1
The Present and Future of Electronic Payment Systems
Vivek Reddy
vjreddy@scu.edu
Coen 150
5/17/04
2
Abstract. Electronic commerce and electronic business are the inevitable mediums of
exchange in an increasingly wired world. To better understand the problems and
perspectives of electronic payment systems, it is wise to look at not only the current
systems in place, but to also examine what the future may hold. This paper describes the
characteristics of current systems in place and provides a brief analysis of how each
works. Finally, it predicts the future of these systems and the possible changes to the
current structure of economic transactions.
1 Introduction
For more than decade there have been predictions of the elimination of physical
cash as a transaction medium and the substitution of one form or another of an electronic
payments system. Some forecasters view the prospect with delight, looking on it as
increasing the efficiency of the economy. Others fear its rise, anticipating it to be another
way in which the security and privacy of our lives become subject to monitoring and
scrutiny. But no matter which side one may fall on, it is clear that we're abolishing the
physical need for money, one step at a time. We're committing our futures, our families,
our societies, to cyberspace (Gleick). Because of this explosive development of electronic
commerce in recent years, the issue of paying over open networks has become very
important. Electronic payment systems are required to bring the necessary infrastructure
to facilitate payments. They are an essential part of the further development of commerce
and business (Gleick).
Before taking a closer look at the different types of payment systems, it is
important to classify or categorize them in order to get a better understanding of the
characteristics and properties of the systems. The first level in the categorization is based
3
on the way in which money transfer is organized. Existing payment mechanisms can be
divided into two groups: electronic cash and credit-debit systems. Another approach,
based on the type of information that is exchanged, distinguishes between account-based
and token based systems, in which the former corresponds to credit-debit systems and the
latter to electronic cash (Abrazhevich).To be specific, electronic currency or cash is
similar to conventional cash where parties exchange electronic tokens that represent
value, just like paper money with respect to banks. The credit-debit approach, in contrast,
means that money is represented by numbers in bank accounts and these numbers are
transferred between parties over computer networks. Going one step further in the
classification of account-based systems, we can distinguish between debit and credit
cards systems and specialized ones, for example, those systems that use e-mail for money
transfer or notification. Electronic currency can be divided on systems that support smart
cards, and those that exist only in online environment. They can be called ‘online cash’ or
‘Web cash’. Prepaid cards and electronic purse systems can be also included in this
category (Abrazhevich).
Now that we have classified the payment systems, we can take a more in-depth
look at each of the categories. By choosing a specific example from each, we can analyze
the specific functionality of each system and why its security allows it to be either a
promising new technology or an already existing one. Under the scope of account based
systems, we will first see how credit cards work, then continue on to email-based
transaction systems, and finally a generic system such as PayPal. Moreover, under the
category of electronic currency, we will take a look at both smart cards and E-Cash.
Finally, we will anticipate how new innovations and technologies such as RF
4
identifications will continue to morph the changing landscape of electronic payment
systems in the future.
2 Account-Based Systems: The Credit Card
A first step in the evolution of physical to electronic payment systems, the credit
card is a common piece of innovation used by almost everyone in today’s society. In
order to understand future technology such as the viability of the smart card, it is indeed
beneficial to see how a credit card actually works. In general, a credit card is a thin
plastic card, usually 3-1/8 inches by 2-1/8 inches in size that contains identification
information such as a signature or picture, and authorizes the person named on it to
charge purchases or services to his account. These will be billed periodically. Today, the
information on the card is read by automated teller machines, store readers, and bank and
Internet computers (how stuff works).
In order to authenticate these credit card transactions, there are three basic
methods of determining whether your credit card will pay for what you are charging.
Merchants with only a few transactions each month can do voice authentication using a
touch-tone phone. Additionally, terminals allow users to swipe their credit cards, easing
the need for an additional human being to be involved in the transaction (how stuff
works). For example, people often swipe their own card at the checkout of stores these
days. And finally, there are virtual terminals for internet transactions. More specifically,
the protocol for credit card use starts with a cashier swiping the card through a reader.
This dials a stored telephone number to call an acquirer. An acquirer is an organization
that collects credit authentication requests and provides the merchants with a payment
guarantee. When the acquirer company gets the credit card requests, it checks the
5
transaction for validity and the record on the stripe for merchant ID, valid card number,
expiration date, credit card limit, and card usage. Single dial-up transactions are
processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment uses
much higher speeds via this protocol. In this system, the cardholder enters a personal
identification number (PIN) using a keypad (how stuff works).
