Account Based Payment

Account-Based Electronic Payment Systems
Speaker: J erry Gao Ph.D.

San J ose State University
email: jerrygao@email.sjsu.edu
URL: http://www.engr.sjsu.edu/gaojerry
Sept., 2000
Topic: Account-Based Electronic Payment Systems
- I ntroduction to Credit Card-Based Payment Systems
- Credit-Card based electronic payment systems
- First Virtual
- CyberCash
- Set
- Electronic check payment systems
- FSTC
- NetBill
- Comparisons and summary
J erry Gao Ph.D. 5/20000
Presentation Outline
All Rights Reserved
Credit Card payment schemes have been in use as a payment methodsince 1960s.
There are two major international brands: VI SA and MasterCard
About VI SA:
- The VI SA brand grew from a scheme launched by the Bank of America, which
was subsequently licensed by Barclaycard in the United Kingdom in 1966.
- By the middle of 1995, VI SA owned by its 180,000 member financial institutions,
had issued more than 420 million cards and is accepted by more than 12 million
merchants in 247 countries.
About MasterCard:
- MasterCard is of comparable size with 13 million merchants in 220 countries
and 22,000 member organizations.
- More than 800 million cards issued and nearly $1,300 billion of sales each year.
I ntroduction To Credit Card-Based Payment Systems
Different types of payment card schemes:
(A) Credit cards, where payments are set against a special-purpose account
associated with some form of installment-based repayment scheme or a revolving
line of credit.
- pay later with limit and interest rate.
(B) Debit cards (paperless checks) are linked to a checking/saving account.
- pay now with balance checking.
(C)Charge cards: work in a similar way to credit cards in that payments are set
against a special-purpose account.
- payment must be made at the end of billing period without limit.
(D) Travel and entertainment cards are charge cards whose usage is linked to
airlines, hotels, restaurants, car rental companies, or particular retail outlets.
Card Association
Card I ssuers Bank
Card Acquirers Bank
Merchant CardHolder
Payment Model:
Region
--------------------------------------------------------------------------------------------------------
U.S. 358.4 228.1 202.4 174
Europe 262.4 81.2 not available 53.5
Asia-Pacific 91.6 73 116.2 72.5
Canada 36.8 18.6 not available not available
Middle East 5.6 2.3 5.5 2
Africa
Latin America 23.6 21.4 19.1 21.2
Totals 778.4 424.7 470 338.7
VI SA (total $1248.4B sales)
-----------------------------------------------
Sales Volume No. of
billions of $(U.S.) Cards (millions)
MasterCard (763.4 million cards)
--------------------------------------------
Sales Volume No. of
billions of $(U.S.) Cards (millions)
Topic: Electronic Cash Payment Protocols and Systems
Special Features of Credit Card-Based Electronic Payment Systems
- Online Transaction.
- Anonymity: This ensure that no detailed cash transactions for customer
are traceable. Even sellers do not know the identity of
customers involved in the purchases
- Security: High security and low risk due to the use of traditional
banking system and user accounts.
- Standardization: Use of the existing standardized payment model
- Flexibility: consumers can have multiple cards used in different
countries and concurrency
- All transactions can be easily traced by banking system and merchants.
Topic: Electronic Check Payment Protocols and Systems
Limitations:
- Dependency: dependent on existing banking systems.
- Transaction cost: high transaction cost compared with other approaches
- Performance: slower performance due to the authentication and
account validation using the existing banking systems
- Privacy: consumer loss of the privacy of their transactions
Special Features of Credit Card-Based Electronic Payment Systems
Topic: Account-based Electronic Payment Systems
About First Virtual:
- First Virtual was the first Credit Card Processing System started in Oct. 1994 by a
company called First Virtual Holding.
-The product is called Virtual PI N.
- The major goal is to allow the selling of low value informationitems across the
network without the need of a client software or hardware to be in place.
- Both the merchant and the buyers are required to register with First Virtual before
any transactions can take place.
- First Virtual depends on the conventional bank automated clearing house (ACH)
service.
- First Virtual use WWW web server to support online purchasing and selling.
- Security method: VirtualPI N are used to verify accounts of merchants and buyers.
Credit Card-Based Electronic Payment System: First Virtual
Web Server
First Virtual I nternet
Payment System Server
Buyer
1. Account I D
4. I nformation
Goods
2. Account I D Valid?
3. Account OK!
5. Transaction Details
7. Accept/Reject or
Fraud I ndication
6. Satisfied
Buying with First Virtual:
Major advantages of First Virtual:
- Simple due to:
- no use of encryption
- no export problems
