Upload
voxuyen
View
217
Download
0
Embed Size (px)
Citation preview
Part IX: ePayment
2
Learning Targets
• What are the electronic means of payment?
• What is the difference between pico-, micro- and macro-payment?
• How can we classify the e-payment systems?
• How can secure transactions be implemented?
3
The Definition of Electronic Payment
• E-payment consists of services for the process of paying over an electronic network including:
- Pico-payments (amounts from a fraction of a cent up to 1 Euro)
- Micro-payments (payments between 1 and 30 Euros)
- Macro-payments (amounts from 30 Euros up to several thousand Euros)
4
Classification of E-Payment Systems
• Technological concept
- Account based concept (cheques & online accounts)
- Holder-based concept with software (electronic coins)
- Holder-based concept with hardware (credit cards & smart cards)
• Confidentiality and anonymity of the transaction concept
- Anonymous transactions
- Non-anonymous transactions
• Efficiency and range of application
- Pico-payment
- Micro-payment
- Macro-payment
• Scalability
5
Credit Card based Concept
• Instead of just encrypting the credit card information with the Secure Socket Layer method (SSL), these concepts are based on a dedicated organization or software which is responsible for the processing of the payment data.
• Actors of a credit card transaction:
- The card holder as customer
- The merchant who has an installed payment server- The payment server for the communication between acquirer and
seller
- The card issuer (a financial service provider) ensures the seller that the amount to pay is available
- The acquirer processes the payments for the seller (authorized by the issuer)
- The certification center (Secure Electronic Transaction concept, SET) is responsible for the certificates of the customer, the seller and the payment gateway (authentication of the actors)
6
Credit Card based Concept: Paypal
7
Customer’s PC
Merchant: Web-Server with
CashRegister
1. Order
2. Invoice and PayPal Registration Data
8. Delivery
PayPal
Server
4. Send money
5. Information: Money received
6. Accept Payment
7. Information: Payment accepted
Credit Card based Concept: Cyber Cash
8
Customer’s PC
Merchant: Web-Server
with CashRegister
1. Order2. Invoice
3. Payment request9. Delivery
Gateway Server
Bank of the merchant
Bank of the customer
4. Authorization request
8. Validation
6. Authorization
7. Validation5. Decoding of the authorization request
Deposit Card Concept
• Before the buying transaction, the deposit card is charged with an amount of money. Every transaction is debited from the card until the deposit on the card is used up.
• Actors of a deposit card transaction:
- The card holder (customer) can charge the card at special terminals or pay with it (PIN code necessary)
- The bank of the customer holds an account for the card where the charging status and the turn over of the card are stored
- The merchant provides a terminal for the paying transactions of his customers (he has to identify himself to the terminal with a merchant card)
- The bank of the merchant is only involved if paying transaction to the bank account of the merchant are executed
- The charging terminal
- The evidence center is an interface for all payment transactions
9
Deposit Card Concept: CASH
10
CustomerMerchant:
CASH Terminal
Pays with
Goods
EUROPAY CASH-Pool
Charging Terminal
Reimbursement requestCharging
Bank of the merchant
Charging status Reimbursement
CASH Chip(no PIN code)
card
Electronic Money Concept
• Electronic money systems are very similar to real money in cash. It has the same properties like anonymity and the splitting in value units.
• The coinage process:
11
Customer Customer’s
Bank
12
3
56321
Electronic Money Concept: eCash
12
Customer Retailer (Server)
Bank Server
Customer’sCyber-wallet
Merchant’sCyber-wallet
1. Order
10. Delivery
2. Payment request
9. Confirmation5. Confirmationor rejection
4. Transaction report
9. Confirmation3. Payment request6. Payment
8. Confirmation or rejection
7. Online validation
0.B Verified coins0.A Blank
coins
Electronic Money Concept: eCash
13
Bank Server
Customer’sCyber-wallet
Merchant’sCyber-wallet
2. Payment request3. Payment6. Delivery
1. Order
4. Presentation for collection 5. Exchange for new
coins
Billing Concept
• The billing concept is different from cash oriented or deposit oriented systems. It’s flexibility allows to create different systems for billing and accounting. The main principle of this concept is based on the separation of the payment process in to levels:
- On one level, the accounting system just creates an account posting for each payment transaction in the operators account
- On the payment level, the operator balances the accounts of all participants regularly by credit transfer or direct debiting
• The billing system is known from telecommunications service providers. The phone companies book every call unit in the customers account. And every month, the system creates an invoice request for each customer.
