Electronic Payment Systems
an electronic payment system is needed for compensation for information, goods and services provided through the Internet – such as access to copyrighted materials, database searches or consumption of system resources – or as a convenient form of payment for external goods and services – such as merchandise and services provided outside the Internet. it helps to automate sales activities, extends the potential number of customers and may reduce the amount of paperwork.
- security: payment systems are very likely to become a target for criminal attacks.
- flexibility: different models for different situations (anonymity, accountability, risk).
- computational efficiency: support for micropayment; per-transaction cost must be small enough so that they are insignificant.
- secure (or non-secure) presentation: the customer provides credit card information over a secure (or even clear) transportation means.
- customer registration: the customer gets a password or digital signature based on a credit card (hides the credit card information from the merchant, but still clears through the credit card).
- credit-debit instruments: similar to customer registration but only one bill per month either through credit card or debit check.
- electronic currency: this method has potential for anonymity but requires tamper resistant hardware.
- server scrip: the customer gets a kind of coupons from an agent that can be spend only with one particular merchant. this reduces the risk of double spending and allows off-line transactions.
- direct transfer: the customer initiates the transfer of funds to the account of the merchant. this method provides no anonymity.
- collection agent: the merchant refers the customer to a third party who collects payment using one of the methods mentioned above.
of all models, (non-)secure presentation is the only model that has a large customer base today. all other methods require a special hardware and/or software that most potential customers don’t have.
systems available today:
- secure socket layer (SSL): client submits credit card information using encryption based on public keys.
- CyberCash: customer registers credit card with CyberCash and selects a signature key. requires special software on the client, but hides credit card information from merchant.
- secure electronic transaction (SET): the customer obtains a signature key from the card issuer. this method requires a special software running on the client to encrypt and sign credit card information.
- Open Market: provides multi-mechanism collection services for web browsers.
- Mondex: provides smart-card based electronic currency.
- electronic check: provides a PC card-based credit-debit payment instrument that can be sent across the Internet, but clears through the existing banking network.
- USC/ISI’s NetCheque: implements an on-line “checking-account” against which payments are authorized.
- USC/ISI’s NetCash: users purchase currency from the currency server using NetCheque. with multiple currency servers, the NetCheque system is used to clear cross-server payments.
- CMU’s NetBill: provides a payment instrument analogous to a credit card slip authenticated by kerberos. goods are delivered to the customer encrypted, NetBill sends the key to decrypt the good.
integration with banking systems:
needs to be efficient. customers can either deposit funds in advance or pay periodic statements (electronic credit card).
risks and security:
from the customer’s perspective:
- stolen payment credentials and passwords
- dishonest merchants or financial service providers
- disputes over quality of services or goods
from merchant’s perspective:
- forged or copied payment instruments
- insufficient funds in customers account, especially with off-line payment systems
- dishonest or slow financial service providers
from the financial service provider’s perspective:
- stolen customer or service credentials
- forged or copied payment instruments
- customers not paying (applies only to credit models)
the risk may be shifted in one direction or the other by using a credit or debit model and by special agreements.
technical solutions to improve security:
- protect payment credentials with token or smart cards
- use on-line authorization to detect double spending, check for sufficient funds and anomal spending patterns
roles of and rewards for the financial service providers (FSPs):
- they are trusted to hold our money
- they facilitate clearing of the payments
- they insure against fraudulent transactions (risk management)
- they can charge account and transaction fees
- they may benefit from currency exchange
Digital Token–based E–payment systems::
The digital token based payment system is a new form of electronic payment system which is based on electronic tokens rather than e-cheque or e-cash. The electronic tokens are generated by the bank or some financial institutions. Hence we can say that the electronic tokens are equivalent to the cash which are to be made by the bank.
Categories of Electronic Tokens:-
I. Cash or Real Time:-
In this mode of electronic tokens transactions takes place via the exchange of electronic currency (e-cash).
2. Debit or Prepaid:-
In this electronic payment system the prepaid facilities are provided. It means that for transactions of information user pay in advance. This technology are used in smart card, electronic purses etc.
3. Credit or Postpaid;-
These types of electronic token based on the identity of customers which issue a card, their authentication and verification by a third party. In this system the server authenticate the customers and then verify their identity through the bank. After all these processing the transaction take place. Example is E-Cheques.
The Digital Token based system have following issues for which they are established:-
1. Nature of transaction for which instrument is designed:-
In this category, the design issues of token take place. It may be designed to handle micro payments. It may be designed for conventional products. Some tokens are designed specifically and other generally. The design issue involve involvement of parties, purchase interaction and average amount.
