DILEEP V K4NM10SCS08MTECH IINMAMIT

Electronic Payment Systems

- Introduction to electronic payment systems

- Requirements of electronic payment

- Classification of electronic payment systems and protocols

- Account-Based Payment and Example

- Electronic Check Payment and Example

- Micro-Payment and Example

Presentation Outline

What is a payment system?

E-commerce application systems must provide payment processing and transaction service to buyers and sellers.

A payment system, as a part of E-commerce application system, is a such system which support secured payment processes by providing reliable, secured, and efficient transaction services between sellers and buyers.

The basic requirements of a payment system:

- Provide secured and confidential transaction processes.- Conduct authentication and authorization for all involved parties.- Ensure the integrity of payment instructions for goods and services.- Availability, cost-effective, efficiency and reliability.- Global access and international useful

Introduction to Electronic Payment and Systems

Electronic payment is implemented by a flow of money from the payer via the issuer and acquirer to the payee.

Advantages:

- Fast transaction processing- Flexible of use (24 hours available)- Low cost transactions- Global accessible to customers and businesses

Disadvantages:

High risks and security challenges due to:

- Unlike paper, digital “documents” can be copied perfectly and arbitrarily often.- Digital signatures can be produced by anybody who knows the secret cryptographic key.- A buyer’s name can be associated with every payment.

Introduction to Electronic Payment Systems

Electronic Payment Models:

Direct-payment systems:--> require an interaction between payer and payee.

- Cash-like payment systems- A certain amount of money is taken away from the payer before purchases are made.

Example: Smart card-based electronic purses,electronic cash, and bank checks

- Check-like payment systems - pay-now systems (like credit card-based payment systems)

- pay-later systems (like ATM card-based payment systems)

Indirect payment systems:--> the payer or the payee initiates payment without the other party involved online. (Example, electronic funds transfer)

Introduction to Electronic Payment Systems

Classification of electronic payment systems:

- Card-based payment systems:

Examples: CyberCash, First Virtual (FV), VISA and MasterCard, CARI

- Electronic checking systems:

Examples: FSTC, NetBill

- Electronic cash payment systems:

Examples: Ecash (DgiCash), NetCash, CyberCoin, Mondex

- Micro-payment systems:

Examples: Millicent, SubScrip, PayWord, MicroMint, IKP micropayment.

Introduction to Electronic Payment Systems

Classification of Electronic Payment Protocols

E-Commerce Payment Protocols

Macro-Payment Protocols

Electronic Check Payment Protocols

Micro-Payment Protocols

Digital Cash Payment Protocols

SET

FV

CyberCash

CyberCoin

DigiCashNetCashMondax

Cafe

MillicentPayWord

NetBillFSTC

iKPSEPP

SubScrip

Different types of payment card schemes:

(A) Credit cards, where payments are set against a special-purpose account associated with some form of installment-based repayment scheme or a revolving line of credit.

- pay later with limit and interest rate.

(B) Debit cards (paperless checks) are linked to a checking/saving account.

- pay now with balance checking.

(C)Charge cards: work in a similar way to credit cards in that payments are set against a special-purpose account.

- payment must be made at the end of billing period without limit.

(D) Travel and entertainment cards are charge cards whose usage is linked to airlines, hotels, restaurants, car rental companies, or particular retail outlets.

Overview of Account-Based Payment

Overview of Credit Card-Based Payment

Card Association

Card Issuer’s Bank Card Acquirer’s Bank

MerchantCardHolder

Payment Model:

Special Features of Account-Based Electronic Payment

- Online Transaction.

- Anonymity: This ensure that no detailed cash transactions for customerare traceable. Even sellers do not know the identity of customers involved in the purchases

- Security: High security and low risk due to the use of traditional banking system and user accounts.

- Standardization: Use of the existing standardized payment model

- Flexibility: consumers can have multiple cards used in different countries and concurrency

- All transactions can be easily traced by banking system and merchants.

Limitations:

- Dependency: dependent on existing banking systems.

- Transaction cost: high transaction cost compared with other approaches

- Performance: slower performance due to the authentication and account validation using the existing banking systems

- Privacy: consumer loss of the privacy of their transactions

Special Features of Account-Based Electronic Payment

About CyberCash:

- CyberCash is a secure Internet payment system developed by CyberCash, Inc., which is located at Reston, VA, USA, and it was found in August 1994 to provide software and service solutions for secure financial transactions over the Internet.

