E Payment Gateway

Online PaymentOnline PaymentArchitecture, Issue & Solutions

By PRATIK GohilSr. Lecturer, SVICS, Kadi.Sr. Lecturer, SVICS, Kadi.

Email: [email protected] | Blog: p2gohil.blogspot.com

What Is E Payment?What Is E-Payment? E-Payment is a system that permits online payment between

parties using an electronic surrogate of a financial tender

The electronic surrogate is backed by financial institutions and/or trusted intermediariesand/or trusted intermediaries

The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tenderp y , q

E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)

Current ScenarioCurrent Scenario E-Payment opportunities are growing albeit slowly

New players are entering E-Payment marketplace

Variety of ePayment mechanisms and devices - creating state f hof chaos

Infrastructure for E-Payment is complex and expensive to deploydeploy

Lack of critical mass adoption and acceptance

Online payment is hard to implement globallyOnline payment is hard to implement globally


E Payment Is Under EvolutionE-Payment Is Under EvolutionBusiness

Security

Infrastructure

Realities Customer

Profiles

Evolving E-Payment SolutionsEvolving E Payment Solutions

Authentication

Models

Payment

Types

E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)

Spa

E Payment ChannelsE-Payment Channels Defined as ‘touch points’ where a payment transaction is

originated or initiated

Can be executed through a variety of channels I t t b d Internet based Kiosks Contactless or proximity sensorsp y Mobile (e.g. mobile phones, PDA)


E Payment InstrumentsE-Payment Instruments Defined as the medium in which the value is recognized in a

payment transaction

Card-based such as C dit d h d Credit and charge cards buy now, pay later

Debit cards buy now, pay now

Cash cards, stored-valued, e-cash bu no prepaid or pa before buy now, prepaid or pay before


Credit CardsCredit Cards Most widely used banks able to leverage existing card infrastructure appears ‘defacto’ online payment

L l t d Largely unencrypted ‘card-not-present’ transactions processed without customer &

merchant authentication

Charge back risk for merchants charge-back is when customer demands a refund banks transfer liabilities of charge-backs to the merchants merchants need to have a bond to cover such charges


Credit Card ProtocolsCredit Card Protocols SSL (1 or 2 parties have private keys)

TLS (Transport Layer Security)

SEPP (Secure Encryption Payment Protocol) Obsolete

MasterCard, IBM, Netscape

STT (Secure Transaction Technology) VISA Mi ft VISA, Microsoft

SET (Secure Electronic Transactions) MasterCard VISA all parties have certificatedMasterCard, VISA all parties have certificated


SET OverviewSET Overview Developed by Visa and MasterCard

Designed to protect credit card transactions

Confidentiality: all messages travel encrypted

Trust: all parties must have digital certificates

Privacy: information made available only when and where necessary


SET Business RequirementsSET – Business Requirements Provide confidentiality of payment and ordering information

Ensure the integrity of all transmitted data

Provide authentication that a cardholder is a legitimate user f d d of a credit card account

Provide authentication that a merchant can accept credit card transactions through its relationship with a financial transactions through its relationship with a financial institution


SET Business Requirements (2)SET – Business Requirements (2)

Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction

Create a protocol that neither depends on transport security Create a protocol that neither depends on transport security mechanisms nor prevents their use

Facilitate and encourage interoperability among software and g p y gnetwork providers


SET TransactionsSET Transactions


Dual Signature MethodDual Signature MethodMESSAGE 1 MESSAGE 2

DIGEST 1

HASH 1 & 2 with SHA

DIGEST 2

CONCATENATE DIGESTSTOGETHER

NEW DIGEST

HASH WITH SHA TOCREATE NEW DIGEST

DUAL SIGNATURE

PRIVATE KEYENCRYPT NEW DIGESTWITH SIGNER’S PRIVATE KEY

DUAL SIGNATURE


Dual Signature OperationDual Signature Operation The operation for dual signature is as follows:

Take the hash (SHA-1) of the payment and order information.

These two hash values are concatenated [H(PI) || H(OI)] and then the result is hashedthen the result is hashed.

Customer encrypts the final hash with a private key creating the dual signature.


Debit CardsDebit Cards Direct electronic transfer of account - direct account

debiting

Uses chip/smart E-Wallets

D l Digital signature to secure access

Connected to E-Banking solution


Cash CardCash Card Payment solution on a proprietary protocol that allows

payment over the Internet

A digital/virtual wallet with prepaid credit-based/token-based payment systembased payment system

Enables low-value electronic payments on the Internet

Limited distribution proprietary solutions Limited distribution, proprietary solutions

Needs to install card reader and download free E-Wallet


E ChequeE-Cheque A formatted email message that consists of payee name,

amount, payment date, payer’s account number, and payer’s bank

Digital certificate and signature are used to secure the cheque Digital certificate and signature are used to secure the cheque so that the contents are not tampered with

A signed electronic cheque is exchanged between the parties’ g q g pfinancial institutions through automated clearing house


E Cheque (2)E-Cheque (2)

Customer’s Bank

b

Customer'saccount in hisBank is debited,

Merchant sends the productto Bob before/after check clears

BobBank is debited,Merchant’s iscredited

Bob writes Bob writes electronic checkand sends it toa merchantMerchant receives

checks and sends to


checks and sends tohis bank for depositMerchant’s

Bank

Mobile WalletMobile Wallet Provides E-Purse functionality to replace card-type payments

Aggregating micro-payments onto the mobile phone bill

Can use mobile access device to authenticate payer’s identity

SIM card well placed to function and control payment process and authentication


Documents

E Payment Gateway