E-Commerce: Payment Systems and Security The list of payment solutions
A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteedOrder Now
E-Commerce: Payment Systems and Security The list of payment solutions for e-commerce seems to be endless. Many banks and ISPs have adapted their own e-commerce payment systems where compatibility has not been considered. However, it seems that everything is currently pointing towards SET (Secure Electronic Transaction) as becoming the standard to follow.
The first payment methods for services that took place over the internet were conventional. Users of services would transfer periodically the amount directly from their bank account to the provider’s account. This type of payment takes a great deal of time to go through.
In the case of product purchase the same method would be used, the customer would pay the amount due through the bank accounts. This mechanism, of course, is not considered as a pure internet payment.
To avoid this kind of transaction, a more advanced method would be to use credit cards as a method of payment. The client would use internet to provide the supplier of the product or services with the credit card information. The supplier would charge the amount instantly and the credit card company would take care of the rest. At this point is when private and delicate information starts circulating through the internet, attempting against the privacy of the buyer (that can be monitored), and the confidentiality of banking information, which could be stolen and fraudulently used.
Security mechanisms are implanted to guarantee the confidentiality and integrity of the content, as well as the identity of the client and supplier.
The solution would seem to be the use of encryption to securely send the number and information of the credit card. But still, some certain factors have to be considered. One would be that the amount of the transaction itself could be increased.
The next step taken would be the introduction of a third party that guaranties that such information circulates through the internet. This
requires the registration of the involved parties, where the identities and the solvency of both sides would be checked. Possible limitations of this method are that, on one hand, the possibility that some payments could be refused because the credit limit has been reached, and on the other hand, the accumulation of data from the participants in the hands of the third party could be attempting against the right of the persons’ privacy.
A different method aims to the reproduction of the characteristics of physical money (cash), especially, the anonymity cash provides. The idea is that the user could have in its computer (or in an intelligent card, such as the internet credit cards banking companies have come up with) “anonymous money”, that can be used to carry out payments. Always with a bank behind that supports the value of this money representation.
Some problems appear like protecting against money theft and the payment of different products with the same money.
In the methods that are going to be discussed in this paper it can be observed most of them introduce specialized agencies capable of carrying out transactions over unsecured media and with out physical presence of the involved parties. Because of this, the requirements point to the confidentiality, integrity, and authentication of the implied parties. The need for encryption is obvious and all methods use it.
The DigiCash proposal is the only one that breaks away from the usual, using the desired anonymous cash. DigiCash has a few interesting characteristics, such as anonymous payment, no profiling possible by third parties, and the ability to recuperate the money in case of theft. These characteristics make it a very attractive method, but up until now it has been considered a very complex method.
Logically, being the matter on hand money, the present systems are very conservative. All the businesses adopt numerous cautions facing frauds and technical failures. If the number of incidences was high, the commissions would increase rapidly and the associated prices to e-commerce would not be
Leader solutions: CheckFree is an integrated system for Electronic Commerce based on its own protocols, between clients and specific servers. It works under the Windows9X platform and it is under the sponsorship of Compuserve.
The orders are transmitted through Internet, coded using the RSA algorithm and utilizing public keys of 756 bits. The size of this key one is considered sufficiently secure being used in commercial transactions.
Businesses have to be registered in CheckFree (www. checkfree. com). The buyer sends information to execute the payment to the business, which sends it to CheckFree. Once the payment is authorized, the client receives a proof of purchase, and the commerce receives the authorization to deliver the order. CheckFree deals with the banks to carry out the transfer of funds.
FirstVirtual sponsors a system known as Green Commerce Model, acting like a banking entity and acts as the third party between clients and merchants. It deals with the establishment of agreements between the parties and the bank.
“Deal done,” the parties recieve a proper identifier that is tied to a bank account and an e-mail address.
FirstVirtual (www.fv.com) maintains virtual accounts of clients that are liquidated periodically against traditional credit cards. An e-mail address is needed, since every communication between the user and FV will be carried out through this media, included the confirmation of purchase that the user must comply, along with the authorization to FV to charge it to the credit card.
To register, a form must be filled with all the personal data and a password, which will generate our PIN. Later, an e-mail with a key, one of 12 digits, and a telephone number is sent. This phone number if for giving FV the credit card’s data. To carry out a purchase, the user gives the VPIN to a merchant, who communicates with FV. FV sends the buyer an e-mail to confirm the operation. The cost of having a VPIN is of 5 $ per year.
When a client wants to carry out a purchase, it sends an order to the merchant, which sends it to FirstVirtual, together with the user’s identification in FirstVirtual(VPIN). FV contacts the client by e-mail to confirm that the charge is accepted.
The system does not use encryption, alleging that the financial information never travels through the Internet (only the VPIN) and that its cautions are sufficient and preferably to the relative security of encryption.
NetBill (http://www.ini.cmu.edu/) is a project developed in the University Carnegie-Mellon. NetBill is a small bank in which clients and merchants maintain private accounts. The clients can put money in their accounts to execute payments, and the commerce can retire it. It is based on a system of symmetric key.
It is based on its own protocols, with clients and specific merchants that can be incorporated into browsers, ,or another type of user interfaces. All the transactions are properly encrypted and signed by means of public keys, with authentication based on Kerberos. The system is very adequate for the sale of information through the internet. A client does a request, and he receives the product (the information) coded. When he receives it, he orders the payment that, once executed, he asks the merchant to deliver him, the buyer, the necessary key for decrypting the information. In this way it is accomplished to tie both parts to avoid frauds by sudden disappearance, or by losses derived from failures of the network or of the terminals DigiCash ( www.digicash.com ) is a system of anticipated payment, where the money is previously obtained from the bank and stored digitally in the software of the user, which can utilize it in any virtual commerce that accept this media for payment. This system permits the anonymous purchase, since it does not require identification.
