government payment gateway - korean pg for e-government case study 2007. 5. 24 chang-kang seol isgeg
TRANSCRIPT
Index
1.Background of e-Commerce market
2.Key Issues
3.PG (“BankPay”) service for e-Gov in Korea
• Briefs on BankPay
• Operational Feature
• Technical Feature
• Security
• Customer Protection
4.Conclusion
Background of e-Commerce market in Korea- Historical background
1. Market Needs for e-Payment, security technology from internet shopping mall in late 1990’s
2. Starting the online bank transfer of Dacom (private co) through X.25 in 1997
3. Establishing PG (“Bankpay”) for the safe public e-Payment in 2000
4. Resulting in growth of e-Commerce in 2000’s
Payment Gateway
SecurityMulti
e-PaymentSolutions
Stability &Easiness
Internet Shopping Mall, CPs etc.
Sales Increase
StableOperationof Shop
CostEffective-
ness
Growth of e-Commerce
+
Legal & policy support(Korean Government Support)
- Market background
1. Continuous growth of e-Commerce market
2. About 100 in 2002 then now about 50 PG companies with 5 majors of which M/S is over 80%- Inisys, Cyber Payment, Dacom, KCC, Bankpay
3. Competitive market
4. Trend for Users to move into major PGs based on security and low costs
▣ Trend of e-Commerce Transaction (Unit : USD Mil)Year 2001 2002 2003 2004 2005 2006
e-Commerce Transaction 118,976 177,809 235,025 314,079 358,451 413,585
(Growth Ratio) 49% 32% 34% 14% 15%
B2B 108,941 155,707 206,854 279,399 319,202 366,191
B2G 7,037 16,632 21,634 27,349 29,036 34,436
B2C 2,580 5,043 6,095 6,443 7,921 9,132
Etc. 418 427 442 888 2,292 3,826
* Source : Korea National Statistical Office
* Source : Bank of Korea “Trend of Payment System” 2005. 4.
Electronic based Payment Paper based Payment
▣ Trend of e-Payment System (Electronic based payment) Movement from paper based payment into electronic based payment * Electronic based payment : payment through data transfer using ICT infra
[No. of transaction] [Amount]
- Legal background for e-Commerce
Purpose• To define off-line financial transaction
• To regulate legal relation in Off-Line Financial Transaction
Feature (2002.3)• To position PG as a legal entity
• To define regulation on PG
• To secure On-Line credit card transaction
Specialized Credit Financial Business
Act Purpose• To create institutional basis for customer protection
• To secure stable transaction for e-Commerce
Feature• To establish protection device from consumer damage
• To introduce insurance to protect consumer damage form e- Commerce
e-CommerceConsumer
Protection Act Purpose• To grant Financial Supervisory Service to supervise PG
• To regulate security
Feature• To supervise PG
• To regulate PG for its sound transaction
•To oblige PG to secure information
Regulation for Supervision on
Banking Institutions
Purpose• To define the electric financial transaction
• To regulate legal relation in FET
Feature• Enforcing Biz registration on PG
• To set up the clear legal structure
• To secure customer using EFT
• To regulate & supervise healthy development of EFT
Electronic FinanceTransaction Act
1997.8 2002.32000.12 2006.1
Key Issues in Korea - Protection from customer damage (Identification/Reparation)
▣ Legal Risk - Who will identify the faults and take the responsibility of reparation from the
damage
▣ Operational Risk - Network hacking, system down
▣ Settlement Risk - Bankrupt
- Operational Issue
▣ Operation by Government
▣ Operation by Private Companies
- Security Standard Issue ▣ Network Security
• Encryption TechnologySymmetric or Asymmetric Algorism (Public Key Algorism)Message Digest (Hash Function) / Electrical Signature (Private Key)SSL (Secure Socket Layer) / SET (Secure Electronic Transaction)
• Authentication by third party
▣ Host System Security
• Firewall• Intrusion Detection System
BankPay (PG of Korean Government)
ServiceArea
e-PaymentMethod
Feature
Service for Payment Gateway to government organizations & private commercial operators- Credit Card, Bank Fund Transfer & K-Cash
Featured by Most Banks’ Participation, Real Time Transaction & Low Cost
Service for most of public organization as e-Procurement, Land Titling, G4C etc. and for commercial entities as on-line shop, internet auction, tuition fee etc.
