Contents

• What id Digital Payment?

• Advantages of EPS
• Disadvantages of EPS
• Why an online payment platform?
• Payment Gateway
• Digital payment requirements
• Methods of EPS
• E-Money
What is a Digital Payment ?

A digital payment or e-payment is a way of making transactions

or paying for goods and services through an electronic medium,
without the use of checks or cash. It is also called an electronic
payment system or online payment system.

What is a Cashless Economy ?

In a cashless economy, all transactions are carried out using

different types of payment methods and this does not involve
the physical use of money for the purchase of various goods
and services.
 Advantages of Electronic Payment
System
1. Time Savings
2. Expenses control
3. Reduced risk of loss and theft
4. Low commissions
5. User-friendly
6. Convenience
7. Digital record of transactions
8. Helps keep black money under control
9. Waivers, discount and cashback
10. One stop solution for paying bills
1. Time Savings: Money transfer between virtual accounts usually takes a
few minutes, while a wire transfer or a postal one may take several days.
Also, you will not waste your time waiting in lines at a bank or post office.

2. Expenses control: Even if someone is eager to bring his disbursements

under control, it is necessary to be patient enough to write down all the petty
expenses, which often takes a large part of the total amount of disbursements.
The virtual account contains the history of all transactions indicating the store
and the amount you spent. And you can check it anytime you want. This
advantage of electronic payment system is pretty important in this case.

3. Reduced risk of loss and theft: You can not forget your virtual
wallet somewhere and it can not be taken away by robbers.
4. Low commissions: If you pay for internet service provider or a mobile
account replenishment through the UPT (unattended payment terminal), you
will encounter high fees. As for the electronic payment system: a fee of this
kind of operations consists of 1% of the total amount, and this is a
considerable advantage.

5. User-friendly: Usually every service is designed to reach the widest

possible audience, so it has the intuitively understandable user interface. In
addition, there is always the opportunity to submit a question to a support
team, which often works 24/7. Anyway you can always get an answer using
the forums on the subject.

6. Convenience: All the transfers can be performed at any time, anywhere.

It's enough to have an access to the Internet.
Disadvantages of Electronic Payment
System
1. Restrictions: Each payment system has its limits regarding the
maximum amount in the account, the number of transactions per day
and the amount of output.

2. The risk of being hacked: If you follow the security rules the threat
is minimal, it can be compared to the risk of something like a robbery.
The worse situation when the system of processing company has been
broken, because it leads to the leak of personal data on cards and its
owners. Even if the electronic payment system does not launch plastic
cards, it can be involved in scandals regarding the Identity theft.

3. The problem of transferring money between different payment

systems: Usually the majority of electronic payment systems do not
cooperate with each other. In this case, you have to use the services of
e-currency exchange, and it can be time-consuming if you still do not
have a trusted service for this purpose.
4. The lack of anonymity: The information about all the
transactions, including the amount, time and recipient are
stored in the database of the payment system. And it means
the intelligence agency has an access to this information. You
should decide whether it's bad or good.

5. The necessity of Internet access: If Internet connection

fails, you can not get to your online account.
Why an online payment platform?
• In order for our new online company to have the most positive response
possible, we need to know what the best online payment platform and
method will be included. The more payment facilities and methods you
have in your business, the greater the opportunity to make sales, increasing
your site’s conversion rate.
• If you want your virtual business to be as successful as your physical store,
you must use as many online payment platforms as possible. You can make
contracts with card operators or with payment intermediaries. Whatever
your choice, it is always necessary to look for as many options as possible,
especially if your target audience is more heterogeneous.
• To further assist you in choosing the best online payment method, we
separate a small list of 10, breaking down to 5 advantages and 5
disadvantages in choosing a card operator or payment intermediary, so you
can decide which is best for you…
 Advantage
Lower Interest Rates
If you pick the right online payment
method you could get lower
interest rates than payment
intermediaries. While you will need
to do your homework with this the
saving to your business could be
massive.
Disadvantage
You Are Responsible For Any
Fraud
While it should never happen you
should be aware that many online
payment companies will hold the
trader responsible for any case of
fraud and that could be you have
further fees to pay once the matter
is all sorted out. So do be aware of
this.
 Advantage
You Get Your Money
Instantly
There is no delay if you pick the right payment
company with many of them offering almost
instant payment and confirmation. This means
you as a business get immediate approval of
orders and direct payments the moment after a
purchase has happened. If you pick the right
online payment method you could get lower
interest rates than payment intermediaries. While
you will need to do your homework with this the
saving to your business could be massive.
Disadvantage
Higher Interest Rates
While We have already learned that lower interest
rates are an advantage, but what you might not
know is some companies will indeed have a
higher interest rate than most online banking
systems. As with everything relating to your
business to read the small print and fully
understand that the company is offering. should
never happen you should be aware that many
online payment companies will hold the trader
responsible for any case of fraud and that could
be you have further fees to pay once the matter is
all sorted out. So do be aware of this.
 Advantage
Instant Receipts
If you find printing off receipts a bit of
a chore you might be happy to know
that many online payment companies
will issue an instant receipt the
moment an order has been placed.
Some will even allow you to print them
off the moment an order is placed, but
even if it does, it saves you the time of
making a receipt yourself.
Disadvantage
You Are Responsible For
Ensuring The Equipment
If you have a real-world shop you might
need to get any card machines covered
by your own shop’s insurance or even
your SME insurance. Either way, this
will often be part of the deal you
signed, but it is a down-side that you
might not have thought about.
 Advantage
Instant Approval
If you use an online bank it could take weeks to
get set up and even accepted in the first place,
but with an online card operator, you could get
approved there and then and the code made
for you and ready to roll.
Disadvantage
Signups Are Required
While most people are more than happy to sign
up to a separate payment method there are still
some online shoppers that will be put off by it.
As a general geographic it is mostly older
people who are this way inclined with the
younger generation being more inclined to sign
up and use them. So do check what type of
shoppers your site draws in.
 Advantage Disadvantage

Better Deals For Customers Customers Will See Offers

From Other Sites
Some online payment operators will While you can get the word out there
also have their own offers and about your new sale or maybe new
incentives to give to customers. This items, this also means other companies
will often not cost the site using the can do the same thing.
service a single penny, but it might well
lead to more sales. Just as a side note
you can also work with these online
payment companies to promote your
own sale items and offers.
What is Payment Gateway?
Working of Payment Gateway
• Visitor places the order on the website and it is sent to the merchant's
web server in encrypted format. This is usually done via SSL (Secure
Socket Layer) encryption.

• The transactions details are then forwarded to the concerned Payment

Gateway.

• The transaction information is then passed on to the merchants

acquiring bank by the Payment Gateway.