It is a method of digital money in cash, that uses a sophisticated system of key and digital ‘fingerprints’ to offer electronic wallets with anonymous money. The client receives a specific program that permits him to be communicated with a bank to withdraw the money, with other individuals for exchange, and with merchants to carry out payments.
To withdraw the money from the bank a technical encryption method is used, called “blind signature.” The client invents serial numbers for the desired cash, he codes them with a random digital key that impedes to see the serial number, and sends it to a bank for authorization. The bank disposes of a series of signatures, for each monetary value (for example, there is a signature that is worth 100 dollars). The bank signs the currency of the client and it is returned, also coded. The client is capable of eliminating the digital key that hides the serial number without altering the signature of the bank. This way, the client arranges money validated by the bank whose serial number is only known by the client itself. The bank deducts the quantity from the account; but ignores the serial number of the electronic cash, making it impossible to associate a payment to a concrete client.
Summarizing, ECash is the payment system for the Internet created by the Dutch business DigiCash, under the direction of the well known cryptographer David Chaum. The plan functions through an electronic wallet.
Cybercash (www.cybercash.com ) is one of the payment systems of more success in the United States, and in full expansion toward the rest of the world. It functions from an electronic wallet and upon the habitual credit card system, but provided with additional strong cryptographic protection.
Cybercash establishes a plan of payment using its own cryptographic methods of public keys (Secure Internet Payment Service). It is also a business that acts as a third party between the client and the bank. It offers its own client-merchant product to communicate confidential values and credit card numbers.
CyberCash combines the possibilities of immediate payment and creation of virtual accounts to carry out payments (CyberCoin). The software of CyberCash sends its data encrypted to the merchant, who at the same time adds its own identifications and requests authorization to CyberCash. The rest of the process is carried out through the traditional payment methods network.
Credit, debit, business cards, cash, intelligent cards and alternative types of payment, are all supported in the payment solutions of CyberCash. CyberCash includes: ICVERIFY®, PCVERIFY?, CashRegister?, NetVERIFY?, CyberCoin® and PayNow?.
CyberCash takes the lead in electronic commerce. A global reach to do banking operations and processing networks and easy connection assure that InstaBuy will become the consumer’s interface trough the entire world of commerce over the internet.
With InstaBuy, the consumers obtain the advantage of buying with a single click, being able to use the same wallet and the same password in other commercial sites with the certainty of a private and secure storage of their financial information.
InstaBuy and their implementation are provided with the security and the ease of use that make of InstaBuy the platform for the future.
With InstaBuy, the payment information of the consumer is stored in a secure way, thanks to the technology of electronic Wallet, for the use in subsequent purchases in consequent transactions. InstaBuy does the complete transaction simply with one click.
InstaBuy uses the Wallet technology of CyberCash, “The AgileWallet,” which is a secure electronic process with information of the purchase and payment of the consumer that permits the secure execution of transactions.
Another option of payment, the electronic check, recently has also been explored by CyberCash with the PayNow Service and it is being announced like the method with a relation cost – effective most convenient to do repetitive internet transactions.
MasterCard ( www.mastercard.com ) sponsors payment protocols iKP de IBM based on the iKP protocols of IBM. These protocols are introduced in an application known as Secure Electronic Payment Protocol (SEPP), and has been developed in collaboration with IBM, Netscape, CyberCash and GTE Corp. The mechanism is bases on the use of public key.
Visa ( www.visa.com ) in collaboration with Microsoft, has developed a complete specification, the Secure Transactions Technology (STT), based on the use of public keys, responding to the following commercial requirements: -To Respect the confidentiality of the transactions, using encryption.
-To Assure the integrity of the data transferred, by means of digital signatures.
-Authenticate the card holder, by means of digital signatures and certificates.
-To put the specification in the public domain, so that client products and servers can be developed and be capable of interoperation among themselves.
STT utilizes the concept of “double signature”, that is used to tie the data of the order (which only interests the commerce) with the financial data (that only interests the bank). The client, that has both, calculates its digital ‘fingerprint’, and then concatenates and digitally signs it. The merchant receives the request and the ‘fingerprint’ of the order. (with difficult to be falsifiable). The bank receives, the banking data and the ‘fingerprint’ of the request. Thus, each receptor can verify the signature of the assembly, being respected at all time the confidentiality of the data, its integrity and the coherence among the merchant and the payment.
Regarding the credentials that authenticate the public key, STT proposes a hierarchy of authorizations. In the first level an authority of the sector, A, exists properly accredited. A accredits the buyer’s financial institution, and the bank of the merchant. Each bank accredits its respective clients. With this delegation in cascade form, any of the parties can be assured of the identity of the others. The delegations hierarchy plan does not yet seem mature and will require more elaboration. The authority A emits to the public the certificates, tying a public key to a number of the card and to an account in a bank. Carefully, it is avoided to introduce the name of the user to maintain its anonymity, remaining only tied the digital ‘fingerprints’ of the charged account.
Summarizing: Secure Electronic Transaction (SET) is the future alternative credit-card processing method, supported by card issuing banks. SET protocol was developed by Visa and MasterCard and now backed by American Express. It is the method that is being adopted by most of the businesses involved in secure electronic transactions. It is designed for cardholders, merchants, banks and other card processors. SET uses digital certificates to ensure the identities of all parties involved in a transaction. SET also encrypts credit and purchase information before transmission on the Internet.