ELECTRONIC PAYMENT SYSTEM

E-commerce is growing rapidly and many merchants are getting benefits from this new
technology. E-commerce over the internet is growing at an ever-increasing rate with online
sales already heading for several billions. Many companies are using this sales channel and
some retailers have established major on-line sales channels.
E-commerce includes service providers, retail businesses, auctioneers and business to business
commerce. All transactions involved are done via the internet. Retail business is the biggest
part of electronic commerce. Online shopping is one aspect of the e-commerce. This allows
companies and consumers to make their business transactions over internet. Online shopping
offers convenience to the buyers. They can shop on the internet 24 hours a day and seven days
a week without having to leave their homes or offices. There are many merchant sites where
almost any goods on earth can be bought. The customers can compare price of an item from
different sites and can also compare and check them by going to a nearby shop in the physical
market.
In e-commerce, practically all types of transactions including monetary transactions take place
through electronic means. The most important feature of any shopping system is the payment
system. In online shopping and e-commerce transactions, the payment is done through some
electronic form rather than by traditional payment system.

PROBLEMS WITH TRADITIONAL PAYMENT SYSTEM

Some major problems with the traditional payment system are:
1. Lack of Convenience: The traditional payment system require the consumer to either
send paper checks by mail or require to be present physically for the transaction which
sometimes may lead to annoying circumstances.
2. Lack of Security: This may arise due to two reasons. Firstly, the consumer has to send all
his confidential data through mail. Anyone can read this because it is not encrypted.
Secondly, if the customer deals in cash there is always a risk of mishap.
3. Lack of Coverage: In the current business scenario, the span of businesses are in many
countries or states. They need faster transactions everywhere and this is not possible in
the traditional payment system.
4. Lack of Support for Micro Transactions: Many transactions done on the internet are of
very low cost even when they involve data flow between two entities in two countries. If
the same is done on paper, it may not be feasible at all.
To overcome these problems or drawbacks of the traditional payment systems, many new
electronic payment systems are developed like e-cash, e-cheque, credit cards, smart cards,
debit cards etc.
ELECTRONIC PAYMENT SYSTEMS (EPS)
Electronic payment is a financial exchange that takes place online between buyers and sellers.
The content of this exchange is usually some form of digital financial instrument that is backed
by a bank or an intermediary or by a legal tender.
Electronic payment systems are online payment systems. They are developed to create analogs
of cheques and cash of the physical payment system on the internet.

Features of EPS:
EPS have the following features:
1. It should protect the customers from merchants’ fraud by keeping credit card numbers
unknown to merchants.
2. It should allow the people without credit cards to engage in online transaction.
3. It should protect the confidentiality of customers.
4. It should provide anonymity of customers, i.e. “electronic cash”
In the present business scenario, almost everyone enjoys the convenience of online payment
including customers and business owners as it saves time and hassle-free transfer of fund.
In order for payment process to work properly and successfully multiple entities should work in
coordinated or compatible system. Some of the entities are:
1. Customer gateway
2. Bank clearinghouse
3. Merchant.

Types of EPS:
There are various kinds of electronic payment systems. Some of them are:
1. Electronic Token
2. Electronic or Digital cash
3. Electronic Cheque
4. Credit card
5. Debit card

1. Electronic Token: Electronic token is a digital analog of various forms of payment

backed by a bank for financial institution. They are of two types:
i) Real Time Tokens or Prepaid Tokens: These are exchanged between buyers and
sellers. The user pre-pay for tokens which serve as currency and transactions are
settled with the exchange of these tokens. Example are DigiCash, Debit cards etc.
 ii) Postpaid Tokens: These are used with fund transfer instructions between the buyer
and seller. e.g. electronic cheque, credit cards etc.

2. Electronic or Digital Cash: This combines computerized convenience with security and
privacy that improve upon paper cash. Cash is still the dominant form of payment as many
customers still do not trust the bank and the non-cash transactions are inefficiently
cleared.
The qualities of cash are:
1. Cash is a legal tender. The payee is obligatory to take it.
2. It is negotiable free i.e. it can be given or traded to someone else.
3. It is a bearer instrument i.e. possession is proof of ownership.
4. It can be held and used by anyone, even those without a bank certificate.
5. It places no risk on part of acceptor.
Limitations Of Debit & Credit Cards:
1. They are identification cards owned by the issuer and restricted to one user. i.e. cannot be
given away.
2. They are not legal tenders.
3. Their usage requires an account relationship and authorization system.

