internet transactions
Post on 06-May-2015
1.913 Views
Preview:
DESCRIPTION
TRANSCRIPT
3
• Aqib Farooq• Kunal Bhatt
4
5
• Is a system that permits online payment between parties using an electronic surrogate of a financial tender
• The electronic surrogate is backed by financial institutions and/or trusted intermediaries
• The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tender
6
New ePayment Solutions
Security Infrastrucur
e
Business
Realities
Authentication Models
Spa
Customer Profiles
Payment Types
7
Defined as the medium in which the value is recognised in a payment transaction
Card-based such as
Credit and charge cards ○ buy now, pay later
Debit cards ○ buy now, pay now
Cash cards, stored-valued, e-cash ○ buy now, prepaid or pay before
8
Most widely used banks able to leverage existing card
infrastructureappears ‘defacto’ online payment
Largely unencrypted‘card-not-present’ transactions processed
without customer & merchant authentication Charge back risk for merchants
charge-back is when customer demands a refund
banks transfer liabilities of charge-backs to the merchants
merchants need to have a bond to cover such charges
9
• Direct electronic transfer of account - direct account debiting
• Uses chip/smart eWallets
• Digital signature to secure access
• Connected to eBanking solution
10
• A system of purchasing cash and storing the credits in consumer’s computer
• Computerised stored value is used as a form of cash to be spent in small increments
• A third party is involved in the payment transactions
• Examples: Beenz, Billpoint, Paypal
11
• Payment solution on a proprietary protocol that allows payment over the Internet
• A digital/virtual wallet with prepaid credit-based/token-based payment system
• Enables low-value electronic payments on the Internet
• Limited distribution, proprietary solutions
• Needs to install card reader and download free eWallet
12
• A formatted email message that consists of payee name, amount, payment date, payer’s account number, and payer’s bank
• Digital certificate and signature are used to secure the cheque so that the contents are not tampered with
• A signed electronic cheque is exchanged between the parties’ financial institutions through automated clearing house
13
Internet
Private network
Internet
Bank network
•Use of stolen card
•Credit card number or password stolen from computer
•Unauthorised access
• Information modified in transit
•Payment info stolen from merchant
•Masquerading as legitimate merchant
•Key info stolen by merchant staff
• Information modified in transit
• Information stolen
Buyer
MerchantPayment gateway
14
• The Trust Principle
– The parties to the transaction must trust each other
– Buyer must believe that seller is legitimate and will deliver the goods
– Buyer must believe that goods are as represented and are worth the price
– Seller must believe that buyer is legitimate and will pay for the goods purchased
15
• The Security Principle
– Parties need a secure environment in which to conduct the electronic transactions
– Seller needs to protect the details of the transactions
– Buyer needs to be certain that his/her information is securely handled and stored
– Buyer needs to be certain that information is not stolen that it can be inappropriately used
16
Identification and authenticatethe ability to verify both the transacting parties
Authorisationthe ability to validate the rightful owner to the transaction
Integrity and confidentialitythe ability to transmit the transaction securelythe ability to store the transaction properly
AccountabilityThe ability to provide audit trail as evidence in dispute
Policies for sharing risks and liabilitiesthe mechanism to settle disputes/non-repudiation
17
• Protocol by Visa and MasterCard released in 1996
• 3 party system - cardholder, merchant and bank using SET-enabled systems
• Uses digital certificate to ensure cardholder is who he/she says he/she is or claims to be
• Credit card details are invisible to merchants, protected by encryption for clearing bank
18
Buyer
Issu
ing B
ank M
erchant
Acqui
ring
Bank
Visa/Mastercard
Bills buyerPays bank
Orders goods
Deliver goods
Reimburses merchant
Voucher to Acquiring Bank
Transaction voucher to Issuing Bank
Issuing Bank pays Visa / Mastercard
Sends transaction voucher to Visa / Mastercard
Visa / Mastercard reimburses Acquiring Bank
1
2 745
3
6
8
9
19
• SPA is an authenticated payment system that involves participation of the cardholder, cardholder’s issuer, and merchant
• Cardholder needs authentication mechanism from the issuer such as a browser plug-in or an electronic wallet in their computers
• Merchants needs plug-in from the acquirer in shopping cart to carry hidden fields of transaction-specific information which can be checked with the security token…..
20
21
top related