260 likes | 826 Views
Government Payment Gateway - Korean PG for e-Government Case Study. 2007. 5. 24 Chang-Kang Seol ISGEG. Index. Background of e-Commerce market Key Issues PG (“BankPay”) service for e-Gov in Korea Briefs on BankPay Operational Feature Technical Feature Security Customer Protection
E N D
Government Payment Gateway- Korean PG for e-Government Case Study 2007. 5. 24 Chang-Kang Seol ISGEG
Index • Background of e-Commerce market • Key Issues • PG (“BankPay”) service for e-Gov in Korea • Briefs on BankPay • Operational Feature • Technical Feature • Security • Customer Protection • Conclusion
Payment Gateway Internet Shopping Mall, CPs etc. Sales Increase Stable Operation of Shop Cost Effective- ness Security Multi e-Payment Solutions Stability & Easiness Background of e-Commerce market in Korea • - Historical background • Market Needs for e-Payment, security technology from internet shopping mall in late 1990’s • Starting the online bank transfer of Dacom (private co) through X.25 in 1997 • Establishing PG (“Bankpay”) for the safe public e-Payment in 2000 • Resulting in growth of e-Commerce in 2000’s Growth of e-Commerce Legal & policy support (Korean Government Support) +
- Market background • Continuous growth of e-Commerce market • About 100 in 2002 then now about 50 PG companies with 5 majors of which M/S is over 80%- Inisys, Cyber Payment, Dacom, KCC, Bankpay • Competitive market • Trend for Users to move into major PGs based on security and low costs ▣Trend of e-Commerce Transaction (Unit : USD Mil) * Source : Korea National Statistical Office
▣ Trend of e-Payment System (Electronic based payment) Movement from paper based payment into electronic based payment * Electronic based payment : payment through data transfer using ICT infra [No. of transaction] [Amount] Electronic based Payment Paper based Payment * Source : Bank of Korea “Trend of Payment System” 2005. 4.
- Legal background for e-Commerce 2000.12 2002.3 1997.8 2006.1 Regulation for Supervision on Banking Institutions e-Commerce Consumer Protection Act Specialized Credit Financial Business Act Electronic Finance Transaction Act • Purpose • To grant Financial Supervisory Service to supervise PG • To regulate security • Feature • To supervise PG • To regulate PG for its sound transaction • To oblige PG to secure information • Purpose • To create institutional basis for customer protection • To secure stable transaction for e-Commerce • Feature • To establish protection device from consumer damage • To introduce insurance to protect consumer damage form e- Commerce • Purpose • To define off-line financial transaction • To regulate legal relation in Off-Line Financial Transaction • Feature (2002.3) • To position PG as a legal entity • To define regulation on PG • To secure On-Line credit card transaction • Purpose • To define the electric financial transaction • To regulate legal relation in FET • Feature • Enforcing Biz registration on PG • To set up the clear legal structure • To secure customer using EFT • To regulate & supervise healthy development of EFT
Key Issues in Korea - Protection from customer damage (Identification/Reparation) ▣ Legal Risk - Who will identify the faults and take the responsibility of reparation from the damage ▣ Operational Risk - Network hacking, system down ▣ Settlement Risk- Bankrupt • Operational Issue • ▣ Operation by Government • ▣ Operation by Private Companies • - Security Standard Issue • ▣ Network Security • Encryption Technology • Symmetric or Asymmetric Algorism (Public Key Algorism) • Message Digest (Hash Function) / Electrical Signature (Private Key) • SSL (Secure Socket Layer) / SET (Secure Electronic Transaction) • Authentication by third party • ▣ Host System Security • Firewall • Intrusion Detection System
BankPay (PG of Korean Government) Founded by Korea Financial Telecommunications & Clearings Institute (KFTCI), incorporated association chaired by the Bank of Korea established in 2000 Establishment Service for Payment Gateway to government organizations & private commercial operators - Credit Card, Bank Fund Transfer & K-Cash e-Payment Method Featured by Most Banks’ Participation, Real Time Transaction & Low Cost Feature Service for most of public organization as e-Procurement, Land Titling, G4C etc. and for commercial entities as on-line shop, internet auction, tuition fee etc. Service Area (Unit : U$ Mil) Sales Increase * Source from KFTC 2006
Operational Structure Founded by Korea Financial Telecommunications & Clearings Institute (KFTCI), incorporated association chaired by BOK supervised by FSS (Financial Supervisory Service) Bank Association Bank of Korea (Chair) Regular Member (12 Banks) Associate Member (10 Banks) Financial Supervisory Service Governing CD N/W Regulating Check Clearing IFT N/W : Inter Bank Fund Transfer KFTC (Incorporated Association) Paper Giro HOFINET : Inter Bank Home/Firm Banking System Electric Giro K-Cash N/W Internet Giro Bank Line CMS / Giro EDI Bank B2B Card VAN K-Cash UBI (Mobile Pay) BankPay (PG)
Services - e-Government Framework (Single window for e-Payment) ► Services requiring payment solution Citizens Business Vendors/Suppliers Government / Agency Office Internet e-Gov portal / Kiosks Telephony Contact (Voice/Fax/…) ► Court Session/Decision/Patent/ Auction Information Sys ► e-Citizen / Registration & ID (Family/Employment/...) e-Procurement National Assembly Session Broadcasting System ► ► ► ► Integrated System for Social Insurances u-Logistics Postal Service Land Registration and InformationSystem National Assembly Minutes Publishing Sys ► ► e-Healthcare: Hospital Information System e-Education: Magic School and Campus Cadastre Management Information System Legislative Information System ► ► National / Home Tax Service e-Customsand e-Clearance System Legislative Information System e-Library: Library of National Assembly ► Vehicle and Driver License Service System Intelligent Transportation System Electronic Filing System Election Process Automation 911 / Police Support System Automatic Fare Collection System ► ► Immigration Control System Inter-government Intranet: Inter-agency collaboration E-Document Shared Information of Local Government Assembly Information / Material Communication Standard Human Resources System National Finance Information System Civil/Criminal Trial Procedure System National Assembly Operations Support Sys Integrated Information Infrastructure Court Knowledge Management System Administration N/W Finance N/W Education N/W Defense N/W Police N/W Logistics N/W