Properties of Electronic or Digital Cash:

The following are the properties of electronic or Digital Cash:
1. It must have a monetary value. It must be backed by cash, bank authorized credit or bank
certified cashier’s cheque.
2. It must be interoperable or exchangeable as payment for other digital cash, paper cash,
goods or services, lines of credit, bank notes or obligations, electronic benefit transfers and
the like.
3. It must be storable and retrievable. The cash should be stored on a remote computer’s
memory, in smart cards, or on other easily transported standard or special purpose devices.
This allows the users to exchange the cash from home or office or while travelling.
4. It should not be easy to copy or tamper with while it is being exchanged. This is achieved by
using different technologies called the cryptography. Digital cash is based on cryptographic
system called “digital signature” to authenticate a customer.
Purchase of digital cash from an online currency server or Bank involves two steps:
i. Establishment of an account : The user is given a unique digital number which also
becomes the digital signature as it is a number known only to the customer and the bank.
The forgery becomes very difficult due to the cryptography.
ii. Maintenance of sufficient money in the account is required to back any purchase.
3. ELECTRONIC CHEQUES
Electronic cheques are modelled on paper cheques except that they are initiated electronically.
They use digital signatures for assigning and endorsing and require the use of digital certificates
to authenticate the payers, payers’ bank and bank account. They can be delivered either
through telephone line directly or by public networks such as the internet

Benefits of electronic cheques:

a) It is well suited for clearing micropayments due to the conventional cryptography. It is
easier to process than the systems based on public key cryptography like digital cash.
b) Electronic cheques can serve corporate markets as they can be used in more cost-
effective manners.
c) They can create float and the availability of float is an important requirement of
Commerce.

4. Credit card
Credit card is an instrument of payment. Credit card is a way to “pay later”. It is a source of
revolving credit. The credit card enables the card holder to obtain goods or services from
merchants where agreements have been made to reimburse the merchant. Outstanding
amount is payable by the card holder to the bank over a specified period which may carry a
fixed amount of interest also.
There are a number of parties involved in credit card transaction and there are separate
contracts between the card issuer (generally a bank) and the card holder as well as between the
card organization and the member establishments. The card holder makes use of the card at
specified retail outlets to pay for goods and services. Retail outlets make out bill to the account
of the card holder and obtain payment from the card organization which in turn makes a
monthly bill to the bank which issued the card. The bank makes payments to the debit of the
customer's account subsequently. This whole process takes around 30 to 40 days and during
that period the cardholder enjoys the credit.
Working of credit card
Credit cards work in an e-government application. The card holder enter the credit card
information into the web application to pay for goods or services. The e-government
application invokes the required data and business rules edit to validate online data elements
which may include username, password, merchant ID, account number, expiration date,
amount and customer billing data. When these data are passed, the credit card application edit
and the authenticity of card holder’s card ID and account numbers are validated so that the
billing amount remains within the credit limit. When all the required edits are passed the
transaction is transmitted to the credit card processor and associated network for
authorization. The processor may require some other elements like card verification value
(CVV), card type etc. Then the Credit Card processing network returns an authorization
approval which indicates the validity of credit card and the amount within the card holders
credit limit. Denial code is return if the authentication is not proper or the credit limits have
been exceeded. It may then offer to use another card or some other payment options.

Fig : Working of Credit Card

5. Debit card
Debit card is also an instrument of payment. It looks similar to credit card or ATM card but it
operates like cash or personal cheques. Debit card is a way to “pay now” i.e. when debit card is
used, money is quickly deducted from the related account. Debit cards can be used anywhere
using the cards brand name or logo. ‘Online debit cards’ are enhanced ATM card and the
transaction works like an ATM transaction. It allows an immediate electronic transfer of money
from the consumer’s bank account to a merchant’s bank account. A pin must be entered for the
transaction giving the system authorization to check the related account to see if it contains
enough money to cover the transaction.
The main advantages of Debit cards are:
1. There is no need to carry cash.
2. It is quick and less complicated.
3. It can be used for withdrawal of cash.
4. All transactions are recorded in the bank statement which enable the card holder to
plan and control the expenditure.
5. It can be issued to anyone without assessing his credit worthiness.
 Advantages of electronic payment systems
The various factors that have led the Financial Institutions to make use of electronic payments
are:
1. Decreasing Technology Cost: The technology is advancing day by day and the cost is
also reducing. Therefore, the computers are now very cheap and affordable and
Internet is economical all over the world.
2. Reduced Operational and Processing Cost: Due to reduced technology cost the
processing cost of various commerce activities has become very less. We are able to
save both paper and time due to the electronic transactions.
3. Increasing Online Commerce: The above two factors have led many institutions to go
online and the others are following them.

