Chapter 7
7
Electronic Payment Systems
Electronic Commerce
1
Objectives

We will discuss about:

7






Four methods for collecting customer payments
Credit and debit card processing
SET protocol protections for credit cards
How software wallets work
History and future of electronic cash systems, how they
work and are implemented
Smart cards
Which payment systems are most popular and which are
likely to gain acceptance
2
Introduction to Electronic Payment Systems

7


The largest distinction between a typical Web server
and a Web commerce server is the concept of
money - handling payments over the Internet.
Electronic payments are far cheaper than the
traditional method of billing and payment systems
(which includes invoicing/billing, mailing statements,
receiving payments, and posting payments).
The methods of payment for business-to-consumer
transactions are different than that of the businessto-business transactions.
3
Introduction to Electronic Payment Systems
7

There are three methods of payment in a traditional
business transaction:
 Check, credit card, or cash

There are four methods of payments in an electronic
commerce transaction:
 Electronic cash, software wallets, smart cards,
and credit/debit cards
 Scrip is digital cash minted by third-party
organizations
4
Electronic Cash


7



Credit card-issuing banks make money partly by
charging merchants a processing fee for a consumer
transaction.
The processing fee range from 1.5 to 3 percent of a
sell, in addition to a fee of, say, 20 cents per
transaction.
This policy applies to both traditional business and
electronic commerce.
These fees make small purchases unprofitable for a
merchant.
Sometimes a merchant imposes a minimum credit
card purchase amount to consumers (say $20) to
make small transaction profitable.
5
Electronic Cash
7

Electronic cash (e-cash or digital cash) is used
primarily for small purchase of items costing less
than, say, $10

Micropayments
 Payments for items costing $1 or less is termed
as micropayments.
 Paying 25 cents for a reprint of an article from a
newspaper is an example.
6
Electronic Cash Issues

7
Electronic cash should have two important
characteristics:
 It must allow spending only once, like traditional
cash
 Must be anonymous, just like regular currency
 Safeguards must be in place to prevent
counterfeiting or the cash can not be used
more than nonce
 Must be independent and freely transferable
regardless of nationality or storage mechanism
7
Beenz Home Page
7
8
Electronic Cash Storage
 Two

methods
On-line
 Individual
does not have possession of
electronic cash
 Trusted third party, e.g. online bank, holds
customers’ cash accounts
7

Off-line
 Customer
holds cash on smart card or
software wallet
 Fraud and double spending (to two merchants)
require tamper-proof encryption
9
CyberCash -- A Pioneer in Electronic Cash
7
10
Advantages and Disadvantages of
Electronic Cash
 Advantages

7


More efficient, eventually meaning lower prices
Lower transaction costs
Anybody can use it, unlike credit cards, and does
not require special authorization
 Disadvantages



Tax trail non-existent, like regular cash
Money laundering
Susceptible to forgery
11
How Electronic Cash Works
 Customer
opens account with bank in person
and establishes identity

7
Thereafter, digital certificate serves as proof of
identity
 Once
identified, bank issues e-currency and
deducts amount from customer’s account
(minus service fee)
 Customer spends e-cash with merchant who
validates it to prevent forgery or fraud
 Merchant presents e-cash to issuing bank for
deposit once goods or services are received
12
Electronic Cash Security
 Complex
cryptographic algorithms
prevent double spending
7

Anonymity is preserved unless double
spending is attempted
 Serial
numbers can allow tracing to
prevent money laundering

Does not prevent double spending, since
the merchant or consumer could be at
fault
13
Detecting Double Spending
7
14
Past and Present
E-cash Systems
 E-cash
7
not popular in U.S., but
successful in Europe and Japan

Reasons for lack of U.S. success not clear
 Manner
of implementation too complicated
 Lack of standards and interoperable software
that will run easily on a variety of hardware and
software systems
15
Past and Present
E-cash Systems
 Checkfree

