CSE-302 Mobile Payment

Document Sample
CSE-302 Mobile Payment Powered By Docstoc
					CSE-302 Mobile Payment

     Dr. R. B. Patel

    What is Driving Mobile Payment?

• Maximization of revenue from wireless
  data services
• The handset as personal trusted device
• Encouraging adoption of next
  generation mobile devices

           What is payment?

• A payment is the transfer of wealth from
  one party (such as a person or company)
  to another.
• A payment is usually made in exchange
  for the provision of goods, services, or
  both, or to fulfill a legal obligation.
• The simplest and oldest form of payment
  is barter, the exchange of one good or
  service for another.

• In modern age a payment system is a set of
  procedures and associated computer networks
  used to settle financial transactions in bond
  markets, currency markets, and futures,
  derivatives and options markets, and to transfer
  funds between financial institutions.
• Due to the backing of modern fiat currencies
  with government bonds, payment systems are a
  core part of modern currency systems


• Barter is a type of trade in which goods or
  services are directly exchanged for other goods
  and/or services, without the use of money.
• It can be bilateral or multilateral, and usually
  exists parallel to monetary systems in most
  developed countries, though to a very limited
• Barter usually replaces money as the method of
  exchange in times of monetary crisis, when the
  currency is unstable and devalued by
• In the modern world, common means of payment by an
  individual includes money, check, debit, credit, or bank
  transfer, and in trade such payments are frequently
  preceded by an invoice or result in a receipt.
• However, there are no arbitrary limits on the form a
  payment can take and thus in complex transactions
  between businesses, payments may take the form of
  stock or other more complicated arrangements.
• In law, the payer is the party making a payment while
  the payee is the party receiving the payment.

          What is micropayment?
• Micropayments are means for transferring very small
  amounts of money, in situations where collecting such
  small amounts of money with the usual payment
  systems is impractical, or very expensive, in terms of
  the amount of money being collected.
• Micropayment originally meant 1/1000th of a US dollar,
  meaning a payment system that could efficiently handle
  payments at least as small as a tenth of a cent, or few
  paisa to rupees.
• but now is often defined to mean payments too small to
  be affordably processed by credit card or other electronic
  transaction processing mechanism.
• The use of micropayments may be called Micro-

• A micropayment is an online transaction of
  a small denominations e.g. $2, £3.50, or
  €4, and can be used for digital content
  purchase such as music, news or
  consumer reports.
• A micropayment can also be used to
  charge for digital services such as P2P
  applications and access to website
  member areas.

• A micropayment system is an online payment
  systems which supports charging relatively small
  amounts for online content or services.
• Here the speed and cost of processing
  payments are critical factors in assessing a
  schemes usability.
• Fast user response is essential if the user is to
  be encouraged to make a large number of
• Processing and storage requirements placed on
  micropayment providers and vendors must be
  economic for low value transactions.
 What is a macropayment system?

• A macropayment is an online transaction
  of higher denominations e.g. €10.
• Macropayments play a key role in the
  billing of tangible goods but are also
  commonly used for digital content and
  services e.g. subscriptions, software,
  games and more.


• A macropayment system is an online
  payment system specialized on the
  processing of higher amounts in
  comparisn to micropayment.
• Apart from speed and costs a high degree
  of protection is essential such as scoring
  and creditworthiness checks, risk
  management and fraud protection.

Evolution of Online Payments

                   Mobile payments
• Mobile payments can be split into three categories- mobile content,
  out-of-band and proximity.
• Because of their expertise in the area of billing, network operators
  are suited to deliver - payment services for mobile content.
• This type of payment is sometimes referred to as in-band where the
  content and the payment channel are the same.
• An example is a chargeable WAP service over GPRS. Users will
  either be offered subscription or per usage payment models.
• For per-usage users, the nature of the technology and services
  means that transactions will be small, so operators need to
  implement low-friction micropayment.
• Applications that could be covered by in-band transactions included
  video streaming of sports highlights or video messaging.


• Out of band refers to the fact that the payment channel is
  separate to that used for a shopping phase.
• For example, a credit card holder may use their mobile device
  to authenticate and pay for a service they consume on the
  fixed line Internet or interactive TV.
• In order to make the wireless device suitable for
  authenticating payments, financial institutions are especially
  interested in wireless PKI, shared secret (or symmetrical key)
  schemes, or best of all merging with their chip card programs
  via dual slot or dual chip devices.
• Public Key Infrastructure (PKI) enables the implementation of
  legally binding virtual transactions using digital signatures
  critical to stem the losses suffered by financial institutions
  through payment repudiation and other fraud.

