1. Prentice Hall, 2002 Chapter 14 Electronic Payment Systems notes based on Laudon & Laudon modified for class by J. Molka-Danielsen 15.03.02 1

2. 2 Prentice Hall, 2002 Learning Objectives securing an e-payment the players/processes using credit cards online purchase cards smart cards alternatives to credit card payments e-checks e-billing

3. 3 Prentice Hall, 2002 LensDoc: Credit Card Dilemma LensDoc—online retailer of: Contact lenses Sun and magnifying glasses Dental care and personal care products Customers pay by credit card (90% of all online purchases in the U.S.) Easy to purchase Easy to purchase fraudulently Contact lenses cannot be returned once used, but unsatisfied customers want their money back

4. 4 Prentice Hall, 2002 LensDoc: Credit Card Dilemma (cont.) Solutions: Process credit card purchases by hand Require: Home address Shipping address Investigating alternative methods of payment Cash cards Special card-swiping peripherals Credit card processing services Currently disadvantages outweigh advantages of any of these alternatives

5. 5 Prentice Hall, 2002 Figure 14-1 LensDoc Payment Source: Used with the permission of LensDoc, Inc.

6. 6 Prentice Hall, 2002 Electronic Payments: An Overview E-payment methods Credit cards Electronic funds transfer (EFT) E-payments Smart cards Digital cash and script Digital checks E-billing All have the ability to transfer payment from one person or party to another

7. 7 Prentice Hall, 2002 Electronic Payments: An Overview (cont.) Four parts involved in e-payments Issuer Customer/payer/buyer Merchant/payee/seller Regulator Key issue of trust must be addressed Privacy Authentication and authorization Integrity Nonrepudiation

8. 8 Prentice Hall, 2002 Electronic Payments: An Overview (cont.) Independence Interoperability and portability Security Anonymity Divisibility Ease of use Transaction fees Crucial factors in acceptance

9. 9 Prentice Hall, 2002 Security for E-Payments Public key infrastructure PlaintextEncryption algorithm CiphertextKey Types of encryption systems Symmetric (private key) Used to encrypt and decrypt plain text Shared by sender and receiver of text Asymmetric (public key) Uses a pair of keys Public key to encrypt the message Private key to decrypt the message

10. 10 Prentice Hall, 2002 Figure 14-2 Private Key Encryption

11. 11 Prentice Hall, 2002 Public Key Encryption Size of key RSA algorithm Speed of Key Rijndael algorithm

12. 12 Prentice Hall, 2002 Digital Signatures: authenticity and nondenial Analogous to handwritten signature Based on public keys Used to: Authenticate the identity of the sender of a message or document Ensure the original content of the electronic message or document is unchanged Security for E-Payments (cont.)

13. 13 Prentice Hall, 2002 Security for E-Payments (cont.) Digital Signatures: authenticity and nondenial (cont.) Benefits : Portable Cannot be easily repudiated or imitated Can be time stamped

14. 14 Prentice Hall, 2002 Figure 14-4 Digital Signatures

15. 15 Prentice Hall, 2002 Security for E-Payments (cont.) Digital certificates Identifying the holder of a public key (Key-Exchange) Issued by a trusted certificate authority (CA) Name : “Richard” key-Exchange Key : Signature Key : Serial # : 29483756 Other Data : 10236283025273 Expires : 6/18/04 Signed : CA’s Signature

16. 16 Prentice Hall, 2002 Security for E-Payments (cont.) Secure socket layer/transport layer security Secure socket layer (SLL)—handle on Web browser, utilizing CAs and data encryption Encryption Digital certificates Digital signatures In 1996 SSL was standardized and named transport layer security (TSL) Operates at TCP/IP layer (base layer for Internet) IPSec—secure version of IP protocol

17. 17 Prentice Hall, 2002 SET Vs. SSL Secure Electronic Transaction (SET) Secure Socket Layer (SSL) ComplexSimple SET—tailored to credit card payment to merchants SSL—protocol for general- purpose secure message exchanges (encryption) SET protocol hides customer’s credit card information from merchants and order information to banks, to protect privacy (dual signature) SSL protocol may use a certificate, but there is no payment gateway. Merchants need to receive ordering information and credit card information (capturing process initiated by merchants)

18. 18 Prentice Hall, 2002 Figure 14-5 InformIT.com Online Bookstore Source: informit.com.

