Speaker: Jerry Gao Ph.D.
San Jose State University email: [email protected] URL: http://www.engr.sjsu.edu/gaojerry
Topic: Account-Based Electronic Payment Systems
- Introduction to Credit Card-Based Payment Systems
- Credit-Card based electronic payment systems
- First Virtual - CyberCash - Set
- Electronic check payment systems
- FSTC - NetBill
- Comparisons and summary
Credit Card payment schemes have been in use as a payment method since 1960s.
There are two major international brands: VISA and MasterCard
About VISA:
- The VISA brand grew from a scheme launched by the Bank of America, which was subsequently licensed by Barclaycard in the United Kingdom in 1966.
- By the middle of 1995, VISA owned by its 180,000 member financial institutions, had issued more than 420 million cards and is accepted by more than 12 million merchants in 247 countries.
About MasterCard:
- MasterCard is of comparable size with 13 million merchants in 220 countries and 22,000 member organizations.
- More than 800 million cards issued and nearly $1,300 billion of sales each year.
Different types of payment card schemes:
(A) Credit cards, where payments are set against a special-purpose account
associated with some form of installment-based repayment scheme or a revolving line of credit.
- pay later with limit and interest rate.
(B) Debit cards (paperless checks) are linked to a checking/saving account. - pay now with balance checking.
(C)Charge cards: work in a similar way to credit cards in that payments are set against a special-purpose account.
- payment must be made at the end of billing period without limit.
(D) Travel and entertainment cards are charge cards whose usage is linked to airlines, hotels, restaurants, car rental companies, or particular retail outlets.
Introduction To Credit Card-Based Payment Systems
Introduction To Credit Card-Based Payment Systems
Card Association
Card Issuer’s Bank Card Acquirer’s Bank
Merchant CardHolder
Introduction To Credit Card-Based Payment Systems
Topic: Account-Based Electronic Payment Systems
Region
---U.S. 358.4 228.1 202.4 174
Europe 262.4 81.2 not available 53.5
Asia-Pacific 91.6 73 116.2 72.5
Canada 36.8 18.6 not available not available
Middle East 5.6 2.3 5.5 2
Africa
Latin America 23.6 21.4 19.1 21.2
Totals 778.4 424.7 470 338.7
VISA (total $1248.4B sales)
---Sales Volume No. of
billions of $(U.S.) Cards (millions)
MasterCard (763.4 million cards) ---Sales Volume No. of
Special Features of Credit Card-Based Electronic Payment Systems
- Online Transaction.
- Anonymity: This ensure that no detailed cash transactions for customer are traceable. Even sellers do not know the identity of customers involved in the purchases
- Security: High security and low risk due to the use of traditional banking system and user accounts.
- Standardization: Use of the existing standardized payment model
- Flexibility: consumers can have multiple cards used in different countries and concurrency
Topic: Electronic Check Payment Protocols and Systems
Limitations:
- Dependency: dependent on existing banking systems.
- Transaction cost: high transaction cost compared with other approaches
- Performance: slower performance due to the authentication and account validation using the existing banking systems
- Privacy: consumer loss of the privacy of their transactions
About First Virtual:
- First Virtual was the first Credit Card Processing System started in Oct. 1994 by a company called First Virtual Holding.
-The product is called Virtual PIN.
- The major goal is to allow the selling of low value information items across the network without the need of a client software or hardware to be in place.
- Both the merchant and the buyers are required to register with First Virtual before any transactions can take place.
- First Virtual depends on the conventional bank automated clearing house (ACH) service.
- First Virtual use WWW web server to support online purchasing and selling.
- Security method: VirtualPIN are used to verify accounts of merchants and buyers.
Topic: Account-based Electronic Payment Systems
Credit Card-Based Electronic Payment System: First Virtual
Web Server First Virtual Internet Payment System Server
Buyer 1. Account ID 4. Information Goods 2. Account ID Valid? 3. Account OK! 5. Transaction Details 7. Accept/Reject or Fraud Indication 6. Satisfied
Major advantages of First Virtual:
- Simple due to:
- no use of encryption - no export problems
- simple exchanges without special software and hardware at the client side
- server software is not complex
The disadvantages and limitations of First Virtual:
- Both merchants and buyers must pre-register.
- No encryption mechanisms are used.
Topic: Account-based Electronic Payment Systems
History of SET:
- In October 1995, the Secure Electronic Payment Protocol (SEPP) was proposed by the alliance of MasterCard, Netscape Corp, IBM, and others.
