Upload
angela-fitzgerald
View
215
Download
1
Tags:
Embed Size (px)
Citation preview
ITEC5611Electronic Payment Systems
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
2
Outline
• The Payment Evolution
• Using Payment Cards Online
• Secure Electronic Transaction (SET)
• E-Micropayment
• E-Checking
• Electronic Bill Presentment and Payment
• PayPal
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
3
The Payment Revolution
• Crucial Factors– Independence
• Some e-payment systems require specialized software or hardware to make payment
– Interoperability and portability– Security– Anonymity– Divisibility– Ease of use– Transaction fees– Regulations
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
4
Outline
• The Payment Evolution
• Using Payment Cards Online
• Secure Electronic Transaction (SET)
• E-Micropayment
• E-Checking
• Electronic Bill Presentment and Payment
• PayPal
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
5
Using Payments Cards Online
payment card
Electronic card that contains information that can be used for payment purposes
• Three forms of payment cards:– Credit cards– Debit cards
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
6
Using Payments Cards Online
• Processing Credit Cards Online
authorization
Determines whether a buyer’s card is active and whether the customer has sufficient funds
settlement
Transferring money from the buyer’s to the merchant’s account
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
7
Using Payments Cards Online
• Processing Credit Cards Online
payment service provider (PSP)
A third-party service connecting a merchant’s EC systems to the appropriate acquirers. PSPs must be registered with the various card associations they support
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
8
Using Payments Cards Online
– Key participants in processing credit card payments online include the following:• Acquiring bank• Credit card association• Customer• Issuing bank• Merchant• Payment processing service
– Service provides connectivity among merchants, customers and financial network
• Processor– Data center that processes credit-card transactions and settles funds to
merchants
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
9
Using Payments Cards Online
• Fraudulent Credit Card TransactionsAddress Verification System (AVS)
Detects fraud by comparing the address entered on a Web page with the address information on file with cardholder’s issuing bank• Result in a number of false positive
• Only available in US and Canada
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
10
Using Payments Cards Online
card verification number (CVN)
Detects fraud by comparing the verification number printed on the signature strip on the back of the card with the information on file with the cardholder’s issuing bank
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
11
Using Payments Cards Online
• Fraudulent Credit Card Transactions– Additional tools used to combat fraud include:
• Manual review• Negative files
– check to see if customer’s transaction is matched against the file containing customer’s information
• Card association payer authentication services– 3D (3-domain) Secure – E.g. Verified by Visa, MasterCard SecureCode, JCB J/Secure– Require cardholders to register with the systems and merchants to
adopt and support both existing systems and the new systems– Cardholder needs to have an additional password to authenticate
him/herself– Merchant must also enroll itself to the program
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
12
Smart Cards
smart card
An electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
13
Exhibit 12.2 Smart Card
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
14
Smart Cards
• Types of Smart Cards
contact cardA smart card containing a small gold plate on the face that when inserted in a smart card reader makes contact and passes data to and from the embedded microchip
contactless (proximity) cardA smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device without contact between the card and the card reader
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
15
Smart Cards
• Applications of Smart Cards– Retail Purchases
e-purse
Smart card application that loads money from a card holder’s bank account onto the smart card’s chip
Common Electronic Purse Specification (CEPS)
Standards governing the operation and interoperability of e-purse offerings
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
16
Smart Cards
• Applications of Smart Cards– Transit Fares
To eliminate the inconvenience of multiple types of tickets used in public transportation, most major transit operators in the United States are implementing smart card fare-ticketing systems
– E-IdentificationBecause they have the capability to store personal information, including pictures, biometric identifiers, digital signatures, and private security keys, smart cards are being used in a variety of identification, access control, and authentication applications
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
17
Smart Cards
• Applications of Smart Cards in Health Care– Storing vital medical information in case of emergencies
– Preventing patients from obtaining multiple prescriptions from different physicians
– Verifying a patient’s identity and insurance coverage
– Speeding up the hospital or emergency room admissions process
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
18
Smart Cards
• Securing Smart Cards– Smart cards store or provide access to either valuable
assets or to sensitive information– Because of this, they must be secured against theft,
fraud, or misuse– The possibility of hacking into a smart card is
classified as a “class 3” attack, which means that the cost of compromising the card far exceeds the benefits
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
19
Outline
• The Payment Evolution
• Using Payment Cards Online
• Secure Electronic Transaction (SET)
• E-Micropayment
• E-Checking
• Electronic Bill Presentment and Payment
• PayPal
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
20
Secure Electronic Transaction
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
21
Services Provided by SET
• Secure communications channel among involved parties• Trust by using X.509 certs• Party privacy: parties will receive only the information that
they are intended to receive
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
22
SET Requirements
• Provide confidentiality of payment and ordering information• Ensure the integrity of all transmitted data• Provide authentication that a cardholder is a legitimate user of a credit
card account• Provide authentication that a merchant can accept credit card
transactions through its relationship with a financial institution• Ensure the use of the best security practices and system design
techniques to protect all legitimate parties in an e-commerce transactions
• Create a protocol that neither depends on transport security mechanisms nor prevents their use
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
23
Secure Electronic Transaction
12
34, 6
5, 10, 11
79
8
12
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
24
SET Transaction Overview
1. Client opens an account2. Client receives a certificate3. Merchants have their own certs4. The client places an order (C M)5. The merchant is verified (M C)6. The order and payment are sent (C M)7. The merchant requests payment authorization (M PG)8. Payment is approved (PG I, I A, I,A PG)9. The merchant receives authorization response (PG M)10. The merchant confirms the order (M C)11. The merchant provides goods or service (M C)12. The merchant requests payment (M A)
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
25
Dual Signature
• In SET, two messages for two intended recipients are sent in one message– Order Information (OI) from client to merchant -> not revealed to the bank
– Payment Information (PI) from client to the bank -> not revealed to the merchant
– DS = EKRc[H(H(PI)||H(OI))]
– DS provides link btw OI and PI for the client
• If merchant receives DS, H(PI), merchant can prove that client has sent purchase request (because merchant has OI).