- CyberCash uses special wallet software, enable consumers to make secure purchases using major credit cards from CyberCash-affiliated merchants.

- the CyberCash payment system was launched in April 1995. It had over half a million copies in circulation.

- CyberCash has other payment systems, such as CyberCoin (electronic cash system) and PayNow (electronic check system).

Credit Card-Based Electronic Payment System: CyberCash

Features of CyberCash:

- Use the existing credit card infrastructure for settlement payments.

- Use cryptographic techniques to protect the transaction data during a purchase.

- Authenticate the identifies of both parties to the transaction.

- Provide online transaction and online authentication.

- Broker the transaction between merchant’s bank and cardholder’s bank.

Credit Card-Based Electronic Payment System: CyberCash

Credit Card-Based Electronic Payment System: CyberCash

Web Browser

CustomerWallet

Web Server

Merchant Software

CyberCashServer

Shopping

Purchase

Purchase messagesRegistration Card binding

BankingNetwork

Internet

CyberCash Payment Model

Credit Card-Based Electronic Payment System: CyberCash

Payment Steps in a CyberCash Purchase

Consumer CybercashServer (CS)Merchant

Click “PAY” order form

forwarddetails

issuereceipt

authorize+ clearwith bank

Credit-card pay

Payment-req

Charge-card-res

auth-capture

charge-action-res

Finishshopping

ChooseCC, addr

logtransaction

Credit Card-Based Electronic Payment System: CyberCash

Header Transport TrailerOpaque

CyberCash Messages:

Header: It indicates the start of a CyberCash message.

Transport: It contains the order information in a purchase, transaction ID, date, and the key ID to the encrypt the opaque part.

Opaque: The encrypted part of a message.

Trailer: the end of a CyberCash message.

04/13/23 17

Payment Acceptance and Processing

Merchants must set up merchant accounts to accept payment cards

Law prohibits charging payment card until merchandise is shipped

Payment card transaction requires: Merchant to authenticate payment card Merchant must check with card issuer to ensure funds are

available and to put hold on funds needed to make current charge

Settlement occurs in a few days when funds travel through banking system into merchant’s account

04/13/23 18

Processing a Payment Card Order

04/13/23 19

Open and Closed Loop Systems

Closed loop systems Banks and other financial institutions serve as

brokers between card users and merchants -- no other institution is involved

American Express and Discover are examples

Open loop systems Transaction is processed by third party Visa and MasterCard are examples

04/13/23 20

Credit Card Processing

SOURCE: PAYMENTPROCESSING INC.

04/13/23 21

Secure Electronic Transaction (SET) Protocol

Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM, GTE, SAIC, and others

Designed to provide security for card payments as they travel on the Internet Contrasted with Secure Socket Layers (SSL) protocol, SET validates

consumers and merchants in addition to providing secure transmission SET specification

Uses public key cryptography and digital certificates for validating both consumers and merchants

Provides privacy, data integrity, user and merchant authentication, and consumer nonrepudiation

04/13/23 22

The SET protocol

The SET protocol coordinates the activities of the customer, merchant, merchant’s bank, and card issuer. [Source: Stein]

04/13/23 23

SET Payment Transactions

SET-protected payments work like this: Consumer makes purchase by sending encrypted

financial information along with digital certificate Merchant’s website transfers the information to a

payment card processing center while a Certification Authority certifies digital certificate belongs to sender

Payment card-processing center routes transaction to credit card issuer for approval

Merchant receives approval and credit card is charged Merchant ships merchandise and adds transaction

amount for deposit into merchant’s account

04/13/23 24

SET uses a hierarchy of trust

All parties hold certificates signed directly or indirectly by a certifying authority. [Source: Stein]

04/13/23 25

SET Protocol

Extremely secure Fraud reduced since all parties are authenticated Requires all parties to have certificates

So far has received lukewarm reception 80 percent of SET activities are in Europe and Asian countries Problems with SET

Not easy to implement Not as inexpensive as expected Expensive to integrated with legacy applications Not tried and tested, and often not needed Scalability is still in question

Payment Cards

Online Credit Card Transaction

Payment Acceptance and Processing

Open and closed loop systems will accept and process payment cards.

