electronic commerce technology (it60104) 3-0-0 spring 2010-11 dr. shamik sural school of information...
TRANSCRIPT
Electronic Commerce Technology
(IT60104) 3-0-0Spring 2010-11
Dr. Shamik SuralSchool of Information TechnologyIIT Kharagpur
Lecture Set 3 E-Payment Systems Credit Card Payment SET Protocol Electronic Funds Transfer Electronic Cheque Payment Electronic Cash Payment Gateways
Lecture Set 3
E Payment Systems
E Payment Systems
Day-to-day payment schemes Cash Debit/Credit card Cheque
E-Payments B2C: Credit cards C2C: Through brokers (Through credit/debit cards or
payment gateways or cash on delivery) B2B: Electronic Fund Transfer/Electronic Cheque
E-Payment Systems - Essential Requirements
Security: payment authorization should not be tampered with by a hacker
Privacy: Privacy of transactions – Both orders as well as credit card information
Integrity of payment systems: having agreed for a transaction, neither seller nor buyer can go back
Authentication: Both merchant and consumer should be able authenticate one another. Ensuring the identities of both seller and buyer is essential
Requirements of E-Payment Transactions Indivisibility: Atomicity of transactions Isolation: Independency of
transactions Agreement: By both parties (buyers
and sellers) must agree on the terms and conditions
Reversibility: Ability to pay back on transaction error or dissatisfaction of customer for a valid reason
Acceptability of Payment Schemes Standardization: Platform independence
and inter-operability feature Economy: Minimal transaction cost. Cost
of transaction often determines the payment schemes acceptable for a particular E-Commerce model (B2B/B2C/C2C)
Scalability: Ability to handle heavy transaction traffic
Lecture Set 3
Credit Card Payment
Credit Card Transactions – Basics
Parties involved Customer with a credit card Merchant accepting credit cards, usually of several
companies like Master card, Visa, American Express, etc. Bank which issues credit cards to customers – Guarantees
payment to merchants and collects bill payments from customers. In addition to an annual fee, they charge some monthly interest on outstanding overdue payments.
Acquirer – typically another bank that establishes and maintains account for the merchant. They validate card information and approve sales. Charges around 2% on each sale.
Steps in Credit Card Payment Customer hands over his credit card to the merchant for paying his
bill The card is swiped in tele-terminal by the merchant. The device
reads the card details stored in the magnetic strip. Merchant enters the transaction amount. Both the card information and the transaction amount are transferred to the acquirer via a communication line.
Acquirer communicates with customer's card issuing bank and gets approval based on the validity of the card and availability of credit limit.
Approval is sent to the merchant. The tele-terminal prints a slip approving the sale and showing the amount charged. Acquirer credits the merchant’s account with the sale amount minus the commission. Also, collects the amount from the customer’s bank.
Merchant gets the sign of customer on approval slip. If the signature matches the one on card, goods are delivered.
Bank collects the outstanding amount from the cardholder by presenting a monthly statement clubbing all such payments.
Credit Card Payment- Flowchart
Customer
Customer'sCard Issuing Bank Acquirer
Merchant
1. Present card
6. Sign slip
2. Transmit card data
5. Approve credit card and sale amount
4. Approval
3. Check for card validity and credit limit
7. Monthly statement
Characteristics of Credit Card Payment in E-commerce
No physical proximity between the customer and the merchant Actual presence of the physical card is not required Signature cannot be directly verified Difficult to verify that the customer is genuine as well as the
merchant is genuine Customer not willing to disclose credit card details to a fake
merchant Credit card data maintained in merchant’s database vulnerable to
hackers Ideally, credit card number should not be revealed to the merchant
but only to the bank approving it. Similarly, the bank should not know the items purchased to ensure privacy of customers.
One protocol to ensure the above requirements is SET. However, it requires both customer and merchant to have certified public keys.
A simpler protocol using SSL is first presented
Credit Card Payment in E-commerce using SSL Client visits the web site of the merchant Selected items are placed for order The merchant's server prepares an invoice if the items are available Server issues a warning if the client's browser does not support SSL
security The client should request through “https” protocol. Credit card details
and the shipping address are sent from the customer to the merchant using session key
Merchant’s server first decrypts the credit card number, amount and invoice details and then send them to the acquirer after encrypting with the latter’s public key. Merchant also sends his public key certificate. Further, the merchant digitally signs the data.
Acquirer communicates with the customer's bank for validity of card and credit limit. If found valid, the transaction is approved and authorizes the merchant to accept the sale. This is encrypted with the merchant’s public key.
