1 E-Commerce Payment
Jane Hsu
Electronic Payment Systems
n
To transfer money over the Internet
n
Methods of traditional payment
¨Check, credit card, or cash n
Methods of electronic payment
¨Electronic cash, software wallets, smart cards, and credit/debit cards
¨Scrip is digital cash minted by third-party organizations
The Vision of Electronic Payments
The transition from atoms to bits is unstoppable and irrevocable
- N. Negroponte
nComputing, storage power and narrowband connectivity growing exponentially
nScience of networks is better understood
nWill a new phoenix emerge from the ashes of the dotcom meltdown ?
The Reality of Electronic Payments
The transition from atoms to bits is unstoppable, irrevocable but it will be slow and have limitations.
-- Seasoned Banker
n Checks are still around in the US – 60+ billion of them.
n Physical cards of any type are anachronisms. They will die a slow death much like checks.
n Vested interests will slow the pace of change but will not be able to resist the winds of change.
n Will a new player like eBay lead the change or will it be a large incumbent FI? History sides with the likes of eBay.
Requirements for e-payments
n
Atomicity
¨Money is not lost or created during a transfer n
Good atomicity
¨Money and good are exchanged atomically n
Non-repudiation
¨No party can deny its role in the transaction
¨Digital signatures
Desirable Properties of Digital Money
n Universally accepted
n Transferable electronically
n Divisible
n Non-forgeable, non-stealable
n Private (no one except parties know the amount)
n Anonymous (no one can identify the payer)
n Work off-line (no on-line verification needed)
n No known system satisfies all.
2 Electronic Cash
n
Primary advantage is with purchase of items less than $10
¨Credit card transaction fees make small purchases unprofitable
¨Micropayments
nPayments for items costing less than $1
Electronic Cash Issues
nE-cash must allow spending only once
nMust be anonymous, just like regular currency
¨Safeguards must be in place to prevent counterfeiting
¨Must be independent and freely transferable regardless of nationality or storage mechanism nDivisibility and Convenience
nComplex transaction (checking with Bank)
¨Atomicity problem
Two storage methods
nOn-line
¨Individual does not have possession personally of electronic cash
¨Trusted third party, e.g. online bank, holds customers’
cash accounts nOff-line
¨Customer holds cash on smart card or software wallet
¨Fraud and double spending require tamper-proof encryption
Smart Cards
n Magnetic stripe
¨140 bytes, cost $0.20-0.75 n Memory cards
¨1-4 KB memory, no processor, cost $1.00-2.50 n Optical memory cards
¨4 megabytes read-only (CD-like), cost $7.00-12.00 n Microprocessor cards
¨Embedded microprocessor
n(OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM
nEquivalent power to IBM XT PC, cost $7.00-15.00
n32-bit processors now available
Smart Cards
n Plastic card containing an embedded microchip
n Available for over 10 years
n So far not successful in U.S., but popular in Europe, Australia, and Japan
n Unsuccessful in U.S. partly because few card readers available
n Smart cards gradually reappearing in U.S.; success depends on:
¨Critical mass of smart cards that support applications
¨Compatibility between smart cards, card-reader devices, and applications
Smart Card Applications
n Ticketless travel
¨Seoul bus system: 4M cards, 1B transactions since 1996
¨Planned the SF Bay Area system n Authentication, ID
n Medical records
n Ecash
n Store loyalty programs
n Personal profiles
n Government
¨Licenses n Mall parking
n . . .
3 Advantages and Disadvantages of
Smart Cards
n Advantages:
¨Atomic, debt-free transactions
¨Feasible for very small transactions (information commerce)
¨(Potentially) anonymous
¨Security of physical storage
¨(Potentially) currency-neutral n Disadvantages:
¨Low maximum transaction limit (not suitable for B2B or most B2C)
¨High Infrastructure costs (not suitable for C2C)
¨Single physical point of failure (the card)
¨Not (yet) widely used
Mondex Smart Card
n Holds and dispenses electronic cash (Smart-card based, stored-value card)
n Developed by MasterCard International
n Requires specific card reader, called Mondex terminal, for merchant or customer to use card over Internet
n Supports micropayments as small as 3c and works both online and off-line at stores or over the telephone
n Secret chip-to-chip transfer protocol
n Value is not in strings alone; must be on Mondex card
n Loaded through ATM
¨ATM does not know transfer protocol; connects with secure device at bank
Mondex Smart Card Processing Mondex transaction
n Here's what happens "behind the scenes" during a Mondex transaction between a consumer and merchant.
Placing the card in a Mondex terminal starts the transaction process:
¨Information from the customer's chip is validated by the merchant's chip. Similarly, the merchant's card is validated by the customer's card.
¨The merchant's card requests payment and transmits a "digital signature" with the request. Both cards check the authenticity of each other's message. The customer's card checks the digital signature and, if satisfied, sends acknowledgement, again with a digital signature.
¨Only after the purchase amount has been deducted from the customer's card is the value added to the merchant's card. The digital signature from this card is checked by the customer's card and if confirmed, the transaction is complete.
Mondex Smart Card
n Disadvantages
¨Card carries real cash in electronic form, creating the possibility of theft
¨No deferred payment as with credit cards -cash is dispensed immediately
n Security
¨Active and dormant security software
nSecurity methods constantly changing nITSEC E6 level (military)
¨VTP (Value Transfer Protocol)
nGlobally unique card numbers nGlobally unique transaction numbers nChallenge-response user identification nDigital signatures
¨MULTOS operating system
nfirewalls on the chip
Advantages and Disadvantages of Electronic Cash
n Advantages
¨More efficient, eventually meaning lower prices
¨Lower transaction costs
¨Anybody can use it, unlike credit cards, and does not require special authorization
n Disadvantages
¨Tax trail non -existent, like regular cash
¨Money laundering
¨Susceptible to forgery
4 Secure Electronic Transaction
(SET) Protocol
n Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM, GTE, SAIC, and others
n Designed to provide security for card payments as they travel on the Internet
¨Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers and merchants in addition to providing secure transmission
n SET specification
¨Uses public key cryptography and digital certificates for validating both consumers and merchants
¨Provides privacy, data integrity, user and merchant authentication, and consumer non-repudiation
The SET protocol
The SET protocol coordinates the activities of the customer, merchant, merchant’s bank, and card issuer. [Source: Stein]
SET Payment Transactions
SET -protected payments work like this:
n Consumer makes purchase by sending encrypted financial information along with digital certificate
n Merchant’s website transfers the information to a payment card processing center while a Certification Authority certifies digital certificate belongs to sender
n Payment card-processing center routes transaction to credit card issuer for approval
n Merchant receives approval and credit card is charged
n Merchant ships merchandise and adds transaction amount for deposit into merchant’s account
SET uses a hierarchy of trust
All parties hold certificates signed directly or indirectly by a certifying authority. [Source: Stein]
SET Protocol
n Extremely secure
¨Fraud reduced since all parties are authenticated
¨Requires all parties to have certificates n So far has received lukewarm reception
n 80 percent of SET activities are in Europe and Asian countries
n Problems with SET
¨Not easy to implement
¨Not as inexpensive as expected
¨Expensive to integrated with legacy applications
¨Not tried and tested, and often not needed
¨Scalability is still in question
