Transcript CSE-302-Mobile Payment

CSE-302 Mobile Payment
Dr. R. B. Patel
1
What is Driving Mobile Payment?
• Maximization of revenue from wireless
data services
• The handset as personal trusted device
• Encouraging adoption of next
generation mobile devices
2
What is payment?
• A payment is the transfer of wealth from
one party (such as a person or company)
to another.
• A payment is usually made in exchange
for the provision of goods, services, or
both, or to fulfill a legal obligation.
• The simplest and oldest form of payment
is barter, the exchange of one good or
service for another.
3
Continue…
• In modern age a payment system is a set of
procedures and associated computer networks
used to settle financial transactions in bond
markets, currency markets, and futures,
derivatives and options markets, and to transfer
funds between financial institutions.
• Due to the backing of modern fiat currencies
with government bonds, payment systems are a
core part of modern currency systems
4
Continue…
• Barter is a type of trade in which goods or
services are directly exchanged for other goods
and/or services, without the use of money.
• It can be bilateral or multilateral, and usually
exists parallel to monetary systems in most
developed countries, though to a very limited
extent.
• Barter usually replaces money as the method of
exchange in times of monetary crisis, when the
currency is unstable and devalued by
hyperinflation.
5
Continue…
• In the modern world, common means of payment by an
individual includes money, check, debit, credit, or bank
transfer, and in trade such payments are frequently
preceded by an invoice or result in a receipt.
• However, there are no arbitrary limits on the form a
payment can take and thus in complex transactions
between businesses, payments may take the form of
stock or other more complicated arrangements.
• In law, the payer is the party making a payment while
the payee is the party receiving the payment.
6
What is micropayment?
• Micropayments are means for transferring very small
amounts of money, in situations where collecting such
small amounts of money with the usual payment
systems is impractical, or very expensive, in terms of
the amount of money being collected.
• Micropayment originally meant 1/1000th of a US dollar,
meaning a payment system that could efficiently handle
payments at least as small as a tenth of a cent, or few
paisa to rupees.
• but now is often defined to mean payments too small to
be affordably processed by credit card or other electronic
transaction processing mechanism.
• The use of micropayments may be called Microcommerce.
7
Continue…
• A micropayment is an online transaction of
a small denominations e.g. $2, £3.50, or
€4, and can be used for digital content
purchase such as music, news or
consumer reports.
• A micropayment can also be used to
charge for digital services such as P2P
applications and access to website
member areas.
8
Continue…
• A micropayment system is an online payment
systems which supports charging relatively small
amounts for online content or services.
• Here the speed and cost of processing
payments are critical factors in assessing a
schemes usability.
• Fast user response is essential if the user is to
be encouraged to make a large number of
purchases.
• Processing and storage requirements placed on
micropayment providers and vendors must be
economic for low value transactions.
9
What is a macropayment system?
• A macropayment is an online transaction
of higher denominations e.g. €10.
• Macropayments play a key role in the
billing of tangible goods but are also
commonly used for digital content and
services e.g. subscriptions, software,
games and more.
10
Continue…
• A macropayment system is an online
payment system specialized on the
processing of higher amounts in
comparisn to micropayment.
• Apart from speed and costs a high degree
of protection is essential such as scoring
and creditworthiness checks, risk
management and fraud protection.
11
Evolution of Online Payments
12
Mobile payments
• Mobile payments can be split into three categories- mobile content,
out-of-band and proximity.
• Because of their expertise in the area of billing, network operators
are suited to deliver - payment services for mobile content.
• This type of payment is sometimes referred to as in-band where the
content and the payment channel are the same.
• An example is a chargeable WAP service over GPRS. Users will
either be offered subscription or per usage payment models.
• For per-usage users, the nature of the technology and services
means that transactions will be small, so operators need to
implement low-friction micropayment.
• Applications that could be covered by in-band transactions included
video streaming of sports highlights or video messaging.
13
Continue…
• Out of band refers to the fact that the payment channel is
separate to that used for a shopping phase.
• For example, a credit card holder may use their mobile device
to authenticate and pay for a service they consume on the
fixed line Internet or interactive TV.
• In order to make the wireless device suitable for
authenticating payments, financial institutions are especially
interested in wireless PKI, shared secret (or symmetrical key)
schemes, or best of all merging with their chip card programs
via dual slot or dual chip devices.
• Public Key Infrastructure (PKI) enables the implementation of
legally binding virtual transactions using digital signatures
critical to stem the losses suffered by financial institutions
through payment repudiation and other fraud.
14
Continue…
• A promising payment application for mobile
commerce is proximity transactions using the
device to pay at a point of sale, vending
machine, ticket machine, tolls, parking, etc.
