Part IX: ePayment

2

Learning Targets

• What are the electronic means of payment?

• What is the difference between pico-, micro- and macro-payment?

• How can we classify the e-payment systems?

• How can secure transactions be implemented?

3

The Definition of Electronic Payment

• E-payment consists of services for the process of paying over an electronic network including:

- Pico-payments (amounts from a fraction of a cent up to 1 Euro)

- Micro-payments (payments between 1 and 30 Euros)

- Macro-payments (amounts from 30 Euros up to several thousand Euros)

4

Classification of E-Payment Systems

• Technological concept

- Account based concept (cheques & online accounts)

- Holder-based concept with software (electronic coins)

- Holder-based concept with hardware (credit cards & smart cards)

• Confidentiality and anonymity of the transaction concept

- Anonymous transactions

- Non-anonymous transactions

• Efficiency and range of application

- Pico-payment

- Micro-payment

- Macro-payment

• Scalability

5

Credit Card based Concept

• Instead of just encrypting the credit card information with the Secure Socket Layer method (SSL), these concepts are based on a dedicated organization or software which is responsible for the processing of the payment data.

• Actors of a credit card transaction:

- The card holder as customer

- The merchant who has an installed payment server- The payment server for the communication between acquirer and

seller

- The card issuer (a financial service provider) ensures the seller that the amount to pay is available

- The acquirer processes the payments for the seller (authorized by the issuer)

- The certification center (Secure Electronic Transaction concept, SET) is responsible for the certificates of the customer, the seller and the payment gateway (authentication of the actors)

6

Credit Card based Concept: Paypal

7

Customer’s PC

Merchant: Web-Server with

CashRegister

1. Order

2. Invoice and PayPal Registration Data

8. Delivery

PayPal

Server

4. Send money

5. Information: Money received

6. Accept Payment

7. Information: Payment accepted

Credit Card based Concept: Cyber Cash

8

Customer’s PC

Merchant: Web-Server

with CashRegister

1. Order2. Invoice

3. Payment request9. Delivery

Gateway Server

Bank of the merchant

Bank of the customer

4. Authorization request

8. Validation

6. Authorization

7. Validation5. Decoding of the authorization request

Deposit Card Concept

• Before the buying transaction, the deposit card is charged with an amount of money. Every transaction is debited from the card until the deposit on the card is used up.

• Actors of a deposit card transaction:

- The card holder (customer) can charge the card at special terminals or pay with it (PIN code necessary)

- The bank of the customer holds an account for the card where the charging status and the turn over of the card are stored

- The merchant provides a terminal for the paying transactions of his customers (he has to identify himself to the terminal with a merchant card)

- The bank of the merchant is only involved if paying transaction to the bank account of the merchant are executed

- The charging terminal

- The evidence center is an interface for all payment transactions

9

Deposit Card Concept: CASH

10

CustomerMerchant:

CASH Terminal

Pays with

Goods

EUROPAY CASH-Pool

Charging Terminal

Reimbursement requestCharging

Bank of the merchant

Charging status Reimbursement

CASH Chip(no PIN code)

card

Electronic Money Concept

• Electronic money systems are very similar to real money in cash. It has the same properties like anonymity and the splitting in value units.

• The coinage process:

11

Customer Customer’s

Bank

12

3

56321

Electronic Money Concept: eCash

12

Customer Retailer (Server)

Bank Server

Customer’sCyber-wallet

Merchant’sCyber-wallet

1. Order

10. Delivery

2. Payment request

9. Confirmation5. Confirmationor rejection

4. Transaction report

9. Confirmation3. Payment request6. Payment

8. Confirmation or rejection

7. Online validation

0.B Verified coins0.A Blank

coins

Electronic Money Concept: eCash

13

Bank Server

Customer’sCyber-wallet

Merchant’sCyber-wallet

2. Payment request3. Payment6. Delivery

1. Order

4. Presentation for collection 5. Exchange for new

coins

Billing Concept

• The billing concept is different from cash oriented or deposit oriented systems. It’s flexibility allows to create different systems for billing and accounting. The main principle of this concept is based on the separation of the payment process in to levels:

- On one level, the accounting system just creates an account posting for each payment transaction in the operators account

- On the payment level, the operator balances the accounts of all participants regularly by credit transfer or direct debiting

• The billing system is known from telecommunications service providers. The phone companies book every call unit in the customers account. And every month, the system creates an invoice request for each customer.

