ITEC5611 Electronic Payment Systems Outline • • • • • • • The Payment Evolution Using Payment Cards Online Secure Electronic Transaction (SET) E-Micropayment E-Checking Electronic Bill Presentment and Payment PayPal S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 2 The Payment Revolution • Crucial Factors – – – – – – – – Independence • Some e-payment systems require specialized software or hardware to make payment Interoperability and portability Security Anonymity Divisibility Ease of use Transaction fees Regulations S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 3 Outline • • • • • • • The Payment Evolution Using Payment Cards Online Secure Electronic Transaction (SET) E-Micropayment E-Checking Electronic Bill Presentment and Payment PayPal S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 4 Using Payments Cards Online payment card Electronic card that contains information that can be used for payment purposes • Three forms of payment cards: – – Credit cards Debit cards S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 5 Using Payments Cards Online • Processing Credit Cards Online authorization Determines whether a buyer’s card is active and whether the customer has sufficient funds settlement Transferring money from the buyer’s to the merchant’s account S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 6 Using Payments Cards Online • Processing Credit Cards Online payment service provider (PSP) A third-party service connecting a merchant’s EC systems to the appropriate acquirers. PSPs must be registered with the various card associations they support S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 7 Using Payments Cards Online – Key participants in processing credit card payments online include the following: • • • • • • Acquiring bank Credit card association Customer Issuing bank Merchant Payment processing service – • Processor – S. Kungpisdan Service provides connectivity among merchants, customers and financial network Data center that processes credit-card transactions and settles funds to merchants ITEC5611 Electronic Commerce Systems Implementation 8 Using Payments Cards Online • Fraudulent Credit Card Transactions Address Verification System (AVS) Detects fraud by comparing the address entered on a Web page with the address information on file with cardholder’s issuing bank • • S. Kungpisdan Result in a number of false positive Only available in US and Canada ITEC5611 Electronic Commerce Systems Implementation 9 Using Payments Cards Online card verification number (CVN) Detects fraud by comparing the verification number printed on the signature strip on the back of the card with the information on file with the cardholder’s issuing bank S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 10 Using Payments Cards Online • Fraudulent Credit Card Transactions – Additional tools used to combat fraud include: • • Manual review Negative files – • Card association payer authentication services – – – – – S. Kungpisdan check to see if customer’s transaction is matched against the file containing customer’s information 3D (3-domain) Secure E.g. Verified by Visa, MasterCard SecureCode, JCB J/Secure Require cardholders to register with the systems and merchants to adopt and support both existing systems and the new systems Cardholder needs to have an additional password to authenticate him/herself Merchant must also enroll itself to the program ITEC5611 Electronic Commerce Systems Implementation 11 Smart Cards smart card An electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 12 Exhibit 12.2 Smart Card S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 13 Smart Cards • Types of Smart Cards contact card A smart card containing a small gold plate on the face that when inserted in a smart card reader makes contact and passes data to and from the embedded microchip contactless (proximity) card A smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device without contact between the card and the card reader S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 14 Smart Cards • Applications of Smart Cards – Retail Purchases e-purse Smart card application that loads money from a card holder’s bank account onto the smart card’s chip Common Electronic Purse Specification (CEPS) Standards governing the operation and interoperability of e-purse offerings S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 15 Smart Cards • Applications of Smart Cards – Transit Fares To eliminate the inconvenience of multiple types of tickets used in public transportation, most major transit operators in the United States are implementing smart card fareticketing systems – E-Identification Because they have the capability to store personal information, including pictures, biometric identifiers, digital signatures, and private security keys, smart cards are being used in a variety of identification, access control, and authentication applications S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 16 Smart Cards • Applications of Smart Cards in Health Care – – – – Storing vital medical information in case of emergencies Preventing patients from obtaining multiple prescriptions from different physicians Verifying a patient’s identity and insurance coverage Speeding up the hospital or emergency room admissions process S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 17 Smart Cards • Securing Smart Cards – – – Smart cards store or provide access to either valuable assets or to sensitive information Because of this, they must be secured against theft, fraud, or misuse The possibility of hacking into a smart card is classified as a “class 3” attack, which means that the cost of compromising the card far exceeds the benefits S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 18 Outline • • • • • • • The Payment Evolution Using Payment Cards Online Secure Electronic Transaction (SET) E-Micropayment E-Checking Electronic Bill Presentment and Payment PayPal S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 19 Secure Electronic Transaction S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 20 Services Provided by SET • Secure communications channel among involved parties • Trust by using X.509 certs • Party privacy: parties will receive only the information that they are intended to receive S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 21 SET Requirements • Provide confidentiality of payment and ordering information • Ensure the integrity of all transmitted data • Provide authentication that a cardholder is a legitimate user of a credit card account • Provide authentication that a merchant can accept credit card transactions through its relationship with