SCS B315

Ecommerce
PART 5
ELECTRONIC PAYMENT SYSTEMS
Electronic Payment Systems
 Outline
• Types of money
– Fiduciary v. scriptural
– Token v. notational
• Types of payment systems
• Cash
• Credit cards
– SSL (TLS) protocol
• Intermediaries
– PayPal
• Smart cards
• Electronic Bill Presentment
 Types of Money:
Fiduciary vs. Scriptural
• Fiduciary money (fiat money, legal tender)
– Issued by a central (government) bank
– Has real “discharging power” (to discharge debts)
– Cannot be refused
• Scriptural money (not legal tender)
– Money not issued by central bank
– Examples: bank accounts, travelers checks, gift certificates,
scrips (a sub or alt to legal tender that entitles the bearer to
receive sth in return)
– Discharging power based on trust in issuer
– Can be refused
 Types of Money:
Token vs. Notational
• Token money (value represented by physical article)
– Represented by a physical article (e.g. cash, gift certificate,
traveler’s check)
– Can be lost
• Notational money (value held in account balance)
– Examples: bank accounts, frequent flyer miles
– Transferred by order
– Requires clearance (determining net effect of multiple orders)
– Requires settlement (payment in fiduciary money)
• Hybrid money
– Check, telephone card (carries promise of future service)
 Cash Transaction
-2. CENTRAL BANK ISSUES CENTRAL
FIDUCIARY MONEY 4. SELLER’S BANK
(ANTI-FORGERY) + BANK SENDS CASH TO
(SERIAL NUMBERS) CENTRAL BANK 3. SELLER’S BANK
CREDITS SELLER’S
BANK ACCOUNT

-1. CENTRAL BANK SELLS BUYER’S SELLER’S

CASH TO BUYER’S BANK
BANK BANK
2. SELLER DEPOSITS
CASH IN SELLER’S
BANK ACCOUNT
THE VISIBLE TRANSACTION
0. BUYER’S BANK ALLOWS
BUYER TO DRAW CASH BUYER SELLER
FROM BUYER’S ACCOUNT
1. BUYER PHYSICALLY
GIVES CASH TO SELLER
 Ecommerce Payment Ranges
M
Macro
$
Micro
5
i01
n.0
i0
1.
01
10

SOURCE: COMPAQ CORP.

8

Requirements for e-payments

• Atomicity
– Money is not lost or created during a transfer
• Good atomicity
– Money and good are exchanged atomically
• Non-repudiation
– No party can deny its role in the transaction
– Digital signatures
9

Desirable Properties of Digital Money

• Universally accepted
• Transferable electronically
• Divisible
• Non-forgeable, non-stealable
• Private (no one except parties know the amount)
• Anonymous (no one can identify the payer)
• Work off-line (no on-line verification needed)

No known system satisfies all.

EMTM 553
2/16/00
 Types of Payment Systems
• Ecash
• Electronic wallets
• Credit card
– SSL, SET protocols
• Payment orders, direct transfers, checks
– Automated Clearing House (ACH)
• Online Banking
– Wingspan
• Intermediaries
– PayPal
• Stored-Value Cards, Smart Cards, Wallets
– Mondex
– Octopus
 Types of Payment Systems

• Micropayment (usually below $0.10)

– Millicent
• Aggregation
– Centralized account for merchants + customers (Qpass)
• Digital Scrip
– Flooz, Beenz (both now bankrupt)
• Electronic Cash
– eCash
1
2

Electronic Cash

• Primary advantage is with purchase of items

less than $10
– Credit card transaction fees make small
purchases unprofitable
– Micropayments
• Payments for items costing less than $1
1
3

E-cash Concept
Merchant
1. Consumer buys e-cash from Bank
2. Bank sends e-cash bits to consumer (after
5 charging that amount plus fee)
3. Consumer sends e-cash to merchant
4
4. Merchant checks with Bank that e-cash
Bank 3 is valid (check for forgery or fraud)
5. Bank verifies that e-cash is valid
6. Parties complete transaction: e.g., merchant
2 present e-cash to issuing back for deposit
1 once goods or services are delivered

