Government Payment Gateway- Korean PG for e-Government Case Study

2007. 5. 24Chang-Kang Seol

ISGEG

Index

1.Background of e-Commerce market

2.Key Issues

3.PG (“BankPay”) service for e-Gov in Korea

• Briefs on BankPay

• Operational Feature

• Technical Feature

• Security

• Customer Protection

4.Conclusion

Background of e-Commerce market in Korea- Historical background

1. Market Needs for e-Payment, security technology from internet shopping mall in late 1990’s

2. Starting the online bank transfer of Dacom (private co) through X.25 in 1997

3. Establishing PG (“Bankpay”) for the safe public e-Payment in 2000

4. Resulting in growth of e-Commerce in 2000’s

Payment Gateway

SecurityMulti

e-PaymentSolutions

Stability &Easiness

Internet Shopping Mall, CPs etc.

Sales Increase

StableOperationof Shop

CostEffective-

ness

Growth of e-Commerce

+

Legal & policy support(Korean Government Support)

- Market background

1. Continuous growth of e-Commerce market

2. About 100 in 2002 then now about 50 PG companies with 5 majors of which M/S is over 80%- Inisys, Cyber Payment, Dacom, KCC, Bankpay

3. Competitive market

4. Trend for Users to move into major PGs based on security and low costs

▣ Trend of e-Commerce Transaction (Unit : USD Mil)Year 2001 2002 2003 2004 2005 2006

e-Commerce Transaction 118,976 177,809 235,025 314,079 358,451 413,585

(Growth Ratio) 49% 32% 34% 14% 15%

B2B 108,941 155,707 206,854 279,399 319,202 366,191

B2G 7,037 16,632 21,634 27,349 29,036 34,436

B2C 2,580 5,043 6,095 6,443 7,921 9,132

Etc. 418 427 442 888 2,292 3,826

* Source : Korea National Statistical Office

* Source : Bank of Korea “Trend of Payment System” 2005. 4.

Electronic based Payment Paper based Payment

▣ Trend of e-Payment System (Electronic based payment) Movement from paper based payment into electronic based payment * Electronic based payment : payment through data transfer using ICT infra

[No. of transaction] [Amount]

- Legal background for e-Commerce

Purpose• To define off-line financial transaction

• To regulate legal relation in Off-Line Financial Transaction

Feature (2002.3)• To position PG as a legal entity

• To define regulation on PG

• To secure On-Line credit card transaction

Specialized Credit Financial Business

Act Purpose• To create institutional basis for customer protection

• To secure stable transaction for e-Commerce

Feature• To establish protection device from consumer damage

• To introduce insurance to protect consumer damage form e- Commerce

e-CommerceConsumer

Protection Act Purpose• To grant Financial Supervisory Service to supervise PG

• To regulate security

Feature• To supervise PG

• To regulate PG for its sound transaction

•To oblige PG to secure information

Regulation for Supervision on

Banking Institutions

Purpose• To define the electric financial transaction

• To regulate legal relation in FET

Feature• Enforcing Biz registration on PG

• To set up the clear legal structure

• To secure customer using EFT

• To regulate & supervise healthy development of EFT

Electronic FinanceTransaction Act

1997.8 2002.32000.12 2006.1

Key Issues in Korea - Protection from customer damage (Identification/Reparation)

▣ Legal Risk - Who will identify the faults and take the responsibility of reparation from the

damage

▣ Operational Risk - Network hacking, system down

▣ Settlement Risk - Bankrupt

- Operational Issue

▣ Operation by Government

▣ Operation by Private Companies

- Security Standard Issue ▣ Network Security

• Encryption TechnologySymmetric or Asymmetric Algorism (Public Key Algorism)Message Digest (Hash Function) / Electrical Signature (Private Key)SSL (Secure Socket Layer) / SET (Secure Electronic Transaction)

• Authentication by third party

▣ Host System Security

• Firewall• Intrusion Detection System

BankPay (PG of Korean Government)

ServiceArea

e-PaymentMethod

Feature

Service for Payment Gateway to government organizations & private commercial operators- Credit Card, Bank Fund Transfer & K-Cash

Featured by Most Banks’ Participation, Real Time Transaction & Low Cost

Service for most of public organization as e-Procurement, Land Titling, G4C etc. and for commercial entities as on-line shop, internet auction, tuition fee etc.