Merchant accepts the customer's order and delivers the goods at his/her shipping address, after sending an encrypted receipt to him/her.
Customer's bank sends a monthly bill to the customer
Credit Card Payment in E-commerce using SSL - Flowchart
Customer's Desktop
Acquirer'sserver
Customer'sCard Bank
Server
Merchant'sserver
1. Enquiry
2. Decision to buy
3. Invoice-Request credit card data
4. Negotiable level of security
5. Order with credit card. Use https10. Bill to customer
7. Collect and credit merchant's A/c
8. OK
6. Send card number, amount (https)
9. Order acceptance
Figure : Credit card transaction using SSL
Credit Card Payment in E-commerce using SSL - Observations Customer's credit card is exposed to the merchant and hence,
becomes vulnerable to attacks on the merchant’s database unless stored in encrypted form.
Customer's purchase details are exposed to the acquirer compromising privacy
Advantage is that the request is made using https with the customer not needing a public key. Use of session key ensures security of the transactions and credit card details are not exposed during communication
Fully automated transaction. Customer’s browser supporting SSL can do the negotiation with merchant’s server.
Server ensure that the customer request comes through https protocol
Currently most common form used in many E-commerce activities in India including railway and airlines ticket booking, hotel reservation, etc.
Lecture Set 3
SET Protocol
Secure Electronic Transaction (SET) Protocol
Standardized by major credit card companies like Master Card and Visa
Steps followed: A public key encryption technique like RSA is
used. Customers and merchants should get their
public keys certified by a certified authority to ensure the genuineness of the transaction
The customer should digitally sign the purchase order amount and credit card number
Secure Electronic Transaction (SET) ProtocolMain Features:
Credit card number is not exposed to the merchant but only to the acquirer.
Purchase invoice details are not exposed to the acquirer.
As the purchase invoice is coupled with the credit card number and signed digitally, it is easy for an arbitrator to settle disputes regarding cost or purchase invoice.
Details available at:
www.ibm.com/redbook/SG244978
SET - Dual Signature Scheme
Terms: Customer's purchase order (PO) Credit card number (CCN) Amount to be paid (AMT) POA = PO+AMT CCA = CCN+AMT POH = Hash of POA CCH = Hash of CCA PPH = Purchase payment digest PPH= H (POH||CCH) ( || concatenation ) KPR: Customer's private key
SET - Dual Signature Scheme DS = KPR (PPH) is the digitally signed copy of purchase order and
credit card number POA is separately encrypted by customer using merchant’s public
key and sent to merchant. Merchant can get back POA Merchant receives CCA encrypted with acquirer’s public key from
the customer CCH and DS are also sent to the merchant from the customer
encrypted using merchant’s public key. Merchant can decrypt them to obtain CCH and DS. However, from CCH, he cannot get back CCA and hence cannot know the credit card number.
Merchant can compute: H(H(POA) || CCH) = H(POH||CCH) = PPH DS received from the customer is decrypted using KPU to get:
KPU(DS) = KPU(KPR (PPH)) = PPH KPU is the certified public key of the customer sent to the merchant
by the customer along with his purchase order. If the two PPH values obtained above are the same, customer’s signature is verified. If the payment is authorized by acquirer, the order is acceptable to the merchant and can be shipped
SET - Dual Signature Scheme Acquirer can decrypt CCA and then encrypt using the public
key of the customer’s bank Customer’s bank can decrypt the same and obtain CCA. It
also received POH and DS. POA cannot be obtained from POH and hence bank will not know purchase details.
Bank can compute: H(POH || H(CCA)) = H(POH||CCH) = PPH Bank also receives KPU(DS). If PPH obtained above is the
same as KPU(DS) obtained above, then customer’s digital signature is verified by his bank. If credit limit is available, bank can authorize the merchant through the acquirer for the payment.
Observations: Customer cannot repudiate his purchase order Merchant cannot substitute customer’s purchase order with a
fake one as the signature of DS contains a unique hash of the customer’s purchase order available with the bank
SET - Dual Signature SchemeSteps followed: Customer’s PC and merchant’s server exchange their
certified public keys. Merchant sends acquirer's public key to the customer and they negotiate the encryption algorithm and hash function to be employed.
Customer enters PO, credit card details and amount payable in his PC, which are broken into two parts: (i) PO and amount (ii) credit card details and amount
POA is encrypted with merchant's and CCA with acquirer's public key. POH, CCH and DS are computed and sent with POA to the merchant. Merchant proceeds after verifying the signature.
