Professional Documents
Culture Documents
3. Reduced risk of loss and theft: You can not forget your virtual
wallet somewhere and it can not be taken away by robbers.
4. Low commissions: If you pay for internet service provider or a mobile
account replenishment through the UPT (unattended payment terminal), you
will encounter high fees. As for the electronic payment system: a fee of this
kind of operations consists of 1% of the total amount, and this is a
considerable advantage.
2. The risk of being hacked: If you follow the security rules the threat
is minimal, it can be compared to the risk of something like a robbery.
The worse situation when the system of processing company has been
broken, because it leads to the leak of personal data on cards and its
owners. Even if the electronic payment system does not launch plastic
cards, it can be involved in scandals regarding the Identity theft.
instant payment and confirmation. This means know is some companies will indeed have a
you as a business get immediate approval of higher interest rate than most online banking
systems. As with everything relating to your
orders and direct payments the moment after a
business to read the small print and fully
purchase has happened. If you pick the right
understand that the company is offering. should
online payment method you could get lower
never happen you should be aware that many
interest rates than payment intermediaries. While
online payment companies will hold the trader
you will need to do your homework with this the
responsible for any case of fraud and that could
saving to your business could be massive.
be you have further fees to pay once the matter is
all sorted out. So do be aware of this.
Advantage Disadvantage
Instant Receipts You Are Responsible For
Ensuring The Equipment
If you find printing off receipts a bit of If you have a real-world shop you might
a chore you might be happy to know need to get any card machines covered
that many online payment companies by your own shop’s insurance or even
will issue an instant receipt the your SME insurance. Either way, this
moment an order has been placed.
will often be part of the deal you
Some will even allow you to print them
signed, but it is a down-side that you
off the moment an order is placed, but
might not have thought about.
even if it does, it saves you the time of
making a receipt yourself.
Advantage Disadvantage
Instant Approval Signups Are Required
If you use an online bank it could take weeks to While most people are more than happy to sign
get set up and even accepted in the first place, up to a separate payment method there are still
but with an online card operator, you could get some online shoppers that will be put off by it.
approved there and then and the code made As a general geographic it is mostly older
for you and ready to roll.
people who are this way inclined with the
younger generation being more inclined to sign
up and use them. So do check what type of
shoppers your site draws in.
Advantage Disadvantage
• PayPal (Global)
• Authorize. Net (US)
• VeriSign (Global)
• Link point (US)
• 2Checkout (Global)
• World Pay (Global)
• Cyber Source (US)
• Protx (UK)
• EWay (AU)
• Moneris (CA)
• QuickBooks Merchant Services (US Only)
The Role of a Strong Payment
Gateway in eCommerce
Why a Payment Gateway?
1. Payment Options
2. Transaction Enhancing Tools
3. Risk Management & Fraud Protection
4. Fair Pricing
1. Payment Options:
Why ?
• Indians are uncomfortable about owing money!
• So `non-credit’ based payment options are popular
• Any safe method of debiting the bank account
directly is welcome … Debit Cards/ Net Banking etc
• New payment options like Cash Cards, Phone
Payments are growing exponentially.
1. Atomicity
2. Anonymity/Privacy
3. Scalability
4. Security
5. Reliability
6. Usability
7. Inter-operability
1. Atomicity
2. Anonymity/Privacy
3. Scalability
4. Security
5. Reliability
6. Usability
7. Inter-operability
Methods of Electronic Payment System
1. Banking cards
Credit card are very commonly used as a tool for electronic payment.
It is a thin plastic card that can be used to buy items, meet food or restaurant
bills, booking of airline tickets etc. Any credit card allows a user to pay later
for the items one has bought or the services availed, hence the name credit
card is given. This process of payment is known as charging. Charging
means that one user had paid for the items his or her credit card by
promising to pay when the user had signed the credit card receipt. Credit
card are normally issued from a bank or any authorized authority.
1.Banking Card [Credit and Debit Card]
b) Debit Card:-
A debit card (also known as a bank card, plastic card or check card) is
a plastic payment card, that can be used instead of cash when making
purchases. It is similar to a Credit card, but unlike a credit card, the money
comes directly from the user's bank account, when performing a transaction.
Payments using a debit card are immediately transferred from the
cardholder's designated bank account, only if sufficient balance is available,
If not the transaction will be failed.
Debit cards usually also allow for instant withdrawal of cash, acting as
an ATM card for withdrawing cash.
