Unit 3: Ecommerce

UNIT -3
Electronic Payment System
Requirements for on-line payment systems
Atomicity
Atomicity guarantees that either the user's on-line payment transaction is completed or it does
not take place at all. If the current on-line payment transaction fails then it should be possible to
recover the last stable state. This feature resembles the transactional database systems, in which
either a transaction is committed or rolled back
Privacy
Anonymity suggests that the identity, privacy and personal information of the individuals using
the on-line payment methods should not be disclosed. In some on-line payment methods, it is
possible to trace the individual’s payment details. In case of purchases using Debit Card, it is
possible to find out the purchase details as that information is registered at the vendor and the
bank's databases. So some on-line payment systems like Debit cards are not anonymous systems.
In some other payment systems, anonymity can be weak as the efforts to get the purchase details
of the user can be more expensive than the information itself. There are privacy laws in several
countries to guarantee the privacy of the user and protect the misuse of personal information by
the financial institutions.
Scalability
As the on-line payment methods are getting more and more acceptance of the users, the demand
for on-line payment infrastructure will also be increasing rapidly. Payment systems should
handle the addition of users without any performance degradation. To provide the required
quality of service without any performance degradation, the payment systems need a good
number of central servers. The central servers are needed to process or check the payment
transactions. The growing demand for the central servers, limits the scalability of the on-line
payment systems.
Security
Security is one of the main concerns of the on-line payment methods and it is one of the crucial
issues which decide the general acceptance of any on-line payment methods. Internet is an open
network without any centralized control a 35 protected against any security risks to ensure a safe
and reliable service to the users. When users are paying on-line they want to be sure that their
money transaction is safe and secure. On the other hand, banks and payment companies and
other financial institutions want to keep their money, financial information and user information
in a secure manner to protect it against any possible misuse.

Gautam Kumar Singh Page1

 Unit 3: Ecommerce

Reliability
As in any other business activity, even in on-line payment methods, the user expects a reliable
and an efficient system. Any on-line payment system would fail, despite of it's advanced
technological features, if it fails to get the users acceptance and pass their reliability tests. There
are many reasons, which can make the system unreliable to the users. Some of them are Security
threats, poor maintenance and unexpected breakdowns.
Usability
Usability is an important characteristic of an interactive product like on-line payments. On-line
payment systems should be user friendly and easy to use. Any On-line payment system with
complicated procedures, complex payment process and other associated complications with the
payment environment, can't get users acceptance. Poor usability of a web shopping or a payment
method could also discourage on-line shopping. To make the online payments simple and user
friendly, some of the on-line payment systems allow the users to make payments with minimum
authorization and information inputs.
Interoperability
In On-line payment Technologies, different users prefer different payment systems. The different
payment systems use different kinds of 36 currencies and the payment systems should support
interoperability between them. If a payment system is inter operable, then it is open and allows
other interested parties to join without confining to a particular currency. In the real lifesituation,
there should be some sort of mutual agreement between various on-line payment systems to
provide the interoperability. Interoperability can be achieved by the means of open standards for
data transmission protocols and infrastructure. An interoperability system can gain much
acceptance and high level of applicability than individually operating payment systems. Because
of the rapid technological changes, it's not always easy to get interoperability between various
paymentsystems.
Electronic Payment Systems
Electronic Payment is a financial exchange that takes place online between buyers and sellers.
The content of this exchange is usually some form of digital financial instrument (such as
encrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or an
intermediary, or by a legal tender.
The various factors that have lead the financial institutions to make use of
electronicpayments are:
1. Decreasing technologycost:
The technology used in the networks is decreasing day by day, which is evident from the fact
that computers are now dirt-cheap and Internet is becoming free almost everywhere in the world.

Gautam Kumar Singh Page2

 Unit 3: Ecommerce

2. Reduced operational and processingcost:

Due to reduced technology cost the processing cost of various commerce activities becomes very
less. A very simple reason to prove this is the fact that in electronic transactions we save both
paper and time.
3. Increasing onlinecommerce:
The above two factors have lead many institutions to go online and many others are following
them.
There are also many problems with the traditional payment systems that are leading to
itsfade out. Some of them are enumerated below:
1. Lack of Convenience:
Traditional payment systems require the consumer to either send paper cheques by snail-mail or
require him/her to physically come over and sign papers before performing a transaction. This
may lead to annoying circumstances sometimes.
2. Lack of Security:
This is because the consumer has to send all confidential data on a paper, which is not encrypted,
that too by post where it may be read by anyone.
3. Lack of Coverage:
When we talk in terms of current businesses, they span many countries or states. These business
houses need faster transactions everywhere. This is not possible without the bank having branch
near all of the company’s offices. This statement is self-explanatory.
4. Lack of Eligibility:
Not all potential buyers may have a bank account.
5. Lack of support formicro-transactions:
Many transactions done on the Internet are of very low cost though they involve data flow
between two entities in two countries. The same if done on paper may not be feasible at all.
Types of Electronic Payment System
1. ElectronicTokens
An electronic token is a digital analog of various forms of payment backed by a bank orfinancial
institution. There are two types oftokens:
· Real Time: (or Pre-paid tokens)- These are exchanged between buyer and seller,their
users pre-pay for tokens that serve as currency. Transactions are settled with the exchange of
these tokens. Examples of these are DigiCash, Debit Cards and Electronic purseetc.

Gautam Kumar Singh Page3

 Unit 3: Ecommerce

· Post Paid Tokens– are used with fund transfer instructions between the buyer andseller.
Examples – Electronic cheques, Credit cardsetc.

