Account-Based Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University email: jerrygao@email.sjsu.edu URL: http://www.engr.sjsu.edu/gaojerry Sept., 2000
Topic: Account-Based Electronic Payment Systems Presentation Outline - Introduction to Credit Card-Based Payment Systems - Credit-Card based electronic payment systems - First Virtual - CyberCash - Set - Electronic check payment systems - FSTC - NetBill - Comparisons and summary Jer0 All Rights Reserved
Topic: Account-Based Electronic Payment Systems Introduction To Credit Card-Based Payment Systems Credit Card payment schemes have been in use as a payment method since 1960s. There are two major international brands: VISA and MasterCard About VISA: - The VISA brand grew from a scheme launched by the Bank of America, which was subsequently licensed by Barclaycard in the United Kingdom in 1966. - By the middle of 1995, VISA owned by its 180,000 member financial institutions, had issued more than 420 million cards and is accepted by more than 12 million merchants in 247 countries. About MasterCard: - MasterCard is of comparable size with 13 million merchants in 220 countries and 22,000 member organizations. - More than 800 million cards issued and nearly $1,300 billion of sales each year. Jer
Topic: Account-Based Electronic Payment Systems Introduction To Credit Card-Based Payment Systems Different types of payment card schemes: (A) Credit cards, where payments are set against a special-purpose account associated with some form of installment-based repayment scheme or a revolving line of credit. - pay later with limit and interest rate. (B) Debit cards (paperless checks) are linked to a checking/saving account. - pay now with balance checking. (C)Charge cards: work in a similar way to credit cards in that payments are set against a special-purpose account. - payment must be made at the end of billing period without limit. (D) Travel and entertainment cards are charge cards whose usage is linked to airlines, hotels, restaurants, car rental companies, or particular retail outlets. Jer
Topic: Account-Based Electronic Payment Systems Introduction To Credit Card-Based Payment Systems Payment Model: Card Association Card Issuer s Bank Card Acquirer s Bank CardHolder Merchant Jer
Topic: Account-Based Electronic Payment Systems Introduction To Credit Card-Based Payment Systems VISA (total $1248.4B sales) MasterCard (763.4 million cards) ------------------------------------------------------------------------------------------- Sales Volume No. of Sales Volume No. of Region billions of $(U.S.) Cards (millions) billions of $(U.S.) Cards (millions) -------------------------------------------------------------------------------------------------------- U.S. 358.4 228.1 202.4 174 Europe 262.4 81.2 not available 53.5 Asia-Pacific 91.6 73 116.2 72.5 Canada 36.8 18.6 not available not available Middle East 5.6 2.3 5.5 2 Africa Latin America 23.6 21.4 19.1 21.2 Totals 778.4 424.7 470 338.7 Jer
Topic: Electronic Cash Payment Protocols and Systems Special Features of Credit Card-Based Electronic Payment Systems - Online Transaction. - Anonymity: This ensure that no detailed cash transactions for customer are traceable. Even sellers do not know the identity of customers involved in the purchases - Security: High security and low risk due to the use of traditional banking system and user accounts. - Standardization: Use of the existing standardized payment model - Flexibility: consumers can have multiple cards used in different countries and concurrency - All transactions can be easily traced by banking system and merchants.
Topic: Electronic Check Payment Protocols and Systems Special Features of Credit Card-Based Electronic Payment Systems Limitations: - Dependency: dependent on existing banking systems. - Transaction cost: high transaction cost compared with other approaches - Performance: slower performance due to the authentication and account validation using the existing banking systems - Privacy: consumer loss of the privacy of their transactions
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: First Virtual About First Virtual: - First Virtual was the first Credit Card Processing System started in Oct. 1994 by a company called First Virtual Holding. -The product is called Virtual PIN. - The major goal is to allow the selling of low value information items across the network without the need of a client software or hardware to be in place. - Both the merchant and the buyers are required to register with First Virtual before any transactions can take place. - First Virtual depends on the conventional bank automated clearing house (ACH) service. - First Virtual use WWW web server to support online purchasing and selling. - Security method: VirtualPIN are used to verify accounts of merchants and buyers.
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: First Virtual Buying with First Virtual: 2. Account ID Valid? Web Server 1. Account ID 3. Account OK! 5. Transaction Details 4. Information Goods 6. Satisfied Buyer First Virtual Internet Payment System Server 7. Accept/Reject or Fraud Indication
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: First Virtual Major advantages of First Virtual: - Simple due to: - no use of encryption - no export problems - simple exchanges without special software and hardware at the client side - server software is not complex The disadvantages and limitations of First Virtual: - Both merchants and buyers must pre-register. - No encryption mechanisms are used.