A merchant bank or acquiring bank is a bank that does business with merchants who want to accept payment cards.

Software packaged with your electronic commerce software can handle payment card processing automatically.

Payment Acceptance and Processing

04/13/23 30

Using Payments Cards Online

Key participants in processing credit card payments online include the following: Acquiring bank Credit card association Customer Issuing bank Merchant Payment processing service Processor

04/13/23 31

Using Payments Cards Online

Fraudulent Credit Card TransactionsAddress Verification System (AVS)

Detects fraud by comparing the address entered on a Web page with the address information on file with cardholder’s issuing bank

04/13/23 32

Using Payments Cards Online

card verification number (CVN)

Detects fraud by comparing the verification number printed on the signature strip on the back of the card with the information on file with the cardholder’s issuing bank

04/13/23 33

Using Payments Cards Online

Fraudulent Credit Card Transactions Additional tools used to combat fraud include:

Manual review Fraud screens and decision models Negative files Card association payer authentication services

04/13/23 34

Using Payments Cards Online

virtual credit card

An e-payment system in which a credit card issuer gives a special transaction number that can be used online in place of regular credit card numbers

Stored-Value Cards

A stored-value card can be an elaborate smart card or a simple plastic card with a magnetic strip that records the currency balance.

A smart card is better suited for Internet payment transactions because it has limited processing capability.

04/13/23 36

Smart Cards

Plastic card containing an embedded microchip

Available for over 10 years So far not successful in U.S., but popular in

Europe, Australia, and Japan Smart cards gradually reappearing in U.S.;

success depends on: Critical mass of smart cards that support

applications Compatibility between smart cards, card-reader

devices, and applications

04/13/23 37

Smart Card Applications

Ticketless travel Seoul bus system: 4M cards, 1B transactions since 1996 Planned the SF Bay Area system

Authentication, ID Medical records Ecash Store loyalty programs Personal profiles Government

Licenses Mall parking

. . .

04/13/23 38

Advantages and Disadvantages of Smart Cards

Advantages:1. Atomic, debt-free transactions

2. Feasible for very small transactions (information commerce)

3. (Potentially) anonymous

4. Security of physical storage

5. (Potentially) currency-neutral Disadvantages:

1. Low maximum transaction limit (not suitable for B2B or most B2C)

2. High Infrastructure costs (not suitable for C2C)

3. Single physical point of failure (the card)

4. Not (yet) widely used

04/13/23 39

Mondex Smart Card Holds and dispenses electronic cash (Smart-card based, stored-value

card) Developed by MasterCard International Requires specific card reader, called Mondex terminal, for merchant

or customer to use card over Internet Supports micropayments as small as 3c and works both online and

off-line at stores or over the telephone Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM

ATM does not know transfer protocol; connects with secure device at bank

04/13/23 40

Mondex Smart Card Processing

04/13/23 41

Mondex transaction

Here's what happens "behind the scenes" during a Mondex transaction between a consumer and merchant. Placing the card in a Mondex terminal starts the transaction process:

1. Information from the customer's chip is validated by the merchant's chip. Similarly, the merchant's card is validated by the customer's card.

2. The merchant's card requests payment and transmits a "digital signature" with the request. Both cards check the authenticity of each other's message. The customer's card checks the digital signature and, if satisfied, sends acknowledgement, again with a digital signature.

3. Only after the purchase amount has been deducted from the customer's card is the value added to the merchant's card. The digital signature from this card is checked by the customer's card and if confirmed, the transaction is complete.     