2. CreditCards
· A credit card is a small plastic card issued to users as a system ofpayment.
· It allows its holders to buy goods & services based on the holder‟s promise to pay forthese
goods andservices.
· Essentially a credit card allows youto:-
Ø Purchase products or services whenever and wherever you want, without ready cash and
paying for them at a later date.
Ø Have an option of paying only a part of the total expenses. The balance amount can be carried
forward, with an interest charged.
Ø Enjoying a revolving credit limit without any charges for a limited period (mostly 20 to 50
days).
Types of Credit Cards
1. Standard Credit Card: The most common type of credit card allows you to have a
revolving balance up to a certain credit limit. These credit cards have a minimum payment that
must be paid by a certain due date to avoid latepayments.
2. Premium Credit Cards: These cards offer incentives and benefits beyond that of a
regular credit card. Examples of premium credit cards are gold and platinum cards that offer
cash back, reward points, travel upgrades and other rewards tocardholders.
3. Charge Cards: Charge cards do not have a credit limit. The balance on a charge card
must be paid in full at the end of each month. Charge cards do not have a minimum payment
since the balance is to be paid in full. Late payments are subject to a fee, charge restrictions, or
card cancellation depending on your cardagreement.
4. Limited Purpose Card: Limited purpose credit cards can only be used at specific
locations. Limited purpose cards are used like credit cards with a minimum payment & finance
charge. Store credit cards& gas credit cards are examples of limited purpose creditcards.
5. Secured Credit Card: Secured credit cards are an option for those without a credit
history or those with blemished credit. Secured cards require a security deposit to be placed on
the card. The credit limit on a secured credit card is equal to the amount of the depositmade.
6. Prepaid Credit Card: Prepaid credit cards require the cardholder to load money onto the
card before the card can be used. The credit limit does not renew until more money is loaded
onto the card. Prepaid cards are similar to debit cards, but are not tied to a checkingaccount.

Gautam Kumar Singh Page4

 Unit 3: Ecommerce

7. Business credit card: Business credit cards are designed specifically for business use.
They provide owners with an easy method of keeping business & personal transactionsseparate.
The Players
Before exploring the process of using credit card online, let’s identify the players in the credit
card system. They are:
The card holder: a consumer or a corporate purchaser who uses credit cards to pay merchant.
The merchant: the entity that accept credit cards and offers goods or services in exchange for
payments.
The card issuer: a financial institution (usually a bank) that establishes accounts for cardholders
and issues credit cards.
The acquirer: a financial institution (usually a bank) that establishes accounts for merchants and
acquires the vouchers of authorized sales slip.
The card brand: bank card associations of issuers acquires ( like Visa and MasterCard) which
are created to protect and advertise the card brand, establish and enforce rules for use and
acceptance of their bank cards and provide networks to connect the involved financial
institutions. The brand authorizes the credit- based transaction and guarantees the payment to
merchants. Sometimes the issuing bank performs the business of the brand.

The process of using credit card:

Gautam Kumar Singh Page5

 Unit 3: Ecommerce

1. Issue a credit card to a potential cardholder.

2. The cardholder shows the card to a merchant whenever he/she needs to pay for a productor
services.
3. The merchant then asks for approval from the brand company, and the transaction is paidby
the credit. The merchant keeps a salesslip.
4. The merchant sells the slip to the acquiring bank and pays a fee for the service. This is
called the capturingprocess.
5. The acquiring bank requests the brand to clear for the credit amount and gets paid. Thenthe
brand asks for clearance to the issuerbank.
6. The amount is transferred from issuer to brand. The same amount is deducted fromthe
cardholder‟s account in the issuing bank.
Advantages of Credit Cards:
Ø They allow you to make purchases on credit without carrying around a lot ofcash.
Ø They allow convenient remote purchasing ordering/shopping online or by phone.
Ø They allow you to pay for large purchases in small, monthlyinstallments.
Ø Many cards offer additional benefits such as additional insurance cover on purchases, cash
back, air miles & discounts on holidays.
Ø Under certain circumstances, they allow you to withhold payment for merchandise which
proves defective.
Disadvantages of Credit Cards:
Ø You may become an impulsive buyer and tend to overspend because of the ease of using credit
cards. Cards can encourage the purchasing of goods & services you cannot really afford.
Ø Lost or stolen cards may result in some unwanted expense & inconvenience.
Ø The use of large no. of credit cards can get you even further into debt.
Ø Using a credit card especially remotely introduces an element of risk as the card details
mayfall into the wrong hands resulting in fraudulent purchases on the cards. Fraudulent or
unauthorized charges may take months to dispute, investigate and resolve.
3. SmartCards
Ø A smart card is a plastic card about the size of a credit card, with an embedded microchip
thatcan be loaded with data.
Ø Smart cards are made of plastics generally polyvinyl chloride.
Ø Smart cards can provide identification, authentication, data storage & application processing.

Gautam Kumar Singh Page6

 Unit 3: Ecommerce

Ø A smart card contains more information than a magnetic strip card and it can be programmed
for different applications.
Ø Smart cards within the next five years will be the industry standard in debit and credit cards.
As the major high street banks and finance houses are now investing in the changeover to smart
card technology.
Ø you may use a smart card to:-
Establish your identity When logging on to an Internet access provider or to an online bank.
· Pay for parking at parking meters or to get on subways, trains or buses.
· Give hospitals or doctors personal data without filling out a form.
· Make small purchases at electronic stores on the web.
Advantages of Smart Cards:
§ Greater Reliability
§ Storage Capacity is increased up to 100 times.
§ Smart cards are multifunctional.
§ The anticipated working life of a smart card is ten years compared to that of a magnetic strip
card.

