Presentation is loading. Please wait.

Presentation is loading. Please wait.

Payment systems Aalto University, autumn 2013.

Published byVirginia Walton Modified over 5 years ago

Similar presentations

Presentation on theme: "Payment systems Aalto University, autumn 2013."— Presentation transcript:

1 Payment systems Aalto University, autumn 2013

2 Outline Money transfer Card payments Anonymous payments and BitCoin

3 MOney transfer

4 Common payment systems
Cash Electronic credit transfer, e-lasku Direct debit Check Credit card Cash transfer Mobile payment Anonymous payment Which are regulated?

5 Electronic credit transfer
Also called bank transfer, wire transfer Payment process (e.g. UK CHAPS): Clearing: if the payment is between two banks, the sending bank sends the information to a central processor, which keeps track of payments Settlement: transfer of funds between the central-bank reserve accounts of the two banks at the end of the day for the balance of all transactions that day ( risk to central bank or receiving bank if a sending bank goes bust) Float: money between debit from the sender’s bank account and credit to the receiver’s account  banks gain interest on float  payments in some systems take days without any technical reason Finality varies for sender, banks and receiver Most electronic transfers immediately final to sender and bank, not receiver Old direct debit in Finland is final for sender; SEPA direct debit is reversible Central processor Sending bank Receiving bank Sender Receiver Sender makes payment Clearing Settlement between banks Funds available to receiver Timeline float

6 [classhelper.org] Check Check payment: Payer writes the check Clearing: payee deposits the check, bank collects payment, paying bank inspect the check for authenticity and sufficient funds Settlement: transfer of funds between banks Float: in some countries, funds are available immediately after deposit, before clearing and settlement  payee effectively gets an interest-free loan Payer writes check Clearing Settlement between banks Funds available to payee Timeline Payee deposits check /negative) float

7 Credit card Credit card issuer takes a ~2-5% transaction fee from seller Buyer protection: card issuer takes some of the risk Initial 30–60 days of interest-free credit for buyer Kickbacks to some card holders Transaction final after 90 days  clearer rules on finality than in bank transfer (one of the reasons why businesses like credit cards) negative float Timeline Credit card purchase Funds available to seller Buyer may pay balance Interest-free Transaction final

8 Cash transfers Western Union, MoneyGram: money transfer for people without bank accounts Sender pays cash at one branch office; receiver gets the cash at another branch office (no bank account needed) Used mostly by migrants to send money to 3rd-world countries Receiver must have id card or answer test question Example: NAME: MICHAEL SMITH ADDRESS: 144 EAST STREET LAGOS TEST QUESTION: WHAT IS THE DOGS NAME ANSWER: SPOT Hawala: informal network of agents based on Islamic law or honor system This and other informal systems conflict with money laundering legislation

9 Issues with float Victim receives a check or credit card details; ships goods before payment clears Victim receives a check; funds available before the check clears; victim makes an irreversible payment (e.g. refunds all or part of the money) Scammer writes false check Check found to be false or no funds  deposit reversed Funds available to victim Timeline Victim deposits check Victim ships goods Scammer writes false check Check found to be false or no funds  deposit reversed Funds available to victim Timeline Victim deposits check Victim returns (part of) the money Funds available to scammer

10 Issues with float Victim receives a reversible payment; victim makes an irreversible payment Timeline Criminal (e.g phisher) makes a money transfer to mule Funds available to mule Mule asked to repay Mule makes forward payment Funds available to scammer

11 Card payment

12 T-110.2100 Johdatus tietoliikenteeseen, kevät 2010
Mag-stripe bank cards Magnetic stripe contains primary account number (PAN), name, expiration date, service code, PVKI, PVV, CVV1 PIN is a function of data on mag stripe and secret key in terminal  offline PIN verification at disconnected POS or ATM Possible to copy data on the mag stripe CVV1 is a cryptographic MAC of the PAN, name, expiration and service code (based on 3DES) Offline terminal has a security module to store the card and PIN verification keys CVV2 to make online fraud harder 3-4 digits printed on card but not on mag stripe Required for web and phone (“card not present”) transactions Not stored by merchant after online verification  safe from server hacking Vulnerable to phishing Wikipedia: Service code values common in financial cards: First digit 1: International interchange OK 2: International interchange, use IC (chip) where feasible 5: National interchange only except under bilateral agreement 6: National interchange only except under bilateral agreement, use IC (chip) where feasible 7: No interchange except under bilateral agreement (closed loop) 9: Test Second digit 0: Normal 2: Contact issuer via online means 4: Contact issuer via online means except under bilateral agreement Third digit 0: No restrictions, PIN required 1: No restrictions 2: Goods and services only (no cash) 3: ATM only, PIN required 4: Cash only 5: Goods and services only (no cash), PIN required 6: No restrictions, use PIN where feasible 7: Goods and services only (no cash), use PIN where feasible