04/13/23 42

Mondex Smart Card

Disadvantages Card carries real cash in electronic form, creating the possibility of

theft No deferred payment as with credit cards -cash is dispensed

immediately Security

Active and dormant security software Security methods constantly changing ITSEC E6 level (military)

VTP (Value Transfer Protocol) Globally unique card numbers Globally unique transaction numbers Challenge-response user identification Digital signatures

MULTOS operating system firewalls on the chip

Smart Cards

smart card

An electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card

Smart Cards

Types of Smart Cards

contact card

A smart card containing a small gold plate on the face that when inserted in a smart card reader makes contact and passes data to and from the embedded microchip

contactless (proximity) card

A smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device without contact between the card and the card reader

Smart Cards

smart card reader

Activates and reads the contents of the chip on a smart card, usually passing the information on to a host system

smart card operating system

Special system that handles file management, security, input/output (I/O), and command execution and provides an application programming interface (API) for a smart card

Smart Cards

Securing Smart Cards Smart cards store or provide access to either

valuable assets or to sensitive information Because of this, they must be secured against theft,

fraud, or misuse The possibility of hacking into a smart card is

classified as a “class 3” attack, which means that the cost of compromising the card far exceeds the benefits

E-Cards (cont.)

Optical memory cards Stores 4MB of data; once written, data cannot be changed

or removed Ideal for keeping records (medical files) Require expensive card readers

Categorize smart cards by how they store data Contact card—insert in smart card reader Contactless card—embedded antenna read by another

antenna (mass-transit applications)

E-Cards (cont.)

Smart cards are computer devices and require: Chip with an operating system to run applications Programming language to write applications Multipurpose cards use new operating systems

MultOS JavaCard Microsoft windows for smart cards

Figure 14-8Smart Card Image

Embedded chip

Source: Visa.

Smart Cards

Applications of Smart Cards Retail Purchases

e-purseSmart card application that loads money from a card holder’s bank account onto the smart card’s chipCommon Electronic Purse Specification (CEPS)Standards governing the operation and interoperability of e-purse offerings

Transit Fares E-Identification

Smart Cards

Applications of Smart Cards Transit Fares

To eliminate the inconvenience of multiple types of tickets used in public transportation, most major transit operators in the United States are implementing smart card fare-ticketing systems

E-IdentificationBecause they have the capability to store personal information, including pictures, biometric identifiers, digital signatures, and private security keys, smart cards are being used in a variety of identification, access control, and authentication applications

Electronic Cheques

Leverages the check payments system, a core competency of the banking industry.

Fits within current business practices Works like a paper check does but in pure

electronic form, with fewer manual steps. Can be used by all bank customers who have

checking accounts Different from Electronic fund transfers

How does echeck work?

Exactly same way as paper Check writer "writes" the echeck using one of

many types of electronic devices ”Gives" the echeck to the payee electronically. Payee "deposits" echeck, receives credit, Payee's bank "clears" the echeck to the

paying bank. Paying bank validates the echeck and

"charges" the check writer's account for the check.

E-Checking

Electronic checkbook Counterpart of electronic wallet To be integrated with the accounting information

system of business buyers and with the payment server of sellers

To save the electronic invoice and receipt of payment in the buyers and sellers computers for future retrieval

Example : SafeCheck Used mainly in B2B

Figure 14-14Digital of Signatures in E-Check Processing

Source: Anderson (1998).

E-Checking (cont.)

Treasury Department expects e-checks to: Enhance security through use of public key

cryptography “Push” a payment to the payee and not “pull” funds

from general account of the U.S. Leverage Internet for its strength as ubiquitous

communication vehicle Increase payment choices for U.S. Treasury payees

E-Checking

Benefits of e-check processing: It reduces the merchant’s administrative costs by

providing faster and less paper-intensive collection of funds

It improves the efficiency of the deposit process for merchants and financial institutions

It speeds the checkout process for consumers It provides consumers with more information about

their purchases on their account statements It reduces the float period and the number of checks

that bounce because of insufficient funds (NSFs)

Exhibit 12.3 Processing E-Checks with Authorize. Net

Overview of NetBill:

- NetBill is a dependable, secure and economical payment method for purchasing digital goods and services through the Internet.

- NetBill protocol is developed by Carnegie Mellon University.

- In partnership with Visa International and Mellon Bank, the first trial of the system was installed in early 1996.

