3. BIT Noida
Concept of Money
● Trade began with barter
● When goods of buyer and seller did not match,
problem arose,
● need for common medium of exchange (token)
● Initially tokens had value
● Maintaining tokens was costly
● Thus leather and then paper currency came
● Other forms of money evolved over a period
4. BIT Noida
Traditional Payment Systems
● Cash payments
– customer pays in currency
– may seek receipt for payment
● Cheque payments
– backed by money in bank account
– customer has proof of payment
● Value exchange systems
– transfer assets of value for buying goods
– ex: mutual funds, IOUs
● Credit Card systems
5. BIT Noida
Traditional Payment Systems
Credit Cards
● Customer signs credit card receipt to buy goods
● Vendor verifies card holders identity
● Vendor accepts credit card receipt
● Merchant forwards the cc receipt to card-
issuing institution
● Card-issuing institution transfers amount from
customer's account to vendor. It also sends bill
(statement) and copy of cc receipt to customer
6. BIT Noida
Traditional Payment Systems
Electronic Funds Transfers
● Credit Transfer – Initiating institution sends
funds through EFT system to deposit to
recipients' accounts
Ex: automatic deposit of payrolls
● Debit Transfer – initiating institution draws
funds from depositors' accounts
Ex: pre-authorised bill payments
7. BIT Noida
EFT contd
● Banking and financial payments
– Wholesale payments – bank to bank transfers
– Retail payments – ATMs, cash dispensers
– Home banking – bill payments through banks
● Retailing payments
– Credit cards
– Private cards
– Charge cards
8. BIT Noida
Traditional Payment Systems
Another Perspective
● Cash
● Credit and debit card
● Personal cheques
● Traveler's cheques
● Money orders
● Bank drafts
● Postal orders
9. BIT Noida
Adapting Traditional Methods to
E-Commerce
● Credit cards easiest to digitize
– card number, expiry date, holder's name
– Data is easy to transfer over Internet
● Cheques Conceptually simple
– documents with information on cheque number, holder's name,
payee name, amount and date
– Data is easy to transfer over Internet
● Cash Allows anonymous payments
– Value transferred immediately
– Safest way in traditional systems
– Hardest to digitize
10. BIT Noida
E-Commerce Payment Systems
Requirements
● Acceptability – payment system must be
robust, available and accessible to all buyers,
sellers and financial institutions
● Flexibility – accept several forms of payment
● Reliability – ensure and infuse confidence in
users by protecting them from system failures
● Efficiency – operational costs must be near
zero and must be easy to use
● Privacy – to customers' spending habits
11. BIT Noida
E-Commerce Payment Systems
Requirements
● Security – from
– Fraud
– Double spending
– Counter-feiting
– Hardware tamper
– Unauthorized use
– non-refutable – payments must be verifiable and
records maintained
● Confidentiality – all information must be
protected from intruders and hackers
12. BIT Noida
E-Commerce Payment Systems
Requirements
● Non-traceability – of payments to other
payments by same consumer
● Scalability – offer same performance and cost
per transaction overhead with up or down
scaling. This involves support for
– Micro-payments
– Off line operation
– Low costs of transaction
– Macro payments
13. BIT Noida
Economic Issues of EC Payment
Systems
● Operational Issues – easily deployable
● Large user base
● Low risk – of financial loss associated with use
● Conservation – refers to value stored in digital currency
over a period of time
● Ease of integration with other processes
● Ease of use – refers to
– Unobtrusiveness
– Low transaction costs
– Hardware independence
14. BIT Noida
Ways to Reduce Operational
Risks of E-Cash
● Time validity of e-cash
● Limit of amount to store and transfers
● Limit on number of exchanges before
encashing
● Limit number of transactions before expiry
● Restrict transactions to a class of goods
15. BIT Noida
Ways to Reduce Operational
