Electronic, digital payment systems CN PPT
advertisement
Electronic Money E-commerce currency Will Banks Be Disintermediated? Will Central Banks Be Disintermediated? E-commerce Prof. S. Rafaeli 2 E-commerce Prof. S. Rafaeli 3 E-commerce Prof. S. Rafaeli 4 E-commerce Prof. S. Rafaeli 5 E-commerce Prof. S. Rafaeli 6 E-commerce Prof. S. Rafaeli 7 What is a Commercial Transaction? Customer walks into store, examines wares Customer decides to purchase item Customer pays for item Merchant delivers item Returns/exchanges E-commerce Prof. S. Rafaeli 8 Types of Money? Method Anonymous Trail Credit/debit Peer to Peer Cash Credit Card Check/Debit E-commerce Prof. S. Rafaeli 9 Types of Money? (2) Method Immediate/delay Gross/net Fees: Fixed or fraction Cash Credit Card Net Check/Debit Gross Fraction Fixed In the physical world, check payments far outnumber credit card transactions. Not so on the internet. E-commerce Prof. S. Rafaeli 10 Types of Money (3) Timing: Authentication contemporaneous, before or after transaction Finality and Revocability Privacy, Anonymity (can I have 2 pieces of ID, please?”) Vulnerability to Fraud or Loss Convenience and Cost of Instrument E-commerce Prof. S. Rafaeli 11 E-commerce Prof. S. Rafaeli 12 Rules That Govern Payment Systems In the US, state law: the Universal Commercial Code: negotiable instruments, checking systems, deposits. Federal Law regulates banks. Regulation Z protects consumer interests in credit card transactions (limiting liability). Regulation E governs electronic funds transfers. E-commerce Prof. S. Rafaeli 13 How is Commerce on the Internet Different? “On the Internet, nobody knows you’re a dog.” Customer & merchant never meet Large potential for fraud Internet transactions easily intercepted E-commerce Prof. S. Rafaeli 14 Guiding Principles for Digital Money Speedily move authentic, authorized, integrity-protected, confidential, non-repudiable messages over an untrustworthy medium between counterparties who need share no prior relationship. E-commerce Prof. S. Rafaeli 15 Guiding Principles for Digital Money Not simple! For example: What does “authorized” mean? Carrying two signatures? Self-authorizing, like cash? Having a delegation chain wired into it? Provably logged into a repository? E-commerce Prof. S. Rafaeli 16 E-commerce Prof. S. Rafaeli 17 Guiding Principles for Digital Money Independence of location Security (no re-spending) Privacy (no traceability) Offline payment (independence of transport means) Transferability (liquid + identity removed) Divisibility and recombination There are currently more systems than there ever will be E-commerce Prof. S. Rafaeli 18 Internet Payment Taxonomy Wave 4: Microcommerce Wave 3: SmartCards Wave 2: Credit Cards Wave 1: EDI E-commerce Prof. S. Rafaeli 19 Building Trust Consumer skepticism [ATM saga] Bank conservatism another issue Authentication: merchant and customer Transaction security Transaction integrity Non-repudiability Consumer protection Authorization Confidentiality E-commerce Prof. S. Rafaeli 20 Parts of the Puzzle Problem Solution Transaction security Consumer authentication Merchant authentication transaction integrity open vs. closed models Operating costs for cash, check, credit encryption digital signature/certificate digital signature/certificate message digests standards vs. proprietary E-commerce Prof. S. Rafaeli 21 Additional parts to the puzzle Micropayments: Transaction processing a transaction could cost $0.50 to $1.00 Pre- or post-paid tokens as a substitute E-commerce Prof. S. Rafaeli costs: 24 cents for automated call inquiry $1.82 for call center rep $2.93 for rep. In a branch 22 Electronic Payment Methods Offline Systems Secure Servers Payment Systems Commerce Environments Digital Cash [smart cards] E-commerce Prof. S. Rafaeli 23 Electronic Payment Methods SET is the answer, but you have to phrase the question very carefully… Sought after characteristics: - Wide recognition Middleman: - Preservation of value Can be the phone - Hard to counterfeit company, ISP, credit card, etc. - Convenient - Anonymous? (or maybe not?) - Legal? (or maybe not?) E-commerce Prof. S. Rafaeli 24 Electronic Payment Methods E-commerce Prof. S. Rafaeli 25 Electronic Payment Methods Basic Architecture: 3 basic pieces: - Wallet - Cash Register - Gateway 2 Basic forms: - Conventional payment over new vehicle, or - Fundamentally new type SEIGNORAGE - a “Holy Grail” E-commerce Prof. S. Rafaeli 26 Offline (?) Systems PO Orders, 800, 900 numbers, etc. Cellular phone as debit/credit device First Virtual (credit cards) Digicash (eCash) Mark Twain Bank (chapter 11 in 1998) -- hard drive wallet Cybercash, cybercoin, electronic wallet Mondex ISP (ipin) eCharge (phone & AT&T), Qpass (credit card) E-commerce Prof. S. Rafaeli 27 First Virtual Internet Payment System No use of secure protocols No sensitive information transmitted over Internet Reliance on