Professional Documents
Culture Documents
Dr Sudhir Bisht
• What is RuPay Card, VISA Card, MasterCard
.mp4
• What is NEFT, RTGS, IMPS, UPI .mp4
• How Electronic Payments Work.mp4
• A Complete Guide to Mobile Wallets _
Payment Banks _ Top 5 Digital Wallets.mp4
• NPCI_Architect of Cashless India.mp4
Digital Payment Requirements
• In order to implement versatile solutions, a payment protocol
Terminology E-commerce.pptx and storage mechanism, for digital
currency, need to be implemented and followed by all the parties
involved in the transaction.
• In case of any breach, the system should be capable of providing
safeguards to prevent frauds.
• Security remains a paramount concern in an electronic payment system.
• As the payment systems involve direct financial transaction, dealing with
the movement of actual money, they become prime targets for
defrauders all over the world.
• Digital money is represented in bits and bytes, thus, unlike minted
money it is far easier to replicate, at almost zero cost.
• Even though they can be in a secure format locally, the very nature of
electronic commerce requires its movement over the network. The open
environment of the internet makes it susceptible to interception,
duplication, and manipulation.
• Thus, the issue of ensuring integrity (innocence, blamelessness, chastity,
purity), confidentiality and non-refutability acquire an added
significance.
ACID properties of digital financial transactions
• In computer science, ACID (Atomicity, Consistency, Isolation, Durability) is a set of properties
of database transactions intended to guarantee validity even in the event of errors, power
failures, etc.
• In the context of databases, a sequence of database operations that satisfies the ACID
properties (and these can be perceived as a single logical operation on the data) is called a
transaction.
• For example, a transfer of funds from one bank account to another, even involving multiple
changes such as debiting one account and crediting another, is a single transaction.
• E transactions have to exhibit the Atomicity, Consistency, Isolation, and Durability (ACID)
properties.
• Atomicity. In a transaction involving two or more discrete pieces of information, either all of
the pieces are committed or none are.
• An example of an atomic transaction is a monetary transfer from bank account A to account
B.
• It consists of two operations, withdrawing the money from account A and saving it to
account B. Performing these operations in an atomic transaction ensures that the database
remains in a consistent state, that is, money is neither lost nor created if either of those two
operations fail
• Consistency. A transaction either creates a new and valid state of data, or, if any failure
occurs, returns all data to its state before the transaction was started.
• Consistency in database systems refers to the requirement that any given database
transaction must change affected data only in allowed ways. Any data written to the
database must be valid according to all defined rules, including constraints, cascades,
triggers, and any combination thereof.
ACID properties contd.
• Isolation. A transaction in process and not yet
committed must remain isolated from any
other transaction.
There are also other forms of cyber attacks where cyber criminals look for
vulnerabilities within a technology and turn it to their advantage. “Some of
these security breaches are much harder to detect and can only be
identified using advanced security systems," said Rajat Mohanty, chief
executive officer, Paladion Networks, a cyber security firm.
Minimizing risks in e payment- what cos can do
• “There is nothing called 100% secure. Anyone who says that their
system is 100% watertight neither understands technology nor risk
management.
• You can only manage and minimize the risk," experts say.
• At the institutional level, mechanisms have been put in place for
constant monitoring of the systems. Certainly, more needs to be
done. “When a customer makes a purchase (online), the business
loses control of a large portion of the transaction interaction as
customers use a variety of devices, operating systems and browsers
to access e-commerce sites," said Rana Gupta, vice-president, Asia-
Pacific, identity and data protection, Gemalto, a digital security firm.
• Gupta said that mobile e-wallet companies must look at a layered
approach to data security that provides protection at every stage of
the payment and business service ecosystem, such as: better access
control techniques, stronger authentication measures and use of
end-to-end encryption and proper key management.
Minimizing risks in e-payment- what customers should
do
• If you end up being a victim of cyber fraud, immediately get in touch with
the bank or e-wallet company.
• If reported in time, the damage can be minimized. According to RBI, banks
are responsible for security of the debit cards they issue and hence, in case
of any monetary loss on account of breach or failure of security, the bank is
liable to bear the loss. However, if a fraud takes place and “customer
reports beyond 7 working days, customer liability will be determined based
on bank’s Board approved policy," RBI had said in a circular.
