• No results found

Chapter 10. e-payments

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Chapter 10. e-payments"

Copied!
46
0
0

Loading.... (view fulltext now)

Download now ( 46 Page )

Full text

(1)

Chapter 10

(2)

Learning Objectives

Understand the crucial factors determining the

success of e-payment methods

Describe the key elements in securing an

e-payment

Discuss the players and processes involved in

using credit cards online

(3)

Describe different categories and potential uses

of smart cards

Discuss various online alternatives to credit card

payments and identify under what

circumstances they are best used

Describe the processes and parties involved in

e-checking

(4)

Electronic Payments

Paying with credit cards online

Until recently consumers were extremely reluctant to use their credit card numbers on the Web

This is changing because:

Many of people who will be on the Internet in 2004 have not even had their first Web

experience today

(5)

Electronic Payments (cont.)

Four parties involved in e-payments

Issuer (financial institutions)

Customers must obtain e-payment accounts from an issuer

Issuers are usually involved in authenticating a transaction and approving the amount involved

Customer/payer/buyer Merchant/payee/seller

(6)

Electronic Payments (cont.)

Key issue of trust must be addressed PAIN Privacy Authentication and authorization Integrity Nonrepudiation -non-refundable Characteristics of successful e-payment methods Independence Interoperability and portability Security Anonymity Divisibility Ease of use

(7)

Security for E-Payments

Public key infrastructure (PKI)—a scheme for

securing e-payments using

public key encryption

and various technical components;

digital

signatures, digital certificates

with a network application.

PKI is also the foundation of a number of network applications including:

Supply chain management Virtual private networks Secure e-mail

(8)

Security for E-Payments

Public key encryption

Encryption (cryptography)—the process of

scrambling (

encrypting

) a message in such a

way that it is difficult, expensive, or time consuming for an unauthorized person to unscramble (

decrypt

) it

(9)

Security for E-Payments (cont.)

All encryption has four basic parts:

Plaintext—the original message in human-readable form

Ciphertext—a plaintext message after it has been encrypted into unreadable form

Encryption algorithm—the mathematical formula used to encrypt the plaintext into ciphertext and vice versa

Key—the secret code used to encrypt and decrypt a message

(10)

Security for E-Payments (cont.)

Two major classes of encryption systems:

Symmetric (private key)

Used to encrypt and decrypt plain text Shared by sender and receiver of text

Asymmetric (public key)

Uses a pair of keys

(11)

Security for E-Payments (cont.)

Public key encryption—method of

encryption that uses a

pair

of keys—a

public key to encrypt a message and a

private key (kept only by its owner) to

decrypt it, or vice versa

Private key—secret encryption code held only by its owner

Public key—secret encryption code that is publicly available to anyone

(12)

Exhibit 10.1

(13)

Digital signatures—an identifying code that

can be used to authenticate the identity of the

sender of a message or document

Used to:

Authenticate/validate the identity of the sender of a message or document

Ensure the original content of the electronic message or document is unchanged

(14)

Security for E-Payments (cont.)

Digital Signatures—how they work:

1. Create an e-mail message with the contract in it 2. Using special software, you “hash” the message,

converting it into a string of digits (message digest)

3. You use your private key to encrypt the hash (your digital signature)

(15)

Security for E-Payments (cont.)

4. E-mail the original message along with the encrypted hash to the receiver

5. Receiver uses the same special software to hash the message they received

6. Company uses your public key to decrypt the message hash that you sent. If their hash

matches the decrypted hash, then the message is valid

(16)

Exhibit 10.3

(17)

Security for E-Payments (cont.)

Digital certificates— verification that the holder of a public or private key is who he or she claims to be

Certificate authorities (CAs)—third parties that issue digital

certificates Name : “Richard” key-Exchange Key : Signature Key : Serial # : 29483756 Other Data : 10236283025273 Expires : 6/18/04

(18)

Standards for E-Payments

Protocols for securing e-payments:

Secure socket layer (SSL)—protocol that utilizes

standard certificates for authentication and

data encryption to ensure privacy or

confidentiality.

