E-Commerce:

1
E-Commerce Fundamentals and Applications
Chapter 10 Internet Payment Systems
2
Outline

• Features of payment methods
• 4 Cs payment methods
• Credit card payment
• E-cash
• E-check
• Micropayment Millicent and Paywords
• Smart card payment

3
Comparison of the 4Cs Payment Methods
4
Credit card payment

• Most popular payment method
• Especially for B2C e-commerce
• 1st generation No protection, only provide
  credit card number for processing
• 2nd generation SSL for protecting the transfer
  of credit card information
• 3rd generation SET for secure credit card
  authorization
• 4th generation Portable smart cards?

5
SET Seven business requirements (according to
SET Book 1)

• Provide confidentiality of payment information
• Ensure the integrity of all transmitted data
• Provide cardholders authentication
• Provide merchants authentication
• Ensure the use of the best security practices and
  system design techniques
• Create a protocol that is independent on the
  transport layer protocol
• Facilitate interoperability
• (Please read Book 1 Business Description at
  http//www.setco.org/download.html/spec)

6
Network Architecture of SET System
7
Digital Certificate System for SET
8
Steps in Generation of a Dual Signature
Reference W. Stallings, Cryptography and Network
Security, Prentice Hall, 1999.
9
Generation of a Digital Envelope
M
10
General SET Information Flow
(1) Purchase initialization request
Acquirer (Payment Gateway)
Merchant

Acquirer (Payment Gateway)
(5) Authorization request
(2) Purchase initialization response
Cardholder
(6) Authorization response
(3) Purchase request
(7) Capture request
(4) Purchase response
Inquiry request (optional)
(8) Capture response
Inquiry response (optional)
11
E-check

• Lets say the content of a check is C which
  includes the payment amount and other
  information.
• The check is signed by finding the message digest
  of C and then encrypting it with the payers
  private key.
• The check together with the digital signature is
  forwarded to the payee.
• The payee sends the check to the bank for check
  clearing through the existing procedures.
• The bank verifies the digital signature of the
  check using payers public key.
• Find out more from www.echeck.org/
• In particular, please read http//www.echeck.org/l
  ibrary/wp/ArchitectualOverview.pdf

12
Four Different Scenarios of the FSTC E-check
System
13
Overview of E-cash

• What are the two distinctive characteristics for
  cash?
• Anonymity and transferability
• Ecash was developed by DigiCash and is now
  provided by ecashtechnologies (http//www.ecashtec
  hnologies.com)
• Its founder David Chaum is a well known expert in
  the area of digital cash.
• Ecash allows anonymous and secure electronic cash
  payment over the Internet.
• Since 1995, Mark Twain bank (USA) has been
  providing Ecash services.
• Ecash is based on an innovative blind signature
  method.

14
Basic Operation of E-cash system
15
Micropayment methods

• Traditional payment methods are called
  macropayment methods.
• A new type of payment method known as
  micropayment method is emerging to cater for very
  low value transactions.
• Example
• Millicent (pre-payment/credit based)
• Paywords (post-payment)

16
Basic Operation of Millicent Protocol
? Check for the validity of the scrips and
whether they have been spent from the database
17
Basic Operation of Payword Protocol
18
Schematic overview of a smart card
19
Example Mondex

• Direct transfer of electronic money between two
  cards
• Transfer of electronic money over the Internet or
  telephone networks etc.
• Keep transaction records
• Password protection and lock card functions
• Portable balance finder to check balance
• Support multiple currencies