• Merchants acquiring bank then forwards the transaction information to

the issuing bank (one that issued the credit card to the customer).
• Then the card issuing bank sends a response back to the
Payment Gateway. The response includes information that
whether the payment has been approved or declined. In case
of declination the reason is also sent in the response.
• The response is then forwarded by the Payment Gateway to
the merchant’s server.
• At merchants server the response is encrypted again and is
relayed back to the customer. This allows the customer to
know that whether the order has been placed successfully or
not.
• The entire process typically takes less than 5 seconds.
Flow of payment process
What is SSL?

• SSL stands for Secure Socket Layer

• Payment Gateways encrypt sensitive information,

such as credit card numbers, to ensure that
information passes securely between the customer
and the merchant.

• SSL used HTTPS protocol

Types of Payment Gateways

• PayPal (Global)
• Authorize. Net (US)
• VeriSign (Global)
• Link point (US)
• 2Checkout (Global)
• World Pay (Global)
• Cyber Source (US)
• Protx (UK)
• EWay (AU)
• Moneris (CA)
• QuickBooks Merchant Services (US Only)
The Role of a Strong Payment
Gateway in eCommerce
Why a Payment Gateway?

• When it comes to running online business, the

most important question is …
“How will my customer pay me?”
• If you don’t have an answer to that question, then
you may as well as pack up and go home.
• All the hard work of building your online enterprise
will be in vain…
So how to choose a good
payment gateway?

1. Payment Options
2. Transaction Enhancing Tools
3. Risk Management & Fraud Protection
4. Fair Pricing
1. Payment Options:

“I accept just credit cards on my website

and that is good enough for me …”

“Sure …but be prepared to cater to a

shrinking customer base.”

Why ?
• Indians are uncomfortable about owing money!
• So `non-credit’ based payment options are popular
• Any safe method of debiting the bank account
directly is welcome … Debit Cards/ Net Banking etc
• New payment options like Cash Cards, Phone
Payments are growing exponentially.

So when the choice of payment options are in a state

of flux… which payment gateway to choose?
Simple … do what millions of Indians do …
Choose the payment gateway that
gives customers the full Thali!

It has something for everyone …

Choose the payment gateway that
gives customers the full Thali!

It has something for everyone …

2. Transaction Enhancing Tools:

• Does the PG reflect the ground realities of doing

business online?

• Do it provide the merchant with features that will

expand the scope of his business?
 Built-in Transaction
Shopping Failure
Cart Collection
Virtual
Terminal
Auction
Collect Collection
Invoice Feature
Facility SMS Order
Alert IVRS
Payments
Co-
P2P marketing
Payments through
Bank Malls
An array of simple tools to solve real
eCommerce problems

A strong PG will provide an array of

transaction enhancing tools so that the merchant can
expand the scope of his online business.
3. Risk Management & Fraud Protection:

• How well is the merchant protected by the PG company's risk

management teams?

• Do they have the right processes, tools and the experience?

• Do they charge the merchant for these services?

Never meant for online use …
• Credit cards as they are now were never meant for online
use.
• Two factor authentication was almost useless.
• Merchants have lost crores due to credit card fraud.
• Banks have been dilly dallying about implementing the
new third factor of authentication: VBV, MSC and AVS
to offer merchants additional protection.
• RBI had to step and make it compulsory for the banks to
implement it by 1st Aug 2009.
Risk Management Processes
• Negative Database mapping
• High Risk Global IP Address Verification
• Velocity Checks
• Issuing Bank BIN number mapping
• Zip Code and Telephone Validity Checks
• Keystroke speed recording.
Risk Management Processes
• Data Security : Payment Card Industry Data
Security Standards (PCI-DSS)
• VeriSign SCG enabled SSL Encryption
• McAfee Hacker Safe Daily Audit of Sites.
• Servers with Intrusion Detections and
Prevention Systems

A strong PG will give risk management and fraud

containment activities the due importance it deserves and
work to keep up with the changing environment.
4. Fair Pricing:

• What is the pricing structure of the payment gateway?

• Do they have a flexible pricing structure that adapts to

the evolving business metrics and the merchant’s
business model?
 Some online merchants make a common but
simple mistake … one that could prove to be fatal
to their online business …

“Lower the price, better the value”

The Hidden Costs in a Cheap PG

Bad risk management = monetary and

reputational loss
• Limited payment options = you lose real
customers … monetary loss as well
• Poor PG software and low end hardware
and people-ware = downtime of PG =
monetary loss and lost customers
• Bad, unresponsive, non reachable support
staff at PG partner = you get ulcers handling
irate customers and from suffering business
loss. Remember your health is priceless.
Digital Payment Requirements
Digital Payment occurs when goods or services are purchased
through the use of various electronic mediums.
Requirements for Digital Payment Systems

1. Atomicity
2. Anonymity/Privacy
3. Scalability
4. Security
5. Reliability
6. Usability
7. Inter-operability
1. Atomicity
2. Anonymity/Privacy
3. Scalability
4. Security
5. Reliability
6. Usability
7. Inter-operability
Methods of Electronic Payment System
 1. Banking cards

Indians widely use Banking cards, or debit/credit cards, or prepaid

cards, as an alternative to cash payments. Andhra Bank launched the
first credit card in India in 1981.

Cards are preferred because of multiple reasons, including, but not

limited to, convenience, portability, safety, and security. This is the
only mode of digital payment that is popular in online transactions
and physical transactions.
1. Banking Card [Credit and Debit Card]
a) Credit Card:-

Credit card are very commonly used as a tool for electronic payment.
It is a thin plastic card that can be used to buy items, meet food or restaurant
bills, booking of airline tickets etc. Any credit card allows a user to pay later
for the items one has bought or the services availed, hence the name credit
card is given. This process of payment is known as charging. Charging
means that one user had paid for the items his or her credit card by
promising to pay when the user had signed the credit card receipt. Credit
card are normally issued from a bank or any authorized authority.
1.Banking Card [Credit and Debit Card]
b) Debit Card:-

A debit card (also known as a bank card, plastic card or check card) is
a plastic payment card, that can be used instead of cash when making
purchases. It is similar to a Credit card, but unlike a credit card, the money
comes directly from the user's bank account, when performing a transaction.
Payments using a debit card are immediately transferred from the
cardholder's designated bank account, only if sufficient balance is available,
If not the transaction will be failed.
Debit cards usually also allow for instant withdrawal of cash, acting as
an ATM card for withdrawing cash.
2. Unstructured Supplementary Service
Data(USSD)

• USSD was launched for those sections of India’s population which don’t
have access to proper banking and internet facilities. Under USSD,
mobile banking transactions are possible without an internet connection
by simply dialing *99# on any essential feature phone.

