Click here to load reader
Upload
pratik
View
431
Download
8
Embed Size (px)
DESCRIPTION
Presentation decscribes E-Payment fundamentals.(Presentatin is yet to get more slides)
Citation preview
Online PaymentOnline PaymentArchitecture, Issue & Solutions
By PRATIK GohilSr. Lecturer, SVICS, Kadi.Sr. Lecturer, SVICS, Kadi.
Email: [email protected] | Blog: p2gohil.blogspot.com
What Is E Payment?What Is E-Payment? E-Payment is a system that permits online payment between
parties using an electronic surrogate of a financial tender
The electronic surrogate is backed by financial institutions and/or trusted intermediariesand/or trusted intermediaries
The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tenderp y , q
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
Current ScenarioCurrent Scenario E-Payment opportunities are growing albeit slowly
New players are entering E-Payment marketplace
Variety of ePayment mechanisms and devices - creating state f hof chaos
Infrastructure for E-Payment is complex and expensive to deploydeploy
Lack of critical mass adoption and acceptance
Online payment is hard to implement globallyOnline payment is hard to implement globally
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
E Payment Is Under EvolutionE-Payment Is Under EvolutionBusiness
Security
Infrastructure
Realities Customer
Profiles
Evolving E-Payment SolutionsEvolving E Payment Solutions
Authentication
Models
Payment
Types
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
Spa
E Payment ChannelsE-Payment Channels Defined as ‘touch points’ where a payment transaction is
originated or initiated
Can be executed through a variety of channels I t t b d Internet based Kiosks Contactless or proximity sensorsp y Mobile (e.g. mobile phones, PDA)
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
E Payment InstrumentsE-Payment Instruments Defined as the medium in which the value is recognized in a
payment transaction
Card-based such as C dit d h d Credit and charge cards buy now, pay later
Debit cards buy now, pay now
Cash cards, stored-valued, e-cash bu no prepaid or pa before buy now, prepaid or pay before
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
Credit CardsCredit Cards Most widely used banks able to leverage existing card infrastructure appears ‘defacto’ online payment
L l t d Largely unencrypted ‘card-not-present’ transactions processed without customer &
merchant authentication
Charge back risk for merchants charge-back is when customer demands a refund banks transfer liabilities of charge-backs to the merchants merchants need to have a bond to cover such charges
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
Credit Card ProtocolsCredit Card Protocols SSL (1 or 2 parties have private keys)
TLS (Transport Layer Security)
SEPP (Secure Encryption Payment Protocol) Obsolete
MasterCard, IBM, Netscape
STT (Secure Transaction Technology) VISA Mi ft VISA, Microsoft
SET (Secure Electronic Transactions) MasterCard VISA all parties have certificatedMasterCard, VISA all parties have certificated
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
SET OverviewSET Overview Developed by Visa and MasterCard
Designed to protect credit card transactions
Confidentiality: all messages travel encrypted
Trust: all parties must have digital certificates
Privacy: information made available only when and where necessary
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
SET Business RequirementsSET – Business Requirements Provide confidentiality of payment and ordering information
Ensure the integrity of all transmitted data
Provide authentication that a cardholder is a legitimate user f d d of a credit card account
Provide authentication that a merchant can accept credit card transactions through its relationship with a financial transactions through its relationship with a financial institution
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
SET Business Requirements (2)SET – Business Requirements (2)
Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction
Create a protocol that neither depends on transport security Create a protocol that neither depends on transport security mechanisms nor prevents their use
Facilitate and encourage interoperability among software and g p y gnetwork providers
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
SET TransactionsSET Transactions
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
Dual Signature MethodDual Signature MethodMESSAGE 1 MESSAGE 2
DIGEST 1
HASH 1 & 2 with SHA
DIGEST 2
CONCATENATE DIGESTSTOGETHER
NEW DIGEST
HASH WITH SHA TOCREATE NEW DIGEST
DUAL SIGNATURE
PRIVATE KEYENCRYPT NEW DIGESTWITH SIGNER’S PRIVATE KEY
DUAL SIGNATURE
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
Dual Signature OperationDual Signature Operation The operation for dual signature is as follows:
Take the hash (SHA-1) of the payment and order information.
These two hash values are concatenated [H(PI) || H(OI)] and then the result is hashedthen the result is hashed.
Customer encrypts the final hash with a private key creating the dual signature.
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
Debit CardsDebit Cards Direct electronic transfer of account - direct account
debiting
Uses chip/smart E-Wallets
D l Digital signature to secure access
Connected to E-Banking solution
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
Cash CardCash Card Payment solution on a proprietary protocol that allows
payment over the Internet
A digital/virtual wallet with prepaid credit-based/token-based payment systembased payment system
Enables low-value electronic payments on the Internet
Limited distribution proprietary solutions Limited distribution, proprietary solutions
Needs to install card reader and download free E-Wallet
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
E ChequeE-Cheque A formatted email message that consists of payee name,
amount, payment date, payer’s account number, and payer’s bank
Digital certificate and signature are used to secure the cheque Digital certificate and signature are used to secure the cheque so that the contents are not tampered with
A signed electronic cheque is exchanged between the parties’ g q g pfinancial institutions through automated clearing house
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
E Cheque (2)E-Cheque (2)
Customer’s Bank
b
Customer'saccount in hisBank is debited,
Merchant sends the productto Bob before/after check clears
BobBank is debited,Merchant’s iscredited
Bob writes Bob writes electronic checkand sends it toa merchantMerchant receives
checks and sends to
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)
checks and sends tohis bank for depositMerchant’s
Bank
Mobile WalletMobile Wallet Provides E-Purse functionality to replace card-type payments
Aggregating micro-payments onto the mobile phone bill
Can use mobile access device to authenticate payer’s identity
SIM card well placed to function and control payment process and authentication
E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)E-Payments & Payment Gateways – PRATIK Gohil (www.p2gohil.blogspot.com)