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: Set History of SET: - In October 1995, the Secure Electronic Payment Protocol (SEPP) was proposed by the alliance of MasterCard, Netscape Corp, IBM, and others. - After a few days, a different network payment specification, called Secure Transaction Technology (STT) was launched by a VISA and Microsoft consortium. - Both efforts were made in parallel to develop secure payment protocols and technologies for a number of months. - In January 1996, both companies announced that they would come together to develop a unified system -- a secure Internet payment system based on Secure Electronic Transitions (SET) protocol. - It is developed by Visa and MasterCard jointly later. - Later, most significant organizations in the Internet payment industry have stated that they will support SET.
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: Set Phases of a credit card payment addressed by SET standards: Non-Set Financial Network Non-Set Card Issuer Payment Gateway Set Card Holder Set Merchant
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: Set SET Protocol Layered Architecture: Application Layer Set Transaction Processing Layer (E-Wallet,Digital Certificate) Set Message Structure Layer Set Transport and Secure Sockets Layer HTTP, SMTP SSL, X.509 Internet Protocol Layer
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: Set SET Process Architecture: Cardholder Merchant Wakeup Certify with CA for Digital Certificate E-Wallet Wakeup Purchasing Transaction s SET POS Certify with CA for Digital Certificate Certificate Certificate Authority Authority Certify with CA for Digital Certificate Validates SET Digital Certificates, preprocesses, authorization, capture, and settlement work Payment Payment Gateway Gateway Gao Ph.D. 5/2000
Topic: Account-based Electronic Payment Systems Interactions among all SET entities: Wakeup E-Wallet Browser CertReq Post HTTP Page Certificate Authority CertReq CertRes PInitReq PInitRes PReq PRes Shop wakeup Message Details SET POS Merchant Server Store Front CertRes CertRes Wakeup AuthReq AuthRes CapReq CapRes CertReq AuthRes Payment Gateway Acquirer Legacy System AuthReq Bank Interchange Gao Ph.D. 5/2000
Topic: Account-based Electronic Payment Systems Sequence of SET message pairs: Cardholder Cardholder Merchant Merchant Acquirer Acquirer Payment Payment Gateway Gateway PWakeup PInitReq PInitRes PReq PRes InqReq InqRes AuthReq AuthRes CapReq CapRes Gao Ph.D. 5/2000
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: Set The messages needed to perform a complete purchase transaction include: Initialization (PInitReq/PInitRes) Purchase order (PReq/Pres) Authorization (AuthReq/AuthRes) Capture of payment (CapReq/CapRes) Cardholder inquiry (InqReq/InqRes) Security mechanism in SET: Certification for all parties, including Cardholder CA, Merchant CA, and Payment CA. Authentication for parties based on a public-key pair with RSA. Encryption is performed on parts of certain messages. Dual signatures are used in the SET protocol. Gao Ph.D. 5/2000
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: Set Root Certification Authority Brand Certification Authority Geo-Political Authority (optional) Cardholder CA Merchant CA Payment CA Cardholder Merchant Payment Gateway Gao Ph.D. 5/2000
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: CyberCash About CyberCash: - CyberCash is a secure Internet payment system developed by CyberCash, Inc., which is located at Reston, VA, USA, and it was found in August 1994 to provide software and service solutions for secure financial transactions over the Internet. - CyberCash uses special wallet software, enable consumers to make secure purchases using major credit cards from CyberCash-affiliated merchants. - the CyberCash payment system was launched in April 1995. It had over half a million copies in circulation. - CyberCash has other payment systems, such as CyberCoin (electronic cash system) and PayNow (electronic check system).
Topic: Account-based Electronic Payment Systems Credit Card-Based Electronic Payment System: CyberCash Features of CyberCash: - Use the existing credit card infrastructure for settlement payments. - Use cryptographic techniques to protect the transaction data during a purchase. - Authenticate the identifies of both parties to the transaction. - Provide online transaction and online authentication. - Broker the transaction between merchant s bank and cardholder s bank.
Topic: Account-Based Payment Protocols and Systems Credit Card-Based Electronic Payment System: CyberCash Customer Wallet Web Browser Registration Card binding CyberCash Server Purchase Shopping Purchase messages Merchant Software Web Server Banking Network Internet CyberCash Payment Model
Topic: Account-Based Payment Protocols and Systems Credit Card-Based Electronic Payment System: CyberCash Consumer Merchant Cybercash Server (CS) Finish shopping Click PAY Payment-req order form Choose CC, addr Credit-card pay Charge-card-res forward details issue receipt auth-capture charge-action-res authorize + clear with bank log transaction Payment Steps in a CyberCash Purchase
Topic: Account-Based Payment Protocols and Systems Credit Card-Based Electronic Payment System: CyberCash CyberCash Messages: Header Transport Opaque Trailer Header: It indicates the start of a CyberCash message. Transport: It contains the order information in a purchase, transaction ID, date, and the key ID to the encrypt the opaque part. Opaque: Trailer: The encrypted part of a message. the end of a CyberCash message.
