Electronic Payments - University of Houston
Download
Report
Transcript Electronic Payments - University of Houston
Chapter 7
7
Electronic Payment Systems
Electronic Commerce
1
Objectives
We will discuss about:
7
Four methods for collecting customer payments
Credit and debit card processing
SET protocol protections for credit cards
How software wallets work
History and future of electronic cash systems, how they
work and are implemented
Smart cards
Which payment systems are most popular and which are
likely to gain acceptance
2
Introduction to Electronic Payment Systems
7
The largest distinction between a typical Web server
and a Web commerce server is the concept of
money - handling payments over the Internet.
Electronic payments are far cheaper than the
traditional method of billing and payment systems
(which includes invoicing/billing, mailing statements,
receiving payments, and posting payments).
The methods of payment for business-to-consumer
transactions are different than that of the businessto-business transactions.
3
Introduction to Electronic Payment Systems
7
There are three methods of payment in a traditional
business transaction:
Check, credit card, or cash
There are four methods of payments in an electronic
commerce transaction:
Electronic cash, software wallets, smart cards,
and credit/debit cards
Scrip is digital cash minted by third-party
organizations
4
Electronic Cash
7
Credit card-issuing banks make money partly by
charging merchants a processing fee for a consumer
transaction.
The processing fee range from 1.5 to 3 percent of a
sell, in addition to a fee of, say, 20 cents per
transaction.
This policy applies to both traditional business and
electronic commerce.
These fees make small purchases unprofitable for a
merchant.
Sometimes a merchant imposes a minimum credit
card purchase amount to consumers (say $20) to
make small transaction profitable.
5
Electronic Cash
7
Electronic cash (e-cash or digital cash) is used
primarily for small purchase of items costing less
than, say, $10
Micropayments
Payments for items costing $1 or less is termed
as micropayments.
Paying 25 cents for a reprint of an article from a
newspaper is an example.
6
Electronic Cash Issues
7
Electronic cash should have two important
characteristics:
It must allow spending only once, like traditional
cash
Must be anonymous, just like regular currency
Safeguards must be in place to prevent
counterfeiting or the cash can not be used
more than nonce
Must be independent and freely transferable
regardless of nationality or storage mechanism
7
Beenz Home Page
7
8
Electronic Cash Storage
Two
methods
On-line
Individual
does not have possession of
electronic cash
Trusted third party, e.g. online bank, holds
customers’ cash accounts
7
Off-line
Customer
holds cash on smart card or
software wallet
Fraud and double spending (to two merchants)
require tamper-proof encryption
9
CyberCash -- A Pioneer in Electronic Cash
7
10
Advantages and Disadvantages of
Electronic Cash
Advantages
7
More efficient, eventually meaning lower prices
Lower transaction costs
Anybody can use it, unlike credit cards, and does
not require special authorization
Disadvantages
Tax trail non-existent, like regular cash
Money laundering
Susceptible to forgery
11
How Electronic Cash Works
Customer
opens account with bank in person
and establishes identity
7
Thereafter, digital certificate serves as proof of
identity
Once
identified, bank issues e-currency and
deducts amount from customer’s account
(minus service fee)
Customer spends e-cash with merchant who
validates it to prevent forgery or fraud
Merchant presents e-cash to issuing bank for
deposit once goods or services are received
12
Electronic Cash Security
Complex
cryptographic algorithms
prevent double spending
7
Anonymity is preserved unless double
spending is attempted
Serial
numbers can allow tracing to
prevent money laundering
Does not prevent double spending, since
the merchant or consumer could be at
fault
13
Detecting Double Spending
7
14
Past and Present
E-cash Systems
E-cash
7
not popular in U.S., but
successful in Europe and Japan
Reasons for lack of U.S. success not clear
Manner
of implementation too complicated
Lack of standards and interoperable software
that will run easily on a variety of hardware and
software systems
15
Past and Present
E-cash Systems
Checkfree
7
Allows payment with online electronic
checks
Clickshare
Designed for magazine and newspaper
publishers
Miscast as a micropayment only system;
only one of its features
Purchases are billed to a user’s ISP, who
in turn bill the customer
16
Using Checkfree To Pay A Bill Online
7
17
Clickshare’s Home Page
7
18
Past and Present
E-cash Systems
CyberCash
Combines features from cash and checks
Offers credit card, micropayment, and
check payment services
Connects merchants directly with credit
card processors to provide authorizations
for transactions in real time
7
No
delays in processing prevent insufficient ecash to pay for the transaction
19
Past and Present
E-cash Systems
CyberCoins
Service from CyberCash
Stored in CyberCash wallet, a software
storage mechanism located on customer’s
computer
Used to make purchases between 25c and
$10
PayNow -- payments made directly from
checking accounts
7
20
CyberCash’s CashRegister Service
7
21
Past and Present
E-cash Systems
DigiCash
Allowed customers to purchase goods and
services using anonymous electronic cash
Recently entered Chapter 11
reorganization
7
22
Past and Present
E-cash Systems
Coin.Net
Electronic tokens stored on a customer’s
computer is used to make purchases
Works by installing special plug-in to a
customer’s web browser
Merchants do not need special software to
accept eCoins.
