1 / 32

E-commerce Support Systems

E-commerce Support Systems. Electronic payments Electronic checks Electronic credit cards Virtual credit cards Purchasing cards Electronic cash Stored value money cards Smart cards with microprocessors Person-to-person payments Payment of bills online . Security in Electronic Payments.

salim
Télécharger la présentation

E-commerce Support Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-commerce Support Systems • Electronic payments • Electronic checks • Electronic credit cards • Virtual credit cards • Purchasing cards • Electronic cash • Stored value money cards • Smart cards with microprocessors • Person-to-person payments • Payment of bills online

  2. Security in Electronic Payments • Authentication of all parties • Protection of data from alteration or destruction during transmission • Protection from buyer’s unjustified repudiation • Privacy • Customer safety • Protection of information at seller’s end

  3. Order Fulfillment in Electronic Commerce • Provide customers with ordered goods • Goods must be quickly packaged, shipped, and delivered • Payment collection system must be in force • Handle the return of unwanted or defective merchandise • Customer relations

  4. E-payment systems • To transfer money over the Internet • Methods of traditional payment • Check, credit card, or cash • Methods of electronic payment • Electronic cash, software wallets, smart cards, and credit/debit cards • Scrip is digital cash minted by third-party organizations

  5. Requirements for e-payments • Atomicity • Money is not lost or created during a transfer • Good atomicity • Money and good are exchanged atomically • Non-repudiation • No party can deny its role in the transaction • Digital signatures

  6. Desirable Properties of Digital Money • Universally accepted • Transferable electronically • Divisible • Non-forgeable, non-stealable • Private (no one except parties know the amount) • Anonymous (no one can identify the payer) • Work off-line (no on-line verification needed) No known system satisfies all.

  7. Types of E-payments • E-cash • Electronic wallets • Smart card • Credit card

  8. Smart Cards A smart card: • can store data (e.g. profiles, balances, personal data) • provides cryptographic services (e.g. authentication, confidentiality, integrity) • is a microcomputer • is small and personal • is a secure device

  9. Smart Card Applications • Communication • Retail • Transportation • Health care • Government • E-commerce • E-banking • Education • Office

  10. Retail • Sale of goodsusing Electronic Purses, Credit / Debit • Vending machines • Loyalty programs • Tags & smart labels • E-commerce • sale of information • sale of products • sale of tickets, reservations • E-banking • access to accounts • to do transactions • shares

  11. Databus test logic CPU ROM security logic RAM serial I/O interface EEPROM What’s inside a smart card ? databus: connection between elements of the chip 8 or 16 bits wide

  12. Advantages and Disadvantages of Smart Cards • Advantages: • Atomic, debt-free transactions • Feasible for very small transactions (information commerce) • (Potentially) anonymous • Security of physical storage • (Potentially) currency-neutral • Disadvantages: • Low maximum transaction limit (not suitable for B2B or most B2C) • High Infrastructure costs (not suitable for C2C) • Single physical point of failure (the card) • Not (yet) widely used

  13. Processing a Payment Card Order

  14. Open and Closed Loop Systems • Closed loop systems • Banks and other financial institutions serve as brokers between card users and merchants -- no other institution is involved • American Express and Discover are examples • Open loop systems • Transaction is processed by third party • Visa and MasterCard are examples

  15. Payment Acceptance and Processing • Merchants must set up merchant accounts to accept payment cards • Law prohibits charging payment card until merchandise is shipped • Payment card transaction requires: • Merchant to authenticate payment card • Merchant must check with card issuer to ensure funds are available and to put hold on funds needed to make current charge • Settlement occurs in a few days when funds travel through banking system into merchant’s account

  16. Setting Up Merchant Account • Merchant bank • Also called acquiring bank • Does business with merchants that want to accept payment cards • Merchant receives account where they deposit card sales totals • Value of sales slips is credited to merchant’s account

  17. Processing Payment Cards Online • Can be done automatically by software packaged with electronic commerce software • Can contract with third party to handle payment card processing • Can also pick, pack, and ship products to the customer • Allows merchant to focus on web presence and supply availability

