Docstoc

Objectives

Document Sample
Objectives Powered By Docstoc
					    Introduction to e-Commerce




        Electronic Payment Systems




                            Objectives

In this chapter, you will learn about:
  The basic functions of online payment
  systems
  The use of payment cards in electronic
  commerce
  The history and future of electronic cash


   An Introduction to E-Commerce          Winter 85, 2




                                                         1
             Objectives (continued)

How electronic wallets work
The use of stored-value cards in electronic
commerce
Internet technologies and the banking
industry



     An Introduction to E-Commerce               Winter 85, 3




            Online Payment Basics
Cash, checks, credit cards, and debit cards account
for more than 90 percent of all consumer
payments in the United States
Most popular consumer electronic transfers are
automated payments of
  Auto loans
  Insurance payments
  Mortgage payments made from consumers’ checking
  accounts
     An Introduction to E-Commerce               Winter 85, 4




                                                                2
 Payment Methods for all Types of U.S.
Consumer Transactions, 2005 Projections




   An Introduction to E-Commerce                  Winter 85, 5




  Requirements for e-payments

Atomicity
  Money is not lost or created during a transfer
Good atomicity
  Money and good are exchanged atomically
Non-repudiation
  No party can deny its role in the transaction
  Digital signatures

   An Introduction to E-Commerce                  Winter 85, 6




                                                                 3
     Desirable Properties of Digital Money

  Universally accepted
  Transferable electronically
  Divisible
  Non-forgeable, non-stealable
  Private (no one except parties know the amount):
  security
  Anonymous (no one can identify the payer)
  Work off-line (no on-line verification needed)
No known system satisfies all.
      An Introduction to E-Commerce                Winter 85, 7




             Online Payment Basics
                  (continued)
  Scrip

     Digital cash minted by a company instead of by a
     government

     Cannot be exchanged for cash

     Like a gift certificate that is good at more than
     one store
      An Introduction to E-Commerce                Winter 85, 8




                                                                  4
                                  Micropayments Systems
            e   y
         on                                   MilliCent
    M
                              Buyer              Electronic scrip system
                  r ip


                                                 Participating merchant creates and sells own
                Sc




                                                 scrip to broker at a discount
                                      Scrip
                           Good



                                                      Consumers register with broker and buy bulk
                                                      generic scrip, usually with credit card
Broker
                                                      Customers buy by converting broker scrip to
                Li




                                                      vendor-specific scrip, i.e. scrip that a particular
                   ce
                    ns




                                                      merchant will accept
                       e
  M




                                                  Customers can purchase items of very low value
   on
     ey




                                                  Brokers required for two reasons:
                                                      Small payments require aggregation to insure
                           Merchant                   profitability
                                                      System is easier to use -- customer need only deal
                                                      with one broker for all their scrip needs
                           An Introduction to E-Commerce                                          Winter 85, 9




                                              Electronic Cash

           Term that describes any value storage and
           exchange system created by a private entity that
                     Does not use paper documents or coins
                     Can serve as a substitute for government-issued
                     physical currency
           Attractive in two arenas
                     Sale of goods and services of less than $10
                     Sale of higher-priced goods and services to those
                     without credit cards

                           An Introduction to E-Commerce                                          Winter 85, 10




                                                                                                                  5
            Micropayments and Small
                   Payments
  Micropayments

       Internet payments for items costing from a few
       cents to approximately a dollar

  Small payments

       Payments of less than $10


         An Introduction to E-Commerce                         Winter 85, 11




        Ecommerce Payment Ranges
                Minimum              Typical      Maximum
               Transaction         Transaction   Transaction
                  Value               Value         Value


Macro           $5.00               $50.00

Mini             $0.10               $1.00       $10.00

Micro          $0.001                $0.01        $1.00



         An Introduction to E-Commerce                         Winter 85, 12




                                                                               6
Privacy and Security of Electronic
              Cash
  Concerns about electronic payment methods
  include
       Privacy and security
       Independence
       Portability
       Convenience
  Advantages of electronic cash
       Independent and portable
        An Introduction to E-Commerce                             Winter 85, 13




                     E-cash Concept
          Merchant



  5
            4                1. Consumer buys e-cash from Bank
                             2. Bank sends e-cash bits to consumer (after
Bank             3              charging that amount plus fee)
                             3. Consumer sends e-cash to merchant
                             4. Merchant checks with Bank that e-cash
             2                  is valid (check for forgery or fraud)
   1                         5. Bank verifies that e-cash is valid
                             6. Parties complete transaction: e.g., merchant
                                present e-cash to issuing back for deposit
 Consumer                       once goods or services are delivered


