Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet payment systems

Similar presentations

Presentation on theme: "Internet payment systems"— Presentation transcript:

1 Internet payment systems
Varna Free University E-BUSINESS Internet payment systems Prof. Teodora Bakardjieva

2 Outline Introduction Issues related Security Outstanding protocols
Mechanisms Advantages and disadvantages Conclusion 27 Sept. 99

3 Introduction In the past year, the number of users reachable through Internet has increased dramatically Potential to establish a new kind of open marketplace for goods and services 27 Sept. 99

4 Introduction (cont) Online shops in Internet
Bookshop ( Flight Resevation and Hotel Reservation shopping place, etc. An effective payment mechanism is needed 27 Sept. 99

5 Issues related Security Performance Reliability Efficiency Bandwidth
Anonymity (mainly in electronic coins) 27 Sept. 99

6 Security Internet is not a secure place There are attacks from:
eavesdropping masquerading message tampering replay 27 Sept. 99

7 How to solve? RSA public key cryptography is widely used for authentication and encryption in the computer industry Using public/private (asymmetric) key pair or symmetric session key to prevent eavesdropping 27 Sept. 99

8 How to solve? (cont) Using message digest to prevent message tampering
Using nonce to prevent replay Using digital certificate to prevent masquerading 27 Sept. 99




12 Outstanding protocols
Credit card based Secure Electronic Transaction (SET) Secure Socket Layer (SSL) Electronic coins DigiCash NetCash 27 Sept. 99

13 Credit-card based systems
Parties involved: cardholder, merchant, issuer, acquirer and payment gateway Transfer user's credit-card number to merchant via insecure network A trusted third party to authenticate the public key 27 Sept. 99

14 Secure Electronic Transaction (SET)
Developed by VISA and MasterCard To facilitate secure payment card transactions over the Internet Digital Certificates create a trust chain throughout the transaction, verifying cardholder and merchant validity It is the most secure payment protocol 27 Sept. 99

15 Framework Financial Network Non-SET Non-SET Card Issuer
Payment Gateway SET SET Card Holder Merchant 27 Sept. 99

16 Payment processes The messages needed to perform a complete purchase transaction usually include: Initialization (PInitReq/PInitRes) Purchase order (PReq/PRes) Authorization (AuthReq/AuthRes) Capture of payment (CapReq/CapRes) 27 Sept. 99

17 Typical SET Purchase Trans.
CardHolder Merchant Payment Gateway PInitReq PInitRes PReq AuthReq AuthRes PRes CapReq CapRes

18 Initialization PInitReq: {BrandID, LID_C, Chall_C} Cardholder Merchant
PInitRes: {TransID, Date, Chall_C, Chall_M}SigM, CA, CM 27 Sept. 99

19 Purchase order PReq: {OI, PI} Cardholder Merchant
Pres: {TransID, [Results], Chall_C}SigM 27 Sept. 99

20 Authorization {{AuthReq}SigM}PKA Merchant Acquirer Issuer
Existing Financial Network {{AuthRes}SigA}PKM 27 Sept. 99

21 Capture of payment CapReq CapToken CapToken Clearing Merchant Acquirer
Issuer Existing Financial Network {{CapRes}SigA}PKM 27 Sept. 99

22 Advantages It is secure enough to protect user's credit-card numbers and personal information from attacks hardware independent world-wide usage 27 Sept. 99

23 Disadvantages User must have credit card
No transfer of funds between users It is not cost-effective when the payment is small None of anonymity and it is traceable 27 Sept. 99

24 Electronic cash/coins
Parties involved: client, merchant and bank Client must have an account in the bank Less security and encryption Suitable for small payment, but not for large payment 27 Sept. 99

25 DigiCash (E-cash) A fully anonymous electronic cash system
Using blind signature technique Parties involved: bank, buyer and merchant Using RSA public-key cryptography Special client and merchant software are needed 27 Sept. 99

26 Withdrawing Ecash coins
User's cyberwallet software calculates how many digital coins are needed to withdraw the requested amount software then generates random serial numbers for those coins the serial numbers are blinded by multiplying it by a random factor 27 Sept. 99

27 Withdrawing Ecash coins (cont)
Blinded coins are packaged into a message, digitally signed with user's private key, encrypted with the bank's public key, then sent to the bank When the bank receives the message, it checks the signature After signing the blind coins, the bank returns them to the user 27 Sept. 99

28 Spending Ecash 27 Sept. 99

29 Advantages Cost-effective for small payment
User can transfer his electronic coins to other user No need to apply credit card Anonymous feature Hardware independent 27 Sept. 99

30 Disadvantages It is not suitable for large payment because of lower security Client must use wallet software in order to store the withdrawn coins from the bank A large database to store used serial numbers to prevent double spending 27 Sept. 99

31 Comparisons SET Ecash use credit card use e-coins 5 parties involved
no anonymous large and small payment Ecash use e-coins 3 parties involved anonymous nature a large database is needed to log used serial numbers small payment 27 Sept. 99

32 Conclusions An effective, secure and reliable Internet payment system is needed Depending on the payment amount, different level of security is used SET protocol is an outstanding payment protocol for secure electronic commerce 27 Sept. 99

Download ppt "Internet payment systems"

Similar presentations

Ads by Google