off-line channels Non-tangible merchandise only E-commerce Prof. S. Rafaeli 28 How First Virtual Worked (overview) Merchant Customer Client Browser Request Merchant’s Server Authorization Verification Payment Server Online Third Party Processors Credit Cards VISA Charge Cards American Express Bank Accounts Debit Cards E-commerce Prof. S. Rafaeli Private Label Cards J.C. Penney DigiCash 29 Why First Virtual Worked Credit card # never transmitted over Internet Customer can cancel sales in cases of fraud, unsuitability of merchandise E-commerce Prof. S. Rafaeli 30 Advantages/Limitations of FV Credit card # not transmitted over Internet Customer can cancel sales in cases of fraud, unsuitability of merchandise Customers who abuse system Can’t be used for tangible goods Adoption spotty MOVE TO MESSAGEMEDIA, Only (?) 150,000 accounts First mover, 1995 E-commerce Prof. S. Rafaeli 31 Secure Servers Use – – – SSL or S-HTTP to encrypt transmission identify merchant to customer [identify customer to merchant] Simple: customer types credit card # into fill-out form ? Bank Merchant E-commerce Prof. S. Rafaeli 32 Secure Servers: Limitations Roll-your-own credit card validation No built-in transaction processing No customer authentication (yet) Crippled cryptography on “export” versions Credit card #’s not necessarily secure on merchant’s server E-commerce Prof. S. Rafaeli 33 Online Payment Systems: CyberCash Essentially, an encrypted card Both credit card and debit card models Secure online payment for tangible goods Supported by many banks “CyberCoin” system for small purchases of intangible items Discontinued in 1999 E-commerce Prof. S. Rafaeli 34 How CyberCash Worked Merchant Virtual Wallet Virtual Cash Register Bank Bank $ E-commerce Prof. S. Rafaeli 35 What CyberCash Cost Free to consumer Software free to merchant – – Transaction fees set by credit card and issuing bank Fee schedules similar to those of a mail order house: 2-3% of transaction price + fixed fees E-commerce Prof. S. Rafaeli 36 SFNB: Security First Network Bank http://www.sfnb.com Pineville, KY to Atlanta, GA Complete internet solution Competitive banking rates, products and and costs Used to be a much bigger deal now usurped by “me-too” regular banks E-commerce Prof. S. Rafaeli 37 Secure Electronic Transaction Specification (SET) VISA, Mastercard, Netscape, Microsoft A standard, not a product Specifies – – – – Customer authentication Merchant authentication Transaction encryption Transaction validation E-commerce Prof. S. Rafaeli 38 SET objectives: Information confidentiality Data integrity Authentication (as above) Interoperability •Card details not disclosed to merchant • Both merchant and customer identified •Prevents fraud •Eliminates middleman •Incredibly complex, slow, lots of crypto E-commerce Prof. S. Rafaeli 39 SET SET supports DES for bulk data encryption and RSA for signatures and encryption of keys and bankcard numbers. $ E-commerce Prof. S. Rafaeli 40 SET Merchant Bank Bank $ E-commerce Prof. S. Rafaeli 41 Example - Payment Method MMS/Verifone option “out of the box” Microsoft Merchant Server vPOS vGATE Payment server MERCHANT & COMPANY VeriFone SET Cleartext/SSL Merchant Acquirer/processor MS Wallet and client control Cardholder $ Issuing financial institution $ E-commerce Prof. S. Rafaeli Card network 42 DigiCash True anonymous peer-to-peer currency “CyberBucks” Handful of banks and merchants Now in chapter 11 Bank Bank E-commerce Prof. S. Rafaeli 43 Digital Cash Bi-lateral transaction (all other forms are Tri-lateral) Purchase digital cash from bank. Cash must be backed by legal tender Use digital cash at stores which accept it Stores redeem digital cash at the bank Bank does not know who was the actual buyer of the cash (anonymity) Problems: Just like cash if you lose it ..... Problems: Legal/government problems E-commerce Prof. S. Rafaeli 44 Digi-Cash Transfer digital cash Payor Payee Issue Cash Check for Double Spending Database of spent “notes” Bank Digital Currency Server E-commerce Prof. S. Rafaeli 45 Electronic Checks E-commerce Prof. S. Rafaeli 46 Banks prefer Electronic Checks They work in the same way as traditional checks. Electronic checks are well suited for clearing micropayments; their use of conventional cryptography makes it much faster than systems based on public-key cryptography (e-cash). Electronic checks create float and the availability of float is an important requirement for commerce. The third-party accounting server can make money by charging the buyer or seller a transaction fee or a flat rate fee, or it can act as a bank and provide deposit accounts and make money on the deposit account pool. E-commerce Prof. S. Rafaeli 47 Banks prefer Electronic Checks Financial risk is assumed by the accounting server and may result in easier acceptance. Reliability and scalability are provided by using multiple accounting servers. There can