UNIT 2

Electronic Payment Systems

Work on EFT (Electronic Fund Transfer)

What is EFT? Banking and Financial Payments (Wholesale payments, Small scale payments and Home banking) Retailing Payments (Credit Cards, Debit Cards, Charge Cards) Online Electronic Commerce Payments Token-based payment systems Electronic Cash(digicash), Electronic Checks(NetCheque) & Smart cards (Mondex Electronic Currency Card) Credit card based payment systems Encrypted credit cards (WWW form-based encryption) Third party authorization numbers (First Virtual)

Electronic Fund Transfer

EFT: Transfer of funds through an electronic terminal, telephonic instrument, or computer or magnetic tape so as to order/authorize a financial institution to debit or credit an account.

Digital Token-based EPS

Electronic token
designed as electronic analogs of various forms of payment backed by a bank or
financial institution.

3 types
Cash or real-time
Debit or prepaid Credit or postpaid

- Electronic Cash (E-cash)

- Smart Card/debit Card - Credit Card/Debit Card & Electronic checks

Four dimensions
Nature of transaction for which the instrument is designed Means of settlement Approach to security, anonymity, and authentication Question of risk

Electronic Cash (E-Cash/Digital Cash)

Term that describes any value storage and exchange system created by a private entity that
Does not use paper documents or coins Can serve as a substitute for government-issued physical currency

Attractive in two arenas

Sale of goods and services of less than $10 Sale of higher-priced goods and services to those without credit cards

Micropayments and Small Payments

Micropayments
Internet payments for items costing from a few cents to approximately a dollar

Small payments
Payments of less than $10

Properties of E-cash
E-cash must have a monetary value. E-cash must be interoperable. E-cash must be storable and retrievable. E-cash should not be easy to copy or tamper while being exchanged.

Privacy and Security of Electronic Cash

Concerns about electronic payment methods include Privacy and security issues E-cash should have two important characteristics with physical currency spend e-cash only once. ought to be anonymous

Advantages and Disadvantages of Electronic Cash

Advantages of electronic cash Independence (unrelated to any network or storage device) Portability (freely transferable between two parties) Convenience (doesnt require special hardware and software) Transactions are more efficient Transfer on the Internet costs less than processing credit card transactions Disadvantages of electronic cash Use provides no audit trail Problem of money laundering arises Susceptible to forgery

Purchasing E-cash from Currency Servers

The purchase of e cash from an on-line currency server (or bank) involves two steps: (1) Establishment of an account and (2) Maintaining enough money in the account to back the purchase.

Purchasing E-cash from Currency Servers

How does this process work? - User should have an e-cash account at a digital bank on the internet. - When an e-cash withdrawal is made, the PC of user calculates how many digital coins of what denominations are needed to withdraw the requested amount. - Random numbers of these coins will be generated and the blinding (random number) factor will be included. - The result of these calculations will be sent to the digital bank. - The bank encode the blinded numbers with its secret key (digital signature) and at the same time debit the account of the client for the same amount. - The authenticated coins are sent back to the user and finally user will take out the blinding factor.

Purchasing E-cash from Currency Servers

In cryptography, a blind signature, as introduced by David Chaum, is a form of digital signature in which the content of a message is disguised (blinded) before it is signed.

Purchasing E-cash from Currency Servers

This method of note generation is very secure, as neither the customer (payer) nor the merchant (payee) can counterfeit the banks digital signature (analogous to the watermark in paper currency). Payer and payee can verify that the payment is valid, since each knows the banks public key. The bank is protected against forgery, the payee against the banks refusal to honor a legitimate note, and the user against false accusations and invasion of privacy.

Double Spending
Spending a particular piece of electronic cash twice by submitting the same electronic currency to two different vendors. By the time the same electronic currency clears the bank for second time, it is too late to prevent the fraudulent act. Encryption techniques used to prevent double spending.

Payer
Transfer digital cash

Payee

Issue cash Check for double spending

Bank
Database of spent notes

Bank Digital Currency Server

Detection of double spending

Business Issues and Electronic Cash

E-cash fulfills the two main functions: As a medium of exchange As a store of value - Intangible cash - Enormous currency fluctuations in international finance - Bank could not create new money via lending in the digital world; Bank would see electronic money as unproductive. - E-cash started to bypass regulated foreign exchange markets.

Operational Risk and Electronic Cash

Operational risk associated with e-cash can be mitigated by imposing constraints, such as limits on
1. Time over which a given electronic money is valid 2. How much can be stored on and transferred by electronic money 3. No. of exchanges that can take place before a money needs to be redeposited with a bank or financial institution 4. No. of such transactions that can be made during a giving period of time

Legal Issues and Electronic Cash

The impact of e-cash on taxation. (transaction based taxes sales tax) Easy use of cash leads to expand the underground economy (money laundering) These legal issues to be considered.

Providing Security for Electronic Cash

Cryptographic algorithms
Keys to creating tamperproof electronic cash that can be traced back to its origins

Anonymous electronic cash

Electronic cash that cannot be traced back to the person who spent it

Creating truly anonymous electronic cash

Requires bank to issue electronic cash with embedded serial numbers

Electronic Check
Another form of electronic tokens An e-Check is an electronic transfer of funds in which the money is taken from a bank account, typically a checking account. The account's routing number and account number are used to draw funds from the account. e-Checks can clear much faster than written checks.

