1

◦ Intro◦ Online shopping vs MOTO◦ Credit card payments vs PayPal◦ E-cash?

2

◦ Many forms of electronic payment systems exist today

◦ Examples: credit cards, debit cards, pre-paid “cash” cards

◦ The most popular payment methods for online transactions are still credit cards (or PayPal).

◦ What has happened to e-cash?

3

◦ Mail orders / Telephone orders

◦ Payment info are transferred on order forms or over the phone

◦ Entities involved in the process? Purchaser/customer/payer Merchant/payee Banks: issuer (interacting with the customer), acquirer

(interacting with the merchant) Others: e.g., payment clearing house

◦ Q: How would the customer’s identity be verified?

◦ Q: Could the order be made by someone who is not authorized?

4

◦ To better support online shopping, electronic payment systems are preferred.

◦ Q: Is electronic delivery of credit card info over the Internet more vulnerable than in MOTO (order forms or over the phone)?

◦ Q: How would the customer’s identity be verified?

◦ Q: How would the merchant’s identity be verified?HTTPSA trusted third party, e.g., PayPal

5

◦ A subsidiary of eBay

◦ Initially created to facilitate online transactions between parties who do not know each other (e.g., online auctions)− Reduce the risk of credit info being stolen by

“rogue” merchants− Supports multiple payment methods (bank

accounts, credit cards, etc.)

6

◦ Evolved into the PayPal Merchant Services

− A full line of electronic payment services https://www.paypal.com/cybercash Solutions for various applications

− Acquired Verisign Payment Services in 11/2005 (FAQ) http://sceweb.uhcl.edu/yang/teaching/csci5234Web

SecurityFall2011/buildEcommerce%20veriSign.pdf

− In 10/2010, Facebook and FT.com adopted PayPal Micropayments for Digital Content (http://www.businesswire.com/news/home/20101026006381/en) http://www.allfacebook.com/facebook-paypal-micro

payment-2010-10

7

A review site: http://www.bestpaymentgateways.com

8

Requirements of a “real” cash system?◦ Anonymity◦ Untraceability / unlinkability◦ Divisibility◦ Anything else?

Related articles:◦ Boom then Bust: How Electronic Cash Faltered, ENT News Online. 3/1999.

http://web.archive.org/web/20080430181438/http://entmag.com/archives/article.asp?EditorialsID=6094

◦ Secure Electronic Transaction (SET): an unsuccessful attempthttp://en.wikipedia.org/wiki/Secure_Electronic_Transaction

◦ Chaum, D., Fiat, A., and Naor, M. 1990. Untraceable electronic cash. In Proceedings on Advances in Cryptology (Santa Barbara, California, United States). S. Goldwasser, Ed. Springer-Verlag. New York, NY, 319-327.

◦ Chaum, David (1983). "Blind signatures for untraceable payments". Advances in Cryptology Proceedings of Crypto 82 (3): 199–203.

◦ http://en.wikipedia.org/wiki/Financial_cryptography

9

http://en.wikipedia.org/wiki/Blind_signature "

◦ “As an analogy, consider that Alice has a letter which should be signed by an authority (say Bob), but Alice does not want to reveal the content of the letter to Bob. She can place the letter in an envelope lined with carbon paper and send it to Bob. Bob will sign the outside of the carbon envelope without opening it and then send it back to Alice. Alice can then open it to find the letter signed by Bob, but without Bob having seen its contents.”

10

Possible reasons?◦ Technical requirements of e-cash systems

◦ Viable alternatives: one-time credit card numbers, PayPal

◦ “Guaranteed” maximum loss in case of stolen credit card info.

◦ Anything else?

11