PRESTIGE INSTITUTEOF MANAGEMENT &RESEARCH INDORE

PRESENTATION ON
e- PAYMENT

SUBMITTED BY :- SUBMITED TO:-

NITIN CHOUDHARY PROF. MANALI AGARWAL

MANISH DEVHARE
VINAYAK SIGHN PARIHAR
SUDDHAKER TOMAR
Electronic payment is a electronic transfer of
information that equates to moving funds
one financial institution to another.
E-payment systems
To transfer money over the Internet
Methods of traditional payment
Check, credit card, or cash
Methods of electronic payment
Electronic cash, software wallets, smart cards, and
credit/debit cards
Scrip is digital cash minted by third-party organizations

2/16/00 EMTM 553 3

Requirements for e-payments
Atomicity
Money is not lost or created during a transfer
Good atomicity
Money and good are exchanged atomically
Non-repudiation
No party can deny its role in the transaction
Digital signatures

2/16/00 EMTM 553 4

Desirable Properties of Digital Money
Universally accepted
Transferable electronically
Divisible
Non-forgeable, non-stealable
Private (no one except parties know the amount)
Anonymous (no one can identify the payer)
Work off-line (no on-line verification needed)

No known system satisfies all.

2/16/00 EMTM 553 5
Types of E-payments
E-cash
Electronic wallets
Smart card
Credit card

2/16/00 EMTM 553 6

 Electronic Cash
Primary advantage is with purchase of items less
than $10
Credit card transaction fees make small purchases
unprofitable
Micropayments
 Payments for items costing less than $1

2/16/00 EMTM 553 7

 E-cash Concept
Merchant
1. Consumer buys e-cash from Bank
2. Bank sends e-cash bits to consumer (after
5 charging that amount plus fee)
3. Consumer sends e-cash to merchant
4
4. Merchant checks with Bank that e-cash
Bank 3 is valid (check for forgery or fraud)
5. Bank verifies that e-cash is valid
6. Parties complete transaction: e.g., merchant
2 present e-cash to issuing back for deposit
1 once goods or services are delivered

Consumer still has (invalid) e-cash

Consumer

2/16/00 EMTM 553 8

Electronic Cash Issues
E-cash must allow spending only once
Must be anonymous, just like regular currency
Safeguards must be in place to prevent
counterfeiting
Must be independent and freely transferable
regardless of nationality or storage mechanism
Divisibility and Convenience
Complex transaction (checking with Bank)
Atomicity problem

2/16/00 EMTM 553 9

Two storage methods
On-line
Individual does not have possession personally of
electronic cash
Trusted third party, e.g. online bank, holds customers’
cash accounts
Off-line
Customer holds cash on smart card or software wallet
Fraud and double spending require tamper-proof
encryption

2/16/00 EMTM 553 10

Advantages and Disadvantages of Electronic
Cash
Advantages
More efficient, eventually meaning lower prices
Lower transaction costs
Anybody can use it, unlike credit cards, and does not
require special authorization
Disadvantages
Tax trail non-existent, like regular cash
Money laundering
Susceptible to forgery

2/16/00 EMTM 553 11

Electronic Cash Security
Complex cryptographic algorithms prevent double
spending
Anonymity is preserved unless double spending is
attempted
Serial numbers can allow tracing to prevent money
laundering
Does not prevent double spending, since the merchant
or consumer could be at fault

2/16/00 EMTM 553 12

 How to sign with blind fold?
How?
Basic: Sign anything

1. You encrypt the message

2. Send it to the bank

3. The bank signs the message and

returns it

4. You decrypt the signed

message
5. You spend it
2/16/00 EMTM 553 13
Anonymous digital cash?
Protocol #1
Protocol #2
Protocol #3
Protocol #4

2/16/00 EMTM 553 14

 Detecting Double Spending

2/16/00 EMTM 553 15

Electronic Wallets
Stores credit card, electronic cash, owner
identification and address
Makes shopping easier and more efficient
 Eliminates need to repeatedly enter identifying information
into forms to purchase
 Works in many different stores to speed checkout