The PIN is not on the card, it is rather encrypted in a database. For example,
before you get cash from an ATM, the ATM encrypts the PIN and sends it to the database
to see if there is a match. The PIN can be either in the bank's computers in an encrypted
form or encrypted on the card itself. The transformation used in this type of cryptography
is called one-way. This means that it's easy to compute a cipher given the bank's key and
the customer's PIN, but not really feasible to obtain the plain-text PIN from the cipher,
even if the key is known. This feature was designed to protect the cardholder from being
impersonated by someone who has access to the bank's computer files. Likewise, the
communications between the ATM and the bank's central computer are encrypted to
prevent hackers from tapping into the phone lines, recording the signals sent to the ATM
to authorize the dispensing of cash and then feeding the same signals to the ATM to trick
it into unauthorized dispensing of cash (how stuff works).
Now that we’ve seen how a credit card works, the advantages are quite apparent.
This system of electronic payment provides ease of use and scalability. As long as it can
use the existing networks and terminals, there is no need for creating new hardware or
infrastructure. All that needs to be tracked is what new accounts have been created.
6
2.1 Account-Based Systems: E-mail Based Systems
E-mail is an inherently insecure medium. Whereas traditional bank paper and
other payment systems have levels of security built in, e-mail does not. E-mail payment
systems use e-mail for notification and traditional banking systems to transfer funds.
However, the actual security of payments remains relevant and can be divided into two
main concerns: transaction-level security and user authentication. The first is more
straightforward and concerns the guarding of sensitive payment details while in transit.
This can be addressed by 128-bit data encryption in a secured socket layer (SSL), which
is widely accepted and is generally believed to be adequate protection even for largevalue transactions (Finance Asia). This communication protocol, which also is used for
web-based credit card payments, works in a series of steps:






Client enters a merchant site which uses SSL;
Web browser and merchant server contact themselves (handshake process):
o Web browser and Merchant server establish the cipher suite;
o Web browser authenticates the server thanks to its digital certificate (and
optional client authentication);
o Web browser chooses a symmetric key, encrypts it with server’s public
key which he has obtained with server’s certificate and finally sends it
back;
o
Merchant’s server decrypts it and the handshake is completed.
The server performs the following steps:
o Computes the hash value (digest) of requested data;
o Encrypts data and hash value with a symmetric key which was chosen
during handshake process;
o Sends it to the client.
The client’s browser proceeds as follows:
o It decrypts message with the chosen key;
o It crates message digest from the original message;
o It compares both digests;
o If they are equals it presents the data.
The client fills in a form (e.g. the credit card number and order information)
The client’s browser sends the form to the merchant’s server after proceeding
following operations:
o Computing the digest of the data;
7
o

Encrypting the data and the digest with the symmetric key
The merchant’s server:
o Decrypts the message;
o Calculates the digest of the original data;
o Compares both digests;
o If they are equals it continues process… (Stabla).
Authentication is trickier and is a justified reason why large-value payments will
probably not be conducted using e-mail for some time. It is technically feasible to build a
public key infrastructure and an e-mail payment system to authenticate parties to a
transaction. This would in turn provide strong authentication. But this is not necessarily a
good user experience and is certainly not an established practice.
So in the end, electronic transmission of funds using e-mail can provide
significant benefits. Convenience is of course first and foremost in this category. It could
also provide viable security and possible cost savings. As it happens, it is not something
that is truly necessary in the short term. It is possible however in the future that it may
become more commonplace.
2.2 Account-Based Systems: PayPal
One of the more generic account based systems is PayPal. It is a widely used
online payment solution that works solely off of the existing financial infrastructure.
Once a user has a PayPal account and has entered information about the bank accounts
they wish to draw from, they can send money to anyone with an e-mail account. The
money is then taken from the sender and placed in a PayPal account for the recipient.
Basically, PayPal can be thought of as a middle man for credit card transactions. All
transactions between consumers take place indirectly through PayPal. Currently the
8
payment method of choice for auction such as eBay, PayPal has shown itself to be a
viable payment solution for individuals. Similar to other web based transactions, PayPal
automatically encrypts confidential information in transit from the consumer’s computer
to the merchant’s using the Secure Sockets Layer protocol (SSL) with an encryption key
length of 128-bit. However it does not have the security features that are needed for
larger business transactions. Once again though, similar to the credit card itself, the
advantages of PayPal are both primarily ease of use and scalability since it does not need
to create a new infrastructure in order to go through with transactions.