be an interaccount server protocol to allow buyer and seller to "belong" to different domains, regions, or countries. E-commerce Prof. S. Rafaeli 48 FSTC-Electronic Check Project CONCEPT Payer Payee Accounts Receivable Remittance Remittance E-Mail or WWW Signature Card Signature “Card” Remittance Check Check Signature Certificate Certificate Signature Certificate Certificate E-Mail Mail statement E-Check line item Payer’s Bank Debit Account Deposit check Deposit Signature Certificate Certificate ACH or ECP Payee’s Bank Clear check Credit Account Micro-Payments E-commerce Prof. S. Rafaeli 50 Micropayment Applications To Buy Information To Buy Software Articles Java applets Stock quotes and database queries ActiveX Controls Cartoons and clip-art Software add-ons Music and videos Games To Meter/Audit Access To applications For services By security clearance To shared resources E-commerce Prof. S. Rafaeli 51 Internet Payment Transaction Ranges Minimum Transaction Value Typical Transaction Value Maximum Transaction Value Macro $5.00 $50.00 $500.00 Mini $0.10 $1.00 $10.00 Micro $0.001 $0.01 $1.00 Payment: Source Digital Equipment Corp. E-commerce Prof. S. Rafaeli 52 Who is the Micropayment Customer? Traditional New Age “Home Alone” Content Providers Content Providers Content Providers Newspapers Magazines Directories Book publishers Newsletters Photo libraries Music publishers Clip-art Applet developers Search engines Rating services Serialized soaps Interactive games Software add-ons Shopping agents Buyer/Seller brokering E-commerce Prof. S. Rafaeli e-zines Personal essays Subject indexes How-To Guides Cookbooks Annotated bookmark files Personalized filtering 53 Content Provider Requirements Three usage scenarios... Per-access purchasing Based on user need Infrequent users Bulk purchasing (aka subscriptions) Fixed price/fixed duration Frequent users Advertising rebates Ads separate from content User are paid to read advertising E-commerce Prof. S. Rafaeli 54 Micropayment System Requirements Overall scheme must: Support increasingly smaller transaction values Support payments both from users and to users Scale to support 100K Web sites by year 2000, 1M sites by 2005 Be inclusive in nature Be global in scope Provide both public domain and commercial components E-commerce Prof. S. Rafaeli 55 Proposed Micropayment Schemes Advocate Basis Name Carnegie Mellon Netbill aggregate credit card ClickShare Corp. ClickShare aggregate credit card CyberCash CyberCoin electronic coin DigiCash ecash digital cash Digital Equipment Millicent scrip First Virtual Virtual PIN credit card IBM micropayment iKP vendor accounts W3C MPTP vendor accounts Source Digital Equipment Corp. E-commerce Prof. S. Rafaeli 56 Digital’s Micropayment System (now Compaq) Vendor-specific Millicent currency, called scrip Transactions: Values down to 0.1 cents Cost down to 0.002 cents Distributed design scales well with high transaction volumes Millicent V1.0 trial ended in November 1998 Digital (Compaq) will not be a “broker” Source Digital Equipment Corp. E-commerce Prof. S. Rafaeli 57 How Millicent Worked Scrip Content Provider Customer Soft goods License Scrip $ Money Source Digital Equipment Corp. Broker E-commerce Prof. S. Rafaeli $ Money 58 Micropayments Issues Adoption by Internet users? How can anyone make money on such small transactions? What about marginal cost of reproduction? Will different micropayment systems ever interoperate? Risk Management: What about fraud and control? E-commerce Prof. S. Rafaeli 59 Other govt. / legal / political issues Money supply issues? Money Laundering? Govt. backdoor, trapdoor, Clipper? Munitions? E-commerce Prof. S. Rafaeli 60 New generation? iPIN http://www.ipin.com (ISP) eCHARGE http://www.echarge.com (phone) E-commerce Prof. S. Rafaeli 61 New generation? CheckFree Transpoint PayMyBills. com E-commerce Prof. S. Rafaeli 62 New generation? 1ClickCharge http://www.1clickcharge.com (thin client, pre-pay) Qpass http://www.qpass.com E-commerce Prof. S. Rafaeli 63 New generation? BEENZ http://www.beenz.com : Websites reward you with beenz for your presence on their site or for a little interaction. E-commerce Prof. S. Rafaeli 64 Stamps as currency? E-Stamp http://www.estamp.com Stamps.com E-commerce Prof. S. Rafaeli 65 New generation, still Pay-Pal (x.com) E-commerce Prof. S. Rafaeli 66 URLs (1) First – Virtual http://www.fv.com/ CyberCash – http://www.cybercash.com/ Open – Market http://www.openmarket.com/ E-commerce Prof. S. Rafaeli 67 URLs (2) SET – http://www.visa.com/ Microsoft – http://www.microsoft.com Netscape – Merchant LivePayment http:://home.netscape.com/ Millicent http://www.millicent.digital.com/ DigiCash – http://www.digicash.com/ E-commerce Prof. S. Rafaeli 68 URLs (3) iPIN http://www.ipin.com eCHARGE http://www.echarge.com 1ClickCharge http://www.1clickcharge.com Qpass http://www.qpass.com E-commerce Prof. S. Rafaeli 69