14
Billing Concept: MilliCent
15
Web-Browser
HTTP access & payment with SCRIPWeb-Server
Broker
Soft-Goods & change
�Euro
Scrip License
�Euro
Debit Advice Concept
• With this concept, the merchant (who has proved his creditworthiness over a long period of time) has the possibility to debit the necessary amount of money directly from the account of the corresponding customer. But normally the merchant needs a written agreement from his customer to execute these transactions.
• Therefore, most of the debit advice transactions are not executed directly between the customer and the merchant. A third party acts as a proxy for the merchant and processes the transactions.
16
Debit Advice Concept: Electronic Direct Debit
(EDD), Germany
• The EDD company creates a so called Data-Carrier-Set (DCS). The DCS has standardized format for the transmission of a debit advice.
• The EDD server sends a report to the merchant, so he can deliver his goods & services to the customer.
• Then the DCS is transmitted to the merchant’s bank and the buyer gets an confirmation for his payment transaction. A EDD payment is done in about 15 sec.
17
Mobile Payment
• A new way to pay for services is using mobile devices like cellphones or Personal Digital Assistants (PDAs).
• It is possible to adapt the payment methods for stationary computers on mobile devices.
• However, there are new payment methods created that work only with cellphones. The most famous one is Pay-box, which provided a complete solution for mobile Payment.
• In January 2003, Pay-box has closed it‘s service in Germany „due to the very slow development of the m-payment market“.
18
Mobile Payment: Pay-box
19
Customer
Merchant: web-server, reg. Pay-box
account
1. Order with Pay-box Registration Nr.
6. Goods
2. Send Merchant Nr. and Customer Nr. And amount
Pay-box server
3. Calls Customer on Cellphone 5. Payment
confirmation
4. Authorization
Security: Secure Socket Layer (SSL)
20
CustomerMerchant:
web-server with payment
server
1. Order2. Payment request & ...<java applet>...
6. HTTP request & confirmation
5. HTTP request & confirmation
Gateway server
SSL
4. Transmission of the payment information3. Loading of
the payment applet (java)
Security: Secure Electronic Transaction (SET)
21
Customer
Merchant: web-server
with payment server
1. PurchaseInitRequest2. PurchaseInitResponse
3. PurchaseRequest Kpublic,Merchant (order information) Kpublic,Payment Gateway (payment information)
5. AuthResponse
Payment Gateway
4. AuthRequest Kpublic,Payment Gateway
(payment information)
6. PurchaseResponse
Security: SET “Dual Signature”
22
Customer message to merchant
Kprivate,Customer
Customer message to
bank
MDigest1
(hash)
MDigest2
(hash)
MDigest3
(hash)
00111100110101010111
00111100110101010111
Kpublic,BankKpublic,Merchant
Security: SET Certificates
2324
Customer
Merchant: web-server
with payment server
1. PurchaseInitRequest2. PurchaseInitResponse
3. PurchaseRequest PubKmerchant(order information) PubKPG (payment information)
5. AuthResponse
Payment Gateway
4. AuthRequest PubKPG (payment information)
6. PurchaseResponse
CertPG
CertMerchant
CertMerchant
CertCustomer
CertCustomer
CertPG
Trust Center
Economic Efficiency of E-Payment Concepts
24
Economic Efficiency of E-Payment Concepts
25
0
0.38
0.75
1.13
1.50
Internet PC Banking Cash Automat Phone Bank
1.07
0.52
0.27
0.020.01
Tran
sact
ion
Cost
s in
USD
E-Payment: Literature on the Internet
• Mobile Payment Forum White Paper: Enabling Secure, Interoperable, and User-friendly Mobile Payments (http://www.mobilepaymentforum.org/pdfs/mpf_whitepaper.pdf)
• Institute for eCommerce, E-PaymentLinks, available at: http://euro.ecom.cmu.edu/resources/elibrary/epaylinks.shtml
26