E-Payment gateways. Opportunities & Threats. Saleem Zoughbi

Transcription

1 E-Payment gateways Opportunities & Threats Saleem Zoughbi

2 2/18 Lexicon! e-payment The action of submitting a value of money from one source to another electronically e-payment Gateway The framework (including the operating process) through which the e-payment can be initiated e-payment Platform The tangible and non-tangible components that implements the gateway (HW, SW, application, etc.)

3 3/18 Lexicon! e-payment Environment The e-payment platform with the users, rules and specific protocols used Knowledge The aggregates of data, metadata and all related databases in any architecture (such as distributed, etc.) Regulator The actual decision-making and law enforcer body

4 Anatomy of e-payment Environments 4/18 Security level 1 Security level 2 Infrastructure: Hardware, Connectivity, Operating systems

5 5/18 Infrastructure Common to all e-service platforms Hardware: Servers Connectivity: Networking Operating Systems: (OS & NOS)

6 6/18 Anatomy of e-payment Systems Component Level Remark Suitable Knowledge 1 Core DBases Distributed Process Agents 2 e-government: Applied processes designed Legal Agents 3 e-governance and related legislation Transactions Management SOA e-signature 4 Maturity 4 Secure MIS

7 7/18 Security Levels Security level 1: (User level) Security level 2: (Transaction level) 1. Access, 2. Authentication 3. Presence 1. Permission, 2. Encoding 3. Verification Allowed to use, share and be present on the gateway Permitted to request a transaction and complete it

8 8/18 Gateway Entrance Risk Server (CERT oriented) Security Level 1 Server Security Level 2 Server

9 9/18 Typical 7 tiers of the e-payment Gateways 1. Bank: Pays and receives funds 2. Citizen: Initiates transaction and completes it 3. Company Receives transaction request and cooperate to enable Citizen to complete it

10 10/18 Typical 7 tiers of the e-payment Gateways 4. Monetary regulator : Issues credit cards Manage currency changes, etc. 5. Security Office: Authenticates users Permits or rejects access, processes, etc. 6. Legal Regulator: Provides rules and laws to protect user Provides a conflict resolution mechanism, etc. 7. Technical provider: Provides environment:(hardware & software & communications)

11 11/18 A 7-Tier complex Environment Bank Citizen (Payer) Company (Payee) Monetary Regulator e-payment Environment Legal regulator Security Office Technical Provider

12 12/18 Stages of e-payment 1 2 3

13 13/18 1. Entrance 2. Request Simple Log-in & Password Dynamic Password Encryption Secure log-in authentically (finger prints, etc.) Choice from menus Single Window as much as possible Process verification Submittal for confirmation History tracking

14 14/18 3- TRANSACT Security Office Monetary Regulator Legal regulator

15 15/18 Priority Issues Encryption & Encoding 1 Broadband specifications 2 Information protocol enforcement among stakeholders 3 Fraud counter measures 4 1. Dynamic, secure: cases: (classical examples: PGP / Viterbi) 2. Unified and minimum advocated, with access to all citizens (household or centers) 3. Standards of data specifications, and rules exchange and sharing: the W5: what, when, how, who and where 4. Laws and enforcement of laws to counter fraud and provide preventive measures Building Trust

16 16/18 Murphy's e-payment Laws Any e-payment gateway, when running, is obsolete. If an e-payment gateway is safe and useful, it is time to plan it to be changed. The sensitivity and security of data should force an ON- GOING process of enhancement the lifetime of an e- Payment gateway is shorter than other information systems: it is being hacked and attacked constantly, with increasing malicious intelligence!

17 17/18 A Concluding Question: Have you conducted in the last month a transaction on the net using credit cards? No Ye s

18 18/18 Issues for Future e-payments Personalized budgets automated in the bank.. Citizen is advised and questioned by the gateway real-time! ( cc: internal intelligence???). Value-added: Transparency and anti-corruption or violation of rights? Thank You