- simple exchanges without special software and hardware at the client
side
- server software is not complex
The disadvantages and limitations of First Virtual:
- Both merchants and buyers must pre-register.
- No encryption mechanisms are used.
History of SET:
- I n October 1995, the Secure Electronic Payment Protocol (SEPP) was proposed by
the alliance of MasterCard, Netscape Corp, I BM, and others.
- After a few days, a different network payment specification, called Secure
Transaction Technology (STT) was launched by a VI SA and Microsoft consortium.
- Both efforts were made in parallel to develop secure payment protocols and
technologies for a number of months.
- I n J anuary 1996, both companies announced that they would come together to
develop a unified system -- a secure I nternet payment system based on Secure
Electronic Transitions (SET) protocol.
- I t is developed by Visa and MasterCard jointly later.
- Later, most significant organizations in the I nternet payment industry have stated
that they will support SET.
Credit Card-Based Electronic Payment System: Set
Phases of a credit card payment addressed by SET standards:
Financial Network
Card I ssuer
Card Holder Merchant
Payment
Gateway
Non-Set
Non-Set
Set
Set
Set Transaction Processing Layer
(E-Wallet,Digital Certificate)
Application Layer
I nternet Protocol Layer
HTTP, SMTP SSL, X.509
Set Transport and Secure Sockets Layer
Set Message Structure Layer
SET Protocol Layered Architecture:
Certificate
Authority
Certificate
Authority
Payment
Gateway
Payment
Gateway
Cardholder Merchant
Purchasing
Transaction
s
Certify with CA
for Digital
Certificate
Validates SET Digital
Certificates, preprocesses,
authorization, capture,
and settlement work
SET Process Architecture:
E-Wallet SET POS
Certify with CA for
Digital Certificate
Certify with
CA for Digital
Certificate
Wakeup
Wakeup
Store Front
Certificate
Authority
E-Wallet SET
POS
Payment
Gateway
Browser
Merchant
Server
Acquirer
Legacy
System
Bank
Interchange
CertReq
CertReq
CertRes CertRes
PInitReq
PInitRes
PReq
PRes
AuthReq
AuthRes
CapReq
CapRes
Wakeup
CertReq
CertRes
Post
HTTP
Page
Message
Details
Wakeup
AuthRes AuthReq
Shop
wakeup
Interactions among all SET entities:
Cardholder
Cardholder
Merchant
Merchant Acquirer Payment
Gateway
Acquirer Payment
Gateway
PWakeup
PI nitReq
PI nitRes
PReq
PRes AuthReq
AuthRes
I nqReq
I nqRes
CapReq
CapRes
Sequence of SET message pairs:
The messages needed to perform a complete purchase transaction include:
Initialization (PInitReq/PInitRes)
Purchase order (PReq/Pres)
Authorization (AuthReq/AuthRes)
Capture of payment (CapReq/CapRes)
Cardholder inquiry (InqReq/InqRes)
Security mechanism in SET:
Certification for all parties, including
Cardholder CA, Merchant CA, and Payment CA.
Authentication for parties based on a public-key pair with RSA.
Encryption is performed on parts of certain messages.
Dual signatures are used in the SET protocol.
Brand Certification Authority
Geo-Political Authority (optional)
Root
Certification Authority
Cardholder
CA
Cardholder
Merchant
CA
Merchant
Payment
CA
Payment
Gateway
About CyberCash:
- CyberCash is a secure I nternet payment system developed byCyberCash, I nc., which
is located at Reston, VA, USA, and it was found in August 1994 to provide software
and service solutions for secure financial transactions over theI nternet.
- CyberCash uses special wallet software, enable consumers to make secure purchases
using major credit cards from CyberCash-affiliated merchants.
- theCyberCashpayment system was launched in April 1995. I t had over half a
million copies in circulation.
- CyberCash has other payment systems, such as CyberCoin (electronic cash system)
and PayNow (electronic check system).
Credit Card-Based Electronic Payment System: CyberCash
Features of CyberCash:
- Use the existing credit card infrastructure for settlement payments.
- Use cryptographic techniques to protect the transaction data during a purchase.
- Authenticate the identifies of both parties to the transaction.
- Provide online transaction and online authentication.
- Broker the transaction between merchants bank and cardholdersbank.
Topic: Account-Based Payment Protocols and Systems
Web Browser
Customer
Wallet
Web Server
Merchant
Software
CyberCash
Server
Shopping
Purchase
Purchase messages Registration
Card binding
Banking
Network
I nternet
CyberCash Payment Model
Payment Steps in aCyberCashPurchase
Consumer
Cybercash
Server (CS)
Merchant
Click PAY
order
form
forward
details
issue
receipt
authorize
+clear
with bank
Credit-card pay
Payment-req
Charge-card-res
auth-capture
charge-action-res
Finish
shopping
Choose
CC, addr
log
transaction
Header Transport Trailer Opaque
CyberCashMessages:
Header: I t indicates the start of a CyberCashmessage.
Transport: I t contains the order information in a purchase, transaction I D, date,
and the key I D to the encrypt the opaque part.
Opaque: The encrypted part of a message.