4. ElectronicCheques
The electronic cheques are modelled on paper cheques, except that they are initiated
electronically.
They use digital signatures for signing and endorsing and require the use of digital certificates to
authenticate the payer, the payer’s bank and bank account.
Electronic checks allow merchants to convert paper check payments made by customers to
electronic payments that are processed through the Automated Clearing House (ACH).
How Electronic Cheques work:
When you receive a paper cheque payment from your customer, you will run the cheque through
an electronic scanner system supplied by your merchant service provider. This virtual terminal
Captures the customer’s banking information and payment amount written on the cheque. The
information is transferred electronically via the Federal Reserve Bank’s ACH Network, which
Takes the funds from your customer‟s account & deposits them to yours.
Once the cheque has been processed & approved, the virtual terminal will instantly print a
receipt for the customer to sign & keep.

Gautam Kumar Singh Page7

 Unit 3: Ecommerce

Benefits of Electronic Cheques:

· Secure and quick settlement of financial obligations.
· Fast chequeprocessing
· Very low transactioncost.
5. Electronic or DigitalCash
A system that allows a person to pay for goods or services by transmitting a number from
onecomputer to another.
Like the serial numbers on real dollar bills, the digital cash numbers are unique. Each one is
issued by a bank & represents a specified sum of money.
Digital Cash combines computerized convenience with security and privacy that improve upon
paper cash. Cash is still the dominant form of payment as: The consumer still mistrusts the
banks. The non-cash transactions are inefficiently cleared. In addition, due to negative real
interests rates on bank deposits.
Digital cash is based on cryptographic systems called "Digital Signatures" similar to
thesignatures used by banks on paper cheques to authenticate a customer.
Some qualities of cash:
a. Cash is a legal tender i.e. payee is obligatory to takeit.
b. It is negotiable i.e. can be given or traded to someoneelse.
c. It is a bearer instrument i.e. possession is proof ofownership.
d. It can be held & used by anyone, even those without a bankcertificate.
e. It places no risk on part ofacceptor.
The following are the limitations of Debit and Credit Cards:
i. They are identification cards owned by the issuer & restricted to one user i.e. cannotbe
given away.
ii. They are not legal tender
iii. Their usage requires an account relationship and authorization system.
Properties of Digital Cash
o Must have a monetary value:Itmust be backed by cash (currency), bank authorized credit or
a bank certified cashier “check.
o Must be interoperable or exchangeable : as payment for other digital cash, paper cash,
goods or services, lines of credit, bank notes or obligations, electronic benefit transfers and
thelike.

Gautam Kumar Singh Page8

 Unit 3: Ecommerce

o Must be storable and retrievable: Cash could be stored on a remote computer’s memory, in
smart cards, or on other easily transported standard or special purpose devices. Remote storage
or retrieval would allow users to exchange digital cash from home or office or whiletraveling.
6. DebitCards
A debit card is a plastic payment card that provides the cardholder electronic access to his or her
bank account at a financial institution.
Types of Debit Card Systems:
· Online Debit or PinDebit
· Offline Debit or Signature Debit
Online Debit System: Online debit system requires electronic authorization of every transaction
and the debits are reflected in the user’s account immediately. The transaction may be secured
with the personal identification number (PIN) authentication system.
Offline Debit System: Offline debit system may be subject to a daily limit. Transactions
conducted with offline debit cards, require 2-3 days to be reflected on user’s account balances.

Advantages of Debit Cards:

· There is no need to carrycash
· It is quick and less complicated than using acheque.
· It can be used for withdrawals ofcash.
· It can be issued to any individual without assessing creditworthiness.
· Its holders can have a record of the transactions in his bank statement which willenable
him to plan and control theexpenditure.

7. ElectronicWallet/Purse
A digital/electronic wallet refers to an electronic device that allows an individual to make
electronic commerce transactions. This can include purchasing items on-line with a computer
or using a smartphone to purchase something at astore.
Increasingly, digital wallets are being made not just for basic financial transactions but to also
authenticate the holder's credentials. For example, a digital-wallet could potentially verify the
age of the buyer to the store while purchasing alcohol.
It is useful to approach the term "digital wallet" not as a singular technology but as three
major parts: the system (the electronic infrastructure) and the application (the software that
operates on top) and the device (the individual portion).

Gautam Kumar Singh Page9

 Unit 3: Ecommerce

An individual’s bank account can also be linked to the digital wallet. They might also have their
driver’s license, health card, loyalty card(s) and other ID documents stored on the phone. The
credentials can be passed to a merchant‟s terminal wirelessly via near field communication (NFC).
Certain sources are speculating that these Smartphone “digital wallets” will eventually replace
physical wallets.
A digital wallet has both a software and information component. The software provides security
and encryption for the personal information and for the actual transaction.
Typically, digital wallets are stored on the client side and are easily self-maintained and fully
compatible with most e-commerceWeb sites. A server-side digital wallet, also known as a thin
wallet, is one that an organization creates for and about you and maintains on its servers. Server-
side digital wallets are gaining popularity among major retailers due to the security, efficiency,
and added utility it provides to the end-user, which increases their enjoyment of their overall
purchase.
Advantages of Electronic Payment System
· Decreasing Technologycost
The technology used in the networks is decreasing day by day, which is evident from the fact
that computers are now dirt cheap and Internet is becoming free almost everywhere in the world.
· Reduced operational and processingcost
Due to reduced technology cost the processing cost of various commerce activities become very
less. A very simple reason to prove this is the fact that in electronic transactions we save both
paper and time.
Increasing online commerce:
The above two factors have lead many institutions to go online and many others are following
them.
Drawbacks or Risks in Electronic Payment System
Electronic payment is a popular method of making payments globally. It involves sendingmoney
from bank to bank instantly -- regardless of the distance involved. Such payment systems use
Internet technology, where information is relayed through networked computers from one bank
to another. Electronic payment systems are popular because of their convenience. However, they
also may pose serious risks to consumers and financialinstitutions.
 Tax Evasion
Businesses are required by law to provide records of their financial transactions to the
government so that their tax compliance can be verified. Electronic payment however can
frustrate the efforts of tax collection. Unless a business discloses the various electronic
paymentsit has made or received over the tax period, the government may not know the truth,
which couldcause tax evasion.