7
Allows payment with online electronic
checks
 Clickshare
Designed for magazine and newspaper
publishers
 Miscast as a micropayment only system;
only one of its features
 Purchases are billed to a user’s ISP, who
in turn bill the customer

16
Using Checkfree To Pay A Bill Online
7
17
Clickshare’s Home Page
7
18
Past and Present
E-cash Systems
 CyberCash
Combines features from cash and checks
 Offers credit card, micropayment, and
check payment services
 Connects merchants directly with credit
card processors to provide authorizations
for transactions in real time

7
 No
delays in processing prevent insufficient ecash to pay for the transaction
19
Past and Present
E-cash Systems
 CyberCoins
Service from CyberCash
Stored in CyberCash wallet, a software
storage mechanism located on customer’s
computer
 Used to make purchases between 25c and
$10
 PayNow -- payments made directly from
checking accounts

7
20
CyberCash’s CashRegister Service
7
21
Past and Present
E-cash Systems
 DigiCash
Allowed customers to purchase goods and
services using anonymous electronic cash
 Recently entered Chapter 11
reorganization

7
22
Past and Present
E-cash Systems
 Coin.Net
Electronic tokens stored on a customer’s
computer is used to make purchases
 Works by installing special plug-in to a
customer’s web browser
 Merchants do not need special software to
accept eCoins.
 eCoin server prevents double-spending
and traces transactions, but consumer is
anonymous to merchant

7
23
eCoin.net Home Page
7
24
Past and Present
E-cash Systems
 MilliCent
Developed by Digital, now part of Compaq
 Electronic scrip system
 Participating merchant creates and sells
own scrip to broker at a discount

7
 Consumers
register with broker and buy bulk
generic scrip, usually with credit card
 Customers buy by converting broker scrip to
vendor-specific scrip, i.e. scrip that a particular
merchant will accept
25
Past and Present
E-cash Systems
 MilliCent
cont’d
Customers can purchase items of very low
value
 Brokers required for two reasons:

7
 Small
payments require aggregation to insure
profitability
 System is easier to use -- customer need only
deal with one broker for all their scrip needs
26
MilliCent Demonstration Page
7
27
Electronic Wallets
 Stores
credit card, electronic cash,
owner identification and address
7

Makes shopping easier and more efficient
 Eliminates
need to repeatedly enter identifying
information into forms to purchase
 Works in many different stores to speed
checkout

Amazon.com one of the first online
merchants to eliminate repeat form-filling
for purchases
28
An Electronic Checkout Counter Form
7
29
Electronic Wallets
 Agile
Wallet
Developed by CyberCash
 Allows customers to enter credit card and
identifying information once, stored on a
central server
 Information pops up in supported
merchants’ payment pages, allowing oneclick payment
 Does not support smart cards or
CyberCash

7
30
Electronic Wallets
 eWallet
Developed by Launchpad Technologies
 Free wallet software that stores credit card
and personal information on users’
computer, not on a central server; info is
dragged into payment form from eWallet
 Information is encrypted and password
protected
 Works with Netscape and Internet
Explorer

7
31
Electronic Wallets
 Microsoft
Wallet
Comes pre-installed in Internet Explorer
4.0, but not in Netscape
 All information is encrypted and password
protected
 Microsoft Wallet Merchant directory shows
merchants setup to accept Microsoft
Wallet

7
32
Entering Information Into Microsoft Wallet
7
33
W3C Proposed Standard for
Electronic Wallets
 World
7
Wide Web Consortium (W3C) is
attempting to create an extensible and
interoperable method of embedding
micropayment information on a web
page

Extensible systems allow improvement of
the system without eliminating previous
work
34
W3C Proposed Standard for
Electronic Wallets
 Merchants
7
must accept several payment
options to insure the widest possible Internet
audience



