payment card

advertisement
ITEC5611
Electronic Payment Systems
Outline
•
•
•
•
•
•
•
The Payment Evolution
Using Payment Cards Online
Secure Electronic Transaction (SET)
E-Micropayment
E-Checking
Electronic Bill Presentment and Payment
PayPal
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
2
The Payment Revolution
•
Crucial Factors
–
–
–
–
–
–
–
–
Independence
• Some e-payment systems require specialized software or
hardware to make payment
Interoperability and portability
Security
Anonymity
Divisibility
Ease of use
Transaction fees
Regulations
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
3
Outline
•
•
•
•
•
•
•
The Payment Evolution
Using Payment Cards Online
Secure Electronic Transaction (SET)
E-Micropayment
E-Checking
Electronic Bill Presentment and Payment
PayPal
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
4
Using Payments Cards Online
payment card
Electronic card that contains information that can
be used for payment purposes
•
Three forms of payment cards:
–
–
Credit cards
Debit cards
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
5
Using Payments Cards Online
•
Processing Credit Cards Online
authorization
Determines whether a buyer’s card is active
and whether the customer has sufficient funds
settlement
Transferring money from the buyer’s to the
merchant’s account
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
6
Using Payments Cards Online
•
Processing Credit Cards Online
payment service provider (PSP)
A third-party service connecting a merchant’s
EC systems to the appropriate acquirers. PSPs
must be registered with the various card
associations they support
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
7
Using Payments Cards Online
–
Key participants in processing credit card payments online
include the following:
•
•
•
•
•
•
Acquiring bank
Credit card association
Customer
Issuing bank
Merchant
Payment processing service
–
•
Processor
–
S. Kungpisdan
Service provides connectivity among merchants, customers and
financial network
Data center that processes credit-card transactions and settles funds to
merchants
ITEC5611 Electronic Commerce
Systems Implementation
8
Using Payments Cards Online
•
Fraudulent Credit Card Transactions
Address Verification System (AVS)
Detects fraud by comparing the address entered on a
Web page with the address information on file with
cardholder’s issuing bank
•
•
S. Kungpisdan
Result in a number of false positive
Only available in US and Canada
ITEC5611 Electronic Commerce
Systems Implementation
9
Using Payments Cards Online
card verification number (CVN)
Detects fraud by comparing the verification number
printed on the signature strip on the back of the card
with the information on file with the cardholder’s
issuing bank
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
10
Using Payments Cards Online
•
Fraudulent Credit Card Transactions
–
Additional tools used to combat fraud include:
•
•
Manual review
Negative files
–
•
Card association payer authentication services
–
–
–
–
–
S. Kungpisdan
check to see if customer’s transaction is matched against the file
containing customer’s information
3D (3-domain) Secure
E.g. Verified by Visa, MasterCard SecureCode, JCB J/Secure
Require cardholders to register with the systems and merchants to
adopt and support both existing systems and the new systems
Cardholder needs to have an additional password to authenticate
him/herself
Merchant must also enroll itself to the program
ITEC5611 Electronic Commerce
Systems Implementation
11
Smart Cards
smart card
An electronic card containing an embedded
microchip that enables predefined operations or
the addition, deletion, or manipulation of
information on the card
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
12
Exhibit 12.2 Smart Card
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
13
Smart Cards
•
Types of Smart Cards
contact card
A smart card containing a small gold plate on the face that when
inserted in a smart card reader makes contact and passes data
to and from the embedded microchip
contactless (proximity) card
A smart card with an embedded antenna, by means of which
data and applications are passed to and from a card reader unit
or other device without contact between the card and the card
reader
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
14
Smart Cards
•
Applications of Smart Cards
–
Retail Purchases
e-purse
Smart card application that loads money from a
card holder’s bank account onto the smart card’s
chip
Common Electronic Purse Specification (CEPS)
Standards governing the operation and
interoperability of e-purse offerings
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
15
Smart Cards
•
Applications of Smart Cards
–
Transit Fares
To eliminate the inconvenience of multiple types of tickets
used in public transportation, most major transit operators
in the United States are implementing smart card fareticketing systems
–
E-Identification
Because they have the capability to store personal
information, including pictures, biometric identifiers, digital
signatures, and private security keys, smart cards are
being used in a variety of identification, access control,
and authentication applications
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
16
Smart Cards
•
Applications of Smart Cards in Health Care
–
–
–
–
Storing vital medical information in case of emergencies
Preventing patients from obtaining multiple prescriptions
from different physicians
Verifying a patient’s identity and insurance coverage
Speeding up the hospital or emergency room admissions
process
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
17
Smart Cards
•
Securing Smart Cards
–
–
–
Smart cards store or provide access to either valuable
assets or to sensitive information
Because of this, they must be secured against theft,
fraud, or misuse
The possibility of hacking into a smart card is
classified as a “class 3” attack, which means that the
cost of compromising the card far exceeds the
benefits
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
18
Outline
•
•
•
•
•
•
•
The Payment Evolution
Using Payment Cards Online
Secure Electronic Transaction (SET)
E-Micropayment
E-Checking
Electronic Bill Presentment and Payment
PayPal
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
19
Secure Electronic Transaction
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
20
Services Provided by SET
• Secure communications channel among involved parties
• Trust by using X.509 certs
• Party privacy: parties will receive only the information that
they are intended to receive
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
21
SET Requirements
• Provide confidentiality of payment and ordering information
• Ensure the integrity of all transmitted data
• Provide authentication that a cardholder is a legitimate user of a credit
card account
• Provide authentication that a merchant can accept credit card
transactions through its relationship with a financial institution
• Ensure the use of the best security practices and system design
techniques to protect all legitimate parties in an e-commerce
transactions
• Create a protocol that neither depends on transport security
mechanisms nor prevents their use
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
22
Secure Electronic Transaction
4, 6
3
5, 10, 11
2
9
1
7
12
8
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
23
SET Transaction Overview
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Client opens an account
Client receives a certificate
Merchants have their own certs
The client places an order (C  M)
The merchant is verified (M  C)
The order and payment are sent (C  M)
The merchant requests payment authorization (M  PG)
Payment is approved (PG  I, I  A, I,A  PG)
The merchant receives authorization response (PG  M)
The merchant confirms the order (M  C)
The merchant provides goods or service (M  C)
The merchant requests payment (M  A)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
24
Dual Signature
•
In SET, two messages for two intended recipients are sent in one message
–
–
–
–
•
•
Order Information (OI) from client to merchant -> not revealed to the bank
Payment Information (PI) from client to the bank -> not revealed to the merchant
DS = EKRc[H(H(PI)||H(OI))]
DS provides link btw OI and PI for the client
If merchant receives DS, H(PI), merchant can prove that client has sent
purchase request (because merchant has OI).
