Upload
tushar-b-kute
View
14.880
Download
0
Embed Size (px)
DESCRIPTION
The series of presentations contains the information about "Management Information System" subject of SEIT for University of Pune.Subject Teacher: Tushar B Kute (Sandip Institute of Technology and Research Centre, Nashik)http://www.tusharkute.com
Citation preview
MANAGEMENT INFORMATION SYSTEM
Third Year Information Technology
Part 10Electronic Payment System
Tushar B Kute,Department of Information Technology,Sandip Institute of Technology and Research Centre, Nashikhttp://www.tusharkute.com
WHAT IS ELECTRONIC PAYMENT? Is a system that permits online payment
between parties using an electronic surrogate of a financial tender
The electronic surrogate is backed by financial institutions and/or trusted intermediaries
The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tender
ELECTRONIC PAYMENT SYSTEM
An e-commerce payment system facilitates the acceptance of electronic payment for online transactions. Also known as a sample of Electronic Data Interchange (EDI), e-commerce payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking.
In the early years of B2C transactions, many consumers were apprehensive of using their credit and debit cards over the internet because of the perceived increased risk of fraud.
E-PAYMENT SYSTEMS
There are numerous different payments systems available for online merchants. These include the traditional credit, debit and charge card but also new technologies such as digital wallets, e-cash, mobile payment and e-checks.
Another form of payment system is allowing a 3rd party to complete the online transaction for you. These companies are called Payment Service Providers (PSP).
E-PAYMENT SYSTEMS TYPES
E-PAYMENTS
CREDIT CARDS AND SMART CARDS
Over the years, credit cards have become one of the most common forms of payment for e-commerce transactions. In North America almost 90% of online B2C transactions were made with this payment type.
A Smartcard is similar to a credit card; however it contains an embedded 8-bit microprocessor and uses electronic cash which transfers from the consumers’ card to the sellers’ device. A popular smartcard initiative is the VISA Smartcard.
ELECTRONIC BILL PRESENTMENT AND PAYMENT
Electronic bill presentment and payment (EBPP) is a fairly new technique that allows consumers to view and pay bills electronically. There are a significant number of bills that consumers pay on a regular basis, which include: power bills, water, oil, internet, phone service, mortgages, car payments etc.
EBPP systems send bills from service providers to individual consumers via the internet. The systems also enable payments to be made by consumers, given that the amount appearing on the e-bill is correct.
CURRENT STATUS ePayment opportunities are growing albeit
slowly New players are entering ePayment
marketplace Variety of ePayment mechanisms and devices
- creating state of chaos Infrastructure for ePayment is complex and
expensive to deploy Lack of critical mass adoption and
acceptance Online payment is hard to implement globally
EPAYMENT IS STILL EVOLVING ...
New ePayment Solutions
Security Infrastructure
Business Realities
Authentication Models
Spa
Customer Profiles
Payment Types
EPAYMENT CHANNELS
Defined as ‘touch points’ where a payment transaction is originated or initiated
Can be executed through a variety of channels Internet based Kiosks Contactless or proximity sensors Mobile e.g. mobile phones, PDA
EPAYMENT INSTRUMENTS Defined as the medium in which the value is
recognised in a payment transaction
Card-based such as Credit and charge cards
buy now, pay later
Debit cards
buy now, pay now
Cash cards, stored-valued, e-cash buy now, prepaid or pay before
CREDIT CARDS Most widely used
banks able to leverage existing card infrastructure
appears ‘defacto’ online payment Largely unencrypted
‘card-not-present’ transactions processed without customer & merchant authentication
Charge back risk for merchants charge-back is when customer demands a
refund banks transfer liabilities of charge-backs
to the merchants merchants need to have a bond to cover
such charges
DEBIT CARDS
Direct electronic transfer of account - direct account debiting
Uses chip/smart eWallets
Digital signature to secure access
Connected to eBanking solution
DIGITAL CASH A system of purchasing cash and
storing the credits in consumer’s computer
Computerised stored value is used as a form of cash to be spent in small increments
A third party is involved in the payment transactions
Examples: Beenz, Billpoint, Paypal
CAZH
A project by ABN-Amro
A debit system that creates network between merchant and bank to allow customers pay for the goods by direct debit of customers’ bank account
Once customer has been authenticated by his/her bank, he/she can authorise the bank to pay the merchant on the goods purchase
Similar to Nets POS but in cyberspace
CASH CARD
Payment solution on a proprietary protocol that allows payment over the Internet
A digital/virtual wallet with prepaid credit-based/token-based payment system
Enables low-value electronic payments on the Internet
Limited distribution, proprietary solutions Needs to install card reader and download
free eWallet
ECHEQUE
A formatted email message that consists of payee name, amount, payment date, payer’s account number, and payer’s bank
Digital certificate and signature are used to secure the cheque so that the contents are not tampered with
A signed electronic cheque is exchanged between the parties’ financial institutions through automated clearing house
MOBILE WALLET Relatively new space exploited by telcos and
non-financial enterprises Provides ePurse functionality to replace card-
type payments Aggregating micro-payments onto the mobile
phone bill Can use mobile access device to authenticate
payer’s identity SIM card well placed to function and control
payment process and authentication
COMPONENTS OF ONLINE PAYMENT SYSTEM
Online Merchants
Consumer Payment Clearinghouses
Payment Enablers
• Payment Gateways
• Merchant Acquirers
• Shopping Cart Vendors
• Non-bank payment Processors
Competing Authenticatio
n Services
EPAYMENT RISKS
Internet
Private network
Internet
Bank network
•Use of stolen card
•Credit card number or password stolen from computer
•Unauthorised access
• Information modified in transit
•Payment info stolen from merchant
•Masquerading as legitimate merchant
•Key info stolen by merchant staff
• Information modified in transit
• Information stolen
Buyer MerchantPayment gateway
60% of non-buyers said “credit card security,” the highest factor cited.
