Payment and Cash Standards Content 1. Credit-Card Transactions 2. Digital Currency, E-Wallets, Smart Cards 3. Secure Electronic Transactions (SET) 4. Online Banking

The electronic transfer of funds is key to conducting e-business successfully Discussion includes: –How individuals and organizations perform monetary transactions on the Internet –Payments by credit card, cash, and check; payments to businesses; peer-to-peer payments; banking and bill paying –Companies who are developing online payment technology –Products, software, and services that these companies produce Introduction

Introduction (cont.) Secure e-transactions crucial to e-commerce –Internet and wireless monetary transactions Credit-card transactions Digital cash Electronic wallets Smart cards Micropayments –Payment transaction organizations and standards

Standards: guidelines for technologies, formats or processes –Approved by standards committee –Or widely adopted by an industry without formal process Online transaction standards –Security protocols to ensure safe transactions SSL which uses public-key cryptography –Open Financial Exchange organization Internet standard for exchanging financial information Online Transaction Standards

Credit-Card Transactions Customers fear credit-card fraud –Credit cards have been developed to accommodate online and offline payments The Prodigy Internet Mastercard guarantees online fraud protection To accept credit-card payments, a merchant must have a merchant account with a bank –Specialized Internet merchant accounts have been established to handle online credit-card transactions Transactions are processed by banks or third-party services Traditional merchant accounts accept only POS (point-of-sale) transactions –Those that occur when you present your credit card at a store

Credit-Card Transactions (cont.) Companies enable merchants to accept credit-card payments online. –These companies have established business relationships with financial institutions that will accept online credit-card payments for merchant clients. –CyberCash and iCat

Merchant account with bank –Traditionally only accept point-of-sale transactions: presence of credit-card at store –Internet merchant accounts accept card-not-present transactions: information exchange without card presence An online credit-card transaction –Buyer submits credit-card, shipping and billing information –Merchant submits information to acquiring bank (merchant’s bank) –Buyer’s account verified by issuing bank (buyer’s bank) –Merchant receives verification –Product shipped and payment issued Anatomy of an Online Credit-Card Transactions

Anatomy of an Online Credit-Card Transactions (cont.) MerchantAcquiring Bank Issuing Bank Credit Card Association Credit Card 2 Information Makes purchase at online store. Credit card information is received by the e-store. Information 4 Verified Basic steps in an online credit-card transaction. 1

Cardholder Merchant credit card Card Brand Company Payment authorization, payment data Issuer Bank Cardholder Account Acquirer Bank Merchant Account account debit data payment data Credit Card Procedure 9 payment data amount transfer

Digital cash –Stored electronically, used to make online electronic payments –Digital cash accounts are similar to traditional bank accounts –Digital cash used with other payment technologies (digital wallets) –Alleviates some security fears online credit-card transactions –Digital cash allows those with no credit cards to shop online –Merchants accepting digital-cash payments avoid credit-card transaction fees –eCash Technologies, Inc. is a secure digital-cash provider that allows you to withdraw funds from your traditional bank account Digital Currency (eCash)

Digital Currency (cont.) Gift cash, often sold as points, can be redeemed at leading shopping sites –An effective way of giving those without credit cards, the ability to make purchases on the Web Points-based rewards –Points are acquired for completing specified tasks including visiting Web sites, registering or buying products –Points can then be redeemed

eCash Idea Electronic cash is token money in the form of bits, except unlike token money it can be copied. Bank issues character strings containing: –denomination –serial number –bank ID + encryption of the above First person to return string to bank gets the money

Withdrawal: Spending: Personal Transfer: ALICE BUYS DIGITAL COINS FROM A BANK ALICE SEND UNSIGNED BLINDED COINS TO THE BANK BANK SIGNS COINS, SENDS THEM BACK. ALICE UNBLINDS THEM ALICE PAYS BOB BOB VERIFIES COINS NOT SPENT ALICE TRANSFERS COINS TO CINDY CINDY VERIFIES COINS NOT SPENT BOB DEPOSITS CINDY GETS COINS BACK WALLET SOFTWARE eCash Flow

E-Wallets Electronic wallets: –Keep track of billing and shipping information –Hold e-checks, e-cash and credit-card information for multiple cards –Visa, MBNA and Entrypoint.com offer e-wallets Standardization –Some vendors accept only specific e-wallets –1999, Electric Commerce Modeling Language (ECML) Standardized payment presentation Many vendors adopted it

Smart Cards Smart card processors hold more information than credit card magnetic strips –Store credit-card numbers, contact information, etc. –Contact smart cards Placed in smart-card reader for information transfer –Contactless smart cards Antenna enables information transfer Faster than contact smart card Security –Password protection –Security designations assigned to information –Encryption