• This number is operational across all Telecom Service Providers (TSPs)

and allows customers to avail of services including interbank account to
account fund transfer, balance inquiry, and availing mini statements.
Around 51 leading banks offer USSD service in 12 different languages,
including Hindi & English.
 3. Aadhaar Enabled Payment System
(AEPS)
• AEPS is a bank-led model for digital payments that was initiated to leverage
the presence and reach of Aadhar. Under this system, customers can use their
Aadhaar-linked accounts to transfer money between two Aadhaar linked
Bank Accounts. As of February 2020, AEPS had crossed more than 205
million as per NPCI (National Payments Corporation of India)data.
• AEPS doesn’t require any physical activity like visiting a branch, using debit
or credit cards or making a signature on a document. This bank-led model
allows digital payments at PoS (Point of Sale / Micro ATM) via a Business
Correspondent(also known as Bank Mitra) using Aadhaar authentication. The
AePS fees for Cash withdrawal at BC Points are around Rs.15.

AEPS facilitates disbursements of Government schemes like NREGA, Social Security

pension, Handicapped Old Age Pension etc. of any Central or State Government
bodies using Aadhaar authentication.
4. Unified Payments Interface (UPI)
• UPI is a payment system that culminates numerous bank accounts into a
single application, allowing the transfer of money easily between any
two parties. As compared to NEFT (National Electronics Fund Transfer),
RTGS (Real Time Gross Settlement), and IMPS (Immediate Payment Service),
UPI is far more well-defined and standardized across banks. You can use
UPI to initiate a bank transfer from anywhere in just a few clicks.

• The benefit of using UPI is that it allows you to pay directly from your
bank account, without the need to type in the card or bank details. This
method has become one of the most popular digital payment modes in
2020, with October witnessing over 2 billion transactions.

What took credit cards a decade or so to achieve in India, UPI

had accomplished in a matter of just two years.
 5. Mobile Wallets
Mobile Wallets, as the name suggests, is a type of wallet in which you can
carry cash but in a digital format. Often customers link their bank accounts
or banking cards to the wallet to facilitate secure digital transactions.
Another way to use wallets is to add money to the Mobile Wallet and use
the said balance to transfer money.

Nowadays, many banks have launched their wallets. Additionally, notable

private companies have also established their presence in the Mobile Wallet
space. Some popularly used ones include Paytm, Freecharge, Mobikwik,
mRupee, Vodafone M-Pesa, Airtel Money, Jio Money, SBI Buddy,
Vodafone M-Pesa, Axis Bank Lime, ICICI Pockets, etc.
6. Bank Prepaid Cards
A bank prepaid card is a pre-loaded debit card issued by a bank,
usually single-use or reloadable for multiple uses. It is different from
a standard debit card because the latter is always linked with your
bank account and can be used numerous times. This may or may not
apply to a prepaid bank card.

A prepaid card can be created by any customer who has a KYC-

complied account by merely visiting the bank’s website. Corporate
gifts, reward cards, or single-use cards for gifting purposes are the
most common uses of these cards.
 7. PoS Terminals
PoS(Point of Sale) is known as the location or segment where a sale happens.
For a long time, PoS terminals were considered to be the checkout counters
in malls and stores where the payment was made. The most common type
of PoS machine is for Debit and Credit cards, where customers can make
payment by simply swiping the card and entering the PIN.

With digitization and the increasing popularity of other online payment

methods, new PoS methods have come into the picture. First is the
contactless reader of a PoS machine, which can debit any amount up to Rs.
2000 by auto-authenticating it, without the need of a Card PIN.

Mobile PoS terminals are those which work through a tablet or smartphone and
Virtual PoS systems are those that use web-based applications to process
payments.
 8. Internet Banking

Internet Banking, also known as e-banking or online banking, allows the

customers of a particular bank to make transactions and conduct other
financial activities via the bank’s website. E-banking requires a steady
internet connection to make or receive payments and access a bank’s
website, which is called Internet Banking.

Today, most Indian banks have launched their internet banking services. It
has become one of the most popular means of online transactions. Every
payment gateway in India has a virtual banking option available. NEFT,
RTGS, or IMPS are some of the top ways to make transactions via internet
banking.
9. Mobile Banking
Mobile banking refers to the act of conducting transactions and other
banking activities via mobile devices, typically through the bank’s mobile
app. Today, most banks have their mobile banking apps that can be used on
handheld devices like mobile phones and tablets and sometimes on
computers.

Mobile banking is known as the future of banking, thanks to its ease,

convenience, and speed. Digital payment methods, such as IMPS, NEFT,
RTGS, IMPS, investments, bank statements, bill payments, etc., are
available on a single platform in mobile banking apps. Banks themselves
encourage customers to go digital as it makes processes easier for them too.
10. Micro ATMs

Micro ATM is a device for Business Correspondents (BC) to deliver

essential banking services to customers. These Correspondents, who could
even be a local store owner, will serve as a ‘micro ATM’ to conduct instant
transactions. They will use a device that will let you transfer money via
your Aadhaar linked bank account by merely authenticating your
fingerprint.

Essentially, Business Correspondents will serve as banks for the customers.

Customers need to verify their authenticity using UID(Aadhaar). The
essential services that will be supported by micro ATMs are withdrawal,
deposit, money transfer, and balance inquiry. The only requirement for
Micro ATMs is that you should link your bank account to Aadhaar.
11. Bharat Interface for Money

Bharat Interface for Money (BHIM) is a payment app that lets you
make simple, easy and quick transactions using Unified Payments
Interface (UPI). You can make direct bank payments to anyone on
UPI using their UPI ID or scanning their QR with the BHIM app.
You can also request money through the app from a UPI ID.
12. Electronic Tokens

An electronic token is a digital analog of various forms of payment backed

by a bank or financial institution. There are two types of tokens:

• Real Time: (or Pre-paid tokens) - These are exchanged between buyer
and seller, their users pre-pay for tokens that serve as currency.
Transactions are settled with the exchange of these tokens. Examples of
these are DigiCash, Debit Cards, Electronic purse etc.

• Post Paid Tokens – are used with fund transfer instructions between the
buyer and seller. Examples – Electronic cheques, Credit card data etc.
13. Electronic Cheques

The electronic cheques are modeled on paper checks, except that

they are initiated electronically. They use digital signatures for
signing and endorsing and require the use of digital certificates to
authenticate the payer, the payer’s bank and bank account. They are
delivered either by direct transmission using telephone lines or by
public networks such as the Internet.
E-Money

• E-Money transactions refer to situation where payment is done over the

network and the amount gets transferred from one financial body to
another financial body without any involvement of a middleman. E-
money transactions are faster, convenient, and saves a lot of time.