2. Means of Settlement:- The Digital Tokens are used when their format must be in cash, credit, electronic bill payments etc. Most transaction settlement methods use credit cards while other used proxies for values.
3. Approach to Security, Anonymity and Authentication:-
Since the electronic token are vary from system to system when the business transaction take place. So it is necessary to secure it by intruders and hackers. For this purpose various security features are provided with electronic tokens such as the method of encryption. The encryption method use the digital signatures of the customers for verification and authentication.
4. Risk Factors:-
The electronic tokens may be worthless and if the customer have currency on token than nobody will accept it, If the transaction has long time between delivery of products and payments to merchants then merchant exposes to the risk. so it is important to analysis risk factor in electronic payment system.
Classification of new–payment systems
The most common way of making electronic payments today is to directly transfer money between accounts. This is facilitated in a number of ways, for example by credit cards and debit cards, as well as cheques and money transfer. In a transaction using the account transfer system, no electronic value is generated. Instead, an authorization of a transfer of funds between two accounts is transmitted. The actual transfer of value is done at the bank. This system works well for high value transactions, but it is relatively expensive and slow. During the payment transaction, a connection needs to be established to the account of the payee, and it needs to be checked whether there are sufficient funds available. The system further implies unconditional traceability of all payments, and every amount has to be cleared (verified) online unless the system is combined with a credit mechanism.
This concept involves the issuing of electronic tokens by a central entity, such as a bank. These tokens represent value, and can be stored locally on a user’s computer. Using this system, any token is valid for one use only, to ensure that it cannot be copied and used several times. As a consequence, such a token cannot be passed on between several parties as paper cash or coins can. Because a user has the tokens stored locally on his computer, and every token can have a particular denomination of value, the system resembles banknotes and coins in a purse. This is why these systems are often referred to as “electronic cash”.
A token in this system consists of a message stating its value, and the electronic signature of a central entity, e.g. a bank, to guarantee its authenticity. Further information is added for various reasons, including security, the possibility to identify a user, an automatically generated receipt for the payment, etc. Every token is limited to one use, and verified online at payment time. Prepaid token-based systems do not require the overhead of accessing account balance and transfer between accounts during transaction. A record of all transactions is usually not kept, further reducing administration overhead. Net risk of fraud is reduced as only the existing tokens are at risk, not the total balance. It is easily possible to group withdrawals and deposits, especially for small payments, thereby reducing transaction cost further.
Classification of ePayment Products and Systems
Finally, another classification is proposed by Piloura (1998), based on a survey on electronic payment systems on open computer networks which is as follows:
Token-based systems: these systems use tokens, objects that are generally agreed to carry value themselves. The value carried by the tokens is conventional, a matter of consensus. These systems are based on “prepayment “, i.e. drawing on one’s bank account in advance to get possession of payment instruments, token money, to be used in later transactions. We have two subcategories of token-based systems:
- Electronic cash: it attempts to replace paper cash as the principal payment vehicle in online payments.
- Electronic purse systems: they are based on smart cards, also called stored value cards, which use integrated circuit chips to store electronic money.
Notational systems: in these systems the transaction is directly or indirectly tied to value stored elsewhere. The three subcategories that we can distinguish here are:
- Electronic payment orders (debit/credit) transferred over the nets: the transaction is directly tied to value stored elsewhere (usually in a bank account). These systems are also called “pay now” systems because they transfer deposit money “immediately” after the initiation of a payment order. Examples: debit cards, checks and credit transfers.
- Credit card billing over the nets: the transaction is indirectly tied to value in that when you use it you undertake to become liable for the amount of the transaction. These systems are also called “pay later” systems and they are based on consumer credit and/or delayed debiting of the payer’s current account. They can be implemented in two ways: encrypted credit cards or third-party authorization numbers.
- Third-party authorization numbers: one solution to security and verification problems during financial transactions is the introduction of a third party to collect and approve payments from one client to another.
Smart card-based notational systems: these systems use smart card technology to store customer-specific information in an attempt to offer higher levels of protection than software-only notational systems.
Properties of Electronic–Cash
To purchase items over the Internet, people currently use credit cards as the prevailing form of payment. For years, however, people have asked “Why not use Electronic Cash?” These are the properties that would be necessary for such a scheme:
1. Financial Infrastructure: There is a big di?erence between bits and atoms. People have used atoms, gold, bills, etc. as money. Behind the bits in E-cash, there must be financial infrastructure that the money represented by the instructions in the bits from one account to another. A transaction is an instruction to move money from a consumer’s account to a merchant’s account.
