evolution of electronic payment

8/14/2019 Evolution of Electronic Payment

1/16

Electronic Payment Protocol

By Prof T.R. VAIDYANATHAN


2/16

Many developing countries are still cash-based

economies. Cash is the preferred mode of paymentnot only on account of security but also because ofanonymity, which is useful for tax evasion purposesor kee in secret what ones mone is ein s ent

on. For other countries, security concerns have a lotto do with a lack of a legal framework foradjudicating fraud and the uncertainty of the legallimit on the liability associated with a lost or stolencredit card.


3/16

In sum, among the relevant issues that need to beresolved with respect to EPS are: consumer

protection from fraud through efficiency in record-keeping; transaction privacy and safety,competitive payment services to ensure equalaccess to all consumers, and the right to choice of

institutions and payment methods. Legalframeworks in developing countries should alsobegin to recognize electronic transactions andpayment schemes.

Therefore, secured payment transaction system iscritical to e-commerce


4/16

There are two common standards used forsecure e-payment Secure Socket Layer (SSL)

and Secure Electronic Transactions (SET) aretwo major players in the secured paymenttransaction market.

, -cryptography for encryption andauthentication, but SSL and SET are verydifferent protocols to approach payment

transactions security.


5/16

SSL provides the secured connection for paymenttransaction between customers and merchants. It is moresecure than phone and postal mail delivery. But the

security ends at the merchants site. It does not keep the credit card numbers after the

transaction is completed.

,

for transmitting private documents via the Internet. SSLuses a cryptographic system that uses two keys to encryptdata a public key known to everyone and a private orsecret key known only to the recipient of the message.Both Netscape Navigator and Internet Explorer supportSSL, and many Web sites use the protocol to obtainconfidential user information, such as credit cardnumbers. By convention, URLs that require an SSLconnection start with https: instead of http:


6/16

SSL is a secured socket layer between HTTPand TCP on a web server. It is a transport layer

security protocol. It provides a simpleencrypted connection between the clientscomputer and merchants server over Internet.

merchants server with its digital certificatefrom a certificate authority.

This is a secured connection for cyber shoppers

to send payment information to e-tailors webshop. It can be used as a simple order formincluding payment information on the web


7/16

Currently, the fast growing internet consumercommerce is mainly based on accepting credit cardover SSL. One of the reasons for the growth in thisdirection is that SSL provides secured connection withdata encryption, server authentication and messageintegrity between two computers over the internet.

and server computer exchange a brief burst ofmessages. In other words, SSLs only role is to encryptand decrypt the message stream.

In these messages, they agree upon the level of securitythey will use to exchange digital certificates andperform other tasks. Each computer unfailinglyidentifies the other


8/16

SECURE SOCKET LAYER(SSL)

TCP based application protocol (HTTP, SMTP, FTP, TELNET)

INTERNET PROTOCOL (IP)

Figure 1 SSL between application protocols and TCP/IP


9/16

The main objectives for SSL are:

Authenticating the client and server to each other:the SSL protocol supports the use of standard keycryptographic techniques (public key encryption)to authenticate the communicating parties to each

.consists in authenticating the service client on thebasis of a certificate, SSL may also use the samemethods to authenticate the client.

Ensuring data integrity: during a session, datacannot be either intentionally or unintentionallytampered with.


10/16

Securing data privacy: data in transportbetween the client and the server must be

protected from interception and be readableonly by the intended recipient.

This prerequisite is necessary for both the data

traffic during negotiations) and the applicationdata that is sent during the session itself.


11/16

Another protocol for transmitting data securely over the WorldWide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secureconnection between a client and a server, over which any amount

of data can be sent securely, S-HTTP is designed to transmitindividual messages securely. Secure HTTP is a more comprehensive security package that

includes authentication of the clients identity by the serverthrough digital signature verification and other features.

Secure HTTP, owever, on y wor s wit transactons t at use t eHTTP transfer protocol. SSL and S-HTTP, therefore, can be seen as complementary rather

than competing technologies. Both protocols have been approvedby the Internet Engineering Task Force (IETF) as a standard.


12/16

Secure Electronic Transactions (SET) SET is messaging protocol designed by VISA and

MasterCard for security Credit card transactionsover open networks, such as the Internet.

Secure Electronic Transaction (SET) was astandard protocol for securing credit card

, ,

the Internet. SET was not itself a payment system,but rather a set of security protocols and formatsthat enables users to employ the existing creditcard payment infrastructure on an open network

in a secure fashion


13/16

SET allowed parties to cryptographically identifythemselves to each other and exchangeinformation securely. SET used a blindingalgorithm that, in effect, would have let merchantssubstitute a certificate for a user's credit-card

. ,

would never have had to know the credit-cardnumbers being sent from the buyer, which wouldhave provided verified good payment butprotected customers and credit companies from

fraud.


14/16

In the SET protocol, a transaction has three players the customer, the merchant, and the merchants bank.SET protocol has three principal features as listed inthe following.

All sensitive information sent within the three parties

are encryp e All three parties are required to authenticate

themselves with certificates from the SET certificateauthority

The merchant never sees the customers card numberin plain text(It is more secure in e-commerce)


15/16

Key features

To meet the business requirements, SETincorporates the following features:

Confidentialit of information

Integrity of data

Cardholder account authentication

Merchant authentication


16/16

Participants

A SET system includes the following

participants: Cardholder

Merchant

Issuer Acquirer

Payment gateway

Certification authority

evolution of electronic payment

Documents