Risks of E-Cash
● Time validity of e-cash
● Limit of amount to store and transfers
● Limit on number of exchanges before
encashing
● Limit number of transactions before expiry
● Restrict transactions to a class of goods
16. BIT Noida
E-Transaction Characteristics
● Atomicity -no partial transactions take place
● Transfer of funds without loss in transactions
● Complete transfer of goods or no transfer for
the funds transfer
● Consistency in transaction policies
● Isolation of transactions with one another
● Durability – of transactions in cases of system
crash
17. BIT Noida
Types of Transactions
● Based on volume
– Micro payments
– Consumer payment
– Business payments
● Based on parties involved
– ATM model payments
– Unmediated 2-party payments
– Mediated 3-party payments
– Micropayments
– Anonymous payments
18. BIT Noida
Types of Transactions (contd)
● Based on payment protocol
– Token-based payments
– Purse-based payments are prepaid
– Card or postpaid payments
● Based on traceability
– Identified e-money
– Anonymous e-money
19. BIT Noida
E-Money Comparison Criteria
● Nature of transactions for which money is
designed
● Means of settlement used to backup
payments
● Approach to security, anonymity and
authentication
● Risk factor
– Due to expiry of e-cash
– Due to delay between goods delivery and
payment
20. BIT Noida
Token-based Payment Systems
(E-Cash)
● Combines convenience of cash with security and
privacy
● Aims to be used in consumer-oriented EC
● Dominant form of payment because
– Lack of trust in banking system
– Inefficient clearing and settlement of payments
– Negative real interest rates on bank deposits
● Must have same characteristic s of cash
● Must have monetary value, be interoperable,
retrievable and secure
21. BIT Noida
Characteristics of Cash
● Negotiable – given or traded to others
● Legal tender – payee is obliged to accept cash
● Bearer instrument – possessor is prima facie
proof of ownership
● Can be held and used by anyone
● No risk on part of acceptor
● Allows anonymous spending
22. BIT Noida
E-Cash Operation
● A pair of cryptographic keys work in tandem
● One key is private and used for encoding
● Other is public and for decoding
● Bank supplies public key to all customers
● Users buy e-cash from a currency server
– Establish account a bank
– Maintain enough cash in the account
– When required, exchange cash in account with
e-cash
23. BIT Noida
E-Cash Operation (contd)
● Customer uses e-cash software
● Customer generates a random number (note)
● Note sent to bank with requested amount
● Bank debits requested amount from customer's account, signs
note for amount and returns
● Customer stores e-cash for further use in two ways
– Bilateral transactions -vendor verifies notes with bank's
public key, if satisfied, stores it and delivers goods
– Trilateral transactions – vendor sends notes to his bank,
which verifies it and credits amount to vendor's
account. Note is spent only once
24. BIT Noida
E-Cash Issues
● Bank keeps database of issued and spent
notes to avoid double spending
– expensive to bank
– unproductive
– Large overhead of verifications of notes
– E-cash issuing charges are not profitable
– Can be avoided if anonymity is removed, but
bank knows one's spending habits
●
25. BIT Noida
E-Cash Issues (contd)
● Customer can store e-cash
– Must have ability to convert into legal tender
– Ie for every e-cash unit, there would be cash in
real world, for which digital proxies exist -and
available - problem
– +ve balances of e-cash do not earn interests
● E-cash has divisibility issues.
– Problem to issue various denominations
– Problem to return change after a sale
26. BIT Noida
E-Cash Issues (contd)
● Customer can store e-cash
– Must have ability to convert into legal tender
– Ie for every e-cash unit, there would be cash in
real world, for which digital proxies exist -and
available - problem
– +ve balances of e-cash do not earn interests
● E-cash has divisibility issues.
