ITEC5611 Electronic Payment Systems. S. KungpisdanITEC5611 Electronic Commerce Systems Implementation 2 Outline The Payment Evolution Using Payment Cards

ITEC5611Electronic Payment Systems

S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation

2

Outline

• The Payment Evolution

• Using Payment Cards Online

• Secure Electronic Transaction (SET)

• E-Micropayment

• E-Checking

• Electronic Bill Presentment and Payment

• PayPal


3

The Payment Revolution

• Crucial Factors– Independence

• Some e-payment systems require specialized software or hardware to make payment

– Interoperability and portability– Security– Anonymity– Divisibility– Ease of use– Transaction fees– Regulations


4

Outline




• E-Micropayment

• E-Checking


• PayPal


5

Using Payments Cards Online

payment card

Electronic card that contains information that can be used for payment purposes

• Three forms of payment cards:– Credit cards– Debit cards


6


• Processing Credit Cards Online

authorization

Determines whether a buyer’s card is active and whether the customer has sufficient funds

settlement

Transferring money from the buyer’s to the merchant’s account


7


• Processing Credit Cards Online

payment service provider (PSP)

A third-party service connecting a merchant’s EC systems to the appropriate acquirers. PSPs must be registered with the various card associations they support


8


– Key participants in processing credit card payments online include the following:• Acquiring bank• Credit card association• Customer• Issuing bank• Merchant• Payment processing service

– Service provides connectivity among merchants, customers and financial network

• Processor– Data center that processes credit-card transactions and settles funds to

merchants


9


• Fraudulent Credit Card TransactionsAddress Verification System (AVS)

Detects fraud by comparing the address entered on a Web page with the address information on file with cardholder’s issuing bank• Result in a number of false positive

• Only available in US and Canada


10


card verification number (CVN)

Detects fraud by comparing the verification number printed on the signature strip on the back of the card with the information on file with the cardholder’s issuing bank


11


• Fraudulent Credit Card Transactions– Additional tools used to combat fraud include:

• Manual review• Negative files

– check to see if customer’s transaction is matched against the file containing customer’s information

• Card association payer authentication services– 3D (3-domain) Secure – E.g. Verified by Visa, MasterCard SecureCode, JCB J/Secure– Require cardholders to register with the systems and merchants to

adopt and support both existing systems and the new systems– Cardholder needs to have an additional password to authenticate

him/herself– Merchant must also enroll itself to the program


12

Smart Cards

smart card

An electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card


13

Exhibit 12.2 Smart Card


14

Smart Cards

• Types of Smart Cards

contact cardA smart card containing a small gold plate on the face that when inserted in a smart card reader makes contact and passes data to and from the embedded microchip

contactless (proximity) cardA smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device without contact between the card and the card reader


15

Smart Cards

• Applications of Smart Cards– Retail Purchases

e-purse

Smart card application that loads money from a card holder’s bank account onto the smart card’s chip

Common Electronic Purse Specification (CEPS)

Standards governing the operation and interoperability of e-purse offerings


16

Smart Cards

• Applications of Smart Cards– Transit Fares

To eliminate the inconvenience of multiple types of tickets used in public transportation, most major transit operators in the United States are implementing smart card fare-ticketing systems

– E-IdentificationBecause they have the capability to store personal information, including pictures, biometric identifiers, digital signatures, and private security keys, smart cards are being used in a variety of identification, access control, and authentication applications


17

Smart Cards

• Applications of Smart Cards in Health Care– Storing vital medical information in case of emergencies

– Preventing patients from obtaining multiple prescriptions from different physicians

– Verifying a patient’s identity and insurance coverage

– Speeding up the hospital or emergency room admissions process


18

Smart Cards

• Securing Smart Cards– Smart cards store or provide access to either valuable

assets or to sensitive information– Because of this, they must be secured against theft,

fraud, or misuse– The possibility of hacking into a smart card is

classified as a “class 3” attack, which means that the cost of compromising the card far exceeds the benefits