Gautam Kumar Singh Page10

 Unit 3: Ecommerce

 Fraud
Electronic payment systems are prone to fraud. The payment is done usually after keying in a
password and sometimes answering security questions. There is no way of verifying the true
identity of the maker of the transaction. As long as the password and security questions
arecorrect, the system assumes you are the right person. If this information falls into the
possession of fraudsters, then they can defraud you of your money.
 Impulse Buying
Electronic payment systems encourage impulse buying, especially online. You are likely
tomakea decision to purchase an item you find on sale online, even though you had not planned
to buyit, just because it will cost you just a click to buy it through your credit card. Impulse
buying leads to disorganized budgets and is one of the disadvantages of electronic
paymentsystems.
 PaymentConflict
Payment conflicts often arise because the payments are not done manually but by an automated
system that can cause errors. This is especially common when payment is done on a regular basis
to many recipients. If you do not check your pay slip at the end of every pay period, for instance,
then you might end up with a conflict due to these technical glitches, or anomalies.
Concept of E-Money:
A recent development in the monetary and financial sector out of technological development is
the emergence of electronic money. With every day, the physical use of cash is declining
especially for small and medium transactions. Payments through mobile wallets, digital wallets
and smart cards are picking up.

Broadly, electronic money is an electronic store of monetary value on a technical device. The
definition of electronic money is becoming more scientific and specific with developments
associated with it. The European Central Bank defines e-money in the following words. “E-
money can be defined as amount of money value represented by a claim issued on a prepaid
basis, stored in an electronic medium (card or computer) and accepted as a means of payment by
undertakings other than the issuer” (ECB).

E money is a monetary value that is stored and transferred electronically through a variety of
means – a mobile phone, tablet, contactless card (or smart cards), computer hard drive or servers.
Electronic money need not necessarily involve bank accounts in transaction but acts as a prepaid
bearer instrument. They are often used to execute small value transactions.

In which form e-money can be kept?

E-money can be stored in hardware a chip card or software usually stored in a server. An access
card like credit card or debit card that simply enables us to reach our deposit or to avail a credit
doesn‟t qualify as e-money.

Gautam Kumar Singh Page11

 Unit 3: Ecommerce

Types of electronic money

E-money is usually issued by an institution upon receipt of funds and is given a value in a
national currency like Rupee. Basically, money is of three types with the first two being the most
important. The first category is stored value cards that contain prepaid money. Smart cards,
prepaid cards and cards used in bus like Mybus card, are examples of this prepaid payment cards.
Second is the software based electronic money where money is kept online in servers. Here,
account balances are kept at online service providers such as Paytm.

Another type of e-money is virtual currencies without an issuer and that not denominated in
national currencies. But there are several conditions that makes virtual currencies to be counted
as electronic money. The ECB itself gives three areas of electronicmoney.

Empirically, the stored value cards like smart cards are used for standard retail payment
transactions. On the other hand, the software based online payments supported by software based
mobile wallets and digital wallets.

Electronic money in India

In India, the field of electronic money is regulated by the RBI mainly under Payment and
Settlement System Act (PPS Act) 2007. The Act gives details about the issue pf electronic
money under the name Prepaid Payment Instruments. Separate Prepaid Payments Instruments
guidelines are also issued by the RBI on this behalf. As per the PPS Act, banks and non-bank
entities can issue pre-paid payment instruments in the country after obtaining necessaryapproval
/ authorisation from RBI.

In 2002, a Working Group under YV Reddy has submitted report on Electronic Money by
making an extensive study about the potentials of electronic money in India. Electronic money in
the form of Prepaid Payment Instruments are expected to push cashless transactions in the
country.

Electronic Money

Electronic money (e-money) is broadly defined as an electronic store of monetary value on a

technical device that may be widely used for making payments to entities other than the e-money
issuer. The device acts as a prepaid bearer instrument which does not necessarily involve bank
accounts in transactions.

E-money products can be hardware-based or software-based, depending on the technology used

to store the monetaryvalue.

Hardware-basedproducts

In the case of hardware-based products, the purchasing power resides in a personal physical
device, such as a chip card, with hardware-based security features. Monetary values are typically

Gautam Kumar Singh Page12

 Unit 3: Ecommerce

transferred by means of device readers that do not need real-time network connectivity to a
remote server.

Software-based products

Software-based products employ specialised software that functions on common personal

devices such as personal computers or tablets. To enable the transfer of monetary values, the
personal device typically needs to establish an online connection with a remote server that
controls the use of the purchasing power. Schemes mixing both hardware and software-based
features alsoexist.

Digital currency is a payment method which exists only in electronic form and is not tangible.
Digital currency can be transferred between entities or users with the help of technology like
computers, smartphones and the internet. Although it is similar to physical currencies, digital
money allows borderless transfer of ownership as well as instantaneous transactions. Digital
currencies can be used to purchase goods and services but can also be restricted to certain online
communities such as a gaming or social networks.

Digital currency is also known as DIGITAL MONEY and CYBERCASH.

INFRASTRUCTURE ISSUES IN EPS

Infrastructure is necessary for the successful implementation of electronic payments. Proper

Infrastructure for electronic payments is a challenge.