• That being said, basic cyber hygiene helps in keeping trouble at bay. You
must never share passwords with others nor should you save them on
public computers.
• Use security measures such as receiving a one-time password (OTP) for
every transaction.
• This adds another layer of much-needed protection to the entire
transaction process. Do not click on links that come through SMSs or emails
as these may lead to inadvertent downloading of malware programs that
can steal sensitive data from your mobile device or computer. Malware
attacks can also be avoided by steering clear of untrustworthy websites and
unverified apps.
• how to create one time usable virtual credit card for online shopping.mp4
As per Axis bank website
•Every time a banking customer uses her credit or debit card , whether at a physical
point-of-sale or online, she’s engaging in an electronic funds transfer. Any
preauthorized charges, such as direct deposits or utility bills, also utilize an EFT.
Dr Sudhir Bisht
Security: Essential requirement for e-payment
Security is an essential part of any transaction that takes place over the
internet. Customers will lose his/her faith in e-business if its security is
compromised. Following are the essential requirements for safe e-
payments/transactions −
• Confidentiality − Information should not be accessible to an unauthorized
person. It should not be intercepted during the transmission.
• Integrity − Information should not be altered during its transmission over
the network.
• Availability − Information should be available wherever and whenever
required within a time limit specified.
• Authenticity − There should be a mechanism to authenticate a user before
giving him/her an access to the required information.
• Non-Repudiability − It is the protection against the denial of order or
denial of payment. Once a sender sends a message, the sender should not
be able to deny sending the message. Similarly, the recipient of message
should not be able to deny the receipt.
• Encryption − Information should be encrypted and decrypted only by an
authorized user.
• Auditability − Data should be recorded in such a way that it can be audited
for integrity requirements.
Essential features of security of payment systems
The payment system should be secure enough to offer the following:
• Fraud Protection: Digital payment systems must be tamper resistant
and should have built-in mechanisms to prevent illegal use of digital
cash. At the very least, the digital payment systems must provide the
means for detection and punishment of misuse, after the fraud.
• No Double Spending: Since digital cash is represented by bytes that
can be easily copied and respent, the digital payment system should
safeguard against reuse of currency. This type of fraud can be initiated
not only by customers who might reuse digital money for several
purchases, but also by merchants who could attempt to resubmit
digital money for redemption.
• No Counterfeiting: The system should be able to detect fake currency.
It should be easy to distinguish between legal money tokens and
unauthorized illegal money.
• No Overspending: The system should have the means to ensure that
the user is unable to spend beyond the money represented by token,
or held in the purse. Prevention of customer overspending, i.e.,
exceeding spending limits, is another fraud protection issue,
especially in account based systems.
• Non-refutability: The parties involved should be able to verify that the payment
transaction has taken place, along with the amount and the purpose of
transaction. A record of the transaction should be produced, on demand, incase
of dispute, though it may have implications on the control of privacy.
• Hardware Tamper Resistance: Some digital payment systems rely on tamper
resistant hardware like smart cards to prevent double spending and forgery, and
can be used offline. However breaking-in of the hardware would leave the users
open to frauds. Reliability of the hardware used should be certified.
• Unauthorized Use: The tokens stored in soft format/digital data are easy to steal,
a good payment system should prevent the stealer from being able to spend the
tokens. In the case of device dependent payment systems, it should not be easy
to steal the payment device, and unauthorized owners should not be able to use
the payment device.
• Privacy Control: The payment system should make it possible for customers to
keep their spending habits private from observers, merchants, and banks.
• Confidentiality: The grants of confidentiality by the payment system are essential
to the user. In an ideal situation, the payment transaction should be carried out
in such a manner that it maintains confidentiality of all the intermediate
information and yet ensures the value transfer.
• Non-traceability: Payment systems should ensure ruling out any possibility of
two different payments, by the same user, being linked together. The transaction
should also maintain anonymity and non-traceability, similar to cash payments in
a shop.
Measures to ensure Security
Major security measures are following −
• Encryption − It is a very effective and practical way to
safeguard the data being transmitted over the
network. Sender of the information encrypts the data
using a secret code and only the specified receiver can
decrypt the data using the same or a different secret
code.