a financial institution • Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an e-commerce transactions • Create a protocol that neither depends on transport security mechanisms nor prevents their use S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 22 Secure Electronic Transaction 4, 6 3 5, 10, 11 2 9 1 7 12 8 S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 23 SET Transaction Overview 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Client opens an account Client receives a certificate Merchants have their own certs The client places an order (C M) The merchant is verified (M C) The order and payment are sent (C M) The merchant requests payment authorization (M PG) Payment is approved (PG I, I A, I,A PG) The merchant receives authorization response (PG M) The merchant confirms the order (M C) The merchant provides goods or service (M C) The merchant requests payment (M A) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 24 Dual Signature • In SET, two messages for two intended recipients are sent in one message – – – – • • Order Information (OI) from client to merchant -> not revealed to the bank Payment Information (PI) from client to the bank -> not revealed to the merchant DS = EKRc[H(H(PI)||H(OI))] DS provides link btw OI and PI for the client If merchant receives DS, H(PI), merchant can prove that client has sent purchase request (because merchant has OI). If bank receives DS, H(OI), the bank can prove that client has request it to deduct money from client’s account (because the bank has PI). S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 25 Stored-Value Cards stored-value card A card that has monetary value loaded onto it and that is usually rechargeable S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 26 Outline • • • • • • • The Payment Evolution Using Payment Cards Online Secure Electronic Transaction (SET) E-Micropayment E-Checking Electronic Bill Presentment and Payment PayPal S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 27 E-Micropayments e-micropayments Small online payments, typically under US $10 • Companies with e-micropayment products: – – – – BitPass (bitpass.com) Paystone (paystone.com) PayLoadz (payloadz.com) Peppercoin (peppercoin.com) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 28 Millicent S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 29 Outline • • • • • • • The Payment Evolution Using Payment Cards Online Secure Electronic Transaction (SET) E-Micropayment E-Checking Electronic Bill Presentment and Payment PayPal S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 30 E-Checking e-check A legally valid electronic version or representation of a paper check Automated Clearing House (ACH) Network A nationwide batch-oriented electronic funds transfer system that provides for the interbank clearing of electronic payments for participating financial institutions S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 31 E-Checking • Benefits of e-check processing: – – It reduces the merchant’s administrative costs by providing faster and less paper-intensive collection of funds It improves the efficiency of the deposit process for merchants and financial institutions S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 32 E-Checking • Benefits of e-check processing: – – – It speeds the checkout process for consumers It provides consumers with more information about their purchases on their account statements It reduces the float period and the number of checks that bounce because of insufficient funds (NSFs) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 33 Exhibit 12.3 Processing E-Checks with Authorize.Net S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 34 Outline • • • • • • • The Payment Evolution Using Payment Cards Online Secure Electronic Transaction (SET) E-Micropayment E-Checking Electronic Bill Presentment and Payment PayPal S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 35 Electronic Bill Presentment and Payment electronic bill presentment and payment (EBPP) Presenting and enabling payment of a bill online. Usually refers to a B2C transaction S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 36 Exhibit 12.4 E-Bill Presentment S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 37 Electronic Bill Presentment and Payment • Types of E-Billing – – – Online banking Biller direct Bill consolidator S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 38 Electronic Bill Presentment and Payment • Advantages of E-Billing – – – Reduction in expenses related to billing and processing payments Electronic advertising inserts can be customized to the individual customer Reduces customer’s expenses S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 39 Exhibit 12.5 E-Billing Process for Single Biller S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 40 Exhibit 12.6 E-Billing Processes for Bill Consolidator S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 41 Outline • • • • • • • The Payment Evolution Using Payment Cards Online Secure Electronic Transaction (SET) E-Micropayment E-Checking Electronic Bill Presentment and Payment PayPal S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 42 PayPal S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 43 PayPal Interface S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 44 Send money person to person S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 45 PayPal Website Payment S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 46 PayPal Website Payment (cont’d) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 47 PayPal Website Payment (cont’d) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 48 PayPal Website Payment (cont’d) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 49 Receiving money • A merchant who wants to withdraw money from Paypal account must add bank account to Paypal first. S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 50 Paypal Virtual Terminal • • • It’s an online version of the credit card swipe machines used in stores. But it gives you added advantages: Increase sales. Expand your business beyond the internet. Save money. There’s no need to invest in expensive equipment. S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 51 Paypal Sandbox • Go to https://developers.paypal.com/ S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 52 Paypal Sandbox (cont’d) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 53 Paypal Sandbox (cont’d) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 54 Paypal Sandbox (cont’d) S. Kungpisdan ITEC5611 Electronic Commerce Systems Implementation 55 Questions? Next lecture Search Engines, Directory Services and Internet Advertising