[Link] one of the first online merchants to

eliminate repeat form-filling for purchases

2/16/00 EMTM 553 16

 An Electronic Checkout Counter Form

2/16/00 EMTM 553 17

 Electronic Wallets
 Agile Wallet
 Developed by CyberCash
 Allows customers to enter credit card and identifying information
once, stored on a central server
 Information pops up in supported merchants’ payment pages,
allowing one-click payment
 Does not support smart cards or CyberCash, but company expects to
soon
 eWallet
 Developed by Launchpad Technologies
 Free wallet software that stores credit card and personal information
on users’ computer, not on a central server; info is dragged into
payment form from eWallet
 Information is encrypted and password protected
 Works with Netscape and Internet Explorer

2/16/00 EMTM 553 18

Electronic Wallets
Microsoft Wallet
Comes pre-installed in Internet Explorer 4.0, but not in
Netscape
All information is encrypted and password protected
Microsoft Wallet Merchant directory shows merchants
setup to accept Microsoft Wallet

2/16/00 EMTM 553 19

 Entering Information Into Microsoft Wallet

2/16/00 EMTM 553 20

Current state of the market - online data
exchanges
 Providing payment and order information to merchants while shopping
online is typically a manual consumer process
 27% of online buyers abandon orders before check-out due to the
hassle of filling out forms 1
 There is no standard way for identifying the specific data attributes that
consumers must provide to merchants during an online transaction
 This significantly complicates/limits the ability for digital wallets to

automatically exchange information with a merchant web site

 “76% of merchants surveyed indicated they are willing to participate in
a multi site wallet enterprise,” indicating that “multi site wallets offer
reduced acquisition costs that far outweigh the risk to merchants of
losing an existing customer” 1

1 Jupiter Communications
2/16/00 EMTM 553 21
Summary of current ECML specification
min min
field field
field names length field names length

Ecom_ShipTo_Postal_Name_Prefix 4 Ecom_ReceiptTo_Postal_Name_Prefix 4
Ecom_ShipTo_Postal_Name_First 15 Ecom_ReceiptTo_Postal_Name_First 15
Ecom_ShipTo_Postal_Name_Middle 15 Ecom_ReceiptTo_Postal_Name_Middle 15
Ecom_ShipTo_Postal_Name_Last 15 Ecom_ReceiptTo_Postal_Name_Last 15
Ecom_ShipTo_Postal_Name_Suffix 4 Ecom_ReceiptTo_Postal_Name_Suffix 4
Ecom_ShipTo_Postal_Street_Line1 20 Ecom_ReceiptTo_Postal_Street_Line1 20
Ecom_ShipTo_Postal_Street_Line2 20 Ecom_ReceiptTo_Postal_Street_Line2 20
Ecom_ShipTo_Postal_Street_Line3 20 Ecom_ReceiptTo_Postal_Street_Line3 20
Ecom_ShipTo_Postal_City 22 Ecom_ReceiptTo_Postal_City 22
Ecom_ShipTo_Postal_StateProv 2 Ecom_ReceiptTo_Postal_StateProv 2
Ecom_ShipTo_Postal_PostalCode 14 Ecom_ReceiptTo_Postal_PostalCode 14
Ecom_ShipTo_Postal_CountryCode 2 Ecom_ReceiptTo_Postal_CountryCode 2
Ecom_ShipTo_Telecom_Phone_Number 10 Ecom_ReceiptTo_Telecom_Phone_Number 10
Ecom_ShipTo_Online_Email 40 Ecom_ReceiptTo_Online_Email 40

Ecom_BillTo_Postal_Name_Prefix 4 Ecom_Payment_Card_Name 30
Ecom_BillTo_Postal_Name_First 15 Ecom_Payment_Card_Type 4
Ecom_BillTo_Postal_Name_Middle 15 Ecom_Payment_Card_Number 19
Ecom_BillTo_Postal_Name_Last 15 Ecom_Payment_Card_Verification 4
Ecom_BillTo_Postal_Name_Suffix 4 Ecom_Payment_Card_ExpDate_Day 2
Ecom_BillTo_Postal_Street_Line1 20 Ecom_Payment_Card_ExpDate_Month 2
Ecom_BillTo_Postal_Street_Line2 20 Ecom_Payment_Card_ExpDate_Year 4
Ecom_BillTo_Postal_Street_Line3 20 Ecom_Payment_Card_Protocol 20
Ecom_BillTo_Postal_City 22
Ecom_BillTo_Postal_StateProv 2 Ecom_ConsumerOrderID 20
Ecom_BillTo_Postal_PostalCode 14
Ecom_BillTo_Postal_CountryCode 2 Ecom_SchemaVersion 30
Ecom_BillTo_Telecom_Phone_Number 10
Ecom_BillTo_Online_Email 40 Ecom_TransactionComplete -
2/16/00 EMTM 553 22
 Smart Cards
 Magnetic stripe
 140 bytes, cost $0.20-0.75
 Memory cards
 1-4 KB memory, no processor, cost $1.00-2.50
 Optical memory cards
 4 megabytes read-only (CD-like), cost $7.00-12.00
 Microprocessor cards
Embedded microprocessor
 (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM
 Equivalent power to IBM XT PC, cost $7.00-15.00

