Unit - 2 - Electronic Payment System
Unit - 2 - Electronic Payment System
Unit - 2 - Electronic Payment System
System
ELECTRONIC PAYMENT SYSTEMS
Electronic Payment :
Financial exchange that takes place online between buyers and sellers.
Advantages:
• Decreasing technology cost:
• Reduced operational and processing cost:
• Increasing online commerce:
Some examples
• Online reservation (irctc)
• Online bill payment (bsnl)
• Online order placing (flipkart)
• Online ticket booking (movies)
ELECTRONIC PAYMENT SYSTEMS
They are becoming central to on-line business process innovation as companies
look for ways to serve customers faster and at lower cost.
An important aspect of e-commerce is prompt and secure payment, clearing and
settlement of credit or debit claims
Problem with on-line sellers
How will buyers pay for goods and services ?
Payment instruments must be secure, have a low processing cost and be accepted
widely as global currency tender.
Other Issues in Payment
What form of payment instruments will consumers use ?
electronic cash, electronic check, credit / debit cards
Thus EFT stands in contrast to conventional money and payment modes that rely on
physical delivery of cash or checks
CLASSIFICATION OF EFT
EFT can be segmented into three broad categories:
1. Banking and financial payments
2. Retailing payments
3. On-line electronic commerce payments
Token-based payment systems
2. Retailing payments
3. On-line electronic commerce payments
Token-based payment systems
2. Debit or Prepaid
Users pay in advance for the privilege of getting information.
Eg: smart cards and electronic purses that store electronic money.
3. Credit or Postpaid
The server authenticates the customers and verifies with the bank that
funds are adequate before purchase.
Eg: credit/debit cards and electronic checks.
DIGITAL TOKEN-BASED ELECTRONIC PAYMENT SYSTEMS :
Electronic Tokens
Which type of token is to be used ??
1. The nature of the transaction for which the instrument is designed
• Identify the parties involved, the average amounts and the purchase
interaction.
2. The means of settlement used.
• Tokens must be backed by cash / credit / electronic bill payments/
cashier’s checks etc
• Each has its own speed, risk and cost
3. Approach to security, anonymity and authentication
• Electronic tokens vary in the protection of privacy and
confidentiality of transactions.
• Encryption can help with authentication, non-repudiation and asset
management
4. The question of risk
• Tokens may become worthless and the customers might have
currency that nobody will accept.
• Risk arises if transaction has long lag times between product
delivery and payment to merchants (buyers don't pay or vendors
doesn't deliver)
ELECTRONIC CASH:
Cash remained as the dominant form of payment even after 30 years of electronic
payment systems due to:
1. lack of trust in the banking system
2. Inefficient clearing and settlement of non-cash transactions
3. Negative real interest rates paid on bank deposits
ELECTRONIC CASH:
Some qualities of credit and debit cards;
– They are restricted to one user – identification cards owned by the user
– They are not legal tender – merchants have the right to refuse to accept them
– They are not bearer instruments – usage requires an account relationship and
authorization system
1. Monetary value:
must be backed by either cash(currency), bank-authorized credit or a bank-
certified cashier’s check.
It must not be returned for insufficient funds when deposited.
2. Interoperability:
Exchangeable as payment for other e-cash, paper cash, goods or services, lines
of credit, deposits in banking accounts etc.
Multiple banks required with an international clearing house
3. Retrievability:
remote storage and retrieval ( from a mobile / personal communication device)
would allow users to exchange e-cash from home / office / while traveling.
The cash could be stored on a remote computer’s memory , in smart cards or in
other easily transported standard or special purpose devices
Its preferable to store cash on a dedicated device that cannot be altered.
ELECTRONIC CASH: Properties
4. Security:
The device should have a personal interface to facilitate personal
authentication using passwords or other means and a display so that users
can view the card contents.
Eg: Montex card – A pocket sized electronic wallet that can store e-cash.
E-cash should not be easy to copy or tamper with while being exchanged.
– Prevent / detect duplication and double-spending
– Double spending : use your e-cash simultaneously to buy something in
Japan, India and England.
ELECTRONIC CASH:
Customers should be able to access and pay for foreign services as well as
local services.
So e-cash must be available in multiple currencies backed by several banks.
Solution:
– Use an association of digital banks similar to organizations like VISA
to serve as a clearinghouse for many credit card issuing banks
ELECTRONIC CASH:
Purchasing E-cash from Currency servers
Consumers use the e-cash software on the computer to generate a random
number, which serves as the note
In exchange for money debited from the customers account, the bank uses
its private key to digitally sign the note for the amount requested and
transmits the note back to the customer
The network currency server, in effect, is issuing a bank note with a serial
number and a dollar amount.
