COURSE TITLE: E COMMERCE

PAPER CODE: CIT 4203

Objectives:
Introduction
Types of EC Payment systems
Security threats to the EC payment systems
Security measures
Advantages and disadvantages of using E-Payment systems

E-Payment System:
E-payment, short for electronic payment, refers to the monetary transactions conducted online.
It has become an integral part of e-commerce, facilitating the exchange of goods and services
over the internet. E-payment systems vary in complexity and functionality, ranging from simple
online credit card transactions to advanced digital wallets and cryptocurrencies.

The systems are central to on-line business process as companies look for ways to serve
customers faster and at lower cost. Emerging innovations in the payment for goods and services
in electronic commerce promise to offer a wide range of new business opportunities.

Electronic payment always involves a payer and a payee who exchange money for goods or
services. At least one financial institution like a bank will act as the issuer (used by the payer)
and the acquirer (used by the payee)..
Types of E-Payment Systems:
1. Credit/Debit Cards:
 Most commonly used method for online transactions.
 Requires input of card details like number, expiry date, and CVV.
 Transactions are processed through payment gateways ensuring security.
2. Digital Wallets:
 Store payment information securely for quick transactions.
 Examples include PayPal, Apple Pay, Google Pay, etc.
Enhanced security features like fingerprint authentication.
3. Mobile Payments:
Transactions conducted through mobile devices.
Utilizes NFC (Near Field Communication) or QR codes for contactless payments.
Increasingly popular due to convenience and accessibility.
4. Bank Transfers:
Direct transfer of funds from the buyer's bank account to the seller's.
Commonly used for large transactions and recurring payments.
Requires authentication and verification from both parties.
5. Cryptocurrencies:
 Utilize blockchain technology for secure transactions.
 Examples include Bitcoin, Ethereum, etc.
 Offers decentralization and anonymity but faces regulatory challenges.
Security Considerations:
1. Encryption:
 Data transmitted during e-payment transactions should be encrypted to prevent
interception by unauthorized parties.
2. Authentication:
 Multi-factor authentication adds layers of security, reducing the risk of fraudulent
transactions.
3. Tokenization:
 Replaces sensitive data like credit card numbers with unique tokens, reducing the
risk of data breaches.
4. Fraud Detection:
 Advanced algorithms analyze transaction patterns to identify and prevent
fraudulent activities.
5. Compliance:
 E-payment systems must comply with industry standards and regulations to
ensure data protection and consumer rights.
Types of Electronic Payment Systems:
Electronic payment systems are proliferating in banking, retail, health care, on-line markets, and
even government—in fact, anywhere money needs to change hands.
NEED FOR E-PAYMENT SYSTEMS
Organizations are motivated by the need to deliver products and services more cost effectively
and to provide a higher quality of service to customers. The emerging electronic payment
technology labeled electronic funds transfer (EFT).
EFT is defined as ―any transfer of funds initiated through an electronic terminal telephonic
instrument, or computer or magnetic tape so as to order, instruct, or authorize a financial
institution.
EFT can be segmented into three broad categories:
1. Banking and financial payments
Large-scale or wholesale payments (e.g., bank-to-bank transfer)
Small-scale or retail payments (e.g., automated teller machines
Home banking (e.g., bill payment)
2. Retailing payments
Credit Cards (e.g., VISA or MasterCard)
Private label credit/debit cards (e.g., J.C. Penney Card)
Charge Cards (e.g., American Express)
3. On-line electronic commerce payments
i) Token-based payment systems
Electronic cash (e.g., DigiCash)
Electronic checks (e.g., NetCheque)
Smart cards or debit cards (e.g., Mondex Electronic Currency Card)
ii) Credit card-based payments systems
Encrypted Credit Cards (e.g., World Wide Web form-based encryption)
Third-party authorization numbers (e.g., First Virtual
E-Cash:
There are many ways that exist for implementing an e-cash system, all must incorporate a few
common features.
Electronic Cash is based on cryptographic systems called ―digital signatures‖.
This method involves a pair of numeric keys: one for locking (encoding) and the other for
unlocking (decoding).
E-cash must have the following four properties.
 Monetary value
 Interoperability
 Retrievability
 Security
• Electronic cash is a general term that describes the attempts of several companies to create
value storage and exchange system that operates online in much the same way that government-
issued currency operates in the physical world.
• Concerns about electronic payment methods include:
– Privacy
– Security
– Independence
– Portability
Electronic Cash Storage:
• Two methods
i. On-line
• Individual does not have possession personally of electronic cash
• Trusted third party, e.g. e-banking, bank holds customers ‘cash accounts
2. Off-line
• Customer holds cash on smart card or electronic wallet
• Fraud and double spending require tamper-proof encryption
Electronic Checks:
It is another form of electronic tokens.
Buyers must register with third-party account server before they are able to write electronic
checks.
The account server acts as a billing service
Smart Cards & Electronic Payment Systems:
Smart cards have been in existence since the early 1980s and hold promise for secure
transactions using existing infrastructure.
Smart cards are credit and debit cards and other card products enhanced with microprocessors
capable of holding more information than the traditional magnetic stripe.
The smart card technology is widely used in countries such as France, Germany, Japan,and
Singapore to pay for public phone calls, transportation, and shopper loyalty programs.
Types of Smart Cards:
 Relationship-Based Smart Credit Cards
 Electronic Purses also known as debit cards
1. Relationship-Based Smart Credit Cards:
It is an enhancement of existing cards services &/ or the addition of new services that a financial
institution delivers to its customers via a chip-based card or other device.
These services include access to multiple financial accounts, value-added marketing programs,
or other information card holders may want to store on their card.
It includes access to multiple accounts, such as debit, credit, cash access, bill payment &multiple
access options at multiple locations.
2. Electronic Purses:
To replace cash and place a financial instrument are racing to introduce electronic purses, wallet-
sized smart cards embedded with programmable microchips that store sums of money for people
to use instead of cash for everything
The electronic purse works in the following manner:
After purse is loaded with money at an ATM, it can be used to pay for candy in a vending
machine with a card reader.
Credit Card-Based Electronic Payment Systems:
Payment cards are all types of plastic cards that consumers use to make purchases:
i) Credit cards
• Such as a Visa or a MasterCard, has a preset spending limit based on theuser‘s credit limit.
ii) Debit cards
• Removes the amount of the charge from the cardholder‘s account and transfers it to the seller‘s
bank.
iii) Charge cards
• Such as one from American Express, carries no preset spending limit.
Advantages of E-Payment:
1. Convenience: E-payment allows transactions to be conducted anytime, anywhere,
providing convenience to both businesses and consumers.
2. Speed: Transactions are processed in real-time or near real-time, eliminating the delays
associated with traditional payment methods like checks or wire transfers.
3. Cost-Effectiveness: E-payment systems often have lower transaction costs compared to
traditional methods, saving businesses money on processing fees.
4. Global Reach: E-payment enables businesses to reach a global audience without the
limitations of geographical boundaries, fostering international trade and expansion.
5. Reduced Fraud: Advanced security measures such as encryption, authentication, and
fraud detection algorithms help reduce the risk of fraudulent transactions.
6. Automation: E-payment systems can be integrated with accounting and inventory
management software, streamlining processes and reducing manual errors.
7. Customer Satisfaction: Quick and seamless transactions enhance the overall shopping
experience, leading to higher customer satisfaction and loyalty.
Disadvantages of E-Payment:
1. Security Concerns: Despite advancements in security measures, e-payment systems are
vulnerable to cyber threats such as hacking, phishing, and data breaches.
2. Dependency on Technology: Technical issues like server downtime, network failures, or
software glitches can disrupt e-payment services, causing inconvenience to users.
3. Lack of Privacy: E-payment transactions often require the disclosure of personal and
financial information, raising concerns about privacy and data protection.
 4. Fraudulent Activities: Cybercriminals exploit vulnerabilities in e-payment systems to
commit fraud, posing risks to both businesses and consumers.
5. Regulatory Compliance: E-payment systems must comply with various regulations and
standards, which can be complex and challenging to navigate, particularly for global
operations.
6. Exclusion of Certain Groups: Not everyone has access to the technology or resources
required for e-payment, leading to digital exclusion for certain demographics or regions.
7. Transaction Reversals: Chargebacks and disputes are common in e-payment
transactions, leading to disputes between merchants and customers and additional
administrative burdens.
Risks in Electronic Payment systems:
1. Customer's risks
– Stolen credentials or password
– Dishonest merchant
– Disputes over transaction
– Inappropriate use of transaction details
2. Merchant‘s risk
– Forged or copied instruments
– Disputed charges
– Insufficient funds in customer‘s account
– Unauthorized redistribution of purchased items
Security Requirements In Electronic Payment Systems:
1. Integrity and authorization
A payment system with integrity allows no money to be taken from a user without explicit
authorization by that user. It may also disallow the receipt of payment without explicit consent,
to prevent occurrences of things like unsolicited bribery.
Authorization constitutes the most important relationship in a payment system. Payment can be
authorized in three ways:
via out-band authorization, passwords, and signature.
-band authorization
In this approach, the verifying party (typically a bank) notifies the authorizing party (the
payer) of a transaction. The authorizing party is required to approve or deny the payment
using a secure, out-band channel (such as via surface mail or the phone).
This is the current approach for credit cards involving mail orders and telephone orders:
Anyone who knows a user‘s credit card data can initiate transactions, and the legitimate user
must check the statement and actively complain about unauthorized transactions. If the user does
not complain within a certain time (usually 90 days), the transaction is considered ―approved‖
by default.