 32-bit processors now available

2/16/00 EMTM 553 23

 Smart Cards
Plastic card containing an embedded microchip
Available for over 10 years
So far not successful in U.S., but popular in Europe,
Australia, and Japan
Unsuccessful in U.S. partly because few card readers
available
Smart cards gradually reappearing in U.S.; success
depends on:
 Critical mass of smart cards that support applications
 Compatibility between smart cards, card-reader devices,
and applications

2/16/00 EMTM 553 24

 Smart Card Applications
 Ticketless travel
 Seoul bus system: 4M cards, 1B transactions since 1996
 Planned the SF Bay Area system
 Authentication, ID
 Medical records
 Ecash
 Store loyalty programs
 Personal profiles
 Government
 Licenses
 Mall parking
...

2/16/00 EMTM 553 25

Advantages and Disadvantages of
Smart Cards
 Advantages:
1. Atomic, debt-free transactions
2. Feasible for very small transactions (information commerce)
3. (Potentially) anonymous
4. Security of physical storage
5. (Potentially) currency-neutral
 Disadvantages:
1. Low maximum transaction limit (not suitable for B2B or most B2C)
2. High Infrastructure costs (not suitable for C2C)
3. Single physical point of failure (the card)
4. Not (yet) widely used

2/16/00 EMTM 553 26

 Credit Cards
 Credit card
 Used for the majority of Internet purchases
 Has a preset spending limit
 Currently most convenient method
 Most expensive e-payment mechanism
 MasterCard: $0.29 + 2% of transaction value
 Disadvantages
 Does not work for small amount (too expensive)

 Does not work for large amount (too expensive)

 Charge card
 No spending limit
 Entire amount charged due at end of billing period

2/16/00 EMTM 553 27

 Payment Acceptance and Processing
Merchants must set up merchant accounts to accept
payment cards
Law prohibits charging payment card until
merchandise is shipped
Payment card transaction requires:
 Merchant to authenticate payment card
 Merchant must check with card issuer to ensure funds
are available and to put hold on funds needed to make
current charge
 Settlement occurs in a few days when funds travel
through banking system into merchant’s account

2/16/00 EMTM 553 28

 Processing a Payment Card Order

2/16/00 EMTM 553 29

 Open and Closed Loop Systems
Closed loop systems
Banks and other financial institutions serve as
brokers between card users and merchants -- no
other institution is involved
American Express and Discover are examples
Open loop systems
Transaction is processed by third party
Visa and MasterCard are examples

2/16/00 EMTM 553 30

Setting Up Merchant Account
Merchant bank
Also called acquiring bank
Does business with merchants that want to accept
payment cards
Merchant receives account where they deposit card
sales totals
Value of sales slips is credited to merchant’s account

2/16/00 EMTM 553 31

Processing Payment Cards Online
Can be done automatically by software packaged with
electronic commerce software
Can contract with third party to handle payment card
processing
Can also pick, pack, and ship products to the customer
Allows merchant to focus on web presence and supply
availability

2/16/00 EMTM 553 32

 Credit Card Processing

SOURCE: PAYMENT
PROCESSING INC.