If bank receives DS, H(OI), the bank can prove that client has request it to
deduct money from client’s account (because the bank has PI).
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
25
Stored-Value Cards
stored-value card
A card that has monetary value loaded onto it
and that is usually rechargeable
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
26
Outline
•
•
•
•
•
•
•
The Payment Evolution
Using Payment Cards Online
Secure Electronic Transaction (SET)
E-Micropayment
E-Checking
Electronic Bill Presentment and Payment
PayPal
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
27
E-Micropayments
e-micropayments
Small online payments, typically under US $10
•
Companies with e-micropayment products:
–
–
–
–
BitPass (bitpass.com)
Paystone (paystone.com)
PayLoadz (payloadz.com)
Peppercoin (peppercoin.com)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
28
Millicent
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
29
Outline
•
•
•
•
•
•
•
The Payment Evolution
Using Payment Cards Online
Secure Electronic Transaction (SET)
E-Micropayment
E-Checking
Electronic Bill Presentment and Payment
PayPal
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
30
E-Checking
e-check
A legally valid electronic version or
representation of a paper check
Automated Clearing House (ACH) Network
A nationwide batch-oriented electronic funds
transfer system that provides for the interbank
clearing of electronic payments for participating
financial institutions
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
31
E-Checking
•
Benefits of e-check processing:
–
–
It reduces the merchant’s administrative costs by
providing faster and less paper-intensive collection of
funds
It improves the efficiency of the deposit process for
merchants and financial institutions
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
32
E-Checking
•
Benefits of e-check processing:
–
–
–
It speeds the checkout process for consumers
It provides consumers with more information about
their purchases on their account statements
It reduces the float period and the number of checks
that bounce because of insufficient funds (NSFs)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
33
Exhibit 12.3 Processing E-Checks with
Authorize.Net
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
34
Outline
•
•
•
•
•
•
•
The Payment Evolution
Using Payment Cards Online
Secure Electronic Transaction (SET)
E-Micropayment
E-Checking
Electronic Bill Presentment and Payment
PayPal
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
35
Electronic Bill Presentment and Payment
electronic bill presentment and payment
(EBPP)
Presenting and enabling payment of a bill online.
Usually refers to a B2C transaction
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
36
Exhibit 12.4 E-Bill Presentment
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
37
Electronic Bill Presentment and Payment
•
Types of E-Billing
–
–
–
Online banking
Biller direct
Bill consolidator
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
38
Electronic Bill Presentment and
Payment
•
Advantages of E-Billing
–
–
–
Reduction in expenses related to billing and
processing payments
Electronic advertising inserts can be customized to
the individual customer
Reduces customer’s expenses
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
39
Exhibit 12.5 E-Billing Process for
Single Biller
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
40
Exhibit 12.6 E-Billing Processes for
Bill Consolidator
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
41
Outline
•
•
•
•
•
•
•
The Payment Evolution
Using Payment Cards Online
Secure Electronic Transaction (SET)
E-Micropayment
E-Checking
Electronic Bill Presentment and Payment
PayPal
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
42
PayPal
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
43
PayPal Interface
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
44
Send money person to person
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
45
PayPal Website Payment
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
46
PayPal Website Payment (cont’d)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
47
PayPal Website Payment (cont’d)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
48
PayPal Website Payment (cont’d)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
49
Receiving money
• A merchant who wants to withdraw money from Paypal
account must add bank account to Paypal first.
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
50
Paypal Virtual Terminal
•
•
•
It’s an online version of the credit
card swipe machines used in
stores. But it gives you added
advantages:
Increase sales. Expand your
business beyond the internet.
Save money. There’s no need to
invest in expensive equipment.
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
51
Paypal Sandbox
• Go to https://developers.paypal.com/
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
52
Paypal Sandbox (cont’d)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
53
Paypal Sandbox (cont’d)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
54
Paypal Sandbox (cont’d)
S. Kungpisdan
ITEC5611 Electronic Commerce
Systems Implementation
55
Questions?
Next lecture
Search Engines, Directory
Services and Internet Advertising
Download