Major goals of NetBill:

- Support high transaction volumes at low cost- Provide authentication, privacy, and security for transactions

- Provide account management and administration for consumers and merchants

Electronic Check Payment System: NetBill

Electronic Check Payment Process: NetBill

NetBillServer

CustomerMerchant

Bank

Network

Electronic Check Payment System: NetBill

1. Consumer’s application send a price quote request to the merchant’s application through a checkbook library.2. Merchant’s application sends back the price quote the consumer’s application.3. Consumer accepts the price quote, and then sends a purchase request through the Checkbook library.4. Merchant’s application sends to the consumer’s Checkbook encrypted in a one-time key.5.Consumer sends a electronic payment order (EPO) to merchant’s application.6. The merchant’s application sends the endorsed EPO to the NetBill server.7. NetBill server verifies that the consumer and merchant signatures are valid. Then, return the merchant a digitally signed receipt with a decryption key.8. The merchant’s application forward the NetBill server’s receipt to the Check book.

NetBillServerCustomerMerchant 1

234

8

6

75

Electronic Check Payment System: NetBill

NetBill Archecture: (Source: NetBill 1994 Prototype)

ConsumerApplication

Checkbook

MerchantApplication

Till

User Admin.Server

TransactionServer

SecurityServer

System Admin.Server

Payment &Collection Server

DB

Electronic Check Payment System: NetBill

Major features of NetBill:

- Certified delivery: delivering encrypted information goods and then charging against the consumer’s NetBill account. Then, decryption key registration are used at both the merchant’s application and the NetBill server.

- Scalability: the bottleneck in the NetBill model is the NetBill Server which supports many different merchants.

- Support for flexible pricing: by including the steps of offer and acceptance. The merchant can calculate a customized quote for individual consumer.

- Protection of consumer accounts against unscrupulous merchants in a conventional credit card transaction.

Electronic Check Payment System: NetBill

Security Mechanisms of NetBill:

- Create a NetBill account for each consumer by using a unique user ID and the RSA public key.

- the key pair is certified by NetBill and is used for signatures and authentication in the system.

-These signatures are used to check the elements of NetBill transactions (the price quote, the acceptance, etc) really came from the right parties.

- NetBill uses symmetric cryptogrphy method for message authentication and encryption and decryption.

- Objectives: ---> Micro-payment situations:

Although micro-payment systems share the similar requirements of other payment systems, they focus on special markets, where:

- Low-value transactions involved less than the value of smallest coin.- Non-tangible and network-deliverable merchandiseexamples: archived magazines, journals, CD, software,…

- Special requirements:

- Fast and low cost payment transactions.- Very small amount of value- Reduced the number of involved parties- High scalable

The issues of other payment systems: - Account-based systems have high transaction costs.

- Transaction speed in electronic checking systems is slow.- Electronic money systems involve more parties, have low transaction

speed, and cause poor scalability.

Micro-Payment Systems

- Objectives: ---> Micro-payment situations:

Although micro-payment systems share the similar requirements of other payment systems, they focus on special markets, where:- Low-value transactions involved less than the value of smallest coin.- Non-tangible and network-deliverable merchandiseexamples: archived magazines, journals, CD, software,…

- Special requirements:

- Fast and low cost payment transactions.- Very small amount of value- Reduced the number of involved parties- High scalable

The issues of other payment systems: - Account-based systems have high transaction costs.

- Transaction speed in electronic checking systems is slow.- Electronic money systems involve more parties, have low transaction

speed, and cause poor scalability.

Micro-Payment Protocols

Micro-payment Protocols:

- Millicent, developed by Digital Equipment Corp. in 1995.- SubScrip, developed at the University of Newcastle,

Australia.- PayWord, developed by Ron Rivest (MIT) and Adi Shamir.- MicroMint, developed by Ron Rivest and Adi Shamir.- iKP micropayment protocol

Micro-payment systems do not available in conventional commerce.They open many new areas of business.

Examples:- Millicent payment system- Micro Payment Transfer Protocol (MPTP) based on

PayWord.

Micro-Payment Protocols and Systems

- Important features of Micro-payment protocols and systems:

- Simplified verification- Simple security mechanisms- Very low cost transactions- Very fast speed- Simplified architecture

- Major factors on transaction costs:

- Payment methods- Complexity of security mechanisms- The number of involved parties- Transaction model (on-line/off-line)

Micro-Payment Systems

Overview of Millicent:

Millicent payment protocol is designed for low-amount transactions over the Internet.It is developed by Digital

- Support low-cost, secured transactions (less than one cent)- Use non-expensive symmetric crytographic algorithms- Use scrip as digital cash for customers to make purchases from vendors- Provide decentralized validation of electronic cash at the vendor’s server- Provide no additional communications, off-line processing.

