Presentation is loading. Please wait.

Presentation is loading. Please wait.

Account-Based Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:

Similar presentations


Presentation on theme: "Account-Based Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:"— Presentation transcript:

1 Account-Based Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University email: jerrygao@email.sjsu.edu URL: http://www.engr.sjsu.edu/gaojerry Sept., 2000

2 Topic: Account-Based Electronic Payment Systems - Introduction to Credit Card-Based Payment Systems - Credit-Card based electronic payment systems - First Virtual - CyberCash - Set - Electronic check payment systems - FSTC - NetBill - Comparisons and summary Jerry Gao Ph.D.5/20000 Presentation Outline All Rights Reserved

3 Credit Card payment schemes have been in use as a payment method since 1960s. There are two major international brands: VISA and MasterCard About VISA: - The VISA brand grew from a scheme launched by the Bank of America, which was subsequently licensed by Barclaycard in the United Kingdom in 1966. - By the middle of 1995, VISA owned by its 180,000 member financial institutions, had issued more than 420 million cards and is accepted by more than 12 million merchants in 247 countries. About MasterCard: - MasterCard is of comparable size with 13 million merchants in 220 countries and 22,000 member organizations. - More than 800 million cards issued and nearly $1,300 billion of sales each year. Jerry Gao Ph.D.5/2000 Introduction To Credit Card-Based Payment Systems Topic: Account-Based Electronic Payment Systems

4 Different types of payment card schemes: (A) Credit cards, where payments are set against a special-purpose account associated with some form of installment-based repayment scheme or a revolving line of credit. - pay later with limit and interest rate. (B) Debit cards (paperless checks) are linked to a checking/saving account. - pay now with balance checking. (C)Charge cards: work in a similar way to credit cards in that payments are set against a special-purpose account. - payment must be made at the end of billing period without limit. (D) Travel and entertainment cards are charge cards whose usage is linked to airlines, hotels, restaurants, car rental companies, or particular retail outlets. Jerry Gao Ph.D.5/2000 Introduction To Credit Card-Based Payment Systems Topic: Account-Based Electronic Payment Systems

5 Jerry Gao Ph.D.5/2000 Introduction To Credit Card-Based Payment Systems Topic: Account-Based Electronic Payment Systems Card Association Card Issuer’s Bank Card Acquirer’s Bank MerchantCardHolder Payment Model:

6 Jerry Gao Ph.D.5/2000 Introduction To Credit Card-Based Payment Systems Topic: Account-Based Electronic Payment Systems Region -------------------------------------------------------------------------------------------------------- U.S.358.4 228.1202.4 174 Europe262.4 81.2not available 53.5 Asia-Pacific 91.6 73116.2 72.5 Canada 36.8 18.6not available not available Middle East 5.6 2.3 5.5 2 Africa Latin America 23.6 21.419.1 21.2 Totals778.4 424.7470 338.7 VISA (total $1248.4B sales) ----------------------------------------------- Sales Volume No. of billions of $(U.S.) Cards (millions) MasterCard (763.4 million cards) -------------------------------------------- Sales Volume No. of billions of $(U.S.) Cards (millions)

7 Jerry Gao Ph.D.5/2000 Topic: Electronic Cash Payment Protocols and Systems Special Features of Credit Card-Based Electronic Payment Systems - Online Transaction. - Anonymity: This ensure that no detailed cash transactions for customer are traceable. Even sellers do not know the identity of customers involved in the purchases - Security: High security and low risk due to the use of traditional banking system and user accounts. - Standardization: Use of the existing standardized payment model - Flexibility:consumers can have multiple cards used in different countries and concurrency - All transactions can be easily traced by banking system and merchants.

8 Jerry Gao Ph.D.5/2000 Topic: Electronic Check Payment Protocols and Systems Limitations: - Dependency: dependent on existing banking systems. - Transaction cost: high transaction cost compared with other approaches - Performance: slower performance due to the authentication and account validation using the existing banking systems - Privacy:consumer loss of the privacy of their transactions Special Features of Credit Card-Based Electronic Payment Systems

9 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems About First Virtual: - First Virtual was the first Credit Card Processing System started in Oct. 1994 by a company called First Virtual Holding. -The product is called Virtual PIN. - The major goal is to allow the selling of low value information items across the network without the need of a client software or hardware to be in place. - Both the merchant and the buyers are required to register with First Virtual before any transactions can take place. - First Virtual depends on the conventional bank automated clearing house (ACH) service. - First Virtual use WWW web server to support online purchasing and selling. - Security method: VirtualPIN are used to verify accounts of merchants and buyers. Credit Card-Based Electronic Payment System: First Virtual

10 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: First Virtual Web Server First Virtual Internet Payment System Server Buyer 1. Account ID 4. Information Goods 2. Account ID Valid? 3. Account OK! 5. Transaction Details 7. Accept/Reject or Fraud Indication 6. Satisfied Buying with First Virtual:

11 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems Major advantages of First Virtual: - Simple due to: - no use of encryption - no export problems - simple exchanges without special software and hardware at the client side - server software is not complex The disadvantages and limitations of First Virtual: - Both merchants and buyers must pre-register. - No encryption mechanisms are used. Credit Card-Based Electronic Payment System: First Virtual