• By leveraging parallel technologies, such as
Bluetooth and 802.11, mobile devices can be
transformed into sophisticated payment devices
that can process both micro and macro
payments.
• Pilots are already under way in Japan and
Scandinavia using technologies such as SMS,
infrared and contact fewer chips (RFID).
15
Evolution of mobile payments
16
Mobile payment types
Payment
Type
Mobile Content
Out of band
Proximity
Example
Anne is on holiday,
and uses her
Nokia 7650 to
take a photo,
adds audio
comment, and
sends it via MMS
to Robert. She is
charged $1 to
her prepay
account
An SMS notifies Anne that U2
concert tickets have just gone
on sale. From an Internet café
she browses to the ticket
vendor site, books her tickets
and pays with her Visa card.
The payment authentication
request
Appears on her mobile phone via
SMS, and she authenticates
using a personal PIN, digitally
signing the order. A receipt is
sent to her phone.
Back at home , Anne is at
her photo and imagine
shop; she transfers her
holiday photos from her
digital camera to the
store computer over as
Bluetooth link; the
payment request is sent
to telephone, also over
Bluetooth, where she
accepts it, and her
credit card information
is returned to the store
point of sale device.
Technology
Enablers
EMS, MMS
2.5G (Eg. GPRS) 3G
SMS, SIM Toolkit application, WAP
Push, WPKI, Dual slot, Dual
SIM, J2ME.
Bluetooth 802.11b, IrDA
Payment
Features
Meditation system
integrated with
real time stored
value
micropayment
system
Wallet server with SMS and
wireless PKI support, Acquiring
gateway
Payment Java applet on
mobile phone and point
of sale device.
17
Phases of Mobile Payment Transaction
18
Secure Electronic Transaction (SET)
• Secure Electronic Transaction (SET) is a system for
ensuring the security of financial transactions on the
Internet.
• It was supported initially by Mastercard, Visa, Microsoft,
Netscape, and others.
• With SET, a user is given an electronic wallet (digital
certificate) and a transaction is conducted and verified
using a combination of digital certificates and digital
signatures among the purchaser, a merchant, and the
purchaser's bank in a way that ensures privacy and
confidentiality.
• SET makes use of Netscape's Secure Sockets Layer
(SSL), Microsoft's Secure Transaction Technology (STT),
and Terisa System's Secure Hypertext Transfer Protocol (SHTTP).
• SET uses some but not all aspects of a public key
19
infrastructure (PKI).
Key features
• To meet the business requirements, SET
incorporates the following features:
• Confidentiality of information
• Integrity of data
• Cardholder account authentication
• Merchant authentication
20
Participants
A SET system includes the following
participants:
– Cardholder
– Merchant
– Issuer
– Acquirer
– Payment gateway
– Certification authority
21
Transaction
1.
The customer obtains a credit card account with a bank
that supports electronic payment and SET
2. The customer receives an X.509v3 digital certificate
signed by the bank.
3. Merchants have their own certificates
4. The customer places an order
5. The merchant sends a copy of its certificate so that the
customer can verify that it's a valid store
6. The order and payment are sent
7. The merchant requests payment authorization
8. The merchant confirms the order
9. The merchant ships the goods or provides the service to
the customer
10. The merchant requests payment
22
Mobile Payments: Trends in Enabling
Technology
• A number of mobile payment models
have been proposed, piloted and
implemented.
• They use a range of technologies
including SMS, WAP, SIM application
toolkit (SAT), USSD, IVR, dual slot
phones, dual SIM phones, Bluetooth,
Infrared, bar code readers and contactless
chips.
23
Continue…
24
Mobile operator payment systems
• A Server Wallet: This is an encrypted store of
users, personal data- payment data, addresses,
personal preferences, receipts.
25
Continue…
• An Acquiring Gateway: This system, used as
an electronic point of sale (ePOS), is capable
of routing or switching payment transactions
for multiple merchants and currencies to
different backend systems. For example, the
same system might process a prepay top-up
request for a Visa card and a purchase with a
debit card. This module also provides online
merchant/content provider reporting and
transaction management.
26
Continue…
• Prepay Top-Up System: This allows top up
requests originating from multiple sources .
Terminals over PSTN or X.25, IVR systems,
Web and WAP, ATM to be processed, and
routed to multiple prepay systems for on-line
top-up of voice or other stored value. It can
also handle off-line top-up by storing and
managing top-up codes, which is more cost
effective than using scratch cards.
27
Continue…
A Prepay (stored value) System:
• This system manages the user’s accounts, maintaining
their balance, and providing features such as parent
and child accounts.