2. No Double-Spending and Non-forgeability: Bits can be easily duplicated but atoms cannot.So copies of cash should not be spendable. Nor should one be able to forge or create e-cash and spend it.
3. Security: Account information should be kept secure. Transfers should be kept secure.
4. Immediate Verifiability that Payment is OK Online vs. O?ine systems: Every time you receive a payment, you could instantly relay it to the bank to verify it. Or there could be an intrinsic property that lets you know the money is good if a bank is not readily available.
5. Persistence: Atoms stick around better than bits do. If your computer crashes, you should notbe bankrupted. A backup of your wallet to record your wealth should not be spendable.
6. Exclusive Ownership
7. Anonymity: There are different types of anonymity, payer, payee, and even bank anonymity. The merchant may accept money without knowing who the payer is. Also you should be able to deposit money without the bank knowing where the transaction comes from. There are issues of money laundering. People can transfer money without the bank knowing.
8. Transferability: A can pass money to B and then to C easily and anonymously.
9. Amounts: It would be nice to support a variety of “coin sizes”.
10. Traceable to issuer: We should know who backs each bit of money. E.g., We can tell by inspection that U.S. money is issued by the U.S. treasury.
11. Divisibility and Combination: If you have an instrument worth 1 dollar, you should be able to divide it into two instruments each worth 50 cents.
12. Compatibility with existing systems: An electronic payment system should interface smoothly with existing payment systems. (To what extent a monetary system actually depends on others is an interesting open question; can you have e.g., a Galactic System with no central Government authority?)
13. Efficient for small amounts
15. Competition between Issuers: Free banking before the Gold Standard
Cheque payment systems on the Internet:
Electronic payments involve a payer and a payee. A payer (buyer or customer), is an entity who makes a payment. A payee (seller or merchant), is an entity who receives a payment. The main purpose of an electronic payment protocols is to transfer monetary value from the payer to the payee. The process also involves a financial institution (bank or mint).
Typically, financial institution participates in payment protocols in two roles: as an issuer (interacting with the payer) and as an acquirer (interacting with the payee). The issuer is responsible for validating the payer during account registrations and holds the payer’s account and assets. The acquirer holds the payee’s account and assets. The payee deposits the payments received during a transaction with the acquirer. The acquirer and the issuer then proceed to perform an inter-banking transaction for clearance of funds. It is possible for the issuer and the acquirer to be from the same financial institution.
Other parties that may be present in a payment protocol include a Trustee (arbiter) who is an entity that is independent from all parties. All entities in a protocol unconditionally trust the Trustee who is called to adjudicate any disputes between the payer and the payee. Certain payment systems might involve more players like Payment Gateways (PG) who are entities that act as a medium for transaction processing between other entities (e.g. MasterCard, Visa) and Certification Authorities (CA) who are necessary if the e-payment systems involve PKI’s. They issue public key certificates to entities involved in a payment protocol so that their authenticity can be publicly verified. Figure 1 illustrates the participating entities in an e-payment system.
Figure 1: Generic E-payment Protocol
2. Phases in E-Payment
An electronic payment typically involves the following phases:
- Registration: This phase involves the registration of the payer and the payee with the issuer and acquirer respectively. Most electronic payments designed require registration of payers and payees with their corresponding banks so there is a link between their identities and their accounts held at the bank.
- Invoicing: In this phase, the payee obtains an invoice for payment from the payee. This is accomplished by either browsing and selecting products for purchase from the merchant’s (payee’s) website in case of purchases made through the internet or obtaining an electronic invoice using other electronic communication medium like e-mail. This phase typically is performed in an unsecured environment and normally excluded while designing payment protocols. The importance of this phase is that, it sets the mandatory and optional data variables that should be included in a payment protocol.
- Payment selection and processing: In this phase the payer selects type of payment, (card based, e-cash, e-cheque, etc.,) based on the type of payment the payee accepts. Based on the selection, the payer then sends the relevant payment details like account number, unique identifiers of the payer to the payee along with accepted amount based on the invoice. Certain protocols might also require the payer to obtain preauthorised token (like bank drafts) from the issuer before the payer sending the payment information to the payee.
- Payment authorisation and confirmation: In this phase, the acquirer on receiving payment details from the payee authorises the payment and issues a receipt containing the success or failure of the payment to the payee. The payee based on the message may also issue a receipt of payment to the payer.