        An Introduction to E-Commerce                             Winter 85, 14




                                                                                  7
       Holding Electronic Cash:
       Online and Offline Cash
Online cash storage
  Trusted third party is involved in all transfers of
  electronic cash
  Holds consumers’ cash accounts
Offline cash storage
  Virtual equivalent of money kept in a wallet
  No third party is involved in the transaction
Double-spending
  Spending electronic cash twice
   An Introduction to E-Commerce                Winter 85, 15




 Advantages and Disadvantages
      of Electronic Cash
Advantages of electronic cash
  Transactions are more efficient
  Transfer on the Internet costs less than
  processing credit card transactions
Disadvantages of electronic cash
  Use provides no audit trail
  Problem of money laundering arises
  Susceptible to forgery
   An Introduction to E-Commerce                Winter 85, 16




                                                                8
            Providing Security for
               Electronic Cash
Cryptographic algorithms
  Keys to creating tamperproof electronic cash that
  can be traced back to its origins
Anonymous electronic cash
  Electronic cash that cannot be traced back to the
  person who spent it
Creating truly anonymous electronic cash
  Requires a bank to issue electronic cash with
  embedded serial numbers
   An Introduction to E-Commerce              Winter 85, 17




  Detecting Double Spending of
         Electronic Cash




   An Introduction to E-Commerce              Winter 85, 18




                                                              9
         Electronic Cash Systems
CheckFree

  Largest online bill processor in the world

  Provides online payment processing services

Clickshare

  An electronic cash system aimed at magazine and
  newspaper publishers
  Purchases are billed to a user’s ISP, who in turn bill the
  customer to E-Commerce
   An Introduction                                    Winter 85, 19




         Electronic Cash Systems
                (continued)
PayPal
  Provides payment processing services to
  businesses and to individuals
  Peer-to-peer (P2P) payment system
    Free payment clearing service for individuals




    An Introduction to E-Commerce                     Winter 85, 20




                                                                      10
  PayPal Payment Method Search
 Option on eBay Main Search Page




   An Introduction to E-Commerce           Winter 85, 21




                       Developed by
Visa cash
  Uses cash card : processor + kilobyte of memory
    Authentication operation
    Cryptographic algorithm
    Reader
Mondex
  Uses smart card
Digicash
  Electronic cash (no smart card)
   An Introduction to E-Commerce           Winter 85, 22




                                                           11
                       Aggregation

Used when individual transactions are too small for credit
card (e.g. $2.00)
Consumer and Merchant sign up with Aggregator
Consumer makes purchase. Merchant notifies Aggregator.
Aggregator keeps Consumer’s account. When amount
owed is large enough (or every month), charges to
Consumer’s credit card
Aggregator sends money (less fees) to Merchant
QPASS, CyberCash, GlobeID

     An Introduction to E-Commerce                   Winter 85, 23




                        Payment Cards

Describe all types of plastic cards used to
make purchases

Credit card

   Has spending limit based on a user’s credit
   history


     An Introduction to E-Commerce                   Winter 85, 24




                                                                     12
     Payment Cards (continued)
Debit card
  Removes an amount from a cardholder’s bank
  account
  Transfers it to the seller’s bank account

Charge card
  Carries no spending limit
  Amount charged is due at the end of the billing
  period
    An Introduction to E-Commerce                     Winter 85, 25




                   Credit Cards

Credit card
  Used for the majority of Internet purchases
  Has a preset spending limit
  Currently most convenient method
  Most expensive e-payment mechanism
     MasterCard: $0.29 + 2% of transaction value
  Disadvantages
     Does not work for small amount (too expensive)
     Does not work for large amount (too expensive)
Charge card
  No spending limit
    An Introduction to E-Commerce                     Winter 85, 26




                                                                      13
  Payment Acceptance and Processing
Merchants must set up merchant accounts to
accept payment cards
Payment card transaction requires:
  Merchant to authenticate payment card
  Merchant must check with card issuer to ensure
  funds are available and to put hold on funds
  needed to make current charge
  Settlement occurs in a few days when funds
  travel through banking system into merchant’s
  account to E-Commerce
     An Introduction                           Winter 85, 27




  Processing a Payment Card Order

                                            Acquiring Bank
                        2. Authentication




           1.Purchase
                                                3. Clearing




                        4. Billing and
                          payment
                                            Issuing Bank

    An Introduction to E-Commerce                             Winter 85, 28




                                                                              14
 Advantages and Disadvantages
      of Payment Cards
Advantage
  Worldwide acceptance

  Built-in security for merchants

Disadvantage
  Payment card service companies charge
  merchants per-transaction fees and monthly
  processing fees
   An Introduction to E-Commerce             Winter 85, 29




 Open and Closed Loop System

Closed loop systems
  Card issuer pays merchants that accept the card
  directly and does not use an intermediary

Open loop systems
  Involve three or more parties
  Systems using Visa or MasterCard are examples
   An Introduction to E-Commerce             Winter 85, 30