1. For electronic payments to be successful there is the need to have reliable and cost
effective infrastructure that can be accessed by majority of thepopulation.
2. Electronic payments communication infrastructure includes computer network. such as
the internet and mobile network used for mobilephone.
3. In addition, banking activities and operations need to be automated. A network that links
banks and other financial institutions for clearing and payment confirmation is a pre-
requisite for electronic payment systems. mobile network and Internet are readily
available in the developed world and users usually do not have problems with
communicationinfrastructure.
4. In developing countries, many of the rural areas are unbanked and lack access to critical
infrastructure that drives electronicpayments.
5. Some of the debit cards technologies like Automated Teller Machines (ATMs) are still
seen by many as unreliable for financial transactions as stories told by people suggested
that they could lose their money through fraudulent deductions, debits and other lapses
for which the technology had been associated with by many over the last fewyears.
6. Telecommunication and electricity are not available throughout the country, which
negatively affect the development of e-payments. The development of information and
communication technology is a major challenge for e-payments development. Since ICT
is in its infant stages in Nepal, the country faces difficulty promoting e-payment
development.

Gautam Kumar Singh Page13

 Unit 3: Ecommerce

Risks in Electronic Payment Systems

The Risk of Fraud

Electronic payment systems are not immune to the risk of fraud. The system uses a particularly
vulnerable protocol to establish the identity of the person authorizing a payment. Passwords and
security questions aren‟t foolproof in determining the identity of a person. So long as the
password and the answers to the security questions are correct, the system doesn‟t care who‟s on
the other side. If someone gains access to your password or the answers to your security
question, they will have gained access to your money and can steal it fromyou.

The Risk of Tax Evasion

The law requires that businesses declare their financial transactions and provide paper records of
them so that tax compliance can be verified. The problem with electronic systems is that they
don‟t fit very cleanly into this paradigm and so they can make the process of tax collection very
frustrating for the Internal Revenue Service. It is at the business‟s discretion to disclose
payments received or made via electronic payment systems in a fiscal period, and the IRS has no
way of knowing if it‟s telling the truth or not. That makes it pretty easy to evadetaxation.

The Risk of Payment Conflicts

One of the idiosyncrasies of electronic payment systems is that the payments aren‟t handled by
humans but by an automated electronic system. The system is prone to errors, particularly when
it has to handle large amounts of payments on a frequent basis with many recipients involved.
It‟s important to constantly check your pay slip after every pay period ends in order to ensure
everything makes sense. Failure to do this may result in payment conflicts caused by technical
glitches and anomalies.

The Risk of Impulse Buying

Impulse buying is already a risk that you face when you use non-electronic payment systems. It
is magnified, however, when you‟re able to buy things online at the click of a mouse. Impulse
buying can become habitual and makes sticking to a budget almostimpossible.

ELECTRONIC FUND TRANSFER

Electronic Funds Transfer (EFT) is the electronic transfer of money from one bank account to
another, either within a single financial institution or across

multiple institutions, via computer-based systems, without the direct intervention of bank staff.
EFT transactions are known by a number of names. In the United States, they may be referred to
as electronic checks or e-checks.

Types

Gautam Kumar Singh Page14

 Unit 3: Ecommerce

The term covers a number of different payment systems, for example:

 Cardholder-initiated transactions, using a payment card such as a credit or debitcard

 Direct deposit payment initiated by thepayer
 Direct debit payments for which a business debits the consumer‟s bank accounts for
payment for goods or services
 Wire transfer via an international banking network such asSWIFT
 Electronic bill payment in online banking, which may be delivered by EFT or paper
check
 Transactions involving stored value of electronic money, possibly in a privatecurrency.

HOW IT WORKS ?

EFTs include direct-debit transactions, wire transfers, direct deposits, ATM withdrawals and
online bill pay services. Transactions are processed through the Automated Clearing House
(ACH) network, the secure transfer system of the Federal Reserve that connects all U.S. banks,
credit unions and other financial institutions.

For example, when you use your debit card to make a purchase at a store or online, the
transaction is processed using an EFT system. The transaction is very similar to an ATM
withdrawal, with near-instantaneous payment to the merchant and deduction from your checking
account.

Direct deposit is another form of an electronic funds transfer. In this case, funds from your
employer‟s bank account are transferred electronically to your bank account, with no need for
paper-based payment systems.

Electronic Funds Transfer (EFT) is a system of transferring money from one bank account
directly to another without any paper money changing hands. One of the most widely-used EFT
programs is Direct Deposit, in which payroll is deposited straight into an employee's bank
account, although EFT refers to any transfer of funds initiated through an electronic terminal,
including credit card, ATM, Fedwire and point-of-sale (POS) transactions. It is used for both
credit transfers, such as payroll payments, and for debit transfers, such as mortgage payments.

Electronic funds transfer example

The most popular form of electronic funds transfer is a direct deposit, in which an employee of a
company preauthorizes her employer to pay her salary directly into her bank account. However,
numerous other electronic funds transfers exist, including the following:

 ATMs.
 Online peer-to-peer payment apps like PayPal andVenmo.
 Pay-by-phonesystems.
 Wiretransfers.
 Online or mobilebanking.
 Electronicchecks

Gautam Kumar Singh Page15

 Unit 3: Ecommerce

 NEFT (importantterms)
 RTGS (importantterms)
 IMPS (importantterms)

1. NEFT - National Electronic Funds Transfer

What isNEFT?

National Electronic Funds Transfer (NEFT) is a nation-wide payment system facilitating one-to-
one funds transfer. Under this Scheme, individuals can electronically transfer funds from any
bank branch to any individual having an account with any other bank branch in the country
participating in the Scheme.

