Docstoc

Government Payment Gateway - Slide 1

Document Sample
Government Payment Gateway - Slide 1 Powered By Docstoc
					Government Payment Gateway
 - Korean PG for e-Government Case Study




                              2007. 5. 24
                         Chang-Kang Seol
                                 ISGEG
Index
1. Background of e-Commerce market
2. Key Issues
3. PG (“BankPay”) service for e-Gov in Korea
   •   Briefs on BankPay
   •   Operational Feature
   •   Technical Feature
   •   Security
   •   Customer Protection
4. Conclusion
Background of e-Commerce market in Korea
- Historical background
    1. Market Needs for e-Payment, security technology from internet shopping mall
       in late 1990’s
    2. Starting the online bank transfer of Dacom (private co) through X.25 in 1997
    3. Establishing PG (“Bankpay”) for the safe public e-Payment in 2000
    4. Resulting in growth of e-Commerce in 2000’s


                            Growth of e-Commerce


                               Legal & policy support
                            (Korean Government Support)


                Stable      Cost                             Multi
     Sales                                                            Stability &
              Operation   Effective-
   Increase
               of Shop      ness
                                       +       Security   e-Payment
                                                          Solutions
                                                                      Easiness


   Internet Shopping Mall, CPs etc.                  Payment Gateway
- Market background

     1. Continuous growth of e-Commerce market
     2. About 100 in 2002 then now about 50 PG companies with 5 majors of which
        M/S is over 80%
        - Inisys, Cyber Payment, Dacom, KCC, Bankpay
     3. Competitive market
     4. Trend for Users to move into major PGs based on security and low costs


▣ Trend of e-Commerce Transaction                                              (Unit : USD Mil)
            Year              2001        2002          2003      2004      2005       2006
e-Commerce Transaction         118,976     177,809      235,025   314,079   358,451    413,585
             (Growth Ratio)                      49%       32%       34%       14%        15%
     B2B                       108,941     155,707      206,854   279,399   319,202    366,191
     B2G                         7,037      16,632       21,634    27,349    29,036     34,436
     B2C                         2,580          5,043     6,095     6,443     7,921      9,132
     Etc.                          418           427       442       888      2,292      3,826

 * Source : Korea National Statistical Office
▣ Trend of e-Payment System (Electronic based payment)
  Movement from paper based payment into electronic based payment
  * Electronic based payment : payment through data transfer using ICT infra

[No. of transaction]                    [Amount]




     Electronic based Payment      Paper based Payment
 * Source : Bank of Korea “Trend of Payment System” 2005. 4.
- Legal background for e-Commerce

       1997.8                   2000.12                     2002.3                     2006.1

 Specialized Credit          Regulation for              e-Commerce
 Financial Business          Supervision on               Consumer               Electronic Finance
        Act                     Banking                 Protection Act            Transaction Act
                              Institutions

 Purpose                   Purpose                   Purpose                     Purpose
 • To define off-line      • To grant Financial      • To create institutional   • To define the electric
   financial transaction     Supervisory               basis for customer          financial transaction
                             Service to                protection
 • To regulate legal         supervise PG                                        • To regulate legal
   relation in Off-Line                              • To secure stable            relation in FET
   Financial Transaction   • To regulate security      transaction for
                                                                                 Feature
                                                       e-Commerce
                                                                                 • Enforcing Biz
 Feature (2002.3)          Feature                   Feature                       registration on PG
 • To position PG          • To supervise PG         • To establish protection   • To set up the clear
   as a legal entity       • To regulate PG for        device from consumer        legal structure
 • To define regulation      its sound transaction     damage
                                                                                 • To secure customer
   on PG                   •To oblige PG to          • To introduce insurance      using EFT
 • To secure On-Line        secure information         to protect consumer
                                                       damage form e-            • To regulate &
   credit card
                                                       Commerce                    supervise healthy
   transaction
                                                                                   development of EFT
Key Issues in Korea
- Protection from customer damage (Identification/Reparation)
    ▣ Legal Risk
      - Who will identify the faults and take the responsibility of reparation from the damage
    ▣ Operational Risk
      - Network hacking, system down
    ▣ Settlement Risk
      - Bankrupt


- Operational Issue
    ▣ Operation by Government
    ▣ Operation by Private Companies