2.3 Account-Based Systems: General
As stated earlier, account based systems use the SSL protocol in order to create a
secure transaction between the consumer and merchant. But as the internet marketplace
continues to expand, there is no safe standards-based payment system. With this protocol,
the card number is safely passed on to the merchant and protected from stealing or
changing information during transmission. But, neither non-repudiation nor fraudulent
use of card numbers are fully protected against, since merchants stock all confidential
account information about his clients on his server. In the case of an SSL transaction the
purchaser has no certainty that merchant will guard properly payment card information.
Moreover he or she has no assurance that merchant is authorized to accept credit card
payments. On the other hand, the merchant has no assurance that client is legible to use
the payment card.
Secure Electronic Transaction (SET) is a payment protocol developed by VISA
and MasterCard based on the RSA algorithm. It helps to ensure security of data during
9
financial transactions over the Internet. Very similar to SSL, SET mainly depends on
cryptology and digital signature technologies. With SET, the cardholder uses software
called an “electronic wallet”, in which the credit card numbers and digital certificate are
stored. The merchant will acquire a digital certificate from a financial institution. Both
the cardholder and the merchant will present their digital certificates to each other in
order to verify their identities when conducting transactions over the Internet. During an
SET transaction, the cardholder’s credit card number is not be seen by the merchant, as
an encrypted code of the credit card number is sent to the credit card issuer, which
approves the transaction for the merchant (Secure Electronic Transaction). In this way,
unauthorized viewing and data corruptions will be prevented during transmission. SET is
simply a better version of SSL.
Now that we’ve examined the functionality of account based systems we can turn
our attention to electronic cash or currencies.
3 Electronic Currencies: Smart Cards
You can think of the smart card as a "credit card" with a "brain" on it, the brain
being a small embedded computer chip. This card-computer can be programmed to
perform tasks and store information. Smart cards currently are used in telephone,
transportation, banking, healthcare transactions, and the Internet. Smart cards are already
being used extensively in Japan and Europe and are gaining popularity in the U.S.
(DiGiorgio).
10
The reason we classify them as an electronic currency is because systems that
employ smart cards like Chipknip, Chipper, Belgium Proton, Mondex, and Visa Cash
represent money as a number on the card. With this in mind, they act like an electronic
purse. The value is stored on a card and if the card is lost the money is gone, in a fashion
similar to cash (Abrazhevich).
The advantages of smart cards are numerous. First, they are more reliable than a
magnetic stripe card. They can also store a hundred times more information than a
magnetic stripe card. In terms of security, they are more difficult to tamper with than
magnet stripes. Furthermore they can be disposable or reusable. And finally they can
perform multiple functions in a wide range of industries because of their compatibility
with portable electronic devices such as phones, PDAs, and PCs (DiGiorgio).
3.1 Electronic Currencies: E-Cash
”Electronic money is broadly defined as an electronic store of monetary value on a
technical device that may be widely used for making payments to undertakings other than
the issuer without necessarily involving bank accounts in the transaction, but acting as a
prepaid bearer instrument” (European Central Bank).
“Electronic money products are defined […] as stored value or prepaid products in which
a record of the funds or value available to the consumer is stored on a device in the
consumer’s possession. This definition includes both prepaid cards (sometimes called
electronic purses) and prepaid software products that use computer networks such as the
internet (sometimes called digital cash)” (Bank for International Settlement ).
Summing these up, one can state that e-money is not like anything that has been
attempted before. It creates new sub-category of money. It constitutes, at the same time,
payment instrument, monetary value and account units, making it operate just like cash
would (Stabla).
11
There are two types of e-money: identified and anonymous. Identifiable e-money
operates similar to bank products because the identity of the user and the way of spending
is well known to financial institutions and the latter can easily track the circulation of emoney in the economy. Anonymous e-money is totally untraceable and to create it a
blind signature is needed. The process of the blind signing is a modification of the
traditional digital signing process (Stabla). To understand the process we must first keep
in mind that special software by the issuer creates an e-banknote upon a user’s request
and after verification. In essence, the prepared message or e-banknote is multiplied by a
random factor and thereby the receiver (issuer) knows nothing about the content except
that it carries the user’s digital signature (to identify user’s account for deduction). After
the issuer signs the e-banknote to confirm its validity, it returns to the user who divides
the e-banknote by the same factor. Now he can use it keeping whole anonymity while the
issuer does not know anything about the blind factor (Stabla). The following diagram
provides some structure about how the E-Cash system in general works.