Merchant forwards encrypted CCA, POH and DS to acquirer.
Acquirer forwards it to the bank.
SET - Dual Signature Scheme
The customer's bank validates it and replies to the acquirer with corresponding response.
Acquirer approves or rejects the transaction and informs the merchant. It credits the amount less appropriate commission in merchant's account.
Merchant accepts the order and sends the product to the customer as per shipping address.
Customer's bank sends the bill to the customer at the end of the month.
SET - Flowchart
PO: Amount
EncryptHashConcatenate
Hash
Hash
CC no.; Amount
customer
POA
CCA
To merchant
To bank
CCH
POH
(POH||CCH)
PPH
Customer's private key
Dual Signature
DS
Figure : Basics of dual signature scheme
SET - Flowchart
Customer Merchant
Bank
Figure : Credit card transaction using SET protocol
Acquirer
1. Negotiation2. POA, CCH, DS, POH
7. Shipping Details
6. Approval3. CCA, POH, DS8. Billing
4. CCA, POH, DS
5. Approval
Lecture Set 3
Electronic Funds Transfer
Electronic Funds Transfer Electronic Funds Transfer (EFT) - an essential part
of clearing cheques in a banking system Clearing a cheque:
If A issues a cheque in favor of B, it will be written on a cheque in A's bank (say X).
B will deposit the cheque in his bank (say Y). Before B's account in bank Y is credited, Y should check
with A's bank whether A has enough money in his account.
If X approves then A's account in bank X is debited and B's account in bank Y is credited.
This process of cheque clearance has been automated and is called Electronic Funds Transfer (EFT).
Requirements for EFT An Automated Clearing House (ACH) should
work as an intermediary to negotiate transfer of funds when cheques are used. In India, the Reserve Bank of India (RBI) acts as the ACH.
All banks should use ACH and become its members. RBI is the controlling agency of all banks in India.
There should be a secure electronic communication channel between each bank and the ACH. As the amounts involved are very large, normally these channels are private secure leased lines.
Two models of EFT Automated Cheque Clearance Electronic Clearing Service (ECS)
Automated Cheque Clearance Assume A and B are the two parties A has an account with bank X B has an account with bank Y ACH maintains balances kept by its
member banks
Automated Cheque Clearance- Steps A sends a cheque drawn on his bank X to
B B deposits the cheque in his bank Y Y sends the cheque to ACH ACH has an automated system to sort
cheques based on unique bank code In India it is the 9-digit bank code, e.g.,
721002103 printed at the bottom of a cheque with magnetic ink.
Based on X's code a query is sent to bank X whether the amount can be paid (A's physical cheque should be forwarded to X by ACH)
Automated Cheque Clearance- Steps If the reply from bank X is yes, it debits
X's account and credits Y's account with it.
It intimates bank Y that the cheque is cleared.
Bank Y credits B's account with the amount specified in the cheque and updates B's account.
Bank X debits A's account by the amount specified in the cheque.
Automated Cheque Clearance
A
ACH
X (A's Bank)
Y (B's Bank)
B1. Cheque
2. Deposit7. Credit account
4. Query X 3. Forward Cheque
5. Response 6. Intimate clearance
8. Debit and intimate
Electronic Clearing Service -StepsWhen A wants to send a specified amount to B: A requests B to send the unique 9-digit code of B's bank Y as well
as B’s account number in Y in which the money has to be credited. A sends an intimation to its bank X to debit its account by the
specified amount (say S) and credit it to B's account with bank Y. Bank X requests ACH to debit its account with ACH by S and credit
it to Y's account. It also requests ACH to advise Y to credit B's account by the specified amount S.
ACH requests Y to credit B's account with the specified amount S. Y intimates B that the amount from A has been credited.
No need to send physical cheques. Popular in India for regular salary payment, payment of pension, dividend, etc.
Electronic Clearing Service
A
ACH
X (A's Bank)
Y (B's Bank)
B1. Request bank account details
3. Credit B's account in Y 4. Credit B's
account
2. Credit B's account in Y
5. Credit intimation
Traditional Cheque Clearance vs. ECS
Traditional ACH ECS
_____________________________Physical Cheques transported No physical cheques
Delay of 1 or 2 days No delay
Cheque can be dishonored No cheque dishonor
Physical handling costs high Low cost
Payer can use fund during Account debited immediately
clearance day
Lecture Set 3
Electronic Cheque Payment
Electronic Cheque Payment B2B E-Commerce entities have mutual trust.
