30-May-19 Electronic Payment System o Traditional Payment System + Aconventional process of payment and settlement involves a buyer-to- seller transfer of cash or payment information {i.e., cheque, draft and credit cards), The actual settlement of payment takes place in the financial processing network.30-May-19 L Traditional Payment System Seller's Bank Info flows for | - notational changes Buyer's: ii Bank o Traditional Payment System Lack of Convenience * Lack of Security + Lack of Coverage * Lack of Eligibility + Lack of support for micro-transactions Payments, Good & Services30-May-19 fe What Electronic Payment System is? % Electronic Payment is a financial exchange thet takes place online between buyers and sellers. + The content of this exchange is usually in the form of digital financial instrument (such as encrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or an intermediary, or bya legal tender. + Electronic Payment System (EPS) is a system which helps the customer or user to make online payment for their shopping. o Electronic Payment system + To transfer money over the Internet. * Interal part of e-Commerce ¢ Methods of traditional payment > Cash, Cheque/Draft, Credit card. + Methods of electronic payment. > Electronic cash, > wallets, > Smart cards, % Credit/Debit cards. > Net Banking30-May-19 fo Electronic Payment system - Benefit to Buyer Convenience of global acceptance ; Electronic payment methods provide a wide range of payment options and enhanced financial management tools through which individuals can say for numerous different types of transactions ranging fram parking payments to travel tickets. * Universal acceptance : With electronic payment methods, payments can be made over the phone, on the internet, and through the post and accepted everywhere. “ Greater security : Electronic payment system is safe and secure as it follows strict encrypted secure system for making payments keeping buyer's identity and details completely confidential and reduced liability for stolen or misused cards. o Electronic Payment system - Benefit to Buyer Consumer protection : The electronic payment system provides additional insurance by facilitating disputes resolution in the case of unsatisfactory receipt of goods and services . * Accessibility to immediate credit : E-payment system allow consumers to transfer funds, purchase stocks, and offer a variety of other services without having to handle physical cash. Using credit card it is very easy to make payments. » Better control over payments : Elec:ronic payment also provides the ability to control payment for goods and services over time by allowing buyers to pay at will whenever they want or have sufficient funds to make payments.30-May-19 fo Electronic Payment system - Benefit to Seller Speed and security : EPS ensure faster processing of transaction from verification and authorization to clearing and settlement. It reduces the visibility of information. + Reduces cost : EPS provides companies freedom from more costly labour, materials and accounting services hat are require in paper based processing. + Efficiency : It leads to better management of cash flow, inventory and financial planning due to swift bank payment. + Better control : When used properly the electronic aspects of purcha and prepaid cards can increase intemal controls over high volumes. o Requirement of EPS The various factors that have lead the financial institutions to make use of electronic payments are: + Increasing online commerce: Purchase online and to complete the deal, Immediate payments required, Electronic payment is very convenient for the sonsumer. Offering electronic payment helps businesses improve customer retention. + Decreasing technology cost: The cost of technology used in the networks is aesesineday Waa ¢ Reduced operational and processing ccst: Due to reduced technology cost and _ ‘the processing cost of various commerce activities becomes very less. Electronic payment lowers costs for businesses. + Save Time and Paper: Important fact that due to electronic transactions, we Save both time and paper.30-May-19 + Online bill payment fo Examples of Electronic Payment System + Online order placing and making payment online Online Reservation and making payment online + Online Ticket booking and making payment onloine % Online Fund transfer o Types of Electronic Payment System E-CASH EWallets Types of Electonic Payment ‘System Smart Cards Credit/Debit Cards30-May-19 fo E-Cash + Asystem that allows a person to pay for goods or services by transmitting a number from one computer to another. + Like the serial numbers on real currency notes, the E-cash numbers are unique. This is issued by a bank and represents a specified sum of real money. % Itis anonymous and reusable. o E-Cash 1. Consumer buys e-cash from Bank 2. Bank sends e-cash bits to consumer (after charging that amount plus fee) 3. Consumer sends e-cash to merchant 4, Merchant checks with Bank that e-cash is valid (check for forgery or fraud) 5. Bank verifies that e-cash is valid 6. Parties complete transaction30-May-19 fo E-Wallet > The E-wallet is another payment scheme that operates like a carrier of cash and other information. > The aim Is to give shoppers a single, simple, and secure way of carrying currency electronically. Trust is the basis of the e-wallet as a form of electronic payment. o Procedure for using an e-wallet 1, Decide on an online site where you would like to shop. 2. Download a wallet from the merchant's website. 