eCoin server prevents double-spending
and traces transactions, but consumer is
anonymous to merchant
7
23
eCoin.net Home Page
7
24
Past and Present
E-cash Systems
MilliCent
Developed by Digital, now part of Compaq
Electronic scrip system
Participating merchant creates and sells
own scrip to broker at a discount
7
Consumers
register with broker and buy bulk
generic scrip, usually with credit card
Customers buy by converting broker scrip to
vendor-specific scrip, i.e. scrip that a particular
merchant will accept
25
Past and Present
E-cash Systems
MilliCent
cont’d
Customers can purchase items of very low
value
Brokers required for two reasons:
7
Small
payments require aggregation to insure
profitability
System is easier to use -- customer need only
deal with one broker for all their scrip needs
26
MilliCent Demonstration Page
7
27
Electronic Wallets
Stores
credit card, electronic cash,
owner identification and address
7
Makes shopping easier and more efficient
Eliminates
need to repeatedly enter identifying
information into forms to purchase
Works in many different stores to speed
checkout
Amazon.com one of the first online
merchants to eliminate repeat form-filling
for purchases
28
An Electronic Checkout Counter Form
7
29
Electronic Wallets
Agile
Wallet
Developed by CyberCash
Allows customers to enter credit card and
identifying information once, stored on a
central server
Information pops up in supported
merchants’ payment pages, allowing oneclick payment
Does not support smart cards or
CyberCash
7
30
Electronic Wallets
eWallet
Developed by Launchpad Technologies
Free wallet software that stores credit card
and personal information on users’
computer, not on a central server; info is
dragged into payment form from eWallet
Information is encrypted and password
protected
Works with Netscape and Internet
Explorer
7
31
Electronic Wallets
Microsoft
Wallet
Comes pre-installed in Internet Explorer
4.0, but not in Netscape
All information is encrypted and password
protected
Microsoft Wallet Merchant directory shows
merchants setup to accept Microsoft
Wallet
7
32
Entering Information Into Microsoft Wallet
7
33
W3C Proposed Standard for
Electronic Wallets
World
7
Wide Web Consortium (W3C) is
attempting to create an extensible and
interoperable method of embedding
micropayment information on a web
page
Extensible systems allow improvement of
the system without eliminating previous
work
34
W3C Proposed Standard for
Electronic Wallets
Merchants
7
must accept several payment
options to insure the widest possible Internet
audience
Merchants must embed in their Web page
payment information specific to each payment
system
This redundancy spurred W3C to develop
common standards for Web page markup for all
payment systems
Must move quickly to prevent current methods
from becoming entrenched
35
W3C Electronic Commerce Interest Group
(ECIG) Draft Standard Architecture
Client
7
(consumer’s web browser)
initiates micropayment activity
Client browser includes Per Fee Link
Handler module and one or more
electronic wallets
New HTML tags will carry micropayment
information
36
W3C Proposed Micropayment HTML Tags
7
37
The ECML Standard
Electronic
7
Commerce Modeling
Language (ECML) proposed standards
for electronic wallets
Companies forming the consortium are
America Online, IBM, Microsoft, Visa, and
MasterCard
Ultimate goal is for all commerce sites to
accept ECML
Unclear how this standard will incorporate
privacy standards W3C set forth
38
Smart Cards
It
is a plastic card containing an embedded
microchip. It
Can store 100 times more information than
a credit card
7
Can contain bank account information to
dispense cash
Can also contain information on health
insurance, private encryption keys, credit
card numbers, and so on.
39
Smart Cards
7
Information is encrypted, unlike credit
cards which have account number on its
face, making credit theft practically
impossible
A key like a Personal Identification
Number (PIN) is required to unlock the
information
To use from a browser, a card reader must
be installed with the computer
40
Smart Cards
It
7
has been available for over 10 years
It was not successful in U.S., but popular in
Europe, Australia, and Japan
Unsuccessful in U.S. partly because few card
readers are available in stores
Smart cards gradually reappearing in U.S.;
success depends on:
Critical mass of smart cards that support
applications
Compatibility between smart cards, card-reader
devices, and applications
41
Mondex Smart Card
Holds and dispenses electronic cash
Developed by MasterCard International
7
Requires a “Mondex Card Reader” for
merchant or customer to be installed on the
computer to use it over the Internet
Supports micropayments as small as 3 cents
and works both online and off-line at stores
or over the telephone
42
Mondex Smart Card
Disadvantages
7
Card carries real cash in electronic form,
creating the possibility of theft
No deferred payment as with credit cards cash is dispensed immediately
43
Mondex Smart Card Processing
7
44
Credit and Charge Cards
Credit
7
card (ex.: Visa or MasterCard)
Used for the majority of Internet purchases
Has a preset spending limit
Charge card (ex.: American Express)
No spending limit
Entire amount charged due at end of
billing period
A merchants must set up a merchant account
to accept payment cards (credit or charge
cards)
45
Payment Acceptance
and Processing
7
Law prohibits charging payment card until the
merchandise is shipped. This works fine with a
normal store, but not simply with the Internet
shopping
Payment card transaction requires:
Merchant to authenticate payment card
Merchant must check with the card issuer to
ensure funds are available and to put hold on
funds needed to make current charge.