2. Unstructured Supplementary Service
Data(USSD)
• USSD was launched for those sections of India’s population which don’t
have access to proper banking and internet facilities. Under USSD,
mobile banking transactions are possible without an internet connection
by simply dialing *99# on any essential feature phone.
• The benefit of using UPI is that it allows you to pay directly from your
bank account, without the need to type in the card or bank details. This
method has become one of the most popular digital payment modes in
2020, with October witnessing over 2 billion transactions.
Mobile PoS terminals are those which work through a tablet or smartphone and
Virtual PoS systems are those that use web-based applications to process
payments.
8. Internet Banking
Today, most Indian banks have launched their internet banking services. It
has become one of the most popular means of online transactions. Every
payment gateway in India has a virtual banking option available. NEFT,
RTGS, or IMPS are some of the top ways to make transactions via internet
banking.
9. Mobile Banking
Mobile banking refers to the act of conducting transactions and other
banking activities via mobile devices, typically through the bank’s mobile
app. Today, most banks have their mobile banking apps that can be used on
handheld devices like mobile phones and tablets and sometimes on
computers.
Bharat Interface for Money (BHIM) is a payment app that lets you
make simple, easy and quick transactions using Unified Payments
Interface (UPI). You can make direct bank payments to anyone on
UPI using their UPI ID or scanning their QR with the BHIM app.
You can also request money through the app from a UPI ID.
12. Electronic Tokens
• Real Time: (or Pre-paid tokens) - These are exchanged between buyer
and seller, their users pre-pay for tokens that serve as currency.
Transactions are settled with the exchange of these tokens. Examples of
these are DigiCash, Debit Cards, Electronic purse etc.
• Post Paid Tokens – are used with fund transfer instructions between the
buyer and seller. Examples – Electronic cheques, Credit card data etc.
13. Electronic Cheques
• Online payments done via credit cards, debit cards, or smart cards are
examples of e-money transactions. Another popular example is e-cash. In
case of e-cash, both customer and merchant have to sign up with the
bank or company issuing e-cash.
• Electronic money refers to the currency electronically stored on
electronic systems and digital databases used to make it easier to transact
electronically. It is popularly referred to by many names, including
digital cash, digital currency, e-money, and so on.
• The European Central Bank defines e-money in the following words. “E-
money can be defined as amount of money value represented by a claim
issued on a prepaid basis, stored in an electronic medium (card or
computer) and accepted as a means of payment by undertakings other
than the issuer” (ECB).
What is Fiat Currency (or Fiat Money)?
by it. Fiat money is the exact opposite of commodity money, whose value
• Bitcoin
• Ethereum
• Ripple
• Dash
• Litecoin
• Dogecoin
• zCash
Cryptocurrencies vs. E-Money
• E-money institutions must comply with anti-money laundering, anti-fraud and know-
your-customer regulations or face legal consequences. Cryptocurrencies, as a relatively
new technology, are not yet widely regulated. A decentralized complex peer system
validates and processes crypto transactions.
• Cryptocurrencies are not backed by fiat money. Thus in contrast to e-money, whose
fluctuation in value is tied to the assigned fiat currency’s value. Cryptocurrency’s worth
is fluctuating, as determined by supply, demand and developments of the crypto market.
Features of Electronic Money
• Store of value: Just like physical currency, electronic money is also a store of value,
the only difference being, that with electronic money, the value is stored electronically
unless and until withdrawn physically.
• Unit of account: Just like paper currency, electronic money provides a common
measure of the value of the goods and/or services being transacted.
1. Hard
Hard electronic currencyis when e- currency is used for irreversible transactions, ones
that are highly securitized, and are more or less procedural in nature. They may include
transactions that are drawn through a bank.
2. Soft
The changes can be made post-transaction within a defined period. They may include
transactions that are passed through payment mechanisms like PayPal, PayTM, credit
cards, and so on.
Kinds of e-money
In general, there are two distinct types of e-money: identified e-money and
anonymous e-money -- also known as digital cash.
• Identified e-money contains information revealing the identity of the person who
originally withdrew the money from the bank. Also, in much the same manners as
credit cards, identified e-money enables the bank to track the money as it moves
through the economy.
• Anonymous e-money works just like real paper cash. Once anonymous e-money is
withdrawn from an account, it can be spent or given away without leaving a
transaction trail. You create anonymous e-money by using blind signatures rather
than non-blind signatures.
