Electronic Money

Lincoln SteinWhitehead Institute/MIT Center for Genome Research

What is a Commercial Transaction?

Customer walks into store, examines wares Customer decides purchase item Customer pays for item Merchant delivers item Returns/exchanges

Types of Money?

Method Anonymous Trail Credit Peer to Peer

Cash

Credit Card

Check/Debit

How is Commerce on the Internet Different?

“On the Internet, nobody knows you’re a dog.”

Customer & merchant never meet Large potential for fraud Internet transactions easily intercepted

Building Trust Authentication: merchant and customer Transaction security Transaction integrity Non-repudiability Consumer protection

Parts of the Puzzle

Problem Solution

Transaction security encryptionConsumer authentication digital signature/certificateMerchant authentication digital signature/certificatetransaction integrity message digests

Electronic Payment Methods Offline Systems Secure Servers Payment Systems Commerce Environments Digital Cash

Offline Systems PO Orders, 800 numbers, etc. First Virtual

First Virtual Internet Payment System

No use of secure protocols No sensitive information transmitted over

Internet Reliance on off-line channels Non-tangible merchandise only

How First Virtual Works (Customer)

Customer contacts FV Credit card number exchanged by telephone Customer receives account PIN

How First Virtual Works (Merchant)

Merchant contacts FV Checking account info exchanged by

telephone Merchant installs server software

How First Virtual Works (Transaction)

Customer browses Web site Customer types PIN into fill-out form Server requests PIN & validates it FV confirms sale via e-mail

Why First Virtual Works Credit card # never transmitted over

Internet Customer can cancel sales in cases of

– fraud– unsuitability of merchandise

Limitations of FV Customers who abuse system Can’t be used for tangible goods Adoption spotty

How Much Does FV Cost? Set-up fee:

– $2.00 customer– $10.00 merchant

Merchant transaction fee– $0.29 / transaction– 2% of merchandise selling price

http://www.fv.com/

Secure Servers Use SSL or S-HTTP to

– encrypt transmission– identify merchant to customer– [identify customer to merchant]

Simple: customer types credit card # into fill-out form

BankMerchant

?

Secure Servers: Limitations Roll-your-own credit card validation No built-in transaction processing No customer authentication (yet) Crippled cryptography on “export” versions Credit card #’s not necessarily secure on

merchant’s server

Online Payment Systems: CyberCash

Secure online payment for tangible goods Both credit card and debit card models Supported by many banks “CyberCoin” system for small purchases of

intangible items

How CyberCash Works

Bank

Merchant

Bank

$

Virtual Wallet Virtual Cash Register

How CyberCash Works (Customer)

Customer downloads “Wallet” application Registers name, password & credit card

number/bank account Browser hands off transaction to Wallet

during purchases Transaction logs

How CyberCash Works (Merchant)

Merchant downloads “Cash Register” application

Installs on server Web server hands off transaction to Cash

Register during purchases Support for transaction logging, refunds,

cancellations

Registering “Wallet”

Making a Payment

What CyberCash Costs Free to consumer Software free to merchant

– Transaction fees set by credit card and issuing bank

– Fee schedules similar to those of a mail order house: 2-3% of transaction price + fixed fees

Commerce Environments Secure server Inventory control, catalogs, etc Credit card validation Transaction logging Returns, exchanges, PO orders, shipping Database interfaces

OpenMarket

Offers “soup to nuts” solutions– Web publishing & catalogs– Transaction management– Credit card validation– Inventory, shipping, returns

Based around OpenMarket server Large corporations, banks, virtual malls

Secure Electronic Transaction Specification (SET)

VISA, Mastercard, Netscape, Microsoft A standard, not a product Specifies

– Customer authentication– Merchant authentication– Transaction encryption– Transaction validation

SET

Bank

Merchant

Bank

$

SET-Enabled Products Microsoft Merchant

– Partner: Verifone– Fully integrated with BackOffice

Netscape LivePayment– Partner: First Data– One component of Netscape Commerce Server– Available now

DigiCash True anonymous peer-to-peer currency -

“CyberBucks” Handful of banks and merchants

Bank Bank

URLs (1) First Virtual

– http://www.fv.com/ CyberCash

– http://www.cybercash.com/ Open Market

– http://www.openmarket.com/

URLs (2) SET

– http://www.visa.com/ Microsoft Merchant

– http://www.microsoft.com Netscape LivePayment

– http:://home.netscape.com/ DigiCash

– http://www.digicash.com/

URL For This Talk http://www.genome.wi.mit.edu/

– ~lstein/Web97/