300 likes | 634 Views
Payment and Cash Standards. Content 1. Credit-Card Transactions 2. Digital Currency, E-Wallets, Smart Cards 3. Secure Electronic Transactions (SET) 4. Online Banking. Introduction. The electronic transfer of funds is key to conducting e-business successfully Discussion includes:
E N D
Payment and Cash Standards Content 1. Credit-Card Transactions 2. Digital Currency, E-Wallets, Smart Cards 3. Secure Electronic Transactions (SET) 4. Online Banking
Introduction • The electronic transfer of funds is key to conducting e-business successfully • Discussion includes: • How individuals and organizations perform monetary transactions on the Internet • Payments by credit card, cash, and check; payments to businesses; peer-to-peer payments; banking and bill paying • Companies who are developing online payment technology • Products, software, and services that these companies produce
Introduction (cont.) • Secure e-transactions crucial to e-commerce • Internet and wireless monetary transactions • Credit-card transactions • Digital cash • Electronic wallets • Smart cards • Micropayments • Payment transaction organizations and standards
Online Transaction Standards • Standards: guidelines for technologies, formats or processes • Approved by standards committee • Or widely adopted by an industry without formal process • Online transaction standards • Security protocols to ensure safe transactions • SSL which uses public-key cryptography • Open Financial Exchange organization • Internet standard for exchanging financial information
Credit-Card Transactions • Customers fear credit-card fraud • Credit cards have been developed to accommodate online and offline payments • The Prodigy Internet Mastercard guarantees online fraud protection • To accept credit-card payments, a merchant must have a merchant account with a bank • Specialized Internet merchant accounts have been established to handle online credit-card transactions • Transactions are processed by banks or third-party services • Traditional merchant accounts accept only POS (point-of-sale) transactions • Those that occur when you present your credit card at a store
Credit-Card Transactions (cont.) • Companies enable merchants to accept credit-card payments online. • These companies have established business relationships with financial institutions that will accept online credit-card payments for merchant clients. • CyberCash and iCat
Anatomy of an Online Credit-Card Transactions • Merchant account with bank • Traditionally only accept point-of-sale transactions: presence of credit-card at store • Internet merchant accounts accept card-not-present transactions: information exchange without card presence • An online credit-card transaction • Buyer submits credit-card, shipping and billing information • Merchant submits information to acquiring bank (merchant’s bank) • Buyer’s account verified by issuing bank (buyer’s bank) • Merchant receives verification • Product shipped and payment issued
Anatomy of an Online Credit-Card Transactions (cont.) 3 Credit Card Association 2 Credit Card Information 4 Information Merchant Acquiring Bank Verified 5 1 Makes purchase at online store. Credit card Issuing Bank information is received by the e-store. 3 Basic steps in an online credit-card transaction.
Merchant credit card Payment authorization, payment data Card Brand Company payment data account debit data payment data amount transfer Issuer Bank Acquirer Bank Cardholder Account Merchant Account Cardholder Credit Card Procedure 9
Digital Currency (eCash) • Digital cash • Stored electronically, used to make online electronic payments • Digital cash accounts are similar to traditional bank accounts • Digital cash used with other payment technologies (digital wallets) • Alleviates some security fears online credit-card transactions • Digital cash allows those with no credit cards to shop online • Merchants accepting digital-cash payments avoid credit-card transaction fees • eCash Technologies, Inc. is a secure digital-cash provider that allows you to withdraw funds from your traditional bank account
Digital Currency (cont.) • Gift cash, often sold as points, can be redeemed at leading shopping sites • An effective way of giving those without credit cards, the ability to make purchases on the Web • Points-based rewards • Points are acquired for completing specified tasks including visiting Web sites, registering or buying products • Points can then be redeemed
eCash Idea • Electronic cash is token money in the form of bits, except unlike token money it can be copied. • Bank issues character strings containing: • denomination • serial number • bank ID + encryption of the above • First person to return string to bank gets the money
eCash Flow ALICE SEND UNSIGNED BLINDED COINS TO THE BANK WALLET SOFTWARE Withdrawal: ALICE BUYS DIGITAL COINS FROM A BANK BANK SIGNS COINS, SENDS THEM BACK. ALICE UNBLINDS THEM BOB VERIFIES COINS NOT SPENT ALICE PAYS BOB Spending: BOB DEPOSITS CINDY VERIFIES COINS NOT SPENT ALICE TRANSFERS COINS TO CINDY PersonalTransfer: CINDY GETS COINS BACK
E-Wallets • Electronic wallets: • Keep track of billing and shipping information • Hold e-checks, e-cash and credit-card information for multiple cards • Visa, MBNA and Entrypoint.com offer e-wallets • Standardization • Some vendors accept only specific e-wallets • 1999, Electric Commerce Modeling Language (ECML) • Standardized payment presentation • Many vendors adopted it
