Transcript Government Payment Gateway - Korean PG for e-Government Case Study Chang-Kang Seol

Government Payment Gateway
- Korean PG for e-Government Case Study
2007. 5. 24
Chang-Kang Seol
ISGEG
Index
1. Background of e-Commerce market
2. Key Issues
3. PG (“BankPay”) service for e-Gov in Korea
•
Briefs on BankPay
•
Operational Feature
•
Technical Feature
•
Security
•
Customer Protection
4. Conclusion
Background of e-Commerce market in Korea
- Historical background
1. Market Needs for e-Payment, security technology from internet shopping mall
in late 1990’s
2. Starting the online bank transfer of Dacom (private co) through X.25 in 1997
3. Establishing PG (“Bankpay”) for the safe public e-Payment in 2000
4. Resulting in growth of e-Commerce in 2000’s
Growth of e-Commerce
Legal & policy support
(Korean Government Support)
Sales
Increase
Stable
Operation
of Shop
Cost
Effectiveness
Internet Shopping Mall, CPs etc.
+
Security
Multi
e-Payment
Solutions
Stability &
Easiness
Payment Gateway
- Market background
1. Continuous growth of e-Commerce market
2. About 100 in 2002 then now about 50 PG companies with 5 majors of which
M/S is over 80%
- Inisys, Cyber Payment, Dacom, KCC, Bankpay
3. Competitive market
4. Trend for Users to move into major PGs based on security and low costs
▣ Trend of e-Commerce Transaction
Year
e-Commerce Transaction
(Unit : USD Mil)
2001
2002
2003
2004
2005
2006
118,976
177,809
235,025
314,079
358,451
413,585
49%
32%
34%
14%
15%
(Growth Ratio)
B2B
108,941
155,707
206,854
279,399
319,202
366,191
B2G
7,037
16,632
21,634
27,349
29,036
34,436
B2C
2,580
5,043
6,095
6,443
7,921
9,132
Etc.
418
427
442
888
2,292
3,826
* Source : Korea National Statistical Office
▣ Trend of e-Payment System (Electronic based payment)
Movement from paper based payment into electronic based payment
* Electronic based payment : payment through data transfer using ICT infra
[No. of transaction]
Electronic based Payment
[Amount]
Paper based Payment
* Source : Bank of Korea “Trend of Payment System” 2005. 4.
- Legal background for e-Commerce
1997.8
Specialized Credit
Financial Business
Act
2000.12
Regulation for
Supervision on
Banking
Institutions
2002.3
2006.1
e-Commerce
Consumer
Protection Act
Electronic Finance
Transaction Act
Purpose
Purpose
Purpose
Purpose
• To define off-line
financial transaction
• To grant Financial
Supervisory
Service to
supervise PG
• To create institutional
basis for customer
protection
• To define the electric
financial transaction
• To regulate legal
relation in Off-Line
Financial Transaction
• To regulate legal
relation in FET
• To regulate security
• To secure stable
transaction for
e-Commerce
Feature (2002.3)
Feature
Feature
• Enforcing Biz
registration on PG
• To position PG
as a legal entity
• To supervise PG
• To establish protection
device from consumer
damage
• To set up the clear
legal structure
• To define regulation
on PG
• To secure On-Line
credit card
transaction
• To regulate PG for
its sound transaction
•To oblige PG to
secure information
• To introduce insurance
to protect consumer
damage form eCommerce
Feature
• To secure customer
using EFT
• To regulate &
supervise healthy
development of EFT
Key Issues in Korea
- Protection from customer damage (Identification/Reparation)
▣ Legal Risk
- Who will identify the faults and take the responsibility of reparation from the damage
▣ Operational Risk
- Network hacking, system down
▣ Settlement Risk
- Bankrupt
- Operational Issue
▣ Operation by Government
▣ Operation by Private Companies
- Security Standard Issue
▣ Network Security
• Encryption Technology
Symmetric or Asymmetric Algorism (Public Key Algorism)
Message Digest (Hash Function) / Electrical Signature (Private Key)
SSL (Secure Socket Layer) / SET (Secure Electronic Transaction)
• Authentication by third party
▣ Host System Security
• Firewall
• Intrusion Detection System
BankPay (PG of Korean Government)
Founded by Korea Financial Telecommunications & Clearings
Establishment Institute (KFTCI), incorporated association chaired by the Bank
of Korea established in 2000
e-Payment
Method
Service for Payment Gateway to government organizations &
private commercial operators
- Credit Card, Bank Fund Transfer & K-Cash
Feature
Featured by Most Banks’ Participation, Real Time Transaction &
Low Cost
Service
Area
Service for most of public organization as e-Procurement, Land
Titling, G4C etc. and for commercial entities as on-line shop,
internet auction, tuition fee etc.
