Ch 11:Payment Systems Ch 11:Payment Systems for Electronic Commercefor Electronic Commerce

Presented by Sharon TaylorPresented by Sharon Taylor

IntroductionIntroduction

• Paypal, founded in 1999Paypal, founded in 1999

• Biggest use is clearing auctions on Biggest use is clearing auctions on eBayeBay

• FeesFees

• Profit marginProfit margin

• Payment surveillance softwarePayment surveillance software

• Bought by e-Bay in 2002Bought by e-Bay in 2002

Online Processing BasicsOnline Processing Basics

• Most popular electronic transfers Most popular electronic transfers from consumer’s checking accountsfrom consumer’s checking accounts

1.1. Automated payments for autoAutomated payments for auto

2.2. Insurance and mortgageInsurance and mortgage

• Most popular Internet payment Most popular Internet payment method: credit cardsmethod: credit cards

ScripScrip

• Digital cash minted by a companyDigital cash minted by a company

• Only goods of that companyOnly goods of that company

• Most currently (eScrip) for not-for-Most currently (eScrip) for not-for-profit fundraisingprofit fundraising

• Primary and secondary schools in Primary and secondary schools in U.S.U.S.

Payment Card TypesPayment Card Types

• Credit cardCredit card1.1. Spending limit based on credit historySpending limit based on credit history

2.2. Pay entire balance or minimum Pay entire balance or minimum paymentpayment

3.3. Interest on unpaid balanceInterest on unpaid balance

4.4. Widely acceptedWidely accepted

5.5. 30 days to dispute online purchase30 days to dispute online purchase

6.6. ““Card not present purchases”Card not present purchases”

Debit CardDebit Card

1.1. Removes amount of sale from bank Removes amount of sale from bank accountaccount

2.2. Transfers to sellers bankTransfers to sellers bank

3.3. Usually has name of credit card Usually has name of credit card issuerissuer

4.4. By agreement with issuing bankBy agreement with issuing bank

Charge CardCharge Card

1.1. American Express, Diner’s ClubAmerican Express, Diner’s Club

2.2. No spending limitNo spending limit

3.3. Entire balance due each monthEntire balance due each month

4.4. No interest charge or line of creditNo interest charge or line of credit

5.5. Issued by retailersIssued by retailers

Single Use CardsSingle Use Cards

1.1. Not classed as payment cardsNot classed as payment cards

2.2. Issued by payment card firmIssued by payment card firm

3.3. Unique card number valid for one Unique card number valid for one transaction onlytransaction only

4.4. American Express, MBNA, Citigroup, American Express, MBNA, Citigroup, J.P. Morgan J.P. Morgan

Advantages of Payment Advantages of Payment CardsCards

1.1. Fraud protection for merchantsFraud protection for merchants

2.2. Limited liability if stolenLimited liability if stolen

3.3. Worldwide acceptanceWorldwide acceptance

4.4. Currency conversion handled by Currency conversion handled by issuerissuer

5.5. No special hardware or software No special hardware or software neededneeded

Disadvantages of Payment Disadvantages of Payment CardsCards

1.1. Issuer charges merchants per-Issuer charges merchants per-transaction feestransaction fees

2.2. And a monthly processing feeAnd a monthly processing fee

3.3. Not cost effective for small Not cost effective for small transactionstransactions

Payment Acceptance & Payment Acceptance & ProcessingProcessing

• EMV standard for handling EMV standard for handling transactionstransactions

1.1. Developed by Developed by EEuropay, uropay, MMastercard and astercard and VVisaisa

2.2. Now called MasterCard InternationalNow called MasterCard International

• Must ship within 30 days of chargeMust ship within 30 days of charge

• Info sent using SSL encryptionInfo sent using SSL encryption

Steps in transactionSteps in transaction

1.1. Merchant authenticates payment Merchant authenticates payment cardcard

2.2. Checks to see funds are availableChecks to see funds are available

3.3. Puts hold on the credit line or fundsPuts hold on the credit line or funds

4.4. Settlement occurs in a few daysSettlement occurs in a few days

5.5. Funds move between banksFunds move between banks

Open and Closed Loop Open and Closed Loop SystemSystem

• Closed loop systemsClosed loop systems

– Card issuer pays merchants that accept the Card issuer pays merchants that accept the card directly and does not use an card directly and does not use an intermediaryintermediary

• Open loop systemsOpen loop systems

– Involve three or more partiesInvolve three or more parties

– Systems using Visa or MasterCard are Systems using Visa or MasterCard are examplesexamples

Merchant AccountsMerchant Accounts

• To process payment cards for Internet To process payment cards for Internet transactions an online merchant must transactions an online merchant must set up a merchant accountset up a merchant account

• New merchant must supplyNew merchant must supply

– Business planBusiness plan

– Details about existing bank accountsDetails about existing bank accounts

– Business and personal credit historyBusiness and personal credit history

Processing Payments OnlineProcessing Payments Online

• InternetSecureInternetSecure– Provides secure payment card servicesProvides secure payment card services