- Security Standard Issue
    ▣ Network Security
    • Encryption Technology
        Symmetric or Asymmetric Algorism (Public Key Algorism)
        Message Digest (Hash Function) / Electrical Signature (Private Key)
        SSL (Secure Socket Layer) / SET (Secure Electronic Transaction)
    • Authentication by third party
    ▣ Host System Security
    • Firewall
    • Intrusion Detection System
 BankPay (PG of Korean Government)
              Founded by Korea Financial Telecommunications & Clearings
Establishment Institute (KFTCI), incorporated association chaired by the Bank
              of Korea established in 2000

                 Service for Payment Gateway to government organizations &
  e-Payment
                 private commercial operators
    Method
                 - Credit Card, Bank Fund Transfer & K-Cash


                 Featured by Most Banks’ Participation, Real Time Transaction &
    Feature
                 Low Cost


                 Service for most of public organization as e-Procurement, Land
    Service
                 Titling, G4C etc. and for commercial entities as on-line shop,
     Area
                 internet auction, tuition fee etc.
                                                                     (Unit : U$ Mil)
                                    2001   2002    2003       2004         2005
Sales Increase
                     Sales            4     52      75        109          230
                 * Source from KFTC 2006
Operational Structure
Founded by Korea Financial Telecommunications & Clearings Institute (KFTCI),
incorporated association chaired by BOK supervised by FSS (Financial Supervisory
Service)
                                            Bank Association
                        Bank of Korea        Regular Member     Associate Member
                           (Chair)              (12 Banks)          (10 Banks)


Financial Supervisory           Governing
       Service                                                             CD
                                                                           N/W

        Check                                                              IFT
                                                                                    : Inter Bank
       Clearing                                                            N/W
                                                                                      Fund Transfer
        Paper
                                         KFTC
                                     (Incorporated                        HOFINET   : Inter Bank
         Giro
                                      Association)                                    Home/Firm
       Electric                                                           K-Cash      Banking System
         Giro                                                              N/W

       Internet                                                            Bank
         Giro                                                              Line



             BankPay       CMS /                     Card VAN       UBI
                                        Bank B2B
               (PG)       Giro EDI                    K-Cash     (Mobile Pay)
 Services
  - e-Government Framework (Single window for e-Payment)
                             Citizens             Business              Vendors/Suppliers               ► Services requiring
                                                                                                           payment solution

    Government / Agency Office               Internet e-Gov portal / Kiosks          Telephony Contact (Voice/Fax/…)


                                                                                                          Court
   National Assembly Session ► e-Citizen / Registration & ID ►
                                  (Family/Employment/...)            e-Procurement           ►   Session/Decision/Patent/
     Broadcasting System                                                                         Auction Information Sys
                                  Integrated System for
   National Assembly Minutes ►       Social Insurances       ► u-Logistics Postal Service    ►    Land Registration and
                                                                                                   Information System
         Publishing Sys
    Legislative Information
                                                 Hospital
                             ► e-Healthcare: System ► e-Education: Magic School
                                   Information                         and Campus
                                                                                                 Cadastre Management
                                                                                                   Information System
             System
      e-Library: Library of
                             ► National / Home Tax ► e-Customs and e-Clearance
                                           Service                       System
                                                                                                 Legislative Information
                                                                                                         System
       National Assembly       Vehicle and Driver License      Intelligent Transportation
        Election Process
                             ►        Service System                     System                  Electronic Filing System
          Automation
                               911 / Police Support System ► Automatic Fare Collection            Immigration Control
                                                                         System              ►         System

                                 Inter-government Intranet: Inter-agency collaboration

                                        E-Document               Shared Information of
                                                                   Local Government
   Assembly Information /             Standard Human                National Finance               Civil/Criminal Trial
   Material Communication             Resources System            Information System               Procedure System
     National Assembly                   Integrated Information Infrastructure                     Court Knowledge
   Operations Support Sys                                                                         Management System


Administration N/W      Finance N/W        Education N/W         Defense N/W             Police N/W       Logistics N/W
Establishment
Established in year 2000 for the Public e-payment system in to comply with the market
needs due to the rapid growth of the e-Commerce (internet shopping mall) in late 1990’s