Problems in implementing EPS

The various problems in implementing EPS are:
1. Preventing Double Spending: Copying the
money and spending it several times can
happen in EPS but it is hard to do with
anonymous money.
2. Unauthorized Transactions: It is difficult to
make sure that neither the customer nor the
merchant can make an unauthorized
transaction.
3. Confidentiality and Fraud: Sometimes it
becomes difficult to preserve customer’s
confidentiality without allowing customer’s
fraud.

FIG : ELECTRONIC PAYMENT SYSTEM

Risks associated with Electronic Payment System
EPS has become a preferred means of payment and are steadily replacing traditional vehicles
like currency and the paper cheques. The volume growth of electronic payments and the wider
array of payment vehicles now in common use has made managing the risks associated with
these payments more important than ever to consumers, businesses, financial institutions, and
the economy as a whole.
Security of payment through electronic means has become very important. The notion of
security of payment is clearly insufficient to provide appropriate conceptual framework for
technical and institutional design of Internet payment systems. There is a need for a broader
approach of risk management. Such approach recognizes that electronic payment entails a
series of interrelated risks: financial risks, technological risks, operational risks, and legal risks.
Some of those risks are generic to banking business, others are specific to electronic payments,
such as interception of messages, break-in into security infrastructure.

Operational Risk
Operational risk arises from the potential for loss due to significant deficiencies in system
reliability or integrity. Security considerations are paramount, as banks may be subject to
external or internal attacks on their systems or products. Operational risk may also arise form
customer misuse, and from inadequately designed or implemented electronic banking and
electronic money systems.

Credit Risk
Credit risk is the risk that a counter party will not settle an obligation for full value, either when
due or at any time thereafter. Banks engaging in electronic banking activities may extend credit
via non-traditional channels, and expand their market beyond traditional geographic
boundaries. In these cases, inadequate procedures to determine the creditworthiness of
borrowers applying for credit via remote banking procedures could increase credit risk for
banks. Banks engaged in electronic bill payment programs may face credit risk if a third party
intermediary fails to carry out its obligations with respect to payment. Banks that purchase
electronic money form an issuer in order to resell it to customers are also exposed to credit risk
in the event the issuer defaults on its obligations to redeem the electronic money.

Legal Risk
Legal risk arises from violations of, or non-conformance with laws, rules, regulations, or
prescribed practices, or when the legal rights and obligations of parties to a transaction are not
well established. Given the relatively new nature of many retail electronic banking and
electronic money activities, rights and obligations of parties to such transactions are, in some
cases, uncertain. For example, application of some consumer protection rules to electronic
banking and electronic money activities in some countries may not be clear. In addition, legal
risk may arise from uncertainty about the validity of some agreements formed via electronic
media. Application of money laundering rules may also be inappropriate for some forms of
electronic payments. Moreover, as electronic banking can be conducted remotely, banks may
face increased difficulties in applying traditional methods to prevent and detect criminal
activity. Banks engaging in electronic banking and electronic money activities can face legal risks
with respect to customer disclosures and privacy protection. Banks choosing to enhance
customer service by linking their Internet sites to other sites also can face legal risks. A hacker
may use the linked site to defraud a bank customer, and the bank could face litigation from the
customer.

Risk management options for e-payment system

The rapid pace of technological innovation is likely to change the nature and scope of the risks
banks face in electronic money and electronic banking. A risk management process that
includes the three basic elements – assessing risks, controlling risk exposure, and monitoring
risks will help banks and supervisors attain these goals. It is essential that banks have a
comprehensive risk management process in place that is subject to appropriate oversight by
the board of directors and senior management. Prior to any new activity being commenced, a
comprehensive review should be conducted so that senior management can ensure that the
risk management process is adequate to assess, control and monitor any risks arising form the
proposed new activity.

1. Assessing Risks:

Assessing risks is an ongoing process. It typically involves three steps.

1. First, a bank may engage in a rigorous analytic process to identify risks and, where
possible, to quantify them. In the event where risks cannot be quantified, management
may still identify how potential risks can arise and the steps that can be taken to deal
with and to limit those risks. Bank management should form a reasonable and
defensible judgments of the magnitude of any risk with respect to both the impact it
could have on the bank and the probability that such an event will occur.
2. The second step in assessing risk is for the board of directors or senior management is
to determine the bank’s risk tolerance, based on an assessment of the losses the bank
can afford to sustain in the event a given problem materializes.
3. Finally, management can compare its risk tolerance with its assessment of the
magnitude of a risk to ascertain if the risk exposure fits within the tolerance limits.