Business market: electronic publishing, software and game industries. Performance: 14,000 pieces of Scrip can be produced per second.

8,000 payments can be validated per second, with change Scrip being produced.

A public trial of the Millicent system was scheduled for the summer of 1997.

Micro-Payment Protocol: Millicent

MilliCent model:

MilliCent protocols use a form of electronic currency called Scrip to connect three involved parties:

- vendors, customers, and brokers.

Scrip is vendor specific.

A Millicent broker:--> medicate between vendors and customers to simplify the tasks they perform.--> aggregate micro-payments--> sell vendor Scrip to customers--> handle the real money in the Millicent system.--> maintain customer accounts and vendors (subScription services)--> buy and produce large chunks of vendor Scrips (for licensed vendors)

Vendors: --> are merchants selling low-value services or information to customers

Customers: --> buy broker Scrip with real money from selected brokers.--> use the vendor Scrips to make purchases.

Micro-Payment Protocol: MilliCent

31. Customer sends broker-scripts.

2. Customer gets dealer-script.

3. Customer send dealer-scripts.

Broker

Customer Dealer

Micro-Payment Protocol: MilliCent

12

Internet

Electronic Cash

Electronic cash is a general term that describes the attempts of several companies to create a value storage and exchange system that operates online in much the same way that government-issued currency operates in the physical world.

Concerns about electronic payment methods include:

• Privacy• Security• Independence• Portability• Convenience

How Electronic Cash Works

To establish electronic cash, a consumer goes in person to open an account with a bank.

The consumer uses a digital certificate to access the bank through the Internet to make a purchase.

Consumers can spend their electronic cash at sites that accept electronic cash for payment.

The electronic cash must be protected from both theft and alteration.

Providing Security for Electronic Cash

To prevent double spending, the main security feature is the threat of prosecution.

A complicated two-part lock provides anonymous security that also signals when someone is attempting to double spend cash.

One way to trace electronic cash is to attach a serial number to each electronic cash transaction.

Providing Security for Electronic Cash

04/13/23

Electronic Cash -- Idea 1

Bank issues character strings containing: denomination serial number bank ID + encryption of the above

First person to return string to bank gets the money

PROBLEMS: Can’t use offline. Must verify money not yet spent. Not anonymous. Bank can record serial number. Sophisticated transaction processing system required

with locking to prevent double spending.

04/13/23

eCash (Formerly DigiCash)

Withdrawal(Minting):

Spending:

PersonalTransfer:

ALICE BUYS DIGITALCOINS FROM A BANK

ALICE SEND UNSIGNEDBLINDED COINS TO THE BANK

BANK SIGNS COINS, SENDS THEM BACK. ALICE UNBLINDS THEM

ALICE PAYS BOBBOB VERIFIES COINSNOT SPENT

ALICE TRANSFERS COINS TO CINDYCINDY VERIFIES COINSNOT SPENT

BOB DEPOSITS

CINDY GETS COINS BACK

WALLETSOFTWARE

04/13/23

Minting eCash

Alice requests coins from the bank where she has an account

Alice sends the bank{ { blinded coins, denominations }SigAlice }PKBank

Bank knows they came from Alice and have not been altered (digital signature)

The message is secret (only Bank can decode it) Bank knows Alice’s account number Bank deducts the total amount from Alice’s account

04/13/23

Minting eCash, cont.

Bank now must produce signed coins for Alice Each of Alice’s blinded coins has a serial# Bank’s public key for $5 coins is (e5, m5) (exponent and

modulus). Private key is d5. Alice selects blinding factor r Alice blinds serial# by multiplying by r

e5 (mod m5)(serial# r

e5) (mod m5) Banks signs the coin with its private d5 key:

(serial# r e5)d5 (mod m5) = (serial#)d5 r (mod m5)

Alice divides out the blinding factor r. What’s left is (serial#)d5 (mod m5) = { serial# } SKBank5

Just as if bank signed serial#. But Bank doesn’t know serial#.

e5 • d5 = 1 (mod m5)

04/13/23

Spending eCash

Alice orders goods from Bob Bob’s server requests coins from Alice’s wallet:

payreq = { currency, amount, timestamp,merchant_bankID, merchant_accID, description }

Alice approves the request. Her wallet sends:

payment = { payment_info, {coins, H(payment_info)}PKmerchant_bank }

payment_info = { Alice’s_bank_ID, amount, currency, ncoins, timestamp, merchant_ID, H(description), H(payer_code) }

04/13/23

Depositing eCash

Bob receives the payment message, forwards it to the bank for deposit by sending

deposit = { { payment }SigBob }PKBank

Bank decrypts the message using SKBank.

