ELECTRONIC PAYMENT

SYSTEMS (UNIT-4)

Payment Basics
Issuer
Consumer
Access Point

Consumer
(Account holder)

Acquirer
BANK

registration
deposit & withdrawal
transaction status inquiry
authentication
problem resolution

purchase & refund

transaction status inquiry
authentication
problem resolution

Merchant
Access Point

Merchant

Network Security Goals

Confidentiality : only sender, intended receiver should

understand message contents
- sender encrypts the message
- Receiver decrypts the message
- Privacy

Integrity: sender and receiver want to make sure that the

message are not altered

Availability : service must be available to user ( instead of

Non-repudiation in security service)

Authentication : sender and receiver want to confirm the

identity of each other

access control: service must be accessible to users

Security Requirements in epayment

Confidentiality
of
payment
information:
Confidentiality -ability to ensure that
messages and data are available only to
those authorized to view them
cardholder account and payment
information should be secured as it
travels across the network
Like in SET, cardholder account and

Payment Information Integrity:

Integrity -ability to ensure that payment
information being transmitted/received
over the Internet has not been altered in
any way by an unauthorized party
messages cannot be altered in transit in
an undetectable way
based on digital signatures

Security Requirements in epayment(cont..)

Authenticity(of account holder & merchant):

ability to identify the identity of a person. It means
that each party involved in the transaction is
identified as legitimate
Account holder authentication-merchant can
verify that the client is a legitimate user of the card
Merchant authentication-client can authenticate
the merchant and check if it is authorized to accept
payment cards

Payment Authorization
Ensures that the trading party has the authority
of transaction
It prevents the risks that employees transactions
create economic damage
Authentication vs Authorization

Once the system knows who the user is through

authentication, Authorization is how the system
decides what the user can do

Security Requirements in epayment(cont..)

Privacy: ability to control use of

information a customer provides about
himself or herself to merchant
Availability: ability to ensure that a
payment site continues to function as
intended
Non-repudiation: ability to ensure that
e-commerce participants do not deny
(repudiate) online actions

E-CASH (Electronic cash or digital cash)

use e-coins
3 parties involved
small payment
anonymous nature- transactions made by the user cannot be
traced back to him. Money is credited from the users e-cash
account, but no one would be able to trace. It is similar to
paper money we use.
a large database is maintain that use the concept of serial
numbers(solution)

Double-spendingis afailure modeof

digital cashschemes, when it is possible to
spend a single digital token twice.
Since, unlike physicaltoken moneysuch as
coins, electronic files can be duplicated
The act of spending a digital coin does not
remove its data from the ownership of the
original holder.

Interoperability: E-cash must be

interoperable that is exchangeable
aspayment for other e-cash, paper cash,
goods or services , deposit in banking
accounts, electronic benefitstransfer etc
.

Electronic Payment Schemes

Digital Cash
Credit Cards
Debit Cards
Smart Cards
E-wallets
Micro transactions(Micro payments)
Internet Cheque
Financial EDI

Micropayments

Micropayments

A micropayment is an e-commerce transaction involving a very small

sum of money in exchange for something made available online, such
as an application download, a service or Web-based content.
Payments that generally do not exceed $10
mainly used inBusiness to Consumer/B2C business
payment involving bigger amounts are referred to as macro payments or
medium payments and are also used inBusiness to Business/B2B

To offer micropayments, some companies form strategic

partnerships with utility companies(third parties)

Internet cheque (or echeque)

An electronic version or representation of a paper cheque.

The account holder writes an e-check (or e-cheque) using a
computer or other type of electronic device and transmits the
e-cheque to the payee electronically.
Rather than handwritten or machine-stamped signatures,
however, e-checks are affixed with digital signatures.
The payee deposits the e-check, receives credit, and the
payee's bank clears the e-check to the paying bank.
The paying bank validates the e-check and then charges the
cheque writer's account for the cheque.

Financial EDI

It is an EDI used for financial transactions

EDI is a standardized way of exchanging messages between

businesses
EFT can be implemented using a Financial EDI system
Electronic funds transfer (EFT) is the term used for EDI that
involves the transfer of funds between financial institutions.

Safe Financial EDI needs to adopt a security scheme

Extranet encrypts the packets exchanged between
senders and receivers using the public key cryptography

PAYMENT CLEARING SERVICE PROVIDERS

In India, the clearing system is local and covers all the banks and branches
situated in the area under a particular zone.
The clearing house is a voluntary association of banks under the
management of a bank where the settlement accounts are maintained.
Wherever Reserve Bank of India has its office (and a banking
department), the clearing house is managed by it. In the absence of an
office of the Reserve Bank, the clearing house is managed by the State
Bank of India, its associate banks and in a few cases by public sector
banks.
In India there are about 1050 clearing houses.
These clearing houses clear and settle transactions relating to
various types of instruments like cheques, drafts, payment orders etc