E Payment Gateway

Online PaymentOnline PaymentArchitecture, Issue & Solutions

By PRATIK GohilSr. Lecturer, SVICS, Kadi.Sr. Lecturer, SVICS, Kadi.

Email: p2.gohil@gmail.com | Blog: p2gohil.blogspot.com

What Is E Payment?What Is E-Payment? E-Payment is a system that permits online payment between

parties using an electronic surrogate of a financial tender

The electronic surrogate is backed by financial institutions and/or trusted intermediariesand/or trusted intermediaries

The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tenderp y , q

E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)

Current ScenarioCurrent Scenario E-Payment opportunities are growing albeit slowly

New players are entering E-Payment marketplace

Variety of ePayment mechanisms and devices - creating state f hof chaos

Infrastructure for E-Payment is complex and expensive to deploydeploy

Lack of critical mass adoption and acceptance

Online payment is hard to implement globallyOnline payment is hard to implement globally

E Payment Is Under EvolutionE-Payment Is Under EvolutionBusiness

Security

Infrastructure

Realities Customer

Profiles

Evolving E-Payment SolutionsEvolving E Payment Solutions

Authentication

Models

Payment

E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)

E Payment ChannelsE-Payment Channels Defined as ‘touch points’ where a payment transaction is

originated or initiated

Can be executed through a variety of channels I t t b d Internet based Kiosks Contactless or proximity sensorsp y Mobile (e.g. mobile phones, PDA)

E Payment InstrumentsE-Payment Instruments Defined as the medium in which the value is recognized in a

payment transaction

Card-based such as C dit d h d Credit and charge cards buy now, pay later

Debit cards buy now, pay now

Cash cards, stored-valued, e-cash bu no prepaid or pa before buy now, prepaid or pay before

Credit CardsCredit Cards Most widely used banks able to leverage existing card infrastructure appears ‘defacto’ online payment

L l t d Largely unencrypted ‘card-not-present’ transactions processed without customer &

merchant authentication

Charge back risk for merchants charge-back is when customer demands a refund banks transfer liabilities of charge-backs to the merchants merchants need to have a bond to cover such charges

Credit Card ProtocolsCredit Card Protocols SSL (1 or 2 parties have private keys)

TLS (Transport Layer Security)

SEPP (Secure Encryption Payment Protocol) Obsolete

MasterCard, IBM, Netscape

STT (Secure Transaction Technology) VISA Mi ft VISA, Microsoft

SET (Secure Electronic Transactions) MasterCard VISA all parties have certificatedMasterCard, VISA all parties have certificated

SET OverviewSET Overview Developed by Visa and MasterCard

Designed to protect credit card transactions

Confidentiality: all messages travel encrypted

Trust: all parties must have digital certificates

Privacy: information made available only when and where necessary

SET Business RequirementsSET – Business Requirements Provide confidentiality of payment and ordering information

Ensure the integrity of all transmitted data

Provide authentication that a cardholder is a legitimate user f d d of a credit card account

Provide authentication that a merchant can accept credit card transactions through its relationship with a financial transactions through its relationship with a financial institution

SET Business Requirements (2)SET – Business Requirements (2)

Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction

Create a protocol that neither depends on transport security Create a protocol that neither depends on transport security mechanisms nor prevents their use

Facilitate and encourage interoperability among software and g p y gnetwork providers

SET TransactionsSET Transactions

Dual Signature MethodDual Signature MethodMESSAGE 1 MESSAGE 2

DIGEST 1

HASH 1 & 2 with SHA

DIGEST 2

CONCATENATE DIGESTSTOGETHER

NEW DIGEST

HASH WITH SHA TOCREATE NEW DIGEST

DUAL SIGNATURE

PRIVATE KEYENCRYPT NEW DIGESTWITH SIGNER’S PRIVATE KEY

DUAL SIGNATURE

Dual Signature OperationDual Signature Operation The operation for dual signature is as follows:

Take the hash (SHA-1) of the payment and order information.

These two hash values are concatenated [H(PI) || H(OI)] and then the result is hashedthen the result is hashed.

Customer encrypts the final hash with a private key creating the dual signature.

Debit CardsDebit Cards Direct electronic transfer of account - direct account

debiting

Uses chip/smart E-Wallets

D l Digital signature to secure access

Connected to E-Banking solution

Cash CardCash Card Payment solution on a proprietary protocol that allows

payment over the Internet

A digital/virtual wallet with prepaid credit-based/token-based payment systembased payment system

Enables low-value electronic payments on the Internet

Limited distribution proprietary solutions Limited distribution, proprietary solutions

Needs to install card reader and download free E-Wallet

E ChequeE-Cheque A formatted email message that consists of payee name,

amount, payment date, payer’s account number, and payer’s bank

Digital certificate and signature are used to secure the cheque Digital certificate and signature are used to secure the cheque so that the contents are not tampered with

A signed electronic cheque is exchanged between the parties’ g q g pfinancial institutions through automated clearing house

E Cheque (2)E-Cheque (2)

Customer’s Bank

Customer'saccount in hisBank is debited,

Merchant sends the productto Bob before/after check clears

BobBank is debited,Merchant’s iscredited

Bob writes Bob writes electronic checkand sends it toa merchantMerchant receives

checks and sends to

checks and sends tohis bank for depositMerchant’s

Mobile WalletMobile Wallet Provides E-Purse functionality to replace card-type payments

Aggregating micro-payments onto the mobile phone bill

Can use mobile access device to authenticate payer’s identity

SIM card well placed to function and control payment process and authentication

E Payment Gateway

Documents

Lay-Buys Payment Gateway Extension fileLay-Buys Payment Gateway Extension . OpenCart Extension. ... Use as Payment option.……… ... Lay-Buys Payment Gateway Extension for OpenCart

PAYMENT GATEWAY API4 (58) Payment Gateway API V 2.8.8 INTRODUCTION This document is for merchants who are interested in accepting card, bank, invoice, payment plan, or e-wallet payments

Eway - Another Payment Gateway

Payment Gateway Providers

Online Payment Gateway System

E financial services (payment gateway)

ANALYTICS Case Study: Payment Gateway - Amazon S3 · Case Study: Payment Gateway Improve Merchant Satisfaction P E N S E R ANALYTICS MERCHANT CLASSIFICATION Create a merchant scorecard

Payment Gateway e-Merchant Academy

Echeck payment gateway

Payment Gateway Module

222How To Build Your Own Payment Gateway · MY OWN PAYMENT GATEWAY? The terms “payment gateway” and “payment gateway software” are often used interchangeable, as we do in

Payment gateway

Braintree Payment Gateway - marketplace.magento.com · Braintree Payment Gateway Working Process If Braintree Payment Gateway Method is enabled from admin panel then the buyer can

Free Payment Gateway Offer

Electronic Payment Gateway

Payment Gateway & Merchant Account 1.Sagedirect (merchant) submits card transaction on behalf of customer to payment gateway. 2.Payment gateway passes

SWISS E-PAYMENT COMPETENCE...What we are… Payment Service Provider (PSP / Payment Gateway) Locally operated, worldwide connected Technical payment processing for most payment methods

Internet Payment Gateway

Developing Custom Payment Gateway

eCommerce E Payments - payment gateway - eBusiness transaction processing