Use NEFT service to transfer funds anywhere using the following modes:

 InternetBanking
 iMobile
 m.dot
 Pockets
 icicibankpay

NEFT Transaction Charges

Transaction Charges NEFT

Amounts upto Rs 10,000 Rs 2.50 + Applicable GST

Amounts above Rs 10,000 and upto Rs 1 lakh Rs 5 + Applicable GST

Amounts above Rs 1 lakh and upto Rs 2 lakh Rs 15 + Applicable GST

Amounts above Rs 2 lakh and upto Rs 5 lakh Rs 25 + Applicable GST

Amounts above Rs 5 lakh and upto Rs 10 lakh Rs 25 + Applicable GST

NEFT Timings
Transaction Timings NEFT

Monday to Saturday
(Except 2nd and 4th 8:00 AM to 6:30 PM
Saturday)

2. RTGS

Gautam Kumar Singh Page16

 Unit 3: Ecommerce

What is RTGS ?

The acronym 'RTGS' stands for Real Time Gross Settlement, which can be defined as the
continuous (real-time) settlement of funds individually on an order by order basis (without
netting). 'Real Time' means the processing of instructions at the time they are received rather
than at some later time.'Gross Settlement' means the settlement of funds transfer instructions
occurs individually (on an instruction by instruction basis). Considering that the funds settlement
takes place in the books of the Reserve Bank of India, the payments are final and irrevocable.

Is there any minimum / maximum amount stipulation for RTGS transactions done on
ICICIBank.com?

The RTGS system is primarily meant for large value transactions. The minimum amount to be
remitted through RTGS is Rs 2 lakh. The maximum limit is Rs 10 lakh per day.

What are the transaction or service charges for RTGS transactions done on
ICICIBank.com?

RTGS Charges - Outward transactions

Amount above Rs 2 lakh upto Rs 5 lakh - Rs 25 + Applicable GST

Amount above Rs 5 lakh upto Rs 10 lakh - Rs 50 + Applicable GST

RTGS Timings

Under normal circumstances the beneficiary branches are expected to receive the funds inreal
time as soon as funds are transferred by the remitting bank. The beneficiary bank has to credit
the beneficiary's account within 30 minutes of receiving the funds transfermessage.

What is the maximum time for returning of RTGS transactions, which could not be
credited to beneficiary's account?

If the funds are not credited to the beneficiary's account for any reason like account does not
exist, account frozen etc., the funds will be returned to the originating bank within one hour or
before the end of the RTGS Business day, whichever is earlier.

How Real Time Gross Settlement (RTGS) is different from National Electronics Funds
Transfer System (NEFT)?

NEFT is an electronic fund transfer system that operates on a Deferred Net Settlement (DNS)
basis which settles transactions in batches. In DNS, the settlement takes place with all
transactions received till the particular cut-off time. These transactions are netted (payable and
receivables) in NEFT whereas in RTGS the transactions are settled individually. Any transaction
initiated after a designated settlement time would have to wait till the next designated settlement

Gautam Kumar Singh Page17

 Unit 3: Ecommerce

time Contrary to this, in the RTGS transactions are processed continuously throughout the RTGS
business hours.

3. IMPS

The IMPS (Immediate Payment Service) from ICICI Bank helps you access your bank account
and transfer funds instantly and securely. You can send money using ICICI Netbanking on an
internet-powered laptop or PC. We enable you to transfer funds from your ICICI account to any
ICICI or non-ICICI account. The beneficiary account is credited immediately when a fund
transfer request is made from your side.

This service is available 24x7, throughout the year including Sundays and any bank holiday.

Use IMPS service to transfer funds anytime, from anywhere using:

 InternetBanking
 iMobile
 m.dot

How to transfer money using an Account Number & the IFSC code

 Login toICICIBank.com
 Click on Payments andTransfer
 Select Transfer to Other ICICI Bank Account across India
 Select IMPS-IFSC and Payee from List of registeredPayees
 Enter details like Transaction amount, Transaction remarks
 Click onNext
 Enter Your ATM/Debit Card Grid and One Time Password (OTP) to complete your
transaction.
 Your transaction gets completed & your payment confirmation number will bedisplayed
onscreen.
 You will also receive an SMS informing you about the relevantstatus.

Advantages of EFT:

 The main advantage of an electronic funds transfer is time. Since all the transaction is
done automatically and electronically, the bank doesn‟t need to pay a person to do it,a
person to drive the loans to the other bank, the cost of the transport, the cost of the
maintenance of the transport, insurance and the gas of the transport. EFT‟s have
revolutionized modernbanking.

Gautam Kumar Singh Page18

 Unit 3: Ecommerce

Other benefit is immediate payment, which brings an up to date cash flow. You won‟t hear either
about lost checks causes by the inefficiency of normal mail (nowadays known as snail mail for
its velocity compared to emails) and up to datebookkeeping

Security Issues in E-commerce

Security is an essential part of any transaction that takes place over the internet. Customers will
lose his/her faith in e-business if its security is compromised. Following are the essential
requirements for safe e-payments/transactions −

 Confidentiality − Information should not be accessible to an unauthorized person. It

should not be intercepted during thetransmission.

 Integrity − Information should not be altered during its transmission over thenetwork.

 Availability − Information should be available wherever and whenever required within a

time limitspecified.

 Authenticity − There should be a mechanism to authenticate a user before giving

him/her an access to the requiredinformation.

 Non-Reputability− It is the protection against the denial of order or denial of payment.

Once a sender sends a message, the sender should not be able to deny sending the
message. Similarly, the recipient of message should not be able to deny thereceipt.

 Encryption − Information should be encrypted and decrypted only by an authorized

user.

 Auditability − Data should be recorded in such a way that it can be audited for integrity
requirements.

Gautam Kumar Singh Page19

 Unit 3: Ecommerce
Security Issues in E-Commerce Transactions
Ø Authentication:- Authentication ensures that the origin of an electronic message is correctly
identified. This means having the capability to determine who sent the message and from
whereor which machine. Without proper authentication, it will be impossible to know who
actuallyplaced an order and whether the order placed is genuine or not.
Ø Non-Repudiation:- Non-Repudiation is closely related to authentication and this ensures that
the sender cannot deny sending a particular message and the receiver cannot deny receiving
amessage.
Ø Access Control:- If access control is properly implemented, many other security problems
like lack of privacy will either be eliminated or mitigated. Access control ensures only those that
legitimately require accesses to resources are given access and those without valid access
cannothave access.