Merchants must embed in their Web page
payment information specific to each payment
system
This redundancy spurred W3C to develop
common standards for Web page markup for all
payment systems
Must move quickly to prevent current methods
from becoming entrenched
35
W3C Electronic Commerce Interest Group
(ECIG) Draft Standard Architecture
 Client
7
(consumer’s web browser)
initiates micropayment activity
Client browser includes Per Fee Link
Handler module and one or more
electronic wallets
 New HTML tags will carry micropayment
information

36
W3C Proposed Micropayment HTML Tags
7
37
The ECML Standard
 Electronic
7
Commerce Modeling
Language (ECML) proposed standards
for electronic wallets
Companies forming the consortium are
America Online, IBM, Microsoft, Visa, and
MasterCard
 Ultimate goal is for all commerce sites to
accept ECML
 Unclear how this standard will incorporate
privacy standards W3C set forth

38
Smart Cards
 It
is a plastic card containing an embedded
microchip. It
 Can store 100 times more information than
a credit card
7

Can contain bank account information to
dispense cash

Can also contain information on health
insurance, private encryption keys, credit
card numbers, and so on.
39
Smart Cards
7

Information is encrypted, unlike credit
cards which have account number on its
face, making credit theft practically
impossible

A key like a Personal Identification
Number (PIN) is required to unlock the
information

To use from a browser, a card reader must
be installed with the computer
40
Smart Cards
 It
7
has been available for over 10 years
 It was not successful in U.S., but popular in
Europe, Australia, and Japan
 Unsuccessful in U.S. partly because few card
readers are available in stores
 Smart cards gradually reappearing in U.S.;
success depends on:


Critical mass of smart cards that support
applications
Compatibility between smart cards, card-reader
devices, and applications
41
Mondex Smart Card
Holds and dispenses electronic cash
 Developed by MasterCard International

7

Requires a “Mondex Card Reader” for
merchant or customer to be installed on the
computer to use it over the Internet

Supports micropayments as small as 3 cents
and works both online and off-line at stores
or over the telephone
42
Mondex Smart Card
 Disadvantages
7

Card carries real cash in electronic form,
creating the possibility of theft

No deferred payment as with credit cards cash is dispensed immediately
43
Mondex Smart Card Processing
7
44
Credit and Charge Cards
 Credit
7
card (ex.: Visa or MasterCard)
 Used for the majority of Internet purchases
 Has a preset spending limit
 Charge card (ex.: American Express)
 No spending limit
 Entire amount charged due at end of
billing period
 A merchants must set up a merchant account
to accept payment cards (credit or charge
cards)
45
Payment Acceptance
and Processing

7

Law prohibits charging payment card until the
merchandise is shipped. This works fine with a
normal store, but not simply with the Internet
shopping
Payment card transaction requires:
 Merchant to authenticate payment card
 Merchant must check with the card issuer to
ensure funds are available and to put hold on
funds needed to make current charge.
(Processing charges for downloaded software
can be requested immediately)
 Settlement occurs in a few days when funds
travel through banking system into merchant’s
account
46
Open and Closed
Loop Systems
7

Closed loop systems
 Banks and other financial institutions serve as brokers
between card users and merchants who want to use a
particular type of card -- no other institution is involved
 American Express and Discover are examples

Open loop systems
 Transaction is processed by a third party, such as an
acquiring bank, that works as an intermediary between the
customer’s credit card issuing bank and the merchant’s
bank.
 Whenever a transaction is processed by a third party, it is
called open loop system
 Visa and MasterCard are examples
47
Setting Up a Merchant Account

7

Merchant bank (both Internet and non-Internet)
 Does business with merchants that want to
accept payment cards
 Merchant receives an account number where
they deposit card sales
 Amounts of sales are credited to the merchant’s
account on a periodic basis
Acquiring Bank (May be same as the Merchant
bank)
 Several third-party Internet and Web based credit
card processing services are available to handle
all details of processing credit cards
48
Processing Payment Cards Online