90.4 99.9 02.10 02.10 00.11 02.9 e-Tax (National/Home Tax Service) Integrated Social Insurance Sys e-Procurement Sys e-Custom e-Clearance Sys e-Gov Portal & Kiosks e-Learning Sys 90.3 91.2 91.3 95.12 91.1 e-Citizen / NID (Family/ Employment) Real Estate Management Information Sys Vehicle Registration / Driver License Business Registration Passport & Immigration Control 87 ~ 91 89.12 Finance N/W Establishment Established in year 2000 for the Public e-payment system in to comply with the market needs due to the rapid growth of the e-Commerce (internet shopping mall) in late 1990’s Service DB 00.12 BankPay (PG) IT Infra Provision PC & ICT Use Education Groupware (e-mail/ e-document) Public Admin & Education N/W e-Gov EA Planning Public Internet Center
Position in e-Payment Market in Korea Electronic Payment Network e-Cash Bank Transfer Credit Card Prepaid Card e-Cash Traffic Card Network Mobile Internet Telephone Line(X.25) Terminal / Kiosk Service Provider Mobile PG PG VAN Traffic PG Infohurb Mobilians Ubi Bankpay Dacom Inisys, KCP Etc. KICC NICE KS-NET Etc. Intec C&C MYBI Relevant Co. Telecom Companies FinancialN/W Co. e-Cash Co. Transport Companies SK / KTF / LG Transport Co. Financial Institutes Banks / Card Companies
Challenges of BankPay Stable & convenient Internet Payment Service Payment Method User Interface Security OptimizedSolution • Credit Card • Bank Transfer • K-Cash Suitable/ flexible payment module to user platform Payment service secured on the basis of PKI • e-Procurement • Online appeal • Content • Shopping mall
Main Server • Payment Gateway • Backup • Internet • DB • System Management • NMS • SMS • Security • Firewall • IDS • PG Solution • e-Payment • Call Center (CTI) Technical Feature - Technical Components
Technical Feature - Technical Architecture e-Gov Portal / Web Server BankPay P/G Wallet CARD CCIS Web server (eGov) INTERNET (OpenNetwork) TX server P/G server Customer (S/W) (H/W, S/W) CMS HTML Form (H/W, S/W) BANK (N/W) Internet(TCP/IP)
Technical Feature - Service related program • Payment module on Active-X Control • Installation on Customer’s PC downloaded from BankPay Server • Encrypting Payment Information with e-Signature • Client’s Request to start User’s payment process for payment Wallet • Communication program between PG with Users • Encrypting Payment Information with e-Signature using Authentication • Certificate issued by Certification Agency (“Yessign”) • Providing the most appropriate TX Server in compliance with User platform TX Server • Page for Customer to request for payment for products or services • Ex) Ordering page of shopping mall Payment Request • Transfer payment request which is compiled by the Service (Windows NT) • or Java Class (Unix) to PG • DB storage after payment processed by PG • Notice final payment result from PG to User with ASP/JSP/CGI Etc. Payment Process • Request for cancellation to PG Request Cancellation • Transfer cancellation request which is compiled by the Service • (Windows NT) or Java Class (Unix) to PG • DB storage after cancellation processed by PG • Notice final cancellation result from PG to User with ASP/JSP/CGI Etc. PaymentCancellation
Technical Feature - Sequence Diagram Customer e-Gov BankPay Wallet (Customer PC) Payment Request Payment Process TX Server PG Server ① Click payment button Customer ② Activating Wallet Software ③ PW / Payment Information ④ Request for Payment ⑤ Compiling Payment Information ⑥ Encrypting Payment Information (e-Signature) ⑨ Notice Payment Result ⑧ Log storage / Payment Result ⑦ Result for Payment DB ⑨ Notice Payment Result
Security • Electronic signature using PKI Technique • Accredited certificate is a certificate issued by YESSIGN, an accredited certification authority pursuant to "Electronic signature Act“. • Certificate has a series of data which include Subscriber's Electronic signature verification data, Serial numbers, Subscriber's name and the term of validity etc.
Security - Certificate Agency _ Korea Information Security Agency • Below that, there're 6 accredited certification authorities : • Korea Financial Telecommunications & Clearings Institute, Koscom Inc., KTNET, National Computerization Agency, Korea Electronic Certificate Authority, Korea Information Certificate Authority Inc.
Customer Protection • - Protection from customer damage • Identification • Reparation ▣ Financial Troubles in e-Payment in Korea Source : 2005 Inspection of Administration
▣ Liability of reparation and identification of responsibility - Electronic Finance Transaction Act (2006) - Apply the principle of liability without fault to personal users and the principle of liability with fault to companies ▣ Main contents of Electronic Finance Transaction Act (2006)
Conclusion • Customer Protection backed by Government’s legal & policy support- Electronic Finance Transaction Act- Promotion e-payment by way of deduction of Tax • One window PG for most of the public e-Payment- Cost, time effectiveness • Technical Support - Standard technical architecture- Easy access (ICT infrastructure) KFS for PG for public service One window Legal & policy Support Technical Support • Effectiveness • Multi e-Payment solutions • Cost & Time Effectiveness • Legal & Policy • Customer Protection • e-Payment Promotion • ICT • Easy Access (N/W expansion) • Standard Application (Security)