
relationships with financial institutions that will accept online credit-card payments for merchant clients.
– CyberCash and iCat
• Merchant account with bank– Traditionally only accept point-of-sale transactions: presence of
credit-card at store
– Internet merchant accounts accept card-not-present transactions: information exchange without card presence
• An online credit-card transaction– Buyer submits credit-card, shipping and billing information
– Merchant submits information to acquiring bank (merchant’s bank)
– Buyer’s account verified by issuing bank (buyer’s bank)
– Merchant receives verification
– Product shipped and payment issued
Anatomy of an Online Credit-Card Transactions
Anatomy of an Online Credit-Card Transactions (cont.)
Merchant Acquiring Bank
Issuing Bank
Credit CardAssociation
Credit Card2
Information
Makes purchase at online store. Credit card information is received by the e-store.
Information4Verified
3
5
3
Basic steps in an online credit-card transaction.
1
Cardholder Merchantcredit card
Card Brand Company
Payment authorization, payment data
Issuer Bank
CardholderAccount
Acquirer Bank
MerchantAccount
account debit data payment data
Credit Card Procedure
9
payment data
amount transfer
• Digital cash – Stored electronically, used to make online electronic
payments
– Digital cash accounts are similar to traditional bank accounts
– Digital cash used with other payment technologies (digital wallets)
– Alleviates some security fears online credit-card transactions
– Digital cash allows those with no credit cards to shop online
– Merchants accepting digital-cash payments avoid credit-card transaction fees
– eCash Technologies, Inc. is a secure digital-cash provider that allows you to withdraw funds from your traditional bank account
Digital Currency (eCash)
Digital Currency (cont.)
• Gift cash, often sold as points, can be redeemed at leading shopping sites – An effective way of giving those without credit cards,
the ability to make purchases on the Web
• Points-based rewards – Points are acquired for completing specified tasks
including visiting Web sites, registering or buying products
– Points can then be redeemed
eCash Idea
• Electronic cash is token money in the form of bits, except unlike token money it can be copied.
• Bank issues character strings containing:– denomination– serial number– bank ID + encryption of the above
• First person to return string to bank gets the money
Withdrawal:
Spending:
PersonalTransfer:
ALICE BUYS DIGITALCOINS FROM A BANK
ALICE SEND UNSIGNEDBLINDED COINS TO THE BANK
BANK SIGNS COINS, SENDS THEM BACK. ALICE UNBLINDS THEM
ALICE PAYS BOBBOB VERIFIES COINSNOT SPENT
ALICE TRANSFERS COINS TO CINDYCINDY VERIFIES COINSNOT SPENT
BOB DEPOSITS
CINDY GETS COINS BACK
WALLETSOFTWARE
eCash Flow
E-Wallets
• Electronic wallets: – Keep track of billing and shipping information
– Hold e-checks, e-cash and credit-card information for multiple cards
– Visa, MBNA and Entrypoint.com offer e-wallets
• Standardization– Some vendors accept only specific e-wallets
– 1999, Electric Commerce Modeling Language (ECML)• Standardized payment presentation
• Many vendors adopted it
Smart Cards
• Smart card processors hold more information than credit card magnetic strips– Store credit-card numbers, contact information, etc.
– Contact smart cards• Placed in smart-card reader for information transfer
– Contactless smart cards• Antenna enables information transfer
• Faster than contact smart card
• Security– Password protection
– Security designations assigned to information
– Encryption
Smart Cards (cont.)