Factors that would convert non-buyers to buyers online?
Odyssey, 2000
58% of new Internet users said “better security,” the 3rd highest factor cited.
Factors that would motivate new users to purchase online?
Jupiter Research, May 2000
68% of Internet users said “hackers getting credit card number,” 2nd highest concern cited
Worries and concerns regarding online activities?
Pew Internet & Am Life Project, June 2000
47% of Internet users said “credit card security,” the 3rd highest barrier cited.
Barriers to online purchasing?Greenfield Online, 2000
79% of Internet users said “credit card security,” the number one cited barrier.
Barriers to online purchasing?Pricewaterhouse Coopers, 2000
85% of online shoppers said “secure transactions,” the highest cited feature.
Important features of online shopping sites?
Cyber Dialogue, 2000
88% of online shoppers said “guaranteed credit card security”, 2nd highest feature cited.
Features that will increase the likelihood to buy online?
Odyssey, 2000
ResultsQuestion AskedSurvey By
Research on online shopping
HOW CAN WE SECURE EPAYMENT? The Trust Principle
The parties to the transaction must trust each other
Buyer must believe that seller is legitimate and will deliver the goods
Buyer must believe that goods are as represented and are worth the price
Seller must believe that buyer is legitimate and will pay for the goods purchased
HOW CAN WE SECURE EPAYMENT?
The Security Principle Parties need a secure environment in
which to conduct the electronic transactions
Seller needs to protect the details of the transactions
Buyer needs to be certain that his/her information is securely handled and stored
Buyer needs to be certain that information is not stolen that it can be inappropriately used
EPAYMENT SOLUTIONS
Must provide security: resistance to fraud and online attacks
Reliable: highly available and accessible at all times
Cost effective: cost per transaction should be low even for micro-payment
Integrated and scaleable: interoperable amongst different systems, payment methods and multiple servers distributed across the Internet
Convenient and easy to use: should support several devices
Anonymity: should protect the identities of parties to the transactions and should not monitor the sources of finance
SECURING EPAYMENTS Identification and authenticate
the ability to verify both the transacting parties
Authorization the ability to validate the rightful owner
to the transaction Integrity and confidentiality
the ability to transmit the transaction securely
the ability to store the transaction properly
Accountability The ability to provide audit trail as
evidence in dispute Policies for sharing risks and liabilities
the mechanism to settle disputes/non-repudiation
AUTHENTICATION MODELS
Something you have and something you know – ATM card model
Known to the back-end (server), synchronize with each transaction using a one time random number – Secur-ID model
“Sign” each transaction – PKI-model
Tie into a real person – Biometrics
EPAYMENT TRANSACTION CYCLE
Buyer
Issu
ing
Bank
Merchant
Acqui
ring
Bank
Visa/Mastercard
Bills buyerPays bank
Orders goods
Deliver goods
Reimburses merchant
Voucher to Acquiring Bank
Transaction voucher to Issuing Bank
Issuing Bank pays Visa / Mastercard
Sends transaction voucher to Visa / Mastercard
Visa / Mastercard reimburses Acquiring Bank
1
2 745
3
6
8
9
SECURE SOCKETS LAYER (SSL)
A security protocol to protect sensitive data transmitted over the Internet
Uses encryption to protect the transmission of data
When SSL session starts, server sends key to the browser, which returns random key to the server
Ensures that data are not tampered with or stolen en route
SECURE ELECTRONIC TRANSFER - SET
Protocol by Visa and MasterCard released in 1996
3 party system - cardholder, merchant and bank using SET-enabled systems
Uses digital certificate to ensure cardholder is who he/she says he/she is or claims to be
Credit card details are invisible to merchants, protected by encryption for clearing bank