Chapter 10. e-payments

Transcription

1 Chapter 10 e-payments AIS 360Prentice Hall,

2 Learning Objectives Understand the crucial factors determining the success of e-payment methods Describe the key elements in securing an e-payment Discuss the players and processes involved in using credit cards online Describe the uses and benefits of purchase cards AIS 360 2

3 Learning Objectives (cont.) Describe different categories and potential uses of smart cards Discuss various online alternatives to credit card payments and identify under what circumstances they are best used Describe the processes and parties involved in e-checking AIS 360 3

4 Electronic Payments Paying with credit cards online Until recently consumers were extremely reluctant to use their credit card numbers on the Web This is changing because: Many of people who will be on the Internet in 2004 have not even had their first Web experience today 85% of the transactions that occur on the Web are B2B rather than B2C (credit cards are rarely used in B2B transactions) AIS 360 4

5 Electronic Payments (cont.) Four parties involved in e-payments Issuer (financial institutions) Customers must obtain e-payment accounts from an issuer Issuers are usually involved in authenticating a transaction and approving the amount involved Customer/payer/buyer Merchant/payee/seller Regulator (govt. agency) AIS 360 5

6 Electronic Payments (cont.) Key issue of trust must be addressed PAIN Privacy Authentication and authorization Integrity Nonrepudiation -non-refundable Characteristics of successful e-payment methods Independence Interoperability and portability Security Anonymity Divisibility Ease of use Transaction fees AIS 360 6

7 Security for E-Payments Public key infrastructure (PKI) a scheme for securing e-payments using public key encryption and various technical components; digital signatures, digital certificates with a network application. PKI is also the foundation of a number of network applications including: Supply chain management Virtual private networks Secure Intranet applications AIS 360 7

8 Security for E-Payments Public key encryption Encryption (cryptography) the process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time consuming for an unauthorized person to unscramble (decrypt) it AIS 360 8

9 Security for E-Payments (cont.) All encryption has four basic parts: Plaintext the original message in humanreadable form Ciphertext a plaintext message after it has been encrypted into unreadable form Encryption algorithm the mathematical formula used to encrypt the plaintext into ciphertext and vice versa Key the secret code used to encrypt and decrypt a message AIS 360 9

10 Security for E-Payments (cont.) Two major classes of encryption systems: Symmetric (private key) Used to encrypt and decrypt plain text Shared by sender and receiver of text Asymmetric (public key) Uses a pair of keys Public key to encrypt the message Private key to decrypt the message AIS

11 Security for E-Payments (cont.) Public key encryption method of encryption that uses a pair of keys a public key to encrypt a message and a private key (kept only by its owner) to decrypt it, or vice versa Private key secret encryption code held only by its owner Public key secret encryption code that is publicly available to anyone AIS

12 Exhibit 10.1 Private Key Encryption AIS

13 Security for E-Payments (cont.) Digital signatures an identifying code that can be used to authenticate the identity of the sender of a message or document Used to: Authenticate/validate the identity of the sender of a message or document Ensure the original content of the electronic message or document is unchanged AIS

14 Security for E-Payments (cont.) Digital Signatures how they work: 1. Create an message with the contract in it 2. Using special software, you hash the message, converting it into a string of digits (message digest) 3. You use your private key to encrypt the hash (your digital signature) AIS

15 Security for E-Payments (cont.) 4. the original message along with the encrypted hash to the receiver 5. Receiver uses the same special software to hash the message they received 6. Company uses your public key to decrypt the message hash that you sent. If their hash matches the decrypted hash, then the message is valid AIS

16 Exhibit 10.3 Digital Signatures AIS

17 Security for E-Payments (cont.) Digital certificates verification that the holder of a public or private key is who he or she claims to be Certificate authorities (CAs) third parties that issue digital certificates Name : Richard key-exchange Key : Signature Key : Serial # : Other Data : Expires : 6/18/04 Signed : CA s Signature AIS

18 Standards for E-Payments Protocols for securing e-payments: Secure socket layer (SSL) protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality. Transport Layer Security (TLS) as of 1996, another name for the Secure Socket Layer protocol AIS

19 Standards for E-Payments (cont.) Secure Electronic Transaction (SET) a protocol designed to provide a complete secure online credit card transactions for both consumers and merchants; developed jointly by Netscape, Visa, MasterCard, and others AIS

20 Electronic Cards and Smart Cards Payment cards electronic cards that contain information that can be used for payment purposes Credit cards provides holder with credit to make purchases up to a limit fixed by the card issuer Charge cards balance on a charge card is supposed to be paid in full upon receipt of monthly statement Debit card cost of a purchase drawn directly from holder s checking account (demand-deposit account) AIS

21 Electronic Cards and Smart Cards (cont.) The Players Cardholder Merchant (seller) Issuer (your bank) Acquirer (merchant s financial institution, acquires the sales slips) Card association (VISA, MasterCard) Third-party processors (outsourcers performing same duties formerly provided by issuers, etc.) AIS

22 Exhibit 10.4 Online Credit Card Processing AIS

23 Electronic Cards and Smart Cards (cont.) Credit card gateway an online connection that ties a merchant s systems to the backend processing systems of the credit card issuer Virtual credit card an e-payment system in which a credit card issuer gives a special transaction number that can be used online in place of regular credit card numbers AIS