14

Billing Concept: MilliCent

15

Web-Browser

HTTP access & payment with SCRIPWeb-Server

Broker

Soft-Goods & change

�Euro

Scrip License

�Euro

Debit Advice Concept

• With this concept, the merchant (who has proved his creditworthiness over a long period of time) has the possibility to debit the necessary amount of money directly from the account of the corresponding customer. But normally the merchant needs a written agreement from his customer to execute these transactions.

• Therefore, most of the debit advice transactions are not executed directly between the customer and the merchant. A third party acts as a proxy for the merchant and processes the transactions.

16

Debit Advice Concept: Electronic Direct Debit

(EDD), Germany

• The EDD company creates a so called Data-Carrier-Set (DCS). The DCS has standardized format for the transmission of a debit advice.

• The EDD server sends a report to the merchant, so he can deliver his goods & services to the customer.

• Then the DCS is transmitted to the merchant’s bank and the buyer gets an confirmation for his payment transaction. A EDD payment is done in about 15 sec.

17

Mobile Payment

• A new way to pay for services is using mobile devices like cellphones or Personal Digital Assistants (PDAs).

• It is possible to adapt the payment methods for stationary computers on mobile devices.

• However, there are new payment methods created that work only with cellphones. The most famous one is Pay-box, which provided a complete solution for mobile Payment.

• In January 2003, Pay-box has closed it‘s service in Germany „due to the very slow development of the m-payment market“.

18

Mobile Payment: Pay-box

19

Customer

Merchant: web-server, reg. Pay-box

account

1. Order with Pay-box Registration Nr.

6. Goods

2. Send Merchant Nr. and Customer Nr. And amount

Pay-box server

3. Calls Customer on Cellphone 5. Payment

confirmation

4. Authorization

Security: Secure Socket Layer (SSL)

20

CustomerMerchant:

web-server with payment

server

1. Order2. Payment request & ...<java applet>...

6. HTTP request & confirmation

5. HTTP request & confirmation

Gateway server

SSL

4. Transmission of the payment information3. Loading of

the payment applet (java)

Security: Secure Electronic Transaction (SET)

21

Customer

Merchant: web-server

with payment server

1. PurchaseInitRequest2. PurchaseInitResponse

3. PurchaseRequest Kpublic,Merchant (order information) Kpublic,Payment Gateway (payment information)

5. AuthResponse

Payment Gateway

4. AuthRequest Kpublic,Payment Gateway

(payment information)

6. PurchaseResponse

Security: SET “Dual Signature”

22

Customer message to merchant

Kprivate,Customer

Customer message to

bank

MDigest1

(hash)

MDigest2

(hash)

MDigest3

(hash)

00111100110101010111

00111100110101010111

Kpublic,BankKpublic,Merchant

Security: SET Certificates

2324

Customer

Merchant: web-server

with payment server

1. PurchaseInitRequest2. PurchaseInitResponse

3. PurchaseRequest PubKmerchant(order information) PubKPG (payment information)

5. AuthResponse

Payment Gateway

4. AuthRequest PubKPG (payment information)

6. PurchaseResponse

CertPG

CertMerchant

CertMerchant

CertCustomer

CertCustomer

CertPG

Trust Center

Economic Efficiency of E-Payment Concepts

24

Economic Efficiency of E-Payment Concepts

25

0

0.38

0.75

1.13

1.50

Internet PC Banking Cash Automat Phone Bank

1.07

0.52

0.27

0.020.01

Tran

sact

ion

Cost

s in

USD

E-Payment: Literature on the Internet

• Mobile Payment Forum White Paper: Enabling Secure, Interoperable, and User-friendly Mobile Payments (http://www.mobilepaymentforum.org/pdfs/mpf_whitepaper.pdf)

• Institute for eCommerce, E-PaymentLinks, available at: http://euro.ecom.cmu.edu/resources/elibrary/epaylinks.shtml

26