![Page 1: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/1.jpg)
Electronic Commerce Technology
(IT60104) 3-0-0Spring 2010-11
Dr. Shamik SuralSchool of Information TechnologyIIT Kharagpur
![Page 2: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/2.jpg)
Lecture Set 3 E-Payment Systems Credit Card Payment SET Protocol Electronic Funds Transfer Electronic Cheque Payment Electronic Cash Payment Gateways
![Page 3: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/3.jpg)
Lecture Set 3
E Payment Systems
![Page 4: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/4.jpg)
E Payment Systems
Day-to-day payment schemes Cash Debit/Credit card Cheque
E-Payments B2C: Credit cards C2C: Through brokers (Through credit/debit cards or
payment gateways or cash on delivery) B2B: Electronic Fund Transfer/Electronic Cheque
![Page 5: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/5.jpg)
E-Payment Systems - Essential Requirements
Security: payment authorization should not be tampered with by a hacker
Privacy: Privacy of transactions – Both orders as well as credit card information
Integrity of payment systems: having agreed for a transaction, neither seller nor buyer can go back
Authentication: Both merchant and consumer should be able authenticate one another. Ensuring the identities of both seller and buyer is essential
![Page 6: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/6.jpg)
Requirements of E-Payment Transactions Indivisibility: Atomicity of transactions Isolation: Independency of
transactions Agreement: By both parties (buyers
and sellers) must agree on the terms and conditions
Reversibility: Ability to pay back on transaction error or dissatisfaction of customer for a valid reason
![Page 7: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/7.jpg)
Acceptability of Payment Schemes Standardization: Platform independence
and inter-operability feature Economy: Minimal transaction cost. Cost
of transaction often determines the payment schemes acceptable for a particular E-Commerce model (B2B/B2C/C2C)
Scalability: Ability to handle heavy transaction traffic
![Page 8: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/8.jpg)
Lecture Set 3
Credit Card Payment
![Page 9: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/9.jpg)
Credit Card Transactions – Basics
Parties involved Customer with a credit card Merchant accepting credit cards, usually of several
companies like Master card, Visa, American Express, etc. Bank which issues credit cards to customers – Guarantees
payment to merchants and collects bill payments from customers. In addition to an annual fee, they charge some monthly interest on outstanding overdue payments.
Acquirer – typically another bank that establishes and maintains account for the merchant. They validate card information and approve sales. Charges around 2% on each sale.
![Page 10: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/10.jpg)
Steps in Credit Card Payment Customer hands over his credit card to the merchant for paying his
bill The card is swiped in tele-terminal by the merchant. The device
reads the card details stored in the magnetic strip. Merchant enters the transaction amount. Both the card information and the transaction amount are transferred to the acquirer via a communication line.
Acquirer communicates with customer's card issuing bank and gets approval based on the validity of the card and availability of credit limit.
Approval is sent to the merchant. The tele-terminal prints a slip approving the sale and showing the amount charged. Acquirer credits the merchant’s account with the sale amount minus the commission. Also, collects the amount from the customer’s bank.
Merchant gets the sign of customer on approval slip. If the signature matches the one on card, goods are delivered.
Bank collects the outstanding amount from the cardholder by presenting a monthly statement clubbing all such payments.
![Page 11: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/11.jpg)
Credit Card Payment- Flowchart
Customer
Customer'sCard Issuing Bank Acquirer
Merchant
1. Present card
6. Sign slip
2. Transmit card data
5. Approve credit card and sale amount
4. Approval
3. Check for card validity and credit limit
7. Monthly statement
![Page 12: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/12.jpg)
Characteristics of Credit Card Payment in E-commerce
No physical proximity between the customer and the merchant Actual presence of the physical card is not required Signature cannot be directly verified Difficult to verify that the customer is genuine as well as the
merchant is genuine Customer not willing to disclose credit card details to a fake
merchant Credit card data maintained in merchant’s database vulnerable to
hackers Ideally, credit card number should not be revealed to the merchant
but only to the bank approving it. Similarly, the bank should not know the items purchased to ensure privacy of customers.
One protocol to ensure the above requirements is SET. However, it requires both customer and merchant to have certified public keys.