19. 19 Prentice Hall, 2002 Figure 14-6 InformIT.com SSL Encryption Source: informit.com.

20. 20 Prentice Hall, 2002 E-Cards Three common types of payment cards Credit cards—provides holder with credit to make purchases up to a limit fixed by the card issuer Charge cards—balance on a charge card is supposed to be paid in full upon receipt of monthly statement Debit card—cost of a purchase drawn directly from holder’s checking account (demand- deposit account)

21. 21 Prentice Hall, 2002 E-Cards (cont.) The Players Cardholder Merchant (seller) Issuer (your bank) Acquirer (merchant’s financial institution, acquires the sales slips) Card association (VISA, MasterCard) Third-party processors (outsourcers performing same duties formerly provided by issuers, etc.)

22. 22 Prentice Hall, 2002 Figure 14-7 Online Credit Card Processing Source: The E-Commerce Book: Building the E-Empire by S. Korper and J. Ellis, copyright © 2000 by Academic Press, reproduced by permission of the publisher.

23. 23 Prentice Hall, 2002 E-Cards (cont.) E-wallets One-click shopping—saving your order information on retailer’s Web server Name Shipping address Billing address Credit card information E-wallet—software downloaded to cardholder’s desktop that stores same information and allows one-click-like shopping

24. 24 Prentice Hall, 2002 E-Cards (cont.) Other security risks with credit cards Stolen cards Reneging by the customer—authorizes a payment and later denies it Theft of card details stored on merchant’s computer—isolate computer storing information so it cannot be accessed directly from the Web Overcoming risks with virtual credit cards

25. 25 Prentice Hall, 2002 E-Cards (cont.) Purchase cards Instrument of choice for B2B purchasing Special-purpose, non-revolving payment cards issued to employees solely for purchasing and paying for nonstrategic materials and services

26. 26 Prentice Hall, 2002 E-Cards (cont.) Purchase cards—operate like other credit cards Cardholder of corporation places an order for goods or services Supplier processes transaction with authorization of card issuer Issuer verifies purchase authorization

27. 27 Prentice Hall, 2002 E-Cards (cont.) Benefits of purchasing cards Cost savings Productivity gains Bill consolidation Payment reconciliation Preferred pricing Management reports

28. 28 Prentice Hall, 2002 E-Cards (cont.) Smart Cards Integrated circuit (IC) microprocessor cards— includes IC chips with programmable functions that make cards “smart” Integrated circuit (IC) memory cards—no processor Suitable for uses where card performs fixed operation Disposable, prepaid (phone cards)

29. 29 Prentice Hall, 2002 E-Cards (cont.) Optical memory cards Stores 4MB of data; once written, data cannot be changed or removed Ideal for keeping records (medical files) Require expensive card readers Categorize smart cards by how they store data Contact card—insert in smart card reader Contactless card—embedded antenna read by another antenna (mass-transit applications)

30. 30 Prentice Hall, 2002 Contactless IC Cards Proximity Card Used to access buildings and pay for buses and other transportation systems Bus, subway and toll card in many cities Amplified Remote Sensing Card Good for a range of up to 100 feet, and can be used for tolling moving vehicles at gates Pay toll without stopping (e.g. Highway 91 in California)

31. 31 Prentice Hall, 2002 Figure 14-8 Smart Card Image Embedded chip Source: Visa.