Online and Offline e-money
There are two varieties of each type of e-money: online e-money and offline e-
money.
• Online e-money means you need to interact with bank to do a transaction with a
third party.
• ACID test
• ICES test
Atomicity
Isolation
ACID : Atomicity
• No points of failure.
debited to another.
• Before X buys a product from Y, X must agree to buy it for 100 and Y
must agree to sell it at 100.
ACID : Isolation
• If customer is not happy with the product, the merchant should refund
him.
Interoperability
Scability
ICES Conservation
Test
Economy
ICES : Interoperability
• How well money holds its value over time. ( temporal consistency)
• If the users have to pay a higher transaction cost they may switch to other
payment product or prefer cash where processing cost is zero.
The use of electronic money brings increased flexibility and convenience to the
table. Transactions can be entered into from anywhere in the world, at any
given time, with one click of a button. It removes the hassle and tediousness
involved with the physical delivery of payments.
2. Historical record
The internet always comes with the inevitability of possible security breaches and hacks. A
hack can leak sensitive personal information and can lead to fraud and money laundering.
3. Online scams
Online scamming is also possible. All it takes for a scammer is to pretend to be from a certain
organization or a bank, and consumers are easily convinced to give away their bank/card
details. Despite the increased security and presence of authentication measures to counter
online scams, they are still something to be looked after.
Electronic money in India
• In India, the field of electronic money is regulated by the RBI mainly under
Payment and Settlement System Act (PPS Act) 2007. The Act gives details about
the issue pf electronic money under the name Prepaid Payment Instruments.
Separate Prepaid Payments Instruments guidelines are also issued by the RBI on
this behalf. As per the PPS Act, banks and non-bank entities can issue pre-paid
payment instruments in the country after obtaining necessary approval /
authorization from RBI.
• Fraud risk
• Tax evasion risk
• Payment conflicts risk
• Credit risk
• Compliance risk
• Liquidity risk
• Impulse buying risk
1. Fraud Risk
Electronic payment systems are not immune to the risk of fraud. The
system uses a particularly vulnerable protocol to establish the
identity of the person authorizing a payment. Passwords and security
questions aren’t foolproof in determining the identity of a person. So
long as the password and the answers to the security questions are
correct, the system doesn’t care who’s on the other side. If someone
gains access to your password or the answers to your security
question, they will have gained access to your money and can steal it
from you.
2. Tax Evasion Risk
Credit risk is the risk that participants in the transaction will not be
paid for an outstanding claim. These participants include the
counterparties themselves, the issuer of the settlement medium, and,
if any, intermediaries involved in the delivery of goods, services,
etc. Credit risk typically arises when one of the participants becomes
insolvent.
5. Compliance Risk
• There is the possibility a credit union will fail to comply with regulatory
requirements, including—but not limited to—the Electronic Funds
Transfer Act, the Bank Secrecy Act, and requirements of the Office of
Foreign Assets Control.
6. Liquidity Risk
• Liquidity risk is the risk that the counterparty that owes funds will not be
able to meet its payment obligation on time, thus adversely affecting the
expected liquidity position of the recipient of funds at the time the funds
are due.
7. Impulse Buying Risk
• Impulse buying is already a risk that you face when you use non-
electronic payment systems. It is magnified, however, when you’re able
to buy things online at the click of a mouse. Impulse buying can become
habitual and makes sticking to a budget almost impossible.
Electronic Fund Transfer
ACH and EFT payments are both types of electronic payments. The
difference is that ACH is a type of EFT (electronic funds transfer) payment.
ACH stands for the Automated Clearing House and is the process of
moving funds from one bank to another. EFT payments are an umbrella
term that include ACH payments, wire transfers, and all other types of
digital payments.
Types of EFT payments
• Direct deposit – A type of electronic transfer that allows you to pay
employees electronically. Put simply, you let your direct deposit service
provider know how much to deposit in each employee’s account, and then
on payday, the money will be deposited.
• ATMs (Automated Teller Machines) – Allows you to make withdrawals
and deposits, check your account balance, and transfer funds without
entering the bank and talking to a teller.
• Credit/debit cards – You can also make EFT payments with a credit or
debit card. You can use your card to move money from a business bank
account, make purchases, or pay bills.
• Wire transfers – Electronic money transfers that are typically used to send
large sums of money, for example, placing a large down payment on a new
piece of equipment for your business.
