1 / 19

E-Commerce: Fundamentals and Applications

E-Commerce: Fundamentals and Applications. Chapter 10 : Internet Payment Systems. Outline. Features of payment methods 4 C’s payment methods Credit card payment E-cash E-check Micropayment: Millicent and Paywords Smart card payment. Cash. Credit card. Check. Credit/debit. Anonymity.

kareem
Download Presentation

E-Commerce: Fundamentals and Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-Commerce: Fundamentals and Applications Chapter 10 : Internet Payment Systems

  2. Outline • Features of payment methods • 4 C’s payment methods • Credit card payment • E-cash • E-check • Micropayment: Millicent and Paywords • Smart card payment

  3. Cash Credit card Check Credit/debit Anonymity Yes, in general No No No Overhead cost Lowest, in general Higher than cash and credit/debit because of the paper work involved Highest, in general Low Divisibility Not completely divisible Yes Yes Yes Acceptability Yes, in general Yes, in general No, in general it can only be used locally No, in general it can only be used locally Security Good Good Good Good Transferability Yes No No No Comparison of the 4C’s Payment Methods

  4. Credit card payment • Most popular payment method • Especially for B2C e-commerce • 1st generation: No protection, only provide credit card number for processing • 2nd generation: SSL for protecting the transfer of credit card information • 3rd generation: SET for secure credit card authorization • 4th generation: Portable smart cards?

  5. SET: Seven business requirements (according to SET Book 1) • Provide confidentiality of payment information • Ensure the integrity of all transmitted data • Provide cardholder’s authentication • Provide merchant’s authentication • Ensure the use of the best security practices and system design techniques • Create a protocol that is independent on the transport layer protocol • Facilitate interoperability • (Please read Book 1: Business Description at http://www.setco.org/download.html/#spec)

  6. Payment/Inquiry Cardholder Authorization and Capture Existing financial network Authorization and Capture Merchant Payment gateway/ Acquirer Issuer Internet Certificate authority Network Architecture of SET System

  7. Root CA Brand CA (e.g Visa or Master) Geopolitical CA (e.g. Visa Asia) Payment gateway CA User level CA Merchant CA Cardholder CA Digital Certificate System for SET

  8. OI PI Step 1: Find the message digest of OI and PI H[OI] H[PI] Step 2:Concatenate H[OI] and H[PI] and find the message digest HPIOI = H[H[PI] || H[OI]] Cardholder’s private signature key Step 3:Encrypt HPIOI with cardholder’s private signature key (using RSA encryption) Dual Signature Steps in Generation of a Dual Signature Reference: W. Stallings, Cryptography and Network Security, Prentice Hall, 1999.

  9. Encrypted bykeyrandom   M DES Encryption   Encrypted bykeypublic_exchange,VBS Digital Envelope keyrandom keypublic_exchange,VBS RSA Encryption keyrandom Generation of a Digital Envelope M

  10. General SET Information Flow (1) Purchase initialization request Acquirer (Payment Gateway) Merchant Acquirer (Payment Gateway) (5) Authorization request (2) Purchase initialization response Cardholder (6) Authorization response (3) Purchase request (4) Purchase response (7) Capture request Inquiry request (optional) (8) Capture response Inquiry response (optional)

  11. E-check • Let’s say the content of a check is C which includes the payment amount and other information. • The check is signed by finding the message digest of C and then encrypting it with the payer’s private key. • The check together with the digital signature is forwarded to the payee. • The payee sends the check to the bank for check clearing through the existing procedures. • The bank verifies the digital signature of the check using payer’s public key. • Find out more from www.echeck.org/ • In particular, please read http://www.echeck.org/library/wp/ArchitectualOverview.pdf

  12. Payer’s bank Payer’s bank Payer’s bank Payee’s bank Payee’s bank Payee’s bank Payer Payer Payer Payee Payee Payee        Send check  Sendstatement  Depositcheck  Send report  Clear check  Send check  Transfer funds  Cash check  Send report  Notify result  Sendstatement Deposit-and-clear Cash-and-transfer Payer’s bank Payee’s bank Payer Payee              Send check  Send report  Clear check  Sendstatement  Send check  Send report  Transfer funds  Sendstatement Lockbox Funds transfer  Four Different Scenarios of the FSTC E-check System

  13. Overview of E-cash • What are the two distinctive characteristics for cash? • Anonymity and transferability • Ecash was developed by DigiCash and is now provided by ecashtechnologies (http://www.ecashtechnologies.com) • Its founder David Chaum is a well known expert in the area of digital cash. • Ecash allows anonymous and secure electronic cash payment over the Internet. • Since 1995, Mark Twain bank (USA) has been providing Ecash services. • Ecash is based on an innovative blind signature method.

  14. Bank Customer VBS (Merchant) Send the blinded coins to the bank Debit the account and sign the blinded coins Generate the blinded coins Return the signed blinded coins Unblind the coins Pay by the coins Check the validity of the coins and whether they have been spent and credit the account accordingly Deposit the coins Confirm the deposit Ship goods or perform the service Basic Operation of E-cash system

  15. Micropayment methods • Traditional payment methods are called macropayment methods. • A new type of payment method known as micropayment method is emerging to cater for very low value transactions. • Example: • Millicent (pre-payment/credit based) • Paywords (post-payment)

  16. Merchant Broker Customer Buy the scrips of different vendors Send the aggregated scrips Pay by the scrips Confirm the payment Basic Operation of Millicent Protocol Check for the validity of the scrips and whether they have been spent from the database

  17. VBS (Merchant) Customer Send the commitment message (PW0) Pay 1 cent by sending PW1 Check H[PW1] = PW0 Pay 1 cent by sending PW2 Check H[PW2] = PW1 : : Send PWi Pay j more cents Check PWi+1 – PWi+j recursively by sending i+j and PWi+j : Redeem by sending the commitment message (PW0) and PWh to the broker Basic Operation of Payword Protocol

  18. A Smart Card RAM I/O CPU ROM EPROM Microchip with mechanical contacts Schematic overview of a smart card

  19. Example: Mondex • Direct transfer of electronic money between two cards • Transfer of electronic money over the Internet or telephone networks etc. • Keep transaction records • Password protection and “lock card” functions • Portable balance finder to check balance • Support multiple currencies

More Related