• First DataFirst Data– Provides merchant payment card processing Provides merchant payment card processing

services with the following programs services with the following programs • ICVERIFY, PCAuthorize, and WebAuthorizeICVERIFY, PCAuthorize, and WebAuthorize

• Banks connect to an Automated Clearing Banks connect to an Automated Clearing House (ACH)House (ACH) through highly secure, through highly secure, private leased telephone linesprivate leased telephone lines

Processing a Payment Card Processing a Payment Card TransactionTransaction

Electronic CashElectronic Cash• Term that describes any value storage Term that describes any value storage

and exchange system created by a and exchange system created by a private entity thatprivate entity that– Does not use paper documents or coinsDoes not use paper documents or coins– Can serve as a substitute for government-Can serve as a substitute for government-

issued physical currencyissued physical currency

• Attractive in two arenasAttractive in two arenas– Sale of goods and services of less than $10Sale of goods and services of less than $10– Sale of higher-priced goods and services to Sale of higher-priced goods and services to

those without credit cardsthose without credit cards

Micropayments and Small Micropayments and Small PaymentsPayments

• MicropaymentsMicropayments

– Internet payments for items costing Internet payments for items costing from a few cents to approximately a from a few cents to approximately a dollardollar

• Small paymentsSmall payments

– Payments of less than $10Payments of less than $10

Privacy and Security of Privacy and Security of Electronic CashElectronic Cash• Concerns about electronic payment Concerns about electronic payment

methods includemethods include

– Privacy and securityPrivacy and security

– IndependenceIndependence

– Portability Portability

– ConvenienceConvenience

• Advantages of electronic cashAdvantages of electronic cash

– Independent and portableIndependent and portable

Holding Electronic Cash: Holding Electronic Cash: Online and Offline CashOnline and Offline Cash

• Online cash storageOnline cash storage– Trusted third party is involved in all transfers of Trusted third party is involved in all transfers of

electronic cash electronic cash – Holds consumers’ cash accountsHolds consumers’ cash accounts

• Offline cash storageOffline cash storage– Virtual equivalent of money kept in a walletVirtual equivalent of money kept in a wallet– No third party is involved in the transactionNo third party is involved in the transaction

• Double-spendingDouble-spending – Spending electronic cash twiceSpending electronic cash twice

Advantages and Advantages and Disadvantages of Electronic Disadvantages of Electronic CashCash• Advantages of electronic cashAdvantages of electronic cash

– Transactions are more efficientTransactions are more efficient

– Transfer on the Internet costs less than Transfer on the Internet costs less than processing credit card transactionsprocessing credit card transactions

• Disadvantages of electronic cashDisadvantages of electronic cash– Use provides no audit trailUse provides no audit trail

– Problem of money laundering arisesProblem of money laundering arises

– Susceptible to forgerySusceptible to forgery

Providing Security for Providing Security for Electronic CashElectronic Cash• Cryptographic algorithmsCryptographic algorithms

– Keys to creating tamperproof electronic cash Keys to creating tamperproof electronic cash that can be traced back to its originsthat can be traced back to its origins

• Anonymous electronic cashAnonymous electronic cash – Electronic cash that cannot be traced back to Electronic cash that cannot be traced back to

the person who spent itthe person who spent it

• Creating truly anonymous electronic cash Creating truly anonymous electronic cash – Requires a bank to issue electronic cash with Requires a bank to issue electronic cash with

embedded serial numbers embedded serial numbers

Detecting Double Spending Detecting Double Spending of Electronic Cashof Electronic Cash

Electronic Cash SystemsElectronic Cash Systems

• CheckFreeCheckFree

– Largest online bill processor in the worldLargest online bill processor in the world

– Provides online payment processing services Provides online payment processing services

• ClickshareClickshare

– An electronic cash system aimed at An electronic cash system aimed at magazine and newspaper publishersmagazine and newspaper publishers

Electronic Cash Systems Electronic Cash Systems (continued)(continued)

• PayPalPayPal– Provides payment processing services Provides payment processing services

to businesses and to individualsto businesses and to individuals– Peer-to-peer (P2P) payment systemPeer-to-peer (P2P) payment system

•Free payment clearing service for Free payment clearing service for individualsindividuals

PayPal Payment Method PayPal Payment Method Search Option on eBay Search Option on eBay Main Search PageMain Search Page

Electronic WalletsElectronic Wallets

• Hold credit card numbers, electronic Hold credit card numbers, electronic cash, owner identification, and cash, owner identification, and contact informationcontact information

• Give consumers the benefit of Give consumers the benefit of entering their information just onceentering their information just once

• Make shopping more efficientMake shopping more efficient

Electronic Wallets Electronic Wallets (continued)(continued)• Server-side electronic walletServer-side electronic wallet

– Stores a customer’s information on a remote Stores a customer’s information on a remote server belonging to a particular merchant or server belonging to a particular merchant or wallet publisherwallet publisher

• Client-side electronic wallet Client-side electronic wallet

– Stores a consumer’s information on his or Stores a consumer’s information on his or her own computerher own computer

Microsoft .NET PassportMicrosoft .NET Passport

• An electronic wallet operated by MicrosoftAn electronic wallet operated by Microsoft

• Passport consists of four integrated servicesPassport consists of four integrated services

– Passport single sign-in service (SSI)Passport single sign-in service (SSI)

– Passport Wallet servicePassport Wallet service

– Kids Passport serviceKids Passport service

– Public profilesPublic profiles

Microsoft .NET Passport Microsoft .NET Passport Home PageHome Page

Yahoo! WalletYahoo! Wallet

• Server side electronic wallet offered Server side electronic wallet offered by Yahoo!by Yahoo!