Establishment
Founded by Korea Financial Telecommunications & Clearings Institute (KFTCI), incorporated association chaired by the Bank of Korea established in 2000
Sales Increase2001 2002 2003 2004 2005
Sales 4 52 75 109 230
(Unit : U$ Mil)
* Source from KFTC 2006
Bank Association
Operational Structure
KFTC(IncorporatedAssociation)
CMS / Giro EDI
BankPay(PG)
Bank B2BCard VAN
K-CashUBI
(Mobile Pay)
CDN/W
IFTN/W
HOFINET
K-CashN/W
BankLine
CheckClearing
PaperGiro
ElectricGiro
InternetGiro
Bank of Korea(Chair)
Regular Member(12 Banks)
Associate Member(10 Banks)
Financial SupervisoryService
: Inter Bank Fund Transfer
: Inter Bank Home/Firm Banking System
Governing
Regulating
Founded by Korea Financial Telecommunications & Clearings Institute (KFTCI), incorporated association chaired by BOK supervised by FSS (Financial Supervisory Service)
Services
Administration N/W Finance N/W Education N/W Defense N/W Police N/W Logistics N/W
Citizens
National Assembly Minutes Publishing
Sys
Internet e-Gov portal / KiosksInternet e-Gov portal / Kiosks
Legislative Information System
Inter-government Intranet: Inter-agency collaborationInter-government Intranet: Inter-agency collaboration
e-Library: Library of National Assembly
National Assembly Session
Broadcasting System
Assembly Information /
Material CommunicationNational Assembly
Operations Support Sys
Government / Agency OfficeGovernment / Agency Office Telephony Contact (Voice/Fax/…)Telephony Contact (Voice/Fax/…)
Business
Civil/Criminal Trial Procedure SystemCourt Knowledge
Management System
Legislative Information System
Electronic Filing System
Standard Human Resources System
National Finance Information System
Integrated Information Infrastructure
Vendors/Suppliers
Intelligent Transportation
System
E-Document Shared Information of Local Government
911 / Police Support System
Election Process Automation
Cadastre Management
Information System
Land Registration and Information
System
Court Session/Decision/Pate
nt/ Auction Information SysIntegrated System
for Social Insurancese-Healthcare:
Hospital Information System
National / Home Tax Service
e-Citizen / Registration & ID
(Family/Employment/...)
u-Logistics Postal Service
e-Education: Magic School and Campuse-Customs and e-Clearance System
e-Procurement
Vehicle and Driver License Service
SystemAutomatic Fare
Collection SystemImmigration Control
System
Services requiring payment solution
►
► ►
►
►
►
► ►
►
►
►
►►
►
- e-Government Framework (Single window for e-Payment)
IT Infra
DB
Service
Public Internet Center
Passport & Immigration
Control
95.12
Business Registration
91.3
Vehicle Registration /Driver License
90.3
Real Estate Management
Information Sys
91.2
e-Citizen / NID(Family/
Employment)
91.1
e-Learning Sys
99.9
e-Gov Portal &Kiosks
02.10
e-Custom e-Clearance
Sys
90.4
e-Procurement Sys
02.9
Integrated Social
Insurance Sys
02.10
e-Tax (National/Home
Tax Service)
00.11
Public Admin &Education N/W
Provision PC& ICT Use Education
Groupware (e-mail/
e-document)
e-GovEA Planning
9187 ~
BankPay(PG)
00.12
Finance N/W
89.12
EstablishmentEstablished in year 2000 for the Public e-payment system in to comply with the market needs due to the rapid growth of the e-Commerce (internet shopping mall) in late 1990’s
Position in e-Payment Market in Korea
Networke-
Cash
BankTrans
ferCreditCard
e-Cash
Traffic
Card
Mobile InternetTelephoneLine(X.25)
Terminal /Kiosk
Mobile PG PG VAN Traffic PG
InfohurbMobilians
Ubi
BankpayDacomInisys, KCPEtc.
KICCNICE
KS-NETEtc.
IntecC&CMYBI
Telecom Companies
FinancialN/W Co.
e-Cash Co.TransportCompanies
Banks / Card Companies
ElectronicPayment
Network
ServiceProvider
RelevantCo.
FinancialInstitutes
Prepaid
Card
SK / KTF / LG Transport Co.
• e-Procurement
• Online appeal
• Content
• Shopping mall
OptimizedSolution
OptimizedSolution
Stable & convenient Internet Payment Service
Suitable/ flexible
payment module
to user platform
User InterfaceUser Interface
Payment service
secured on the
basis of PKI
SecuritySecurity
• Credit Card
• Bank Transfer
• K-Cash
PaymentMethod
PaymentMethod
Challenges of BankPay
System Management• NMS• SMS
Security• Firewall• IDS
Main Server• Payment Gateway• Backup• Internet• DB
PG Solution• e-Payment• Call Center (CTI)
- Technical Components
Technical Feature
- Technical Architecture
BankPayBankPayP/GP/G
e-Gov Portal /Web Server
Wallet
HTML Form
Customer
INTERNET(OpenNetwork)
Web server(eGov)
TXserver
P/Gserver
CCIS
CMS
CARD
BANK
Internet(TCP/IP)
(H/W, S/W)(H/W, S/W)
(S/W)
(N/W)
Technical Feature
- Service related program
PaymentProcess
TX Server
Payment Request
• Communication program between PG with Users• Encrypting Payment Information with e-Signature using Authentication Certificate issued by Certification Agency (“Yessign”)• Providing the most appropriate TX Server in compliance with User platform• Page for Customer to request for payment for products or services Ex) Ordering page of shopping mall• Transfer payment request which is compiled by the Service (Windows NT) or Java Class (Unix) to PG• DB storage after payment processed by PG• Notice final payment result from PG to User with ASP/JSP/CGI Etc.