Gautam Kumar Singh Page20

 Unit 3: Ecommerce

Ø Confidentiality or Privacy:- Privacy ensures that only authorized parties can

accessinformation in any system. The information should not be distributed to parties that
should notreceive it. Issues related to privacy can be considered as a subset of issues related to
accesscontrol.
Ø Integrity:- Integrity ensures that only authorized parties can make changes to the documents
transmitted over the network.

Secure Electronic Transaction (SET)

 Secure Electronic Transaction (SET) is an open protocol which has the potential to
emerge as a dominant force in the security of electronictransactions.
 Jointly developed by Visa and MasterCard, in conjunction with leading computervendors
such as IBM, Microsoft, Netscape RSA, andGTE.
 SET is an open standard protocol for protecting the privacy and ensuring the authenticity
of electronictransactions.

Functions of SET
 Provide confidentiality of payment and orderinginformation.
 Ensure the integrity of all transmitteddata.

Gautam Kumar Singh Page21

 Unit 3: Ecommerce

 Provide authentication that a card holder is a legitimate user of a credit cardaccount.

 Provide authentication that a merchant can accept credit card transactions throughits
relationship with a financialinstitution.
 Ensure the use of best security practices and system design techniques to protectall
legitimate parties in an electronic commercetransaction.
 Create a protocol that neither depends on transport security mechanisms norprevents
theiruse.
 Facilitate and encourage interoperability among software & networkproviders.

Participants in the SET system

Scope of SET
1. Motivated by the large amount of unsecured credit-card based transactions on theInternet.
2. Network payments treated in a similar way to Mail Order/Telephone Order(MOTO)
transactions.

Gautam Kumar Singh Page22

 Unit 3: Ecommerce

3. SETappliesonlyto the„frontend‟ofpaymentnoneedtochangethe„backend‟.
4. SET only addresses Payment - other protocols for shopping, payment method selectionetc.
will be developed byothers.
Secure Socket Layer (SSL)
 SSL is a protocol developed by Netscapefor transmitting private documents viathe
Internet.
 SSL uses cryptographicsystem that uses two keys to encrypt data a public key known to
everyone and a private or secret key known only to the recipient of themessage.
 The SSL provides end-to-end secure data transmission between the web server andthe
webclient.
 It is sandwiched between the TCP/IP and the applicationlayer.
 Unlike TCP/IP that offers only reliable packet transfer, SSL ensures securepacket
transfer.

How SSL works?

The SSL performs two functions-it authenticates the websites and ensures secure
datatransmission between the web server and the client.
It achieves this either by using symmetric encryption or asymmetric encryption.
In symmetric encryption, a key called the private key is used both for encrypting
anddecrypting the data. For symmetric encryption to work, the sender & receiver should share
theprivate key. This is possible only when the sender & receiver know each other.
In asymmetric encryption, two separate keys are used to encrypt & decrypt data. The public
key is shared with the other person and the private key is known only to the person who decrypts
the data. So, the private key will remain a secret while the public key will be known to both
theparties.

Gautam Kumar Singh Page23

 Unit 3: Ecommerce

Gautam Kumar Singh Page24

 Unit 3: Ecommerce

Cryptography
Cryptography is the process through which the messages are altered so that their meaning is
hidden from adversaries who might intercept them.

Plain textis a message readable by anyone. Cipher textis plain text that has been modified to
protect its secrecy.
Encryption converts plain text to cipher text; Decryption converts cipher text to plain text.

Gautam Kumar Singh Page25

 Unit 3: Ecommerce

“Cryptography addresses the principles, means and methods used to disguise information
inorder to ensure itsauthenticity”.
Cryptography is used toachieve:-
· Confidentiality: only authorized persons can accessinformation.
· Integrity: information that was sent is what was received.
· Authentication: guarantee of originator of electronictransmission.
· Non-repudiation: originator of information cannot deny content ortransmission.
Types of Cryptography:-
Ø Private Key Cryptography
Ø Public Key Cryptography
Private KeyCryptography
In private-key cryptography, the senderand receiver agree beforehandon a secret private key. The
plain text is somewhat combined with the key to create the cipher text. The method of
combination is such that, it is hoped, an adversary could not determine the meaning of
themessage without decrypting the message, for which he needs the key.
Private-key methods are efficient and difficult to break. However, one major drawback is that
thekey must be exchanged between the sender and recipient beforehand, raising the issue of how
toprotect the secrecy of the key.

Gautam Kumar Singh Page26

 Unit 3: Ecommerce

Public Key Cryptography

In public-key cryptography, two separate keys are used to encrypt & decrypt data. The publickey
is shared with the other person and the private key is known only to the person who decryptsthe
data. So, the private key will remain a secret while the public key will be known to both the
parties.
Public-key cryptography depends upon the notion of one-way functions: a one way function is
afunction that is easy to apply, but extremely difficult to invert.

