Electronic Payment Systems

1
Electronic Payment Systems

• Money deposited and managed electronically by
  online brokerage managing assets firms worth more
  that 900 billions this number will be more than
  3 trillion by 2003
• Dell computer sells over 10 millions of goods
  per day Americans are spending over 42 billion
  in 2002 and 183 millions people are expected to
  shop online by 2003
• The cost of billing one person by conventional
  methods varies between 1 and 1.50 billing
  through the Internet is estimated to cost 50
  cents per bill
• Online merchant might accept a credit or charge
  card, debit card, ATM card, certified check,
  money order, or COD as payment for purchases

2
Using Scrip for Online Purchase

• Scrip, also known as server scrip, is a form of
  electronic cash stored on a computer and that was
  obtained by depositing money at a scrip vendors
  server it is the equivalent of a paper gift
  certificate
• Flooz is a scrip server that allows payment of
  purchases either by the purchaser or another
  person can use the scrip
• Beenz is a brand of scrip that is marketed as a
  loyalty reward program for Internet consumers
• Both programs ceased operation during 2001
• The demise of alternative currency plays like
  Beenz and Flooz comes as the big credit card
  companies like Visa and American Express continue
  to tinker with their security platforms to offer
  payment methods to online shoppers.

3
Using Electronic Checks for Online Purchases

• An electronic check is the digital equivalent of
  a conventional check
• Electronic checks fulfill the same function as
  paper checks, but they are used on the Internet
  transactions
• Automated Clearing House (ACH) Network is where
  checks are credited to merchant accounts and
  deducted from the checking accounts
• Micropayment is a payment of less that one dollar
  that can be used to purchase a single track of
  music on an album, a newspaper, or a complicated
  literature search

4
Using Credit Cards for Online Purchases

• A consumer is protected by an automatic 30-day
  period in which the consumer can dispute an
  online credit card purchase
• A credit card has a present spending limit based
  on the users credit limit
• A charge card carries no present spending limit,
  and the entire amount charged to the card is due
  at the end of the month

5
Advantages and Disadvantages of Credit Cards

• Advantages
• Merchants obtain fraud protection
• Consumers obtain limits on liability from fraud
  (50 limit given by the Consumer Credit
  Protection Act)
• Consumers get worldwide acceptance
• Disadvantages
• Merchants are charged fees per transactions and
  monthly processing
• Consumers pay interest on balance due and year
  processing fee

6
Requirements of digital encryption

• Value of the payment
• Distribution
• Confidence
• Anonymity
• Security
• Scalability
• Recovery

• Availability
• Avoidance of the Double-Spending problem
• Exchange rates
• Integration
• System independence

7
Concepts of digital encryption

• Digital encryption
• Digital signatures
• Digital certificates

8
Digital encryption

• Symmetric encryption
• AES
• DES
• 3DES

9
Asymmetric (public key) encryption

• RSA

10
Hybrid cryptosystems

• PGP

11
Digital signatures

• Authentication of messages
• Use public key encryption (eg. RSA)
• Hash-output (MD5, SHA) encryption

12
Digital Certificates

• Cipher key management
• A certificate consists of
• a public key
• Certificate info
• One or more digital signatures
• Certificate Authorities
• Kerberos

13
Secure Transmission protocols (I)

• SSL and TLS
• Client-server negotiation of algorithmsand
  validity checks
• Verification of servers identity
• Hash functions at the end of the key exchange
  process
• Integrity check of each packet

14
Secure Transmission protocols (II)

• S-HTTP
• Encryption, digital certificate or both
• Both the server and the client authenticated

15
First Virtual

• Glenn Fleishman 1994, First Virtual Holdings
  Inc.
• An infohouse with information sold, with a
  fragment of it presented to the customer before
• Customers account established offline
• 29 c per transaction 2 of total transaction
  value

16
First Virtual - security

• No credit card no. passed through internet
• Requires only PIN of First Virtual Account
• Customers and merchants wouldnt have to worry
  about Pretty Good Privacy keys, secure http,
  Secure Sockets Layer, or any other cryptographic
  hoo-ha.
• No usage of encryption actions (no transfer of
  personal data)
• Customer must confirm willingness to complete the
  transaction via e-mail

17
(No Transcript)
18
First Virtual - conditions

• E-mail account
• First Virtual Account
• Valid Visa or MasterCard credit card

19
eCash

• DigiCash - early 90s
• One of most commonly used systems nowadays
• Check, credit card, money order

20
eCash - characteristics

• used by banks - partners with DigiCash ,provide a
  special eCash-account for their clients
• payment via eCash with electronic coins obtained
  by transferring a certain amount of money from
  their real bank accounts
• user of eCash system needs to have special
  software (eCash- Wallet) installed on his/her PC,
  - reminds whenever the account is empty or needs
  to be refilled with change

21
eCash - chracteristics

• Blind Signatures to provide personal privacy and
  security of the electronic payment
• Blind Signatures are a cryptographic invention of
  David Chaum which - used to validate the
  electronic cash without revealing the payers
  identity

22
eCash - encryptions

• asymmetric encryption 768 Bit RSA and TripleDES
• Hash- function SHA -1

23
(No Transcript)
24
CyberCash

• Scheme combining features of cash and checks
• Enables payment options as credit card, micro
  payment and check payment
• 1994 Melton, Lynch, Crocker, Yessl, Wilson
• Purchased lately by VeriSign Co.
• Requires CyberCash Client Software

25
CyberCash - payment

• 4 parties customer, bank/credit card
  institution, retailer, CyberCash
• Customer electronic Wallet
• 1st usage following data
• name of the Wallet
• postal address
• e-mail address
• barcode
• credit card/bank account data
• password

26
CyberCash - Security

• Account secured with password, barcode
  authentification
• CyberCash Payment Gateway Server (core of the
  transaction process)

27
CyberCash - encryption

• DES ( Data Encryption Standard) with a 56 bit key
  ( in this case - the session key)
• Session key is unique for each transaction
• Session key is encrypted with RSA (asymmetric
  encryption) with usage of 1024 bit key
• The MD5 hash total is marked with RSA private
  key

28
CyberCash - encryption

• The CyberCash Gateway decodes the data of the
  client with RSA public key and verifies them
• there is no exchange of keys between the Wallet
  and CyberCash Gateway during the session
• the sensitive data exchange between customer and
  retailer is protected with transaction key (DES -
  key). The data can not be decoded by the retailer
  gets the order data WESTLB.

29
Millicent

• Micro payment system
• Sums ranging from 0.1 cent to 5
• Broker bank, internet provider etc
• Scrip credit item used for regulating payments

30
Millicent - transaction