2. Managing and Controlling Risks:

 This phase of a risk management process includes activities such as implementing security
policies and measures, coordinating internal communication, evaluating and upgrading
products and services, implementing measures to ensure that outsourcing risks are
controlled and managed, providing disclosures and customer education, and developing
contingency plans. Banks increase their ability to control and manage the various risks
inherent in any activity when policies and procedures are set out in written documentation
and made available to all relevant staff.
1. Security policies and measures: Security is the combination of systems, applications,
and internal controls used to safeguard the integrity, authenticity, and confidentiality of
data and operating processes.Proper security relies on the development and
implementation of adequate security policies and security measures for processes
within the bank, and for communication between the bank and external parties.
2. Security policy: A security polity states management’s intentions to support information
security and provides an explanation of the bank’s security organization. It also
establishes guidelines that define the bank’s security risk tolerance. The policy may
define responsibilities for designing, implementing, and enforcing information security
measures, and it may establish procedures to evaluate policy compliance, enforce
disciplinary measures, and report security violations.
3. Security measures: Security measures are combinations of hardware and software
tools, and personnel management, which contribute to building secure systems and
operations. Senior management should regard security as a comprehensive process that
is only as strong as the weakest link in the process. Banks can choose from a variety of
security measures to prevent or mitigate external and internal attacks and misuse of
electronic banking and electronic money which includes, encryption, passwords,
firewalls, virus controls, and employee screening.
3. Monitoring Risks
Ongoing monitoring is an important aspect of any risk management process. For electronic
banking and electronic money activities, monitoring is particularly important both because
the nature of the activities are likely to change rapidly as innovations occur, and because of
the reliance of some products on the use of open networks such as the Internet.
Two important elements of monitoring are system testing and auditing.
1. System testing and Surveillance: Testing of systems operations can help detect unusual
activity patterns and avert major system problems, disruptions, and attacks. Penetration
testing focuses upon the identification, isolation, and confirmation of flaws in the design
and implementation of security mechanisms through controlled attempts to penetrate a
system outside normal procedures. Surveillance is a form of monitoring in which
software and audit applications are used to track activity.
 2. Auditing: Auditing (internal and external) provides an important independent control
mechanism for detecting deficiencies and minimizing risks in the provision of electronic
banking and electronic money services. The role of an auditor is to ensure that
appropriate standards, policies, and procedures are developed, and that the bank
consistently adheres to them. An internal auditor should be separate and independent
from employees making risk management decisions. To augment internal audit,
management may seek qualified external auditors, such as computer security
consultants or other professionals with relevant expertise, to provide an independent
assessment of the electronic banking or electronic money activity.

Identification, Confidentiality and Payment Integrity

Payments on the Internet need to fulfil three broad conditions:-
1. Firstly, each party involved in the transaction must be sure that its counterparty is
exactly what she tells she is, or in other words, People involved must be identified.
2. Secondly, data exchanged between buyers and sellers must remain confidential.
3. Finally, buyers must be certain that the information they get about the payment are
reliable.
Those three conditions can be met by the use of encryption technology.