By digitally signing it, the bank is committing itself to back that note with
its face value in real dollars
This method of note generation is very secure, as neither the customer nor
the merchant can counterfeit the bank’s digital signature.
Both can verify the validity of payment as they know the bank’s public key.
ELECTRONIC CASH:
Purchasing E-cash from Currency servers
Electronic cash can be completely anonymous.
Anonymity – helps to buy illegal products like drugs
Procedure:
1. When an e-cash withdrawal is made, the PC of the e-cash user
calculates how many digital coins of what denominations are needed to
withdraw the requested amount.
2. When the e-cash software generates a note, it masks the original serial
number or “blinds” the note using a random number and transmits it
to a bank.
3. The bank will encode the blinded numbers with its secret key (digital
signature) and at the same time debit the account of the client for the
same amount.
4. The authenticated coins are sent back to the user and finally the user
will take out the blinding factor that he had introduced earlier.
The blinding carried out by the customer software makes it impossible for
anyone to link payment to payer
Even the bank can't connect the signing with the payment, since the
customers original note number was blinded when it was signed.
So its a way of creating anonymous, untraceable currency
ELECTRONIC CASH:
Purchasing E-cash from Currency servers
1. The customers software chooses a blinding factor, R, independently at
random and presents the bank with (XR)E (mod PQ)
Where, X= Note number to be signed
E = bank's public key
2. The bank signs it: ((XR)E)D = RXD (mod PQ)
Where, D=bank's private key
3. On receiving the currency, the customer divides out the blinding factor:
(RXD)/R =XD (mod PQ)
4. The customer stores XD, the signed note that is used to pay for the purchase
of products / services.
Since R is random, the bank cannot determine X and thus cannot connect
the signing with the subsequent payment
ELECTRONIC CASH:
Using The Digital Currency
Once the tokens are purchased, the e-cash software on the customer’s PC
stores digital money undersigned by a bank.
The users can spend the digital money at any shop accepting e-cash,
without having to open an account there or having to transmit credit card
numbers.
As soon as the customer wants to make a payment, the software collects the
necessary amount from the stored tokens.
Types of transactions
Bilateral or two-party
Trilateral or three-party
ELECTRONIC CASH:
Using The Digital Currency
TYPES OF TRANSACTIONS
1. Bilateral or two-party (buyer and seller)
Merchant checks the veracity of the note’s digital signature by using
deposits it later in the bank to redeem the face value of the note
Problem: double spending
digital bank
Bank verifies the validity of these notes( that they have not been
spent before)
Account of the merchant is then credited.
To complete a transaction, the buyer sends a check to the seller for a certain
amount of money.
These checks may be sent using e-mail or other transport methods
When deposited, the check authorizes the transfer of account balances from
the account against which the check was drawn to the account to which the
check was deposited.
An account holder will issue an electronic document that contains the name
of the payer, the name of the financial institution, payer’s account number,
name of the payee and the amount of the check.
Most of the information in uncoded form.
Properly signed and endorsed checks can be electronically exchanged
between financial institutions through electronic clearing houses.
ELECTRONIC CHECKS: Working
On receiving the check, the seller presents it to the accounting server for
verification and payment.
The accounting server verifies the digital signature on the check using the
Kerberos authentication scheme
“An electronic check is a specialized kind of ticket created by the
Kerberos system.”
A users digital “signature” is used to create one ticket – a check – which
the sellers digital “endorsement” transforms into another – an order to a
bank computer for fund transfer
ELECTRONIC CHECKS: Advantages
1. They work in the same way as traditional checks.
2. These are suited for clearing micro payments
Use of conventional cryptography makes it much faster
( e-cash public key cryptography)
3. They create float ( availability of float as an important requirement for
commerce)
The third party accounting server can make money by charging the
buyer or seller a transaction fee or a flat rate fee or it can act as a bank
and provide deposit accounts and make money on the deposit account
pool.
4. Financial risk is assumed by the accounting server & may result in easier
acceptance
Reliability and scalability are provided by using multiple accounting
servers
ON-LINE ELECTRONIC COMMERCE PAYMENTS
Smart cards are credit and debit cards and other card products enhanced
with microprocessors capable of holding more information than the
traditional magnetic stripe.
It also includes:
access to multiple accounts, such as debit, credit, investments or stored value
for e-cash , on one card or an electronic device
cash access, bill payment & multiple access options at multiple locations
Multiple access options at multiple locations using multiple device types such
as ATM, screenphone, PC, PDA, or interactive TVs
SMART CARDS :
(2) Electronic Purses
a financial instrument to replace cash.
An electronic purse, is a wallet-sized smart card embedded with programmable
microchips that store sums of money for people to use instead of cash for
everything.