Transport Layer Security (TLS)—as of 1996,

another name for the Secure Socket Layer

protocol

(19)

Standards for E-Payments (cont.)

Secure Electronic Transaction (SET)—a

protocol designed to provide a complete

secure online credit card transactions for

both consumers and merchants;

developed jointly by Netscape, Visa,

MasterCard, and others

(20)

Electronic Cards and Smart Cards

Payment cards—electronic cards that contain

information that can be used for payment

purposes

Credit cards—provides holder with credit to make purchases up to a limit fixed by the card issuer

Charge cards—balance on a charge card is

supposed to be paid in full upon receipt of monthly statement

(21)

Electronic Cards and Smart Cards (cont.)

The Players

Cardholder

Merchant (seller) Issuer (your bank)

Acquirer (merchant’s financial institution, acquires the sales slips)

(22)

Exhibit 10.4

(23)

Electronic Cards and Smart Cards (cont.)

Credit card gateway— an online connection that ties a merchant’s systems to the back-end processing

systems of the credit card issuer

Virtual credit card—an e-payment system in which a credit card issuer gives a special transaction number that can be used online in place of regular credit card numbers

(24)

Electronic Cards and Smart Cards (cont.)

Electronic wallets (e-wallets)—a software

component in which a user stores credit card

numbers and other personal information; when

shopping online; the user simply clicks the

e-wallet to automatically fill in information

needed to make a purchase

One-click shopping—saving your order information on retailer’s Web server

(25)

Electronic Cards and Smart Cards (cont.)

Security risks with credit cards

Stolen cards

Reneging by the customer—authorizes a payment and later denies it

Theft of card details stored on merchant’s computer—isolate computer storing

information so it cannot be accessed directly from the Web

(26)

Electronic Cards and Smart Cards (cont.)

Purchasing cards—special-purpose payment

cards issued to a company’s employees to

be used solely for purchasing nonstrategic

materials and services up to a preset dollar

limit

(27)

E-Cards (cont.)

Benefits of using purchasing cards

Productivity gains (more time to focus on relationship with suppliers)

Bill consolidation (of small purchases)

Payment reconciliation (integrate with GL) Preferred pricing

Management reports

(28)

Exhibit 10.5

(29)

Smart Cards

Smart card—an electronic card containing an

embedded microchip that enables predefined

operations or the addition, deletion, or manipulation

of information on the card

(30)

Smart Cards (cont.)

Categories of smart cards

Contact card—a smart card containing a small gold plate on the face that when inserted in a smart-card reader makes contact and so

passes data to and from the embedded microchip

Contactless (proximity) card—a smart card with an embedded antenna, by means of

(31)

Smart Cards (cont.)

Securing smart cards

Theoretically, it is possible to “hack” into a smart card

Most cards can now store the information in encrypted form

Same cards can also encrypt and decrypt data that is downloaded or read from the card

(32)

Smart Cards (cont.)

Important applications of smart card use:

Loyalty Financial

Information technology Health and social welfare Transportation

(33)

E-Cash and

Innovative Payment Methods

E-cash—the digital equivalent of paper

currency and coins, which enables secure

and anonymous purchase of low-priced

items

Micropayments—small payments, usually

under $10

(34)

E-Coin.net

System consists of three participants:

User

Opens an account with eCoin.com

Downloads a special e-wallet to their desktop PC Purchases some eCoins with a credit card

Merchant—embeds a special eCoin icon in its payment page

eCoin server—operates as a broker

(35)

E-Cash and

Payment Card Alternatives (cont.)

Wireless payments

Vodafone “m-pay bill” system that enables wireless subscribers to use their mobile phones to make

micropayments

Qpass (qpass.com); micropayment system

used to purchase content from news services

(New York Times)

(36)

Stored-Value Cards

Stores cash downloaded from bank or

credit card account

Visa cash—a stored-value card designed to handle small purchases or micropayments; sponsored by Visa

Mondex—a stored-value card designed to handle small purchases or micropayments;

(37)

E-Loyalty and Reward Programs

Loyalty programs online

B2C sites spend hundreds of dollars acquiring new customers

Payback only comes from repeat customers who are likely to refer other customers to a site

Electronic script—a form of electronic money (or

points), issued by a third party as part of a

loyalty program; can be used by consumers to

make purchases at participating stores

(38)

Internetcash.com

Teenage market—primary reason for going

online

Communicating with friends via email and chat rooms

homework

Researching information Playing games

(39)

Internetcash (cont.)