Establishment

Founded by Korea Financial Telecommunications & Clearings Institute (KFTCI), incorporated association chaired by the Bank of Korea established in 2000

Sales Increase2001 2002 2003 2004 2005

Sales 4 52 75 109 230

(Unit : U$ Mil)

* Source from KFTC 2006

Bank Association

Operational Structure

KFTC(IncorporatedAssociation)

CMS / Giro EDI

BankPay(PG)

Bank B2BCard VAN

K-CashUBI

(Mobile Pay)

CDN/W

IFTN/W

HOFINET

K-CashN/W

BankLine

CheckClearing

PaperGiro

ElectricGiro

InternetGiro

Bank of Korea(Chair)

Regular Member(12 Banks)

Associate Member(10 Banks)

Financial SupervisoryService

: Inter Bank Fund Transfer

: Inter Bank Home/Firm Banking System

Governing

Regulating

Founded by Korea Financial Telecommunications & Clearings Institute (KFTCI), incorporated association chaired by BOK supervised by FSS (Financial Supervisory Service)

Services

Administration N/W Finance N/W Education N/W Defense N/W Police N/W Logistics N/W

Citizens

National Assembly Minutes Publishing

Sys

Internet e-Gov portal / KiosksInternet e-Gov portal / Kiosks

Legislative Information System

Inter-government Intranet: Inter-agency collaborationInter-government Intranet: Inter-agency collaboration

e-Library: Library of National Assembly

National Assembly Session

Broadcasting System

Assembly Information /

Material CommunicationNational Assembly

Operations Support Sys

Government / Agency OfficeGovernment / Agency Office Telephony Contact (Voice/Fax/…)Telephony Contact (Voice/Fax/…)

Business

Civil/Criminal Trial Procedure SystemCourt Knowledge

Management System

Legislative Information System

Electronic Filing System

Standard Human Resources System

National Finance Information System

Integrated Information Infrastructure

Vendors/Suppliers

Intelligent Transportation

System

E-Document Shared Information of Local Government

911 / Police Support System

Election Process Automation

Cadastre Management

Information System

Land Registration and Information

System

Court Session/Decision/Pate

nt/ Auction Information SysIntegrated System

for Social Insurancese-Healthcare:

Hospital Information System

National / Home Tax Service

e-Citizen / Registration & ID

(Family/Employment/...)

u-Logistics Postal Service

e-Education: Magic School and Campuse-Customs and e-Clearance System

e-Procurement

Vehicle and Driver License Service

SystemAutomatic Fare

Collection SystemImmigration Control

System

Services requiring payment solution

►

► ►

►

►

►

► ►

►

►

►

►►

►

- e-Government Framework (Single window for e-Payment)

IT Infra

DB

Service

Public Internet Center

Passport & Immigration

Control

95.12

Business Registration

91.3

Vehicle Registration /Driver License

90.3

Real Estate Management

Information Sys

91.2

e-Citizen / NID(Family/

Employment)

91.1

e-Learning Sys

99.9

e-Gov Portal &Kiosks

02.10

e-Custom e-Clearance

Sys

90.4

e-Procurement Sys

02.9

Integrated Social

Insurance Sys

02.10

e-Tax (National/Home

Tax Service)

00.11

Public Admin &Education N/W

Provision PC& ICT Use Education

Groupware (e-mail/

e-document)

e-GovEA Planning

9187 ~

BankPay(PG)

00.12

Finance N/W

89.12

EstablishmentEstablished in year 2000 for the Public e-payment system in to comply with the market needs due to the rapid growth of the e-Commerce (internet shopping mall) in late 1990’s

Position in e-Payment Market in Korea

Networke-

Cash

BankTrans

ferCreditCard

e-Cash

Traffic

Card

Mobile InternetTelephoneLine(X.25)

Terminal /Kiosk

Mobile PG PG VAN Traffic PG

InfohurbMobilians

Ubi

BankpayDacomInisys, KCPEtc.

KICCNICE

KS-NETEtc.

IntecC&CMYBI

Telecom Companies

FinancialN/W Co.

e-Cash Co.TransportCompanies

Banks / Card Companies

ElectronicPayment

Network

ServiceProvider

RelevantCo.

FinancialInstitutes

Prepaid

Card

SK / KTF / LG Transport Co.

• e-Procurement

• Online appeal

• Content

• Shopping mall

OptimizedSolution

OptimizedSolution

Stable & convenient Internet Payment Service

Suitable/ flexible

payment module

to user platform

User InterfaceUser Interface

Payment service

secured on the

basis of PKI

SecuritySecurity

• Credit Card

• Bank Transfer

• K-Cash

PaymentMethod

PaymentMethod

Challenges of BankPay

System Management• NMS• SMS

Security• Firewall• IDS

Main Server• Payment Gateway• Backup• Internet• DB

PG Solution• e-Payment• Call Center (CTI)

- Technical Components

Technical Feature

- Technical Architecture

BankPayBankPayP/GP/G

e-Gov Portal /Web Server

Wallet

HTML Form

Customer

INTERNET(OpenNetwork)

Web server(eGov)

TXserver

P/Gserver

CCIS

CMS

CARD

BANK

Internet(TCP/IP)

(H/W, S/W)(H/W, S/W)

(S/W)

(N/W)

Technical Feature

- Service related program

PaymentProcess

TX Server

Payment Request

• Communication program between PG with Users• Encrypting Payment Information with e-Signature using Authentication Certificate issued by Certification Agency (“Yessign”)• Providing the most appropriate TX Server in compliance with User platform• Page for Customer to request for payment for products or services Ex) Ordering page of shopping mall• Transfer payment request which is compiled by the Service (Windows NT) or Java Class (Unix) to PG• DB storage after payment processed by PG• Notice final payment result from PG to User with ASP/JSP/CGI Etc.

