_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1 Wiley and the book authors, 2001 E-Commerce: Fundamentals and Applications Chapter 10 : Internet Payment Systems
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications2 Wiley and the book authors, 2001 Outline Features of payment methods 4 C’s payment methods Credit card payment E-cash E-check Micropayment: Millicent and Paywords Smart card payment
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications3 Wiley and the book authors, 2001 Comparison of the 4C’s Payment Methods CashCredit cardCheckCredit/debit AnonymityYes, in generalNo Overhead costLowest, in generalHigher than cash and credit/debit because of the paper work involved Highest, in general Low DivisibilityNot completely divisible Yes AcceptabilityYes, in general No, in general it can only be used locally SecurityGood TransferabilityYesNo
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications4 Wiley and the book authors, 2001 Credit card payment Most popular payment method Especially for B2C e-commerce 1st generation: No protection, only provide credit card number for processing 2nd generation: SSL for protecting the transfer of credit card information 3rd generation: SET for secure credit card authorization 4th generation: Portable smart cards?
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications5 Wiley and the book authors, 2001 SET: Seven business requirements (according to SET Book 1) Provide confidentiality of payment information Ensure the integrity of all transmitted data Provide cardholder’s authentication Provide merchant’s authentication Ensure the use of the best security practices and system design techniques Create a protocol that is independent on the transport layer protocol Facilitate interoperability (Please read Book 1: Business Description at
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications6 Wiley and the book authors, 2001 Network Architecture of SET System Merchant Certificate authority Payment gateway/ Acquirer Internet Authorization and Capture Existing financial network Authorization and Capture Issuer Cardholder Payment/Inquiry
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications7 Wiley and the book authors, 2001 Digital Certificate System for SET Root CA Brand CA (e.g Visa or Master) Geopolitical CA (e.g. Visa Asia) Merchant CA Cardholder CA Payment gateway CA User level CA
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications8 Wiley and the book authors, 2001 Steps in Generation of a Dual Signature Step 1: Find the message digest of OI and PI Step 2:Concatenate H[OI] and H[PI] and find the message digest Step 3:Encrypt HPIOI with cardholder’s private signature key (using RSA encryption) OIPI H[OI]H[PI] HPIOI = H[H[PI] || H[OI]] Dual Signature Cardholder’s private signature key Reference: W. Stallings, Cryptography and Network Security, Prentice Hall, 1999.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications9 Wiley and the book authors, 2001 Generation of a Digital Envelope Digital Envelope DES Encryption RSA Encryption key random M Encrypted by key random Encrypted by key public_exchange,VBS key random key public_exchange,VBS M
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications10 Wiley and the book authors, 2001 General SET Information Flow (5) Authorization request (6) Authorization response (7) Capture request (2) Purchase initialization response (1) Purchase initialization request (3) Purchase request (4) Purchase response Inquiry request (optional) Inquiry response (optional) Merchant (8) Capture response Cardholder Acquirer (Payment Gateway) Acquirer (Payment Gateway) Acquirer (Payment Gateway)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications11 Wiley and the book authors, 2001 E-check Let’s say the content of a check is C which includes the payment amount and other information. The check is signed by finding the message digest of C and then encrypting it with the payer’s private key. The check together with the digital signature is forwarded to the payee. The payee sends the check to the bank for check clearing through the existing procedures. The bank verifies the digital signature of the check using payer’s public key. Find out more from In particular, please read
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications12 Wiley and the book authors, 2001 Four Different Scenarios of the FSTC E-check System Cash-and-transfer Funds transfer Deposit-and-clear PayerPayee Payer’s bank Payee’s bank Send check Send statement Deposit check Send report Clear check Lockbox PayerPayee Payer’s bank Payee’s bank Send check Transfer funds Cash check Send report Notify result Send statement PayerPayee Payer’s bank Payee’s bank Send check Send report Clear check Send statement Payer Payee Payer’s bank Payee’s bank Send check Send report Transfer funds Send statement
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications13 Wiley and the book authors, 2001 Overview of E-cash What are the two distinctive characteristics for cash? Anonymity and transferability Ecash was developed by DigiCash and is now provided by ecashtechnologies ( Its founder David Chaum is a well known expert in the area of digital cash. Ecash allows anonymous and secure electronic cash payment over the Internet. Since 1995, Mark Twain bank (USA) has been providing Ecash services. Ecash is based on an innovative blind signature method.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications14 Wiley and the book authors, 2001 Basic Operation of E-cash system Pay by the coins Check the validity of the coins and whether they have been spent and credit the account accordingly Debit the account and sign the blinded coins Send the blinded coins to the bank Return the signed blinded coins Deposit the coins Confirm the deposit Ship goods or perform the service Generate the blinded coins Unblind the coins Customer Bank VBS (Merchant)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications15 Wiley and the book authors, 2001 Micropayment methods Traditional payment methods are called macropayment methods. A new type of payment method known as micropayment method is emerging to cater for very low value transactions. Example: Millicent (pre-payment/credit based) Paywords (post-payment)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications16 Wiley and the book authors, 2001 Basic Operation of Millicent Protocol Buy the scrips of different vendors Send the aggregated scrips Pay by the scrips Confirm the payment Customer Broker Merchant Check for the validity of the scrips and whether they have been spent from the database
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications17 Wiley and the book authors, 2001 Basic Operation of Payword Protocol by sending i+j and PW i+j Send the commitment message (PW 0 ) Customer VBS (Merchant) Pay 1 cent by sending PW 1 Pay 1 cent by sending PW 2 Send PW i Pay j more cents Redeem by sending the commitment message (PW 0 ) and PW h to the broker :::: : Check H[PW 1 ] = PW 0 Check H[PW 2 ] = PW 1 Check PW i+1 – PW i+j recursively
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications18 Wiley and the book authors, 2001 Schematic overview of a smart card A Smart Card RAMI/O CPU ROMEPROM Microchip with mechanical contacts
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications19 Wiley and the book authors, 2001 Example: Mondex Direct transfer of electronic money between two cards Transfer of electronic money over the Internet or telephone networks etc. Keep transaction records Password protection and “lock card” functions Portable balance finder to check balance Support multiple currencies