1 / 38

e-Payments Computer Networks Warsaw 2008

e-Payments Computer Networks Warsaw 2008. Katarzyna Popadiuk Jakub Dubowik Paweł Kardacz. Agenda. Definition of e-Payment Categorization of e-Payment e-Payment systems Examples Security. Definition.

rendor
Download Presentation

e-Payments Computer Networks Warsaw 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. e-Payments Computer NetworksWarsaw 2008 Katarzyna Popadiuk Jakub Dubowik Paweł Kardacz

  2. Agenda • Definition of e-Payment • Categorization of e-Payment • e-Payment systems • Examples • Security

  3. Definition e-Payment is any digital financial payment transaction involving currency transfer between two or more parties (World Bank) Internet is usually believed to be the only mode. In reality e-payments cover a much broader range (phone, interbank networks)

  4. e-Payment • Participants: • At least, payer (client), payee (merchant), financial institutions (issuer and acquirer) • Optionally, payment getaway and CAs • Flow of money from the payer via the financial institution to payee • Direct vs. Indirect payment

  5. e-Payment – classification by the value of transfer • Milipayments: 0,01 zł – 0,99 zł • Micropayments: 1 zł – 100 zł • Minipayments: 100 zł – 1000 zł • Macropayments: powyżej 1000 zł

  6. Security vs. value of payment Costs of payment macropayments minipayments micropayments milipayments Security of payment

  7. e-Payment – categories by the money transfer time • Pay-in advance system • A certain amount of money is taken away from payer before purchase is made • E.g. Smart card-based e-purchase, e-cash • Pay-now system • Online debit card • Pay-later system • Online credit card, checking transfer

  8. e-Payment Systems • Electronic Check • Payment Card • Electronic Money • m(mobile)-Payment • P2P Payment

  9. Electronic Check • Clearing between payer and payee is based on existing bankingsettlement system • Dematerialization of payment instrument is passed on via computer networks like Internet. • Examples • Simple: individual payment to settle accounts at online auction sites • Sophisticated: The first form of internet-based payment that the U.S. Treasury uses for making large online payments • Advantages • no need to reveal account info to other individuals • Less expensive than credit cards for merchants • Faster than paper check

  10. m-payments • E- Payment using wireless and mobile devices such as cell phone • Technology: • WAN • Bluetooth • WiFi • RFID • More popular in Western Europe and Asia, less popular in US • Examples: • simple micropayments: pay-per-view, restaurant

  11. Allegro Payments • www.allegro.pl • Simplicity, Speed, Security • Payments dedicated only for e-auction system Allegro • Supports: credit cards, money transfers (national and international), postal money order • Cooperates with Escrow, PayU, Płatności.pl, Polcard

  12. Allegro payments- functionalities • Receive and manage fast money transfers • Receive alerts about received and effected payments • Transfer money with credit cards or electronic transfers and receive instant confirmation

  13. Allegro Payments –Howitworks? End of an auction AP system accepts payments instantly and informs both, payer and payee Buyer effects payment Since receiving payment, receiver can tranfer it to bank or order postal delivery Payer receives a link in order to effect payment AP System accepts payment Payer can take advantage of credit card, electronic money transfer or traditional money transfer Payee receives paymnet

  14. Allegro Payments –Howitworks? End of an auction RELIABILITY Payment is confirmed via PayU and Polcard services Buyer effects payment SECURITY Data from credit or debit card are sent only to Polcard AP System accepts payment Authentification and settlement centre Polcard for specific tranfers SSL 128-bit data encryption provided by Polcard Payee receives paymnet

  15. P2P Payment Systems • The growth of eBay caused PayPal development • Millions of peer to peer e-commerce • A demand for e-payment services • A demand of micropayment services • PayPal as a form of cash • Limitation • Need intermediary • Payment can be accepted only by people with email account • Nevertheless, it has a cash-like quality • Other similar services • Yahoo’s PayDirect, AOL’s QuickCash, MoneyBookers, PayU (PL)

  16. PayPal Payment System • Provide convenience for individual fund transfer Payment system for small business who cannot afford creditcard payment system • No need to have merchant’s account • Simple system using existing credit card and checking paymentsystems • The more people use, the greater the benefit to the user • Facts • Over 164 mln PayPal Accounts • Revenue model • Seller pays transaction fee of a few % of the transaction • Collecting interests on consumer funds in PayPal system