A simpler protocol using SSL is first presented
![Page 13: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/13.jpg)
Credit Card Payment in E-commerce using SSL Client visits the web site of the merchant Selected items are placed for order The merchant's server prepares an invoice if the items are available Server issues a warning if the client's browser does not support SSL
security The client should request through “https” protocol. Credit card details
and the shipping address are sent from the customer to the merchant using session key
Merchant’s server first decrypts the credit card number, amount and invoice details and then send them to the acquirer after encrypting with the latter’s public key. Merchant also sends his public key certificate. Further, the merchant digitally signs the data.
Acquirer communicates with the customer's bank for validity of card and credit limit. If found valid, the transaction is approved and authorizes the merchant to accept the sale. This is encrypted with the merchant’s public key.
Merchant accepts the customer's order and delivers the goods at his/her shipping address, after sending an encrypted receipt to him/her.
Customer's bank sends a monthly bill to the customer
![Page 14: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/14.jpg)
Credit Card Payment in E-commerce using SSL - Flowchart
Customer's Desktop
Acquirer'sserver
Customer'sCard Bank
Server
Merchant'sserver
1. Enquiry
2. Decision to buy
3. Invoice-Request credit card data
4. Negotiable level of security
5. Order with credit card. Use https10. Bill to customer
7. Collect and credit merchant's A/c
8. OK
6. Send card number, amount (https)
9. Order acceptance
Figure : Credit card transaction using SSL
![Page 15: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/15.jpg)
Credit Card Payment in E-commerce using SSL - Observations Customer's credit card is exposed to the merchant and hence,
becomes vulnerable to attacks on the merchant’s database unless stored in encrypted form.
Customer's purchase details are exposed to the acquirer compromising privacy
Advantage is that the request is made using https with the customer not needing a public key. Use of session key ensures security of the transactions and credit card details are not exposed during communication
Fully automated transaction. Customer’s browser supporting SSL can do the negotiation with merchant’s server.
Server ensure that the customer request comes through https protocol
Currently most common form used in many E-commerce activities in India including railway and airlines ticket booking, hotel reservation, etc.
![Page 16: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/16.jpg)
Lecture Set 3
SET Protocol
![Page 17: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/17.jpg)
Secure Electronic Transaction (SET) Protocol
Standardized by major credit card companies like Master Card and Visa
Steps followed: A public key encryption technique like RSA is
used. Customers and merchants should get their
public keys certified by a certified authority to ensure the genuineness of the transaction
The customer should digitally sign the purchase order amount and credit card number
![Page 18: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/18.jpg)
Secure Electronic Transaction (SET) ProtocolMain Features:
Credit card number is not exposed to the merchant but only to the acquirer.
Purchase invoice details are not exposed to the acquirer.
As the purchase invoice is coupled with the credit card number and signed digitally, it is easy for an arbitrator to settle disputes regarding cost or purchase invoice.
Details available at:
www.ibm.com/redbook/SG244978
![Page 19: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/19.jpg)
SET - Dual Signature Scheme
Terms: Customer's purchase order (PO) Credit card number (CCN) Amount to be paid (AMT) POA = PO+AMT CCA = CCN+AMT POH = Hash of POA CCH = Hash of CCA PPH = Purchase payment digest PPH= H (POH||CCH) ( || concatenation ) KPR: Customer's private key
![Page 20: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/20.jpg)
SET - Dual Signature Scheme DS = KPR (PPH) is the digitally signed copy of purchase order and
credit card number POA is separately encrypted by customer using merchant’s public
key and sent to merchant. Merchant can get back POA Merchant receives CCA encrypted with acquirer’s public key from
the customer CCH and DS are also sent to the merchant from the customer
encrypted using merchant’s public key. Merchant can decrypt them to obtain CCH and DS. However, from CCH, he cannot get back CCA and hence cannot know the credit card number.
Merchant can compute: H(H(POA) || CCH) = H(POH||CCH) = PPH DS received from the customer is decrypted using KPU to get:
KPU(DS) = KPU(KPR (PPH)) = PPH KPU is the certified public key of the customer sent to the merchant
by the customer along with his purchase order. If the two PPH values obtained above are the same, customer’s signature is verified. If the payment is authorized by acquirer, the order is acceptable to the merchant and can be shipped
![Page 21: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/21.jpg)
SET - Dual Signature Scheme Acquirer can decrypt CCA and then encrypt using the public
key of the customer’s bank Customer’s bank can decrypt the same and obtain CCA. It
also received POH and DS. POA cannot be obtained from POH and hence bank will not know purchase details.