Smart Cards • Smart card processors hold more information than credit card magnetic strips • Store credit-card numbers, contact information, etc. • Contact smart cards • Placed in smart-card reader for information transfer • Contactless smart cards • Antenna enables information transfer • Faster than contact smart card • Security • Password protection • Security designations assigned to information • Encryption
Smart Cards (cont.) • Visa Cash smart card • Disposable and reloadable cards • Internet purchases, expressway tolls and parking fees • Smart Card Industry Association (SCIA) www.scia.org
Smart Card Example -- Mondex • Smart-card-based, stored-value card (SVC) • Subsidiary of MasterCard • NatWest (National Westminister Bank, UK) et al. • Secret chip-to-chip transfer protocol • Value is not in strings alone; must be on Mondex card • Loaded through ATM • ATM does not know transfer protocol; connects with secure device at bank • Spending at merchants having a Mondex value transfer terminal
Other Examples • Octopus • MTR, KCR, KMB, First Bus, Ferry, Minibus • PolyU Canteen • 7-11 • Softdrink Vending Machine • HK Identity Card (in near future) • Library Card • Driving Licence • Other Personal Information, e.g., Health Record
Micropayments • Merchants pay fee for each credit-card transaction • Micropayments • Payments that generally do not exceed $10, allows companies offering nominally priced products to profit • To offer micropayments, some companies form strategic partnerships with utility companies • eCharge enables companies to offer this option to customers • eCharge uses ANI (Automatic Number Identification) to verify the identity of the customer and the purchases they make
Alternative Payment Options • Outside US, many opt for prepaid cards instead of cash or credit cards • Wireless-payment cards enable transactions with POS devices • Convenience and grocery stores can add monetary value to some pre-paid accounts • Examples include CashX (www.cashx.com) and Vodago
Alternative Payment Options (cont.) • Non-electronic payment methods • Cash-on-delivery (COD): payment upon item’s delivery • Debit cards: deduct directly from checking account • Automatic Teller Machine (ATM): withdraw cash • Online payments without credit cards • AmeriNet (www.debit-it.com): allows checking account number as form of payment • Online currency: Cybergold (www.cybergold.com) and RocketCash (www.RocketCash.com)
Secure Electronic Transactions (SET) • SET is an open technical standard for the commerce industry developed by Visa and MasterCard as a way to facilitate secure payment card transactions over the Internet. • Digital Certificates create a trust chain throughout thetransaction, verifying cardholder and merchant validity, a process unparalleled by other Internet security solutions. • Introduced jointly by VISA, Mastercard, IBM, Microsoft, Netscape, RSA, SAIC, Terisa and Verisign in 1997.
Secure “tunnel” through the Internet Internet Credit Card Acquirer Credit Card Issuer Issuer bills Consumer Consumer Secure Electronic Transactions (cont.) • Merchant doesn’t see card no. • Uses Internet to reach acquirer • High credit card transaction cost
Secure Electronic Transactions (cont.) • Requires both consumer and merchant to have digital certificates • Merchant never sees any payment information -- it is passed to the acquirer • Bank never sees any order information, only payment information
SET Overview • Customer gets a credit card from an issuing bank • Customer obtains a digital certificate (online) • Merchant gets certificate from acquiring bank with merchant's public key and the bank's public key • Customer places an order over the Web (now we need a payment protocol). SET is invoked • Customer's browser confirms from the merchant's certificate that the merchant is valid • Browser sends: • order information encrypted with the merchant's public key • payment information encrypted with the bank's public key • information to prevent the payment from being used with another order.
SET Overview (cont.) • Merchant verifies customer’s certificate • Merchant sends a payment message to acquiring bank, encrypted with bank’s public key, containing: • customer's payment information (which merchant can’t read) • merchant's certificate • Bank verifies the merchant and the message using merchant’s digital signature on its certificate and verifies the payment info • Banks sends authorization to the merchant (with bank’s digital signature). Merchant can now fill the order.
Customer asks Merchant for digital certificates Customer makes purchase request Merchant asks Acquirer for authorization [Merchant asks Acquirer to reverse authorization] Customer asks Merchant for transaction status Merchant asks Acquirer to capture payment SET Message Flow SET messages come in pairs: Request followed by Response Appropriate cryptography is applied to message wrappers
Online Banking • Internet-only banks • Offer convenience and lower rates to their customers • Establishing a physical presence • The hybrid bank model • Going online has become important for the survival and growth of small local banks • Smaller banks will usually partner with third-party service providers to make the transition to the Internet
Example: Hang Seng e-Banking • Try main.hangseng.com • Account Information • Transfer • Foreign Currency • Remittance • Pay Bill • Time Deposit • Stock Purchase
Main References • e-Business & e-Commerce: How to Program, 1/e,by H.M. Deitel, P.J. Deitel and T.R, Nieto, Prentice Hall, 2000 • Cryptography and Network Security, 2/e, by William Stallings, Prentice Hall, 2000 • Electronic Commerce: A Managerial Perspective, 1/e, by Efraim Turban, Jae Lee, David King and H.Michael Chung, Prentice Hall, 2000