(Diagram from Stabla)
12
3.2 Electronic Currencies: General
Smart Cards and E-Cash provide distinct advantages and disadvantages when
compared to account based systems. Smart Cards could be seen as a large advancement
over the system of credit cards. In terms of E-Cash, similar to physical cash, there is an
ability to create anonymity during financial transactions. In effect, it could be untraceable
if done with a blind signature. A significant disadvantage, however, is that a large
database of past transactions need to be kept to prevent double spending when it comes to
E-Cash. Because E-Banknotes would be quite easy to duplicate, systems need to be in
place to keep track of all notes that have been issued, but not yet deposited. This
obviously reduces the scalability and ease of use for the system. Furthermore, there may
be a necessity to purchase and install extra hardware and software adding burden to both
the merchant and consumer. These are probably the reasons that such promising
companies like DigiCash fell flat to the ground.
After looking at the present, both the account based systems and electronic
currencies, we can now examine what the future holds in the world of electronic payment
systems.
4 Future of Electronic Payment Systems: RF-Ids
Radio barcodes embedded into billions of different things which have value
sending out radio signals about what they are and where they are. They cannot
communicate with each other directly, but can exchange information through base
stations that send and receive information. These devices are tiny micro-computer
systems which already cost as little as a quarter and are used in such companies as Wal-
13
Mart. They already allow retail outlets to know what goods are going in out of their
doors. They provide absolute precision about what remains in stock. The future of
electronic payment systems could be walking through a terminal with products and
services ranging from bottles of wine to travel tickets using a card that never leaves your
pocket. All the terminal needs to do is get the pulses emitted from the radio barcodes on
each item and send a signal to the card in your pocket. The transaction will automatically
occur without the need of a clerk or a register. In theory, RFIDs could enable a person to
read all the numbers and expiration information on the credit cards in your pocket as you
walk by, as well as where you do most of your clothes shopping, and the model of the
portable computer you are carrying in your briefcase, simply by hacking into the ID
communication system (Dixon). Obviously there are a lot of security details that need to
be taken care of, but this is just a glimpse of what could possibly be the next step in the
evolution of electronic payment systems, from paper bills to credit cards to digital cash to
RF-ids? The answer lies within the ability of RFID creators to create a system that is
highly scalable and easy-to-use for the consumer so it doesn’t have the same roadblocks
that E-Cash finds itself having.
5 Conclusion
After highlighting both account based systems and electronic currencies we have
seen both advantages and disadvantages. Account systems provide both ease of use and
scalability but don’t allow the same freedom of anonymity that physical cash allows. In
contrast, electronic currencies can provide this freedom but fall short when it comes to an
implementation of their systems without a lot of overhead and change in infrastructure.
The system that enjoys the most success are clearly those that don’t force the consumer to
14
make drastic changes leaving credit card based transactions as the most viable alternative
to physical cash at the moment. But with technology continuing to evolve one thing is for
sure, it is clear that there will be a continued movement towards the elimination of
physical cash. Ongoing work needs to be done to figure out the most feasible solution in
this 21st century effort. Though much more research needs to be done, perhaps RF-Ids are
that killer innovation that people will come to accept.
.
15
Works Cited
Abrazhevich, Dennis. “Classification and Characteristics of Electronic Payment
Systems.” Center for User-System Interaction. Technical University of Eindhoven.
<http://www.ipo.tue.nl/homepages/dabrazhe/ps/Library/data/ecwebLNCS.pdf>;
Anonymous. "Cashless Society gets Mixed Reviews." CNN.com/Technology.
8 Feb 2003. < http://www.cnn.com/2003/TECH/ptech/02/08/cash.smart.ap/>;.
Anonymous. “How Credit Cards Work.” How Stuff Works.
<http://money.howstuffworks.com/credit-card.htm>
Anonymous. “Secure Electronic Transaction.” What is ? .com.
<http://whatis.techtarget.com/definition/0,289893,sid9_gci214194,00.html>
DiGiorgio, Rinaldo. “Smart Cards: A Primer.” Java World. Dec. 1997
<http://www.javaworld.com/javaworld/jw-12-1997/jw-12-javadev.html>;
Dixon, Dr. Patrick. "RFIDs: Great New Logistics Business or Brave New World." Global
Change. Jan. 2004. <http://www.globalchange.com/rfids.htm>;
Gleick, James. “The End of Cash.” New York Times Magazine. 16 Jun 1996.
<http://www.around.com/money.html>;
Griffith, Reynolds. “Cashless Society or Digital Cash?” Southwestern Society of
Economists. Mar. 1994. <http://www.sfasu.edu/finance/FINCASH.HTM>;
Stabla, Witold. "Electronic Payment Systems." 2001. <http://ws19.webpark.pl/>;
Subscription now Required. Finance Asia.
<http://www.financeasia.com/articles/D81F1EC1-9494-4278-A994C47977599E16.cfm>;
16
17