• Online payments done via credit cards, debit cards, or smart cards are
examples of e-money transactions. Another popular example is e-cash. In
case of e-cash, both customer and merchant have to sign up with the
bank or company issuing e-cash.
• Electronic money refers to the currency electronically stored on
electronic systems and digital databases used to make it easier to transact
electronically. It is popularly referred to by many names, including
digital cash, digital currency, e-money, and so on.

• Since it started as a concept in the 1980s and rose to prominence during

the Dot-Com era, it has acted as one of the biggest game-changers in the
financial industry. In a matter of only four years, from 2014 to 2018, the
number of electronic money transactions in Europe alone doubled to
more than 4 billion.
• Broadly, electronic money is an electronic store of monetary value on a
technical device. The definition of electronic money is becoming more
scientific and specific with developments associated with it.

• The European Central Bank defines e-money in the following words. “E-
money can be defined as amount of money value represented by a claim
issued on a prepaid basis, stored in an electronic medium (card or
computer) and accepted as a means of payment by undertakings other
than the issuer” (ECB).
What is Fiat Currency (or Fiat Money)?

Fiat money, simply put, is a legal tender, whose value as a currency is

established by an issuing government and consequently, is also regulated

by it. Fiat money is the exact opposite of commodity money, whose value

is based on an underlying asset, such as gold or silver.

Cryptocurrency

• A cryptocurrency, crypto-currency, or crypto is a digital asset designed to

work as a medium of exchange wherein individual coin ownership
records are stored in a ledger existing in a form of a computerized
database using strong cryptography to secure transaction records, to
control the creation of additional coins.

• Many cryptocurrencies are decentralized networks based on blockchain

technology.
Cryptocurrency Examples

• Bitcoin
• Ethereum
• Ripple
• Dash
• Litecoin
• Dogecoin
• zCash
Cryptocurrencies vs. E-Money

• Cryptocurrencies are not governed by a centralized authority. In “classic” electronic

money transactions you have a financial institution acting as an intermediary
supervising it.

• E-money institutions must comply with anti-money laundering, anti-fraud and know-
your-customer regulations or face legal consequences. Cryptocurrencies, as a relatively
new technology, are not yet widely regulated. A decentralized complex peer system
validates and processes crypto transactions.

• Cryptocurrencies are not backed by fiat money. Thus in contrast to e-money, whose
fluctuation in value is tied to the assigned fiat currency’s value. Cryptocurrency’s worth
is fluctuating, as determined by supply, demand and developments of the crypto market.
Features of Electronic Money

• Store of value: Just like physical currency, electronic money is also a store of value,
the only difference being, that with electronic money, the value is stored electronically
unless and until withdrawn physically.

• Medium of exchange: Electronic money is a medium of exchange, i.e., it is used to

pay for the purchase of a good or when acquiring a service.

• Unit of account: Just like paper currency, electronic money provides a common
measure of the value of the goods and/or services being transacted.

• Standard of deferred payment: Electronic money is used as a means of deferred

payment, i.e., used for the tools of providing credit for repayment at a future date.
Types of Electronic Currency

1. Hard

Hard electronic currencyis when e- currency is used for irreversible transactions, ones
that are highly securitized, and are more or less procedural in nature. They may include
transactions that are drawn through a bank.

2. Soft

Soft electronic currency is when e- currency is used for reversible or flexible

transactions. There is an increased level of flexibility offered, and users are allowed to
manage their transactions even after payment is processed, like canceling a transaction
or modifying the payment price, etc.

The changes can be made post-transaction within a defined period. They may include
transactions that are passed through payment mechanisms like PayPal, PayTM, credit
cards, and so on.
Kinds of e-money

In general, there are two distinct types of e-money: identified e-money and
anonymous e-money -- also known as digital cash.

• Identified e-money contains information revealing the identity of the person who
originally withdrew the money from the bank. Also, in much the same manners as
credit cards, identified e-money enables the bank to track the money as it moves
through the economy.

• Anonymous e-money works just like real paper cash. Once anonymous e-money is
withdrawn from an account, it can be spent or given away without leaving a
transaction trail. You create anonymous e-money by using blind signatures rather
than non-blind signatures.
Online and Offline e-money

There are two varieties of each type of e-money: online e-money and offline e-
money.

• Online e-money means you need to interact with bank to do a transaction with a
third party.

• Offline e-money means you can do a transaction without having to directly

involve a bank. Offline digital cash is the most complex form of e-money
because of the double-spending problem.
 IDENTIFIED & ONLINE IDENTIFIED & OFFLINE

• Buyer is clearly identified • Merchant verifies the

• Card is validated by issuing bank identity of buyer through I-card

• Credit/debit card • Transaction is carried offline

• Payment made by cheque

 ANONYMOUS & ONLINE ANONYMOUS & OFFLINE

• Identity of person is anonymous • Identity of person is anonymous.

• Though, payment is made online. • Transaction is carried offline.

• Metro card • Using a credit card at merchant who

does not have online connection to

Visa/ Maser Card network.

PROPERTIES OF E-MONEY

• ACID test
• ICES test
 Atomicity

Durability ACID Consistency

Isolation
ACID : Atomicity

• Transaction must occur completely or not at all.

• No points of failure.

• A transfer of 100 must result in amount credited from account &

debited to another.

• If one action fails, the whole transaction should be aborted.

ACID : Consistency

All parties involved in the transaction must agree to the exchange

• In a customer-retailer relationship involving purchase, the customer must

agree to purchase good for specific price & merchant must agree to sell it at
that price, otherwise there is no basis for exchange.

• Before X buys a product from Y, X must agree to buy it for 100 and Y
must agree to sell it at 100.
ACID : Isolation

• Each transaction must be independent of any other transaction.

• Each transaction is treated as a stand-alone episode

ACID : Durability

• It must always be possible to recover the last consistent state or reverse

the facts of the exchange.

• Reversing charges in the event customer changes his or her mind.

• If customer is not happy with the product, the merchant should refund
him.
 Interoperability

Scability
ICES Conservation

Test

Economy
ICES : Interoperability

• It is the ability to move back nd forth between different operating

systems.

• Whichever operating system or version customer is using , he should not

find any discomfort in using e-money.
ICES : Conservation

• How well money holds its value over time. ( temporal consistency)

• How easy money is to store and access. ( temporal durability)

 ICES : Economy

• Cost of processing the transaction should be zero or minimum.

• Relative to size of transaction.

• If the users have to pay a higher transaction cost they may switch to other
payment product or prefer cash where processing cost is zero.

• Paying charge of 10 to process 10,0000 transaction is acceptable.

• However, it is not acceptable if the transaction being processed is of 10.