Amount involved is also quite large Payments normally made by cheque Need for electronic equivalent of physical cheque Both businesses must have certified public keys
and must be able to digitally sign e-cheques. In India every registered company must have a
public key certificate and must be able to digitally sign documents
All banks and ACH must have public key certificates and must be able to digitally sign documents using a common agreed hash function.
Electronic Cheque Payment
Parties involved:1. Purchaser – P2. Vendor – V3. Purchaser's Bank – PB4. Vendor's Bank – VB5. Automated Clearing House – ACH
Format of e-cheque:___________________
Unique id of e-cheque Date of cheque Payee’s id and name Amount to be paid Payer’s bank code Payer’s account number _____________________
Digital Signature of Payer______________________
Electronic Cheque Payment
Electronic Cheque Payment
Steps followed: Exchange of public key certificates and bank details
between P and V. V sends an invoice with payment request to P encrypted
with P's public key. P decrypts the invoice and payment request. P writes an
e-cheque if the request is valid. E-cheque along with invoice number and P's public key certificate are digitally signed and the digital signature is attached. This whole information is encrypted with V's public key and sent to the vendor.
V verifies the signature and appends to this information an endorsement, his/her public key certificate and digitally signs all the above information. This is encrypted with the public key of VB and sent to VB.
Electronic Cheque Payment VB decrypts the information. Takes out the e-
cheque, encrypts it with ACH's public key and sends it to ACH.
ACH decrypts it, forwards the same to PB encrypting with PB's public key.
PB decrypts it, and authorizes the payment if all OK.
ACH debits PB's account and credits VB's account also informs VB about the clearance of e-cheque.
VB credits V's account. PB debits P's account.
Electronic Cheque Clearance
PPurchaser
ACH
PBPurchaser's
Bank
VBVendor's
Bank
VVendor
9. Credit V's A/c4. Deposit e-cheque endorsed
6. Verify e-cheque
5. e-chequefor
clearance
7. Payment authorization
8. e-chequecleared
10. Debit P's account
3. E-cheque in secure envelope
1. Exchange public key certificates2. Invoice
Fig: Electronic cheque clearance
Electronic Cheque Payment
Remittance in secure envelope________________________Invoice no.P's public key certificatee-chequeDigital signature_______________________Encrypt with V's public key_______________________
Electronic Cheque Payment
Deposit slip to VB in secure envelope______________________________P's public key certificateV's public key certificatee-chequeV's endorsement with unique idV's signature_______________________________Encrypt with VB's public key_______________________________
Electronic Clearance of Pay Order
Popular in B2B E-Commerce Parties involved are the same as in
E-cheque payment Here also, the vendor, purchaser,
vendor’s bank, purchaser’s bank and ACH musty have public keys and should be able to digitally sign documents.
Electronic Clearance of Pay Order
Steps followed: P and V exchange their public key certificates. V sends invoice with amount payable. P checks invoice and authorizes payment. A
pay order with necessary details is sent to PB encrypted with PB's public key.
P intimates V that ECS payment has been initiated.
PB debits P's account if balance is adequate and sends corresponding information to ACH encrypted with ACH's public key.
Electronic Clearance of Pay Order
ACH debits PB's account and credits VB's. Sends corresponding information to VB to credit VB's account.
VB credits V's account with payment received. Intimates V that ECS payment has been received and gives P’s ID.
Electronic Clearance of Pay Order
PPurchaser
ACH
PBPurchaser's
Bank
VBVendor's
Bank
VVendor
7. Credit intimation
5. Request to credit vendor's account
6. Credit vendor's account ECS intimation
4. ECS intimation
1. Exchange public key certificates and bank A/c details
2. Invoice
Fig: Electronic clearance of payment
3. Pay order to vendor's bank
Pay Order to Purchaser’s Bank (Content of Secure Envelope)
Pay order to PB________________________Date on which to be paidUnique ID of pay orderP's account numberV's account numberAmount to be paidDigital signature of P________________________Encrypt with PB's public key________________________
Pay Order by PB to ACH (Content of Secure Envelope)
Pay order by PB to ACH (Contents of secure envelope)
_______________________Date of pay orderUnique ID of pay orderPB's bank codeVB's bank code and IDAccount number of V in VBAmount to be paidDigital signature of PB________________________Encrypt with ACH's public key________________________
ACH’s Intimation to Vendor’s Bank in Secure Envelope
ACH's intimation to VB____________________________Date of pay orderUnique ID of pay orderPB's code and IDAmount to be creditedV's account numberDigital signature of ACH_____________________________Encrypt with VB's public key_____________________________
Electronic Clearance of Pay Order - Infrastructure Encryption Employed
Usually RSA to encrypt a unique symmetric session key for each transaction between parties
Triple DES or AES as symmetric encryption Communication System
Banks have their own intranet connecting all branches
Bank intranets are connected to one another using VPN.