• Lets users store information about Lets users store information about several major credit and charge cardsseveral major credit and charge cards

• Many industry observers and privacy Many industry observers and privacy rights activist groups are concerned rights activist groups are concerned about electronic walletsabout electronic wallets

W3C Micropayment W3C Micropayment Standards Development Standards Development ActivityActivity• Common Markup for Micropayment Per-Common Markup for Micropayment Per-

Fee-LinksFee-Links– Standards developed by W3C Electronic Standards developed by W3C Electronic

Commerce Interest Group (ECIG)Commerce Interest Group (ECIG)– Provide extensible and interoperable way to Provide extensible and interoperable way to

embed micropayment information in a Web embed micropayment information in a Web pagepage

• Extensible systemExtensible system– One that developers can add to (or extend) One that developers can add to (or extend)

without voiding any earlier work on the without voiding any earlier work on the systemsystem

W3C Proposed W3C Proposed Micropayment HTML TagsMicropayment HTML Tags

The ECML StandardThe ECML Standard

• Electronic Commerce Modeling Electronic Commerce Modeling Language (ECML)Language (ECML)

– Users can enter credit card and address Users can enter credit card and address information once into an ECML-capable information once into an ECML-capable electronic walletelectronic wallet

– Users control access to their ECML Users control access to their ECML electronic wallets electronic wallets

Stored-Value CardsStored-Value Cards

• Can be an elaborate smart card with Can be an elaborate smart card with a microchip that records currency a microchip that records currency balancebalance

• Common stored-value cardsCommon stored-value cards

– Prepaid phone, copy, subway, and bus Prepaid phone, copy, subway, and bus cardscards

Magnetic Strip CardsMagnetic Strip Cards

• Cannot send or receive informationCannot send or receive information

• Cannot increment or decrement value of Cannot increment or decrement value of cash stored on the cardcash stored on the card

• Processing must be done on a device into Processing must be done on a device into which the card is insertedwhich the card is inserted

• Smart cardSmart card

– Better suited for Internet payment transactionsBetter suited for Internet payment transactions

Smart CardsSmart Cards

• Stored-value cards Stored-value cards

• Can hold private user data, such as financial Can hold private user data, such as financial factsfacts

• Can store about 100 times more information Can store about 100 times more information than a magnetic strip plastic cardthan a magnetic strip plastic card

• Safer than conventional credit cardsSafer than conventional credit cards

Octopus Smart Card Octopus Smart Card Information on the Hong Information on the Hong Kong Citybus SiteKong Citybus Site

Smart Cards (continued)Smart Cards (continued)

• Smart Card AllianceSmart Card Alliance

– Promotes benefits of smart cardsPromotes benefits of smart cards

– Promotes widespread acceptance of multiple-Promotes widespread acceptance of multiple-application smart card technologyapplication smart card technology

– Members include companies in banking, Members include companies in banking, financial services, computer technology, and financial services, computer technology, and healthcare healthcare

– Promotes compatibility among smart cards, Promotes compatibility among smart cards, card reader devices, and applicationscard reader devices, and applications

Internet Technology and the Internet Technology and the Banking IndustryBanking Industry

• Paper checksPaper checks– Used to make the largest dollar volume Used to make the largest dollar volume

paymentspayments

• Check Clearing for the 21st Century Check Clearing for the 21st Century Act (Check 21)Act (Check 21)– Permits banks to eliminate the Permits banks to eliminate the

movement of physical checks entirelymovement of physical checks entirely

Phishing AttacksPhishing Attacks

• Basic structureBasic structure– Attacker sends e-mail messages to a large Attacker sends e-mail messages to a large

number of recipientsnumber of recipients– Message states that an account has been Message states that an account has been

compromised and the matter should be corrected compromised and the matter should be corrected – Message includes a linkMessage includes a link– User enters a login name and password, which User enters a login name and password, which

the perpetrator capturesthe perpetrator captures– Once inside a victim’s account, the perpetrator Once inside a victim’s account, the perpetrator

can access personal informationcan access personal information

Phishing Attack Phishing Attack CountermeasuresCountermeasures• Most important step that companies can Most important step that companies can

take today take today – Educate Web site usersEducate Web site users

• Many companies contract consulting Many companies contract consulting firms that specialize in anti-phishing workfirms that specialize in anti-phishing work

• Anti-phishing techniqueAnti-phishing technique– Monitor online chat rooms used by criminalsMonitor online chat rooms used by criminals