• Pay-by-phone systems – An electronic transfer method that allows you to
pay your bills or send money between different accounts over the phone.
• Electronic checks – Similar to traditional, paper-based checks, but entirely
electronic. You simply need to enter your routing number and bank account
number to make a payment.
Types of Transactions in EFT in India
Post demonetization, people prefer to transfer money using electronic fund transfer
methods. The popularity of electronic payment options is sharply increasing as it
allows users to transfer funds online using their mobiles and laptops, from the
comfort of their homes and offices. Moreover, it eliminates geographical barriers
and helps them transfer money in a hassle-free manner by simply using the IFSC
Codes.
• But it can be confusing to decide the best method of transferring the money.
Taking into the consideration factors like transfer limit, time, cost etc. you can
make the right choice.
Listed below are some of the electronic methods, which can be
used to transfer money between two accounts
• The Transaction between your own linked accounts of the
same bank
• The Transaction between different accounts of the same
bank.
• Transferring money through NEFT into a different bank’s
accounts
• Transferring money through RTGS into other bank accounts
• Transferring money through IMPS into various accounts
1. NEFT
National Electronic Funds Transfer or NEFT is the most commonly used online
payment option to transfer money from one bank account to another. Usually,
salary transfers by companies are done using NEFT.
The funds are transferred on a deferred settlement basis, which implies that the
money is transferred in batches. There is no maximum limit but this depends from
one bank to another. For instance, the retail banking limit set by SBI is Rs. 10
lakhs.
Cost Involved
For transferring money to a different bank, Rs 2.50 to Rs 25 can be charged, based
on the amount being transferred.
Constraints
The money can be transferred only during the bank working days. The transactions
cannot be completed over the weekends and on bank holidays. It will be completed
on the next working day. Thus, you cannot make instant transactions using NEFT.
Requirements-
• Recipient’s name
• Recipient’s bank name
• Recipients’ account number
• IFSC code of the beneficiary bank
2. RTGS
You can transfer money from one bank to another on a real-time basis using
Real Time Gross Settlement or RTGS method. There is no maximum transfer
limit, but the minimum is Rs. 2 lakhs. The transactions are processed
throughout the RTGS business hours. Usually, the amount is remitted within
30-minutes.
To be able to transfer money through RTGS, it is required for the sender and
the receiver bank branch to be RTGS enabled. You can find the list of RTGS
authorized banks on the RBI website.
Cost Factor-
It costs a little more than NEFT. But still, it will not cost you more than Rs. 30
for transactions up to Rs. 5 lakhs. The fee varies from one bank to another.
Requirements-
• Amount to be sent
• Account number of the remitter or sender
• Name of the recipient or beneficiary
• Account number of the beneficiary
• Beneficiary’s bank and branch name
• IFSC code of the receiving branch
• Sender to receiver information, if any
3. IMPS or Immediate Payment Service
For instant payments, send money through IMPS. The money is transferred
instantaneously through mobile phones using this interbank electronic fund
transfer service.
You can make the transactions 24X7X365 across banks including all weekends
and bank holidays. The money can be transferred using phones, ATMs, Mobile
Money Identifier (MMID) and internet banking. The idea is simple – to allow
users to make payments with the mobile number of the beneficiary.
Requirements -
• MMID of the Recipient
• 7 Digit MMID Number
• MMID of the receiver
• Name of the beneficiary
• Beneficiary’s mobile number
• Account Number of the recipient
• IFSC Codes of the beneficiary bank
4. Unified Payments Interface (UPI)
• Time Saving
• Convenience
• 24x7 services
• Eco-friendly process
• Easy access
• Faster transacting
Disadvantages of EFT
Successful business online depends on the customers’ trust that a company has
eCommerce security basics in place.
Security issues in e-Commerce
• Integrity − Information should not be altered during its transmission over the network.
Cryptanalysis
• Asymmetric Encryption
• Symmetric Encryption
Encryption
Cipher
• Cipher is a method for encrypting messages
Key A Key B
• Encryption algorithms are standardized & published
• The key which is an input to the algorithm is secret
• Key is a string of numbers or characters
• If same key is used for encryption & decryption the algorithm is
called symmetric
• If different keys are used for encryption & decryption the algorithm
is called asymmetric
ASYMMETRIC CRYPTOSYSTEMS
The transmitter and the receiver both have two keys in an asymmetric
system. However, the private key is kept private and not sent over with the
message to the receiver, alth.ough the public key is
SYMMETRIC CRYPTOSYSTEMS
A symmetric cryptosystem (or private key cryptosystem) uses only one key
for both encryption and decryption of the data. The key used for encryption
and decryption is called the private key and only people who are authorized
the encrypted message is sent over without any public keys attached to it.