(Processing charges for downloaded software
can be requested immediately)
Settlement occurs in a few days when funds
travel through banking system into merchant’s
account
46
Open and Closed
Loop Systems
7
Closed loop systems
Banks and other financial institutions serve as brokers
between card users and merchants who want to use a
particular type of card -- no other institution is involved
American Express and Discover are examples
Open loop systems
Transaction is processed by a third party, such as an
acquiring bank, that works as an intermediary between the
customer’s credit card issuing bank and the merchant’s
bank.
Whenever a transaction is processed by a third party, it is
called open loop system
Visa and MasterCard are examples
47
Setting Up a Merchant Account
7
Merchant bank (both Internet and non-Internet)
Does business with merchants that want to
accept payment cards
Merchant receives an account number where
they deposit card sales
Amounts of sales are credited to the merchant’s
account on a periodic basis
Acquiring Bank (May be same as the Merchant
bank)
Several third-party Internet and Web based credit
card processing services are available to handle
all details of processing credit cards
48
Processing Payment Cards Online
7
Can be done automatically by software packaged with the
electronic commerce software
Use a payment processing service company: A merchant can
contract a third party to handle all payment card processing
In both cases, a software is used to capture credit card
information from the merchant’s form and connect directly to
the processing bank network using dial-up or private, leased
lines
The processing bank network receives credit information,
performs credit card authorization with the issuing bank, and
presents transaction for processing
The issuing bank then deposits the money in the merchant’s
bank account
The merchant’s web site receives confirmation or rejection of
the transaction, which is communicated to the customer
49
Processing a Payment Card Order
7
50
Processing a Payment Card Order
Processing
Credit Cards for Online
Payment - Microsoft Paper:
7
http://msdn.microsoft.com/workshop/se
rver/commerce/creditcard.asp
51
Payment Processing Services Company
Internetsecure
Provides secure credit card payment services
Supports payments with Visa and MasterCard
Provides risk management and fraud detection,
and ensures all proper security for credit card
transactions is maintained
Ensures all transactions are properly credited to
merchant’s account
Tellan
Provides two software: PCAuthorize for smaller
commerce sites and WebAuthorize for larger
enterprise-class merchant sites
7
52
Payment Processing Services Company
7
IC Verify
Provides electronic transaction processing for merchants for
all major credit and debit cards
Also allows check guarantees and verification transactions
Authorize.Net
Online, real time service that links merchants with issuing
banks by simply inserting a small block of HTML code into
their transaction page
The customer order is encrypted and transferred to the
Authorize.net server.
The server then relays the transaction to the processing
bank
The merchant must have an Authorize.net account to use
the services
Visit Authorize.Net: http://www.authorizenet.com
53
Secure Electronic Transaction (SET) Protocol
7
Jointly designed by MasterCard and Visa with
backing of Microsoft, Netscape, IBM, GTE, SAIC,
and others
Designed to provide security for card payments as
they travel on the Internet
SET protocol is based on the security
requirements of Secure Socket Layers (SSL)
protocol which uses message digest, privatepublic keys, encryption, digital signature, digital
certificate, and digital envelope
In addition, SET validates consumers and
merchants while providing secure electronic
transmission
54
Secure Electronic Transaction (SET)
Protocol
7
Goal is to have single method of conducting payment
transactions on the Internet; although acceptance of the
standard has been slow
SET specification:
Uses public key cryptography and digital certificates for
validating both consumers and merchants.
It provides
Privacy: Hides customer credit card information from
merchants and also hides order information from banks
Data integrity: Data is not altered; hashing/message digest
Authentication: A method to verify a buyer and merchant
through digital signature
Nonrepudiation: Protection against customer’s denial of orders
made and merchants denial of payments received
55
Secure Electronic Transaction (SET)
Protocol
7
In SET protocol, there are four entities: cardholder,
merchant, certificate authority, and payment
gateway.
The role of payment gateway is to connect the
Internet and proprietary networks of banks.
Each participating entity needs its own certificate
To keep the customer’s certificate in his or her PC,
software called the electronic wallet, or digital
wallet, is necessary
56
SET Payment Transactions
SET-protected payments work like this:
7
Consumer makes purchase by sending encrypted
financial information along with digital certificate
Merchant’s website transfers the information to a
payment card processing center while a
Certification Authority certifies digital certificate
belongs to sender
Payment card-processing center routes
transaction to credit card issuer for approval
Merchant receives approval and credit card is
charged
Merchant ships merchandise and adds
transaction amount for deposit into merchant’s
account
57
SET Protocol
So
7
far has received lukewarm reception
80 percent of SET activities are in
Europe and Asian countries
Problems with SET
Not easy to implement
Not as inexpensive as expected
Clumsy
Not tried and tested, and often not needed
58
SET Protocol
Visit
7
VISA Web site for SET
http://www.visa.com/nt/ecomm/security/
set.html
59