Why they do not shop online

Parents will not let them children their

(the

parents)

credit cards online

They cannot touch the products

It is difficult to return items purchased on the Web

They do not have the money Transaction may be insecure

(40)

Person-to-Person Payments

Person-to-person (P2P)

payments—e-payment schemes (such as paypal.com)

that enable the transfer of funds between

two individuals

Repaying money borrowed

Paying for an item purchased at online auction Sending money to students at college

(41)

Global B2B Payments

Letters of credit (LC)—a written agreement

by a bank to pay the seller, on account of the

buyer, a sum of money upon presentation of

certain documents

TradeCard (tradecard.com)—innovative

e-payment method that uses a e-payment card

(42)

Electronic Letters of Credit (LC)

Benefits to sellers Credit risk is reduced Payment is highly assured Political/country risk is reduced

Benefits to the buyer

Allows buyer to

negotiate for a lower purchase price

Buyer can expand its source of supply

Funds withdrawn

from buyer’s account only after the

(43)

TradeCard Payments

(alternative to LoC)

TradeCard allows businesses to effectively and

efficiently complete B2B transactions whether large or small, domestic or cross-border, or in multiple

currencies

Buyers and sellers interact with each other via the TradeCard system

System

Checks purchase orders for both parties

Awaits confirmation from a logistics company that deliveries have been made and received

(44)

E-Checking

E-check—the electronic version or

representation of a paper check

Eliminate need for expensive process

reengineering and takes advantage of the competency of the banking industry

eCheck Secure (from vantaguard.com) and

checkfree.com provide software that enables the purchase of goods and services with e-checks

(45)

Summary

Crucial factors determining the success of

an e-payment method

Key elements in securing an e-payment

Online credit card players and processes

The uses and benefits of purchasing cards

Categories and potential uses of smart

cards

(46)

Summary (cont.)

References

Download now ( PDF - 46 Page - 0.97 MB )

Related documents

Challenging the gendered rhetoric of success? The limitations of women-only mentoring for tackling gender inequality in the workplace

However, analysis of this programme illustrates the paradoxical nature of such equality programmes and just how ingrained the masculine norms of business and success are,

Depth and Pitch Control System for a Near Surface Submarine

Optimal unbounded depth and pitch controllers are designed a for a submarine with stern plane only control and b for a submarine with stern and fairwater plane control The

Educational breakthrough in eritrea: some expectations and outcomes

When we look at the educational profile: at tertiary level, the erstwhile Asmara University (now houses the College of Business & Economics), Eritrea

The Relevance of EU Law for Arbitral Tribunals: (Not) Managing the Lingering Tension

In the light of the above, the Court of Justice has been asked to adjudicate on the foundations of the interactions between EU law and investor-State dispute

‘An army of brigadiers’ British brigade commanders at the Battle of Arras 1917

illustrates the role played by Pelham Burn and his staff in acting as a conduit for information during the fighting between his battalions and his divisional HQ and, through

Whole genome landscapes of uveal melanoma show an ultraviolet radiation signature in iris tumours

Similarly we segregate our tumours into four categories based on CNAs: category 1 are chromosome 3 disomy (D3) tumours lacking chromosome 8q copy-number gain and frequently

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

The protocol will fail if the attacker intercepts the communication in this way; if the server’s message (M3) is intercepted, tampered or blocked up to twice, the server database

Pseudotyping exosomes for enhanced protein delivery in mammalian cells.

Collectively, our studies demonstrate the feasibility of using VSVG pseudotyping to engineer exosomes as bio- compatible vehicles with enhanced molecular functions that