FINT B338F

E-payment Systems, Cryptocurrencies and Cyber Security

Specimen Exam Paper

Important:
This specimen examination paper serves solely as an illustration of the types of questions which
may be contained in the examination. Students should not construe these questions as the actual
examination questions nor part of the actual examination paper. In addition, this specimen
examination paper does not purport to represent the complete scope or coverage of the course
and the distribution of the topics to be examined.

The case used in the specimen examination paper is copyrighted. The

specimen examination paper posted on the OLE is solely for students’
own private study. Students should not-re-distribute the case to any
other person to avoid any risk of copyright infringement.

© Hong Kong Metropolitan University

This examination paper is divided into TWO (2) Sections. Students are required to answer
ALL Sections and answer the number of questions indicated in each Section.

SECTION A (40 marks) Answer ALL questions in this Section.

Question 1 (40 marks)

STEP2
STEP2 is a Pan-European Automated Clearing House (PE-ACH) for retail payments in Euro.
The platform is one of the key clearing and settlement mechanisms in the Single Euro Payments
Area (SEPA), both in terms of processing volumes and participating institutions. The system
owner and operator is EBA Clearing, a company owned by 48 major banks that provides pan-
European payment infrastructure.

As a cornerstone of the SEPA processing infrastructure, STEP2 today provides full reach for
SEPA Credit Transfers and Direct Debits to over 4,800 payment service providers across all
SEPA countries. STEP2 provides a state-of-the-art network-independent processing engine,
which is based on global XML-based ISO standards. The platform ensures full straight-through
processing of all transactions in the interbank space and offers its users the most advanced
standard functionality based on latest technology:

● 24-hour file sending, payment warehousing and scheduling of payments in a specific cycle.

● Same-day and optional night-time settlement cycles.

● Payment cancellation and Recall functionality.

● Network independence.

● Machine-readable routing tables.

● Interactive workstation.

● Reconciliation reports.

This set of advanced standard features optimally supports participant banks in managing their
payment traffic on the STEP2 platform and their own processing capacities in a very efficient
and flexible manner.

STEP2 Direct Participants can send payments at any time, but the processing and settlement of
payment orders is carried out in five cycles during the day and two at night. Payment
warehousing and cycle scheduling allow participants to choose the date and settlement cycle
in which a credit transfer should be processed up to three business days in advance. STEP2
calculates the net positions of the participants multilaterally and sends them to the banks, which
check that they have sufficient funds to settle their liabilities. The reciprocal claims and
liabilities created in STEP2 are settled in the TARGET2 RTGS system managed by the central
banks. After settlement, STEP2 sends the participants an information file on the payments that
have been settled.

FINT B338F Specimen Exam Paper Page 2 of 4

Answer the following questions.

(a) Classify STEP2 based on the six attributes of payment systems. Briefly (12 marks)
explain your answer.

(b) Describe the guidelines for writing a security policy for STEP2. (14 marks)

(c) Discuss how hashing can be used to ensure the data integrity for STEP2 (14 marks)
transaction records. Suggest two commonly used hashing algorithms.

[END OF SECTION A]

FINT B338F Specimen Exam Paper Page 3 of 4

SECTION B (60 marks) Answer 2 of 3 questions in this Section. Each question is
worth 30 marks.

Question 2 (30 marks)

Octopus is an electronic payment system using a contactless smart card. Octopus cards can be
used to make payments on public transport and at a wide range of retailers and facilities. Users
simply hold their Octopus cards over a reader, and the correct amount will be deducted from
their Octopus automatically without the hassle of cash. For some residential and commercial
buildings, Octopus is also used as access control.

(a) Illustrate four advantages of using Octopus cards versus cash from the (8 marks)
merchant’s point of view.

(b) Describe the components of Octopus cards. (10 marks)

(c) The emergence of mobile payments in Hong Kong poses challenges to (12 marks)
Octopus. Discuss the strengths and weaknesses of Octopus cards
comparing with mobile payments in Hong Kong.

Question 3 (30 marks)

Suppose Bank of China is considering employing either iris or retinal recognition for its new
biometric ATM system to replace the plastic bank card.

(a) Compare the suitability of both biometric measures (iris and retinal) for (8 marks)
the new ATM system in terms of accuracy, cost, intrusiveness and
security level.

(b) Explain the technical differences between iris and retinal recognition. (10 marks)

(c) Discuss under what conditions deep learning should be used to implement (12 marks)
the above biometric ATM system.

Question 4 (30 marks)

(a) Compare the differences between banks and Bitcoin in terms of account and (12 marks)
identity management, service, record management and trust.

(b) Explain the four key concepts of bank (i.e., identity, transaction, record (8 marks)
keeping, and consensus) that can fit into Bitcoin’s architecture.

(c) Discuss the differences between symmetric encryption and asymmetric (10 marks)
encryption.

[END OF SECTION B]

[END OF EXAMINATION PAPER]

FINT B338F Specimen Exam Paper Page 4 of 4