13 Mag-stripe Visa PIN verification
Input from magnetic stripe: Primary account number (PAN) i.e. 15-digit card number PIN verification key indicator (PVKI, one digit 1..6) PIN verification value (PVV, 4 decimal characters) Verifier must have PIN verification key (PVK, 128-bit 3DES key) PVKI is an index of PVK to enable PVK updates Create security parameter (TSP): Concatenate 11 rightmost digits of PAN, PVKI and PIN The 16-digit concatenation is one hexadecimal DES block PVV generation: 3DES encryption of TSP with the key PVK Decimalization of the encryption result to 4-digit PVV Decimalization happens by taking the 4 leftmost digits 0..9 from the hexadecimal encrypted block If less than 4 such digits, take 4 first digits A..F and map A=0,B=1,C=3... [For details see IBM]

14 Chip-and-PIN bank cards
EMV standard (Europay, Mastercard, Visa) Smart card chip (ICC) on the bank card Tamperproof ICC stores a cryptographic signature key Card also contains a certificate Three levels of secure transactions: Static data authentication (SDA): Certificate verification only; no longer used in Finland Dynamic data authentication (DDA): Card signs a random challenge sent by terminal Combined DDA and application cryptogram (CDA): Card signs transaction details incl. random challenge Card holder authenticated with PIN or signature PIN usually sent to the card, which answers yes/no

15 Anonymous payments

16 Anonymous digital cash
David Chaum 1982, later DigiCash product — never really used but an influential idea Participants: bank, buyer Alice, merchant Bob Anonymous: Bank cannot link issued and deposited coins, not even with Bob’s help Not transferable: must be deposited to bank after one use Uses blind signatures: bank signs coins without seeing their contents  cannot link events of coin issuing and use Bank Alice buyer Bob merchant 1. Bank issues coin 2. Alice spends coin 3. Bob deposits coin

17 Anonymous digital cash
Idea 1: blind signature: Bank has an RSA signature key pair key (e,d,n) for signing 1€ coins (and different keys for 10€, 100€,...) Alice creates a coin from random “serial number” SN and redundant padding required for RSA signature; Alice generates a random number R, computes coin ⋅ Re mod n, and sends this to the bank Bank computes (coin ⋅ Re)d mod n = coind ⋅ R mod n and sends this to Alice Alice divides with R to get the signed coin coind mod n  Bank has signed the coin without seeing it and cannot link the coin to Alice Alice can pay 1€ to Bob by giving him the coin Bob deposits coin to bank; bank checks signature and only accepts the same coin once Double-spending: Customers are anonymous; if someone pays the same coin to two merchants, who was it?

18 Anonymous digital cash
Idea 2: double-spending detection Alice must set SN = h( h(N) | h(N xor “Alice”) ) where N random After Alice has given the coin to Bob, Bob asks Alice to reveal one of h(N), N xor “Alice” or N,h(N xor “Alice”)  If Alice spends the coin twice, she reveals her name with 50% probability Make each 1€ coin of k separately signed sub-coins  detection probability p = 1-2-k Coins will be quite large: k=128 with 2048-bit RSA signatures makes 32kB/coin Problem: What forces Alice to create SN this way? How can bank check the contents of the message signed blindly?

19 Anonymous digital cash
Idea 3: cut and choose Alice creates k pairs of sub-coins for signing Bank asks Alice to reveal N for one sub-coin in each pair and signs the other one  cheating detection probability p = 1-2-k Alice can make anonymous payments but will be caught with probability p = 1-2-k if she tries to create an invalid coin or spend the same coin twice

20 BitCoin

21 BitCoin Transferable digital money
Based on cryptographic signatures and hash functions P2P system, no central bank or trusted issuer “Fair”, competitive system for the initial issue Amount of money in circulation capped Max 21 million BTC Coins can be subdivided to BTC Created in 2008 by pseudonym Satoshi Nakamoto

22 BitCoin transaction Direct transactions between public key pairs:
Transaction record contains (1) inputs, (2) outputs Input info: (a) pointer to the previous transactions i.e. when did the payers receive this money, (b) payer signature(s) Output info: (a) payee public key hashes, (b) transfer amounts Total inputs from previous transactions must be ≥ outputs in: references to previous transactions out: public key hashes, amounts BTC Payers’ signatures h 0.1 BTC PK1 PK2 0.01 BTC History of signed transactions proves who has the money now Questions: How to bundle received small outputs, or get change for a large input? What if the outputs ≤ inputs? Who stores the history and checks the signatures?

23 Transaction history Transaction A
in: references to previous transactions out: 0.2 BTC to PK4 PK1 signature Unreclaimed BTC Transaction D in: references to transactions A, B and C out: 0.33 BTC to PK7 PK4 and PK5 signatures Transaction F in: references to transactions D and E out: 0.34 BTC to PK9 PK7 signature Transaction B in: references to previous transactions out: 0.1 BTC to PK4 PK2 signatures PK9 Transaction E in: reference to transaction C out: 0.01 BTC to PK7 0.015 BTC to PK8 PK6 signature PK8 Transaction C in: references to previous transactions out: 0.03 BTC to PK5; 0.03 BTC to PK6 PK3 signature Unreclaimed BTC To transaction fees BTC

24 ? Double spending How to prevent double spending? Transaction B
in: reference to transaction A out: 0.33 BTC to PK3 PK2 signature PK3 Transaction A in: references to previous transactions out: 0.1 BTC to PK2 PK1 signature ? PK2 Transaction C in: reference to transaction A out: 0.01 BTC to PK4 PK2 signature PK4 How to prevent double spending?

