Electronic Payment System

WHAT IS ELECTRONIC PAYMENT?

Is a system that permits online payment between parties using an electronic surrogate The electronic surrogate is backed by financial institutions and/or trusted intermediaries

The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tender

ELECTRONIC PAYMENT SYSTEM

An e-commerce payment system facilitates the acceptance of electronic payment for online transactions. Also known as a sample of Electronic Data Interchange (EDI), e-commerce payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking. In the early years of B2C transactions, many consumers were apprehensive of using their credit and debit cards over the internet because of the perceived increased risk of fraud.

E-PAYMENT SYSTEMS

numerous different payments systems available

traditional credit, debit and charge card new technologies such as digital wallets, e-cash, mobile payment and e-checks.

Another form of payment system is allowing a 3rd party to complete the online transaction for you. These companies are called Payment Service Providers (PSP).

E-PAYMENT SYSTEMS TYPES

E-PAYMENTS

CREDIT CARDS AND SMART CARDS

Over the years, credit cards have become one of the most common forms of payment for ecommerce transactions.

In North America almost 90% of online B2C transactions were made with this payment type. however it contains an embedded 8-bit microprocessor and uses electronic cash which transfers from the consumers card to the sellers device. A popular smartcard initiative is the VISA Smartcard.

A Smartcard is similar to a credit card;

ELECTRONIC BILL PRESENTMENT AND PAYMENT

Electronic bill presentment and payment (EBPP)

a fairly new technique that allows consumers to view and pay bills electronically. There are a significant number of bills that consumers pay on a regular basis, which include: power bills, water, oil, internet, phone service, car payments etc.

EBPP systems send bills from service providers to individual consumers via the internet. The systems also enable payments to be made by consumers, given that the amount appearing on the e-bill is correct.

CURRENT STATUS

ePayment opportunities are growing slowly

New players are entering ePayment marketplace

Variety of ePayment mechanisms and devices creating state of chaos

Infrastructure for ePayment is complex and expensive to deploy

Lack of critical mass adoption and acceptance Online payment is hard to implement globally

EPAYMENT IS STILL EVOLVING ...

Business Realities Security Infrastructure Customer Profiles

New ePayment Solutions

Authentication Models Payment Types

Spa

EPAYMENT CHANNELS

Defined as touch points where a payment transaction is originated or initiated Can be executed through a variety of channels Internet based Kiosks Contactless or proximity sensors Mobile e.g. mobile phones, PDA

EPAYMENT INSTRUMENTS

Defined as the medium in which the value is recognised in a payment transaction Card-based such as
Credit
buy

and charge cards

now, pay later

Debit
buy

cards
now, pay now

Cash
buy

cards, stored-valued, e-cash

now, prepaid or pay before

CREDIT CARDS

Most widely used

banks

able to leverage existing card infrastructure appears defacto online payment

Largely unencrypted
card-not-present

transactions processed without customer & merchant authentication is when customer demands a

Charge back risk for merchants

charge-back

refund banks transfer liabilities of charge-backs to the merchants

DEBIT CARDS

Direct electronic transfer of account direct account debiting

Uses chip/smart eWallets

Digital signature to secure access

Connected to eBanking solution

DIGITAL CASH

A system of purchasing cash and storing the credits in consumers computer Computerised stored value is used as a form of cash to be spent in small increments A third party is involved in the payment transactions Examples: Beenz, Billpoint, Paypal

CAZH

A project by ABN-Amro

A debit system that creates network between merchant and bank to allow customers pay for the goods by direct debit of customers bank account Once customer has been authenticated by his/her bank, he/she can authorise the bank to pay the merchant on the goods purchase Similar to Nets POS but in cyberspace

CASH CARD

Payment solution on a proprietary protocol that allows payment over the Internet A digital/virtual wallet with prepaid creditbased/token-based payment system Enables low-value electronic payments on the Internet Limited distribution, proprietary solutions Needs to install card reader and download free eWallet

ECHEQUE

A formatted email message that consists of payee name, amount, payment date, payers account number, and payers bank Digital certificate and signature are used to secure the cheque so that the contents are not tampered with A signed electronic cheque is exchanged between the parties financial institutions through automated clearing house