32. 32 Prentice Hall, 2002 E-Cards (cont.) Smart cards are computer devices and require: Chip with an operating system to run applications Programming language to write applications Multipurpose cards use new operating systems MultOS JavaCard Microsoft windows for smart cards

33. 33 Prentice Hall, 2002 E-Cards (cont.) Important applications of smart card use: Loyalty Financial Information technology Health and social welfare Transportation Identification

34. 34 Prentice Hall, 2002 E-Cash and Payment Card Alternatives E-cash and credit card alternatives (for micropayments—under $10) E-cash (eCoin.net) Identity of user hidden from merchant Easier to use than earlier e-cash systems Requires specialized software Qpass (Qpass.com) Set up Qpass account User name and password What credit card to charge

35. 35 Prentice Hall, 2002 E-Cash and Payment Card Alternatives (cont.) PrivateBuy User establishes account User assigned 16-digit user number (anonymous address) Hides user name and card number from merchant site Relies on credit card system already in place

36. 36 Prentice Hall, 2002 Figure 14-9 PrivateBuy Anonymous Shopping Source: privatebuys.com

37. 37 Prentice Hall, 2002 E-Cash and Payment Card Alternatives (cont.) Stores cash downloaded from bank or credit card account Common uses Disposable vs. reloadable cards Sample cards Visa cash Mondex Electronic purses Lack of interoperable equipment and standards Common Electronic Purse Specification (CEPS)

38. 38 Prentice Hall, 2002 E-Cash and Payment Card Alternatives (cont.) E-loyalty and rewards programs Loyalty programs online Beenz.com Consumer earns beenz by visiting, registering, or purchasing at 300 participating sites Beenz are stored and used for later purchases Partnered with MasterCard to offer rewardzcard—stored-value card used in U.S. and Canada for purchases where MasterCard is accepted Transfer beenz into money to spend on Web, by phone, mail order, physical stores

39. 39 Prentice Hall, 2002 E-Cash and Payment Card Alternatives (cont.) Person-to-person (P2P) payments and gifts Enable transfer of funds between two individuals Repaying money borrowed Paying for an item purchased at online auction Sending money to students at college Sending a gift to a family member

40. 40 Prentice Hall, 2002 E-Checking Electronic checkbook Counterpart of electronic wallet To be integrated with the accounting information system of business buyers and with the payment server of sellers To save the electronic invoice and receipt of payment in the buyers and sellers computers for future retrieval Example : SafeCheck Used mainly in B2B

41. 41 Prentice Hall, 2002 E-Checking (cont.) Current checking system Role of clearinghouses in the check-clearing process Magnetic ink characters (MICR) Costs of the current system

42. 42 Prentice Hall, 2002 Figure 14-12 MICR Check Characters Source: echecksecure.com

43. 43 Prentice Hall, 2002 E-Checking (cont.) Electronic version of paper check Leverage check payment systems Fit within current business practices, eliminate need for process reengineering Work like paper check with fewer manual steps

44. 44 Prentice Hall, 2002 E-Checking (cont.) Designed to meet needs of businesses and consumers (state of the art security systems) Used by all bank customers with checking accounts Enhance existing bank accounts with new EC features

45. 45 Prentice Hall, 2002 E-Checking (cont.) Benefits of e-checking for industry-wide savings Online check collection process Online notices of check returns Truncating paper checks at bank of first deposit Creating new cash management product opportunities

46. 46 Prentice Hall, 2002 E-Checking (cont.) eCheck Secure Third party vendor with software for e-check purchases Aimed at B2C sites

47. 47 Prentice Hall, 2002 E-Billing Customers are either individuals or companies Two common models of e-billing Biller direct—customer receives bill from a single merchant Third-party consolidators—presents bills from multiple merchants

48. 48 Prentice Hall, 2002 Figure 14-15 E-Bill Presentment Source: echecksecure.com

49. 49 Prentice Hall, 2002 Figure 14-16 E-Billing Process for Single Biller Source: ebilling.org.

50. 50 Prentice Hall, 2002 Figure 14-17 E-Billing Processes for Bill Consolidator Source: ebilling.org.