Payment Systems in E-Commerce

Lecture 6
 Payment Systems

- In e-commerce there are several payment methods which include credit

card payment, cheque payment, cash payment and smart card (or debit
card) payments.

- The most common payment scheme between individual customers and

merchants is cash, particularly for small value purchases.

- For larger value purchases usually a credit/debit card is the one accepted
by most merchants. If you have a trusted relationship with a merchant he
would normally accept cheque payment. In commercial dealings between
businesses either cheque payments or instructions to banks to transfer
amount due electronically (through Electronic Funds Transfer or
Electronic Clearing System) is employed.
 REQUIREMENTS OF E-PAYMENT SYSTEMS

Essential requirements:

- Payment security which requires that any payment authorization is not

tampered with by a hacker on the Internet.

- Privacy of transaction requires that third parties do not know for what
goods and services one is paying.

- The payment systems integrity should be assured. In other words, once

an agreement is reached between a buyer and a seller neither can go back
on their commitment.

- The customer and the merchant should be able to authenticate one

another. In e-payment there is no physical contact between the two
parties. There is no signed paper, transaction. Thus, establishing mutual
identities is essential.
 REQUIREMENTS OF E-PAYMENT SYSTEMS

Electronic transactions must be designed to satisfy the following:

 Indivisible: Each payment transaction should be either whole or none.

In other words, transactions should not be interrupted in the middle.

 Isolated: Each transaction should be independent of others.

 Agreed: Both parties involved in the transaction should mutually

agree on the terms and conditions.

 Reversible: If after conclusion of a transaction, an error is found or if

it is found that terms and conditions are not fully met, one should be
able to reverse the payment and go to the initial state
 REQUIREMENTS OF E-PAYMENT SYSTEMS

From the point of view of acceptability of a particular payment scheme

for implementation, the following requirements must be satisfied:

• Standardized: The system should be acceptable across computing

platforms. In other words a universally accepted standard should be used
to ensure inter­operability.

• Economical: Transaction cost of each transaction should be minimal.

• Scalable: The system should be able to handle several transactions

simultaneously.
 CREDIT CARD PAYMENT

There are four parties involved in credit card transactions when a customer
visits a shop to buy items. They are:

1.A customer who owns a credit card.

2. A merchant who accepts credit cards (typically a merchant would accept

credit cards of several companies such as Visa, Master card, etc.)

3. A bank which issues credit cards to customers, guarantees payment to

merchants and collects bills from its customers.

4. An acquirer which is normally another bank which establishes an

account with a merchant, validates card information presented by a
merchant and approves sales based on a customer's credit status.
CREDIT CARD PAYMENT
Credit card transactions are carried out as follows:

1.A customer presents a credit card to a merchant after purchasing items from
a store and agreeing to pay the billed amount.
2.The merchant swipes the card using a teleterminal which reads the data
contained in the magnetic strip of the card and enters the transaction amount.
The card data and amount are transmitted to the acquirer via a private
communication line.
3.The acquirer's computer forwards the data to the bank which issued the
card. The bank checks the validity of the card, credit available on the card and
approves transaction provided the card and credit are OK.
4.The acquirer sends approval to merchant. The terminal at the merchant's
premises prints a slip in duplicate approving the sale and the amount charged.
The acquirer also credits the merchant's account with sale amount minus
commission. The acquirer collects the amount from customer's bank.
5.The merchant requests the customer to sign the approval slip, compares the
signature with that in the card and if OK delivers the goods.
6.The bank sends a monthly statement to the customer and collects the
outstanding amount.
- There is physical proximity of a customer with a merchant.
- The transaction is validated after obtaining the signature of the customer on
the payment slip.

- However, in e-commerce there is no physical contact between the merchant

and the customer and it is impossible to verify the physical signature.
- A customer would be reluctant to disclose his or her credit card number using
the Internet as the merchant may be fake or the number may be stolen by
eavesdroppers on the Internet.

 An ideal protocol would be one in which the credit card number is not
revealed to the merchant but only to the bank approving it. The approving
bank need not know what a customer bought but only the amount of payment
to be approved (to protect customer's privacy).

 Secure Electronic Transaction (SET) protocol. Another simpler protocol

which uses Secure Socket Layer (SSL).
 Secure Electronic Transaction (SET) Protocol

Secure Electronic Transaction (SET) protocol has been standardized for credit
card payments by major credit card companies such as VISA and MASTER
CARD in USA.
To use the SET protocol for credit card transactions, the following
requirements must be satisfied:
1.As a public key encryption system such as RSA is used by both customers
and merchants, both of them must have their own public-private key-pairs.
2.Both customers and merchants must get their public key certified by a
certifying authority. This is required to ensure to both parties that the-
transaction is genuine.
3.The customer must digitally sign the purchase order amount and credit card
number.

The main features of SET protocol are:

1.It ensures that a customer's credit card number is not disclosed to a merchant.
It is disclosed only to the acquirer who authorizes payment.
2.Purchase invoice details are not disclosed to the acquirer. Only the credit
card number and the total amount of purchase is sent to the acquirer.
3.Purchase invoice coupled with the credit card number is digitally signed by
the customer.
 Dual Signature Scheme

SET protocol depends on an innovation called dual signature whose main

purpose is to give the merchant only the purchase order and amount without
disclosing the credit card number, and give to the acquirer only the credit card
number and the amount without disclosing the purchase details. The essentials of
the dual signature scheme is given in Figure 6.3.
 Dual Signature Scheme

A customer's purchase information consists of a purchase order (PO)

accompanied by a credit card number (CCN) and amount to be paid
(AMT).

This information is divided into two parts: (PO; AMT) = POA and
(CCN; AMT) = CCA.
Credit Card Transaction Using SET Protocol
The procedure is below:

Step 1: The customer's PC and merchant's server exchange their certified

public keys. The merchant also sends acquirer's public key to the customer.
They also negotiate the type of public key encryption and the hashing
function to be used.

Step 2: The customer fills the purchase order, amount payable and credit card
number in his or her PC. Software in the PC strips it into two parts; purchase
order and amount (POA) and the credit card number and amount (CCA). POA
is encrypted using merchant's public key and CCA with acquirer's public key.
The PC also computes POH, CCH and the dual signature DS. These are also
sent along with POA to the merchant. The merchant verifies signature and
proceeds further if the signature is OK.

Step 3: The merchant forwards encrypted CCA, POH and DS to the acquirer.

Step 4: The acquirer forwards it to the customer's bank.

Step 5: The customer's bank checks the credit card number, credit
available and the dual signature of the customer. The result of
verification is sent to the acquirer.

Step 6: The acquirer in turn approves or rejects the transaction and

informs the merchant. It credits in merchant's account.

Step 7: The merchant approves the order and sends to the customer the
shipping details.

Step 8: At the end of the month the bank which issued customer's credit
card sends a consolidated bill to the customer.