ICES : Scability

• Ability of the system to handle multiple users at the same time.

• Must be easily scalable to handle new intake.

Evaluation of Payment Methods on
ACID & ICES
• There is no method of e-money or e-payment that satisfies both ACID
and ICES test.
• Cash does not satisfy the conservation property of ACID test. It loses its
value over a period of time due to inflation.
• Credit card & debit card do not satisfy economy property of ICES. The
processing cost generally is higher.
• Cheques do not fulfil the isolation property of ACID test because drawer
of the cheque can always stop the payment of cheque before it is
cleared.
• Cheques do not fulfil conservation and economy property of ICES test
Advantages of Electronic Money

1. Increased flexibility and convenience

The use of electronic money brings increased flexibility and convenience to the
table. Transactions can be entered into from anywhere in the world, at any
given time, with one click of a button. It removes the hassle and tediousness
involved with the physical delivery of payments.

2. Historical record

The usage of electronic money is becoming increasingly popular because it

stores a digital historical record of each and every transaction made. It makes
tracing back payments easier and also helps with making detailed expenditure
reports, budgeting, and so on.
3. Prevents fraudulent activities
Since electronic money makes available a detailed historical record of each and every
transaction made, it is very easy to keep track of transactions and trace them back
through the economy. It increases security and helps prevent fraudulent activities and
malpractices.
4. Instantaneous
The use of electronic money brings with it a kind of instantaneousness that has not been
experienced before in the economy. Transactions can be completed in split seconds with
the click of a button from virtually anywhere in the world. It eliminates problems of
physical delivery of payments, including long queues, wait times, etc.
5. Increased security
The use of e-money also brings with it an increased sense of security. To prevent loss of
personal information while transacting online, advanced security measures are
implemented like authentication and tokenization. Stringent verification measures are
also employed to ensure the full authenticity of the transaction.
Disadvantages of Electronic Money
1. Necessity of certain infrastructure

To use electronic money, the availability of certain infrastructure is necessary. It includes a

computer or a laptop, or a smartphone, and a stable internet connection.

2. Possible security breaches/hacks

The internet always comes with the inevitability of possible security breaches and hacks. A
hack can leak sensitive personal information and can lead to fraud and money laundering.

3. Online scams

Online scamming is also possible. All it takes for a scammer is to pretend to be from a certain
organization or a bank, and consumers are easily convinced to give away their bank/card
details. Despite the increased security and presence of authentication measures to counter
online scams, they are still something to be looked after.
Electronic money in India

• In India, the field of electronic money is regulated by the RBI mainly under
Payment and Settlement System Act (PPS Act) 2007. The Act gives details about
the issue pf electronic money under the name Prepaid Payment Instruments.
Separate Prepaid Payments Instruments guidelines are also issued by the RBI on
this behalf. As per the PPS Act, banks and non-bank entities can issue pre-paid
payment instruments in the country after obtaining necessary approval /
authorization from RBI.

• In 2002, a Working Group under YV Reddy has submitted report on Electronic

Money by making an extensive study about the potentials of electronic money in
India. Electronic money in the form of Prepaid Payment Instruments are expected
to push cashless transactions in the country.
Infrastructure Issues in EPS
Risks in Electronic Payment System

Electronic payments allow you to transfer cash from your own

bank account to the bank account of the recipient almost
instantaneously. This payment system relies heavily on the
internet and is quite popular due to the convenience it affords
the user. It would be hard to overstate the advantages of
electronic payment systems, but what about the risks?
Certainly they exist, both for financial institutions and
consumers.
Risks in Electronic Payment System

• Fraud risk
• Tax evasion risk
• Payment conflicts risk
• Credit risk
• Compliance risk
• Liquidity risk
• Impulse buying risk
1. Fraud Risk

Electronic payment systems are not immune to the risk of fraud. The
system uses a particularly vulnerable protocol to establish the
identity of the person authorizing a payment. Passwords and security
questions aren’t foolproof in determining the identity of a person. So
long as the password and the answers to the security questions are
correct, the system doesn’t care who’s on the other side. If someone
gains access to your password or the answers to your security
question, they will have gained access to your money and can steal it
from you.
2. Tax Evasion Risk

The law requires that businesses declare their financial transactions

and provide paper records of them so that tax compliance can be
verified. The problem with electronic systems is that they don’t fit
very cleanly into this paradigm and so they can make the process of
tax collection very frustrating for the Internal Revenue Service. It is
at the business’s discretion to disclose payments received or made
via electronic payment systems in a fiscal period, and the IRS has no
way of knowing if it’s telling the truth or not. That makes it pretty
easy to evade taxation.
3. Payment Conflicts Risk

One of the idiosyncrasies of electronic payment systems is that the

payments aren’t handled by humans but by an automated electronic
system. The system is prone to errors, particularly when it has to
handle large amounts of payments on a frequent basis with many
recipients involved. It’s important to constantly check your pay slip
after every pay period ends in order to ensure everything makes
sense. Failure to do this may result in payment conflicts caused by
technical glitches and anomalies.
4. Credit Risk

Credit risk is the risk that participants in the transaction will not be
paid for an outstanding claim. These participants include the
counterparties themselves, the issuer of the settlement medium, and,
if any, intermediaries involved in the delivery of goods, services,
etc. Credit risk typically arises when one of the participants becomes
insolvent.
5. Compliance Risk

• Compliance risk is an organization's potential exposure to legal penalties,

financial forfeiture and material loss, resulting from its failure to act in
accordance with industry laws and regulations, internal policies or
prescribed best practices. Compliance risk is also known as integrity risk.

• There is the possibility a credit union will fail to comply with regulatory
requirements, including—but not limited to—the Electronic Funds
Transfer Act, the Bank Secrecy Act, and requirements of the Office of
Foreign Assets Control.
6. Liquidity Risk

• Liquidity risk occurs when an individual investor, business, or financial

institution cannot meet its short-term debt obligations.

• Liquidity risk is the risk that the counterparty that owes funds will not be
able to meet its payment obligation on time, thus adversely affecting the
expected liquidity position of the recipient of funds at the time the funds
are due.
7. Impulse Buying Risk

• Impulsive buying is the tendency of a customer to buy goods and

services without planning in advance. When a customer takes such
buying decisions at the spur of the moment, it is usually triggered by
emotions and feelings.

