1 / 32

Internet payment systems

Varna Free University. Internet payment systems. E-BUSINESS. Prof. Teodora Bakardjieva. Outline. Introduction Issues related Security Outstanding protocols Mechanisms Advantages and disadvantages Conclusion. Introduction.

danno
Download Presentation

Internet payment systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Varna Free University Internet payment systems E-BUSINESS Prof. Teodora Bakardjieva

  2. Outline • Introduction • Issues related • Security • Outstanding protocols • Mechanisms • Advantages and disadvantages • Conclusion 27 Sept. 99

  3. Introduction • In the past year, the number of users reachable through Internet has increased dramatically • Potential to establish a new kind of open marketplace for goods and services 27 Sept. 99

  4. Introduction (cont) • Online shops in Internet • Bookshop (Amazon.com) • Flight Resevation and Hotel Reservation shopping place, etc. • An effective payment mechanism is needed 27 Sept. 99

  5. Issues related • Security Performance • Reliability • Efficiency • Bandwidth • Anonymity (mainly in electronic coins) 27 Sept. 99

  6. Security • Internet is not a secure place • There are attacks from: • eavesdropping • masquerading • message tampering • replay 27 Sept. 99

  7. How to solve? • RSA public key cryptography is widely used for authentication and encryption in the computer industry • Using public/private (asymmetric) key pair or symmetric session key to prevent eavesdropping 27 Sept. 99

  8. How to solve? (cont) • Using message digest to prevent message tampering • Using nonce to prevent replay • Using digital certificate to prevent masquerading 27 Sept. 99

  9. Outstanding protocols • Credit card based • Secure Electronic Transaction (SET) • Secure Socket Layer (SSL) • Electronic coins • DigiCash • NetCash 27 Sept. 99

  10. Credit-card based systems • Parties involved: cardholder, merchant, issuer, acquirer and payment gateway • Transfer user's credit-card number to merchant via insecure network • A trusted third party to authenticate the public key 27 Sept. 99

  11. Secure Electronic Transaction (SET) • Developed by VISA and MasterCard • To facilitate secure payment card transactions over the Internet • Digital Certificates create a trust chain throughout the transaction, verifying cardholder and merchant validity • It is the most secure payment protocol 27 Sept. 99

  12. Financial Network Card Issuer Payment Gateway Card Holder Merchant Framework Non-SET Non-SET SET SET 27 Sept. 99

  13. Payment processes • The messages needed to perform a complete purchase transaction usually include: • Initialization (PInitReq/PInitRes) • Purchase order (PReq/PRes) • Authorization (AuthReq/AuthRes) • Capture of payment (CapReq/CapRes) 27 Sept. 99

  14. Merchant Typical SET Purchase Trans. CardHolder Payment Gateway PInitReq PInitRes PReq AuthReq AuthRes PRes CapReq CapRes

  15. Initialization PInitReq: {BrandID, LID_C, Chall_C} Cardholder Merchant PInitRes: {TransID, Date, Chall_C, Chall_M}SigM, CA, CM 27 Sept. 99

  16. Purchase order PReq: {OI, PI} Cardholder Merchant Pres: {TransID, [Results], Chall_C}SigM 27 Sept. 99

  17. Authorization {{AuthReq}SigM}PKA Merchant Acquirer Issuer Existing Financial Network {{AuthRes}SigA}PKM 27 Sept. 99

  18. Capture of payment CapReq CapToken CapToken Clearing Merchant Acquirer Issuer Existing Financial Network {{CapRes}SigA}PKM 27 Sept. 99

  19. Advantages • It is secure enough to protect user's credit-card numbers and personal information from attacks • hardware independent • world-wide usage 27 Sept. 99

  20. Disadvantages • User must have credit card • No transfer of funds between users • It is not cost-effective when the payment is small • None of anonymity and it is traceable 27 Sept. 99

  21. Electronic cash/coins • Parties involved: client, merchant and bank • Client must have an account in the bank • Less security and encryption • Suitable for small payment, but not for large payment 27 Sept. 99

  22. DigiCash (E-cash) • A fully anonymous electronic cash system • Using blind signature technique • Parties involved: bank, buyer and merchant • Using RSA public-key cryptography • Special client and merchant software are needed 27 Sept. 99

  23. Withdrawing Ecash coins • User's cyberwallet software calculates how many digital coins are needed to withdraw the requested amount • software then generates random serial numbers for those coins • the serial numbers are blinded by multiplying it by a random factor 27 Sept. 99

  24. Withdrawing Ecash coins (cont) • Blinded coins are packaged into a message, digitally signed with user's private key, encrypted with the bank's public key, then sent to the bank • When the bank receives the message, it checks the signature • After signing the blind coins, the bank returns them to the user 27 Sept. 99

  25. Spending Ecash 27 Sept. 99

  26. Advantages • Cost-effective for small payment • User can transfer his electronic coins to other user • No need to apply credit card • Anonymous feature • Hardware independent 27 Sept. 99

  27. Disadvantages • It is not suitable for large payment because of lower security • Client must use wallet software in order to store the withdrawn coins from the bank • A large database to store used serial numbers to prevent double spending 27 Sept. 99

  28. Comparisons • SET • use credit card • 5 parties involved • no anonymous • large and small payment • Ecash • use e-coins • 3 parties involved • anonymous nature • a large database is needed to log used serial numbers • small payment 27 Sept. 99

  29. Conclusions • An effective, secure and reliable Internet payment system is needed • Depending on the payment amount, different level of security is used • SET protocol is an outstanding payment protocol for secure electronic commerce 27 Sept. 99

More Related