260 likes | 639 Views
Financial Transactions on Internet. Financial transactions require the cooperation of more than two parties . Transaction must be very low cost so that small transactions can be afforded. Transactions must be very secure in order for financial players to want to enter the Internet market.
E N D
Financial Transactions on Internet • Financial transactions require the cooperation of more than two parties. • Transaction must be very low cost so that small transactions can be afforded. • Transactions must be very secure in order for financial players to want to enter the Internet market. • Electronic payment is the corner stone of electronic commerce.
Payment Technologies • Digital Currency: • Can be used with or without smartcards. • Ideal for very small payments. • Electronic Credit Card Payment: • Some rely on secure transmission of credit card numbers. • Others accumulate payment requests at a trusted third party holding the credit card number. • Electronic Cheque payments: • Elecronic version of cheques, using the existing cheque clearing process.
Digital Currency • Mondex: Uses smartcards for funds transfer from buyer to seller without intervention of a bank. Supported by MasterCard.
Digital Currency (on Internet) • Mondex: • Mondex card is an electronic purse that can hold up to 5 different currencies at a time. • Card can be recharged over the phone or at ATM machines. • Card can be locked so that only the owner who knows a PIN can use it. • Money is transferred from the customer’s card to the vendor’s card. • AT&T provides technology to use Mondex cards over Internet.
Digital Currency (on Internet) • Digicash: software-only solution. Represents a true replacement for cash.
Digital Currency (on Internet) • Digicash: • Uses digital “coins”. A user has a purse with coins of different denomination, “optimally” distributed. • A user’s software creates coins, puts them in an envelope, and sends them to the bank. The bank signs the envelope. When the coin is later sent to the bank to credit an account the bank cannot identify the user who created the coin.
Digital Currency (on Internet) • Digicash: • When A buys something from B user A’s computer sends coins to B. B’s computer sends the coins (indirectly through B’s bank) to A’s bank for validation. A’s bank will (tell B’s bank to) credit B’s account. • The coints have a serial number. The Mint (central authority) can verify duplication.
Digital Currency (on Internet) • DigiCash: • Person to person payments do not “really” work like cash: when A gives cash to C, C actually sends the coins to her bank (who verifies the coins with A’s bank) and “gives” C an equal amount in new coins.
Digital Currency (no Internet yet) • VisaCash: • Very similar to Mondex. • Comes in disposable and reloadable version. • First tested during the Atlanta Olympics. • Works without a PIN. • Proton: • Developed by Banksys in Belgium. • Supported by American Express. • Pilots in many countries (Netherlands: Chipknip) • Works without a PIN.
Electronic Credit Card Payment • First Virtual: • Credit card numbers are known by First Virtual but not transferred over Internet.
Electronic Credit Card Payment • First Virtual: • Does not use any encryption technique. • Credit card numbers are registered with First Virtual through a normal phone call. • When a user sees an interesting item she can ask to try it. She presents her First Virtual account number. • First Virtual sends an email to the user asking if the product was satisfactory. • If the user responds “yes” the charge is registered, and periodically forwarded to VISA.
Electronic Credit Card Payment • Open Market: • Similar to First Virtual, but encrypted ditigal receipts are used instead of the email validation. • SET (Secure Electronic Transactions): • Standards developed by Visa and Mastercard. • Credit card numbers are transmitted using strong encryption. • No protection against Trojan Horse attacks in the OS. • No provision for micropayments.
Electronic Cheque Payment • NetChex: • Unique “thumb print” of user’s hardware is used instead of digital signatures. As a result, the software will not work if copied to another machine. • Each user has a shadow account which is used in the transactions. Once confirmed a transaction is moved to the user’s real checking account and processed. • Electronic cheques are confirmed by the “bank” through e-mail.
Combinations of Techniques • Cybercash: • Provides secure credit card payments. When a user agrees on a purchase, the agreement and credit card number are sent to the vendor in an encrypted way such that the vendor cannot read it. The vendor uses the agreement, and passes on the credit card number to the credit card company. • Provides a Cybercoin wallet, similar to Digicash. • Provides Paynow electronic cheques. • GlobeID: • Similar, provides all three payment mechanisms.
Conclusions • There are secure protocols for three types of electronic funds transfer: • A digital form of cash. • Secure credit card transactions, either by not transmitting the credit card number or by transmitting it in such a way that nobody, including the vendor, can read the number. • Secure cheque transactions, with essentially the same kind of clearance procedure as for paper cheques.