• Impulse buying is already a risk that you face when you use non-
electronic payment systems. It is magnified, however, when you’re able
to buy things online at the click of a mouse. Impulse buying can become
habitual and makes sticking to a budget almost impossible.
 Electronic Fund Transfer

An electronic funds transfer (EFT), or direct deposit, is a digital movement

of money from one bank account to another. These transfers take place
independently from bank employees. As a digital transaction, there is no
need for paper documents.
Electronic Fund Transfer
ACH Vs. EFT

ACH and EFT payments are both types of electronic payments. The
difference is that ACH is a type of EFT (electronic funds transfer) payment.
ACH stands for the Automated Clearing House and is the process of
moving funds from one bank to another. EFT payments are an umbrella
term that include ACH payments, wire transfers, and all other types of
digital payments.
 Types of EFT payments
• Direct deposit – A type of electronic transfer that allows you to pay
employees electronically. Put simply, you let your direct deposit service
provider know how much to deposit in each employee’s account, and then
on payday, the money will be deposited.
• ATMs (Automated Teller Machines) – Allows you to make withdrawals
and deposits, check your account balance, and transfer funds without
entering the bank and talking to a teller.
• Credit/debit cards – You can also make EFT payments with a credit or
debit card. You can use your card to move money from a business bank
account, make purchases, or pay bills.
• Wire transfers – Electronic money transfers that are typically used to send
large sums of money, for example, placing a large down payment on a new
piece of equipment for your business.
• Pay-by-phone systems – An electronic transfer method that allows you to
pay your bills or send money between different accounts over the phone.
• Electronic checks – Similar to traditional, paper-based checks, but entirely
electronic. You simply need to enter your routing number and bank account
number to make a payment.
 Types of Transactions in EFT in India
Post demonetization, people prefer to transfer money using electronic fund transfer
methods. The popularity of electronic payment options is sharply increasing as it
allows users to transfer funds online using their mobiles and laptops, from the
comfort of their homes and offices. Moreover, it eliminates geographical barriers
and helps them transfer money in a hassle-free manner by simply using the IFSC
Codes.

• For instance, if you are transferring money to an HDFC Bank in New-Delhi’s

Vasant Vihar Branch, you will need to provide HDFC Bank IFSC Code of that
particular area.

• But it can be confusing to decide the best method of transferring the money.
Taking into the consideration factors like transfer limit, time, cost etc. you can
make the right choice.
Listed below are some of the electronic methods, which can be
used to transfer money between two accounts
• The Transaction between your own linked accounts of the
same bank
• The Transaction between different accounts of the same
bank.
• Transferring money through NEFT into a different bank’s
accounts
• Transferring money through RTGS into other bank accounts
• Transferring money through IMPS into various accounts
1. NEFT
National Electronic Funds Transfer or NEFT is the most commonly used online
payment option to transfer money from one bank account to another. Usually,
salary transfers by companies are done using NEFT.
The funds are transferred on a deferred settlement basis, which implies that the
money is transferred in batches. There is no maximum limit but this depends from
one bank to another. For instance, the retail banking limit set by SBI is Rs. 10
lakhs.
Cost Involved
For transferring money to a different bank, Rs 2.50 to Rs 25 can be charged, based
on the amount being transferred.
Constraints
The money can be transferred only during the bank working days. The transactions
cannot be completed over the weekends and on bank holidays. It will be completed
on the next working day. Thus, you cannot make instant transactions using NEFT.
Requirements-
• Recipient’s name
• Recipient’s bank name
• Recipients’ account number
• IFSC code of the beneficiary bank
2. RTGS
You can transfer money from one bank to another on a real-time basis using
Real Time Gross Settlement or RTGS method. There is no maximum transfer
limit, but the minimum is Rs. 2 lakhs. The transactions are processed
throughout the RTGS business hours. Usually, the amount is remitted within
30-minutes.
To be able to transfer money through RTGS, it is required for the sender and
the receiver bank branch to be RTGS enabled. You can find the list of RTGS
authorized banks on the RBI website.
Cost Factor-
It costs a little more than NEFT. But still, it will not cost you more than Rs. 30
for transactions up to Rs. 5 lakhs. The fee varies from one bank to another.
Requirements-
• Amount to be sent
• Account number of the remitter or sender
• Name of the recipient or beneficiary
• Account number of the beneficiary
• Beneficiary’s bank and branch name
• IFSC code of the receiving branch
• Sender to receiver information, if any
3. IMPS or Immediate Payment Service
For instant payments, send money through IMPS. The money is transferred
instantaneously through mobile phones using this interbank electronic fund
transfer service.
You can make the transactions 24X7X365 across banks including all weekends
and bank holidays. The money can be transferred using phones, ATMs, Mobile
Money Identifier (MMID) and internet banking. The idea is simple – to allow
users to make payments with the mobile number of the beneficiary.

Requirements -
• MMID of the Recipient
• 7 Digit MMID Number
• MMID of the receiver
• Name of the beneficiary
• Beneficiary’s mobile number
• Account Number of the recipient
• IFSC Codes of the beneficiary bank
4. Unified Payments Interface (UPI)

UPI-enabled apps allow you to make transactions (up to Rs 1 lakh) with

any smartphone using a VPA (Virtual Payment Address). The steps are
comparatively fewer and the apps enable users to transfer money in much
faster. It doesn’t require users to share personal details like credit/debit card
number or bank account.
Moreover, it is possible to transfer the funds round the clock; and the
transactions are done on a real-time basis.

The Cost Factor

There are no charges attached to using the UPI platform for transferring
money from one person to another. Earlier, if a person transferred money to
a merchant, about Rs. 15 used to be charged from the merchant, but after
demonetization, this fee has been waived-off.
Advantages of EFT

• Time Saving
• Convenience
• 24x7 services
• Eco-friendly process
• Easy access
• Faster transacting
Disadvantages of EFT

• Process cannot be reversed

• Internet connection
• Computer knowledge
• Security concerns
Security issues in E-Commerce
What Is Ecommerce Security?
Security is a basic piece of any transaction happening on the web. Clients will
lose their confidence in e-business if its security is undermined. Online
business security alludes to the standards which control safe electronic
exchanges, permitting the purchasing and selling of products and enterprises
through the Internet, yet with conventions set up to give wellbeing to those
included. Fruitful business online relies upon the clients’ trust that an
organization has eCommerce security essentials set up. Ecommerce security is
the assurance of online business resources from unapproved access, use,
change, or obliteration.

Successful business online depends on the customers’ trust that a company has
eCommerce security basics in place.
Security issues in e-Commerce

• Confidentiality − Information should not be accessible to an unauthorized person. It

should not be intercepted during the transmission.

• Integrity − Information should not be altered during its transmission over the network.

• Availability − Information should be available wherever and whenever required within a

time limit specified.

• Authenticity − There should be a mechanism to authenticate a user before giving

him/her an access to the required information.

• Non-Repudiation − It is the protection against the denial of order or denial of payment.