ACH usually connected to bank intranets using leased lines
E-cheque Format A standard format of E-cheques needed for
automated processing after extraction of fields and interpretation
EDI standard needed for invoices, POs, etc. EDIFACT – Electronic Data Interchange Format
for Administration, Commerce and Transport – standardized by UN Economic Commission for Europe and adopted by many government organizations in India.
EDIFACT has a standard for financial instruments Another alternative is to use XML description of
cheques Easier to implement and process
Lecture Set 3
Electronic Cash
Electronic Cash Transactions involving credit card or cheque cost high. Not
suitable for low value transactions Advantages of Cash:
Guarantee of value over short period Universally accepted Easily carried Anonymity Privacy due to anonymity Ability to make smaller denominations –
Changes Disadvantages
Not safe to carry Volume is proportional to value
Electronic Cash - ChallengesChallenges in setting up e-cash as a
payment method Who administers? Will anonymity be ensured? Will e-cash issued by a bank be
accepted universally? How to detect forgery? Can one be prevented from double
spending? What about recovery of costs? Is transaction cost low?
E-cash Issue and Spending
Procedure:1. Customer applies to a bank for e-coins2. Bank issues e-coins through a currency server. Each coin
has a random number as its ID and a denomination, and the whole is digitally signed by bank. Bank maintains its record for each customer identified by his customer id.
3. Customer can pay the e-coins to a merchant through https. The coin is marked as spent in the e-purse of the customer.
4. Merchant sends the e-coin to bank for approval.5. Bank responds with approval if it is verified as a valid e-
coin and has not yet been spent. Merchant’s account, which has to be maintained in the same bank, is credited.
6. Merchant ships the order and sends a digitally signed receipt.
E-cash Issue and Spending
Bank
Customer Merchant
1. Applies for e-coins
6. Send goods and receipt
2. e-coins issued
5. e-coinapproved
3. Pay with e-coins
4. Requests bank to verify e-coins whether already spent or expired
Fig: Electronic cash issue and payment system
E-cash – Pitfalls
Problems with this scheme:Heavy load on currency serverNo anonymityCan balance the load using distributed
network of servers. Tracking spending habits is difficult. Yet,
complete anonymity is not achieved.Difficulty in returning change
Anonymous E-cash
Chaum's Blinding Protocol:1. A customer applies for e-cash from Bank. Appropriate
amount deducted from his account2. Customer creates e-coins of required denominations.
Each e-coin is identified by him with a unique random serial number which is quite large (say of 50-100 digits) and not shared with anyone else.
3. Customer chooses a random number and encrypts with bank’s public key e, multiplies it with the serial number of e-coin and sends it to the bank's currency server. The original e-coin numbers are not known to the bank and hence the e-coins are blinded.
4. The bank signs the denomination of the e-coin and the blinded number with its private key. This complete data is encrypted with customer's public key and sent back to the customer.
Anonymous E-cash
5. The customer decrypts the data, divides the blinded serial number by the same random he used for blinding it and now gets back a signed version of the original serial number and amount. He can issue these e-coins signed by the bank to a merchant whenever needed.
6. The merchant sends the e-coins to the bank's currency server for verification. Bank cannot identify the owner of the e-coin, but can detect double spending.
Anonymous E-cash – Double Blinding Protocol
Mathematics of Chaum's blinding Protocol
1. Customer sends to bank: [s re (mod n), a]2. Bank signs with its private key: [(s re)d (mod n), ad (mod n)] and sends the same to the customer.3. It may be noted that: (s re)d (mod n)= (sd, red) (mod n)
Since red (mod n) = r, the signed serial number is (sdr(mod n)).4. Customer divides this by r and gets (sd(mod n)), which is
the coin serial number signed by the bank.5. Signed e-coin stored by the customer is [s, a, sd (mod n), ad
(mod n)]which is [serial number, amount, serial number signed by bank, amount signed by bank]
