Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Presented By
Thriven Kumar Reddy N
Contents
o Introduction
Introduction
o What is Payment Gateway? o A payment gateway is an e-commerce application service provider service that authorizes payments for ebusiness, online-retailers, etc.
o Why? o Payment gateways protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the Payment processor.
At a Glance
information, the Merchants server encrypts with SSL and forwards it to PG, where it will again encrypts with SSL and forwards the information to the Card Issuer/ Issuing bank and sends the response back to the Merchants server/ customer that id received from the Issuing bank processor.
o PGs, most of the times will also perform Fraud Management
Checking for valid Prefix of the card number Checking for validation of card number using LUHNs rule.
SSL
o Netscape's SSL is an Encryption
specification/protocol which uses the public-andprivate key encryption system from RSA, which also includes the use of a digital certificate
Fraud Management
o Using LUHNs Rule: o Luhns rule is used to validate a card number that is accepted from the customer, which can be applied to many of the card types like VISA, Master card etc. o Steps involved:
Considering an example, we will see how Luhns rule works. Let card number be : 1234 5678 1234 5670
Fraud Management(cntd)
o Add the unaffected digits: o Add all the remaining digits which are not used in the above steps
1234 5678 1234 5670 0 + 6 + 4 + 2 + 8 + 6 + 4 + 2 = 32
o Add both results and divide by 10
o
28 + 32 = 60 60 is evenly divided by 10
Fraud Management
o Using the Prefixes and length of Card-Number o Each card issuer company will have its own prefix which is common to all the cards that come from that company and fixed length. o Example:
Card Type Master card VISA Prefix Number 51-55 4 Length 16 13-16
15 16
16
6011
3
Fraud Management
o PGs also sometimes uses AVS(Address Verification
Services), Card Code Value (CVV) verification. o And SET as a specification/protocol instead of SSL, which works with digital certificates.
Final Gist
o So by this we can conclude that, PGs are used to just
Forward the information securely, authenticating the users, ensuring Information Confidentiality and Data Integrity etc by having secured connections across the Merchants server and Banks processor.