Working:
1. After purse is loaded with money at an ATM, it can be used to pay in a
vending machine equipped with a card reader.
2. The vending machine just needs to verify that the card is authentic & it has
enough money.
3. The value is deducted from balance on the card & added to an e-cash box in
the vending machine
4. The remaining balance is displayed by the vending machine or can be
checked at an ATM or with a balance-reading device.
5. When the balance on an electronic purse is depleted, the purse can be
recharged with money.
SMART CARDS :
Advantages
• Can Store more information
• Not easily duplicated
• less space required
• Portable
• Low cost to issuers and users
• More security
Disadvantages
• lack of universal standards for their design and utilization.
ON-LINE ELECTRONIC COMMERCE PAYMENTS
customer 1
Merchant’s
server
6
7
2 5
3
Online
credit card
Customer’s 4 processors
bank
Consumer /
vendor
Public Private
key key
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Encryption And Credit Cards
• Each consumer and each vendor generates a public key and a secret key
• The public key is send to the credit card company and put on its public key server.
• The secret key is reencrypted with a password and the unencrypted version is
erased
• To steal a credit card, a thief should get access to both a consumer’s encrypted
secret key and password.
• The credit card company sends the customer a credit card number and a credit limit
Consumer /
vendor
Public key
server
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Encryption And Credit Cards
• Each consumer and each vendor generates a public key and a secret key
• The public key is send to the credit card company and put on its public key server.
• The secret key is reencrypted with a password and the unencrypted version is
erased
• To steal a credit card, a thief should get access to both a consumer’s encrypted
secret key and password.
• The credit card company sends the customer a credit card number and a credit limit
Consumer /
vendor
Public key
server
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Encryption And Credit Cards
• To buy something from a vendor, the consumer sends a timestamped message
which is signed with the public key using his password.
• The vendor will then sign the message with its own secret key and send it to the
credit card company.
• The consumer cant claim that he didn’t agree to the transaction , because he signed
it. The vendor cant invent fake charges, because he doesn’t have access to the
consumer’s key.
• He cant submit the same charge twice, because the consumer included the precise
time in the message.
• To become useful, credit card systems will have to develop distributed key servers
and card checkers.
buyer vendor
Encrypted
Time stamped
message
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Encryption And Credit Cards
• To buy something from a vendor, the consumer sends a timestamped message
which is signed with the public key using his password.
• The vendor will then sign the message with its own secret key and send it to the
credit card company.
• The consumer cant claim that he didn’t agree to the transaction , because he signed
it. The vendor cant invent fake charges, because he doesn’t have access to the
consumer’s key.
• He cant submit the same charge twice, because the consumer included the precise
time in the message.
• To become useful, credit card systems will have to develop distributed key servers
and card checkers.
• Payments can be made by credit card / by debiting a demand deposit account via
the automated clearing house
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Third-party Processors And Credit Cards
consumer merchant
Request item
quoting OTPP
Acc.no.
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Third-party Processors And Credit Cards
1. To purchase a product online, the consumer requests the item from the merchant
by quoting OTPP account number.
2. The merchant contacts the OTPP payment server with the customers account
number
3. The OTPP payment server verifies the customer’s account number for the vendor
and checks for sufficient funds
4. The OTPP payment server sends an electronic message to the buyer (www form /
email)
5. If OTPP payment server gets a YES from customer, the merchant is informed and
the customer is allowed to download the material immediately
consumer Customer’s
merchant
Acc. No
OTPP
payment
server
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Third-party Processors And Credit Cards
1. To purchase a product online, the consumer requests the item from the merchant
by quoting OTPP account number.
2. The merchant contacts the OTPP payment server with the customers account
number
3. The OTPP payment server verifies the customer’s account number for the vendor
and checks for sufficient funds
4. The OTPP payment server sends an electronic message to the buyer (www form /
email)
5. If OTPP payment server gets a YES from customer, the merchant is informed and
the customer is allowed to download the material immediately
OTPP
payment
server
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Third-party Processors And Credit Cards
1. To purchase a product online, the consumer requests the item from the merchant
by quoting OTPP account number.
2. The merchant contacts the OTPP payment server with the customers account
number
3. The OTPP payment server verifies the customer’s account number for the vendor
and checks for sufficient funds
4. The OTPP payment server sends an electronic message to the buyer (www form /
email)
5. If OTPP payment server gets a YES from customer, the merchant is informed and
the customer is allowed to download the material immediately
consumer merchant
OTPP
payment
message server
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Third-party Processors And Credit Cards
1. To purchase a product online, the consumer requests the item from the merchant
by quoting OTPP account number.