25 Public transaction log
Public transaction log of all past transactions: All transactions ever made incl. signatures Updated every 10 minutes, on the average Used to check for double spending Block chain: public chain of log entries, updated every 10 minutes Block contains hash of the previous block and Merkle hash of new transactions The latest block is, in effect, a hash of all transactions ever Log size grows over time Q: Who can be trusted to maintain the log? A: global P2P network Block k-2 hash of block k-3, Merkle hash tree of new transactions, time, nonce, and other info Block k-1 hash of block k-2, Merkle hash tree of new transactions, time, nonce and other info Block k hash of block k-1, Merkle hash tree of new transactions, time, nonce, and other info h h h

26 Mining Anyone can add blocks to the block chain Issuing coins
To do so, you must perform proof of work i.e. solve a cryptographic puzzle the requires brute-force search adjustable difficulty Find a nonce (any number) such that the SHA-256 hash of the block is smaller than a target value h( block header(nonce) ) ≤ target value The first to find a solution gets a reward and everyone moves to search for the next block The difficulty of the next block is adjusted to keep the predicted block generation time at 10 minutes Issuing coins The reward for generating a new block is new BTC (currently 25) – this is how the coins are initially issued! Transactions may also include a small transaction fee to encourage mining

27 Security of the block chain
Block k Block k+1 Block k+2 Block k+1 Block k+2 Block k+3 Block k+4 Double spending detection depends on the block chain not branching Client software always chooses the longest branch After receiving the payment, sellers publish the transaction to the P2P network and wait for 6 new blocks to include it If someone controls more than 50% of the global hash rate, they can double spend

28 BitCoin philosophy Anonymous transactions like cash money
Digital equivalent of gold: Limited supply on earth Cannot be controlled or inflated by a government Opposition to current monetary policy, especially quantitative easing Potential problems: Exchange rate volatility Unlike gold; competing currencies easy to create Favorite currency for drug trade and other crime Tax authorities will be interested Max transaction rate ~21M BTC / hour, 60-minute latency Security based on wasting energy in CPUs Market bubble?

29 Possible security issues
No way to reverse transaction without the payee’s cooperation Block chain branching, double spending Should to wait 60 minutes or more to confirm a transaction Software bugs Bank robbery by hackers Malware attacks against wallets Government attempts to control Silk Road raided by FBI in Oct 2013 Competing digital currencies easy to create

30 Reading material Ross Anderson: Security Engineering, 2nd ed., chapter 10 Interesting reading online: Scam baiting sites have stories about advance-fee fraud (e.g. but not always nice University of Cambridge Security Group: BitCoin wiki:

31 Exercises What are the main threats in
online card transactions? POS transactions? ATM cash withdrawals? What differences are there in the way credit cards and bank debit cards address these threats? Could you (technically) use bank cards or credit cards as door keys? as bus tickets? for strong identification of persons on the Internet? (This question may require quite a bit of research.) How could a malicious merchant perform a man-in-the-middle attack against chip-and-PIN transactions? When a fraudulent bank transaction occurs, who will suffer the losses? Find out about the regulation and contractual rules on such liability. Bank security is largely based on anomaly detection and risk mitigation. In what ways could a bank reduce the risk of fraud in mag-stipe or chip-and-PIN payments? Even though DigiCash coins are unlinkable, what ways are there for the merchant or bank (or them together) to find out what Alice buys? Find a BitCoin block explorer web site with the full transaction record and browse around. Find the latest blocks and transactions, and the first block ever. See how the mining difficulty has changed over time.

Download ppt "Payment systems Aalto University, autumn 2013."

Similar presentations

Payment systems Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014.

Payment systems Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014.
Module 5: financial services review

Module 5: financial services review
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 11 Electronic Cash.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Bank On It.

Bank On It.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.

Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.
PAYMENT WITH A DEBIT-CARD Merchant swipes debit card Debit rather than credit transaction like credit card.

PAYMENT WITH A DEBIT-CARD Merchant swipes debit card Debit rather than credit transaction like credit card.
Financial Transactions on Internet Financial transactions require the cooperation of more than two parties. Transaction must be very low cost so that small.

Financial Transactions on Internet Financial transactions require the cooperation of more than two parties. Transaction must be very low cost so that small.
E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.

E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.
Traditional and Electronic Payment Methods Chapter 3.

Traditional and Electronic Payment Methods Chapter 3.
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Banking: 101 1. Checking Account What is a Checking Account? An account where money is deposited and kept for day-to-day expenses Also called demand deposit.

Banking: Checking Account What is a Checking Account? An account where money is deposited and kept for day-to-day expenses Also called demand deposit.
Banking: 101 1.

Banking:
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

Similar presentations

Ads by Google