MOBILE WALLET

Relatively new space exploited by telcos and nonfinancial enterprises

Provides ePurse functionality to replace card-type payments

Aggregating micro-payments onto the mobile phone bill Can use mobile access device to authenticate payers identity

SIM card well placed to function and control payment process and authentication

COMPONENTS OF ONLINE PAYMENT SYSTEM

Consumer Online Merchants Payment Enablers
Merchant Acquirers
Payment Gateways

Payment Clearinghouses

Competing Authenticatio n Services

Shopping Cart Vendors Non-bank payment Processors

EPAYMENT RISKS
Buyer
Internet

Merchant

Private network

Payment gateway
Bank network

Use of stolen card

Credit card number or password stolen from computer Unauthorised access

Information modified in transit

Payment info stolen from merchant

Masquerading as legitimate merchant

Internet
Information modified in transit

Information stolen

Key info stolen by merchant staff

Research on online shopping

Survey By
Odyssey, 2000 Cyber Dialogue, 2000 Pricewaterhouse Coopers, 2000 Greenfield Online, 2000 Pew Internet & Am Life Project, June 2000 Jupiter Research, May 2000 Odyssey, 2000

Question Asked
Features that will increase the likelihood to buy online? Important features of online shopping sites? Barriers to online purchasing? Barriers to online purchasing? Worries and concerns regarding online activities? Factors that would motivate new users to purchase online? Factors that would convert nonbuyers to buyers online?

Results
88% of online shoppers said guaranteed credit card security, 2nd highest feature cited. 85% of online shoppers said secure transactions, the highest cited feature. 79% of Internet users said credit card security, the number one cited barrier. 47% of Internet users said credit card security, the 3rd highest barrier cited. 68% of Internet users said hackers getting credit card number, 2nd highest concern cited 58% of new Internet users said better security, the 3rd highest factor cited. 60% of non-buyers said credit card security, the highest factor cited.

HOW CAN WE SECURE EPAYMENT?

The Trust Principle

The parties to the transaction must trust each other Buyer must believe that seller is legitimate and will deliver the goods Buyer must believe that goods are as represented and are worth the price

Seller must believe that buyer is legitimate and will pay for the goods purchased

HOW CAN WE SECURE EPAYMENT?

The Security Principle

Parties need a secure environment in which to conduct the electronic transactions

Seller needs to protect the details of the transactions Buyer needs to be certain that his/her information is securely handled and stored Buyer needs to be certain that information is not stolen that it can be inappropriately used

EPAYMENT SOLUTIONS

Must provide security: resistance to fraud and online attacks Reliable: highly available and accessible at all times Cost effective: cost per transaction should be low even for micro-payment Integrated and scaleable: interoperable amongst different systems, payment methods and multiple servers distributed across the Internet Convenient and easy to use: should support several devices

Anonymity: should protect the identities of parties to the transactions and should not monitor the sources of finance

SECURING EPAYMENTS

Identification and authenticate

the

ability to verify both the transacting parties

Authorization
the

ability to validate the rightful owner to the transaction

Integrity and confidentiality

the

ability to transmit the transaction securely the ability to store the transaction properly

Accountability
The

ability to provide audit trail as evidence in dispute mechanism to settle disputes/nonrepudiation

Policies for sharing risks and liabilities

the

AUTHENTICATION MODELS

Something you have and something you know ATM card model Known to the back-end (server), synchronize with each transaction using a one time random number Secur-ID model Sign each transaction PKI-model Tie into a real person Biometrics

EPAYMENT TRANSACTION CYCLE

8 9

Issuing Bank pays Visa / Mastercard

Transaction voucher to Issuing Bank

Buyer

Voucher to Acquiring Bank

Reimburses merchant

Sends transaction voucher to Visa / Mastercard

3 6

Visa / Mastercard reimburses Acquiring Bank

SECURE SOCKETS LAYER (SSL)

A security protocol to protect sensitive data transmitted over the Internet Uses encryption to protect the transmission of data When SSL session starts, server sends key to the browser, which returns random key to the server Ensures that data are not tampered with or stolen en route

SECURE ELECTRONIC TRANSFER SET

Protocol by Visa and MasterCard released in 1996

3 party system - cardholder, merchant and bank using SET-enabled systems

Uses digital certificate to ensure cardholder is who he/she says he/she is or claims to be Credit card details are invisible to merchants, protected by encryption for clearing bank