  17. PayPal functionalities • Credit Card • Debit Card • Bank Account • PayPal Balance • Creating account 0PLN, money transfers 0PLN, withdrawal 0PLN (above 499PLN) • International transfers (2,5% of transfer value)

  18. PayPal functionalities • Buyer and seller protection • Shop without exposing your financial information • Send money to friends and family around the world • Accept payments for your eBay listings • Start accepting cards on your website

  19. How you can pay/ be paid

  20. What provides PayPal?

  21. How PayPal works?

  22. ePaymentsecurityrequirements • privacy • integrity • Non-repudiation • authentication

  23. ePaymentsecuritytools • CRYPTOGRAPHY • Keep financial data secret from unauthorized parties (privacy) • HASH FUNCTIONS • Verify that messages have not been altered in transit (integrity) • DIGITAL SIGNATURES • Prove that a party engaged in a transaction (nonrepudiation) • PASSWORDS, DIGITAL CERTIFICATES Verify identity of users (authentication)

  24. Security schemes for E-payment • SSL (Secure Socket Layer) • SET ( Secure Electronic Transaction)

  25. SSL Application of SSL used for HTTP communication is called secure-HTTP SSL requires all communication is encrypted by RSA/DES and integrity is confirmed S-HTTP: • Requires a SSL compliant browser and server • Is widely used for e-commerce web sites

  26. Secure Electronic Transaction (SET) • SET is a secure protocol jointly designed by MasterCard and Visa with the backing of Microsoft, Netscape, IBM, GTE, SAIC, and other companies. • The purpose of SET is to provide security for card payments as they traverse the Internet between merchant sites and processing banks.

  27. Secure Electronic Transaction (SET) • The SET specification uses public key cryptography and digital certificates for validating both consumers and merchants. • The SET protocol satisfies all of ePayments requirements :confidentiality, data integrity, user and merchant authentication, and consumer nonrepudiation.

  28. SET –Identification public keycertificationauthorities • Root certification authority Keptoffline and onlyused to issuecartificates for brandauthorities • Brand certification authority Brand owners as Visa and MasterCard • Cardholdercertificate authority TheseCAsissuecertificates to cardholders. Depending on thebrandthe CA may be operated by issueror a third party. • Merchant Certification authority TheseCasissuecertificates to merchants, based on an acquirersapproval

  29. Secure Electronic Transaction (SET) KEY ELEMENTS • Electronic wallet • Kept on users computer • Contains credit cardnumbers and digitalceritficate • Merchant Server • runsatthemerchantswebsite • Processes SET purchaserequest and presents consumer withmerchantsdigitalcertificate • SET Payment Server • Runsatthemerchant’s bank(Acquirer) • Used to processpaymentauthorisationsfrommerchantitscustomers

  30. SET– how does it work? • Cardholder (payer, customer, purchaser) • Merchant (payee, service provider) • Issuer (payer’s card issuing bank) • Acquirer (payee’s bank) • PaymentGateway • A function operated by either acquirer or designated thirdparty • thatprocessesmerchantpaymentmessage • Interface between SET and existing credit card network • Internet connection to merchant, directconnection to acquirer • Certificate Authority • Issue certificates for cardholders, merchants, and payment • gateways

  31. SET– how does it work?

  32. SET– Privacy In SET transactiontherearetwosets of privateinformation

  33. SET– Dual signatures The beauty of SET is that it allows both kinds of information to be inclued in a single, digitally signed transaction through the use of a dual signature Great advantage of this system is that customer’s privacy is protected by keeping the two items separate. By sending two parts in one message it is possible to resolve disputes easily if necessary.

  34. SET– Dual signatures

  35. SSL vs. SET • SET is built on top of SSL and is much more secure • SET is slower than S-HTTP • SET is much more complex for the user • SET is rarely used and usually offered along with S-HTTP alternative solution • High implementation costs prevent SET from being the leading standard

  36. How safe is SET? • Uses 1024–bit cipher keys, making it one of the strongest encryption applications. • If we use 100 computers each processing 10 MIPS, it would take 2.8 x 10 11 years to break just ONE encrypted message !!!!

  37. What does the future hold? • Integration of e-paymentsolutions. • Commonuse of EMV microchipcardsinthecontext of SEPA in Europe • boom in mobile paymentsector Changesin security: • Fusion of security solutions • More efficientcodingalgorithms • biometricterminals for authentication

More Related