• A promising payment application for mobile
  commerce is proximity transactions using the
  device to pay at a point of sale, vending
  machine, ticket machine, tolls, parking, etc.
• By leveraging parallel technologies, such as
  Bluetooth and 802.11, mobile devices can be
  transformed into sophisticated payment devices
  that can process both micro and macro
• Pilots are already under way in Japan and
  Scandinavia using technologies such as SMS,
  infrared and contact fewer chips (RFID).
Evolution of mobile payments

                     Mobile payment types
Payment      Mobile Content         Out of band                           Proximity

Example      Anne is on holiday,    An SMS notifies Anne that U2          Back at home , Anne is at
                and uses her            concert tickets have just gone       her photo and imagine
                Nokia 7650 to           on sale. From an Internet café       shop; she transfers her
                take a photo,           she browses to the ticket            holiday photos from her
                adds audio              vendor site, books her tickets       digital camera to the
                comment, and            and pays with her Visa card.         store computer over as
                sends it via MMS        The payment authentication           Bluetooth link; the
                to Robert. She is       request                              payment request is sent
                charged $1 to       Appears on her mobile phone via          to telephone, also over
                her prepay              SMS, and she authenticates           Bluetooth, where she
                account                 using a personal PIN, digitally      accepts it, and her
                                        signing the order. A receipt is      credit card information
                                        sent to her phone.                   is returned to the store
                                                                             point of sale device.
Technology   EMS, MMS               SMS, SIM Toolkit application, WAP     Bluetooth 802.11b, IrDA
Enablers     2.5G (Eg. GPRS) 3G        Push, WPKI, Dual slot, Dual
                                       SIM, J2ME.

Payment      Meditation system      Wallet server with SMS and            Payment Java applet on
Features        integrated with         wireless PKI support, Acquiring      mobile phone and point
                real time stored        gateway                              of sale device.
Phases of Mobile Payment Transaction

  Secure Electronic Transaction (SET)
• Secure Electronic Transaction (SET) is a system for
  ensuring the security of financial transactions on the
• It was supported initially by Mastercard, Visa, Microsoft,
  Netscape, and others.
• With SET, a user is given an electronic wallet (digital
  certificate) and a transaction is conducted and verified
  using a combination of digital certificates and digital
  signatures among the purchaser, a merchant, and the
  purchaser's bank in a way that ensures privacy and
• SET makes use of Netscape's Secure Sockets Layer
  (SSL), Microsoft's Secure Transaction Technology (STT),
  and Terisa System's Secure Hypertext Transfer Protocol
• SET uses some but not all aspects of a public key       19
  infrastructure (PKI).
              Key features

• To meet the business requirements, SET
  incorporates the following features:
• Confidentiality of information
• Integrity of data
• Cardholder account authentication
• Merchant authentication


A SET system includes the following
  – Cardholder
  – Merchant
  – Issuer
  – Acquirer
  – Payment gateway
  – Certification authority

1.  The customer obtains a credit card account with a bank
    that supports electronic payment and SET
2. The customer receives an X.509v3 digital certificate
    signed by the bank.
3. Merchants have their own certificates
4. The customer places an order
5. The merchant sends a copy of its certificate so that the
    customer can verify that it's a valid store
6. The order and payment are sent
7. The merchant requests payment authorization
8. The merchant confirms the order
9. The merchant ships the goods or provides the service to
    the customer
10. The merchant requests payment
   Mobile Payments: Trends in Enabling
• A number of mobile payment models
  have been proposed, piloted and
• They use a range of technologies
  including SMS, WAP, SIM application
  toolkit (SAT), USSD, IVR, dual slot
  phones, dual SIM phones, Bluetooth,
  Infrared, bar code readers and contactless


 Mobile operator payment systems

• A Server Wallet: This is an encrypted store of
  users, personal data- payment data, addresses,
  personal preferences, receipts.


• An Acquiring Gateway: This system, used as
  an electronic point of sale (ePOS), is capable
  of routing or switching payment transactions
  for multiple merchants and currencies to
  different backend systems. For example, the
  same system might process a prepay top-up
  request for a Visa card and a purchase with a
  debit card. This module also provides online
  merchant/content provider reporting and
  transaction management.

• Prepay Top-Up System: This allows top up
  requests originating from multiple sources .
  Terminals over PSTN or X.25, IVR systems,
  Web and WAP, ATM to be processed, and
  routed to multiple prepay systems for on-line
  top-up of voice or other stored value. It can
  also handle off-line top-up by storing and
  managing top-up codes, which is more cost
  effective than using scratch cards.
A Prepay (stored value) System:
• This system manages the user’s accounts, maintaining
  their balance, and providing features such as parent
  and child accounts.
• Transactions may debit the system in real-time, or an
  external application may draw funds and refund any
  unused portion.
• This module also facilitates managing loyalty
  programs and private label on us, telco cards, and
  some operators may even issue their own plastic


• A Merchant Accounting System: This is
  used to maintain merchant accounts, calculate
  commissions and generate settlements for the
  merchants, such as writing checks or
  performing EFT file transfers.