24 Electronic Cards and Smart Cards (cont.) Electronic wallets (e-wallets) a software component in which a user stores credit card numbers and other personal information; when shopping online; the user simply clicks the e- wallet to automatically fill in information needed to make a purchase One-click shopping saving your order information on retailer s Web server E-wallet software downloaded to cardholder s desktop that stores same information and allows one-click-like shopping AIS

25 Electronic Cards and Smart Cards (cont.) Security risks with credit cards Stolen cards Reneging by the customer authorizes a payment and later denies it Theft of card details stored on merchant s computer isolate computer storing information so it cannot be accessed directly from the Web AIS

26 Electronic Cards and Smart Cards (cont.) Purchasing cards special-purpose payment cards issued to a company s employees to be used solely for purchasing nonstrategic materials and services up to a preset dollar limit AIS

27 E-Cards (cont.) Benefits of using purchasing cards Productivity gains (more time to focus on relationship with suppliers) Bill consolidation (of small purchases) Payment reconciliation (integrate with GL) Preferred pricing Management reports Control (the unplanned purchases) AIS

28 Exhibit 10.5 Participants & Process of Using a Purchasing Card AIS

29 Smart Cards Smart card an electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card AIS

30 Smart Cards (cont.) Categories of smart cards Contact card a smart card containing a small gold plate on the face that when inserted in a smart-card reader makes contact and so passes data to and from the embedded microchip Contactless (proximity) card a smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device AIS

31 Smart Cards (cont.) Securing smart cards Theoretically, it is possible to hack into a smart card Most cards can now store the information in encrypted form Same cards can also encrypt and decrypt data that is downloaded or read from the card Cost to the attacker of doing so far exceeds the benefits AIS

32 Smart Cards (cont.) Important applications of smart card use: Loyalty Financial Information technology Health and social welfare Transportation Identification AIS

33 E-Cash and Innovative Payment Methods E-cash the digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items Micropayments small payments, usually under $10 AIS

34 E-Coin.net System consists of three participants: User Opens an account with ecoin.com Downloads a special e-wallet to their desktop PC Purchases some ecoins with a credit card Merchant embeds a special ecoin icon in its payment page ecoin server operates as a broker Keeps customer and merchant accounts Accepts payment requests from the customer s e- wallet Computes embedded invoices for the merchant AIS

35 E-Cash and Payment Card Alternatives(cont.) Wireless payments Vodafone m-pay bill system that enables wireless subscribers to use their mobile phones to make micropayments Qpass (qpass.com); micropayment system used to purchase content from news services (New York Times) Charges to qpass account, are charged to a specified credit card on a monthly basis AIS

36 Stored-Value Cards Stores cash downloaded from bank or credit card account Visa cash a stored-value card designed to handle small purchases or micropayments; sponsored by Visa Mondex a stored-value card designed to handle small purchases or micropayments; sponsored by Mondex, a subsidiary of MasterCard AIS

37 E-Loyalty and Reward Programs Loyalty programs online B2C sites spend hundreds of dollars acquiring new customers Payback only comes from repeat customers who are likely to refer other customers to a site Electronic script a form of electronic money (or points), issued by a third party as part of a loyalty program; can be used by consumers to make purchases at participating stores AIS

38 Internetcash.com Teenage market primary reason for going online Communicating with friends via and chat rooms homework Researching information Playing games Downloading music or videos AIS

39 Internetcash (cont.) Why they do not shop online Parents will not let them children their (the parents) credit cards online They cannot touch the products It is difficult to return items purchased on the Web They do not have the money Transaction may be insecure AIS

40 Person-to-Person Payments Person-to-person (P2P) payments epayment schemes (such as paypal.com) that enable the transfer of funds between two individuals Repaying money borrowed Paying for an item purchased at online auction Sending money to students at college Sending a gift to a family member AIS

41 Global B2B Payments Letters of credit (LC) a written agreement by a bank to pay the seller, on account of the buyer, a sum of money upon presentation of certain documents TradeCard (tradecard.com) innovative e- payment method that uses a payment card AIS

42 Electronic Letters of Credit (LC) Benefits to sellers Credit risk is reduced Payment is highly assured Political/country risk is reduced Benefits to the buyer Allows buyer to negotiate for a lower purchase price Buyer can expand its source of supply Funds withdrawn from buyer s account only after the documents have been inspected by the issuing bank AIS

43 TradeCard Payments (alternative to LoC) TradeCard allows businesses to effectively and efficiently complete B2B transactions whether large or small, domestic or cross-border, or in multiple currencies Buyers and sellers interact with each other via the TradeCard system System Checks purchase orders for both parties Awaits confirmation from a logistics company that deliveries have been made and received Authorizes payment completing financial transaction between the buyer and seller AIS

44 E-Checking E-check the electronic version or representation of a paper check Eliminate need for expensive process reengineering and takes advantage of the competency of the banking industry echeck Secure (from vantaguard.com) and checkfree.com provide software that enables the purchase of goods and services with e-checks Used mainly in B2B AIS

45 Summary Crucial factors determining the success of an e-payment method Key elements in securing an e-payment Online credit card players and processes The uses and benefits of purchasing cards Categories and potential uses of smart cards Online alternatives to credit card payments AIS

46 Summary (cont.) E-check processes and involved parties AIS