Download - Electronic payment by ahmad
Presented by: Mohd AhmadPresented by: Mohd Ahmad
What Electronic Payment system is?
Electronic payment system is a system which helps the customer or user to make online payment for their shopping.
To transfer money over the Internet.
Methods of traditional payment.oCheck, credit card, or cash.
Methods of electronic payment.oElectronic cash, software wallets, smart cards, and credit/debit cards.
Some Examples Of EPS:-
Online reservation
Online bill payment
Online order placing
Online ticket booking
Two storage methods
On-line Individual does not have possession personally of electronic
cash Trusted third party, e.g. online bank, holds customers’ cash
accounts
Off-line Customer holds cash on smart card or software wallet Fraud and double spending require tamper-proof encryption
Authentication A method to verify the buyers identity before payment
made Encryption
A process of making message indecipherable (impossible to read) except by those who have an authorized key (translator)
Integrity Ensuring that all information is not altered or destroyed
during transmission Non repudiation
Protection against customer : denial of order placed Protection against merchant : denial of payment made
Essential security requirements Essential security requirements
Private key , also called a symmetrical key encryption the same key is used to both encrypt and decrepit the message. key is agreed upon and shared by both the sender and a receiver
Public key, public key is known by all authorized users, the sender encrypt the message with receiver public key, receiver public key be delivered in advance, . The message only decrypted by receivers private key
Digital signature is used for authentication of sender, is usually attached to sent message like handwritten signature
Security Schemes in electronic payment System
Certificate is issued by a trusted third party
Certificate authority is a body like federal postal service. A CA may be certified by another CA
Digital envelope is the process of encryption into a secret key
Transaction certificate: some undeniable facts of transaction
Time stamp: digital attestation that a document was in existence at a particular time
Types of EPS
E- CASH
SMART CARDS
CREDIT/DEBIT CARDS
E- WALLETS
E-CashA system that allows a person to pay for goods or services by transmitting a number from one computer to another.
Like the serial numbers on real currency notes, the E-cash numbers are unique.
This is issued by a bank and represents a specified sum of real money.
It is anonymous and reusable.
Electronic Cash SecurityElectronic Cash Security
Complex cryptographic algorithms prevent double spending Anonymity is preserved unless double spending is attempted
Serial numbers can allow tracing to prevent money laundering
E-Cash Processing
3
4
21
5
Bank
Consumer
Merchant 1. Consumer buys e-cash from Bank
2. Bank sends e-cash bits to consumer (after charging that amount plus fee)
3. Consumer sends e-cash to merchant
4. Merchant checks with Bank that e-cash is valid (check for forgery or fraud)
5. Bank verifies that e-cash is valid
6. Parties complete transaction
E-Wallet
The E-wallet is another payment scheme that operates like a carrier of e-cash and other information.
The aim is to give shoppers a single, simple, and secure way of carrying currency electronically.
Trust is the basis of the e-wallet as a form of electronic payment.
Procedure for using an e-walletProcedure for using an e-wallet
1. Decide on an online site where you would like to shop.
2. Download a wallet from the merchant’s website.
3. Fill out personal information such as your credit card number, name, address and phone number, and where merchandise should be shipped.
4. When you are ready to buy, click on the wallet button, the buying process is fully executed.
Smart Cards
A smart card, is any pocket-sized card with embedded integrated circuits which can process data
This implies that it can receive input which is processed and delivered as an output
Smart card Processing
Credit/Debit cards
It is a Plastic Card having a Magnetic Number and code on it.
It has Some fixed amount to spend.
Customer has to repay the spend amount after sometime.
Processing a Credit cards payment
Risk in using Credit cards Risk in using Credit cards
Operational Risk
Credit Risk
Legal Risk
Secure Electronic Transaction (SET) Protocol
Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM, GTE, SAIC, and others
Designed to provide security for card payments as they travel on the Internet Contrasted with Secure Socket Layers (SSL) protocol, SET validates
consumers and merchants in addition to providing secure transmission SET specification
Uses public key cryptography and digital certificates for validating both consumers and merchants
Provides privacy, data integrity, user and merchant authentication, and consumer nonrepudiation
The SET protocolThe SET protocol
Authentication
Integrity
Non-repudiation
Privacy
Safety
Security Requirements of EPS
What Is payment Gateways??
A payment gateway is an e-commerce application service provider service that authorizes payments for e-businesses, online Shopping, etc.
Payment gateway protects credit cards details encrypting sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant and also between merchant and payment processor.
How It works??
Advantages:Advantages:1. Time savings. Money transfer between virtual accounts usually takes a few minutes, while a wire transfer or a postal one may take several days. Also, you will not waste your time waiting in lines at a bank or post office.
2. Expenses control. Even if someone is eager to bring his disbursements under control, it is necessary to be patient enough to write down all the petty expenses, which often takes a large part of the total amount of disbursements. The virtual account contains the history of all transactions indicating the store and the amount you spent. And you can check it anytime you want. This advantage of electronic payment system is pretty important in this case.
3. User-friendly. Usually every service is designed to reach the widest possible audience, so it has the intuitively understandable user interface. In addition, there is always the opportunity to submit a question to a support team, which often works 24/7. Anyway you can always get an answer using the forums on the subject.
Disadvantages:Disadvantages:1. Restrictions. Each payment system has its limits regarding the maximum amount in the account, the number of transactions per day and the amount of output.
2. The risk of being hacked. If you follow the seсurity rules the threat is minimal, it can be compared to the risk of something like a robbery. The worse situation when the system of processing company has been broken, because it leads to the leak of personal data on cards and its owners. Even if the electronic payment system does not launch plastic cards, it can be involved in scandals regarding the Identity theft.
3. The lack of anonymity. The information about all the transactions, including the amount, time and recipient are stored in the database of the payment system. And it means the intelligence agency has an access to this information. You should decide whether it's bad or good.
4. The necessity of Internet access. If Internet connection fails, you can not get to your online account.
Thank youThank you