Bank can compute: H(POH || H(CCA)) = H(POH||CCH) = PPH Bank also receives KPU(DS). If PPH obtained above is the
same as KPU(DS) obtained above, then customer’s digital signature is verified by his bank. If credit limit is available, bank can authorize the merchant through the acquirer for the payment.
Observations: Customer cannot repudiate his purchase order Merchant cannot substitute customer’s purchase order with a
fake one as the signature of DS contains a unique hash of the customer’s purchase order available with the bank
![Page 22: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/22.jpg)
SET - Dual Signature SchemeSteps followed: Customer’s PC and merchant’s server exchange their
certified public keys. Merchant sends acquirer's public key to the customer and they negotiate the encryption algorithm and hash function to be employed.
Customer enters PO, credit card details and amount payable in his PC, which are broken into two parts: (i) PO and amount (ii) credit card details and amount
POA is encrypted with merchant's and CCA with acquirer's public key. POH, CCH and DS are computed and sent with POA to the merchant. Merchant proceeds after verifying the signature.
Merchant forwards encrypted CCA, POH and DS to acquirer.
Acquirer forwards it to the bank.
![Page 23: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/23.jpg)
SET - Dual Signature Scheme
The customer's bank validates it and replies to the acquirer with corresponding response.
Acquirer approves or rejects the transaction and informs the merchant. It credits the amount less appropriate commission in merchant's account.
Merchant accepts the order and sends the product to the customer as per shipping address.
Customer's bank sends the bill to the customer at the end of the month.
![Page 24: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/24.jpg)
SET - Flowchart
PO: Amount
EncryptHashConcatenate
Hash
Hash
CC no.; Amount
customer
POA
CCA
To merchant
To bank
CCH
POH
(POH||CCH)
PPH
Customer's private key
Dual Signature
DS
Figure : Basics of dual signature scheme
![Page 25: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/25.jpg)
SET - Flowchart
Customer Merchant
Bank
Figure : Credit card transaction using SET protocol
Acquirer
1. Negotiation2. POA, CCH, DS, POH
7. Shipping Details
6. Approval3. CCA, POH, DS8. Billing
4. CCA, POH, DS
5. Approval
![Page 26: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/26.jpg)
Lecture Set 3
Electronic Funds Transfer
![Page 27: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/27.jpg)
Electronic Funds Transfer Electronic Funds Transfer (EFT) - an essential part
of clearing cheques in a banking system Clearing a cheque:
If A issues a cheque in favor of B, it will be written on a cheque in A's bank (say X).
B will deposit the cheque in his bank (say Y). Before B's account in bank Y is credited, Y should check
with A's bank whether A has enough money in his account.
If X approves then A's account in bank X is debited and B's account in bank Y is credited.
This process of cheque clearance has been automated and is called Electronic Funds Transfer (EFT).
![Page 28: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/28.jpg)
Requirements for EFT An Automated Clearing House (ACH) should
work as an intermediary to negotiate transfer of funds when cheques are used. In India, the Reserve Bank of India (RBI) acts as the ACH.
All banks should use ACH and become its members. RBI is the controlling agency of all banks in India.
There should be a secure electronic communication channel between each bank and the ACH. As the amounts involved are very large, normally these channels are private secure leased lines.
![Page 29: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/29.jpg)
Two models of EFT Automated Cheque Clearance Electronic Clearing Service (ECS)
![Page 30: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/30.jpg)
Automated Cheque Clearance Assume A and B are the two parties A has an account with bank X B has an account with bank Y ACH maintains balances kept by its
member banks
![Page 31: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/31.jpg)
Automated Cheque Clearance- Steps A sends a cheque drawn on his bank X to
B B deposits the cheque in his bank Y Y sends the cheque to ACH ACH has an automated system to sort
cheques based on unique bank code In India it is the 9-digit bank code, e.g.,
721002103 printed at the bottom of a cheque with magnetic ink.
Based on X's code a query is sent to bank X whether the amount can be paid (A's physical cheque should be forwarded to X by ACH)
![Page 32: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/32.jpg)
Automated Cheque Clearance- Steps If the reply from bank X is yes, it debits
X's account and credits Y's account with it.
