Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.

Similar presentations

Presentation on theme: "Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva."— Presentation transcript:

1 Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva

2 27 Sept. 992 Outline Introduction Issues related Security Outstanding protocols Mechanisms Advantages and disadvantages Conclusion

3 27 Sept. 993 Introduction In the past year, the number of users reachable through Internet has increased dramatically Potential to establish a new kind of open marketplace for goods and services

4 27 Sept. 994 Introduction (cont) Online shops in Internet –Bookshop ( –Flight Resevation and Hotel Reservation shopping place, etc. An effective payment mechanism is needed

5 27 Sept. 995 Issues related Security Performance Reliability Efficiency Bandwidth Anonymity (mainly in electronic coins)

6 27 Sept. 996 Security Internet is not a secure place There are attacks from: –eavesdropping –masquerading –message tampering –replay

7 27 Sept. 997 How to solve? RSA public key cryptography is widely used for authentication and encryption in the computer industry Using public/private (asymmetric) key pair or symmetric session key to prevent eavesdropping

8 27 Sept. 998 How to solve? (cont) Using message digest to prevent message tampering Using nonce to prevent replay Using digital certificate to prevent masquerading




12 27 Sept Outstanding protocols Credit card based –Secure Electronic Transaction (SET) –Secure Socket Layer (SSL) Electronic coins –DigiCash –NetCash

13 27 Sept Credit-card based systems Parties involved: cardholder, merchant, issuer, acquirer and payment gateway Transfer user's credit-card number to merchant via insecure network A trusted third party to authenticate the public key

14 27 Sept Secure Electronic Transaction (SET) Developed by VISA and MasterCard To facilitate secure payment card transactions over the Internet Digital Certificates create a trust chain throughout the transaction, verifying cardholder and merchant validity It is the most secure payment protocol

15 27 Sept Framework Financial Network Card Issuer Payment Gateway Card Holder Merchant SET Non-SET

16 27 Sept Payment processes The messages needed to perform a complete purchase transaction usually include: –Initialization (PInitReq/PInitRes) –Purchase order (PReq/PRes) –Authorization (AuthReq/AuthRes) –Capture of payment (CapReq/CapRes)

17 Typical SET Purchase Trans. Payment GatewayMerchantCardHolder PInitReq PInitRes PReq PRes AuthReq AuthRes CapReq CapRes

18 27 Sept Initialization Cardholder Merchant PInitReq: {BrandID, LID_C, Chall_C} PInitRes: {TransID, Date, Chall_C, Chall_M}Sig M, C A, C M

19 27 Sept Purchase order Cardholder Merchant PReq: {OI, PI} Pres: {TransID, [Results], Chall_C}Sig M

20 27 Sept Authorization Merchant Acquirer Issuer {{AuthReq}Sig M }PK A {{AuthRes}Sig A }PK M Existing Financial Network

21 27 Sept Capture of payment Merchant Acquirer Issuer {{CapRes}Sig A }PK M Existing Financial Network Clearing CapReq CapToken

22 27 Sept Advantages It is secure enough to protect user's credit-card numbers and personal information from attacks hardware independent world-wide usage

23 27 Sept Disadvantages User must have credit card No transfer of funds between users It is not cost-effective when the payment is small None of anonymity and it is traceable

24 27 Sept Electronic cash/coins Parties involved: client, merchant and bank Client must have an account in the bank Less security and encryption Suitable for small payment, but not for large payment

25 27 Sept DigiCash (E-cash) A fully anonymous electronic cash system Using blind signature technique Parties involved: bank, buyer and merchant Using RSA public-key cryptography Special client and merchant software are needed

26 27 Sept Withdrawing Ecash coins User's cyberwallet software calculates how many digital coins are needed to withdraw the requested amount software then generates random serial numbers for those coins the serial numbers are blinded by multiplying it by a random factor

27 27 Sept Withdrawing Ecash coins (cont) Blinded coins are packaged into a message, digitally signed with user's private key, encrypted with the bank's public key, then sent to the bank When the bank receives the message, it checks the signature After signing the blind coins, the bank returns them to the user

28 27 Sept Spending Ecash

29 27 Sept Advantages Cost-effective for small payment User can transfer his electronic coins to other user No need to apply credit card Anonymous feature Hardware independent

30 27 Sept Disadvantages It is not suitable for large payment because of lower security Client must use wallet software in order to store the withdrawn coins from the bank A large database to store used serial numbers to prevent double spending

31 27 Sept Comparisons SET –use credit card –5 parties involved –no anonymous –large and small payment Ecash –use e-coins –3 parties involved –anonymous nature –a large database is needed to log used serial numbers –small payment

32 27 Sept Conclusions An effective, secure and reliable Internet payment system is needed Depending on the payment amount, different level of security is used SET protocol is an outstanding payment protocol for secure electronic commerce

Download ppt "Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva."

Similar presentations

Ads by Google