(Unit : U$ Mil)
Sales Increase
Sales
2001
2002
2003
2004
2005
4
52
75
109
230
* Source from KFTC 2006
Operational Structure
Founded by Korea Financial Telecommunications & Clearings Institute (KFTCI),
incorporated association chaired by BOK supervised by FSS (Financial Supervisory
Service)
Bank Association
Bank of Korea
(Chair)
Financial Supervisory
Service
Regular Member
(12 Banks)
Associate Member
(10 Banks)
Governing
CD
N/W
IFT
N/W
Check
Clearing
KFTC
Paper
Giro
HOFINET
(Incorporated
Association)
Electric
Giro
K-Cash
N/W
Internet
Giro
Bank
Line
BankPay
(PG)
CMS /
Giro EDI
Bank B2B
Card VAN
K-Cash
UBI
(Mobile Pay)
: Inter Bank
Fund Transfer
: Inter Bank
Home/Firm
Banking System
Services
- e-Government Framework (Single window for e-Payment)
Citizens
Government / Agency Office
Business
► Services requiring
Vendors/Suppliers
Internet e-Gov portal / Kiosks
payment solution
Telephony Contact (Voice/Fax/…)
/ Registration & ID
e-Procurement
National Assembly Session ► e-Citizen
(Family/Employment/...) ►
Broadcasting System
Integrated System for
► u-Logistics Postal Service
Social Insurances
National Assembly Minutes ►
Publishing Sys
Hospital
Magic School
► e-Healthcare:
► e-Education:
Information System
and Campus
Legislative Information
System
/ Home Tax
and e-Clearance
► National
► e-CustomsSystem
Service
e-Library: Library of
National Assembly
Vehicle and Driver License
Intelligent Transportation
►
Service System
System
Election Process
Automation
911 / Police Support System ► Automatic Fare Collection
System
►
►
Court
Session/Decision/Patent/
Auction Information Sys
Land Registration and
Information System
Cadastre Management
Information System
Legislative Information
System
Electronic Filing System
►
Immigration Control
System
Inter-government Intranet: Inter-agency collaboration
Assembly Information /
Material Communication
National Assembly
Operations Support Sys
Administration N/W
Finance N/W
E-Document
Shared Information of
Local Government
Standard Human
Resources System
National Finance
Information System
Integrated Information Infrastructure
Education N/W
Defense N/W
Civil/Criminal Trial
Procedure System
Court Knowledge
Management System
Police N/W
Logistics N/W
Establishment
Established in year 2000 for the Public e-payment system in to comply with the market
needs due to the rapid growth of the e-Commerce (internet shopping mall) in late 1990’s
02.10
00.11
Service
e-Tax
(National/Home
Tax Service)
90.3
DB
Integrated
Social
Insurance Sys
91.1
Vehicle
Registration /
Driver License
e-Citizen / NID
(Family/
Employment)
02.9
e-Procurement
Sys
91.2
Real Estate
Management
Information Sys
90.4
e-Custom
e-Clearance
Sys
91.3
Business
Registration
02.10
e-Gov Portal &
Kiosks
99.9
e-Learning
Sys
95.12
Passport &
Immigration
Control
00.12
BankPay
(PG)
87
IT Infra
~
91
Provision PC
& ICT Use
Education
89.12
Groupware
(e-mail/
e-document)
Public Admin &
Education N/W
Finance N/W
e-Gov
EA Planning
Public
Internet Center
Position in e-Payment Market in Korea
Electronic
Payment
Networ
k
e-Cash
Network
Mobile
Internet
Telephone
Line(X.25)
Terminal /
Kiosk
Mobile PG
PG
VAN
Traffic PG
KICC
NICE
KS-NET
Etc.
Intec
C&C
MYBI
Service
Provider
Infohurb
Mobilians
Ubi
Relevant
Co.
Telecom
Companies
Bank
Transfe
r
Credit
Card
Bankpay
Dacom
Inisys, KCP
Etc.
Financial
N/W Co.
Prepaid
Card
e-Cash Co.
SK / KTF / LG
Financial
Institutes
Traffic
Card
e-Cash
Transport
Companies
Transport Co.
Banks / Card Companies
Challenges of BankPay
Stable & convenient
Internet Payment Service
Optimized
Solution
• e-Procurement
• Online appeal
• Content
• Shopping mall
User Interface
Security
Suitable/ flexible
Payment service
payment module
secured on the
to user platform
basis of PKI
Payment
Method
• Credit Card
• Bank Transfer
• K-Cash
Technical Feature
- Technical Components
Main Server
• Payment Gateway
Security
• Backup
• Internet
• DB
• Firewall
• IDS
System Management
• NMS
• SMS
PG Solution
• e-Payment
• Call Center
(CTI)
Technical Feature
- Technical Architecture
e-Gov Portal /
Web Server
BankPay
P/G
Wallet
CCIS
Cust
omer
INTERNET Web
(OpenNetwork)
HTML Form
server
(eGov)
TX
server
P/G
server
(S/W)
(H/W, S/W)
(H/W, S/W)
CMS
(N/W)
Internet(TCP/IP)
CARD
BANK
Technical Feature
- Service related program
Wallet
TX Server
• Payment module on Active-X Control
• Installation on Customer’s PC downloaded from BankPay Server
• Encrypting Payment Information with e-Signature
• Client’s Request to start User’s payment process for payment
• Communication program between PG with Users
• Encrypting Payment Information with e-Signature using Authentication
Certificate issued by Certification Agency (“Yessign”)
• Providing the most appropriate TX Server in compliance with User platform
Payment
Request
• Page for Customer to request for payment for products or services
Ex) Ordering page of shopping mall
Payment
Process
• Transfer payment request which is compiled by the Service (Windows NT)
or Java Class (Unix) to PG
• DB storage after payment processed by PG
• Notice final payment result from PG to User with ASP/JSP/CGI Etc.