6. The merchant and bank both can find the authenticity when this is presented to the merchant.
Smart Card-Based Cash PaymentPlastic cards with memory and
processorData in the card can be read/written.Contact cards and contactless cardsCards with only memory and with
memory and processor
Smart Card-Based Cash Payment
Bank'sserver
Customer'sPC
Merchant'sserver
1. Apply for e-cashIn smart card
6. Send goods and receipt
2. Sende-cash
5. Approval
3. Card details and debit amount
4. Card detailsand debit amount
Fig: Smart card-based payment systemSmart cardreader
Smart Card-Based Cash PaymentAdvantages: No need to check for re-spending by bank Processing cost is bit lower than that of credit card Safe from hacking Card can not be used by others though its got lostDisadvantages: Customer should have a card read/write device No anonymity
Lecture Set 3
Payment Gateways
Payment Gateways Many small and medium businesses (SMBs) do
not have programmers to design their web server to transact credit card, cheque or ECS transactions
“Payment gateway solutions” to assist such SMBs to transact Internet-based payments
Payment gateway is a server placed between the merchant's web server and the acquiring bank's server
When an order is placed, it is forwarded to the payment gateway server by the merchant's server
Payment GatewayThe payment gateway server performs all the
tasks such as Integrating merchant's shopping cart with billing
system Order approval Calculating appropriate taxes Forwarding shipping details, etc. Forwarding the credit card information to the acquirer
and getting backs the result of credit card purchase authorization
Collecting credit card payments and remits them to the merchant's bank account periodically
Checking customer's credentials, address verification and fraud prevention
Payment Gateway Operators
Gateway operators collect a percentage of transaction amount as feeIn India, leading payment
gateway operators are CC Avenue ICICI Pay Seal CC Now
Pay Pal Pay Pal is a service, like an Internet based bank. The PayPal.com site operates accounts for
members in which members can deposit money and transfer money to other members of Pay Pal.
Other services provided by Pay Pal are Pay for items bought in e-bay auctions (important in
C2C E-commerce) Transfer money to other Pay Pal accounts located in
several countries where there are no exchange controls Buy things from web sites of merchants who maintain
Pay Pal account It has also a mobile phone-based system offering
similar services
Pay Pal
Primary use of Pay Pal is in C2C E-commerce among its members
Can also be used in B2c e-commerce if merchants maintain Pay Pal accounts
Provides an alternative to those who do not have a credit card
Lecture Set 3
Micro-payments for Information Goods
Micro-payments for Information Goods
Micro-payments are small payments of a few rupees or dollars for purchase of information goods
Information goods are materials such as e-books e-papers audio files video entertainment clips software files
A system to collect micro-payments should have low transaction cost
Example SystemA system operating in USA has been implemented by a
company named Net Bill in cooperation with Mellon Bank (a USA bank)
The main features of this payment system are Customer deposits in advance an amount in
Net Bill's bank account maintained by Net Bill server
This deposit is debited only when the information goods is delivered to the customer
The vendor is guaranteed payment when information goods are delivered as per customer's order
Net Bill Payment scheme : steps
Customer requests a quote from the merchant for the item needed Vendor responds with a quote for the item Customer informs the vendor of acceptance (if not accepted, no
further transactions are needed ) Vendor encrypts information goods using a secret key and sends it
to the customer. The customer cannot decrypt the information and use it until he or she gets the decryption key
Vendor sends the key used for encrypting the information to the Net Bill server
Customer sends a debit note along with digest of the information received to the Net Bill server using SSL
Net Bill server credits the vendor's account by the amount debited from the customer less a transaction fee
Net Bill informs the vendor of credit Net Bill server sends the customer the decryption key to enable him
or her to use the information
Net Bill system for Information goods
Customer
Net Bill server
Vendor
1. Request quote
2. Response
3. Accept
4. Encrypted information
6. Debit note and digest
9. Decryption key
5. Encryption key
8. Inform Vendor about credit
7. Debit customer's accountand Credit vendor's account
Net Bill system for Information goodsMethod has a lower transaction cost
compared to credit card paymentsNet Bill protects both the customer and
the vendor from frauds by keeping the digest of information
delivered releasing the decryption key only when
the payment has been credited to the vendor's account
References
E-Commerce – An Indian Perspective, Second Edition, P. T. Joseph, S.J., Prentice Hall India Eastern Economy Edition, 2006
E-Commerce – Business, Technology, Society, Fourth Edition, K. C. Laudon and C. G. Traver, Pearson Education, 2008
Essentials of E-Commerce Technology, V. Rajaraman, Prentice Hall India Eastern Economy Edition, 2010