– Problem to issue various denominations
– Problem to return change after a sale
27. BIT Noida
E-Cash
MiliCent
● Proprietary system by Digital Equipment for micro
payments from 1/10th C to few tens of $
● Involves brokers who supply scrips, buyers and sellers
● Buyer acquires a quantum of broker scrip for real
money
● Buyer acquires seller's scrips with broker scrip
● Buyer buys goods from seller and pays in his scrip
● Seller delivers goods and any change to buyer
● Seller converts scrip for real money with broker
28. BIT Noida
E-Cash
MiliCent
● Efficient for sub-cent transactions
● Does not use tight security mechanisms
● Not complient with atomicity and consistency
● Interoperability
– Many vendors use same broker, so vendor
operability is possible
– Cooperation amongst brokers makes scrips
generally available
● Vendors issue their won scrip and maintain its
purchasing power
29. BIT Noida
E-Cash
MicroMint
● Brokers authorize customers to make payments
in MicroMints (coins) to vendors
● Brokers generate MicroMints in bulk
● Brokers issue new coins every month for real
money or unused coins of previous month
● Coins are valid for one month or less if broker
so decides
● Vendors convert coins with broker at their
convenience
30. BIT Noida
E-Cash
MicroMint - Security
● Any forged coins become invalid at the end of
the month
● Forging possible only after broker releases
coins for the month
● Broker can detect forged coins
● Broker can cancel and recall coins at any time
● Broker can detect double spending of coins
31. BIT Noida
E-Cash
NetBill
● Designed for buying information goods
● Customer buys goods from seller
● Seller delivers goods in encrypted form and bill
● Customer verifies goods for integrity, sends payment
message to merchant
● Merchant submits payment message, buyer's account
information and product decryption key to NetBill server
● Server verifies and confirms buyer to seller
● Merchant delivers decryption key to buyer
● All communications use a combination of public- and
private- key encryptions
32. BIT Noida
E-Cash
DigiCash
● Uses digital coins called CyberBucks
● CyberBucks are exchanged between parties
● Users pay for DigiCash client software called
ecash through password and user ID
● Users open account with DigiCash from client
to get a wallet
● Wallet enables users to get CyberBucks from
DigiCash server
33. BIT Noida
E-Cash
DigiCash - Transactions
● Buyer orders products from EC site
● Merchant makes payment request to buyer
● Request includes merchand ID, amount
● User authorises payment
● CyberBucks are exchanged between wallets
● DigiCash provides remote shop server for small
retail merchants that maintains their wallets
34. BIT Noida
Smart Card Payment Systems
● Smart cards are credit-, debit- or other cards
● Tried since 1990's. Popular since advent of mobile phones
● Classified based on
– Technology
● Passive cards
● active cards
– Connectivity
● Contactful
● contactless
– Application
– Relationship cards
– Electronic purses
35. BIT Noida
Smart Cards
Mondex - Hardware
● Smart card to store digital money
● Retailer terminal transfers funds from card to
terminal
● Wallet stores larger amounts than card
● Balance reader reveals balance on a card
● Hotline accesses accounts, transfers money to
cards, check balance etc
● ATM to recharge card, transfer money from
card to account
36. BIT Noida
Smart Cards
Mondex – Transaction Sequence
● Customer loads money on card from ATM
● When buying, produces card to point-of-sale
device and authorizes money transfer
● Point-of-sale device deducts required amount
from card and adds to retailer's chip in device
37. BIT Noida
Mondex – Pros and Cons
● Mondex can be connected to PCs
● Highly secure
● Buyers' details do not travel over Internet, only
money value travels
● Tamper-proof
● Uses proprietary hardware
● Banks can trace all transactions and can build
customer profiles to sell
38. BIT Noida
Smart Card Payment Systems
NetFare
● Merchants
– Establish account with NetFare
– Use NetFare-provided codeto link to it
– NetFare server responds with go/nogo to buyer
authentication
– NetFare credits merchant's payments to his
bank account monthly
39. BIT Noida
Smart Card Payment Systems
NetFare
● Customers
– Purchase NetFare card of some denomination
– Shops on Internet and pays with card by
entering his/her ID and PIN
– Can check his NetFare balance at its server
– Credit card or bank account information never
goes on network, so safe
40. BIT Noida
Cheque Payment Systems
● Another form of electronic tokens
● Buyers register with cheque issuer for e-cheques
● On purchases, sends cheque to merchant for a certain
amount over email
● Cheque bears payer's account details, amout, payee's
details, peyer's digital sign and bank's sign
● Payee endorses cheque to his accounting for
verification and payment
● will be cleared through ACH
41. BIT Noida
Cheque Payment Pros
● Works the same way as traditional cheque
● Well suited for micropayments
● Use of private key encryption makes it faster
● Financial risk is assumed by accounting server
– Acceptable to many