Consumer still has (invalid) e-cash

Consumer
1
4

Electronic Cash Issues

• E-cash must allow spending only once
• Must be anonymous, just like regular currency
– Safeguards must be in place to prevent counterfeiting
– Must be independent and freely transferable regardless
of nationality or storage mechanism
• Divisibility and Convenience
• Complex transaction (checking with Bank)
– Atomicity problem
1
5

Two storage methods

• On-line
– Individual does not have possession personally of
electronic cash
– Trusted third party, e.g. online bank, holds customers’
cash accounts
• Off-line
– Customer holds cash on smart card or software wallet
– Fraud and double spending require tamper-proof
encryption
1
6

Advantages and Disadvantages of

Electronic Cash
• Advantages
– More efficient, eventually meaning lower prices
– Lower transaction costs
– Anybody can use it, unlike credit cards, and does
not require special authorization
• Disadvantages
– Tax trail non-existent, like regular cash
– Money laundering
– Susceptible to forgery
1
7

Electronic Cash Security

• Complex cryptographic algorithms prevent double

spending
– Anonymity is preserved unless double spending is
attempted
• Serial numbers can allow tracing to prevent money
laundering
– Does not prevent double spending, since the merchant or
consumer could be at fault
1
8

Past and Present E-cash Systems

• E-cash not popular in U.S., but successful in

Europe and Japan
– Reasons for lack of U.S. success not clear
• Manner of implementation too complicated
• Lack of standards and interoperable software that will run
easily on a variety of hardware and software systems
1
9

Past and Present E-cash Systems

• Checkfree
– Allows payment with online electronic checks
• Clickshare
– Designed for magazine and newspaper publishers
– Miscast as a micropayment only system; only one
of its features
– Purchases are billed to a user’s ISP, who in turn
bill the customer
2
0

Past and Present E-cash Systems

• CyberCash
– Combines features from cash and checks
– Offers credit card, micropayment, and check payment services
– Connects merchants directly with credit card processors to provide
authorizations for transactions in real time
• No delays in processing prevent insufficient e-cash to pay for
the transaction
• CyberCoins
– Stored in CyberCash wallet, a software storage mechanism located
on customer’s computer
– Used to make purchases between .25c and $10
– PayNow -- payments made directly from checking accounts
2
1

Past and Present E-cash Systems

• DigiCash
– Trailblazer in e-cash
– Allowed customers to purchase goods and services using anonymous
electronic cash
– Recently entered Chapter 11 reorganization
• Coin.Net
– Electronic tokens stored on a customer’s computer is used to make
purchases
– Works by installing special plug-in to a customer’s web browser
– Merchants do not need special software to accept eCoins.
– eCoin server prevents double-spending and traces transactions, but
consumer is anonymous to merchant
2
2

Past and Present E-cash Systems

• MilliCent
– Developed by Digital, now part of Compaq (which was bought by
HP)
– Electronic scrip system
– Participating merchant creates and sells own scrip to broker at a
discount
• Consumers register with broker and buy bulk generic scrip,
usually with credit card
• Customers buy by converting broker scrip to vendor-specific
scrip, i.e. scrip that a particular merchant will accept
– Customers can purchase items of very low value
– Brokers required for two reasons:
• Small payments require aggregation to insure profitability
• System is easier to use -- customer need only deal with one
broker for all their scrip needs
2
3

Electronic Wallets

• Stores credit card, electronic cash, owner

identification and address
– Makes shopping easier and more efficient
• Eliminates need to repeatedly enter identifying information
into forms to purchase
• Works in many different stores to speed checkout
– Amazon.com one of the first online merchants to
eliminate repeat form-filling for purchases
2
4

Electronic Wallets
• Agile Wallet
– Developed by CyberCash
– Allows customers to enter credit card and identifying information
once, stored on a central server
– Information pops up in supported merchants’ payment pages,
allowing one-click payment
– Does not support smart cards or CyberCash, but company expects to
soon
• eWallet
– Developed by Launchpad Technologies
– Free wallet software that stores credit card and personal information
on users’ computer, not on a central server; info is dragged into
payment form from eWallet
– Information is encrypted and password protected
– Works with Netscape (now known as Firefox) and Internet Explorer
2
5