2/16/00 EMTM 553 33

Payment Processing Services
Internetsecure
Provides secure credit card payment services
Supports payments with Visa and MasterCard
Provides risk management and fraud detection, and
ensures all proper security for credit card transactions
is maintained
Ensures all transactions are properly credited to
merchant’s account

2/16/00 EMTM 553 34

Identity Theft
• Generally a human issue
– Not clear improved security protocols would help much
• Stolen IDs
– Bank of America, - Feb 2005 – 1,200,000 government employee
IDs
• Information sold to improper agents
– ChoicePoint – Feb 2005 – 145,000 ID’s
– [Link]
[Link]
• Compromised passwords ?
– Lexis/Nexis – March/April 2005 – 32,000 then 280,000 IDs
– [Link]

EMTM 553
2/16/00 35
Risk/problem
• Fraud against your account

• Money laundering scams

• Unsavory sellers

2/16/00 EMTM 553 36

Cont……….
• Currently limping by with weak authentication
– Lots of passwords or somewhat easily learned account
#’s.
• As long as fraud rate is low enough, things will
not change
– Buyers risk is bound
– Merchant bears the lose due to fraud
• Stronger authentication, i.e. certificate
hierarchies will probably come along eventually
– Even strong authentication does not solve all the
problems
2/16/00 EMTM 553 37
Cont……..
> cutomer has to open online account with
organization—username, password

> protection of password

>very complex to maintain transection if a cuatomer

has more than one or two accounts (online)

2/16/00 EMTM 553 38

Desigining of e-payment
system
It consists of some stages

> database design

> interface design

> sequence design

2/16/00 EMTM 553 39

Cont………
> software domain

> availability of machinary and equipment to do so..

2/16/00 EMTM 553 40

Payment Processing Services
Internetsecure
Provides secure credit card payment services
Supports payments with Visa and MasterCard
Provides risk management and fraud detection, and
ensures all proper security for credit card transactions
is maintained
Ensures all transactions are properly credited to
merchant’s account

2/16/00 EMTM 553 41

 Payment Processing Services
Tellan
Provides PCAuthorize for smaller commerce sites and
WebAuthorize for larger enterprise-class merchant sites
Both systems capture credit card information from the
merchant’s form and connect directly to the bank
network using dial-up or private, leased lines
Bank network receives credit information, performs
credit authorization, and deposits the money in the
merchant’s bank account
The merchant’s web site receives confirmation or
rejection of the transaction, which is communicated to
the customer

2/16/00 EMTM 553 42

Payment Processing Services
IC Verify
Provides electronic transaction processing for
merchants for all major credit and debit cards
Also allows check guarantees and verification
transactions
A CyberCash company
[Link]
Online, real time service that links merchants with
issuing banks by simply inserting a small block of
HTML code into their transaction page

2/16/00 EMTM 553 43

 Secure Electronic Transaction
(SET) Protocol
 Jointly designed by MasterCard and Visa with backing of Microsoft,
Netscape, IBM, GTE, SAIC, and others
 Designed to provide security for card payments as they travel on the
Internet
 Contrasted with Secure Socket Layers (SSL) protocol, SET validates
consumers and merchants in addition to providing secure transmission
 SET specification
 Uses public key cryptography and digital certificates for validating both
consumers and merchants
 Provides privacy, data integrity, user and merchant authentication, and
consumer nonrepudiation

2/16/00 EMTM 553 44

 The SET protocol

The SET protocol coordinates the activities of the customer,

merchant, merchant’s bank, and card issuer. [Source: Stein]
2/16/00 EMTM 553 45
 SET Payment Transactions
SET-protected payments work like this:
Consumer makes purchase by sending encrypted
financial information along with digital certificate
Merchant’s website transfers the information to a
payment card processing center while a Certification
Authority certifies digital certificate belongs to sender
Payment card-processing center routes transaction to
credit card issuer for approval
Merchant receives approval and credit card is charged
Merchant ships merchandise and adds transaction
amount for deposit into merchant’s account

2/16/00 EMTM 553 46

 SET uses a hierarchy of trust

All parties hold certificates signed directly or

indirectly by a certifying authority. [Source: Stein]
2/16/00 EMTM 553 47
 SET Protocol
 Extremely secure
 Fraud reduced since all parties are authenticated
 Requires all parties to have certificates
 So far has received lukewarm reception
 80 percent of SET activities are in Europe and Asian countries
 Problems with SET
 Not easy to implement
 Not as inexpensive as expected
 Expensive to integrated with legacy applications
 Not tried and tested, and often not needed
 Scalability is still in question

2/16/00 EMTM 553 48

 Q &A

2/16/00 EMTM 553 49