12 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems History of SET: - In October 1995, the Secure Electronic Payment Protocol (SEPP) was proposed by the alliance of MasterCard, Netscape Corp, IBM, and others. - After a few days, a different network payment specification, called Secure Transaction Technology (STT) was launched by a VISA and Microsoft consortium. - Both efforts were made in parallel to develop secure payment protocols and technologies for a number of months. - In January 1996, both companies announced that they would come together to develop a unified system -- a secure Internet payment system based on Secure Electronic Transitions (SET) protocol. - It is developed by Visa and MasterCard jointly later. - Later, most significant organizations in the Internet payment industry have stated that they will support SET. Credit Card-Based Electronic Payment System: Set

13 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems Phases of a credit card payment addressed by SET standards: Credit Card-Based Electronic Payment System: Set Financial Network Card Issuer Card HolderMerchant Payment Gateway Non-Set Set

14 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: Set Set Transaction Processing Layer (E-Wallet,Digital Certificate) Application Layer Internet Protocol Layer HTTP, SMTPSSL, X.509 Set Transport and Secure Sockets Layer Set Message Structure Layer SET Protocol Layered Architecture:

15 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: Set Certificate Authority Certificate Authority Payment Gateway Payment Gateway CardholderMerchant Purchasing Transaction s Certify with CA for Digital Certificate Validates SET Digital Certificates, preprocesses, authorization, capture, and settlement work SET Process Architecture: E-WalletSET POS Certify with CA for Digital Certificate Wakeup

16 Store Front Certificate Authority E-WalletSET POS Payment Gateway Browser Merchant Server Acquirer Legacy System Bank Interchange CertReq CertRes PInitReq PInitRes PReq PRes AuthReq AuthRes CapReq CapRes Wakeup CertReq CertRes Post HTTP Page Message Details Wakeup AuthResAuthReq Shop wakeup Interactions among all SET entities: Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems

17 Cardholder Merchant Acquirer Payment Gateway Acquirer Payment Gateway PWakeup PInitReq PInitRes PReq PResAuthReq AuthRes InqReq InqRes CapReq CapRes Sequence of SET message pairs: Jerry Gao Ph.D.5/2000

18 Topic: Account-based Electronic Payment Systems The messages needed to perform a complete purchase transaction include: Initialization (PInitReq/PInitRes) Purchase order (PReq/Pres) Authorization (AuthReq/AuthRes) Capture of payment (CapReq/CapRes) Cardholder inquiry (InqReq/InqRes) Security mechanism in SET: Certification for all parties, including Cardholder CA, Merchant CA, and Payment CA. Authentication for parties based on a public-key pair with RSA. Encryption is performed on parts of certain messages. Dual signatures are used in the SET protocol. Jerry Gao Ph.D.5/2000 Credit Card-Based Electronic Payment System: Set

19 Topic: Account-based Electronic Payment Systems Jerry Gao Ph.D.5/2000 Credit Card-Based Electronic Payment System: Set Brand Certification Authority Geo-Political Authority (optional) Root Certification Authority Cardholder CA Cardholder Merchant CA Merchant Payment CA Payment Gateway

20 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems About CyberCash: - CyberCash is a secure Internet payment system developed by CyberCash, Inc., which is located at Reston, VA, USA, and it was found in August 1994 to provide software and service solutions for secure financial transactions over the Internet. - CyberCash uses special wallet software, enable consumers to make secure purchases using major credit cards from CyberCash-affiliated merchants. - the CyberCash payment system was launched in April 1995. It had over half a million copies in circulation. - CyberCash has other payment systems, such as CyberCoin (electronic cash system) and PayNow (electronic check system). Credit Card-Based Electronic Payment System: CyberCash

21 Jerry Gao Ph.D.5/2000 Topic: Account-based Electronic Payment Systems Features of CyberCash: - Use the existing credit card infrastructure for settlement payments. - Use cryptographic techniques to protect the transaction data during a purchase. - Authenticate the identifies of both parties to the transaction. - Provide online transaction and online authentication. - Broker the transaction between merchant’s bank and cardholder’s bank. Credit Card-Based Electronic Payment System: CyberCash

22 Jerry Gao Ph.D.5/2000 Topic: Account-Based Payment Protocols and Systems Credit Card-Based Electronic Payment System: CyberCash Web Browser Customer Wallet Web Server Merchant Software CyberCash Server Shopping Purchase Purchase messagesRegistration Card binding Banking Network Internet CyberCash Payment Model

23 Jerry Gao Ph.D.5/2000 Topic: Account-Based Payment Protocols and Systems Credit Card-Based Electronic Payment System: CyberCash Payment Steps in a CyberCash Purchase Consumer Cybercash Server (CS) Merchant Click “PAY” order form forward details issue receipt authorize + clear with bank Credit-card pay Payment-req Charge-card-res auth-capture charge-action-res Finish shopping Choose CC, addr log transaction

24 Topic: Account-Based Payment Protocols and Systems Credit Card-Based Electronic Payment System: CyberCash HeaderTransportTrailerOpaque CyberCash Messages: Header: It indicates the start of a CyberCash message. Transport: It contains the order information in a purchase, transaction ID, date, and the key ID to the encrypt the opaque part. Opaque:The encrypted part of a message. Trailer:the end of a CyberCash message.