Risks in E–payments
Electronic payment is a popular method of making payments globally. It involves sending money from bank to bank instantly — regardless of the distance involved. Such payment systems use Internet technology, where information is relayed through networked computers from one bank to another. Electronic payment systems are popular because of their convenience. However, they also may pose serious risks to consumers and financial institutions
RISKS IN E-PAYMENT AS FOLLOWS:
- Businesses are required by law to provide records of their financial transactions to the government so that their tax compliance can be verified. Electronic payment however can frustrate the efforts of tax collection. Unless a business discloses the various electronic payments it has made or received over the tax period, the government may not know the truth, which could cause tax evasion.
- Electronic payment systems are prone to fraud. The payment is done usually after keying in a password and sometimes answering security questions. There is no way of verifying the true identity of the maker of the transaction. As long as the password and security questions are correct, the system assumes you are the right person. If this information falls into the possession of fraudsters, then they can defraud you of your money.
- Electronic payment systems encourage impulse buying, especially online. You are likely to make a decision to purchase an item you find on sale online, even though you had not planned to buy it, just because it will cost you just a click to buy it through your credit card. Impulse buying leads to disorganized budgets and is one of the disadvantages of electronic payment systems.
- Payment conflicts often arise because the payments are not done manually but by an automated system that can cause errors. This is especially common when payment is done on a regular basis to many recipients. If you do not check your pay slip at the end of every pay period, for instance, then you might end up with a conflict due to these technical glitches, or anomalies.
Disadvantages and advantages of electronic payment system
In the Age of High Technology cash strives to endure the competition with electronic money, because more and more people prefer to have virtual wallets. We already provided you with the information on particular payment systems, in this article we will describe the general advantages of electronic payment system and its disadvantages.
It is clear, electronic payment systems have a range of pros in comparison to traditional banking services:
1. Time savings. Money transfer between virtual accounts usually takes a few minutes, while a wire transfer or a postal one may take several days. Also, you will not waste your time waiting in lines at a bank or post office.
2. Expenses control. Even if someone is eager to bring his disbursements under control, it is necessary to be patient enough to write down all the petty expenses, which often takes a large part of the total amount of disbursements. The virtual account contains the history of all transactions indicating the store and the amount you spent. And you can check it anytime you want. This advantage of electronic payment system is pretty important in this case.
3. Reduced risk of loss and theft. You can not forget your virtual wallet somewhere and it can not be taken away by robbers. Although in cyberspace there are many scammers, in one of the previous articles we described in detail how to make your e-currency account secure.
4. Low commissions. If you pay for internet service provider or a mobile account replenishment through the UPT (unattended payment terminal), you will encounter high fees. As for the electronic payment system: a fee of this kind of operations consists of 1% of the total amount, and this is a considerable advantage.
5. User-friendly. Usually every service is designed to reach the widest possible audience, so it has the intuitively understandable user interface. In addition, there is always the opportunity to submit a question to a support team, which often works 24/7. Anyway you can always get an answer using the forums on the subject.
5. Convenience. All the transfers can be performed at any time, anywhere. It’s enough to have an access to the Internet.
Having specified the well-known advantages of electronic payment system, it is necessary to mention its drawbacks:
1. Restrictions. Each payment system has its limits regarding the maximum amount in the account, the number of transactions per day and the amount of output.
2. The risk of being hacked. If you follow the seсurity rules the threat is minimal, it can be compared to the risk of something like a robbery. The worse situation when the system of processing company has been broken, because it leads to the leak of personal data on cards and its owners. Even if the electronic payment system does not launch plastic cards, it can be involved in scandals regarding the Identity theft.
3. The problem of transferring money between different payment systems. Usually the majority of electronic payment systems do not cooperate with each other. In this case, you have to use the services of e-currency exchange, and it can be time-consuming if you still do not have a trusted service for this purpose. Our article on how to choose the best e-currency exchanger greatly facilitates the search process.
4. The lack of anonymity. The information about all the transactions, including the amount, time and recipient are stored in the database of the payment system. And it means the intelligence agency has an access to this information. You should decide whether it’s bad or good.
5. The necessity of Internet access. If Internet connection fails, you can not get to your online account.
In general, the advantages of electronic payment system outweigh its disadvantages and they have bigger opportunities comparing with ones of traditional wire transfers.
A digital signature (not to be confused with a digital certificate) is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document
The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.
In many countries, including the United States, digital signatures have the same legal significance as the more traditional forms of signed documents. The United States Government Printing Office publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.
How digital signatures work
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash — along with other information, such as the hashing algorithm — is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.