Electronic Payment System

Electronic Payment System

Definition-:
•An electronic payment is any kind of non-cash
payment that doesn't involve a paper check.

•Methods of electronic payments include credit cards,

debit cards and the ACH (Automated Clearing House)
network.
•The ACH system comprises direct deposit, direct debit
and electronic checks (e-checks).
A PayPal security key generates a six-digit
temporary login code to authenticate the user.
Public and private key
cryptography
Digital Signature
 A Digital Signature Certificate, like hand written
signature, establishes the identity of the sender
filing the documents through internet which
sender can not revoke or deny.

 A Digital Signature Certificate is not only a

digital equivalent of a hand written signature it
adds extra data electronically to any message
or a document where it is used to make it more
authentic and more secured.

 There are basically 3 types of Digital Signature

Certificates Class-1, Class-2 & Class-3 each
having different level of security.
Certifying Authority
 Electronic Payment Association
The National Automated Clearing House Association (NACHA), also
known as the Electronic Payments Association, has helped increase the
use of e-payments and e-checks. NACHA governs the nationwide
Automated Clearing House (ACH) network. Through this network,
NACHA's 11,000 member banks and other financial institutions offer
direct deposit, direct debit and e-checks for consumers and businesses.
Digital Signature Verification
System
 Used by ABN Amro
Credit Card System
Payment Gateway
Providers
Financial EDI Interface (FI-EDI)
•The FI-EDI interface is intended to connect a bank
communications system to the SAP R/3 system.

•Companies use these Bank Communication Systems to send

their payment transaction data to their house banks and to
receive account statements etc. from banks to close the
financial loop.
Financial EDI
E -Checks
Stored Value cards and E-
cash
 The major benefit of using e-cash is that fees for small
payments (micro payment) are avoided.
 Other benefits are:

Anonymity
Convenience
Support for multiple
currencies across borders
Smart Cards
 Smart Cards
 Plastic card containing an embedded microchip
 Available for over 10 years
 So far not successful in U.S., but popular in Europe, Australia,
and Japan
 Unsuccessful in U.S. partly because few card readers available
 Smart cards gradually reappearing in U.S.; success depends
on:
 Critical mass of smart cards that support applications
 Compatibility between smart cards, card-reader devices, and
applications
 The most widely known general purpose smart cards are
Mondex and Visa Cash
Smart card applications now include:

•SIM cards for mobile telephony, including Near Field

Communications (NFC) and contact less mobile
payments
•Financial credit, debit, pre-paid and ATM cards,
including contact less payment cards
•Stored value cards and retailer loyalty cards
•Transport cards for automated revenue collection
•National smart identity cards and e-Passports
•Smart health cards and social security cards
•Smart cards for enterprise ID and identity management
•Registered traveler and frequent flyer smart cards for
airlines
Examples

 ICICI Prudential Life Insurance, one of India’s

leading life insurance companies, launched the
biometric smart cards for their rural policyholders,
making it the first life insurance company in India to
provide this service to its rural customers.
 Mumbai locals: Use Smart card to buy tickets -'Go
Mumbai Card'
 Delhi Metro Rail Corporation Ltd. (DMRC)Smart
Card: Most convenient for the frequent commuter.
Valid for one year, Travel Cards are available in the
denominations of Rs. 100, 200 and 500. ...
 Smart card for RC of your car
 Smart card for PAN card
Mondex Smart Card

 Holds and dispenses electronic cash (Smart-card

based, stored-value card)
 Developed by MasterCard International
 Requires specific card reader, called Mondex
terminal, for merchant or customer to use card
over Internet
 Supports micropayments as small as 3c and
works both online and off-line at stores or over
the telephone
 Secret chip-to-chip transfer protocol
 Value is not in strings alone; must be on Mondex
card
 Loaded through ATM
 ATM does not know transfer protocol; connects with
secure device at bank
Mondex Smart Card
Processing
Visa Cash

 Visa Cash, like MONDEX, is a Smartcard-based

electronic purse (e-purse) that''s implemented on both
proprietary cards and Open Platform cards. There are
two main types of Visa Cash cards:
 Disposable
 Reloadable.
Disposable Visa cards
are loaded with a predefined value. These cards come in
denominations of local currency, such as US$10. The disposable card
version uses low cost memory cards to store VISA Cash money. When
the value of the card is used, the card can be discarded and a new
card may be purchased.
Re-loadable Visa
cards come without a predefined value. These cards can
have valued added to them in specially configured devices such as
ATM''s, EFT POS terminals or other Load Devices. When the value is
used up, you can re-load the card again.
Biometric and Smart Card
Technologies
 Biometric technologies are defined as automated
methods of identifying or authenticating the identity of
a living person based on unique physiological or
behavioral characteristics. Biometric technologies,
when used with a well-designed ID system, can
provide the means to ensure that an individual
present-ing a secure ID credential has the absolute
right to use that credential. Smart cards have the
unique ability to store large amounts of biometric and
other data, carry out their own on-card functions, and
interact intelligently with a smart card reader. Secure
ID systems that require the highest degree of security
and privacy are increasingly implementing both smart
card and biometric technology.
Examples

 Smart card for foodgrain delivery under PDS

 Smart cards for pension, NREG wages in Andhra
Proximity Card

 Available with unique technical features

and user friendly in nature, we offer
world-class proximity card reader which
has the memory of 1 KB, where
employee’s related information can be
feed into the card itself e.g, employee
name, designation, department etc.
Used in multiple applications like: Office
utility products ACCESS SYSTEMS
(CARD/THUMB) and useful for
attendance, salary calculation and door
unlocking with date and time, it also has
voice response in English
Representation of E-cash
systems
 There are two ways to represent and move the E-
Cash;

Electronic money with a unique

value and identification number.