Electronic Wallets

• Microsoft Wallet
– Comes pre-installed in Internet Explorer 4.0, but
not in Netscape
– All information is encrypted and password protected
– Microsoft Wallet Merchant directory shows merchants
setup to accept Microsoft Wallet
 Credit Cards
• The most expensive ePayment mechanism
• MasterCard: $0.29 + 2% of transaction value
• A $100 charge costs the merchant $2.29
• Currently the most convenient method
• Advantage: allows credit
• People can buy more than they can afford
• Disadvantages:
– doesn’t work for small amounts (too expensive)
– doesn’t work for large amounts (too expensive)
Parties to a Credit Card Transaction
CARD,
TELEPHONE,
INTERNET
BUYER SELLER

DIALUP OR
U.S. MAIL! LEASED LINE

BUYER’S SELLER’S
BANK BANK

CARD
ASSOCIATION
PROPRIETARY NETWORK
C
S
o
lp
y
ir
d
i
g
eh How an Online Credit Card
6©
t
Transaction Works
-
2
20
80 • Processed in much the same way that in-
4
store purchases are
P
e
a
• Major difference is that online merchants do
r
s not see or take impression of card, and no
o
n signature is available (CNP transactions)
E
d • Participants include consumer, merchant,
u
c
a
clearinghouse, merchant bank (acquiring
t
i bank) and consumer’s card issuing bank
o
n
,

I
C
S
o
lp
y
ir
d
i
g
eh
t
How an Online Credit Transaction Works
6©
- Figure 6.4,
2 Page 317
20
90
4

P
e
a
r
s
o
n

E
d
u
c
a
t
i
o
n
,

I
C
S
o
lp
y
ir
d
i
g
eh
Limitations of Online Credit Card
6©
t
Payment Systems
-
2
30 • Security – neither merchant nor consumer
00
4 can be fully authenticated
P
e
• Cost – for merchants, around 3.5% of
a
r
purchase price plus transaction fee of 20-30
s
o
cents per transaction
• Social equity – many people do not have
n

E
d
u
access to credit cards (young adults, plus
c
a
almost 100 million other adult Americans who
t
i
cannot afford cards or are considered poor
o
n
risk)
,

I
 PayPal
• Pay anyone, anywhere via email
• Draws funds from user’s bank account, places credit
hold on credit card for guarantee
• 16 million users
– Bank of America has 3.3. million
• Accounts insured up to $100,000
• Based on automated clearinghouse
• Withdraw funds anytime, or send to someone else
• Mobile payments (WAP)
 PayPal
1. A PAYS X VIA 6. PAYPAL NOTIFIES
PAYPAL (A HAS X OF PAYMENT. X
ENOUGH IN PAYPAL CHOOSES PAYMENT
ACCOUNT) METHOD
ACCOUNT INTERNET
PAYPAL EMAIL
ACCOUNT
HOLDER A HOLDER X
ACCOUNT A
... 5. PAYPAL CREDITS
ACCOUNT X’S PAYPAL ACCOUNT
ACCOUNT X
HOLDER A’S 2. OR: PAYPAL
CHARGES X’S
CREDIT CARD CREDIT CARD

3. OR: PAYPAL
INITIATES ACH
DEBIT
ACCOUNT 7. OR: PAYPAL ACCOUNT
ACH INITIATES
HOLDER A’S HOLDER X’S
PROCESSOR ACH CREDIT
BANK BANK

4. FUNDS ARE PAYPAL’S

8. OR: PAYPAL MAILS CHECK TO X
DEPOSITED IN BANK
PAYPAL’S BANK
 Smart Cards
• Magnetic stripe
– 140 bytes, cost $0.20-0.75
• Memory cards
– 1-4 KB memory, no processor, cost $1.00-2.50
• Optical memory cards
– 4 megabytes read-only (CD-like), cost $7.00-12.00
• Microprocessor cards
– Imbedded microprocessor
• (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM
• Equivalent power to IBM XT PC, cost $7.00-15.00
• 32-bit processors now available
– Intelligent, active devices with defenses
3
4

Smart Cards

• Types of Smart Cards

contact card
A smart card containing a small gold plate on the
face that when inserted in a smart card reader
makes contact and passes data to and from the
embedded microchip
3
5

