E Payment
E Payment
E Payment
Good atomicity
Money and good are exchanged atomically
Non-repudiation
No party can deny its role in the transaction Digital signatures
Properties of E-money
1 ACID Test:- Atomicity, Consistency, Isolation, Durability. 2 ICES Test:- Interpretability, Conservation, Economy, Scalability.
ACID Test
Atomicity :- transaction must occur Completely or not at all. Consistency:- All party must agree to exchange (consensus) Isolation:- each transaction must be independent of all other transactions and should be treated exclusively. Durability:- it must be possible to recover or reverse the state of exchange.
ICES Test
Interoperability:- it means ability to move back and forth between different systems. Conservation :- how easy money is to store and access. Economy :- it is related with transaction processing charges ..it should be inexpensive and affordable. Scalability:- ability to handle multiple user at the same time.
Types of E-payments
E-cash Electronic wallets Smart card Credit card
Electronic Cash
Primary advantage is with purchase of items less than $10
Credit card transaction fees make small purchases unprofitable Micropayments o Payments for items costing less than $1
E-cash Concept
Merchant
5 4 Bank 3
2 1
1. Consumer buys e-cash from Bank 2. Bank sends e-cash bits to consumer (after charging that amount plus fee) 3. Consumer sends e-cash to merchant 4. Merchant checks with Bank that e-cash is valid (check for forgery or fraud) 5. Bank verifies that e-cash is valid 6. Parties complete transaction: e.g., merchant present e-cash to issuing back for deposit once goods or services are delivered Consumer still has (invalid) e-cash
Consumer
Off-line
Customer holds cash on smart card or software wallet Fraud and double spending require tamper-proof encryption
Disadvantages
Tax trail non-existent, like regular cash Money laundering Susceptible to forgery
Blind Signatures
Goal
to have the bank sign documents without knowing what they are signing.
Why?
Anonymity with Authentication
Clickshare
Designed for magazine and newspaper publishers Miscast as a micropayment only system; only one of its features Purchases are billed to a users ISP, who in turn bill the customer
CyberCoins
Stored in CyberCash wallet, a software storage mechanism located on customers computer Used to make purchases between .25c and $10 PayNow -- payments made directly from checking accounts
Coin.Net
Electronic tokens stored on a customers computer is used to make purchases Works by installing special plug-in to a customers web browser Merchants do not need special software to accept eCoins. eCoin server prevents double-spending and traces transactions, but consumer is anonymous to merchant
Electronic Wallets
Stores credit card, electronic cash, owner identification and address
Makes shopping easier and more efficient o Eliminates need to repeatedly enter identifying information into forms to purchase o Works in many different stores to speed checkout Amazon.com one of the first online merchants to eliminate repeat form-filling for purchases
Electronic Wallets
Agile Wallet
Developed by CyberCash Allows customers to enter credit card and identifying information once, stored on a central server Information pops up in supported merchants payment pages, allowing one-click payment
eWallet
Developed by Launchpad Technologies Free wallet software that stores credit card and personal information on users computer, not on a central server; info is dragged into payment form from eWallet Information is encrypted and password protected Works with Netscape and Internet Explorer
Smart Cards
Magnetic stripe
140 bytes, cost $0.20-0.75
Memory cards
1-4 KB memory, no processor, cost $1.00-2.50
Microprocessor cards Embedded microprocessor o (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM o Equivalent power to IBM XT PC, cost $7.00-15.00 o 32-bit processors now available
Smart Cards
Plastic card containing an embedded microchip Available for over 10 years So far not successful in U.S., but popular in Europe, Australia, and Japan Unsuccessful in U.S. partly because few card readers available Smart cards gradually reappearing in U.S.; success depends on:
Critical mass of smart cards that support applications Compatibility between smart cards, card-reader devices, and applications
Authentication, ID Medical records Ecash Store loyalty programs Personal profiles Government
Licenses
Disadvantages:
1. Low maximum transaction limit (not suitable for B2B or most B2C) 2. High Infrastructure costs (not suitable for C2C) 3. Single physical point of failure (the card) 4. Not (yet) widely used
Mondex transaction
Here's what happens "behind the scenes" during a Mondex transaction between a consumer and merchant. Placing the card in a Mondex terminal starts the transaction process:
1. Information from the customer's chip is validated by the merchant's chip. Similarly, the merchant's card is validated by the customer's card. 2. The merchant's card requests payment and transmits a "digital signature" with the request. Both cards check the authenticity of each other's message. The customer's card checks the digital signature and, if satisfied, sends acknowledgement, again with a digital signature. 3. Only after the purchase amount has been deducted from the customer's card is the value added to the merchant's card. The digital signature from this card is checked by the customer's card and if confirmed, the transaction is complete.
Security
Credit Cards
Credit card
Used for the majority of Internet purchases Has a preset spending limit Currently most convenient method Most expensive e-payment mechanism o MasterCard: $0.29 + 2% of transaction value Disadvantages o Does not work for small amount (too expensive) o Does not work for large amount (too expensive)
The SET protocol coordinates the activities of the customer, merchant, merchants bank, and card issuer. [Source: Stein]
All parties hold certificates signed directly or indirectly by a certifying authority. [Source: Stein]
SET Protocol
Extremely secure
Fraud reduced since all parties are authenticated Requires all parties to have certificates
So far has received lukewarm reception 80 percent of SET activities are in Europe and Asian countries Problems with SET
Not easy to implement Not as inexpensive as expected Expensive to integrated with legacy applications Not tried and tested, and often not needed Scalability is still in question