Security Requirement of EPS

The essential security requirements for secure electronic payment:-
1. Authentication: A way to verify the buyer’s identity before payments are been made. In
cyberspace , as in the physical world, customers, banks and merchants need assurances
that they will receive the service as ordered or the merchandise as requested and that
they know the identity of the person they are dealing with. Banks use cryptographic
systems to authenticate parties. It can be symmetric one or a combination of symmetric
and asymmetric. The management balance security needs with performance and the
cost issues.
2. Trust: A trusted third party i.e. certificate authority is a necessary part along with
cryptographic systems for security process in cyberspace. A certificate authority verifies
the identities in cyberspace. They validate parties in transactions. Digital certificates
plays an important role in authenticating parties and thus establishing trust in internet
banking systems and ensuring that information will not be accidentally or maliciously
altered or destroyed, usually during transmission.
3. Privacy: It is a consumer issue of great concern. Recognition and response to privacy
issues make it a positive attribute for the bank and a benefit for its customers. Proper
accumulation and use of personal information are likely to increase with the continued
 growth of e-commerce and internet. So, the providers sensitive to these concerns will
have an advantage over the others.
4. Non-repudiation: Non-repudiation is the undeniable proof of participation by both the
sender and the receiver in a transaction. Merchants need protection against the
customer’s unjustifiable denial of placed orders, and customers need protection against
the merchants’ unjustifiable denial of past payment. The technology provides an answer
to non-repudiation in form of cryptography but state laws are not uniform in the
treatment of electronic authentication and digital signatures.
5. Availability: Availability is the most important component in maintaining a high level of
public confidence in a network environment. The users expect access to systems 24
hours per day, 7 days a week. The associated considerations with system availability are
capacity, performance monitoring, redundancy and business resumption. So, proper
hardware and software must be there to consistently deliver a high level of service.
CRYPTOGRAPHY
Cryptography is the process of altering messages so as to hide their meaning from the
adversaries who might intercept them. Cryptography addresses the principles, means and
methods used to disguise information in order to ensure its authenticity. The encryption
converts plaintext to ciphertext. Plaintext is a message readable by anyone. But cyphertext is
protected message which is decrypted to plaintext to read.
Cryptography is used to achieve information

 Confidentiality: only authorized persons can access information

 Integrity: information that was sent is what was received
 Authentication: guarantee of originator and of electronic transmission
 Non-repudiation: originator of information cannot deny content or transmission
There are two basic methods of cryptography :
1. Private-Key Cryptography
2. Public-Key Cryptography
Private-Key Cryptography: In this method, the sender and the recipient agree beforehand on a
secret private key. The plaintext is converted into ciphertext by somehow combining the key.
Without the key the adversaries cannot determine the meaning of the message. Private-key
methods are efficient and difficult to break,
The major drawback is to protect the secrecy of the key while it is being exchanged between
the sender and the recipient. Banks use high security in transferring their keys between the
branches. But it is not practical for key exchange between e-commerce companies and a casual
web surfer.
Public-Key Cryptography: In Public-key cryptography, there are two keys a public-key and a
private-key. The private key is used to decrypt the ciphertext. Only the recipient has this key.
The sender of message is treated as a general public and has a public-key. Anyone who wants
to send an encrypted message to the recipient, he can use the public-key.
Public-key Cryptography depends upon the notion of one-way functions. A one way function is
a function that is easy to apply but extremely difficult to invert. The public-key algorithm uses a
one-way function to translate plaintext to ciphertext. Then, without the private-key it is very
difficult for anyone (including the sender) to reverse the process. The private-key is only with
the receiver and there is proper security for the messages. Only the receiver can decrypt the
message using the private-key. So, the public-key cryptography provides security and integrity
of the messages even when they are transmitted over insecure networks.
DIGITAL SIGNATURE : The purpose of a digital signature is to provide assurance about the
origin of the message and the integrity of the message contents. When a message with digital
signature is transmitted and received, the following parties are involved:-

 the signer, who signs the document

 the verifier, who receives the signed document and verifies the signature
 the arbitrator, who arbitrates any disputes between the signer and the verifier, if there
is a disagreement on the validity of digital signature.
The IT Act 2000 of India defines a digital signature to mean authentication of an electronic
record by a person in whose name digital signature certificate is issued by means of an
electronic method. The certificates are essential for establishing whether the public key belongs
to the purported owner and if a competent authority has attested the certificate information.
Digital signature is the encrypted message that is appended to a document that in turn confirm
the identity of the sender and the integrity of the document.
Definition of electronic signature: A computer data compilation of any symbol or series of
symbols, executed, adopted or authorized by an individual to be the legally binding equivalent
of the individual’s handwritten signature.
Digital signatures are easily transportable, cannot be imitated by someone else and can be
automatically time stamped. Digital signature can be used with any kind of message and it
ensures the receiver to be sure of sender’s identity and that the message arrived intact.
SECURE SOCKET LAYER (SSL): SSL protocol was developed by Netscape for transmitting private
document via the internet. SSL uses a cryptographic system that uses two keys to encrypt data
– a public key known to everyone and a private or secret key known only to the recipient of the
message. SSL is a cryptographic protocol which provide secure communication on the internet.
The Internet is an insecure channel for message transmission. To ensure privacy of information,
both the client and the server must run compatible security schemes. The SSL provides end-to-
end secure data transmission between the web server and the web client. It is sandwiched
between the TCP/IP and the application layer. SSL secure only web sessions and not email or
file transfer sessions, so confidential information like credit card numbers are not exchanged via
email. When packets are transmitted using SSL protocol, it can be viewed but the viewers
cannot decipher the contents since it is encrypted. The SSL ensures secure data transfer but is
not responsible for security of data residing in the web client or server.
SECURE ELECTRONIC TRANSACTION (SET): it is a standard protocol for securing credit card
transactions over insecure networks i.e. over the internet. It was developed by VISA and
MasterCard in 1996. SET protects payment instructions in transit.

