Chapter 10 e-payments AIS 360Prentice Hall, 2003 1
Learning Objectives Understand the crucial factors determining the success of e-payment methods Describe the key elements in securing an e-payment Discuss the players and processes involved in using credit cards online Describe the uses and benefits of purchase cards AIS 360 2
Learning Objectives (cont.) Describe different categories and potential uses of smart cards Discuss various online alternatives to credit card payments and identify under what circumstances they are best used Describe the processes and parties involved in e-checking AIS 360 3
Electronic Payments Paying with credit cards online Until recently consumers were extremely reluctant to use their credit card numbers on the Web This is changing because: Many of people who will be on the Internet in 2004 have not even had their first Web experience today 85% of the transactions that occur on the Web are B2B rather than B2C (credit cards are rarely used in B2B transactions) AIS 360 4
Electronic Payments (cont.) Four parties involved in e-payments Issuer (financial institutions) Customers must obtain e-payment accounts from an issuer Issuers are usually involved in authenticating a transaction and approving the amount involved Customer/payer/buyer Merchant/payee/seller Regulator (govt. agency) AIS 360 5
Electronic Payments (cont.) Key issue of trust must be addressed PAIN Privacy Authentication and authorization Integrity Nonrepudiation -non-refundable Characteristics of successful e-payment methods Independence Interoperability and portability Security Anonymity Divisibility Ease of use Transaction fees AIS 360 6
Security for E-Payments Public key infrastructure (PKI) a scheme for securing e-payments using public key encryption and various technical components; digital signatures, digital certificates with a network application. PKI is also the foundation of a number of network applications including: Supply chain management Virtual private networks Secure e-mail Intranet applications AIS 360 7
Security for E-Payments Public key encryption Encryption (cryptography) the process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time consuming for an unauthorized person to unscramble (decrypt) it AIS 360 8
Security for E-Payments (cont.) All encryption has four basic parts: Plaintext the original message in humanreadable form Ciphertext a plaintext message after it has been encrypted into unreadable form Encryption algorithm the mathematical formula used to encrypt the plaintext into ciphertext and vice versa Key the secret code used to encrypt and decrypt a message AIS 360 9
Security for E-Payments (cont.) Two major classes of encryption systems: Symmetric (private key) Used to encrypt and decrypt plain text Shared by sender and receiver of text Asymmetric (public key) Uses a pair of keys Public key to encrypt the message Private key to decrypt the message AIS 360 10
Security for E-Payments (cont.) Public key encryption method of encryption that uses a pair of keys a public key to encrypt a message and a private key (kept only by its owner) to decrypt it, or vice versa Private key secret encryption code held only by its owner Public key secret encryption code that is publicly available to anyone AIS 360 11
Exhibit 10.1 Private Key Encryption AIS 360 12
Security for E-Payments (cont.) Digital signatures an identifying code that can be used to authenticate the identity of the sender of a message or document Used to: Authenticate/validate the identity of the sender of a message or document Ensure the original content of the electronic message or document is unchanged AIS 360 13
Security for E-Payments (cont.) Digital Signatures how they work: 1. Create an e-mail message with the contract in it 2. Using special software, you hash the message, converting it into a string of digits (message digest) 3. You use your private key to encrypt the hash (your digital signature) AIS 360 14
Security for E-Payments (cont.) 4. E-mail the original message along with the encrypted hash to the receiver 5. Receiver uses the same special software to hash the message they received 6. Company uses your public key to decrypt the message hash that you sent. If their hash matches the decrypted hash, then the message is valid AIS 360 15
Exhibit 10.3 Digital Signatures AIS 360 16
Security for E-Payments (cont.) Digital certificates verification that the holder of a public or private key is who he or she claims to be Certificate authorities (CAs) third parties that issue digital certificates Name : Richard key-exchange Key : Signature Key : Serial # : 29483756 Other Data : 10236283025273 Expires : 6/18/04 Signed : CA s Signature AIS 360 17
Standards for E-Payments Protocols for securing e-payments: Secure socket layer (SSL) protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality. Transport Layer Security (TLS) as of 1996, another name for the Secure Socket Layer protocol AIS 360 18
Standards for E-Payments (cont.) Secure Electronic Transaction (SET) a protocol designed to provide a complete secure online credit card transactions for both consumers and merchants; developed jointly by Netscape, Visa, MasterCard, and others AIS 360 19
Electronic Cards and Smart Cards Payment cards electronic cards that contain information that can be used for payment purposes Credit cards provides holder with credit to make purchases up to a limit fixed by the card issuer Charge cards balance on a charge card is supposed to be paid in full upon receipt of monthly statement Debit card cost of a purchase drawn directly from holder s checking account (demand-deposit account) AIS 360 20
Electronic Cards and Smart Cards (cont.) The Players Cardholder Merchant (seller) Issuer (your bank) Acquirer (merchant s financial institution, acquires the sales slips) Card association (VISA, MasterCard) Third-party processors (outsourcers performing same duties formerly provided by issuers, etc.) AIS 360 21
Exhibit 10.4 Online Credit Card Processing AIS 360 22
Electronic Cards and Smart Cards (cont.) Credit card gateway an online connection that ties a merchant s systems to the backend processing systems of the credit card issuer Virtual credit card an e-payment system in which a credit card issuer gives a special transaction number that can be used online in place of regular credit card numbers AIS 360 23
