Electronic Money Lincoln Stein Whitehead Institute/MIT Center for Genome Research
What is a Commercial Transaction? u Customer walks into store, examines wares u Customer decides purchase item u Customer pays for item u Merchant delivers item u Returns/exchanges
Types of Money? MethodAnonymousTrailCreditPeer to Peer Cash 4774 Credit Card 7447 Check/Debit 747 4
How is Commerce on the Internet Different? u “On the Internet, nobody knows you’re a dog.” u Customer & merchant never meet u Large potential for fraud u Internet transactions easily intercepted
Building Trust u Authentication: merchant and customer u Transaction security u Transaction integrity u Non-repudiability u Consumer protection
Parts of the Puzzle ProblemSolution Transaction securityencryption Consumer authenticationdigital signature/certificate Merchant authenticationdigital signature/certificate transaction integritymessage digests
Electronic Payment Methods u Offline Systems u Secure Servers u Payment Systems u Commerce Environments u Digital Cash
Offline Systems u PO Orders, 800 numbers, etc. u First Virtual
First Virtual Internet Payment System u No use of secure protocols u No sensitive information transmitted over Internet u Reliance on off-line channels u Non-tangible merchandise only
How First Virtual Works (Customer) u Customer contacts FV u Credit card number exchanged by telephone u Customer receives account PIN
How First Virtual Works (Merchant) u Merchant contacts FV u Checking account info exchanged by telephone u Merchant installs server software
How First Virtual Works (Transaction) u Customer browses Web site u Customer types PIN into fill-out form u Server requests PIN & validates it u FV confirms sale via
Why First Virtual Works u Credit card # never transmitted over Internet u Customer can cancel sales in cases of –fraud –unsuitability of merchandise
Limitations of FV u Customers who abuse system u Can’t be used for tangible goods u Adoption spotty
How Much Does FV Cost? u Set-up fee: –$2.00 customer –$10.00 merchant u Merchant transaction fee –$0.29 / transaction –2% of merchandise selling price u
Secure Servers u Use SSL or S-HTTP to –encrypt transmission –identify merchant to customer –[identify customer to merchant] u Simple: customer types credit card # into fill-out form Bank Merchant ?
Secure Servers: Limitations u Roll-your-own credit card validation u No built-in transaction processing u No customer authentication (yet) u Crippled cryptography on “export” versions u Credit card #’s not necessarily secure on merchant’s server
Online Payment Systems: CyberCash u Secure online payment for tangible goods u Both credit card and debit card models u Supported by many banks u “CyberCoin” system for small purchases of intangible items
How CyberCash Works Bank Merchant Bank $ Virtual Wallet Virtual Cash Register
How CyberCash Works (Customer) u Customer downloads “Wallet” application u Registers name, password & credit card number/bank account u Browser hands off transaction to Wallet during purchases u Transaction logs
How CyberCash Works (Merchant) u Merchant downloads “Cash Register” application u Installs on server u Web server hands off transaction to Cash Register during purchases u Support for transaction logging, refunds, cancellations
Registering “Wallet”
Making a Payment
What CyberCash Costs u Free to consumer u Software free to merchant –Transaction fees set by credit card and issuing bank –Fee schedules similar to those of a mail order house: 2-3% of transaction price + fixed fees
Commerce Environments u Secure server u Inventory control, catalogs, etc u Credit card validation u Transaction logging u Returns, exchanges, PO orders, shipping u Database interfaces
OpenMarket u Offers “soup to nuts” solutions –Web publishing & catalogs –Transaction management –Credit card validation –Inventory, shipping, returns u Based around OpenMarket server u Large corporations, banks, virtual malls
Secure Electronic Transaction Specification (SET) u VISA, Mastercard, Netscape, Microsoft u A standard, not a product u Specifies –Customer authentication –Merchant authentication –Transaction encryption –Transaction validation
SET Bank Merchant Bank $
SET-Enabled Products u Microsoft Merchant –Partner: Verifone –Fully integrated with BackOffice u Netscape LivePayment –Partner: First Data –One component of Netscape Commerce Server –Available now
DigiCash u True anonymous peer-to-peer currency - “CyberBucks” u Handful of banks and merchants Bank
URLs (1) u First Virtual – u CyberCash – u Open Market –
URLs (2) u SET – u Microsoft Merchant – u Netscape LivePayment – u DigiCash –
URL For This Talk u –~lstein/Web97/