- After a few days, a different network payment specification, called Secure
Transaction Technology (STT) was launched by a VISA and Microsoft consortium.
- Both efforts were made in parallel to develop secure payment protocols and technologies for a number of months.
- In January 1996, both companies announced that they would come together to develop a unified system -- a secure Internet payment system based on Secure Electronic Transitions (SET) protocol.
- It is developed by Visa and MasterCard jointly later.
- Later, most significant organizations in the Internet payment industry have stated that they will support SET.
Phases of a credit card payment addressed by SET standards:
Credit Card-Based Electronic Payment System: Set
Financial Network
Card Issuer
Card Holder Merchant
Payment Gateway Non-Set Non-Set Set Set
Topic: Account-based Electronic Payment Systems
Credit Card-Based Electronic Payment System: Set
Set Transaction Processing Layer (E-Wallet,Digital Certificate)
Application Layer
Internet Protocol Layer
HTTP, SMTP SSL, X.509 Set Transport and Secure Sockets Layer
Set Message Structure Layer SET Protocol Layered Architecture:
Credit Card-Based Electronic Payment System: Set
Certificate Authority Certificate
Authority PaymentGateway Payment Gateway Cardholder Merchant Purchasing Transaction s Certify with CA for Digital Certificate
Validates SET Digital Certificates, preprocesses, authorization, capture, and settlement work SET Process Architecture:
E-Wallet SET POS
Certify with CA for Digital Certificate Certify with CA for Digital Certificate Wakeup Wakeup
Store Front Certificate Authority E-Wallet SET POS Payment Gateway Browser Merchant Server Acquirer Legacy System Bank Interchange CertReq CertReq CertRes CertRes PInitReq PInitRes PReq PRes AuthReq AuthRes CapReq CapRes Wakeup CertReq CertRes Post HTTP Page Message Details Wakeup AuthRes AuthReq Shop wakeup
Interactions among all SET entities:
Cardholder
Cardholder MerchantMerchant Acquirer Payment
Gateway Acquirer Payment Gateway PWakeup PInitReq PInitRes PReq PRes AuthReq AuthRes InqReq InqRes CapReq CapRes
Topic: Account-based Electronic Payment Systems
The messages needed to perform a complete purchase transaction include:
•Initialization (PInitReq/PInitRes)
•Purchase order (PReq/Pres)
•Authorization (AuthReq/AuthRes)
•Capture of payment (CapReq/CapRes)
•Cardholder inquiry (InqReq/InqRes) Security mechanism in SET:
•Certification for all parties, including
•Cardholder CA, Merchant CA, and Payment CA.
•Authentication for parties based on a public-key pair with RSA.
•Encryption is performed on parts of certain messages.
•Dual signatures are used in the SET protocol.
Credit Card-Based Electronic Payment System: Set
Brand Certification Authority
Geo-Political Authority (optional) Root Certification Authority Cardholder CA Cardholder Merchant CA Merchant Payment CA Payment Gateway
Topic: Account-based Electronic Payment Systems
About CyberCash:
- CyberCash is a secure Internet payment system developed by CyberCash, Inc., which is located at Reston, VA, USA, and it was found in August 1994 to provide software and service solutions for secure financial transactions over the Internet.
- CyberCash uses special wallet software, enable consumers to make secure purchases using major credit cards from CyberCash-affiliated merchants.
- the CyberCash payment system was launched in April 1995. It had over half a million copies in circulation.
- CyberCash has other payment systems, such as CyberCoin (electronic cash system) and PayNow (electronic check system).
Features of CyberCash:
- Use the existing credit card infrastructure for settlement payments.
- Use cryptographic techniques to protect the transaction data during a purchase.
- Authenticate the identifies of both parties to the transaction.
- Provide online transaction and online authentication.
- Broker the transaction between merchant’s bank and cardholder’s bank.
Topic: Account-Based Payment Protocols and Systems
Credit Card-Based Electronic Payment System: CyberCash
Web Browser Customer Wallet Web Server Merchant Software CyberCash Server Shopping Purchase Purchase messages Registration Card binding Banking Network Internet
Credit Card-Based Electronic Payment System: CyberCash
Payment Steps in a CyberCash Purchase
Consumer Cybercash
Server (CS) Merchant
Click “PAY” order form forward details issue receipt authorize + clear with bank Credit-card pay Payment-req Charge-card-res auth-capture charge-action-res Finish shopping Choose CC, addr log transaction
Topic: Account-Based Payment Protocols and Systems
Credit Card-Based Electronic Payment System: CyberCash
Header Transport Opaque Trailer
CyberCash Messages:
Header: It indicates the start of a CyberCash message.