Smart Cards

• Types of Smart Cards

contactless (proximity) card

A smart card with an embedded antenna, by
means of which data and applications are
passed to and from a card reader unit or other
device without contact between the card and the
card reader
3
6

Smart Cards

smart card reader

Activates and reads the contents of the chip on a
smart card, usually passing the information on to
a host system

smart card operating system

Special system that handles file management,
security, input/output (I/O), and command
execution and provides an application
programming interface (API) for a smart card
 Smart Card Applications
• Ticketless travel: Seoul bus system
– 4M cards, 1B transactions since 1996
• Authentication, ID
• Medical records
• Ecash
• Store loyalty programs
• Personal profiles
• Government
– Licenses
• Mall parking
...
3
8

Advantages and Disadvantages of

Smart Cards
• Advantages:
1. Atomic, debt-free transactions
2. Feasible for very small transactions (information commerce)
3. (Potentially) anonymous
4. Security of physical storage
5. (Potentially) currency-neutral
• Disadvantages:
1. Low maximum transaction limit (not suitable for B2B or most B2C)
2. High Infrastructure costs (not suitable for C2C)
3. Single physical point of failure (the card)
4. Not (yet) widely used
 Mondex

• Smart-card-based, stored-value card (SVC)

• Subsidiary of MasterCard (disabled in 2008 and
replaced by Mastercard cash, a contactless system)
• NatWest (National Westminister Bank, UK) et al.
• Secret chip-to-chip transfer protocol
• Value is not in strings alone; must be on Mondex card
• Loaded through ATM
– ATM does not know transfer protocol; connects
with secure device at bank
• Spending at merchants having a Mondex value
transfer terminal
4
0

Mondex Smart Card Processing

4
1

Mondex Smart Card

• Disadvantages
– Card carries real cash in electronic form, creating the possibility of
theft
– No deferred payment as with credit cards -cash is dispensed
immediately
• Security
– Active and dormant security software
• Security methods constantly changing
• ITSEC E6 level (military)
– VTP (Value Transfer Protocol)
• Globally unique card numbers
• Globally unique transaction numbers
• Challenge-response user identification
• Digital signatures
– MULTOS operating system
• firewalls on the chip
 Mondex Overview

SOURCES: OKI, MONDEX USA

 Mondex Components (Hitachi)

Cashless ATM PCMCIA Reader/Writer Electronic Cash Register

Electronic Key Fob

Wallet Balance
Reader

SOURCE: HITACHI
 Octopus

SONY RC-S833
CONTACTLESS SMART CARD
SONY READER/WRITER

I/O SPEED: 211 Kbps

SOURCE: SONY
 Financial Aggregation
• Idea: allow access to all assets through a single portal
• Citigroup
• Electronic bill presentment payment systems (EBPP)
– CheckFree demo, EIPP
– Paytrust
• Mobile
– Vodaphone demo
4
6

Electronic Bill Presentment and Payment

electronic bill presentment and payment

(EBPP)
Presenting and enabling payment of a bill
online. Usually refers to a B2C transaction
4
7

Electronic Bill Presentment and Payment

• Types of E-Billing
– Online banking
– Biller direct
– Bill consolidator
4
8

Electronic Bill Presentment and

Payment
• Advantages of E-Billing
– Reduction in expenses related to billing and
processing payments
– Electronic advertising inserts can be customized
to the individual customer
– Reduces customer’s expenses
4
9

Exhibit 12.5 E-Billing Process for

Single Biller
Electronic Billing Presentment Payment (EBPP)
Participants

PERSONAL FINANCE SYSTEM,

DATA PARSING
AGGREGATOR,
BILL FORMATTING
BANK
BILLER HOSTING

DATA FLOW 

BILL
INFO

PAYMENT
ORDERS

 MONEY FLOW

PAYMENT AND REMITTANCE

PROCESSING SOURCE: EBILLING.ORG
 Key Takeaways
• epayment security accomplished with PKI (see figure
in slide 52; source:
https://www.thesslstore.com/blog/how-pki-works/)
• PayPal is the fastest-growing technology in history
• Rising use of smart cards
– Face-to-face minipayments
• Little movement toward electronic cash
• Online banking retains customers
• Electronic bill presentment/payment add value
• Profound changes in money flow are afoot