           00.11             02.10              02.9              90.4            02.10             99.9
                e-Tax           Integrated                          e-Custom
                                                e-Procurement                      e-Gov Portal &     e-Learning
Service    (National/Home         Social
                                                     Sys
                                                                   e-Clearance
                                                                                      Kiosks              Sys
             Tax Service)     Insurance Sys                            Sys




           90.3              91.1               91.2              91.3            95.12
               Vehicle        e-Citizen / NID     Real Estate                        Passport &
                                                                    Business
  DB        Registration /       (Family/         Management
                                                                   Registration
                                                                                    Immigration
            Driver License    Employment)       Information Sys                        Control
                                                                                                    00.12

                                                                                                       BankPay
                                                                                                         (PG)
            87     ~   91                                         89.12
            Provision PC      Groupware
                                                Public Admin &                         e-Gov            Public
IT Infra     & ICT Use           (e-mail/
                                                Education N/W
                                                                    Finance N/W
                                                                                    EA Planning     Internet Center
             Education        e-document)
Position in e-Payment Market in Korea

Electronic     Networ         Bank            Credit    Prepaid                            Traffic
                  k          Transfe           Card      Card           e-Cash              Card
 Payment       e-Cash           r



                                                       Telephone                 Terminal /
Network        Mobile             Internet             Line(X.25)                  Kiosk



             Mobile PG                 PG                VAN                 Traffic PG
Service                         Bankpay                  KICC
              Infohurb                                                             Intec
Provider                        Dacom                    NICE
              Mobilians                                                             C&C
                                Inisys, KCP             KS-NET
                 Ubi                                                               MYBI
                                Etc.                     Etc.

Relevant      Telecom         Financial                                      Transport
             Companies                                     e-Cash Co.        Companies
  Co.                         N/W Co.
             SK / KTF / LG                                                  Transport Co.

Financial
                                       Banks / Card Companies
Institutes
Challenges of BankPay


                         Stable & convenient
                       Internet Payment Service




   Optimized                                                 Payment
                   User Interface         Security
    Solution                                                 Method

• e-Procurement
                  Suitable/ flexible   Payment service   • Credit Card
• Online appeal
                  payment module       secured on the    • Bank Transfer
• Content
                  to user platform       basis of PKI    • K-Cash
• Shopping mall
Technical Feature
- Technical Components


                                  Main Server
                                  • Payment Gateway
                                  • Backup
                                  • Internet
                                  • DB
                     Security                     System Management
                     • Firewall                   • NMS
                     • IDS                        • SMS

                                  PG Solution
                                  • e-Payment
                                  • Call Center
                                      (CTI)
Technical Feature
- Technical Architecture
                                    e-Gov Portal /           BankPay
                                     Web Server                P/G
         Wallet


                                                                      CCIS    CARD

                  INTERNET Web                    TX      P/G
Cust               (OpenNetwork)   server       server   server
omer                               (eGov)
                                                 (S/W)   (H/W, S/W)
       HTML Form                   (H/W, S/W)                         CMS
                                                                              BANK
                                                                      (N/W)




                                      Internet(TCP/IP)
Technical Feature
- Service related program
               • Payment module on Active-X Control
               • Installation on Customer’s PC downloaded from BankPay Server
   Wallet      • Encrypting Payment Information with e-Signature
               • Client’s Request to start User’s payment process for payment
               • Communication program between PG with Users
               • Encrypting Payment Information with e-Signature using Authentication
 TX Server       Certificate issued by Certification Agency (“Yessign”)
               • Providing the most appropriate TX Server in compliance with User platform
 Payment       • Page for Customer to request for payment for products or services
 Request         Ex) Ordering page of shopping mall
               • Transfer payment request which is compiled by the Service (Windows NT)
 Payment         or Java Class (Unix) to PG
 Process       • DB storage after payment processed by PG
               • Notice final payment result from PG to User with ASP/JSP/CGI Etc.