19

Outline




• E-Micropayment

• E-Checking


• PayPal


20

Secure Electronic Transaction


21

Services Provided by SET

• Secure communications channel among involved parties• Trust by using X.509 certs• Party privacy: parties will receive only the information that

they are intended to receive


22

SET Requirements

• Provide confidentiality of payment and ordering information• Ensure the integrity of all transmitted data• Provide authentication that a cardholder is a legitimate user of a credit

card account• Provide authentication that a merchant can accept credit card

transactions through its relationship with a financial institution• Ensure the use of the best security practices and system design

techniques to protect all legitimate parties in an e-commerce transactions

• Create a protocol that neither depends on transport security mechanisms nor prevents their use


23

Secure Electronic Transaction

12

34, 6

5, 10, 11

79

8

12


24

SET Transaction Overview

1. Client opens an account2. Client receives a certificate3. Merchants have their own certs4. The client places an order (C M)5. The merchant is verified (M C)6. The order and payment are sent (C M)7. The merchant requests payment authorization (M PG)8. Payment is approved (PG I, I A, I,A PG)9. The merchant receives authorization response (PG M)10. The merchant confirms the order (M C)11. The merchant provides goods or service (M C)12. The merchant requests payment (M A)


25

Dual Signature

• In SET, two messages for two intended recipients are sent in one message– Order Information (OI) from client to merchant -> not revealed to the bank

– Payment Information (PI) from client to the bank -> not revealed to the merchant

– DS = EKRc[H(H(PI)||H(OI))]

– DS provides link btw OI and PI for the client

• If merchant receives DS, H(PI), merchant can prove that client has sent purchase request (because merchant has OI).

• If bank receives DS, H(OI), the bank can prove that client has request it to deduct money from client’s account (because the bank has PI).


26

Stored-Value Cards

stored-value card

A card that has monetary value loaded onto it and that is usually rechargeable


27

Outline




• E-Micropayment

• E-Checking


• PayPal


28

E-Micropayments

e-micropayments

Small online payments, typically under US $10

• Companies with e-micropayment products:– BitPass (bitpass.com)– Paystone (paystone.com)– PayLoadz (payloadz.com)– Peppercoin (peppercoin.com)


29

Millicent


30

Outline




• E-Micropayment

• E-Checking


• PayPal


31

E-Checking

e-checkA legally valid electronic version or representation of a paper check

Automated Clearing House (ACH) NetworkA nationwide batch-oriented electronic funds transfer system that provides for the interbank clearing of electronic payments for participating financial institutions


32

E-Checking

• Benefits of e-check processing:– It reduces the merchant’s administrative costs by

providing faster and less paper-intensive collection of funds

– It improves the efficiency of the deposit process for merchants and financial institutions


33

E-Checking

• Benefits of e-check processing:– It speeds the checkout process for consumers– It provides consumers with more information about

their purchases on their account statements– It reduces the float period and the number of checks

that bounce because of insufficient funds (NSFs)


34

Exhibit 12.3 Processing E-Checks with Authorize.Net


35

Outline




• E-Micropayment

• E-Checking


• PayPal


36

Electronic Bill Presentment and Payment

electronic bill presentment and payment (EBPP)

Presenting and enabling payment of a bill online. Usually refers to a B2C transaction


37

Exhibit 12.4 E-Bill Presentment


38


• Types of E-Billing– Online banking– Biller direct– Bill consolidator


39


• Advantages of E-Billing– Reduction in expenses related to billing and

processing payments– Electronic advertising inserts can be customized to

the individual customer– Reduces customer’s expenses


40

Exhibit 12.5 E-Billing Process for Single Biller


41

Exhibit 12.6 E-Billing Processes for Bill Consolidator


42

Outline




• E-Micropayment

• E-Checking


• PayPal


43

PayPal


44

Send money person to person


45

PayPal Website Payment


46

PayPal Website Payment (cont’d)


47



48



49

Receiving money

• A merchant who wants to withdraw money from Paypal account must add bank account to Paypal first.


50

Paypal Virtual Terminal

• It’s an online version of the credit card swipe machines used in stores. But it gives you added advantages:

• Increase sales. Expand your business beyond the internet.

• Save money. There’s no need to invest in expensive equipment.


51

Paypal Sandbox

• Go to https://developers.paypal.com/


52

Paypal Sandbox (cont’d)


53



54


Questions?

Next lectureSearch Engines, Directory Services and Internet Advertising

Documents

ITEC5611 Electronic Payment Systems. S. KungpisdanITEC5611 Electronic Commerce Systems Implementation 2 Outline The Payment Evolution Using Payment Cards