Request
Cancellation
• Request for cancellation to PG
Payment
Cancellation
• Transfer cancellation request which is compiled by the Service
(Windows NT) or Java Class (Unix) to PG
• DB storage after cancellation processed by PG
• Notice final cancellation result from PG to User with ASP/JSP/CGI Etc.
Technical Feature
- Sequence Diagram
Customer
Wallet
(Customer
PC)
e-Gov
Payment
Request
① Click
payment
button
Payment
Process
BankPay
TX
Server
PG
Server
② Activating
Wallet Software
Customer
③ PW /
Payment
Information
④ Request for
Payment
⑨ Notice
Payment
Result
⑤ Compiling
Payment
Information
⑧ Log storage /
Payment
Result
DB
⑥ Encrypting
Payment
Information
(e-Signature)
⑦ Result for
Payment
⑨ Notice
Payment Result
Security
• Electronic signature using PKI Technique
• Accredited certificate is a certificate issued by YESSIGN, an accredited certification
authority pursuant to "Electronic signature Act“.
• Certificate has a series of data which include Subscriber's Electronic signature
verification data, Serial numbers, Subscriber's name and the term of validity etc.
Security
- Certificate Agency _ Korea Information Security Agency
• Below that, there're 6 accredited certification authorities :
• Korea Financial Telecommunications & Clearings Institute, Koscom Inc., KTNET,
National Computerization Agency, Korea Electronic Certificate Authority, Korea
Information Certificate Authority Inc.
Customer Protection
- Protection from customer damage
• Identification
• Reparation
▣ Financial Troubles in e-Payment in Korea
No. of Fault
Contents
Bank
Credit
Card
Amount (thousand U$)
‘02
‘03
‘04
‘05.7
Tota
l
‘02
‘03
‘04
‘05.7
Total
Internet Banking
1
-
1
2
4
71
-
3
68
142
Tele banking
-
1
5
8
14
-
10
162
262
434
Card Forgery ㆍ
Reproduction
4
6
6
-
16
452
66
26
-
544
Program Default
-
1
8
2
10
0
0
0
0
Card Forgery ㆍ
Reproduction
-
1
-
-
1
184
-
-
184
Program Default
-
1
-
-
1
-
0
-
-
0
Total
5
10
20
10
46
523
260
191
330
1,304
Source : 2005 Inspection of Administration
▣ Liability of reparation and identification of responsibility
- Electronic Finance Transaction Act (2006)
- Apply the principle of liability without fault to personal users and the principle of
liability with fault to companies
Principle of
liability without
fault
(Personal user)
Principle of liability with fault (Corporate user)
Simple
negligence rule
Contributory
negligence rule
Comparative
negligence rule
Liability of
identification
No
Sufferer or harmer
Person himself
3rd Party(Court)
Liability of
reparation
Sufferer’s
counter part
Harmer
Harmer subject to
sufferer’s fullness of
its obligation
Balancing
▣ Main contents of Electronic Finance Transaction Act (2006)
Stability
- Responsibility for financial institutes to compensate the user with the damage
arising from forgery/reproduction, fault in data transmission and process
- Regulated and supervised by Financial Supervisory Committee and
provision of the standard for PKI (Clause 20)
Mandatory storage of transaction records for 5 years (Clause 21)
Limitation of credit (Clause 22)
Consumer
Protection
Damage after notice to loss and theft shall be borne by financial institutes
(Clause 9)
Protection on user information (Clause 25)
Arbitration Clause (Clause 26)
Supervision
- GAAP & financial standard (capital structure / asset management /
liquidity )(Clause 41)
Conclusion
1. Customer Protection backed by Government’s legal & policy support
- Electronic Finance Transaction Act
- Promotion e-payment by way of deduction of Tax
2. One window PG for most of the public e-Payment
- Cost, time effectiveness
3. Technical Support
- Standard technical architecture
- Easy access (ICT infrastructure)
KFS for PG for public service
Legal & policy
Support
Technical
Support
Effectiveness
Legal & Policy
ICT
• Multi e-Payment
solutions
• Cost & Time
Effectiveness
• Customer Protection
• e-Payment Promotion
• Easy Access
(N/W expansion)
• Standard Application
(Security)
One window