Trailer: the end of aCyberCashmessage.
Topic:Elect ronicCheck Payment Protocols and Systems
Overview of NetBill:
- NetBill is a dependable, secure and economical payment method for purchasing
digital goods and services through the I nternet.
- NetBill protocol is developed by Carnegie Mellon University.
- I n partnership with Visa I nternational and MellonBank, the first trial of the system
was installed in early 1996.
Major goals of NetBill:
- Support high transaction volumes at low cost
- Provide authentication, privacy, and security for transactions
- Provide account management and administration for consumers andmerchants
Electronic Check Payment System: NetBill
Electronic Check Payment Process: NetBill
NetBill
Server
Customer Merchant
Bank
Network
1. Consumers application send a price quote request to the merchants application
through a checkbook library.
2. Merchants application sends back the price quote the consumers application.
3. Consumer accepts the price quote, and then sends a purchase request through the
Checkbook library.
4. Merchants application sends to the consumers Checkbook encrypted in a one-
time key.
5.Consumer sends a electronic payment order (EPO) to merchants application.
6. The merchants application sends the endorsed EPO to the NetBill server.
7. NetBill server verifies that the consumer and merchant signatures are valid. Then,
return the merchant a digitally signed receipt with a decryptionkey.
8. The merchants application forward the NetBill servers receipt to the Check book.
NetBill
Server
Customer Merchant
1
2
3
4
8
6
7 5
NetBill Archecture: (Source: NetBill 1994 Prototype)
Consumer
Application
Checkbook
Merchant
Application
Till
User Admin.
Server
Transaction
Server
Security
Server
System Admin.
Server
Payment &
Collection Server
DB
Major features of NetBill:
- Certified delivery: delivering encrypted information goods and then charging
against the consumers NetBill account. Then, decryption key registration are used at
both the merchants application and the NetBill server.
- Scalability: the bottleneck in the NetBill model is the NetBill Server which supports
many different merchants.
- Support for flexible pricing: by including the steps of offer and acceptance. The
merchant can calculate a customized quote for individual consumer.
- Protection of consumer accounts against unscrupulous merchants in a conventional
credit card transaction.
Security Mechanisms of NetBill:
- Create a NetBill account for each consumer by using a unique user I D and the RSA
public key.
- the key pair is certified by NetBill and is used for signatures and authentication in
the system.
-These signatures are used to check the elements of NetBill transactions (the price
quote, the acceptance, etc) really came from the right parties.
- NetBill uses symmetric cryptogrphy method for message authentication and
encryption and decryption.
Topic:Elect ronicCheck Payment Protocols and Systems
Overview of FSTC:
- The Financial Service Technology Consortium (FSTC) is a group of American
Banks, research agencies, and government organizations, formed in 1995.
- The basic concepts is use electronic checks to conduct payment transactions.
- I n Sept. 1995, a demonstration of the FSTC electronic check concept was given that
involved a purchase of an item from a merchant site on the I nternet.
- the FSTC payment system uses:
- electronic checks to transfer and moves funds from the buyers bank
account to the merchants bank account based on a conventional ACH
network.
- a secure hardware device, called a Smart Token, is used to play as
a checkbook. I t takes the form of a PC card with an in-built
cryptographic support processor..
Electronic Check Payment System: FSTC
Topic:Electronic Check Payment Protocols and Systems
Electronic Check Payment System: FSTC
payer Payee
Secure H/W
Debit Account
Credit Account
ACH Check Clearing
Checkbook
(secure H/W)
Secure envelope
invoice
E-mail
Statement
Secure envelope
Certs Sig Check
Electronic check
Certs
endorsement
certs
sig
check
Topic:Electronic Check Payment Protocols and Systems
Electronic Check Payment System: FSTCsFunctional Flows
payer Payee
write endorse
Payers
Bank
Payees
Bank
debit credit
1. pay
5. statement 2. deposit 4. report
3.clear
payer Payee
write
Payers
Bank
Payees
Bank
debit Endorse & credit
1. pay
4. statement
3.accounts
receivable
update
2.clear
payer Payee
write endorse
Payers
Bank
Payees
Bank
debit credit
1. pay
6. statement
2.cash
5. report
4.EFT
payer Payee
write
Payers
Bank
Payees
Bank
debit credit
1. pay
5. statement
3. Accounts
Receivable
update
2.EFT
3.notify
Deposit-and-clear scenario Cash-and-transfer scenario
Lockbox scenario Fund transfer scenario

Account Based Payment

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Account Based Payment

Uploaded by

Copyright:

Available Formats

Account-Based Electronic Payment Systems

Speaker: J erry Gao Ph.D.

You might also like