Bank examines payment info to obtain serial# and verify that the coin has not been spent

Bank credits Bob’s account and sends Bob a deposit receipt:

deposit_ack = { deposit_data, amount }SigBank

04/13/23

Proving an eCash Payment

Alice generates payer-code before paying Bob A hash of the payer_code is included in payment_info Bob cannot tamper with H(payer_code) since

payment_info is encrypted with the bank’s public key The merchant’s bank records H(payer_code) along

with the deposit If Bob denies being paid, Alice can reveal her

payer_code to the bank Otherwise, Alice is anonymous; Bob is not.

04/13/23

Lost eCash

Ecash can be “lost”. Disk crashes, passwords forgotten, numbers written on paper are lost.

Alice sends a message to the bank that coins have been lost

Banks re-sends Alice her last n batches of blinded coins (n = 16)

If Alice still has the blinding factor, she can unblind Alice deposits all the coins bank in the bank. (The

ones that were spent will be rejected.) Alice now withdraws new coins eCash demo

04/13/23 84

E-cash Concept

Merchant

Consumer

Bank

1

2

3

4

5

1. Consumer buys e-cash from Bank2. Bank sends e-cash bits to consumer (after charging that amount plus fee)3. Consumer sends e-cash to merchant4. Merchant checks with Bank that e-cash is valid (check for forgery or fraud)5. Bank verifies that e-cash is valid6. Parties complete transaction: e.g., merchant present e-cash to issuing back for deposit once goods or services are delivered

Consumer still has (invalid) e-cash

04/13/23 85

Electronic Cash Security

Complex cryptographic algorithms prevent double spending Anonymity is preserved unless double spending is

attempted

Serial numbers can allow tracing to prevent money laundering Does not prevent double spending, since the merchant

or consumer could be at fault

Anonymous payments

1. Withdraw money:cyrpographically encodedtokens

2. Transform so merchant can check validity

but identity hidden

3. Send token after addingmerchant’s identity

4. Check validity and send goods

5. Deposit token at bank.If double spent reveal identity and notify police

customermerchant

Problems with the protocol Not money atomic: if crash after 3, money lost

if money actually sent to merchant: returning to bank will alert police

if money not sent: not sending will lead to loss

High cost of cryptographic transformations: not suitable for micropayments

Examples: Digicash

04/13/23 88

Electronic Cash

Primary advantage is with purchase of items less than $10 Credit card transaction fees make small

purchases unprofitable Micropayments

Payments for items costing less than $1

04/13/23 89

Past and Present E-cash Systems

CyberCash Combines features from cash and checks Offers credit card, micropayment, and check payment services Connects merchants directly with credit card processors to provide

authorizations for transactions in real time No delays in processing prevent insufficient e-cash to pay for

the transaction CyberCoins

Stored in CyberCash wallet, a software storage mechanism located on customer’s computer

Used to make purchases between .25c and $10 PayNow -- payments made directly from checking accounts

04/13/23 90

Past and Present E-cash Systems

DigiCash Trailblazer in e-cash Allowed customers to purchase goods and services using

anonymous electronic cash Recently entered Chapter 11 reorganization

Coin.Net Electronic tokens stored on a customer’s computer is used to make

purchases Works by installing special plug-in to a customer’s web browser Merchants do not need special software to accept eCoins. eCoin server prevents double-spending and traces transactions, but

consumer is anonymous to merchant

Advantages of Electronic Cash

Electronic cash transactions are more efficient and less costly than other methods.

The distance that an electronic transaction must travel does not affect cost.

The fixed cost of hardware to handle electronic cash is nearly zero.

Electronic cash does not require that one party have any special authorization.