• Transactions may debit the system in real-time, or an
external application may draw funds and refund any
unused portion.
• This module also facilitates managing loyalty
programs and private label on us, telco cards, and
some operators may even issue their own plastic
cards
28
Continue…
• A Merchant Accounting System: This is
used to maintain merchant accounts, calculate
commissions and generate settlements for the
merchants, such as writing checks or
performing EFT file transfers.
29
Continue…
Content
Provider
Internet and
Operator Data
Services Network
Consumer
Operator Payment System
Merchant
A/C
System
Stored
Value
Prepay
Prepay
Top-up
Voice
Prepay
Wallet
Server
Billing
System
Acquiring
Gateway
Bank
30
Financial Institution Payment Systems in
Mobile Environment
• Wallet Server - In the past, banks deployed wallets to
their customers in an effort to maintain a relationship
with their customers in an on-line environment.
• Most wallets were stored on the users desktop and were
difficult to install and use.
• The wallet server plays a similar role as in the operator
environment-as a secure repository of personal data.
 Financial institutions choose various models for
authenticating payments- such as via SMS and SIM
toolkit applications, WPKI, single use passwords, pseudo
numbers, Visa 3-D Secure and MasterCard SPA.
31
Continue…
Risk Management Modules:
• For avoiding fraud- authentication of cardholders (by
User ID and password/PIN, chip cards and digital
signatures).
• The use of pseudo numbers in place of real card
numbers, and the implementation of protocols
devised by Visa (3-D Secure, or
• Verified by Visa) and MasterCard SPA. These
security mechanisms are normally implemented as
part of a wallet server type platform
•
32
Continue…
Acquiring Gateway.
 This is an essential system for an acquiring
bank, allowing payment transactions to be
routed to multiple backend interfaces.
 Payment transactions based on credit cards,
debit cards, corporate purchase cards and
loyalty cards are routed onto private financial
networks through a payment gateway.
 The types of transactions include topping up a
voice or other stored value system, paying for a
transaction, subscription or settling a bill.
33
Continue…
Card Management System
 Essential for a payment card issuer, this
system handles the cardholder accounts,
manages the account creation process,
interfaces to card embossing systems,
real-time authorizations, and settlements.
 For risk control using pseudo numbers and
MasterCard SPA, the Card Management
System is linked with the Wallet Server.
34
Continue…
• Merchant Accounting SystemAcquiring banks use merchant account
systems to manage their merchant base,
including commission calculation and
settlements.
35
Continue…
• Dispute Resolution System- A critical
component for both issuers and acquirers,
this automates the management of
disputed payment transactions and is
applied to both issuing and acquiring
systems
36
Continue…
Internet and Operator
Data Service Network
Consumer
Content Provider
Bank payment System
Merchant
A/C
System
Dispute
Resolution
Card
Management
System
Risk Management Control e.g.
Pseudo Numbers, MasterCard
SPA, Visa 3D Secure
Wallet
Server
3D
Secure
Pseudo
Numbers
Acquiring
Gateway
M/C
SPA
Financial
37
Network
Open and Closed Systems
• The question of open and closed systems often arises in mobile
commerce.
• An open payment system is one in which the payment instrument
can be issued by one or more. Issuers-and can be acquired by one
or more Acquirers.
• Typically an Interchange Association exists to set the rules and
administer an interchange network-for example, Visa or MasterCard
in the case of payment cards, or NACHA in the case of US direct
debit/ACH.
• In a closed payment system, the payment issuing and
acquiring are performed by the same entity. American
Express, Diners Club and Discover Card are examples of
closed systems.
38
Trintech Payment Systems-PayWare
Internet and Operator
Data Service Network
Consumer
Content Provider
Trintech Payment System
PayWare
eCMS
Acquirer
PayWare
eCMS
Issuer
mAccess
PayWare
Prepay
PayWare
eAcquire
PayWare
elssuer
PayWare
Resolve
3D Secure
Pseudo
Numbers
M/C
SPA
Bank
Voice
Prepay
39
Point of Sale (POS) Payment
POS provides the following to Strategic Partners:
•
•
•
•
•
A turn-key solution.
Assistance with the bankcard Association of co-branding application and
subsequent card order.
Assistance with applying for a PIN for the new card if applicable.
Card and account management for all POS VISA debit cards issued by the
Bank. Settlement services.
Transaction processing, including–
–
–
–
–
Loading Visa Electronic Card accounts.
Account maintenance.
Visa Electronic Card authorization.
Customer Support.
Second level customer support – using IVR, call center and Web based
technology.
– Continued product and service innovation.
– The ability to leverage the POS brand as we continue to expand in the
global prepaid marketplace.
40