7




Can be done automatically by software packaged with the
electronic commerce software
Use a payment processing service company: A merchant can
contract a third party to handle all payment card processing
In both cases, a software is used to capture credit card
information from the merchant’s form and connect directly to
the processing bank network using dial-up or private, leased
lines
The processing bank network receives credit information,
performs credit card authorization with the issuing bank, and
presents transaction for processing
The issuing bank then deposits the money in the merchant’s
bank account
The merchant’s web site receives confirmation or rejection of
the transaction, which is communicated to the customer
49
Processing a Payment Card Order
7
50
Processing a Payment Card Order
 Processing
Credit Cards for Online
Payment - Microsoft Paper:
7
 http://msdn.microsoft.com/workshop/se
rver/commerce/creditcard.asp
51
Payment Processing Services Company

Internetsecure
 Provides secure credit card payment services
 Supports payments with Visa and MasterCard
 Provides risk management and fraud detection,
and ensures all proper security for credit card
transactions is maintained
 Ensures all transactions are properly credited to
merchant’s account

Tellan
 Provides two software: PCAuthorize for smaller
commerce sites and WebAuthorize for larger
enterprise-class merchant sites
7
52
Payment Processing Services Company


7
IC Verify
 Provides electronic transaction processing for merchants for
all major credit and debit cards
 Also allows check guarantees and verification transactions
Authorize.Net
 Online, real time service that links merchants with issuing
banks by simply inserting a small block of HTML code into
their transaction page
 The customer order is encrypted and transferred to the
Authorize.net server.
 The server then relays the transaction to the processing
bank
 The merchant must have an Authorize.net account to use
the services
 Visit Authorize.Net: http://www.authorizenet.com
53
Secure Electronic Transaction (SET) Protocol


7
Jointly designed by MasterCard and Visa with
backing of Microsoft, Netscape, IBM, GTE, SAIC,
and others
Designed to provide security for card payments as
they travel on the Internet
 SET protocol is based on the security
requirements of Secure Socket Layers (SSL)
protocol which uses message digest, privatepublic keys, encryption, digital signature, digital
certificate, and digital envelope
 In addition, SET validates consumers and
merchants while providing secure electronic
transmission
54
Secure Electronic Transaction (SET)
Protocol
7

Goal is to have single method of conducting payment
transactions on the Internet; although acceptance of the
standard has been slow

SET specification:


Uses public key cryptography and digital certificates for
validating both consumers and merchants.
It provides




Privacy: Hides customer credit card information from
merchants and also hides order information from banks
Data integrity: Data is not altered; hashing/message digest
Authentication: A method to verify a buyer and merchant
through digital signature
Nonrepudiation: Protection against customer’s denial of orders
made and merchants denial of payments received
55
Secure Electronic Transaction (SET)
Protocol

7



In SET protocol, there are four entities: cardholder,
merchant, certificate authority, and payment
gateway.
The role of payment gateway is to connect the
Internet and proprietary networks of banks.
Each participating entity needs its own certificate
To keep the customer’s certificate in his or her PC,
software called the electronic wallet, or digital
wallet, is necessary
56
SET Payment Transactions

SET-protected payments work like this:

7




Consumer makes purchase by sending encrypted
financial information along with digital certificate
Merchant’s website transfers the information to a
payment card processing center while a
Certification Authority certifies digital certificate
belongs to sender
Payment card-processing center routes
transaction to credit card issuer for approval
Merchant receives approval and credit card is
charged
Merchant ships merchandise and adds
transaction amount for deposit into merchant’s
account
57
SET Protocol
 So
7
far has received lukewarm reception
 80 percent of SET activities are in
Europe and Asian countries
 Problems with SET
Not easy to implement
 Not as inexpensive as expected
 Clumsy
 Not tried and tested, and often not needed

58
SET Protocol
 Visit
7
VISA Web site for SET
 http://www.visa.com/nt/ecomm/security/
set.html
59