• If bank receives DS, H(OI), the bank can prove that client has request it to deduct money from client’s account (because the bank has PI).
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
26
Stored-Value Cards
stored-value card
A card that has monetary value loaded onto it and that is usually rechargeable
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
27
Outline
• The Payment Evolution
• Using Payment Cards Online
• Secure Electronic Transaction (SET)
• E-Micropayment
• E-Checking
• Electronic Bill Presentment and Payment
• PayPal
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
28
E-Micropayments
e-micropayments
Small online payments, typically under US $10
• Companies with e-micropayment products:– BitPass (bitpass.com)– Paystone (paystone.com)– PayLoadz (payloadz.com)– Peppercoin (peppercoin.com)
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
29
Millicent
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
30
Outline
• The Payment Evolution
• Using Payment Cards Online
• Secure Electronic Transaction (SET)
• E-Micropayment
• E-Checking
• Electronic Bill Presentment and Payment
• PayPal
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
31
E-Checking
e-checkA legally valid electronic version or representation of a paper check
Automated Clearing House (ACH) NetworkA nationwide batch-oriented electronic funds transfer system that provides for the interbank clearing of electronic payments for participating financial institutions
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
32
E-Checking
• Benefits of e-check processing:– It reduces the merchant’s administrative costs by
providing faster and less paper-intensive collection of funds
– It improves the efficiency of the deposit process for merchants and financial institutions
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
33
E-Checking
• Benefits of e-check processing:– It speeds the checkout process for consumers– It provides consumers with more information about
their purchases on their account statements– It reduces the float period and the number of checks
that bounce because of insufficient funds (NSFs)
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
34
Exhibit 12.3 Processing E-Checks with Authorize.Net
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
35
Outline
• The Payment Evolution
• Using Payment Cards Online
• Secure Electronic Transaction (SET)
• E-Micropayment
• E-Checking
• Electronic Bill Presentment and Payment
• PayPal
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
36
Electronic Bill Presentment and Payment
electronic bill presentment and payment (EBPP)
Presenting and enabling payment of a bill online. Usually refers to a B2C transaction
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
37
Exhibit 12.4 E-Bill Presentment
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
38
Electronic Bill Presentment and Payment
• Types of E-Billing– Online banking– Biller direct– Bill consolidator
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
39
Electronic Bill Presentment and Payment
• Advantages of E-Billing– Reduction in expenses related to billing and
processing payments– Electronic advertising inserts can be customized to
the individual customer– Reduces customer’s expenses
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
40
Exhibit 12.5 E-Billing Process for Single Biller
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
41
Exhibit 12.6 E-Billing Processes for Bill Consolidator
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
42
Outline
• The Payment Evolution
• Using Payment Cards Online
• Secure Electronic Transaction (SET)
• E-Micropayment
• E-Checking
• Electronic Bill Presentment and Payment
• PayPal
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
43
PayPal
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
44
Send money person to person
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
45
PayPal Website Payment
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
46
PayPal Website Payment (cont’d)
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
47
PayPal Website Payment (cont’d)
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
48
PayPal Website Payment (cont’d)
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
49
Receiving money
• A merchant who wants to withdraw money from Paypal account must add bank account to Paypal first.
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
50
Paypal Virtual Terminal
• It’s an online version of the credit card swipe machines used in stores. But it gives you added advantages:
• Increase sales. Expand your business beyond the internet.
• Save money. There’s no need to invest in expensive equipment.
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
51
Paypal Sandbox
• Go to https://developers.paypal.com/
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
52
Paypal Sandbox (cont’d)
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
53
Paypal Sandbox (cont’d)
S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation
54
Paypal Sandbox (cont’d)
Questions?
Next lectureSearch Engines, Directory Services and Internet Advertising