3. Fill out personal information such as your credit card number, name, address and phone number, and where merchandise should be shipped. 4, When you are ready to buy, click on the wallet button, the buying process is fully executed30-May-19 fo Smart Cards > Asmart card, is pocket-sized card with embedded integrated circuits which can store and process data. This implies that It can receive input which is processed and delivered as an output * Smart cards are receiving renewed attention as a mode of online payment * Microprocessors embedded in them so as to serve as storage devices for much greater information than cred't cards with inbuilt transaction processing capability. + This card also contains some kinds of an encrypted key that is compared to a secret key contained on the user’s processor. SMAI User downl ‘onto card, Vendor redeems tokens “ort thogom30-May-19 fo Credit Cards + Itisa Plastic Card having a Magnetic Number and code on it. It has Some fixed amount to spend. “ Customer has to repay the spend amount after sometime. ik 1030-May-19 fo Debit Cards Plastic card with a unique number. * Requires a bank account. * No interest charges related to this card. o Secure Electronic Transaction (SET) Protocol % Designed to provide security for card payments as they travel on the Internet + Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers and merchants in additicn to providing secure transmission + Uses public key cryptography and digital certificates for validating both consumers and merchants * Provides privacy, data integrity, user and merchant authentication, and consumer nonrepudiation a30-May-19 fe The SET Protocol o Security Requirement of EPS Authentication : There should be a mechanism to authenticate a user before giving him/her an access to the required information. + Integrity : Information should not be altered during its transmission over the network + Non-repudation : It is the protection against the denial of order or denial ‘of payment. Once a sender/recipient sends/receive a message, both party should not be able to deny the transaction. Privacy : Information should not be accessible to an unauthorized person. It should not be intercepted during the transmission. % Safety : Information should be encrypted and decrypted only by an authorized user. 1230-May-19 fe What Is Payment Gateways?? * A payment gateway is an e-commerce application service provider service that authorizes payments for e-businesses, online Shopping, etc. “> Payment gateway protects credit cards details encrypting sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant and also between merchant and payment processor. o What Is Payment Gateways?? Merehant’s ropeent MERCHANT Aime ee TRANSFERRED TO YOO* 1330-May-19 fo Legal and Ethical Issue in eCommerce * Privacy * Intellectual Property Free Speech > Taxation * Computer Crimes + Consumer Protection o Legal and Ethical Issue in eCommerce + Illegal acts break the law while unethical acts may not be illegal + Ethics > Branch of philosophy that deals with what is considered right or wrong > Right and wrong not always clear > Consider Company sells profiles of customers with information collected through cookies Company allows personal use of Web but secretly monitors activity Company knowingly sells tax software with bugs 1430-May-19 fo Legal and Ethical Issue in eCommerce © PRIVACY ISSUES when and to what extent information about them is disseminated. > Right to privacy is not absolute > Public's right to know superceded individuals right to privacy >» HOW IS PRIVATE INFORMATION COLLECTED? Reading your newsgroup postings Finding you in an Internet Directory Making your browser collect information about you Recording what your browser says about you Reading your email Most common methods are cookies and site registration % Information privacy: claim of individuals, groups, or organizations to determine o Legal and Ethical Issue in eCommerce PRINCIPLES OF PRIVACY PROTECTION + Integrity/Security : Must be assured data Is secure % Enforcement/Redress : Government legislation or legal remedies + Notice/Awareness : Notice of collection practices prior to collecting information % Choice/consent : Consumers to be mace aware of options and give consent + Access/participation : Must be able to access and challenge information 1530-May-19 fo Legal and Ethical Issue in eCommerce PRINCIPLES OF SAFE HARBOR Companies must tell consumers how and why personal data is collected and who it's shared with ‘Consumers must be able to request their data not be shared ‘Companies must provide notice and choice before data is given to third parties + Consumers must have access to data about them and have the ability to correct mistakes + Companies must take reasonable measures to protect data Personal data must be relevant to its intended purpose Procedures must be in place to settle comalaints and resolve disputes o Legal and Ethical Issue in eCommerce INTELLECTUAL PROPERTY Copyrights : Protects expression of idea — not the idea Itself. Confers ‘owner exclusive right to Copy the work / Distribute to the publi Generally, contents of websites are copyrighted ~ Patents : Grants holder exclusive rights on inventions for fixed time. Trademarks : Graphical sign used by business tn identify their goods and services. Must meet criteria of distirctive, original, and not deceptive 1630-May-19 fo Legal and Ethical Issue in eCommerce FREE SPEECH, INTERNET DECENCY, SPAMMING, AND CENSORSHIP % Censorship — attempts to control meterial on the Web ‘ Communications Decency Act (CDA) was passed by Congress but later ruled unconstitutional + Protecting Children > Parental control > Governmental control » — ISP accountability o Legal and Ethical Issue in eCommerce TAXATION * State / National level Taxes Entry Tax related Issue 730-May-19 fo Factors for success in Ecommerce + Providing value to customers + Providing service and performance » Look + Advertising * Personal attention + Providing a sense of community + Providing reliability and security + Providing a 360-degree view of the customer relationship o Measures to ensure Security Major security measures are following - ¢ Encryption - It is a very effective and practical way to safeguard the data being transmitted over the network. Sender of the information encrypts the data using a secret code and only the specified receiver can decrypt the data using the same or a different secret code. + Digital Signature — Digital signature ensures the authenticity of the information. A digital signature is an e-signature authenticated through encryption and password. 4 Security Certificates - Security certificate is a unique digital id used to verify the identity of an individual website or user. 1830-May-19 fo Measures to ensure Security transactions. industry It meats fallaing «i > Authentication > Encryption > Integrity » — Non-reputability "“nttps://" is to be used for HTTP urls with SSL, where as "http://" is to be used without SSL. 4 Secure Hypertext Transfer Protocol (SHTTP) rity requirements = digital signature over the internet, Secure HTTP supports multiple security mechanism, used between the client and the server. o Measures to ensure Security ‘% Secure Electronic Transaction: It is a secure protocol developed by MasterCard and components ~ > Card Holder's Digital Wallet Software - Digital Wallet allows the card holder to make secure purchases online via point and click interface, >» Merchant Software - This software helps merchants to communicate with potential customers and financial inst tutions in a secure manner. >» Payment Gateway Server Software - Payment gateway provides automatic and standard payment process. It supports the process for merchant's certificate request. issue digital certificates to card holders and merchants, and to enable them to register their account agreements for secure electronic commerce. Security Protocols in Internet : Popular protocols used over the internet to ensure secured online + Secure Socket Layer (SSI) : itis the most commonly used protocol and is widely used across the > SHTTP extends the HTTP internet protocel with public key encryption, authentication, and providing security to the end-users, SHTTP works by negotiating encryption scheme types Visa in collaboration. Theoretically, itis the best security protocol. It has the following > Certificate Authority Software - This software is used by financial institutions to 1930-May-19 fo Security Threats in E-commerce Environment + Three key points of vulnerability: > Client > Server > Communications channel ** Most common threats: Malicious code Hacking and cyber vandalism Credit card fraud/theft Spoofing Denial of service attacks sniffing Insider jobs vevyyy o E-commerce Security Requirement 4 Commerce over open networks (such as internet) can secure if the following happen: > Server Security Message Privacy (or confidentiality) Message integrity Authentication Authorizatfon ‘Audit mechanism and non-repudiation Payment and settlement vvvvvy 20