DESIGNING AND IMPLEMENTATION OF ELECTRONIC

PAYMENT GATEWAY FOR DEVELOPING COUNTRIES

1
AILYA IZHAR, 2AIHAB KHAN, 3MALIK SIKANDAR HAYAT KHIYAL, 4 WAJEEH JAVED,
5
SHIRAZ BAIG
1
Graduate, Department of Software Engineering, Fatima Jinnah Women University, Rawalpindi, Pakistan
2
Assistant Professor, Department of Software Engineering, Fatima Jinnah Women University, Rawalpindi,
Pakistan
3
Chairperson, Department of Computer Science and Software Engineering, Fatima Jinnah Women
University, Rawalpindi, Pakistan
4Assistant Manager, G & C. AERO. Pakistan
5
Department of Computer Science and Software Engineering, Fatima Jinnah Women
University, Rawalpindi, Pakistan

ABSTRACT

In this paper a brief overview of electronic payment gateway is provided. This paper addresses the
requirements for an electronic payment gateway from both the customers' and the merchants' point of view.
Most of the population doesn’t trust on the local existing online payment gateway because it is not very
secure. Mostly people want to adopt electronic payment system as it has lots of advantages. They need
such a gateway that fulfill their all requirements and provide security, privacy etc. On the basis of these
requirements and the local infrastructure, we propose an electronic payment gateway for local environment.

Keyword: E-Commerce, Electronic Payment Gateway.

2.CONTRIBUTIONS

1. INTRODUCTION On the basis of proposed architecture of e-

payment system of third world countries and the
Online shopping allows customers to sit in their requirements related to any electronic payment
homes and buy goods from all over the world. gateway, we design and develop a Secure,
Similarly allows Merchant to sell their products reliable and efficient electronic payment
to all over the world from home. Most of the gateway.
population will use online payment in near
future. 3. RELATED WORK
Most of the Third world countries lagged behind
in making a good Internet architecture. There is In USA about $3.5 trillion pours daily through
need of a secure online payment gateway in three major payment networks that dwarf the
developing countries. On the basis of proposed Bank of New York's. The networks, run by
architecture of e-payment system of third world banks and the government over high-speed
countries, this paper gives a brief overview of phone lines, converge at just 10 secret data-
existing electronic payment gateway. It also processing centers nationwide. They transmit
mentioned the requirement for an electronic everything from direct-deposit paychecks to
payment gateway from customer and merchant’s utility bill payments to huge corporate transfers
point of view. And on the basis of these facts and in the USA and abroad. PayPal in the US, which
figures a new secure e-payment gateway has was recently purchased by Ebay, is one of the
been designed and developed. The payment most frequently used e-payment gateway. [1]
gateway would provide secure transactions. In China payment gateway is the single biggest
unmet demand because of lack of trusted and
secure mechanism. [2]
Turkey’s payment gateway is difficult to use,
insecure and highly expensive.

84
In Nepal there are around 3three banks that are
offering Internet Banking Services and majority
of middle class are out of such services.

4. PRELIMINARIES

Online customer:
A customer is an entity who will buy products by
making payments in timely manner.
Merchants:
A merchant is a seller who will receive payments
made by customer.

Banks:
Two banks are involved.
1. Client bank
2. Merchant bank

Client bank: Figure no. 1: Proposed Model

Client bank holds client’s bank account and
validate customer during account registration. There are five interfaces.

Merchant bank: 1. Customer Interface

Merchant bank holds merchant bank account. It 2. Server (e-payment Gateway) Interface
is responsible of management, fraud control etc 3. Client Bank Interface
4. Merchant Bank Interface
Payment Gateway: 5. Merchant Interface
A payment gateway is connected to all
customers, merchants and banks through Internet Online Customer will connect to e-payment
and responsible for the speed and reliability and gateway through Internet. Gateway will connect
security of all transactions that take place. to the Bank and check whether its bank accounts
is enough to buy the required product. Online
5. FRAMEWORK OVERVIEW customer can also visit Merchant’s website
through Gateway.
We proposed a model of electronic payment
gateway on the basis of requirements of an
6. FLOW DIAGRAM:
electronic payment gateway in developing
countries.
Flow diagram of proposed gateway is given
below.

85
 Confirmation: When transaction took place
customer must have notification and merchant
must have confirmation

Confidentiality: Any third parties should not be

able to access or view such payments.

Settlement: Separate banking institutions must

have a way of settling their accounts.