Topic:Elect ronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill Overview of NetBill: - NetBill is a dependable, secure and economical payment method for purchasing digital goods and services through the Internet. - NetBill protocol is developed by Carnegie Mellon University. - In partnership with Visa International and Mellon Bank, the first trial of the system was installed in early 1996. Major goals of NetBill: - Support high transaction volumes at low cost - Provide authentication, privacy, and security for transactions - Provide account management and administration for consumers and merchants
Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment Process: NetBill Merchant Customer Network Bank NetBill Server
Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill Merchant 1 2 3 Customer 6 NetBill Server 4 5 7 8 1. Consumer s application send a price quote request to the merchant s application through a checkbook library. 2. Merchant s application sends back the price quote the consumer s application. 3. Consumer accepts the price quote, and then sends a purchase request through the Checkbook library. 4. Merchant s application sends to the consumer s Checkbook encrypted in a onetime key. 5.Consumer sends a electronic payment order (EPO) to merchant s application. 6. The merchant s application sends the endorsed EPO to the NetBill server. 7. NetBill server verifies that the consumer and merchant signatures are valid. Then, return the merchant a digitally signed receipt with a decryption key. 8. The merchant s application forward the NetBill server s receipt to the Check book.
Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill NetBill Archecture: (Source: NetBill 1994 Prototype) Consumer Application Checkbook Merchant Application Till Security Server Transaction Server User Admin. Server Payment & Collection Server DB System Admin. Server
Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill Major features of NetBill: - Certified delivery: delivering encrypted information goods and then charging against the consumer s NetBill account. Then, decryption key registration are used at both the merchant s application and the NetBill server. - Scalability: the bottleneck in the NetBill model is the NetBill Server which supports many different merchants. - Support for flexible pricing: by including the steps of offer and acceptance. The merchant can calculate a customized quote for individual consumer. - Protection of consumer accounts against unscrupulous merchants in a conventional credit card transaction.
Topic: Electronic Check Payment Protocols and Systems Electronic Check Payment System: NetBill Security Mechanisms of NetBill: - Create a NetBill account for each consumer by using a unique user ID and the RSA public key. - the key pair is certified by NetBill and is used for signatures and authentication in the system. -These signatures are used to check the elements of NetBill transactions (the price quote, the acceptance, etc) really came from the right parties. - NetBill uses symmetric cryptogrphy method for message authentication and encryption and decryption.
Topic:Elect ronic Check Payment Protocols and Systems Electronic Check Payment System: FSTC Overview of FSTC: - The Financial Service Technology Consortium (FSTC) is a group of American Banks, research agencies, and government organizations, formed in 1995. - The basic concepts is use electronic checks to conduct payment transactions. - In Sept. 1995, a demonstration of the FSTC electronic check concept was given that involved a purchase of an item from a merchant site on the Internet. - the FSTC payment system uses: - electronic checks to transfer and moves funds from the buyer s bank account to the merchant s bank account based on a conventional ACH network. - a secure hardware device, called a Smart Token, is used to play as a checkbook. It takes the form of a PC card with an in-built cryptographic support processor..
Topic:Electronic Check Payment Protocols and Systems Electronic Check Payment System: FSTC Checkbook (secure H/W) payer E-mail Statement invoice Secure envelope Certs Sig Check Electronic check Secure envelope Secure H/W Payee Certs endorsement certs sig check ACH Check Clearing Debit Account Credit Account
Topic:Electronic Check Payment Protocols and Systems Electronic Check Payment System: FSTC s Functional Flows Deposit-and-clear scenario Cash-and-transfer scenario write payer 1. pay endorse Payee write payer 1. pay endorse Payee 5. statement 2. deposit 4. report Payer s Payee s Bank 3.clear Bank debit credit Lockbox scenario write 6. statement 2.cash 3.notify 5. report Payer s Payee s Bank 4.EFT Bank debit credit Fund transfer scenario write 4. statement payer Payer s Bank debit 1. pay Payee Payee s Bank 2.clear Endorse & credit 3.accounts receivable update payer 5. statement Payer s Bank debit 1. pay 2.EFT Payee Payee s Bank credit 3. Accounts Receivable update