Stored value cards

 Electronic Money
Electronic money is analogous to paper
money or coins.
The pioneer of electronic money on the
internet was DigiCash.
Banks affiliated with DigiCash issue
electronic bills,each with unique
identification.
DigiCash is not authorised to issue more that
an electronic gift certificate even though it
is acceptable widely.
DigiCash did not have chance to store
electronic money in the IC card.
 Stored Value Cards
The stored value card may be either
anonymous or onymous.
An advantage of an anonymous card is
that the card may be transferred from
person to another, while the onymous card
must not.
The notion of a stored value card is also
implemented on the internet without
employment of an IC card.
ELECTRONIC FUND TRANSFER

 EFT (Electronic Fund Transfer) is the new facility

provided to the Exporters for submitting the licence
fee through the Internet without visiting the Bank for
the payment.
 This procedure is being proposed to facilitate
payments through electronic means. The facility shall
be available only for electronically filed applications.
•Currently Electronic payment can be made
through following banks :
•ICICI Bank , IDBI Bank, HDFC Bank , UTI Bank,
State Bank of India, Bank of India, Punjab
National Bank, Union Bank of India
•An exporter having valid Importer Exporter
Code (IEC) need to have an Internet
Banking account , his ID and password from
any of the Banks given above.
STEPS FOR MAKING PAYMENT
Debit Card

 A debit card also known as check card, is a card that

authorizes the EFT.
 While credit card is a way to pay later, a debit card is
a way to pay now.
 When you use a debit card , the amount is
immediately deducted from your checking or savings
account.
 Debit card allow you to spend only what is in your
bank account
The Automated Clearing
House (ACH)
 The Automated Clearing House (ACH) system is a
secure, private network that connects banks to one
another by way of the Federal Reserve Board or other
ACH operators. This network enables electronic
payments, such as automatic payroll deposits and
debit card purchases, to be handled and processed.
Past and Present E-cash

Cyber Cash
 Combines features from cash and checks
 Offers credit card, micropayment, and check payment
services
 Connects merchants directly with credit card processors
to provide authorizations for transactions in real time
 No delays in processing prevent insufficient e-cash to pay
for the transaction
Cyber Coins
 Stored in Cyber Cash wallet, a software storage mechanism located on
customer’s computer
 Used to make purchases between .25c and $10
 Pay Now -- payments made directly from checking accounts
DigiCash
 Trailblazer in e-cash
 Allowed customers to purchase goods and services using anonymous
electronic cash
 Recently entered Chapter 11 reorganization
Coin.Net
 Electronic tokens stored on a customer’s computer is used to make
purchases
 Works by installing special plug-in to a customer’s web browser
 Merchants do not need special software to accept eCoins.
 eCoin server prevents double-spending and traces transactions, but
consumer is anonymous to merchant
Electronic Wallets

• Stores credit card, electronic cash, owner

identification and address
– Makes shopping easier and more efficient
• Eliminates need to repeatedly enter identifying
information into forms to purchase
• Works in many different stores to speed checkout
– Amazon.com one of the first online merchants
to eliminate repeat form-filling for purchases
Electronic Wallets

 Agile Wallet
 Developed by CyberCash
 Allows customers to enter credit card and identifying
information once, stored on a central server
 Information pops up in supported merchants’
payment pages, allowing one-click payment
 Does not support smart cards or CyberCash, but
company expects to soon
 eWallet
 Developed by Launch pad Technologies
 Free wallet software that stores credit card and
personal information on users’ computer, not on a
central server; info is dragged into payment form from
eWallet
 Information is encrypted and password protected
 Works with Netscape and Internet Explorer
 Microsoft Wallet
 Comes pre-installed in Internet Explorer 4.0, but not in Netscape
 All information is encrypted and password protected
 Microsoft Wallet Merchant directory shows merchants setup to accept
Microsoft Wallet
Entering Information Into
Microsoft Wallet
SECURITY E-COMMERCE TRANSACTIONS
78
Security issues:-

Confidentiality : Confidentiality refers to preventing the disclosure of

information to unauthorized individuals or systems. For example, a credit
card transaction on the Internet requires the credit card number to be
transmitted from the buyer to the merchant and from the merchant to a
transaction processing network.
Confidentiality is necessary for maintaining the privacy of the people whose
personal information a system holds.
Integrity : In information security, data integrity means maintaining and
assuring the accuracy and consistency of data over its entire life-cycle. This
means that data cannot be modified in an unauthorized or undetected
manner. This is not the same thing as referential integrity in databases,
although it can be viewed as a special case of Consistency as understood
in the classic

Availability : For any information system to serve its purpose, the information
must be available when it is needed. This means that the computing systems
used to store and process the information, the security controls used to
protect it, and the communication channels used to access it must be
 79

Authenticity In computing, e-Business, and information security, it is

necessary to ensure that the data, transactions, communications or
documents (electronic or physical) are genuine.

Non-repudiation In law, non-repudiation implies one's intention to fulfill their

obligations to a contract. It also implies that one party of a transaction
cannot deny having received a transaction nor can the other party deny
having sent a transaction.

Information security Information security analysts are information

technology (IT) specialists who are accountable for safeguarding all data
and communications that are stored and shared in network systems.
 80
Types of security attacks
A Network attack or security or security incident is defined as a threat,
intrusion, denial of service or other attack on a network infrastructure that will
analyze your network and gain information to eventually cause your network
to crash or to become corrupted. In many cases, the attacker might not only
be interested in exploiting software applications, but also try to obtain
unauthorized access to network devices.

There are at least seven types of

network attacks.

1.Spoofing
2. Sniffing.
3. Mapping.
4. Hijacking.
5. Trojans.
6. DoS and DDoS.
7. Social engineering.