Electronic Cards and Smart Cards (cont.) Electronic wallets (e-wallets) a software component in which a user stores credit card numbers and other personal information; when shopping online; the user simply clicks the e- wallet to automatically fill in information needed to make a purchase One-click shopping saving your order information on retailer s Web server E-wallet software downloaded to cardholder s desktop that stores same information and allows one-click-like shopping AIS 360 24
Electronic Cards and Smart Cards (cont.) Security risks with credit cards Stolen cards Reneging by the customer authorizes a payment and later denies it Theft of card details stored on merchant s computer isolate computer storing information so it cannot be accessed directly from the Web AIS 360 25
Electronic Cards and Smart Cards (cont.) Purchasing cards special-purpose payment cards issued to a company s employees to be used solely for purchasing nonstrategic materials and services up to a preset dollar limit AIS 360 26
E-Cards (cont.) Benefits of using purchasing cards Productivity gains (more time to focus on relationship with suppliers) Bill consolidation (of small purchases) Payment reconciliation (integrate with GL) Preferred pricing Management reports Control (the unplanned purchases) AIS 360 27
Exhibit 10.5 Participants & Process of Using a Purchasing Card AIS 360 28
Smart Cards Smart card an electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card AIS 360 29
Smart Cards (cont.) Categories of smart cards Contact card a smart card containing a small gold plate on the face that when inserted in a smart-card reader makes contact and so passes data to and from the embedded microchip Contactless (proximity) card a smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device AIS 360 30
Smart Cards (cont.) Securing smart cards Theoretically, it is possible to hack into a smart card Most cards can now store the information in encrypted form Same cards can also encrypt and decrypt data that is downloaded or read from the card Cost to the attacker of doing so far exceeds the benefits AIS 360 31
Smart Cards (cont.) Important applications of smart card use: Loyalty Financial Information technology Health and social welfare Transportation Identification AIS 360 32
E-Cash and Innovative Payment Methods E-cash the digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items Micropayments small payments, usually under $10 AIS 360 33
E-Coin.net System consists of three participants: User Opens an account with ecoin.com Downloads a special e-wallet to their desktop PC Purchases some ecoins with a credit card Merchant embeds a special ecoin icon in its payment page ecoin server operates as a broker Keeps customer and merchant accounts Accepts payment requests from the customer s e- wallet Computes embedded invoices for the merchant AIS 360 34
E-Cash and Payment Card Alternatives(cont.) Wireless payments Vodafone m-pay bill system that enables wireless subscribers to use their mobile phones to make micropayments Qpass (qpass.com); micropayment system used to purchase content from news services (New York Times) Charges to qpass account, are charged to a specified credit card on a monthly basis AIS 360 35
Stored-Value Cards Stores cash downloaded from bank or credit card account Visa cash a stored-value card designed to handle small purchases or micropayments; sponsored by Visa Mondex a stored-value card designed to handle small purchases or micropayments; sponsored by Mondex, a subsidiary of MasterCard AIS 360 36
E-Loyalty and Reward Programs Loyalty programs online B2C sites spend hundreds of dollars acquiring new customers Payback only comes from repeat customers who are likely to refer other customers to a site Electronic script a form of electronic money (or points), issued by a third party as part of a loyalty program; can be used by consumers to make purchases at participating stores AIS 360 37
Internetcash.com Teenage market primary reason for going online Communicating with friends via email and chat rooms homework Researching information Playing games Downloading music or videos AIS 360 38
Internetcash (cont.) Why they do not shop online Parents will not let them children their (the parents) credit cards online They cannot touch the products It is difficult to return items purchased on the Web They do not have the money Transaction may be insecure AIS 360 39
Person-to-Person Payments Person-to-person (P2P) payments epayment schemes (such as paypal.com) that enable the transfer of funds between two individuals Repaying money borrowed Paying for an item purchased at online auction Sending money to students at college Sending a gift to a family member AIS 360 40
Global B2B Payments Letters of credit (LC) a written agreement by a bank to pay the seller, on account of the buyer, a sum of money upon presentation of certain documents TradeCard (tradecard.com) innovative e- payment method that uses a payment card AIS 360 41
Electronic Letters of Credit (LC) Benefits to sellers Credit risk is reduced Payment is highly assured Political/country risk is reduced Benefits to the buyer Allows buyer to negotiate for a lower purchase price Buyer can expand its source of supply Funds withdrawn from buyer s account only after the documents have been inspected by the issuing bank AIS 360 42
TradeCard Payments (alternative to LoC) TradeCard allows businesses to effectively and efficiently complete B2B transactions whether large or small, domestic or cross-border, or in multiple currencies Buyers and sellers interact with each other via the TradeCard system System Checks purchase orders for both parties Awaits confirmation from a logistics company that deliveries have been made and received Authorizes payment completing financial transaction between the buyer and seller AIS 360 43
E-Checking E-check the electronic version or representation of a paper check Eliminate need for expensive process reengineering and takes advantage of the competency of the banking industry echeck Secure (from vantaguard.com) and checkfree.com provide software that enables the purchase of goods and services with e-checks Used mainly in B2B AIS 360 44
Summary Crucial factors determining the success of an e-payment method Key elements in securing an e-payment Online credit card players and processes The uses and benefits of purchasing cards Categories and potential uses of smart cards Online alternatives to credit card payments AIS 360 45
Summary (cont.) E-check processes and involved parties AIS 360 46