Chapter – 4 Payments and Security

Payments and Security

1) What is Electronic Payment? What are the payment related issues for successful e-commerce?

Ans: – Electronic payment systems are becoming central to on-line business process innovation as companies look for ways to service customers faster and at a lower cost.

– Emerging innovations in the payment for goods and services in electronic commerce promise to offer a wide range of new business opportunities.

The Following issues must be addressed to meet the demands of successful electronic commerce:

i) What form and characteristics of payment instruments – e.g. Electronic cash, electronic cheques credit/debit cards – will consumer use? ii) In on-line markets, how can we manage the financial risk associated with various payment instruments – privacy, fraud, mistakes, as yell as other risks like bank failures? iii) What security features (authentication, privacy, anonymity) need to be designed to reduce these risks? iv) What are the step – by – step procedures and institutional arrangements that form the fabric of the electronic payment business processes that link consumers and organizations?

2) What EFT? Explain briefly about categories of EFT.

Ans:- EFT is defined as “Any transfer telephonic instrument, computer or magnetic tape so as to order, instruct, or authorise a financial institution or debit or credit an account”.

  • EFT utilises computer and telecommunication components both to supply and to transfer money or financial assets.
  • The transfer is information-based and intangible. Thus EFT stands in marked contrast to conventional money and payment models that rely on physical delivery of cash or cheques.

EFT can be segmented into three broad categories.

  • Banking and financial payments

àLarge – scale or wholesale payments (e.g.. Bank- to – bank transfer).

àSmall – Scale or retail payments (e.g.. ATMs and cash dispensers.)

àHome banking (e.g. bill payment)

  • Retailing payments

àCredit cards (eg. VISA or MasterCard).

àPrivate label credit/debit cards.

àCharge cards (eg. American Express)

  • On-line electronic commerce payments àToken-base payment systems.

àElectronic cash (eg. Digicash).

àElectronic cheques (eg. NetCheque).

àSmart cards or debit cards.

3) What is electronic Token? Mention its types.

Ans :- Digital Token-based Electronic Payment Systems:

  • Electronic tokens are new forms of financial instruments developed to avoid the physical presence of transacting party.
  • Electronic tokens representing electronic cash or electronic cheques designed as electronic analogs of various forms of payment backed by a bank or financial institution.
  • In other words, electronic tokens are equivalent to cash that is backed by a bank. Electronic tokens are of three types :
  • Cash or real-time : -Transactions are settled with the exchange of electronic currency. An example of on-line currency exchange is an electronic cash (e-cash).
  • Debit or prepaid : – Users pay in advance for the privilege of getting information. Examples of prepaid payment mechanisms are stored in smart cards and electronic purses that store electronic money.
  • Credit or postpaid : – The server authenticates the customers and verifies with the bank that funds are adequate before purchase. Examples of postpaid mechanisms are credit/debit cards and electronic cheques.

4) What is E-cash? Explain properties of e-cash.

Ans:Electronic Cash (e-cash):

  • E-cash combines computerised convenience with security and privacy that improve on paper cash. Its versatility opens up a host of new markets and applications. – E-cash presents some interesting characteristics that should market it an attractive alternative for payment over the Internet.
  • E-cash focuses on replacing cash as the principal payment vehicle in consumeroriented electronic payments.
  • Paper cash remains the dominant form of payment for three reasons:
  • Lack of trust in the banking system.
  • Inefficient clearing and settlement of noncash transactions.
  • Negative real interest rates paid on bank deposits.

Properties of Electronic Cash: – E-cash must have the following four properties:

  • E-cash must have a monetary value: – it must be backed by either cash (currency), the bank authorized credit or a bank certified cashier’s cheque. -When c-cash created by one bank is accepted by others, reconciliation must occur without any problems.
  • E-cash must be interoperable : that is. exchangeable as payment for other ecash, paper cash, goods or services, lines of credit, deposits in banking accounts, bank notes or obligations, electronic benefits transfers, etc.. – Most e-cash proposals use a single bank.
  • E-cash must be storable and retrievable : Remote storage and retrieval (eg.

from a telephone -or personal communications device) would allow users to exchange e-cash from home or office or while travelling.

5) What is an Electronic cheque? Explain its advantages.

Ans : – Electronic Cheques

Electronic Cheques are another form of electronic tokens. They are designed to accommodate the many individuals and entities that might prefer to pay on credit or through some mechanism other than cash.

  • In this model, the buyers must register with a third party account server before they are able to write electronic cheques.
  • The account server also acts as a billing service. Once registered, a buyer can then contact sellers of goods and services. To complete a transaction, the buyer sends a cheque to the seller for a certain amount of money.
  • These cheques may be sent using e-mail or other transport methods. When deposited, the cheque authorizes the transfer of account.