Wallet
• Payment module on Active-X Control• Installation on Customer’s PC downloaded from BankPay Server• Encrypting Payment Information with e-Signature• Client’s Request to start User’s payment process for payment
PaymentCancellation
RequestCancellation
• Request for cancellation to PG
• Transfer cancellation request which is compiled by the Service (Windows NT) or Java Class (Unix) to PG• DB storage after cancellation processed by PG• Notice final cancellation result from PG to User with ASP/JSP/CGI Etc.
Technical Feature
Customer BankPaye-Gov
- Sequence Diagram
Wallet(Customer
PC)
PaymentProcess
TXServer
PGServer
PaymentRequest
Customer
① Click payment button ② Activating
Wallet Software③ PW / Payment Information
④ Request forPayment
⑥ Encrypting Payment Information(e-Signature)
⑤ Compiling Payment Information
⑦ Result forPayment
⑧ Log storage /PaymentResult
DB
⑨ NoticePaymentResult
⑨ NoticePayment Result
Technical Feature
• Electronic signature using PKI Technique
• Accredited certificate is a certificate issued by YESSIGN, an accredited certification authority pursuant to "Electronic signature Act“.
• Certificate has a series of data which include Subscriber's Electronic signature verification data, Serial numbers, Subscriber's name and the term of validity etc.
Security
- Certificate Agency _ Korea Information Security Agency• Below that, there're 6 accredited certification authorities :
• Korea Financial Telecommunications & Clearings Institute, Koscom Inc., KTNET, National Computerization Agency, Korea Electronic Certificate Authority, Korea Information Certificate Authority Inc.
Security
Contents
No. of Fault Amount (thousand U$)
‘02 ‘03 ‘04 ‘05.7 Total
‘02 ‘03 ‘04 ‘05.7 Total
Bank
Internet Banking 1 - 1 2 4 71 - 3 68 142
Tele banking - 1 5 8 14 - 10 162 262 434
Card Forgery ㆍ Reproduction
4 6 6 - 16 452 66 26 - 544
Program Default - 1 8 2 10 0 0 0 0
CreditCard
Card Forgery ㆍ Reproduction
- 1 - - 1 184 - - 184
Program Default - 1 - - 1 - 0 - - 0
Total 5 10 20 10 46 523 260 191 330 1,304
Source : 2005 Inspection of Administration
▣ Financial Troubles in e-Payment in Korea
- Protection from customer damage
• Identification• Reparation
Customer Protection
Principle of liability
without fault
(Personal user)
Principle of liability with fault (Corporate user)
Simple negligence rule
Contributory negligence rule
Comparative negligence
rule
Liability of identificati
on No Sufferer or harmer Person himself 3rd Party(Court)
Liability of reparation
Sufferer’s counter part
Harmer
Harmer subject to sufferer’s fullness of its
obligation
Balancing
▣ Liability of reparation and identification of responsibility - Electronic Finance Transaction Act (2006) - Apply the principle of liability without fault to personal users and the principle of liability with fault to companies
▣ Main contents of Electronic Finance Transaction Act (2006)
Stability
- Responsibility for financial institutes to compensate the user with the damage arising from forgery/reproduction, fault in data transmission and process - Regulated and supervised by Financial Supervisory Committee and provision of the standard for PKI (Clause 20) Mandatory storage of transaction records for 5 years (Clause 21) Limitation of credit (Clause 22)
Consumer Protection
Damage after notice to loss and theft shall be borne by financial institutes (Clause 9) Protection on user information (Clause 25) Arbitration Clause (Clause 26)
Supervision - GAAP & financial standard (capital structure / asset management / liquidity )(Clause 41)
One windowLegal & policy
Support
KFS for PG for public service
TechnicalSupport
Effectiveness
• Multi e-Payment solutions• Cost & Time Effectiveness
Legal & Policy
• Customer Protection• e-Payment Promotion
ICT
• Easy Access (N/W expansion)• Standard Application (Security)
Conclusion1. Customer Protection backed by Government’s legal & policy
support- Electronic Finance Transaction Act- Promotion e-payment by way of deduction of Tax
2. One window PG for most of the public e-Payment- Cost, time effectiveness
3. Technical Support - Standard technical architecture- Easy access (ICT infrastructure)