Once a sender sends a message, the sender should not be able to deny sending the
message. Similarly, the recipient of message should not be able to deny the receipt.
 Techniques to combat e-commerce
threats
• Encryption:
It is defined as a mechanism of converting normal information into
an encoded content that cannot be read by others except the one who
sends or receive this message.
• Having digital certificates:
It is known as digital certificate being issued by a trustworthy third
party company. An SSL certificate is essential because it gives a
high authentication level to the website. The main function of this
certificate is to secure an e-commerce website from unintended
attacks like Man-in-middle attacks.
• Security Certificates − Security certificate is a unique digital id
used to verify the identity of an individual website or user.
Cryptography

Cryptography is the science of secret, or hidden writing.

Cryptanalysis

Cryptanalysis is the process of breaking an encryption code

Meaning of Encryption

• Encryption is the method by which information is converted into secret

code that hides the information's true meaning.

• In computing, unencrypted data is also known as plaintext, and encrypted

data is called ciphertext. The formulas used to encode and decode
messages are called encryption algorithms, or ciphers.
Types of Encryption Algorithms

Encryption can be of two types:

• Asymmetric Encryption

• Symmetric Encryption
Encryption
Cipher
• Cipher is a method for encrypting messages

Plain Text Encryption Cipher Text Decryption Plain Text

Algorithm Algorithm

Key A Key B
• Encryption algorithms are standardized & published
• The key which is an input to the algorithm is secret
• Key is a string of numbers or characters
• If same key is used for encryption & decryption the algorithm is
called symmetric
• If different keys are used for encryption & decryption the algorithm
is called asymmetric
ASYMMETRIC CRYPTOSYSTEMS

In an asymmetric cryptosystem (or public key cryptosystem), there are two

different keys used for the encryption and decryption of data. The key used
for encryption is kept public and so as called public key, and the decryption
key is kept secret and called private key. The keys are generated in such a
way that it is impossible to derive the private key from the public key.

The transmitter and the receiver both have two keys in an asymmetric
system. However, the private key is kept private and not sent over with the
message to the receiver, alth.ough the public key is
SYMMETRIC CRYPTOSYSTEMS

A symmetric cryptosystem (or private key cryptosystem) uses only one key

for both encryption and decryption of the data. The key used for encryption

and decryption is called the private key and only people who are authorized

for the encryption/decryption would know it. In a symmetric cryptosystem,

the encrypted message is sent over without any public keys attached to it.
Encryption Algorithm
Summary

Algorithm Type Key Size Features

DES Block 56 bits Most Common, Not

Cipher strong enough
TripleDES Block 168 bits Modification of DES,
Cipher (112 effective) Adequate Security
Blowfish Block Variable Excellent Security
Cipher (Up to 448 bits)
AES Block Variable Replacement for DES,
Cipher (128, 192, or Excellent Security
256 bits)
RC4 Stream Variable Fast Stream Cipher,
Cipher (40 or 128 bits) Used in most SSL
implementations
Symmetric Encryption
Advantages

• A symmetric cryptosystem is faster.

• In Symmetric Cryptosystems, encrypted data can be transferred on the link

even if there is a possibility that the data will be intercepted. Since there is no
key transmiited with the data, the chances of data being decrypted are null.

• A symmetric cryptosystem uses password authentication to prove the

receiver’s identity.

• A system only which possesses the secret key can decrypt a message.
Symmetric Encryption
Limitations

•Symmetric cryptosystems have a problem of key transportation. The secret

key is to be transmitted to the receiving system before the actual message is to
be transmitted. Every means of electronic communication is insecure as it is
impossible to guarantee that no one will be able to tap communication
channels. So the only secure way of exchanging keys would be exchanging
them personally.

• Cannot provide digital signatures that cannot be repudiated

Asymmetric Encryption
Basics
• Uses a pair of keys for encryption
• Public key for encryption
• Private key for decryption
• Messages encoded using public key can only be decoded by the private
key
• Secret transmission of key for decryption is not required
• Every entity can generate a key pair and release its public key

Plain Text Cipher Text Plain Text

Cipher Cipher

Public Key Private Key

 Asymmetric Encryption
Advantages

• In asymmetric or public key, cryptography there is no need for exchanging

keys, thus eliminating the key distribution problem.

• The primary advantage of public-key cryptography is increased security: the

private keys do not ever need to be transmitted or revealed to anyone.

• Can provide digital signatures that can be repudiated

 Asymmetric Encryption
Weaknesses
• A disadvantage of using public-key cryptography for encryption is speed:
there are popular secret-key encryption methods which are significantly
faster than any currently available public-key encryption method.
Authentication
Basics
• Authentication is the process of validating the identity of a user or the
integrity of a piece of data.

• There are three technologies that provide authentication

• Message Digests / Message Authentication Codes

• Digital Signatures

• Public Key Infrastructure

• There are two types of user authentication:

• Identity presented by a remote or application participating in a

session

• Sender’s identity is presented along with a message.

Authentication
Message Digests
• A message digest is a fingerprint for a document
• Purpose of the message digest is to provide proof that data has not
altered
• Process of generating a message digest from data is called hashing
• Hash functions are one way functions with following properties
• Infeasible to reverse the function
• Infeasible to construct two messages which hash to same digest
• Commonly used hash algorithms are
• MD5 – 128 bit hashing algorithm by Ron Rivest of RSA
• SHA & SHA-1 – 162 bit hashing algorithm developed by NIST

Message Message Digest

Digest
Algorithm
Message Authentication Codes
Basics
• A message digest created with a key
• Creates security by requiring a secret key to be possessed by both parties
in order to retrieve the message

Message
Message Digest Digest
Algorithm

Secret Key
 Password Authentication
Basics
• Password is secret character string only known to user and server
• Message Digests commonly used for password authentication
• Stored hash of the password is a lesser risk
• Hacker can not reverse the hash except by brute force attack
• Problems with password based authentication
• Attacker learns password by social engineering
• Attacker cracks password by brute-force and/or guesswork
• Eavesdrops password if it is communicated unprotected over the
network
• Replays an encrypted password back to the authentication server
Authentication
Biometrics
• Uses certain biological characteristics for authentication
• Biometric reader measures physiological indicia and compares
them to specified values
• It is not capable of securing information over the network
• Different techniques exist
• Fingerprint Recognition
• Voice Recognition
• Handwriting Recognition
• Face Recognition
• Retinal Scan
• Hand Geometry Recognition
Authentication
Iris Recognition
The scanning process takes advantage of
the natural patterns in people's irises,
digitizing them for identification purposes

Facts
• Probability of two irises producing exactly
the same code: 1 in 10 to the 78th power
• Independent variables (degrees of
freedom) extracted: 266
• IrisCode record size: 512 bytes
• Operating systems compatibility: DOS and
Windows (NT/95)
• Average identification speed (database of
100,000 IrisCode records): one to two
seconds
 Authentication
Digital Signatures
• A digital signature is a data item which accompanies or is logically
associated with a digitally encoded message.
• It has two goals
• A guarantee of the source of the data
• Proof that the data has not been tampered with

Sender’s Sender’s
Private Key Public Key
Message Digest Digest Message
Sent to Algorithm Algorithm Digest
Receiver

Same?