Advantages :

  • They work in the same way as traditional cheques, thus simplifying customer education.
  • Electronic cheques are well suited for clearing micropayments: their use of convention cryptography (symmetric encryption) makes it much faster than systems based on public-key cryptography (e-cash).
  • Electronic Cheques create a float and the availability of float is an important requirement for commerce. The third-party accounting server can make money by charging the buyer or seller a transaction fee or a flat rate fee, or it can act as a bank and provide deposit accounts and make money on the deposit pool. iv) Financial risk is assumed by the accounting server and may result in easier acceptance. Reliability and scalability are provided by using multiple accounting servers.
  • A prototype electronic cheque system called “NetCheque” was developed at Information Sciences Institute (ISI) by Clifford Newmann.
  • Net Cheque will include software for writing and depositing cheques independent of other applications to be called automatically when integrated with other systems.


chapter 4 part-2

CHAPTER 4 part – 2

1) What is Smart Card? Explain Its types.

Ans: – Smart cards are credit and debit cards and other card products enhanced with microprocessors capable of holding more information than the traditional magnetic stripe.

– Smart cards are basically of two types: i) Relationship-based smart cards.

ii) Electronic purses. Electronic purses, which replaces money, arc is also known as debit cards and electronic money.

  • Relationship-based smart cards: – A relationship-based smart card is an enhancement of existing card services and for the addition of new services that a financial institution delivers to its customers via a chip-based card or another device. – These new services may include access to multiple financial accounts, valueadded marketing programs, of other information cardholders may want to store on their card.
  • Electronics purses and Debit Cards: – The electronics purse works in the following manner: After the purse is loaded with money, at an ATM or through the use of an inexpensive special telephone.
  • It can be used to pay for coffee vending machine need only verify that card is authentic & enough money available for a cup of coffee.
  • Electronics purses would virtually eliminate for change or small bills in a busy store or rush hour toll booth. And waiting for a credit card to be approved.

2) Explain Credit Card-Based electronic payment system.

Ans : – Credit card-based electronic payment systems

The credit card payment on online networks can be categorized as follows:

(i) Payments using plain credit card details : The easiest method of the exchange of unencrypted credit cards over a public network such as telephone lines or the Internet.

– The low level of security inherent in the design of the Internet makes this method problematic authentic is also important. Without encryption, there is no way to do this.

  • Payments using encrypted credit card details: It would make sense to encrypt our credit card details before sending them out, but even then there are certain factors to consider. One would be the cost of a credit card transaction itself. – Such cost would prohibit low-value payments (micropayments) by adding costs to transactions.
  • Payments using third party verification : One solution to security and verification problems is the introduction of a third party: a company that collects and approves payments from one client to another.
  • After a certain period of time, one credit card transaction for the total accumulated amount is completed. Some of the companies involved in online credit card processing: VISA, MasterCard, American Express etc.

Encryption and Credit Cards :

  • Encryption is instantiated when credit card information is entered into a browser or other electronic commerce device and sent securely over the network from buyer to seller as an encrypted message.
  • To make a credit card transaction truly secure and non-refutable, the following sequence of steps must occur before actual goods, services or funds flow.
  • A customer presents his or her credit card information (along with an authenticity signature or other information such as mother’s maiden name) securely to the merchant.
  • The merchant validates the customer’s identity as the owner of the credit card account.
  • The merchant relays the credit card charge information and signature to its bank or online credit card processors.
  • The bank or processing party relays the information to the customer’s bank for authorization approval.
  • The customer’s bank returns the credit card data, charge authentication and authorization to the merchant.
  • In this scheme, each consumer and each vendor generates a public key and a secret key (also called private key).
  • The public key is sent to the credit card company and put on its public key server. The secret key is re-encrypted with a password and the unencrypted version is erased.

3) Explain the process of OTPP for buying online information.

Ans:

OTPP to refer ‘Online Third Party Processors’. OTPPs have created a 6 steps process that they believe will be a fast and efficient way to buy information online: (1) The consumer acquires OTPP account number by filling out a registration form. This will give the OTPP a customer information profile that is backed by a traditional financial institution such as a credit card.

  • To purchase a product online, the consumer requests the item from the merchant by quoting his/her OTPP account number.
  • The merchant contacts the OTPP payment server with the customer’s account number.
  • The OTPP payment server verifies the customer’s account number for the vendor and checks for sufficient funds.
  • The OTPP payment server sends an electronic message to the buyer. This message could be an automatic WWW form that is sent by OTPP server or could be a simple e-mail. The buyer responds to the form or e-mail in one of the three ways:

Yes, I agree to pay; No, I will not pay; or Fraud, I never asked for this.

  • If the OTPP payment server gets a Yes from the customer, the merchant is informed and the customer is allowed to download the material immediately. The OTPP will not debit the buyer’s account until it receives confirmation of purchase completion.