Internet Banking
Internet banking, also known as online banking or e-banking or Net Banking is a facility offered
by banks and financial institutions that allow customers to use banking services over the
internet through their websites.
Internet banking products and services can include wholesale products for corporate customers
as well as retail and fiduciary products for general customers.
Examples of wholesale products and services: Cash management, Wire transfer, Automated
clearinghouse (ACH) transactions, Bill presentment and payment, etc.
Examples of retail and fiduciary products and services: Balance enquiry, Funds transfer,
Downloading transaction information, Bill presentment and payment, Loan applications,
Investment activity, other value added services, etc
The internet has made the banking products and services available to more customers and
eliminated geographic and proprietary systems barriers. . With the expanded market and
customer reach, the banks have opportunities to expand or change their products and service
offerings.
One of the services, the Inter Bank Transfer allows to transfer funds electronically to accounts
in other banks in India through NEFT (National Electronic Funds Transfer), RTGS (Real Time
Gross Settlement) or IMPS (Immediate Payment Service).
There is no maximum or minimum limit on the amount of funds that could be transferred
through NEFT. However, the maximum amount per transaction is limited to Rs.50,000.

Business owners can use RTGS when they need to transfer large amounts instantly. One
advantage that RTGS has over the other methods is the transaction speed, since the entire
amount is transferred in real time. There is a minimum limit of Rs. 2 lakhs for RTGS transactions,
and there’s no maximum limit as such.

IMPS is another real-time payment service, but one can transfer comparatively lower amounts,
up to Rs. 2 lakhs, instantly.
These limits are changed by the RBI time to time.

TYPES OF INTERNET BANKING

The following three basic kinds of internet banking are employed in the marketplace according
to the assessment of risks involved:
1. Informational: This is the basic level of Internet Banking. Informational system is a
standalone server and have marketing information about the banks products and
services. The risk is relatively low because there is no typical path between the server
and the bank’s internal network. But, still the server or website is vulnerable to
alterations. So, appropriate controls must be there to prevent any unauthorized
alterations to the information on the server.

2. Communicative: This system allows some interaction between the bank’s internal
network and the customer (a client PC on internet). Account enquiry, loan applications,
address change, electronic mail etc. are some interactions. As the server has a path to
the internal network of the bank, appropriate controls must be employed to prevent,
monitor and alert management of any unauthorized attempt to access the internal
network system. Virus control is one of the critical area in this environment.

3. Transactional: This environment allows customers to execute transactions. Here, a path

exist between the server and the bank’s or outsourcer’s internal network, this is the
highest risk architecture and must have the strongest controls. The transactions include
accessing accounts, paying bills, transferring funds, etc.

Advantages of Internet Banking

The advantages of internet banking are as follows:

 Availability: One can avail the banking services round the clock throughout the year.
Most of the services offered are not time-restricted; one can check the account balance
at any time and transfer funds without having to wait for the bank to open.
 Easy to Operate: Using the services offered by online banking is simple and easy. Many
find transacting online a lot easier than visiting the branch for the same.
 Convenience: There is no need to leave chores behind and go stand in a queue at the
bank branch. The transactions can be completed from wherever one want. It becomes
very convenient to pay utility bills, recurring deposit account instalments, and others
using online banking.
 Time Efficient: Any transaction can be completed in a matter of a few minutes via
internet banking. Funds can be transferred to any account within the country or open a
fixed deposit account within no time on netbanking.
  Activity Tracking: All the transactions performed on a bank’s internet banking portal are
recorded. Details such as the payee’s name, bank account number, the amount paid,
the date and time of payment, and remarks if any are recorded as well. So, it can be
shown as proof of the transaction if need be.