A transaction protected by a password requires that every message from the authorizing party
include a cryptographic check value. The check value is computed using a secret known only to
the authorizing and verifying parties. This secret can be a personal identification number, a
password, or any form of shared secret. In addition, shared secrets that are short - like a six-digit
PIN - are inherently susceptible to various kinds of attacks.

In this type of transaction, the verifying party requires a digital signature of the authorizing party.
Digital signatures provide non repudiation of origin.
2. Confidentiality
Some parties involved may wish confidentiality of transactions. Confidentiality in this context
means the restriction of the knowledge about various pieces of information related to a
transaction: the identity of payer/payee, purchase content, amount, and so on.
Typically, the confidentiality requirement dictates that this information be restricted only to the
participants involved. Where anonymity or un-traceability are desired, the requirement may be to
limit this knowledge to certain subsets of the participants only, as described later.
3. Availability and reliability
All parties require the ability to make or receive payments whenever necessary. Payment
transactions must be atomic: They occur entirely or not at all, but they never hang in an unknown
or inconsistent state. No payer would accept a loss of money (not a significant amount, in any
case) due to a network or system crash. Availability and reliability presume that the underlying
networking services and all software and hardware components are sufficiently dependable.
Recovery from crash failures requires some sort of stable storage at all parties and specific
resynchronization protocols.