4) Explain the Risk Involved in the Electronic payment system.

Ans: – One essential challenge of e-commerce is risk management. The operation of the payment systems incurs three major risks:

(i) Fraud or mistake (ii) Privacy issues and (iii) Credit risk.

i) Risks from Mistake and Disputes and Consumer Protection: – All electronic payment systems need some ability to keep automatic records.

– Once information has been captured electronically, it is easy and inexpensive to keep. Features of the automatic records include. (a) Permanent storages (b) accessibility and traceability

  • A payment system database
  • Data transfer to payment maker, a bank or monetary authorities.

– The need for record keeping for purposes of risk management conflicts with the transaction anonymity of cash.

ii) Managing Information Privacy : – The electronic payment system must ensure and maintain privacy.

  • All details of a customer’s payment can easily be aggregated where, when and sometimes what the consumer buys is stored.
  • This collection of data tells much about the person and as such can conflict with individual’s right to privacy.
  • Users must be assured that knowledge of transactions will be confidential, limited only to the parties involved and their designated agents if any.
  • Privacy must be maintained against eavesdroppers on the network and against unauthorized insiders.

iii) Managing Credit Risk:– Credit risk is a major concern in net settlement systems because a bank’s failure to settle its net position could lead to a chain reaction of bank failures.

  • The digital central bank must develop policies to deal with this possibility.

Various alternatives exist, each with advantages and disadvantages.

  • A digital central bank guarantee on settlement removes the insolvency test from the system because banks will more readily assume credit risks from other banks.

5) Explain Designing Electronic payment System.

Ans : Designing Electronic Payment Systems

The following issues must be addressed for any new payment method to be certified successful.

i) Privacy: – A user expects to trust in a secure system; just as the telephone is a safe and private medium free of wiretaps and hackers, electronic communication must merit equal trust. ii) Security: A secure system verifies the identity of two-party transactions through ‘user-authentication’ and reserves flexibility to restrict information/services through access control. Today’s bank robbers need, just a computer system and a little ingenuity to steal money.

iii) Intuitive Interfaces: The payment interface must be as easy to use as a telephone. Generally, users value convenience more than anything. iv) Database Integration: With home banking, for example, a customer wants to play with all his accounts. To date, separate accounts have been stored in separate databases.

v) Brokers: A “network banker” — someone to broker goods and services, settle conflicts and facilitate financial transactions electronically — must be in place. vi) Pricing: One fundamental issue is how to price payment system services, e.g.. should subsidies to be encouraged users to shift from one form of payment to another, from cash to bank payments, from paper-based to e-cash.

6) What is E-mail? Explain e-mail working & Secure E-mail Technologies.

Ans : – E-mail: it is the use of electronic messaging technologies to allow computer users to communicate with each other for a variety of purposes.

  • An electronic message can consist of a single line text; or some other document encompassing text, video, sound, images, or some other document as an attachment. – Due to the quick and inexpensive form of communication, email has become a primary means of communication within corporations as well as among individual users.
  • Corporate electronic mail systems now support electronic commerce, group discussion, scheduling and workflow applications, widespread use is forcing users to examine the reliability and performance of their e-mail infrastructures, including security.
  • E-mail messages pass through a series of hosts and/or routers that direct them to their intended destinations; this creates the possibility of a security liability. – There are several protocols designed and implemented for the same e-mail communications through the Internet.
  • E-mail allows one to transmit messages and other files (through the Internet) to people located anywhere in the world.

The electronic mailbox centralizes many mail-related activities such as: i) Messages can be sent to multiple parties simultaneously and instantaneously without having to retype individual letter. ii) Someone receiving a message may forward the message to another destination with or without comment. iii) Messages can be filed electronically for future reference. iv) Mail can be accessed and sent from anywhere around the world. Multiple copies can be sent in different formats.

7) Explain MIME, S/MIME & MOSS.

Ans: i) MIME: – Specifies how to store multiple types of information within the same file. It supports binary, text, audio, video & other formats.

  • MIME specification was described in RFC-1521.
  • MIME defines mail body part structure and content types that provided our SMTP-compatible way to encapsulate documents in e-mail messages while supporting multipart content types including text, audio, image, video and even application data. MIME also provides support for several content-transfers encoding including base 64, which enables 8-bit binary data as 7 bit ASCII data.
  • S/MIME (Secure MIME): – Developed by RSA in 1993. It is secure multiple part e-mail based on PKCS standards.
  • MOSS (MIME object security service): – It describes how to perform Multipart/Signed & Multipart/Encrypted.

– It is the next generation of Privacy Enhanced Mail (PEM).

  • SMPT: – It performs message transmission function, but only supports sevenbit ASCII transmissions and limit the maximum message size. It is standard for internet mail.
  • PKCS: Public key Cryptography standards:- Describes how to sign & encrypt massage & distribute/manage keys.