 Request       • Request for cancellation to PG
Cancellation
               • Transfer cancellation request which is compiled by the Service
 Payment         (Windows NT) or Java Class (Unix) to PG
Cancellation   • DB storage after cancellation processed by PG
               • Notice final cancellation result from PG to User with ASP/JSP/CGI Etc.
Technical Feature
- Sequence Diagram
     Customer                                         e-Gov                               BankPay

                 Wallet        Payment            Payment              TX                    PG
               (Customer       Request            Process             Server                Server
                  PC)

           ① Click
           payment
           button                     ② Activating
Customer                              Wallet Software
           ③ PW /
           Payment                    ④ Request for     ⑤ Compiling       ⑥ Encrypting
           Information                Payment           Payment           Payment
                                                        Information       Information
                                                                          (e-Signature)
                           ⑨ Notice
                           Payment                      ⑧ Log storage /                   ⑦ Result for
                           Result                       Payment                           Payment
                                                        Result

                                            DB
                                                                               ⑨ Notice
                                                                               Payment Result
Security
 • Electronic signature using PKI Technique
 • Accredited certificate is a certificate issued by YESSIGN, an accredited certification
  authority pursuant to "Electronic signature Act“.
 • Certificate has a series of data which include Subscriber's Electronic signature
   verification data, Serial numbers, Subscriber's name and the term of validity etc.
Security
- Certificate Agency _ Korea Information Security Agency
• Below that, there're 6 accredited certification authorities :
• Korea Financial Telecommunications & Clearings Institute, Koscom Inc., KTNET,
 National Computerization Agency, Korea Electronic Certificate Authority, Korea
 Information Certificate Authority Inc.
Customer Protection
- Protection from customer damage
       • Identification
       • Reparation


▣ Financial Troubles in e-Payment in Korea
                                                   No. of Fault                      Amount (thousand U$)
                  Contents
                                                                       Tota
                                     ‘02     ‘03      ‘04     ‘05.7           ‘02   ‘03    ‘04     ‘05.7    Total
                                                                         l

              Internet Banking        1       -        1          2     4     71     -      3       68      142

                Tele banking           -      1        5          8     14     -    10     162     262      434
  Bank
               Card Forgery ㆍ
                                      4      6         6          -     16    452   66      26       -      544
                Reproduction

               Program Default         -      1        8          2     10          0       0       0        0

               Card Forgery ㆍ
                                       -      1        -          -     1           184     -        -      184
  Credit        Reproduction
   Card
               Program Default         -      1        -          -     1      -    0       -        -       0

               Total                  5      10       20          10   46     523   260    191     330      1,304
Source : 2005 Inspection of Administration
▣ Liability of reparation and identification of responsibility
 - Electronic Finance Transaction Act (2006)
 - Apply the principle of liability without fault to personal users and the principle of
   liability with fault to companies
                       Principle of                       Principle of liability with fault (Corporate user)
                    liability without
                           fault                     Simple                      Contributory             Comparative
                     (Personal user)             negligence rule                negligence rule          negligence rule

    Liability of
                            No                  Sufferer or harmer               Person himself          3rd Party(Court)
  identification
                                                                              Harmer subject to
   Liability of        Sufferer’s
                                                      Harmer                 sufferer’s fullness of         Balancing
   reparation         counter part
                                                                                 its obligation

▣ Main contents of Electronic Finance Transaction Act (2006)
                      - Responsibility for financial institutes to compensate the user with the damage
                        arising from forgery/reproduction, fault in data transmission and process
                      - Regulated and supervised by Financial Supervisory Committee and
     Stability          provision of the standard for PKI (Clause 20)
                     - Mandatory storage of transaction records for 5 years (Clause 21)
                     - Limitation of credit (Clause 22)
                     - Damage after notice to loss and theft shall be borne by financial institutes
    Consumer            (Clause 9)
    Protection       - Protection on user information (Clause 25)
                     - Arbitration Clause (Clause 26)
                      - GAAP & financial standard (capital structure / asset management /
   Supervision          liquidity )(Clause 41)
Conclusion
 1. Customer Protection backed by Government’s legal & policy support
    - Electronic Finance Transaction Act
    - Promotion e-payment by way of deduction of Tax
 2. One window PG for most of the public e-Payment
    - Cost, time effectiveness
 3. Technical Support
    - Standard technical architecture
    - Easy access (ICT infrastructure)


                        KFS for PG for public service


                                  Legal & policy           Technical
         One window
                                     Support                Support
       Effectiveness              Legal & Policy               ICT
    • Multi e-Payment         • Customer Protection   • Easy Access
      solutions               • e-Payment Promotion     (N/W expansion)
    • Cost & Time                                     • Standard Application
      Effectiveness                                     (Security)