Electronic Money Lincoln Stein Whitehead Institute/MIT Center for Genome Research

What is a Commercial Transaction? u Customer walks into store, examines wares u Customer decides purchase item u Customer pays for item u Merchant delivers item u Returns/exchanges

Types of Money? MethodAnonymousTrailCreditPeer to Peer Cash 4774 Credit Card 7447 Check/Debit 747 4

How is Commerce on the Internet Different? u “On the Internet, nobody knows you’re a dog.” u Customer & merchant never meet u Large potential for fraud u Internet transactions easily intercepted

Building Trust u Authentication: merchant and customer u Transaction security u Transaction integrity u Non-repudiability u Consumer protection

Parts of the Puzzle ProblemSolution Transaction securityencryption Consumer authenticationdigital signature/certificate Merchant authenticationdigital signature/certificate transaction integritymessage digests

Electronic Payment Methods u Offline Systems u Secure Servers u Payment Systems u Commerce Environments u Digital Cash

Offline Systems u PO Orders, 800 numbers, etc. u First Virtual

First Virtual Internet Payment System u No use of secure protocols u No sensitive information transmitted over Internet u Reliance on off-line channels u Non-tangible merchandise only

How First Virtual Works (Customer) u Customer contacts FV u Credit card number exchanged by telephone u Customer receives account PIN

How First Virtual Works (Merchant) u Merchant contacts FV u Checking account info exchanged by telephone u Merchant installs server software

How First Virtual Works (Transaction) u Customer browses Web site u Customer types PIN into fill-out form u Server requests PIN & validates it u FV confirms sale via

Why First Virtual Works u Credit card # never transmitted over Internet u Customer can cancel sales in cases of –fraud –unsuitability of merchandise

Limitations of FV u Customers who abuse system u Can’t be used for tangible goods u Adoption spotty

How Much Does FV Cost? u Set-up fee: –$2.00 customer –$10.00 merchant u Merchant transaction fee –$0.29 / transaction –2% of merchandise selling price u

Secure Servers u Use SSL or S-HTTP to –encrypt transmission –identify merchant to customer –[identify customer to merchant] u Simple: customer types credit card # into fill-out form Bank Merchant ?

Secure Servers: Limitations u Roll-your-own credit card validation u No built-in transaction processing u No customer authentication (yet) u Crippled cryptography on “export” versions u Credit card #’s not necessarily secure on merchant’s server

Online Payment Systems: CyberCash u Secure online payment for tangible goods u Both credit card and debit card models u Supported by many banks u “CyberCoin” system for small purchases of intangible items

How CyberCash Works Bank Merchant Bank $ Virtual Wallet Virtual Cash Register

How CyberCash Works (Customer) u Customer downloads “Wallet” application u Registers name, password & credit card number/bank account u Browser hands off transaction to Wallet during purchases u Transaction logs

How CyberCash Works (Merchant) u Merchant downloads “Cash Register” application u Installs on server u Web server hands off transaction to Cash Register during purchases u Support for transaction logging, refunds, cancellations

Registering “Wallet”

Making a Payment

What CyberCash Costs u Free to consumer u Software free to merchant –Transaction fees set by credit card and issuing bank –Fee schedules similar to those of a mail order house: 2-3% of transaction price + fixed fees

Commerce Environments u Secure server u Inventory control, catalogs, etc u Credit card validation u Transaction logging u Returns, exchanges, PO orders, shipping u Database interfaces

OpenMarket u Offers “soup to nuts” solutions –Web publishing & catalogs –Transaction management –Credit card validation –Inventory, shipping, returns u Based around OpenMarket server u Large corporations, banks, virtual malls

Secure Electronic Transaction Specification (SET) u VISA, Mastercard, Netscape, Microsoft u A standard, not a product u Specifies –Customer authentication –Merchant authentication –Transaction encryption –Transaction validation

SET Bank Merchant Bank $

SET-Enabled Products u Microsoft Merchant –Partner: Verifone –Fully integrated with BackOffice u Netscape LivePayment –Partner: First Data –One component of Netscape Commerce Server –Available now

DigiCash u True anonymous peer-to-peer currency - “CyberBucks” u Handful of banks and merchants Bank

URLs (1) u First Virtual – u CyberCash – u Open Market –

URLs (2) u SET – u Microsoft Merchant – u Netscape LivePayment – u DigiCash –

URL For This Talk u –~lstein/Web97/