It intimates bank Y that the cheque is cleared.
Bank Y credits B's account with the amount specified in the cheque and updates B's account.
Bank X debits A's account by the amount specified in the cheque.
![Page 33: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/33.jpg)
Automated Cheque Clearance
A
ACH
X (A's Bank)
Y (B's Bank)
B1. Cheque
2. Deposit7. Credit account
4. Query X 3. Forward Cheque
5. Response 6. Intimate clearance
8. Debit and intimate
![Page 34: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/34.jpg)
Electronic Clearing Service -StepsWhen A wants to send a specified amount to B: A requests B to send the unique 9-digit code of B's bank Y as well
as B’s account number in Y in which the money has to be credited. A sends an intimation to its bank X to debit its account by the
specified amount (say S) and credit it to B's account with bank Y. Bank X requests ACH to debit its account with ACH by S and credit
it to Y's account. It also requests ACH to advise Y to credit B's account by the specified amount S.
ACH requests Y to credit B's account with the specified amount S. Y intimates B that the amount from A has been credited.
No need to send physical cheques. Popular in India for regular salary payment, payment of pension, dividend, etc.
![Page 35: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/35.jpg)
Electronic Clearing Service
A
ACH
X (A's Bank)
Y (B's Bank)
B1. Request bank account details
3. Credit B's account in Y 4. Credit B's
account
2. Credit B's account in Y
5. Credit intimation
![Page 36: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/36.jpg)
Traditional Cheque Clearance vs. ECS
Traditional ACH ECS
_____________________________Physical Cheques transported No physical cheques
Delay of 1 or 2 days No delay
Cheque can be dishonored No cheque dishonor
Physical handling costs high Low cost
Payer can use fund during Account debited immediately
clearance day
![Page 37: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/37.jpg)
Lecture Set 3
Electronic Cheque Payment
![Page 38: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/38.jpg)
Electronic Cheque Payment B2B E-Commerce entities have mutual trust.
Amount involved is also quite large Payments normally made by cheque Need for electronic equivalent of physical cheque Both businesses must have certified public keys
and must be able to digitally sign e-cheques. In India every registered company must have a
public key certificate and must be able to digitally sign documents
All banks and ACH must have public key certificates and must be able to digitally sign documents using a common agreed hash function.
![Page 39: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/39.jpg)
Electronic Cheque Payment
Parties involved:1. Purchaser – P2. Vendor – V3. Purchaser's Bank – PB4. Vendor's Bank – VB5. Automated Clearing House – ACH
![Page 40: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/40.jpg)
Format of e-cheque:___________________
Unique id of e-cheque Date of cheque Payee’s id and name Amount to be paid Payer’s bank code Payer’s account number _____________________
Digital Signature of Payer______________________
Electronic Cheque Payment
![Page 41: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/41.jpg)
Electronic Cheque Payment
Steps followed: Exchange of public key certificates and bank details
between P and V. V sends an invoice with payment request to P encrypted
with P's public key. P decrypts the invoice and payment request. P writes an
e-cheque if the request is valid. E-cheque along with invoice number and P's public key certificate are digitally signed and the digital signature is attached. This whole information is encrypted with V's public key and sent to the vendor.
V verifies the signature and appends to this information an endorsement, his/her public key certificate and digitally signs all the above information. This is encrypted with the public key of VB and sent to VB.
![Page 42: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/42.jpg)
Electronic Cheque Payment VB decrypts the information. Takes out the e-
cheque, encrypts it with ACH's public key and sends it to ACH.
ACH decrypts it, forwards the same to PB encrypting with PB's public key.
PB decrypts it, and authorizes the payment if all OK.
ACH debits PB's account and credits VB's account also informs VB about the clearance of e-cheque.
VB credits V's account. PB debits P's account.