Disadvantages of Internet/Online Banking

The disadvantages of internet banking are as follows:

 Internet Requirement: An uninterrupted internet connection is a foremost requirement

to use internet banking services. If access to the internet is not there, one cannot make
use of any facilities offered online. Similarly, if the bank servers are down due to any
technical issues on their part, one cannot access net banking services.
 Transaction Security: No matter how much precautions banks take to provide a secure
network, online banking transactions are still susceptible to hackers. Irrespective of the
advanced encryption methods used to keep user data safe, there have been cases
where the transaction data is compromised. This may cause a major threat such as using
the data illegally for the hacker’s benefit.
 Difficult for Beginners: There are people in India who have been living lives far away
from the web of the internet. It might seem a whole new deal for them to understand
how internet banking works. Worse still, if there is nobody who can explain them on
how internet banking works and the process flow of how to go about it. It will be very
difficult for inexperienced beginners to figure it out for themselves.
 Securing Password: Every internet banking account requires the password to be
entered in order to access the services. Therefore, the password plays a key role in
maintaining integrity. If the password is revealed to others, they may utilize the
information to devise some fraud. Also, the chosen password must comply with the
rules stated by the banks. Individuals must change the password frequently to avoid
password theft which can be a hassle to remember by the account holder himself.

Payment Gateway
Paying online is a fundamental feature that every e-commerce platform in the world offers. And
they can provide this facility by integrating with a payment gateway. The online transaction
may be through debit or credit cards, netbanking, UPI, wallets and other modes.
A payment Gateway is an e-commerce service that authorizes payments for e-business and
online retailers. A payment gateway acts as an intermediary between the merchants’ shopping
cart and all the financial networks involved with the transaction, including the customers’ credit
and debit card issuer and the merchant’s account.
It checks for validity, encrypts transaction details, ensures they are sent to the correct
destination and then decrypts the responses which are sent back to the shopping cart. A
payment gateway can be thought of as a digital equivalent to a credit card processing terminal.
This is a seamless process and the customer does not has to directly interact with the gateway;
as data is forwarded to the gateway via the shopping cart and a secure (SSL) connection. The
shopping cart is configured via plugins to send information in a format that is acceptable to the
particular gateway.

Working of the Payment Gateways

Payment gateways encrypt information handling through SSL. This prevents opportunity for
fraud, and adds security to the transaction process. Gateways communicate with a variety of
entities which includes:-
• The customer
• The merchant (through their website)
• Credit Card companies (for verifying information and establishing authentication)
• Internet Merchant accounts that relay order information from the gateway to the
merchant’s bank account.

Benefits of Payment Gateways

i. Security: Gateways keep customers credit card data behind firewalls so that both the
merchant and the customer doesn’t have to worry about some fraud or hacking to their
system.
ii. Encryption: Gateways use SSL encryption to prevent message tampering while the
credit card information is being transmitted over the Internet. EMS (Expanded Memory
Specification Computing) provides the most secure encryption technology.
iii. Back-up Redundancy: Gateways have a backup system in place to ensure that
merchants can continue processing in the event of an emergency.

iv. Up-to-date Technology: Gateways are services that are constantly upgraded to be up to
date with the latest technology. The merchants need not to upgrade their system
hardware because the gateways are not on their computers