• Digital Signature − Digital signature ensures the
authenticity of the information. A digital signature is an
e-signature authenticated through encryption and
password.
• Security Certificates − Security certificate is a unique
digital id used to verify the identity of an individual
website or user.
Videos
• What is Encryption.mp4
Encryption is the practice of encoding data to ensure the data can be securely
relayed over the internet. It acts as one of the most effective methods in
mitigating ecommerce security risks to safeguard data integrity.
What is an SSL certificate?
SSL certificates use small data files to secure a cryptographic key to a company’s
file. When an SSL certificate is installed on a web server, it uses specific protocols
to facilitate a secure connection from the server to a browser.
What is PCI Compliance
Payment card industry (PCI) compliance refers to the technical and operational
standards that businesses must follow to ensure that credit card data provided
by cardholders is protected.
PCI compliance is enforced by the PCI Standards Council, and all businesses
that store, process or transmit credit card data electronically are required to
follow the compliance guidelines.
All companies that process credit card information are required to maintain PCI
compliance, regardless of their size or the number of credit card transactions they
process. All companies are broken into merchant levels based upon the number of
transactions that are processed during a specified period. PCI compliance is
governed by the Payment Card Industry Security Standards Council, an organization
formed in 2006 for the purpose of managing the security of credit cards.
The requirements, known as the Payment Card Industry Data Security Standards
(PCI DSS), are managed by the major credit card companies, including VISA,
American Express, Discover and MasterCard, among others.
Basics of Encryption & Decryption
• What is Encryption?
• Encryption is a process that changes the nature of
information so it can't easily be employed by a third
party.
• It uses a mathematical transformation, and a key (an
external piece of information), to perform the intended
change. Simplistic version of encryption.xlsx
• This introduces a random element that increases its
ability to resist attacks. Sometimes, the calculations
transforming the information are complex, at others,
they are not. It is also reversible, meaning that it can be
undone. Encryption is an integral part of many operations
including, banking transactions, Internet purchases, and
password protection. Most of the time, you won't even
know it is there
What Is Symmetric Encryption?
Symmetric encryption is an encryption methodology that uses a single key to
encrypt (encode) and decrypt (decode) data. It is the oldest and most well-
known technique for encryption.
The secret key can be a word, a number, or a string of letters, and it's applied
to a message.
The message is changed following the rules in the key. Sender and receiver
know the key, and can thus code and decode any message that would use that
specific key.
Decryption Algorithm
In the decryption algorithm, the secret key (the decoder ring) is applied to the
ciphertext. It converts it back to plaintext, basically performing the encryption in
reverse.
What Is a Programming Algorithm?
You can think of a programming algorithm as a recipe that describes the exact
steps needed for the computer to solve a problem or reach a goal.
Food recipes - they list the ingredients needed and a set of steps for how to make
the described meal.
In computer lingo recipe = procedure AND ingredients = input
Your computer looks at your procedure, follows it to the letter, and you get to see
the results, which are called outputs.
A programming algorithm describes how to do something, and your computer
will do it exactly that way every time. Well, it will once you convert your
algorithm into a language it understands!
you will probably label the first step 'start' and the last step 'end.' It includes only
what you need to carry out the task. It does not include anything unclear, often
called ambiguous in computer lingo, that someone reading it might wonder
about.
Algorithm can be defined as "A sequence of steps to
be carried out for a required output from a certain
given input".
There are 3 main features of algorithm from its
definition:
1- The essential aim of an algorithm is to get a
specific output,
2- An algorithm involves with several continuous
steps,
3- The output comes after the algorithm finished the
whole process.
HTTP vs HTTPS
HTTP and HTTPS are the two protocols used to transmit data across
the internet and between websites.
HTTP stands for Hypertext Transfer Protocol, while the addition of the
'S' in HTTPS means it's a secure connection.
Although it isn't a security provision in its own right, it indicates that
the transmission of data happens securely using a Secure Socket Layer
(SSL) (also known as a security certificate) so anything sent over the
network is done so securely.
Both HTTP and HTTPS ensure that the data presented to the end user
is secured. But data could be intercepted by the hackers