– Scalability is good
● Create float in business
42. BIT Noida
Cheque Payments
FSTC E-Cheque
● All electronic payment and deposit system
● Can work from a variety of devices
● Fast and secure settlement of accounts
● No need for prearrangement with bank, works with existing system
● Uses digital signs and endorsing cheques
● Can work with various scenarios
– Deposit and clear- seller deposits cheque in his bank account
– Cash and transfer – seller presents cheque at buyer's bank
– Lock box - cheques go into postbox and transferred directly to
bank
– Funds transfer – buyer sends cheque to his bank, which transfers
money to seller
payments collected at a secure post office box and transported directly to the bank for processing
43. BIT Noida
Cheque Payment Systems
Mandate
● A bank issues Mandate machine to customer
with requested number of cheques of requested
denomination
● Bank issues two public-key pairs for customer
● One's private-key for sign, bank's public-key to
encrypt cheque
● Mandate generates cheque, signs, encrypts
and sends them to merchant's Mandate
● Seller endorses and sends cheque to his bank
●
44. BIT Noida
Cheque Payment Systems
NetCheque
● Users maintain accounts with NetCheque servers
● Buyers write cheques with their digital sign using write-
cheque function
● Sellers endorse cheques to accounting servers using
deposit-cheque function
● Users can find status of account and cheques using
statement function
● NetCash is designed for micro payments and anonymity of
customers
● Can work with various currencies
● Uses Kerberos for authentication
45. BIT Noida
Cheque Payment Systems
MiniPay
● From IBM for open standard, low-cost system
● Each day, buyer acquires spending and authentication
certificate from MiniPay server
● When buyer needs, MiniPay client generates payment
order and sends to merchant
● Seller verifies payment order with server for buyer
authentication and sufficiency of money
● If satisfied, merchant delivers requested information
and stores payment order
● Each day, seller sends pay orders to server for
clearing
46. BIT Noida
Card Payment Systems
● Each user generates a key-pair.
● User sends public key to bank to its public key center
● Secret key is encrypted with password
● Bank gives user card number and card limit
● Buyer generates message with card number, amount,
expiry date and time stamp
● Buyer signs and encrypts message
● Sender signs message and resends for verification
47. BIT Noida
Card Payment Systems
Customer
Merchant
Server
Credit card
Processor
Customer's
Bank
1. encrypted card number
2. verify card
3. verify card
5. ok or not ok
4. authorize
6. deliver goods
7. monthly settlement
48. BIT Noida
Card Payment Systems
CyberCash
● Buyers and sellers acquire software from CyberCash
● Buyers get a wallet with CyberCash pay button
● Merchants have account with bank that deals with
CyberCash
● Uses combination or RSA and DES for security
● Authentication uses MD5
● Signatures use RSA
● Users' information is kept private
● Not economical for micro payments
● CyberCoin is designed for mecro payments
49. BIT Noida
Card Payment Systems
CyberCash
Card issuer
Customer Merchant
Acquirer
CyberCash
1. place order
2. receive invoice
3. encrypted payment
10. deliver goods
4. Payment
message
9. go or no go
5. decrypted
authorization
request and
capture
8. authorization
response.
6. authorization request
7. authorization response
11. account settlement
12. statement
50. BIT Noida
Card Payment Systems
FirstVirtual
● Designed for information goods
● Does not use encryption
● Sensitive data does not travel over network
● Works with existing software on users' PCs
● Small retailers can use InfoHaus – vertual mall
run by FirstVirtual
51. BIT Noida
Card Payment Systems
FirstVirtual
● Makes following assumptions
– Merchants can produce goods at no incremental
cost
● Stolen goods do not cost merchant anything
– Buyers need to examine goods before deciding to
buy
– Buying and selling should be simple and has as low
entry cost in time, money and effort as possible
● Goods can be delivered on any Internet application
● Depends on automation of business processes
● Keeps extensive documentation of transactions
52. BIT Noida
FirstVirtual – Merchant Accounts
● With Pioneer application
– FV gives sellers a application number and
instructions to send bank account information
to FV via mail
– FV deposits merchant's money through ACH
● With Express application
– For merchants with existing merchant accounts
● Buyers pay initiation fee
● Sellers pay setup fee, transaction on sale,
transaction fee on bank deposits
53. BIT Noida
FirstVirtual – Transaction
Process
● Customer downloads offered information form
merchant's server giving FV ID
● Merchant's server sends information
● Server emails price of information to customer and FV
● FV emails customer to ask if he/she would pay
● If customer agrees to pay, merchant's account is
credited for the price of information
● If customer reports fraud, transaction and his ID are
cancelled
● FV terminates customers who consistantly download
information without pay