2. The merchant contacts the OTPP payment server with the customers account
number
3. The OTPP payment server verifies the customer’s account number for the vendor
and checks for sufficient funds
4. The OTPP payment server sends an electronic message to the buyer (www form /
email)
5. If OTPP payment server gets a YES from customer, the merchant is informed and
the customer is allowed to download the material immediately
consumer merchant
OTPP
payment
yes server
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Third-party Processors And Credit Cards
1. To purchase a product online, the consumer requests the item from the merchant
by quoting OTPP account number.
2. The merchant contacts the OTPP payment server with the customers account
number
3. The OTPP payment server verifies the customer’s account number for the vendor
and checks for sufficient funds
4. The OTPP payment server sends an electronic message to the buyer (www form /
email)
5. If OTPP payment server gets a YES from customer, the merchant is informed and
the customer is allowed to download the material immediately
Allowed to
inform
download
consumer merchant
OTPP
payment
server
CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS
Third-party Processors And Credit Cards
Disadvantage:
• Not anonymous, credit card companies collect data about spending
habits
RISKS AND ELECTRONIC PAYMENT SYSTEMS
1. Fraud / Mistake
2. Privacy Issues
3. Credit Risk
RISKS AND ELECTRONIC PAYMENT SYSTEMS
1. Fraud / Mistake
• Keep automatic records
• Easy and inexpensive to keep electronically captured information
• Features of automatic records
• Permanent storage
• Accessibility and traceability
• Payment system database
• But record keeping conflicts with transaction anonymity of cash
2. Privacy Issues
3. Credit Risk
RISKS AND ELECTRONIC PAYMENT SYSTEMS
1. Fraud / Mistake
2. Privacy Issues
• Every time a purchase is made, that information goes to some
database
• When all these records are linked, we can get all details of
consumer payments.
• Users must be assured that knowledge of transactions will be
confidential, limited only to parties involved and their designated
agents
• Privacy must be maintained against eavesdroppers and
unauthorized insiders.
3. Credit Risk
RISKS AND ELECTRONIC PAYMENT SYSTEMS
1. Fraud / Mistake
2. Privacy Issues
3. Credit Risk
• A banks failure to settle its net position could lead to a chain
reaction of bank failures
• The digital central bank must develop policies to deal with this
possibility.
• Payment conflicts often arise because the payments are not done
manually but by an automated system that can cause errors.
• This is especially common when payment is done on a regular
basis to many recipients.
ELECTRONIC PAYMENT SYSTEMS
Advantages
1. Convenience: need to enter only your account
2. Low cost : no paper required, no wastage of time
3. Increased throughput: more customers can be serviced
4. Mobility: Transactions can be made from anywhere
Disadvantages
5. Tax evasion: Unless a business discloses the various electronic payments it
has made or received over the tax period, the government may not know the
truth, which could cause tax evasion.
6. Impulse buying: You are likely to make a decision to purchase an item you
find on sale online, even though you had not planned to buy it, just because it
will cost you just a click to buy it through your credit card.
7. Lack of applicability : Not all the web sites support a particular payment
method,
8. High transaction costs for customers and merchants: existing payment
systems use rather expensive infrastructure to facilitate the payment process.
DESIGNING ELECTRONIC PAYMENT SYSTEMS
It includes several factors:
Privacy: It should be trustworthy
Security: A secure system verifies the identity of two-party transactions through “user
authentication” & reserves flexibility to restrict information/services through access
control
Intuitive interfaces: The payment interface must be as easy to use as a telephone.
Database integration: Tie the database of all accounts together and allow customers
access to any of them while keeping the data up-to-date and error free.
Brokers: A “network banker”-someone to broker goods & services, settle conflicts, &
facilitate financial transactions electronically-must be in place.
Pricing: One fundamental issue is how to price payment system services. For e.g., to
encourage users to shift from one form of payment to another.
Standards: Standards enable interoperability, giving users the ability to buy and
receive information, regardless of which bank is managing their money
UNIVERSITY QUESTIONS - 4 MARKS
1. Describe credit cards
2. What are the operational issues associated with e-cash ?
3. Describe smart cards.
4. Define the properties of e-cash.
5. Discuss the advantages of using smart cards.
6. What are the types of Electronic Payment Systems ?
7. Short note on "Online Payment Process".
8. What are the risks in electronic payment system ?
9. What is on-line payment system ?
UNIVERSITY QUESTIONS - 12 MARKS
1. With figure explain the processing payments using encrypted credit cards. How
on-line payment is achieved using a third party processor ?
2. How to design an e-payment system ?
3. Explain the different types of e-payment systems.
4. Describe the design of Digital token based Electronic payment system.
5. What is Credit card ? Explain credit card based payment system.
6. Explain the various advantages and disadvantages in electronic payment systems.
7. With neat figure explain the payment transaction sequence in an electronic check
system ? List its advantages.