25 Jerry Gao Ph.D.5/2000 Topic:Elect ronic Check Payment Protocols and Systems Overview of NetBill: - NetBill is a dependable, secure and economical payment method for purchasing digital goods and services through the Internet. - NetBill protocol is developed by Carnegie Mellon University. - In partnership with Visa International and Mellon Bank, the first trial of the system was installed in early 1996. Major goals of NetBill: - Support high transaction volumes at low cost - Provide authentication, privacy, and security for transactions - Provide account management and administration for consumers and merchants Electronic Check Payment System: NetBill

26 Jerry Gao Ph.D.5/2000 Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment Process: NetBill NetBill Server CustomerMerchant Bank Network

27 Jerry Gao Ph.D.5/2000 Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill 1. Consumer’s application send a price quote request to the merchant’s application through a checkbook library. 2. Merchant’s application sends back the price quote the consumer’s application. 3. Consumer accepts the price quote, and then sends a purchase request through the Checkbook library. 4. Merchant’s application sends to the consumer’s Checkbook encrypted in a one- time key. 5.Consumer sends a electronic payment order (EPO) to merchant’s application. 6. The merchant’s application sends the endorsed EPO to the NetBill server. 7. NetBill server verifies that the consumer and merchant signatures are valid. Then, return the merchant a digitally signed receipt with a decryption key. 8. The merchant’s application forward the NetBill server’s receipt to the Check book. NetBill Server CustomerMerchant 1 2 3 4 8 6 75

28 Jerry Gao Ph.D.5/2000 Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill NetBill Archecture: (Source: NetBill 1994 Prototype) Consumer Application Checkbook Merchant Application Till User Admin. Server Transaction Server Security Server System Admin. Server Payment & Collection Server DB

29 Jerry Gao Ph.D.5/2000 Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill Major features of NetBill: - Certified delivery: delivering encrypted information goods and then charging against the consumer’s NetBill account. Then, decryption key registration are used at both the merchant’s application and the NetBill server. - Scalability: the bottleneck in the NetBill model is the NetBill Server which supports many different merchants. - Support for flexible pricing: by including the steps of offer and acceptance. The merchant can calculate a customized quote for individual consumer. - Protection of consumer accounts against unscrupulous merchants in a conventional credit card transaction.

30 Jerry Gao Ph.D.5/2000 Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill Security Mechanisms of NetBill: - Create a NetBill account for each consumer by using a unique user ID and the RSA public key. - the key pair is certified by NetBill and is used for signatures and authentication in the system. -These signatures are used to check the elements of NetBill transactions (the price quote, the acceptance, etc) really came from the right parties. - NetBill uses symmetric cryptogrphy method for message authentication and encryption and decryption.

31 Jerry Gao Ph.D.5/2000 Topic:Elect ronic Check Payment Protocols and Systems Overview of FSTC: - The Financial Service Technology Consortium (FSTC) is a group of American Banks, research agencies, and government organizations, formed in 1995. - The basic concepts is use electronic checks to conduct payment transactions. - In Sept. 1995, a demonstration of the FSTC electronic check concept was given that involved a purchase of an item from a merchant site on the Internet. - the FSTC payment system uses: - electronic checks to transfer and moves funds from the buyer’s bank account to the merchant’s bank account based on a conventional ACH network. - a secure hardware device, called a “Smart Token”, is used to play as a “checkbook”. It takes the form of a PC card with an in-built cryptographic support processor.. Electronic Check Payment System: FSTC

32 Jerry Gao Ph.D.5/2000 Topic:Electronic Check Payment Protocols and Systems Electronic Check Payment System: FSTC payerPayee Secure H/W Debit Account Credit Account ACH Check Clearing Checkbook (secure H/W) Secure envelope invoice E-mail Statement Secure envelope Certs Sig Check Electronic check Certs endorsement certs sig check

33 Jerry Gao Ph.D.5/2000 Topic:Electronic Check Payment Protocols and Systems Electronic Check Payment System: FSTC’s Functional Flows payerPayee writeendorse Payer’s Bank Payee’s Bank debitcredit 1. pay 5. statement2. deposit4. report 3.clear payerPayee write Payer’s Bank Payee’s Bank debitEndorse & credit 1. pay 4. statement 3.accounts receivable update 2.clear payerPayee writeendorse Payer’s Bank Payee’s Bank debitcredit 1. pay 6. statement 2.cash 5. report 4.EFT payerPayee write Payer’s Bank Payee’s Bank debitcredit 1. pay 5. statement 3. Accounts Receivable update 2.EFT 3.notify Deposit-and-clear scenarioCash-and-transfer scenario Lockbox scenarioFund transfer scenario


Download ppt "Account-Based Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:"

Similar presentations


Ads by Google