![Page 43: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/43.jpg)
Electronic Cheque Clearance
PPurchaser
ACH
PBPurchaser's
Bank
VBVendor's
Bank
VVendor
9. Credit V's A/c4. Deposit e-cheque endorsed
6. Verify e-cheque
5. e-chequefor
clearance
7. Payment authorization
8. e-chequecleared
10. Debit P's account
3. E-cheque in secure envelope
1. Exchange public key certificates2. Invoice
Fig: Electronic cheque clearance
![Page 44: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/44.jpg)
Electronic Cheque Payment
Remittance in secure envelope________________________Invoice no.P's public key certificatee-chequeDigital signature_______________________Encrypt with V's public key_______________________
![Page 45: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/45.jpg)
Electronic Cheque Payment
Deposit slip to VB in secure envelope______________________________P's public key certificateV's public key certificatee-chequeV's endorsement with unique idV's signature_______________________________Encrypt with VB's public key_______________________________
![Page 46: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/46.jpg)
Electronic Clearance of Pay Order
Popular in B2B E-Commerce Parties involved are the same as in
E-cheque payment Here also, the vendor, purchaser,
vendor’s bank, purchaser’s bank and ACH musty have public keys and should be able to digitally sign documents.
![Page 47: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/47.jpg)
Electronic Clearance of Pay Order
Steps followed: P and V exchange their public key certificates. V sends invoice with amount payable. P checks invoice and authorizes payment. A
pay order with necessary details is sent to PB encrypted with PB's public key.
P intimates V that ECS payment has been initiated.
PB debits P's account if balance is adequate and sends corresponding information to ACH encrypted with ACH's public key.
![Page 48: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/48.jpg)
Electronic Clearance of Pay Order
ACH debits PB's account and credits VB's. Sends corresponding information to VB to credit VB's account.
VB credits V's account with payment received. Intimates V that ECS payment has been received and gives P’s ID.
![Page 49: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/49.jpg)
Electronic Clearance of Pay Order
PPurchaser
ACH
PBPurchaser's
Bank
VBVendor's
Bank
VVendor
7. Credit intimation
5. Request to credit vendor's account
6. Credit vendor's account ECS intimation
4. ECS intimation
1. Exchange public key certificates and bank A/c details
2. Invoice
Fig: Electronic clearance of payment
3. Pay order to vendor's bank
![Page 50: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/50.jpg)
Pay Order to Purchaser’s Bank (Content of Secure Envelope)
Pay order to PB________________________Date on which to be paidUnique ID of pay orderP's account numberV's account numberAmount to be paidDigital signature of P________________________Encrypt with PB's public key________________________
![Page 51: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/51.jpg)
Pay Order by PB to ACH (Content of Secure Envelope)
Pay order by PB to ACH (Contents of secure envelope)
_______________________Date of pay orderUnique ID of pay orderPB's bank codeVB's bank code and IDAccount number of V in VBAmount to be paidDigital signature of PB________________________Encrypt with ACH's public key________________________
![Page 52: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/52.jpg)
ACH’s Intimation to Vendor’s Bank in Secure Envelope
ACH's intimation to VB____________________________Date of pay orderUnique ID of pay orderPB's code and IDAmount to be creditedV's account numberDigital signature of ACH_____________________________Encrypt with VB's public key_____________________________
![Page 53: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/53.jpg)
Electronic Clearance of Pay Order - Infrastructure Encryption Employed
Usually RSA to encrypt a unique symmetric session key for each transaction between parties
Triple DES or AES as symmetric encryption Communication System
Banks have their own intranet connecting all branches
Bank intranets are connected to one another using VPN.
ACH usually connected to bank intranets using leased lines
![Page 54: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/54.jpg)
E-cheque Format A standard format of E-cheques needed for
automated processing after extraction of fields and interpretation
EDI standard needed for invoices, POs, etc. EDIFACT – Electronic Data Interchange Format
for Administration, Commerce and Transport – standardized by UN Economic Commission for Europe and adopted by many government organizations in India.
EDIFACT has a standard for financial instruments Another alternative is to use XML description of
cheques Easier to implement and process
![Page 55: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/55.jpg)
Lecture Set 3
Electronic Cash
![Page 56: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/56.jpg)
Electronic Cash Transactions involving credit card or cheque cost high. Not
suitable for low value transactions Advantages of Cash:
Guarantee of value over short period Universally accepted Easily carried Anonymity Privacy due to anonymity Ability to make smaller denominations –
Changes Disadvantages
Not safe to carry Volume is proportional to value
![Page 57: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/57.jpg)
Electronic Cash - ChallengesChallenges in setting up e-cash as a
payment method Who administers? Will anonymity be ensured? Will e-cash issued by a bank be
accepted universally? How to detect forgery? Can one be prevented from double
spending? What about recovery of costs? Is transaction cost low?