Following diagram will explain working of

electronic payment gateway in detail.
Place 1.1 1.2
Client
Validate Data Encrypt Data

1.3
Send Data

2.1
Server
Decrypt Data

2.2 2.3 2.4

Split Data Encrypt Data Send Data

Customer
Order
Data Client
Merchant
Bank
6.0
Client Mail

3.3 3.2 3.1 4.1

Split Data Decrypt Data Receive Data Receive Data

5.0
Mail

Order Info 3.4 4.2

Send Data Decrypt Data
Merchant

Figure no. 2: Flow diagram of proposed gateway Bank

4.3
Split Data
7. TECHNIQUES AND ALGORITHM:
Save Items

Privacy: It is necessary to assure privacy in the Figure no. 3: Detailed model

payments like bank accounts.
If new user wants to do transaction then he/she
should register himself/herself first through
Naming: There should be a way of identifying registration form then browse merchant website
the customers bank accounts and the merchant using e-payment gateway. Select item and
bank accounts. encrypt payment request and send it to Server.
Server receives encrypted message from sender,
decrypt message, read, encrypt it using its own
Security: In gateways security should provide to keys and send it to Client bank. Client bank
protect data of transactions. transfers the required amount to the merchant
bank through secure network. After receiving the
Integrity: Data should be difficult to change. fund Merchant bank sends the payment capture
response to merchant through e-payment
gateway.

86
Algorithm of Client: Server receives payment order sent by clients,
decrypt and encrypt that message and send it to
Client: Client bank. Client bank will send a payment
Start and connect deduction message to server and server will send
Start Customer browse merchant website it to Merchant Bank. Merchant bank will send an
If select Category then acknowledgment message to Server and server
Go to Item list of selected category will send it to merchant.
If Select Item
Then Show detail of selected item Algorithm of Client Bank
If Want to buy selected item
Then select Add to order form Client Bank:
Else Go back to category
If select add to order form Start connection
Do AddToOrder SubCategoryId If connected
go to Order form and fill required fields like Receive payment message including client’s
credit card No., expiry Date, and telephone no, info
Address If client’s info is present in database of bank
Select Submit Send message to server This customer is
Else Continue shopping Authorized
Else Cancel Else Send message This customer is not
If select submit Display Authorization Authorized
If Credit card no.Text is equal to Credit card If customer is Authorized
no. {Save payment request into database
display This Customer is Authorized From Deduct amount from Client bank
Bank. Send that amount to Payment Gateway}
Figure no. 4: Algorithm of client
Client can browse merchant’s website. After
selection of items he can send payment order to Figure no. 6: Algorithm of Client bank
e-payment server after filling required fields e.g
Credit card no., expiry date etc Client bank receives payment message and
verify client. Deduct amount from client bank
Algorithm of Payment gateway and send that amount to payment gateway.
Payment gateway:
Algorithm of Merchant Bank
Start connection Merchant Bank
If connected
Receive payment message Start connection
Else display Not Connected If connected
If receive payment message Receive payment message including
{Decrypt message merchant account no.
Split and send it to different textboxes If merchant’s account is present in database
Add to database of bank
Sent it to Client bank} {Receive payment
Else Cancel Add payment to Merchant’s account}
If client bank is sending message Else Send message Invalid account no.
{Receive it
Send it to merchant bank}
Figure no. 7: Algorithm of Merchant bank
Else wait
If merchant bank is sending message
Merchant bank verifies merchant, receives
{Receive it payment message from Client bank through
Send it to Merchant} payment server and add payment to Merchant’s
else wait account.

Figure no. 5: Algorithm of payment gateway

87
Algorithm of Merchant 100

80 User Friendly
Merchant Cost
60
Start connection Security
Performance
If connected 40
Reliability
{Make and update website 20 Speed

If server is sending message 0

Receive message and decrypt it}

Else retry to connect Figure no.10: Graphical result of proposed
gateway
Figure no. 8: Algorithm of Merchant
As compare to other e-payment gateways our
Merchant makes and updates website and proposed system will be more secure and do
receives acknowledgement messages from transactions in less time as compare to other
payment gateway. gateway. Proposed system will be inexpensive as
compare to existing systems
8. EXPERIMENTAL RESULTS:
3.Table of comparisons with various countries
1. Graphical result of survey A survey was
carried out of various users in three different Time Cost Availabi Securit
areas for finding the reason that why people y
l-ity
don’t use payment gateway and wrote it by
compiling the average results of mentioned USA Low Mediu High High
questions. m
China Mediu Low Low Low
m
90
80 Turkey High High Low Low
70
60 Nepal High Mediu Low Low
50
40 1st area m
30
20
2nd area Africa Mediu High Low High
3rd area
10
0
m
User friendlyKnowledge Trust Need PC and Propose Low Low High High
internet
availability d
System
Figure no 9: Graphical result of survey Figure no. 11: Table of comparision

a. User Friendly: People wants a payment a. Time: Time of transaction

gateway which should be easy to use. b. Cost: E-gateway’s charges per
b. Knowledge: Some people don’t know transaction
anything about payment gateway. c. Availability: The degree to which e-
c. Trust: Mostly people don’t use it gateway is operable
because of lack of trust. d. Security: Overall security related to
d. Need: Some people thinks there is no electronic gateway
need of e-payment gateway.
e. PC and Internet availability: Limited 4. Comparison between TDES and other
access of PC and internet. Techniques of encryption.

