3

• Aqib Farooq• Kunal Bhatt

4

5

• Is a system that permits online payment between parties using an electronic surrogate of a financial tender

• The electronic surrogate is backed by financial institutions and/or trusted intermediaries

• The intent is to act as an alternative form of payment to the physical cash, cheque or other financial tender

6

New ePayment Solutions

Security Infrastrucur

e

Business

Realities

Authentication Models

Spa

Customer Profiles

Payment Types

7

Defined as the medium in which the value is recognised in a payment transaction

Card-based such as

Credit and charge cards ○ buy now, pay later

Debit cards ○ buy now, pay now

Cash cards, stored-valued, e-cash ○ buy now, prepaid or pay before

8

Most widely used banks able to leverage existing card

infrastructureappears ‘defacto’ online payment

Largely unencrypted‘card-not-present’ transactions processed

without customer & merchant authentication Charge back risk for merchants

charge-back is when customer demands a refund

banks transfer liabilities of charge-backs to the merchants

merchants need to have a bond to cover such charges

9

• Direct electronic transfer of account - direct account debiting

• Uses chip/smart eWallets

• Digital signature to secure access

• Connected to eBanking solution

10

• A system of purchasing cash and storing the credits in consumer’s computer

• Computerised stored value is used as a form of cash to be spent in small increments

• A third party is involved in the payment transactions

• Examples: Beenz, Billpoint, Paypal

11

• Payment solution on a proprietary protocol that allows payment over the Internet

• A digital/virtual wallet with prepaid credit-based/token-based payment system

• Enables low-value electronic payments on the Internet

• Limited distribution, proprietary solutions

• Needs to install card reader and download free eWallet

12

• A formatted email message that consists of payee name, amount, payment date, payer’s account number, and payer’s bank

• Digital certificate and signature are used to secure the cheque so that the contents are not tampered with

• A signed electronic cheque is exchanged between the parties’ financial institutions through automated clearing house

13

Internet

Private network

Internet

Bank network

•Use of stolen card

•Credit card number or password stolen from computer

•Unauthorised access

• Information modified in transit

•Payment info stolen from merchant

•Masquerading as legitimate merchant

•Key info stolen by merchant staff

• Information modified in transit

• Information stolen

Buyer

MerchantPayment gateway

14

• The Trust Principle

– The parties to the transaction must trust each other

– Buyer must believe that seller is legitimate and will deliver the goods

– Buyer must believe that goods are as represented and are worth the price

– Seller must believe that buyer is legitimate and will pay for the goods purchased

15

• The Security Principle

– Parties need a secure environment in which to conduct the electronic transactions

– Seller needs to protect the details of the transactions

– Buyer needs to be certain that his/her information is securely handled and stored

– Buyer needs to be certain that information is not stolen that it can be inappropriately used

16

Identification and authenticatethe ability to verify both the transacting parties

Authorisationthe ability to validate the rightful owner to the transaction

Integrity and confidentialitythe ability to transmit the transaction securelythe ability to store the transaction properly

AccountabilityThe ability to provide audit trail as evidence in dispute

Policies for sharing risks and liabilitiesthe mechanism to settle disputes/non-repudiation

17

• Protocol by Visa and MasterCard released in 1996

• 3 party system - cardholder, merchant and bank using SET-enabled systems

• Uses digital certificate to ensure cardholder is who he/she says he/she is or claims to be

• Credit card details are invisible to merchants, protected by encryption for clearing bank

18

Buyer

Issu

ing B

ank M

erchant

Acqui

ring

Bank

Visa/Mastercard

Bills buyerPays bank

Orders goods

Deliver goods

Reimburses merchant

Voucher to Acquiring Bank

Transaction voucher to Issuing Bank

Issuing Bank pays Visa / Mastercard

Sends transaction voucher to Visa / Mastercard

Visa / Mastercard reimburses Acquiring Bank

1

2 745

3

6

8

9

19

• SPA is an authenticated payment system that involves participation of the cardholder, cardholder’s issuer, and merchant

• Cardholder needs authentication mechanism from the issuer such as a browser plug-in or an electronic wallet in their computers

• Merchants needs plug-in from the acquirer in shopping cart to carry hidden fields of transaction-specific information which can be checked with the security token…..

20

21