Digital
Message Signature Signature Signature Message
Digest Algorithm Sent to Algorithm Digest
Receiver

Sender Receiver
Authentication
Digital Cerftificates
• A digital certificate is a signed statement by a trusted party that another
party’s public key belongs to them.
• This allows one certificate authority to be authorized by a different
authority (root CA)
• Top level certificate must be self signed
• Any one can start a certificate authority
• Name recognition is key to some one recognizing a certificate authority
• Verisign is industry standard certificate authority

Identity
Information

Signature Certificate
Sender’s
Algorithm
Public Key

Certificate
Authority’s
Private Key
Digital Certificates

• A digital certificate is a program embedded in a Web page that verifies

that the sender or Web site is who or what it claims to be

• A certificate is signed code or messages that provide proof that the holder
is the person identified by the certificate

• Certification authority (CA) issues digital certificates

Digital Certificates (continued)

• Main elements:
• Certificate owner’s identifying information
• Certificate owner’s public key
• Dates between which the certificate is valid
• Serial number of the certificate
• Name of the certificate issuer
• Digital signature of the certificate issuer
Ensuring Transaction Integrity
with Hash Functions
• Integrity violation
• Occurs whenever a message is altered while in transit
between the sender and receiver
• Hash algorithms are one-way functions
• There is no way to transform the hash value back to the
original message
• Message digest
• Small integer number that summarizes the encrypted
information
Ensuring Transaction Integrity with
Digital Signatures
• Hash algorithms are not a complete solution
• Anyone could:
• Intercept a purchase order
• Alter the shipping address and quantity ordered
• Re-create the message digest
• Send the message and new message digest on to the merchant
• Digital signature
• An encrypted message digest
Security Protocols in Internet

We will discuss here some of the popular protocols

used over the internet to ensure secured online

transactions.
Secure Socket Layer (SSL)

It is the most commonly used protocol and is widely used

across the industry. It meets following security
requirements −

Authentication
Encryption
Integrity
Non-reputability
"https://" is to be used for HTTP urls with SSL, where as
"http:/" is to be used for HTTP urls without SSL.
Secure Hypertext Transfer Protocol
(SHTTP)

SHTTP extends the HTTP internet protocol with

public key encryption, authentication, and digital
signature over the internet. Secure HTTP supports
multiple security mechanism, providing security to
the end-users. SHTTP works by negotiating
encryption scheme types used between the client
and the server.
 Secure Electronic Transaction
It is a secure protocol developed by MasterCard and Visa in collaboration.
Theoretically, it is the best security protocol. It has the following
components −
• Card Holder's Digital Wallet Software − Digital Wallet allows the card
holder to make secure purchases online via point and click interface.
• Merchant Software − This software helps merchants to communicate
with potential customers and financial institutions in a secure manner.
• Payment Gateway Server Software − Payment gateway provides
automatic and standard payment process. It supports the process for
merchant's certificate request.
• Certificate Authority Software − This software is used by financial
institutions to issue digital certificates to card holders and merchants, and
to enable them to register their account agreements for secure electronic
commerce.
Firewalls

• Software or hardware and software combination

installed on a network to control packet traffic
• Provides a defense between the network to be
protected and the Internet, or other network that
could pose a threat
Firewalls (continued)

• Characteristics
• All traffic from inside to outside and from outside to
inside the network must pass through the firewall
• Only authorized traffic is allowed to pass
• Firewall itself is immune to penetration
• Trusted networks are inside the firewall
• Untrusted networks are outside the firewall
Firewalls (continued)

• Packet-filter firewalls
• Examine data flowing back and forth between a trusted
network and the Internet
• Gateway servers
• Firewalls that filter traffic based on the application
requested
• Proxy server firewalls
• Firewalls that communicate with the Internet on the
private network’s behalf
Introduction

• Firewalls control the flow of network traffic

• Firewalls have applicability in networks where there
is no internet connectivity
• Firewalls operate on number of layers
• Can also act as VPN gateways
• Active content filtering technologies
Firewall Environments

• There are different types of environments where a

firewall can be implemented.
• Simple environment can be a packet filter firewall
• Complex environments can be several firewalls and
proxies
Intranets

• An intranet is a private network contained within an enterprise that is

used to securely share company information and computing resources
among employees. An intranet can also be used to facilitate working in
groups and teleconferences.

• An intranet is a network that employs the same types of services,

applications, and protocols present in an Internet implementation,
without involving external connectivity

• Intranets are typically implemented behind firewall environments.

Intranets
Extranets

• An extranet is a controlled private network that allows access to partners,

vendors and suppliers or an authorized set of customers – normally to a
subset of the information accessible from an organization's intranet.

• Extranet is usually a business-to-business intranet

• Controlled access to remote users via some form of authentication and

encryption such as provided by a VPN

• Extranets employ TCP/IP protocols, along with the same standard

applications and services
Type of Firewalls

• Firewalls fall into four broad categories

• Packet filters
• Circuit level
• Application level
• Stateful multilayer
Packet Filter

• Work at the network level of the OSI model

• Each packet is compared to a set of criteria before
it is forwarded
• Packet filtering firewalls is low cost and low impact
on network performance
Packet Filtering
Circuit level

• Circuit level gateways work at the session layer of

the OSI model, or the TCP layer of TCP/IP
• Monitor TCP handshaking between packets to
determine whether a requested session is
legitimate.
Circuit Level
Application Level

• Application level gateways, also called proxies, are

similar to circuit-level gateways except that they are
application specific
• Gateway that is configured to be a web proxy will
not allow any ftp, gopher, telnet or other traffic
through
Application Level
Stateful Multilayer

• Stateful multilayer inspection firewalls combine the

aspects of the other three types of firewalls
• They filter packets at the network layer, determine
whether session packets are legitimate and
evaluate contents of packets at the application
layer
Stateful Multilayer
General Performance
Future of Firewalls

• Firewalls will continue to advance as the attacks on

IT infrastructure become more and more
sophisticated
• More and more client and server applications are
coming with native support for proxied
environments
• Firewalls that scan for viruses as they enter the
network and several firms are currently exploring
this idea, but it is not yet in wide use
Conclusion
• It is clear that some form of security for private
networks connected to the Internet is essential
• A firewall is an important and necessary part of
that security, but cannot be expected to perform all
the required security functions.