Smart Cards (cont.) Visa Cash smart card –Disposable and reloadable cards –Internet purchases, expressway tolls and parking fees Smart Card Industry Association (SCIA)

Smart Card Example -- Mondex Smart-card-based, stored-value card (SVC) Subsidiary of MasterCard NatWest (National Westminister Bank, UK) et al. Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM –ATM does not know transfer protocol; connects with secure device at bank Spending at merchants having a Mondex value transfer terminal

Other Examples Octopus –MTR, KCR, KMB, First Bus, Ferry, Minibus –PolyU Canteen –7-11 –Softdrink Vending Machine HK Identity Card (in near future) –Library Card –Driving Licence –Other Personal Information, e.g., Health Record

Micropayments Merchants pay fee for each credit-card transaction Micropayments –Payments that generally do not exceed $10, allows companies offering nominally priced products to profit To offer micropayments, some companies form strategic partnerships with utility companies –eCharge enables companies to offer this option to customers eCharge uses ANI (Automatic Number Identification) to verify the identity of the customer and the purchases they make

Alternative Payment Options Outside US, many opt for prepaid cards instead of cash or credit cards –Wireless-payment cards enable transactions with POS devices –Convenience and grocery stores can add monetary value to some pre-paid accounts –Examples include CashX ( and Vodago

Non-electronic payment methods –Cash-on-delivery (COD): payment upon item’s delivery –Debit cards: deduct directly from checking account –Automatic Teller Machine (ATM): withdraw cash Online payments without credit cards –AmeriNet ( allows checking account number as form of payment –Online currency: Cybergold ( and RocketCash ( Alternative Payment Options (cont.)

SET is an open technical standard for the commerce industry developed by Visa and MasterCard as a way to facilitate secure payment card transactions over the Internet. Digital Certificates create a trust chain throughout the transaction, verifying cardholder and merchant validity, a process unparalleled by other Internet security solutions. Introduced jointly by VISA, Mastercard, IBM, Microsoft, Netscape, RSA, SAIC, Terisa and Verisign in Secure Electronic Transactions (SET)

Secure Electronic Transactions (cont.) Merchant doesn’t see card no. Uses Internet to reach acquirer High credit card transaction cost Credit Card Acquirer Secure “tunnel” through the Internet Consumer Internet Credit Card Issuer Issuer bills Consumer

Secure Electronic Transactions (cont.) Requires both consumer and merchant to have digital certificates Merchant never sees any payment information -- it is passed to the acquirer Bank never sees any order information, only payment information

Customer gets a credit card from an issuing bank Customer obtains a digital certificate (online) Merchant gets certificate from acquiring bank with merchant's public key and the bank's public key Customer places an order over the Web (now we need a payment protocol). SET is invoked Customer's browser confirms from the merchant's certificate that the merchant is valid Browser sends: –order information encrypted with the merchant's public key –payment information encrypted with the bank's public key –information to prevent the payment from being used with another order. SET Overview

Merchant verifies customer’s certificate Merchant sends a payment message to acquiring bank, encrypted with bank’s public key, containing: –customer's payment information (which merchant can’t read) –merchant's certificate Bank verifies the merchant and the message using merchant’s digital signature on its certificate and verifies the payment info Banks sends authorization to the merchant (with bank’s digital signature). Merchant can now fill the order. SET Overview (cont.)

Customer asks Merchant for digital certificates Customer makes purchase request Merchant asks Acquirer for authorization [Merchant asks Acquirer to reverse authorization] Merchant asks Acquirer to capture payment Customer asks Merchant for transaction status SET messages come in pairs: Request followed by Response Appropriate cryptography is applied to message wrappers SET Message Flow

Online Banking Internet-only banks –Offer convenience and lower rates to their customers –Establishing a physical presence The hybrid bank model –Going online has become important for the survival and growth of small local banks –Smaller banks will usually partner with third-party service providers to make the transition to the Internet

Example: Hang Seng e-Banking Try main.hangseng.com –Account Information –Transfer –Foreign Currency –Remittance –Pay Bill –Time Deposit –Stock Purchase

Main References e-Business & e-Commerce: How to Program, 1/e, by H.M. Deitel, P.J. Deitel and T.R, Nieto, Prentice Hall, 2000 Cryptography and Network Security, 2/e, by William Stallings, Prentice Hall, 2000 Electronic Commerce: A Managerial Perspective, 1/e, by Efraim Turban, Jae Lee, David King and H.Michael Chung, Prentice Hall, 2000