Issues Related to Electronic Payment Technology

Online payment processing requires coordinating the flow of transactions among a complex
network of financial institutions and processors. The up to date technology has simplified this
process so that, with the right solution, payment processing is easy, secure, and seamless for
both the merchant and the customer.
The important issues in online payment processing are:-
i. Online Payment Processing Basics: Purchasing online may seem to be quick and easy.
For it to work correctly, merchants must connect to a network of banks (both acquiring
and issuing banks), processors, and other financial institutions so that payment
information provided by the customer can be routed securely and reliably as payment
information is highly sensitive and trust and confidence are essential elements of any
payment transaction. This means that the gateway should be provided by a company
with in-depth experience in payment processing and security.
ii. The Payment Processing Network: The different participants and elements involved in
payment processing are:
a. Acquiring bank: An acquiring bank provides Internet merchant accounts. A merchant
must open an Internet merchant account with an acquiring bank to enable online credit
card authorization and payment processing.
b. Authorization: The process by which a customer’s credit card is verified as active and
that they have the credit available to make a transaction. An authorization also verifies
that the billing information the customer has provided matches up with the information
on record with their credit card company.
c. Credit card association: A financial institution that provides credit card services that are
branded and distributed by customer issuing banks. Examples include Visa, MasterCard
etc.
d. Customer: The holder of the payment instrument – such as a credit card, debit card, or
electronic cheque.
e. Customer issuing bank: A financial institution that provides a customer with a credit
card or other payment instrument. Example includes various banks. During a purchase,
the customer issuing bank verifies that the payment information submitted to the
merchant is valid and that the customer has the funds or credit limit to make the
proposed purchase.
f. Internet merchant account: A special account with an acquiring bank that allows the
merchant to accept credit cards over the Internet. The merchant typically pays a
processing fee for each transaction processed, also known as the discount rate which
vary from bank to bank.
g. Merchant: Someone who owns a company that sells products or services.
h. Payment gateway: A service that provides connectivity among merchants, customers,
and financial networks to process authorizations and payments. The service is usually
operated by a third-party provider such as VeriSign.
 i. Processor: A large data center that processes credit card transactions and settles funds
to merchants. The processor is connected to a merchant’s site on behalf on an acquiring
bank via a payment gateway.
j. Settlement: The process by which transactions with authorization codes are sent to the
processor for payment to the merchant. Settlement is a sort of electronic bookkeeping
procedure that causes all funds from captured transactions to be routed to the
merchant’s acquiring bank for deposit.
How Payment Processing Works: Payment processing in the online world is similar to
payment processing in the offline or “Brick and Mortar” world, with one significant
exception. In the online world, the card is ‘not present’ at the transaction. That is why the
merchant must take additional steps to verify that the card information is being submitted
by the actual owner of the card.
Payment processing can be divided into two major phases or steps:
Authorization and Settlement.
Authorization:
a) Online: A customer who decides to make a purchase on a merchant’s Web site, proceeds to
checkout and inputs credit card information.
i. The merchant’s Web site receives customer information and sends transaction
information to the payment gateway.
ii. The payment gateway routes information to the processor.
iii. The processor sends information to the issuing bank of the customer’s credit card.
iv. The issuing bank sends the transaction result (authorization or decline) to the
processor.
v. The processor routes the transaction result to the payment gateway.
vi. The payment gateway passes the resultant information to the merchant.
vii. The merchant accepts or rejects the transaction and ships the goods if necessary.
b) “Brick and Mortar”: A customer selects item(s) to purchase, brings them to a cashier, and
hands the credit card to the merchant.
i. The merchant swipes the card and transfers transaction information to a point-of-sale
terminal.
ii. The point-of-sale terminal routes information to the processor via a dial-up connection,
the point-of-sale terminal takes the place of the payment gateway in the offline world.
 iii. The processor sends information to the issuing bank of the customer’s credit card.
iv. The issuing bank sends the transaction result (authorization or decline) to the processor.
v. The processor routes the transaction result to the point-of-sale terminal.
vi. The point-of-sale terminal shows the merchant whether the transaction was approved
or declined.
vii. The merchant tells the customer about the outcome of the transaction. If approved, the
merchant asks the customer to sign the credit card receipt if the card is not PIN
protected.
Payment Processing – Settlement:
The settlement process transfers authorized funds for a transaction from the customer’s bank
account to the merchant’s bank account. The process is basically the same whether the
transaction is conducted online or offline.
The Must Know Things About Fraud:
Credit card fraud can be a significant problem for customers, merchants, and credit card
issuers. Liability for fraudulent transactions belongs to the credit card issuer for a card-present,
in-store transaction, but shifts to the merchant for ‘card not present’ transactions, including
transactions conducted online. This means that the merchant does not receive payment for a
fraudulent online transaction. Hence, it is important to limit the risk as an online merchant.
The following important fraud prevention steps should be adhered to:
i. Chose a payment services provider that is well-established and credible.
ii. Make sure that the payment gateway provider offers real-time credit card
authorization results. This ensures that the credit card has not been reported as lost
or stolen and that it is a valid card number.
iii. One of the simplest ways to reduce the risk of a fraudulent transaction is to use
Address Verification Service (AVS). This matches the card holder billing address on
file with the billing address submitted to ensure that the card holder is the card
owner.
iv. Use Card Security Codes, known as CVV2 for Visa, CVVC for MasterCard, and CID for
American Express. For American Express, the code is a four-digit number that
appears on the front of the card above the account number. For Visa and
MasterCard, the code is a three-digit number that appears at the end of the account
number on the back of the card. The code is not printed on any receipts and
provides additional assurance that the actual card is in possession of the person
submitting the transaction. As a merchant, one can ask for this code on the online
 order form as even if it is not used for processing, simply asking for it acts as a strong
deterrent against fraud.
v. Watch for multiple orders for easily resold items such as electronic goods purchased
on the same credit card.
vi. Develop a negative card and shipping address list and cross-check transactions
against it. Many perpetrators will go back to the same merchant again and again to
make fraudulent transactions.