![Page 58: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/58.jpg)
E-cash Issue and Spending
Procedure:1. Customer applies to a bank for e-coins2. Bank issues e-coins through a currency server. Each coin
has a random number as its ID and a denomination, and the whole is digitally signed by bank. Bank maintains its record for each customer identified by his customer id.
3. Customer can pay the e-coins to a merchant through https. The coin is marked as spent in the e-purse of the customer.
4. Merchant sends the e-coin to bank for approval.5. Bank responds with approval if it is verified as a valid e-
coin and has not yet been spent. Merchant’s account, which has to be maintained in the same bank, is credited.
6. Merchant ships the order and sends a digitally signed receipt.
![Page 59: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/59.jpg)
E-cash Issue and Spending
Bank
Customer Merchant
1. Applies for e-coins
6. Send goods and receipt
2. e-coins issued
5. e-coinapproved
3. Pay with e-coins
4. Requests bank to verify e-coins whether already spent or expired
Fig: Electronic cash issue and payment system
![Page 60: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/60.jpg)
E-cash – Pitfalls
Problems with this scheme:Heavy load on currency serverNo anonymityCan balance the load using distributed
network of servers. Tracking spending habits is difficult. Yet,
complete anonymity is not achieved.Difficulty in returning change
![Page 61: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/61.jpg)
Anonymous E-cash
Chaum's Blinding Protocol:1. A customer applies for e-cash from Bank. Appropriate
amount deducted from his account2. Customer creates e-coins of required denominations.
Each e-coin is identified by him with a unique random serial number which is quite large (say of 50-100 digits) and not shared with anyone else.
3. Customer chooses a random number and encrypts with bank’s public key e, multiplies it with the serial number of e-coin and sends it to the bank's currency server. The original e-coin numbers are not known to the bank and hence the e-coins are blinded.
4. The bank signs the denomination of the e-coin and the blinded number with its private key. This complete data is encrypted with customer's public key and sent back to the customer.
![Page 62: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/62.jpg)
Anonymous E-cash
5. The customer decrypts the data, divides the blinded serial number by the same random he used for blinding it and now gets back a signed version of the original serial number and amount. He can issue these e-coins signed by the bank to a merchant whenever needed.
6. The merchant sends the e-coins to the bank's currency server for verification. Bank cannot identify the owner of the e-coin, but can detect double spending.
![Page 63: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/63.jpg)
Anonymous E-cash – Double Blinding Protocol
Mathematics of Chaum's blinding Protocol
1. Customer sends to bank: [s re (mod n), a]2. Bank signs with its private key: [(s re)d (mod n), ad (mod n)] and sends the same to the customer.3. It may be noted that: (s re)d (mod n)= (sd, red) (mod n)
Since red (mod n) = r, the signed serial number is (sdr(mod n)).4. Customer divides this by r and gets (sd(mod n)), which is
the coin serial number signed by the bank.5. Signed e-coin stored by the customer is [s, a, sd (mod n), ad
(mod n)]which is [serial number, amount, serial number signed by bank, amount signed by bank]
6. The merchant and bank both can find the authenticity when this is presented to the merchant.
![Page 64: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/64.jpg)
Smart Card-Based Cash PaymentPlastic cards with memory and
processorData in the card can be read/written.Contact cards and contactless cardsCards with only memory and with
memory and processor
![Page 65: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/65.jpg)
Smart Card-Based Cash Payment
Bank'sserver
Customer'sPC
Merchant'sserver
1. Apply for e-cashIn smart card
6. Send goods and receipt
2. Sende-cash
5. Approval
3. Card details and debit amount
4. Card detailsand debit amount
Fig: Smart card-based payment systemSmart cardreader
![Page 66: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/66.jpg)
Smart Card-Based Cash PaymentAdvantages: No need to check for re-spending by bank Processing cost is bit lower than that of credit card Safe from hacking Card can not be used by others though its got lostDisadvantages: Customer should have a card read/write device No anonymity
![Page 67: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/67.jpg)
Lecture Set 3
Payment Gateways
![Page 68: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/68.jpg)
Payment Gateways Many small and medium businesses (SMBs) do
not have programmers to design their web server to transact credit card, cheque or ECS transactions
“Payment gateway solutions” to assist such SMBs to transact Internet-based payments
Payment gateway is a server placed between the merchant's web server and the acquiring bank's server
When an order is placed, it is forwarded to the payment gateway server by the merchant's server
![Page 69: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/69.jpg)
Payment GatewayThe payment gateway server performs all the
tasks such as Integrating merchant's shopping cart with billing
system Order approval Calculating appropriate taxes Forwarding shipping details, etc. Forwarding the credit card information to the acquirer
and getting backs the result of credit card purchase authorization
Collecting credit card payments and remits them to the merchant's bank account periodically
Checking customer's credentials, address verification and fraud prevention
![Page 70: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/70.jpg)
Payment Gateway Operators
Gateway operators collect a percentage of transaction amount as feeIn India, leading payment
gateway operators are CC Avenue ICICI Pay Seal CC Now
![Page 71: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/71.jpg)
Pay Pal Pay Pal is a service, like an Internet based bank. The PayPal.com site operates accounts for
members in which members can deposit money and transfer money to other members of Pay Pal.