Disadvantages of Electronic Cash

Electronic cash provides no audit trail.

Because true electronic cash is not traceable, money laundering is a problem.

Electronic cash is susceptible to forgery.

So far, electronic cash is a commercial flop.

Electronic Wallets

An electronic wallet serves a function similar to a physical wallet; it

• holds credit cards, electronic cash, owner identification, and owner contact information

• provides owner contact information at an electronic commerce site’s checkout counter

Some electronic wallets contain an address book.

Electronic Wallets (cont.)

Electronic wallets make shopping more efficient.

Electronic wallets fall into two categories based on where they are stored:

• Server-side electronic wallet• Client-side electronic wallet

Electronic Wallets (cont.)

Electronic wallets store shipping and billing information, including a consumer’s first and last names, street address, city, state, country, and zip or postal code.

Electronic wallets automatically enter required information into checkout forms.

04/13/23 96

An Electronic Checkout Counter Form

04/13/23 97

Electronic Wallets

Agile Wallet Developed by CyberCash Allows customers to enter credit card and identifying information

once, stored on a central server Information pops up in supported merchants’ payment pages,

allowing one-click payment Does not support smart cards or CyberCash, but company expects

to soon eWallet

Developed by Launchpad Technologies Free wallet software that stores credit card and personal

information on users’ computer, not on a central server; info is dragged into payment form from eWallet

Information is encrypted and password protected Works with Netscape and Internet Explorer

04/13/23 98

Electronic Wallets

Microsoft Wallet Comes pre-installed in Internet Explorer 4.0, but not in

Netscape All information is encrypted and password protected Microsoft Wallet Merchant directory shows merchants

setup to accept Microsoft Wallet

04/13/23 99

Entering Information Into Microsoft Wallet

04/13/23 100

W3C Proposed Standard for Electronic Wallets

World Wide Web Consortium (W3C) is attempting to create an extensible and interoperable method of embedding micropayment information on a web page Extensible systems allow improvement of the system without

eliminating previous work Merchants must accept several payment options to insure the

widest possible Internet audience Merchants must embed in their Web page payment information

specific to each payment system This redundancy spurred W3C to develop common standards for

Web page markup for all payment systems Must move quickly to prevent current methods from becoming

entrenched

04/13/23 101

The ECML Standard

Electronic Commerce Modeling Language (ECML) proposed standards for electronic wallets Companies forming the consortium are America

Online, IBM, Microsoft, Visa, and MasterCard Ultimate goal is for all commerce sites to accept ECML Unclear how this standard will incorporate privacy

standards W3C set forth Electronic Commerce Modeling Language (ECML)Electronic Commerce Modeling Language (ECML)

Wallet/Merchant Standards InitiativeWallet/Merchant Standards Initiative, July 1999

04/13/23 102

ECML - Wallet/Merchant Standard

Creating a standard approach for the exchange of information will

enhance the ability for digital wallets to be used at all merchant sites

and therefore facilitate the growth of e-commerce

ECML is a universal, open standard for digital wallets and online

merchants that facilitates the seamless exchange of payment and order

information to support online purchase transactions Uniform field names only to start; will evolve over time

The ECML Alliance today: America Online, American Express, Brodia (formerly Transactor Networks),

Compaq, CyberCash, Discover, Financial Services Technology Consortium

(FSTC), IBM, MasterCard, Microsoft, Novell, SETCo, Sun Microsystems,

Trintech, and Visa

ECML is designed to be security protocol independent, support global

implementations, and support any payment instrument

ECML does not change the “look and feel” of a merchant’s site

Microsoft .NET Passport

Microsoft Passport Wallet comes preinstalled in Internet Explorer 4.0 and higher versions.

All the personal data you enter into your Microsoft Passport, including; your name, address, and credit card information, are encrypted and password-protected.

Passport consists of four integrated services: Passport single sign-in service, Passport Wallet Service, Kids Passport service, and public profiles.

The W3C Proposed Standard

The W3C Electronic Commerce Interest Group (ECIG) developed a set of standards called the the Common Markup for Micropayment Per-Fee-Links.

This standard identifies existing system micropayment types of online connections, stored-value systems, and combined online-offline systems.

04/13/23 105

Q&A

Thank You……………………….