• Visa Cash smart card– Disposable and reloadable cards
– Internet purchases, expressway tolls and parking fees
• Smart Card Industry Association (SCIA) www.scia.org
Smart Card Example -- Mondex
• Smart-card-based, stored-value card (SVC)• Subsidiary of MasterCard• NatWest (National Westminister Bank, UK) et al.• Secret chip-to-chip transfer protocol• Value is not in strings alone; must be on Mondex card• Loaded through ATM
– ATM does not know transfer protocol; connects with secure device at bank
• Spending at merchants having a Mondex value transfer terminal
Other Examples
• Octopus – MTR, KCR, KMB, First Bus, Ferry, Minibus– PolyU Canteen– 7-11– Softdrink Vending Machine
• HK Identity Card (in near future)– Library Card– Driving Licence– Other Personal Information, e.g., Health Record
Micropayments
• Merchants pay fee for each credit-card transaction • Micropayments
– Payments that generally do not exceed $10, allows companies offering nominally priced products to profit
• To offer micropayments, some companies form strategic partnerships with utility companies – eCharge enables companies to offer this option to
customers• eCharge uses ANI (Automatic Number Identification) to verify
the identity of the customer and the purchases they make
Alternative Payment Options
• Outside US, many opt for prepaid cards instead of cash or credit cards– Wireless-payment cards enable transactions with POS
devices
– Convenience and grocery stores can add monetary value to some pre-paid accounts
– Examples include CashX (www.cashx.com) and Vodago
• Non-electronic payment methods– Cash-on-delivery (COD): payment upon item’s delivery
– Debit cards: deduct directly from checking account
– Automatic Teller Machine (ATM): withdraw cash
• Online payments without credit cards– AmeriNet (www.debit-it.com): allows checking account
number as form of payment
– Online currency: Cybergold (www.cybergold.com) and RocketCash (www.RocketCash.com)
Alternative Payment Options (cont.)
• SET is an open technical standard for the commerce industry developed by Visa and MasterCard as a way to facilitate secure payment card transactions over the Internet.
• Digital Certificates create a trust chain throughout the transaction, verifying cardholder and merchant validity, a process unparalleled by other Internet security solutions.
• Introduced jointly by VISA, Mastercard, IBM, Microsoft, Netscape, RSA, SAIC, Terisa and Verisign in 1997.
Secure Electronic Transactions (SET)
Secure Electronic Transactions (cont.)
• Merchant doesn’t see card no.
• Uses Internet to reach acquirer
• High credit card transaction cost
Credit CardAcquirer
Secure“tunnel”through theInternet
Consumer
Internet
Credit CardIssuerIssuer bills Consumer
Secure Electronic Transactions (cont.) • Requires both consumer and merchant to have digital
certificates• Merchant never sees any payment information -- it is passed to
the acquirer• Bank never sees any order information, only payment
information
• Customer gets a credit card from an issuing bank• Customer obtains a digital certificate (online)• Merchant gets certificate from acquiring bank with merchant's
public key and the bank's public key• Customer places an order over the Web (now we need a payment
protocol). SET is invoked• Customer's browser confirms from the merchant's certificate that
the merchant is valid• Browser sends:
– order information encrypted with the merchant's public key
– payment information encrypted with the bank's public key
– information to prevent the payment from being used with another order.
SET Overview
• Merchant verifies customer’s certificate• Merchant sends a payment message to acquiring bank,
encrypted with bank’s public key, containing:– customer's payment information (which merchant can’t read)
– merchant's certificate
• Bank verifies the merchant and the message using merchant’s digital signature on its certificate and verifies the payment info
• Banks sends authorization to the merchant (with bank’s digital signature). Merchant can now fill the order.
SET Overview (cont.)
Customer asks Merchantfor digital certificates
Customer makespurchase request
Merchant asks Acquirerfor authorization
[Merchant asks Acquirerto reverse authorization]
Merchant asks Acquirerto capture payment
Customer asks Merchantfor transaction status
SET messages come in pairs: Request followed by
Response
Appropriate cryptographyis applied to messagewrappers
SET Message Flow
Online Banking
• Internet-only banks – Offer convenience and lower rates to their customers– Establishing a physical presence
• The hybrid bank model – Going online has become important for the survival and
growth of small local banks– Smaller banks will usually partner with third-party
service providers to make the transition to the Internet
Example: Hang Seng e-Banking
• Try main.hangseng.com – Account Information– Transfer– Foreign Currency– Remittance– Pay Bill– Time Deposit– Stock Purchase
Main References
• e-Business & e-Commerce: How to Program, 1/e, by H.M. Deitel, P.J. Deitel and T.R, Nieto, Prentice Hall, 2000
• Cryptography and Network Security, 2/e, by William Stallings, Prentice Hall, 2000
• Electronic Commerce: A Managerial Perspective, 1/e, by Efraim Turban, Jae Lee, David King and H.Michael Chung, Prentice Hall, 2000