Other services provided by Pay Pal are Pay for items bought in e-bay auctions (important in
C2C E-commerce) Transfer money to other Pay Pal accounts located in
several countries where there are no exchange controls Buy things from web sites of merchants who maintain
Pay Pal account It has also a mobile phone-based system offering
similar services
![Page 72: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/72.jpg)
Pay Pal
Primary use of Pay Pal is in C2C E-commerce among its members
Can also be used in B2c e-commerce if merchants maintain Pay Pal accounts
Provides an alternative to those who do not have a credit card
![Page 73: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/73.jpg)
Lecture Set 3
Micro-payments for Information Goods
![Page 74: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/74.jpg)
Micro-payments for Information Goods
Micro-payments are small payments of a few rupees or dollars for purchase of information goods
Information goods are materials such as e-books e-papers audio files video entertainment clips software files
A system to collect micro-payments should have low transaction cost
![Page 75: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/75.jpg)
Example SystemA system operating in USA has been implemented by a
company named Net Bill in cooperation with Mellon Bank (a USA bank)
The main features of this payment system are Customer deposits in advance an amount in
Net Bill's bank account maintained by Net Bill server
This deposit is debited only when the information goods is delivered to the customer
The vendor is guaranteed payment when information goods are delivered as per customer's order
![Page 76: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/76.jpg)
Net Bill Payment scheme : steps
Customer requests a quote from the merchant for the item needed Vendor responds with a quote for the item Customer informs the vendor of acceptance (if not accepted, no
further transactions are needed ) Vendor encrypts information goods using a secret key and sends it
to the customer. The customer cannot decrypt the information and use it until he or she gets the decryption key
Vendor sends the key used for encrypting the information to the Net Bill server
Customer sends a debit note along with digest of the information received to the Net Bill server using SSL
Net Bill server credits the vendor's account by the amount debited from the customer less a transaction fee
Net Bill informs the vendor of credit Net Bill server sends the customer the decryption key to enable him
or her to use the information
![Page 77: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/77.jpg)
Net Bill system for Information goods
Customer
Net Bill server
Vendor
1. Request quote
2. Response
3. Accept
4. Encrypted information
6. Debit note and digest
9. Decryption key
5. Encryption key
8. Inform Vendor about credit
7. Debit customer's accountand Credit vendor's account
![Page 78: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/78.jpg)
Net Bill system for Information goodsMethod has a lower transaction cost
compared to credit card paymentsNet Bill protects both the customer and
the vendor from frauds by keeping the digest of information
delivered releasing the decryption key only when
the payment has been credited to the vendor's account
![Page 79: Electronic Commerce Technology (IT60104) 3-0-0 Spring 2010-11 Dr. Shamik Sural School of Information Technology IIT Kharagpur](https://reader035.vdocument.in/reader035/viewer/2022062801/56649e2c5503460f94b1b719/html5/thumbnails/79.jpg)
References
E-Commerce – An Indian Perspective, Second Edition, P. T. Joseph, S.J., Prentice Hall India Eastern Economy Edition, 2006
E-Commerce – Business, Technology, Society, Fourth Edition, K. C. Laudon and C. G. Traver, Pearson Education, 2008
Essentials of E-Commerce Technology, V. Rajaraman, Prentice Hall India Eastern Economy Edition, 2010