Electronic Check
Payer
Transfer electronic check

Payee

Deposit check

Forward check for payer authentication

Bank

Accounting Server

Payment transaction sequence in an electronic check system

Electronic Check - Advantages

Work in the same way as traditional checks Well suited for micropayments; the use of conventional cryptography makes it much faster than systems based on public key cryptography (ecash) E-checks create float and availability of float. (third party- accounting server make money by charging) Financial risk is assumed by the accounting server

Cryptography
Public key cryptography (E-cash)
When X wants to send a secure message to Y, he uses Y's public key to encrypt the message. Y then uses private key to decrypt it.

Conventional cryptography (E-check)

NetCheque
A prototype electronic check system Developed at the Information Sciences Institute of the University of Southern California. Registered users may write checks to other registered users through e-mail or other network protocols. When the check is deposited, it authorizes the transfer of funds from the issuer's account to the receiver's account. All information is kept on a netcheque server, which is responsible for keeping accounts for customers, approving payments, and making the necessary changes in client accounts. Security wise, Netcheque uses Kerberos for signature authentication, and it uses conventional cryptography, not public key cryptography.

Smart Cards and Electronic Payment Systems

Smart Card Credit and debit cards and other card products enhanced with microprocessors capable of holding more information than the magnetic stripe. The chip can store greater amounts of data (80 times more than a magnetic stripe) Two types of smart cards:
Relationship-based smart credit cards Electronic purses

Relationship-based Smart Cards

An enhancement of existing card services and/or the addition of new services that financial institution delivers to its customers via a chip-based card or other device.
New services include access to multiple financial accounts (debit, credit, investment, e-cash) value-added marketing programs Variety of functions such as cash access, bill payment, balance enquiry, electronic transfer other information.

Mondex
Smart card that holds and dispenses electronic cash Introduced in 1990 and now part of MasterCard International Can accept electronic cash directly from a users bank account Card carries real cash in electronic form
Risk of theft may deter users from loading it with very much money

Mondex (Continued)
Steps in using a Mondex card to transfer electronic cash from buyer to seller 1. 2. 3. 4. 5. Card user inserts Mondex card into reader Merchants terminal requests payment Customers card checks merchants digital signature Merchants terminal checks customers just-sent digital signature for authenticity Once electronic cash is deducted from the cardholders card Same amount is transferred into the merchants electronic cash account

Mondex Smart Card Processing

Electronic Wallets
Hold credit card numbers, electronic cash, owner identification and contact information
Give consumers the benefit of entering their information just once Make shopping more efficient

Electronic Wallets (Continued)

Server-side electronic wallet
Stores customers information on a remote server belonging to a particular merchant or wallet publisher

Client-side electronic wallet

Stores consumers information on his or her own computer

Microsoft .NET Passport

An electronic wallet operated by Microsoft Passport consists of four integrated services
Passport single sign-in service (SSI) Passport Wallet service Kids Passport service Public profiles

Microsoft .NET Passport Home Page

PayPal Payment Method Search Option on eBay Main Search Page

PayPal is an account-based system that lets anyone with an email address securely send and receive online payments using their credit card or bank account. It is the most popular way to electronically pay for eBay auctions and it is becoming a cheap way for merchants to accept credit cards on their online storefronts instead of using a traditional

Online Payment Basics (Continued)

Scrip
Digital cash minted by a company instead of by a government Cannot be exchanged for cash Like a gift certificate that is good at more than one store

eScrip, National Scrip Center and Scrip.com focus on not-for-profit fundraising market.

Credit card
Visa or MasterCard
Has spending limit based on users credit history

Credit Card

Debit Card

- Removes amount from cardholders bank account - Transfers it to sellers bank account

Charge Card

Carries no spending limit Amount charged is due at end of billing period

Credit Card-based Electronic Payment Systems

To avoid complexity associated with digital cash and electronic checks, consumers and vendors are also looking at credit card payments on the internet. Credit card payment on online network: - Payments using plain credit card details - Payments using encrypted credit card details - Payments using third-party verification

Encryption and Credit Cards

Processing payments using encrypted credit cards

Third party processors and Credit Cards

Customer Merchant

Client Browser Payment Server

Merchant Server

Online third party processors with links to multiple payment systems

Online Third Party Processor (OTPP)

OpenMarket www.openmarket.com
First Virtual www.fv.com

On-line payment process using a third-party processor

Pros and Cons of Credit Card-based payment

Advantages: Credit card company assumes a large share of financial risk for both buyer and seller in a transaction. Record keeping with credit card Disadvantages Transactions are not anonymous. Disputes may arise because different services may have different policies. Complexity of credit card processing takes place in the verification phase. If there is a lapse in time between the charging and the delivery of goods or services, the customer verification process is simple.

Risk and Electronic Payment Systems

One essential challenge of E-Commerce is risk management. Operation of Payment system incurs: - Fraud or mistake - Privacy Issues - Credit Risk

Risks from Mistake and disputes

Record keeping Includes
Permanent storage Traceability and accessibility Payment system database Data transfer to payment maker, bank or monetary authorities

Customers might feel that all this record keeping is an invasion of privacy

Managing information privacy

EPS must ensure and maintain privacy.

Managing Credit Risk

Credit or Systemic risk is a major concern in net settlement system. Digital central bank must develop policies to deal with this possibility.

Designing Electronic Payment Systems

Privacy Security Intuitive interfaces Database Integration Brokers Pricing Standards

Exercise
How debit card is different from credit card? Discuss the various Electronic Payment Systems. What are electronic cheques ? How they are different from traditional cheques? How electronic purses work? What are smart cards? How electronic checks are differ from credit card? How On-line third-party processors (OTPPs) differ from electronic token system?