Wallet

• Payment module on Active-X Control• Installation on Customer’s PC downloaded from BankPay Server• Encrypting Payment Information with e-Signature• Client’s Request to start User’s payment process for payment

PaymentCancellation

RequestCancellation

• Request for cancellation to PG

• Transfer cancellation request which is compiled by the Service (Windows NT) or Java Class (Unix) to PG• DB storage after cancellation processed by PG• Notice final cancellation result from PG to User with ASP/JSP/CGI Etc.

Technical Feature

Customer BankPaye-Gov

- Sequence Diagram

Wallet(Customer

PC)

PaymentProcess

TXServer

PGServer

PaymentRequest

Customer

① Click payment button ② Activating

Wallet Software③ PW / Payment Information

④ Request forPayment

⑥ Encrypting Payment Information(e-Signature)

⑤ Compiling Payment Information

⑦ Result forPayment

⑧ Log storage /PaymentResult

DB

⑨ NoticePaymentResult

⑨ NoticePayment Result

Technical Feature

• Electronic signature using PKI Technique

• Accredited certificate is a certificate issued by YESSIGN, an accredited certification authority pursuant to "Electronic signature Act“.

• Certificate has a series of data which include Subscriber's Electronic signature verification data, Serial numbers, Subscriber's name and the term of validity etc.

Security

- Certificate Agency _ Korea Information Security Agency• Below that, there're 6 accredited certification authorities :

• Korea Financial Telecommunications & Clearings Institute, Koscom Inc., KTNET, National Computerization Agency, Korea Electronic Certificate Authority, Korea Information Certificate Authority Inc.

Security

Contents

No. of Fault Amount (thousand U$)

‘02 ‘03 ‘04 ‘05.7 Total

‘02 ‘03 ‘04 ‘05.7 Total

Bank

Internet Banking 1 - 1 2 4 71 - 3 68 142

Tele banking - 1 5 8 14 - 10 162 262 434

Card Forgery ㆍ Reproduction

4 6 6 - 16 452 66 26 - 544

Program Default - 1 8 2 10 0 0 0 0

CreditCard

Card Forgery ㆍ Reproduction

- 1 - - 1 184 - - 184

Program Default - 1 - - 1 - 0 - - 0

Total 5 10 20 10 46 523 260 191 330 1,304

Source : 2005 Inspection of Administration

▣ Financial Troubles in e-Payment in Korea

- Protection from customer damage

• Identification• Reparation

Customer Protection

Principle of liability

without fault

(Personal user)

Principle of liability with fault (Corporate user)

Simple negligence rule

Contributory negligence rule

Comparative negligence

rule

Liability of identificati

on No Sufferer or harmer Person himself 3rd Party(Court)

Liability of reparation

Sufferer’s counter part

Harmer

Harmer subject to sufferer’s fullness of its

obligation

Balancing

▣ Liability of reparation and identification of responsibility - Electronic Finance Transaction Act (2006) - Apply the principle of liability without fault to personal users and the principle of liability with fault to companies

▣ Main contents of Electronic Finance Transaction Act (2006)

Stability

- Responsibility for financial institutes to compensate the user with the damage arising from forgery/reproduction, fault in data transmission and process - Regulated and supervised by Financial Supervisory Committee and provision of the standard for PKI (Clause 20)  Mandatory storage of transaction records for 5 years (Clause 21)  Limitation of credit (Clause 22)

Consumer Protection

Damage after notice to loss and theft shall be borne by financial institutes (Clause 9)  Protection on user information (Clause 25)  Arbitration Clause (Clause 26)

Supervision - GAAP & financial standard (capital structure / asset management / liquidity )(Clause 41)

One windowLegal & policy

Support

KFS for PG for public service

TechnicalSupport

Effectiveness

• Multi e-Payment solutions• Cost & Time Effectiveness

Legal & Policy

• Customer Protection• e-Payment Promotion

ICT

• Easy Access (N/W expansion)• Standard Application (Security)

Conclusion1. Customer Protection backed by Government’s legal & policy

support- Electronic Finance Transaction Act- Promotion e-payment by way of deduction of Tax

2. One window PG for most of the public e-Payment- Cost, time effectiveness

3. Technical Support - Standard technical architecture- Easy access (ICT infrastructure)