                                                             15
                Merchant Accounts

To process payment cards for Internet
transactions an online merchant must set up a
merchant account
New merchant must supply
   Business plan
   Details about existing bank accounts
   Business and personal credit history
    An Introduction to E-Commerce             Winter 85, 31




    Processing Payments Online
InternetSecure
  Provides secure payment card services
First Data
  Provides merchant payment card processing
  services with the following programs
    ICVERIFY, PCAuthorize, and WebAuthorize
Banks connect to an Automated Clearing
House (ACH) through highly secure, private
leased telephone lines
    An Introduction to E-Commerce             Winter 85, 32




                                                              16
     Processing a Payment Card
            Transaction




    An Introduction to E-Commerce                  Winter 85, 33




                  Electronic Wallets

Hold credit card numbers, electronic cash, owner
identification, and contact information

Give consumers the benefit of entering their
information just once

Make shopping more efficient
  65% of e-commerce site users selected their item but
  failed to pay.

    An Introduction to E-Commerce                  Winter 85, 34




                                                                   17
  Electronic Wallets (continued)
Server-side electronic wallet

  Stores a customer’s information on a remote
  server belonging to a particular merchant or
  wallet publisher

Client-side electronic wallet

  Stores a consumer’s information on his or her
  own computer
   An Introduction to E-Commerce            Winter 85, 35




        Microsoft .NET Passport
An electronic wallet operated by Microsoft

Passport consists of four integrated services
  Passport single sign-in service (SSI)

  Passport Wallet service

  Kids Passport service

  Public profiles
   An Introduction to E-Commerce            Winter 85, 36




                                                            18
  Microsoft .NET Passport Home Page




   An Introduction to E-Commerce           Winter 85, 37




                      Yahoo! Wallet

Server side electronic wallet offered by
Yahoo!

Lets users store information about several
major credit and charge cards

Many industry observers and privacy rights
activist groups are concerned about
electronic wallets
   An Introduction to E-Commerce           Winter 85, 38




                                                           19
  W3C Micropayment Standards
    Development Activity
Common Markup for Micropayment Per-
Fee-Links
  Standards developed by W3C Electronic
  Commerce Interest Group (ECIG)
  Provide extensible and interoperable way to
  embed micropayment information in a Web page
Extensible system
  One that developers can add to (or extend)
  without voiding any earlier work on the system
    An Introduction to E-Commerce            Winter 85, 39




W3C Proposed Micropayment
       HTML Tags




    An Introduction to E-Commerce            Winter 85, 40




                                                             20
             The ECML Standard

Electronic Commerce Modeling Language
(ECML)
  Users can enter credit card and address
  information once into an ECML-capable electronic
  wallet
  Users control access to their ECML electronic
  wallets

   An Introduction to E-Commerce            Winter 85, 41




               Stored-Value Cards

Can be an elaborate smart card with a
microchip that records currency balance

Common stored-value cards

  Prepaid phone, copy, subway, and bus cards



   An Introduction to E-Commerce            Winter 85, 42




                                                            21
             Magnetic Strip Cards
Cannot send or receive information
Cannot increment or decrement value of cash
stored on the card
Processing must be done on a device into
which the card is inserted
Smart card
  Better suited for Internet payment transactions
   An Introduction to E-Commerce             Winter 85, 43




                         Smart Cards
Stored-value cards

Can hold private user data, such as financial
facts

Can store about 100 times more information
than a magnetic strip plastic card

Safer than conventional credit cards
   An Introduction to E-Commerce             Winter 85, 44




                                                             22
                        Smart Card Structure

                                                         Microprocessor


                                              Contacts
                     Card
                 (Upside-down)                                               Epoxy




SOURCE: SMART CARD FORUM



              An Introduction to E-Commerce                               Winter 85, 45




            Octopus Smart Card Information
            on the Hong Kong Citybus Site




              An Introduction to E-Commerce                               Winter 85, 46




                                                                                          23
     Advantages and Disadvantages
            of Smart Cards
Advantages:
1.   Atomic, debt-free transactions
2.   Feasible for very small transactions (information commerce)
3.   (Potentially) anonymous
4.   Security of physical storage
5.   (Potentially) currency-neutral
Disadvantages:
1.   Low maximum transaction limit (not suitable for B2B or most B2C)
2.   High Infrastructure costs (not suitable for C2C)
3.   Single physical point of failure (the card)
4.   Lack of standard interfaces for communication with the reader
5.   Not (yet) widely used
      An Introduction to E-Commerce                            Winter 85, 47




           Smart Cards (continued)
Smart Card Alliance
     Promotes benefits of smart cards
     Promotes widespread acceptance of multiple-
     application smart card technology
     Members include companies in banking,
     financial services, computer technology, and
     healthcare
     Promotes compatibility among smart cards, card
     reader devices, and applications
      An Introduction to E-Commerce                            Winter 85, 48