                                 Internet and                           Content
                                Operator Data                           Provider
                               Services Network

   Operator Payment System

                                                    Acquiring          Billing
   Merchant          Stored    Prepay      Wallet
                                                    Gateway            System
     A/C             Value     Top-up      Server
    System           Prepay


  Financial Institution Payment Systems in
             Mobile Environment
• Wallet Server - In the past, banks deployed wallets to
  their customers in an effort to maintain a relationship
  with their customers in an on-line environment.
• Most wallets were stored on the users desktop and were
  difficult to install and use.
• The wallet server plays a similar role as in the operator
  environment-as a secure repository of personal data.
 Financial institutions choose various models for
  authenticating payments- such as via SMS and SIM
  toolkit applications, WPKI, single use passwords, pseudo
  numbers, Visa 3-D Secure and MasterCard SPA.

Risk Management Modules:

• For avoiding fraud- authentication of cardholders (by
  User ID and password/PIN, chip cards and digital
• The use of pseudo numbers in place of real card
  numbers, and the implementation of protocols
  devised by Visa (3-D Secure, or
• Verified by Visa) and MasterCard SPA. These
  security mechanisms are normally implemented as
  part of a wallet server type platform
Acquiring Gateway.
 This is an essential system for an acquiring
  bank, allowing payment transactions to be
  routed to multiple backend interfaces.
 Payment transactions based on credit cards,
  debit cards, corporate purchase cards and
  loyalty cards are routed onto private financial
  networks through a payment gateway.
 The types of transactions include topping up a
  voice or other stored value system, paying for a
  transaction, subscription or settling a bill.


Card Management System
 Essential for a payment card issuer, this
  system handles the cardholder accounts,
  manages the account creation process,
  interfaces to card embossing systems,
  real-time authorizations, and settlements.
 For risk control using pseudo numbers and
  MasterCard SPA, the Card Management
  System is linked with the Wallet Server.

• Merchant Accounting System-
  Acquiring banks use merchant account
  systems to manage their merchant base,
  including commission calculation and


• Dispute Resolution System- A critical
  component for both issuers and acquirers,
  this automates the management of
  disputed payment transactions and is
  applied to both issuing and acquiring

                                    Internet and Operator
                                    Data Service Network

                                                                      Content Provider

Bank payment System

Merchant                 Card
                                                            Wallet           Acquiring
  A/C                 Management
                                                            Server           Gateway
 System                 System

                 Risk Management Control e.g.
                 Pseudo Numbers, MasterCard         3D       Pseudo   M/C
                     SPA, Visa 3D Secure           Secure   Numbers   SPA

            Open and Closed Systems

• The question of open and closed systems often arises in mobile
• An open payment system is one in which the payment instrument
  can be issued by one or more. Issuers-and can be acquired by one
  or more Acquirers.
• Typically an Interchange Association exists to set the rules and
  administer an interchange network-for example, Visa or MasterCard
  in the case of payment cards, or NACHA in the case of US direct

• In a closed payment system, the payment issuing and
  acquiring are performed by the same entity. American
  Express, Diners Club and Discover Card are examples of
  closed systems.

       Trintech Payment Systems-PayWare
                              Internet and Operator
                              Data Service Network

                                                                    Content Provider

Trintech Payment System

                                  PayWare                                   PayWare
 PayWare            PayWare        Prepay                                   eAcquire
  eCMS               eCMS
 Acquirer            Issuer

                                         3D Secure       Pseudo   M/C
                                                        Numbers   SPA


                                Voice                                                  39
           Point of Sale (POS) Payment
POS provides the following to Strategic Partners:

•   A turn-key solution.
•   Assistance with the bankcard Association of co-branding application and
    subsequent card order.
•   Assistance with applying for a PIN for the new card if applicable.
•   Card and account management for all POS VISA debit cards issued by the
    Bank. Settlement services.
•   Transaction processing, including-
     – Loading Visa Electronic Card accounts.
     – Account maintenance.
     – Visa Electronic Card authorization.
     – Customer Support.
     – Second level customer support – using IVR, call center and Web based
     – Continued product and service innovation.
     – The ability to leverage the POS brand as we continue to expand in the
       global prepaid marketplace.