Encryption Algorithm
Summary
• A system only which possesses the secret key can decrypt a message.
Symmetric Encryption
Limitations
• Digital Signatures
Message
Message Digest Digest
Algorithm
Secret Key
Password Authentication
Basics
• Password is secret character string only known to user and server
• Message Digests commonly used for password authentication
• Stored hash of the password is a lesser risk
• Hacker can not reverse the hash except by brute force attack
• Problems with password based authentication
• Attacker learns password by social engineering
• Attacker cracks password by brute-force and/or guesswork
• Eavesdrops password if it is communicated unprotected over the
network
• Replays an encrypted password back to the authentication server
Authentication
Biometrics
• Uses certain biological characteristics for authentication
• Biometric reader measures physiological indicia and compares
them to specified values
• It is not capable of securing information over the network
• Different techniques exist
• Fingerprint Recognition
• Voice Recognition
• Handwriting Recognition
• Face Recognition
• Retinal Scan
• Hand Geometry Recognition
Authentication
Iris Recognition
The scanning process takes advantage of
the natural patterns in people's irises,
digitizing them for identification purposes
Facts
• Probability of two irises producing exactly
the same code: 1 in 10 to the 78th power
• Independent variables (degrees of
freedom) extracted: 266
• IrisCode record size: 512 bytes
• Operating systems compatibility: DOS and
Windows (NT/95)
• Average identification speed (database of
100,000 IrisCode records): one to two
seconds
Authentication
Digital Signatures
• A digital signature is a data item which accompanies or is logically
associated with a digitally encoded message.
• It has two goals
• A guarantee of the source of the data
• Proof that the data has not been tampered with
Sender’s Sender’s
Private Key Public Key
Message Digest Digest Message
Sent to Algorithm Algorithm Digest
Receiver
Same?
Digital
Message Signature Signature Signature Message
Digest Algorithm Sent to Algorithm Digest
Receiver
Sender Receiver
Authentication
Digital Cerftificates
• A digital certificate is a signed statement by a trusted party that another
party’s public key belongs to them.
• This allows one certificate authority to be authorized by a different
authority (root CA)
• Top level certificate must be self signed
• Any one can start a certificate authority
• Name recognition is key to some one recognizing a certificate authority
• Verisign is industry standard certificate authority
Identity
Information
Signature Certificate
Sender’s
Algorithm
Public Key
Certificate
Authority’s
Private Key
Digital Certificates
• A certificate is signed code or messages that provide proof that the holder
is the person identified by the certificate
• Main elements:
• Certificate owner’s identifying information
• Certificate owner’s public key
• Dates between which the certificate is valid
• Serial number of the certificate
• Name of the certificate issuer
• Digital signature of the certificate issuer
Ensuring Transaction Integrity
with Hash Functions
• Integrity violation
• Occurs whenever a message is altered while in transit
between the sender and receiver
• Hash algorithms are one-way functions
• There is no way to transform the hash value back to the
original message
• Message digest
• Small integer number that summarizes the encrypted
information
Ensuring Transaction Integrity with
Digital Signatures
• Hash algorithms are not a complete solution
• Anyone could:
• Intercept a purchase order
• Alter the shipping address and quantity ordered
• Re-create the message digest
• Send the message and new message digest on to the merchant
• Digital signature
• An encrypted message digest
Security Protocols in Internet
transactions.
Secure Socket Layer (SSL)
Authentication
Encryption
Integrity
Non-reputability
"https://" is to be used for HTTP urls with SSL, where as
"http:/" is to be used for HTTP urls without SSL.
Secure Hypertext Transfer Protocol
(SHTTP)
• Characteristics
• All traffic from inside to outside and from outside to
inside the network must pass through the firewall
• Only authorized traffic is allowed to pass
• Firewall itself is immune to penetration
• Trusted networks are inside the firewall
• Untrusted networks are outside the firewall
Firewalls (continued)
• Packet-filter firewalls
• Examine data flowing back and forth between a trusted
network and the Internet
• Gateway servers
• Firewalls that filter traffic based on the application
requested
• Proxy server firewalls
• Firewalls that communicate with the Internet on the
private network’s behalf
Introduction