                                                                               24
                          Smart Cards
Magnetic stripe
   140 bytes, cost $0.20-0.75
Memory cards
   1-4 KB memory, no processor, cost $1.00-2.50
Optical memory cards
   4 megabytes read-only (CD-like), cost $7.00-12.00
Microprocessor cards
  Embedded microprocessor
      (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM
      Equivalent power to IBM XT PC, cost $7.00-15.00
      32-bit processors now available
     An Introduction to E-Commerce                             Winter 85, 49




      Mondex Smart Card


Holds and dispenses electronic cash (Smart-card based, stored-value
card)
Developed by MasterCard International
Requires specific card reader, called Mondex terminal, for merchant or
customer to use card over Internet
Supports micropayments as small as 3c and works both online and off-
line at stores or over the telephone
Secret card-to-card transfer protocol
Loaded through ATM
    ATM does not know transfer protocol; connects with secure device
    at bank
     An Introduction to E-Commerce                             Winter 85, 50




                                                                               25
Mondex Smart Card Processing




   An Introduction to E-Commerce           Winter 85, 51




   Internet Technology and the
         Banking Industry

Paper checks
  Used to make the largest dollar volume payments
Check Clearing for the 21st Century Act
(Check 21)
  Permits banks to eliminate the movement of
  physical checks entirely


   An Introduction to E-Commerce           Winter 85, 52




                                                           26
                    Phishing Attacks
Basic structure
  Attacker sends e-mail messages to a large number of
  recipients
  Message states that an account has been compromised
  and the matter should be corrected
  Message includes a link
  User enters a login name and password, which the
  perpetrator captures
  Once inside a victim’s account, the perpetrator can
  access personal information

    An Introduction to E-Commerce                Winter 85, 53




                   Phishing Attack
                   Countermeasures
Most important step that companies can take
today
  Educate Web site users
Many companies contract consulting firms
that specialize in anti-phishing work
Anti-phishing technique
  Monitor online chat rooms used by criminals

    An Introduction to E-Commerce                Winter 85, 54




                                                                 27
 Secure Electronic Transaction

Jointly designed by MasterCard and Visa with backing of
Microsoft, Netscape, IBM, GTE, SAIC, and others
Designed to provide security for card payments as they
travel on the Internet
   Contrasted with Secure Socket Layers (SSL) protocol, SET validates
   consumers and merchants in addition to providing secure
   transmission
SET specification
   Uses public key cryptography and digital certificates for validating
   both consumers and merchants
   Provides privacy, data integrity, user and merchant authentication,
   and consumer nonrepudiation
     An Introduction to E-Commerce                             Winter 85, 55




                 The SET protocol

                                       *


                                       *




                                               * : Digital Signature
     An Introduction to E-Commerce                             Winter 85, 56




                                                                               28
  SET Payment Transactions

SET-protected payments work like this:
   Consumer makes purchase by sending encrypted
   financial information along with digital certificate
   Merchant’s website transfers the information to a
   payment card processing center while a Certification
   Authority certifies digital certificate belongs to sender
   Payment card-processing center routes transaction to
   credit card issuer for approval
   Merchant receives approval and credit card is charged
   Merchant ships merchandise and adds transaction
   amount for deposit into merchant’s account
   An Introduction to E-Commerce                        Winter 85, 57




SET uses a hierarchy of trust




All parties hold certificates signed directly or
indirectly by a certifying authority. [Source: Stein]
   An Introduction to E-Commerce                        Winter 85, 58




                                                                        29
                   SET Protocol

Extremely secure
  Fraud reduced since all parties are authenticated
  Requires all parties to have certificates
80 percent of SET activities are in Europe and
Asian countries
Problems with SET
  Not easy to implement
  Not as inexpensive as expected
  Expensive to integrated with legacy applications
  Not tried and tested, and often not needed
  Scalability is still in question
    An Introduction to E-Commerce                     Winter 85, 59




                              Summary

Most popular forms of payment on the
Internet

  Credit card

  Debit card

  Charge cards (payment cards)

    An Introduction to E-Commerce                     Winter 85, 60




                                                                      30
             Summary (continued)

Electronic cash
  Form of online payment
  Slow to catch on in the United States
  Especially useful for making micropayments
  Advantages
     Portable, anonymous, and usable for international
     transactions
    An Introduction to E-Commerce                       Winter 85, 61




             Summary (continued)

Electronic wallets
  Provide convenience to online shoppers
  Eliminate the need to reenter payment card and
  shipping information at a site’s electronic checkout
  counter
Smart cards
  Intended to replace the collection of plastic cards
  people now carry
Phishing expeditions
  Create significant threat to online financial institutions
  and their customers
    An Introduction to E-Commerce                       Winter 85, 62




                                                                        31