Transport: It contains the order information in a purchase, transaction ID, date, and the key ID to the encrypt the opaque part.
Opaque: The encrypted part of a message.
Overview of NetBill:
- NetBill is a dependable, secure and economical payment method for purchasing digital goods and services through the Internet.
- NetBill protocol is developed by Carnegie Mellon University.
- In partnership with Visa International and Mellon Bank, the first trial of the system was installed in early 1996.
Major goals of NetBill:
- Support high transaction volumes at low cost
- Provide authentication, privacy, and security for transactions
- Provide account management and administration for consumers and merchants
Topic: Electronic Check Payment Protocols and Systems
Electronic Check Payment Process: NetBill
NetBill Server Customer Merchant Bank Network
Electronic Check Payment System: NetBill
1. Consumer’s application send a price quote request to the merchant’s application through a checkbook library.
2. Merchant’s application sends back the price quote the consumer’s application. 3. Consumer accepts the price quote, and then sends a purchase request through the Checkbook library.
4. Merchant’s application sends to the consumer’s Checkbook encrypted in a one-time key.
5.Consumer sends a electronic payment order (EPO) to merchant’s application. 6. The merchant’s application sends the endorsed EPO to the NetBill server.
7. NetBill server verifies that the consumer and merchant signatures are valid. Then, return the merchant a digitally signed receipt with a decryption key.
8. The merchant’s application forward the NetBill server’s receipt to the Check book.
NetBill Server Customer Merchant 1 2 3 4 8 6 7 5
Topic: Electronic Check Payment Protocols and Systems
Electronic Check Payment System: NetBill
NetBill Archecture: (Source: NetBill 1994 Prototype)
Consumer Application Checkbook Merchant Application Till User Admin. Server Transaction Server Security Server System Admin. Server Payment & Collection Server DB
Electronic Check Payment System: NetBill
Major features of NetBill:
- Certified delivery: delivering encrypted information goods and then charging
against the consumer’s NetBill account. Then, decryption key registration are used at both the merchant’s application and the NetBill server.
- Scalability: the bottleneck in the NetBill model is the NetBill Server which supports many different merchants.
- Support for flexible pricing: by including the steps of offer and acceptance. The merchant can calculate a customized quote for individual consumer.
- Protection of consumer accounts against unscrupulous merchants in a conventional credit card transaction.
Topic: Electronic Check Payment Protocols and Systems
Electronic Check Payment System: NetBill
Security Mechanisms of NetBill:
- Create a NetBill account for each consumer by using a unique user ID and the RSA public key.
- the key pair is certified by NetBill and is used for signatures and authentication in the system.
-These signatures are used to check the elements of NetBill transactions (the price quote, the acceptance, etc) really came from the right parties.
- NetBill uses symmetric cryptogrphy method for message authentication and encryption and decryption.
Overview of FSTC:
- The Financial Service Technology Consortium (FSTC) is a group of American Banks, research agencies, and government organizations, formed in 1995.
- The basic concepts is use electronic checks to conduct payment transactions.
- In Sept. 1995, a demonstration of the FSTC electronic check concept was given that involved a purchase of an item from a merchant site on the Internet.
- the FSTC payment system uses:
- electronic checks to transfer and moves funds from the buyer’s bank account to the merchant’s bank account based on a conventional ACH network.
- a secure hardware device, called a “Smart Token”, is used to play as a “checkbook”. It takes the form of a PC card with an in-built
cryptographic support processor..
Topic:Electronic Check Payment Protocols and Systems
Electronic Check Payment System: FSTC
payer Payee
Secure H/W
Debit Account Credit Account
ACH Check Clearing Checkbook (secure H/W) Secure envelope invoice E-mail Statement Secure envelope
Certs Sig Check
Electronic check Certsendorsement certs
sig check
Electronic Check Payment System: FSTC’s Functional Flows
payer Payee write endorse Payer’s Bank Payee’s Bank debit credit 1. pay5. statement 2. deposit 4. report
3.clear payer Payee write Payer’s Bank Payee’s Bank 1. pay 4. statement 3.accounts receivable update 2.clear payer Payee write endorse Payer’s Bank Payee’s Bank debit credit 1. pay
6. statement 2.cash 5. report
4.EFT payer Payee write Payer’s Bank Payee’s Bank 1. pay
5. statement 3. AccountsReceivable update
2.EFT
3.notify
Deposit-and-clear scenario Cash-and-transfer scenario