Gautam Kumar Singh Page27

 Unit 3: Ecommerce

Digital Signature
A digital signature is an electronic signature that can be used to authenticate the identity of
thesender of a message or the signer of a document, and possibly to ensure that the original
content of the message or document that has been sent is unchanged.
“Digital signature is a computer data compilation of any symbol or series of symbols,
executed, adopted or authorized by an individual to be legally binded equivalent to the
individual’s handwritten signature”
 A digital signature authenticates electronic documents in a similar manner ahandwritten
signature authenticates printeddocuments.
 A digital signature is issued by a CertificationAuthority (CA) and is signed with the
CA‟s privatekey.
 The recipient ofa digitally signed message can verify that the message originated from
the person whose signature is attached to the document and that the message has notbeen
altered either intentionally or accidentally since it was signed. Also the signer of a
document cannot later disown it by claiming that the signature wasforged.
 When a message with a digital signature is transmitted & received, the followingparties
areinvolved:-
 The signer who signs thedocument.
 The verifier who receives the signed document & verifies thesignature.
 The arbitrator who arbitrates any disputes between the signer & the verifier if
there is a disagreement on the validity of the digitalsignature.
 A digital signature typically contains the Owner‟s public key, the Owner‟s
name,Expiration date of the public key, the name of the issuer (the CA that issued the
Digital ID), Serial no. of the digital signature and the digital signature of theissuer.

Gautam Kumar Singh Page28

 Unit 3: Ecommerce

 Digital signatures are based on a combination of public key encryption and one way hash
function that converts a message of any length into a fixed length message digest known
as hash function. The value of hash function is unique for the hashed data.Any change in
the data, even deleting or altering a single character, results in a different value. The
contentofthehashdatacannotbededucedfromhashwhichiswhyitiscalled„oneway‟. The
encrypted hash, along with other information, such as hashing algorithm is known as
digitalsignature.

How does a Digital Signature Work?

The digital signature can be considered as a numerical value that is represented as a sequence of
characters. The creation of a digital signature is a complex mathematical process that can only be
created by a computer.

Consider a scenario where Alice has to digitally sign a file or an email and send it to Bob.

 Alice selects the file to be digitally signed or clicks on 'sign' in her emailapplication
 The hash value of the file content or the message is calculated by Alice'scomputer
 This hash value is encrypted with Alice's Signing Key (which is a Private Key) tocreate
the DigitalSignature.
 Now, the original file or email message along with its Digital Signature are sent toBob.
 After Bob receives the signed message, the associated application (such as email
application) identifies that the message has been signed. Bob's computer thenproceeds
to:
o Decrypt the Digital Signature using Alice's PublicKey
o Calculate the hash of the originalmessage
o Compare the (a) hash it has computed from the received message with the(b)
decrypted hash received with Alice'smessage.
 Any difference in the hash values would reveal tampering of themessage.

Gautam Kumar Singh Page29

 Unit 3: Ecommerce

Types of Security Attacks

Passive Attack and Active Attack

ØPassive Attack: In Passive attack a network intruder intercepts data travelling through the
network.A passive attack monitor‟s unencrypted traffic. Passive attacks include traffic analysis,
monitoring of unprotected communications, capturing authentication information such as
passwords.
Types of Passive Attacks:
a) Wire Tapping or Telephone Tapping: Telephone tapping is the monitoring of telephone
and internet conversations by a third party. Passive wire tapping monitors or records thetraffic.
b) Port Scanner: A port scan can be defined as an attack that sends client requests to a range
of server port addresses on a host, with a goal of finding an active port and exploiting a known
vulnerability of thatservice.
c) Idle Scan: The idle scan is a TCP port scan method that consists of sending spoofed packets
toacomputertofindoutwhatservicesareavailable.Thisisaccomplishedbyimpersonating
another computer called a “zombie” and observing the behaviour of the “zombie” system.

Ø Active Attack: In active attacks intruder initiates commands to disrupt the network‟s normal
operation. In an active attack, the attacker tries to bypass or break into secured systems. This can
be done through viruses or worms. Active attacks include attempts to break protection features to
introduce malicious code, and to steal or modify information.

Gautam Kumar Singh Page30

 Unit 3: Ecommerce

Types of Active Attacks

a) Denial-of-service Attack (Dos): Denial of service attack is an attempt to make a machine
or network resources unavailable to its intended users. It generally consists of efforts to
temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. One
common method of attack involves saturating the target machine with external communication
requests, so much so that it cannot respond to legitimate traffic or responds so quickly as to be
rendered essentially unavailable. Such attacks usually lead to a serveroverload.
b) Spoofing attack: A spoofing attack is when a malicious party impersonates another device
or user on a network in order to launch attacks against network hosts , steal data, spread malware
or bypass accesscontrols.
c) Man-in-the-middle attack: The man-in-the middle is a form of active eves dropping in
which the attacker makes independent connections with the victims& relays messages between
them, making them believe that they are talking directly to each other over a private connection,
while in fact the entire conversation is controlledby the attacker. The attacker must be able to
intercept all messages going between the two victims & inject newones.
d) SQL injection: Sql injection is a code injection technique, used to attack datadriven
applications, in which malicious SQL statements are inserted into an entry field forexecution.

Difference between Computer Virus and Computer Worm

Sno. Computer Virus Computer Worm
1. It cannot be controlled remotely. It can be controlled remotely.
2. It deletes, modifies the files and It only monopolies the CPU & memory.
alsochange the location of file.
3. It is slower than worm Worm is faster than virus.
4. The virus is the program code that The worm is code that replicate itself in
attaches itself to application program and order to consume resources to bring
when application program run it itdown.
runsalong with it.

BASIS FOR
ACTIVEATTACK PASSIVE ATTACK
COMPARISON

Gautam Kumar Singh Page31

 Unit 3: Ecommerce

BASIS FOR
ACTIVE ATTACK PASSIVE ATTACK
COMPARISON

Basic Active attack tries to change Passive attack tries to read or make use of

the system resources or information from the system but does not

affect their operation. influence system resources.

Modification in the Occurs does not take place

information

Harm to the system Always causes damage to Do not cause any harm.

the system.

Threat to Integrity and availability Confidentiality

Attack awareness The entity (victim) gets The entity is unaware of the attack.

informed about the attack.

Gautam Kumar Singh Page32

 Unit 3: Ecommerce

Gautam Kumar Singh Page33