DES (Data Encryption Standard) is a 56 bit key

encryption standard. But it was problematically
2. Graphical result of proposed gateway short. Therefore, its improved standard was
developed, called Triple DES. It uses 168
independent key bits. That has been used in
Graphical result of proposed gateway is Proposed gateway. There is latest improvement
following known as AES (Advanced Encryption Standard)

88
but it is very slow. So, Triple DES is considered [3] Rosenberg, J., Schulzrinne, H., Camarillo,
to be more secure and fast. G., Johnston, A., Peterson, J., Sparks, R.,
Experiments were carried out to compare DES, Handley, M., Schooler, E. 2002. SIP:
TDES and AES encryption standards. The Session Initiation Protocol. RFC 3261
results are as follows: Time was compared for (June).
encryption. If there is large number of
transactions, time assumes importance. [4] Aboba, B., Arkko, J., Harrington, D. 2000.
Introduction to accounting management.
RFC 2975 (October).
500

400
Time in Milisec

[5] M. M. Anderson:, “Electronic check

300
architecture,” Tech. Rep. Version 1.0.2,
200 FSTC, September 1998.
100

0 [6] Knud Böhle, Michael Rader, Ulrich Riehm

56 bit DES 128 bit DES AES Institut für Technikfolgenabschätzung und
Encyption Standards Systemanalyse: “Electronic Payment
Systems in European Countries Country”
Figure no. 12: Comparison of Encryption 1999
standards
[7] Sterman, B., Sadolevsky, D., Schwartz, D.,
9. CONCLUSION AND FUTURE WORK Williams, D., Beck, W. 2006. RADIUS
extension for digest authentication. RFC
Electronic Payment Gateway is present in our 4590 (July).
country but it’s not very secure. The proposed
payment architecture was also lacking the [8] Hakala, H., Mattila, L., Koskinen, J-P., Stura,
security factor. That proposed architecture is M., Loughney, J. 2005. Diameter credit-
made secure by the implementation of secure control application. RFC 4006 (August).
electronic transaction methods. Because of this
now only authentic customers can now buy [9] Süleyman Kondakci: “An Approach to A
products from merchant’s site whose bank National E-Payment Architecture” IT
accounts is enough to buy the required product. Consortium of Turkey,Division of
At first it’s checked if the customer is authorized Information Security, 2002
one or not then the whole transaction takes place.
The electronic payment gateway is made secure [10] Vivek S. rana, Chief IT/MTS Nepal Banks
enough that any authorized customer can easily Limited: “Banking and e payment practices
trust on it and fearlessly or confidently make in Nepal” December 2004
payments over the Internet.
If this system is to be implemented in developing [11] Rajib Subba: “e-Payment for SME
countries then strong support of government of Exporters: Payment for SME Exporters:
that country is required as there is not much Drivers and Barriers” Regional Business
awareness of electronic transaction in developing Forum on e-Finance Bangkok, Thailand, 6-7
countries. March 2006

REFERENCES [12] Wondwossen Tadesse, Tsegaye G/Medhin,

Solomon Atnafu, Dawit Bekele:“e-Payment
in Ethiopia: Challenges and Opportunities”
[1]http://www.usatoday.com/tech/news/2001/10/ Forum on ICTs, Trade and Economic
29/financial-networks-safety.htm accessed Growth. March 14 – 16, 2006
on 09 Dec 2010 (DATE)
[13] Jennings, C., Fischl, J., Tschofenig, H., Jun,
[2]http://iis-
G. 2006. Payment for services in Session
db.stanford.edu/docs/189/epayment_bin_tan Initiation Protocol (SIP). draft-jennings-
g.pdf accessed on 09 Dec 2010 sipping-pay-05.txt (October).

89
[14] Garcia-Martin, M., Belinchon, M., Pallares-
Lopez, M., Canales-Valenzuela, C., Tammi,
K. 2006. Diameter Session Initiation
Protocol (SIP) Application. RFC 4740
(November)

[15] Lior, A., Yegani, P., Chowdhury, K.,

Tschofenig, H., Pashalidis, A. 2006. Prepaid
extensions to remote authentication dial-in
user service (RADIUS), draft-lior-radius-
prepaid-extensions-11.txt (work in progress,
June).

[16] Book “cryptography and network security:

Principles and practice” by William stalling
3rd edition, vol: 7, August 2004

90