  18. Payment Processing Services • Internetsecure • Provides secure credit card payment services • Supports payments with Visa and MasterCard • Provides risk management and fraud detection, and ensures all proper security for credit card transactions is maintained • Ensures all transactions are properly credited to merchant’s account Other services are: Tellan, IC Verify, Authorize.Net

  19. Credit Cards • Credit card • Used for the majority of Internet purchases • Has a preset spending limit • Currently most convenient method • Most expensive e-payment mechanism • MasterCard: $0.29 + 2% of transaction value • Disadvantages • Does not work for small amount (too expensive) • Does not work for large amount (too expensive) • Charge card • No spending limit • Entire amount charged due at end of billing period

  20. Credit Card Processing

  21. PPI-Payment Processing Inc. • PPI works with over 400 software partners to provide integrated transaction processing for face-to-face and remote merchants in industries as diverse as grocery, utilities, storage facilities, retail and healthcare among many others. You can use PPI to • Outsource the installation of all payment modules without any expense to you and receive complimentary approved transaction software. • Provide a complete suite of electronic payment solutions including payment cards (debit, credit, stored value), ACH and check guarantee services – customized for your merchant’s needs. • Support your existing payment solution and work with you to integrate new customized payment solutions.

  22. Secure Electronic Transaction (SET) Protocol • Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM, GTE, SAIC, and others • Designed to provide security for card payments as they travel on the Internet • Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers and merchants in addition to providing secure transmission • SET specification • to protect Internet credit card transactions • open encryption & security specification • Uses public key cryptography and digital certificates for validating both consumers and merchants • Provides privacy, data integrity, user and merchant authentication, and consumer nonrepudiation

  23. The SET protocol The SET protocol coordinates the activities of the customer, merchant, merchant’s bank, and card issuer. [Source: Stein]

  24. SET-protected payments work like this: SET Payment Transactions • customer opens account • customer receives a certificate - Consumer makes purchase by sending encrypted financial information along with digital certificate • merchants have their own certificates - Merchant’s website transfers the information to a payment card processing center while a Certification Authority certifies digital certificate belongs to sender • customer places an order • merchant is verified • order and payment are sent - Payment card-processing center routes transaction to credit card issuer for approval • merchant requests payment authorization • merchant confirms order • merchant provides goods or service - Merchant receives approval and credit card is charged • merchant requests payment-Merchant ships merchandise and adds transaction amount for deposit into merchant’s account

  25. SET Components

  26. SET uses a hierarchy of trust All parties hold certificates signed directly or indirectly by a certifying authority

  27. SET Protocol • Extremely secure • Fraud reduced since all parties are authenticated • Requires all parties to have certificates • 80 percent of SET activities are in Europe and Asian countries • not a payment system, rather a set of security protocols & formats • Problems with SET • Not easy to implement • Not as inexpensive as expected • Expensive to integrated with legacy applications • Not tried and tested, and often not needed • Scalability is still in question

  28. What is Secure Socket Layer ? • Secure Socket Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. • The SSL Security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. • SSL is built into all major browsers and web servers.

  29. What is Secure Socket Layer ? • Allows an SSL-enabled server to authenticate itself to an SSL-enabled client; • Allows to the server; the client to authenticate itself • Allows both machines to establish an encrypted connection. • An encrypted SSL connection or Confidentiality. This protects against electronic eavesdropper. • Integrity. This protects against hackers.

  30. What is SSL? (cont’d) • Both Netscape Navigator and Internet Explorer support SSL, and many websites use the protocol to obtain confidential user information, such as credit card numbers. • The primary goal of SSL is to provide privacy and reliability between two communicating applications.

  31. What Does SSL Concern? • The exchange of messages facilitates the following actions: • Authenticate the server to the client; • Allows the client and server to select a cipher that they both support; • Optionally authenticate the client to the server; • Use public-key encryption techniques to generate share secrets; • Establish an encrypted SSL connection

  32. Payment Gateway Authorization • verifies all certificates • decrypts digital envelope of authorization block to obtain symmetric key & then decrypts authorization block • verifies merchant's signature on authorization block • decrypts digital envelope of payment block to obtain symmetric key & then decrypts payment block • verifies dual signature on payment block • verifies that transaction ID received from merchant matches that in PI received (indirectly) from customer • requests & receives an authorization from issuer • sends authorization response back to merchant

More Related