Professional Documents
Culture Documents
Unit II e Com
Unit II e Com
Electronic payment first emerged with the development of wire transfers. Early wire
transfer services such as Western Union enabled an individual to deliver currency at one
location who then instructed a clerk at another location to disburse funds to a party at that
second location who was able to identify himself as the intended recipient. Cash was
delivered to the customer only after identity was established. Authentication was provided
only by a signature at the other end of the transmission that verified that the intended party
had indeed received the funds.
During the 1960’s and early 1970’s, private networking technology has enabled the
development of alternative electronic funds transfer system. Many of the so called payment
innovation over the past two decades have been aimed at minimizing banking costs such as
reserve requirement, speeding up check clearing and minimizing fraud. Recent innovation in
electronic commerce aims to affect the way consumer’s deals with, payments and appear to
be in the direction of a real time electronic transmission, clearing and settlement system.
• Innovation affecting consumers: credit and debit card, ATM’s electronic banking
• Innovation enabling online commerce: digital cash, electronic checks smart cards
Features of an ideal electronic payment system:-
1. Convenience:
Electronic payment system should be user friendly and required the least amount of
effort, special equipment and time to process the transaction. In contrast a less convenient
system would require the customer and the merchant to go offline in order to process the
transaction with a significant time delay.
2. Security:
The payment system should be secure, covering following aspects of the transaction.
4. Universality:
The payment system should have as few constraints on its use to allow adoption by
any customer or merchant, regardless of what browser software they use or what country they
are in.
5. Cost:
The cost of a payment system to both the customer and the merchant should be low,
especially if micro payments are supported.
6. Acceptability:
7. Convertibility:
9. Reliability:
In the early 1970’s the emerging e-payment technology was labeled EFT. EFT
is defined as any transfer of funds initiated through an electronic terminal telephonic
instrument or computer so as to order, instruct or authorized on financial institution to
debit/credit an account. Work on EFT can be segmented in three main categories:-
• Credit cards
• Charge cards
(C) Online e-commerce payment:
• Token based:
E-cash
E-check
Smart card
Debit card
Credit card based:
Encrypted
Third party
1. E- Token:
New form of financial instrument is called E-token in the form of e-cash, e-money, E-
check. E-tokens are equivalent to cash that is backed by bank. These can be of three types:
Cash/real time: Transactions are settled with the exchange of electronic currency.
Credit/post paid: Server authenticates the customer and verifies with the bank that funds are
adequate before purchase.
Electronic cash combine computerized convenience with security and privacy that improve
on paper cash. E-cash present some interesting characteristic that should make it an attractive
alternative for payment over internet. E-cash focuses on weak less cash as the principle
payment mode in consumer oriented e-payment.
• Cash is legal tender meaning that the payee is obligated to take it.
• Cash is a bearer instrument meaning that possession is proof of ownership.
• Cash can be held and used by anyone even those without a bank account.
• Finally cash places no risk on the part of the acceptor.
Any digital cash system must incorporate a few common features. Digital cash must have
the following four properties:
• Monetary value:
It must be backed by cash, bank authorized credit, or a bank certified cashier
check. When cash created by one bank is accepted by others, reconciliation must
occur without any problems.
• Interoperability:
Digital cash must be interoperability or exchangeable as payment for other
digital cash, paper cash, goods or services, lines of credit, deposits in banking
accounts.
• Security:
Digital cash should not be easily to copy or tamper with while it is being
exchanged. For this reason most system relies on post fact detection and punishment.
Electronic or digital cash combines computerized convenience with security and privacy
that improve on paper cash. The versatility of digital cash opens up a host of new markets
and applications. Digital cash attempts to replace paper cash as the principal payment
vehicle in online payments. Although it may be surprising to some, even after thirty years
of developments in electronic payment systems, cash is still the most prevalent consumer
payment instrument. Cash remains the dominant form of payment for three reasons: lack
of consumer trust in the banking system; inefficient clearing and settlement of noncash
transactions; and negative real interest rates on bank deposits. These reasons behind the
prevalent use of cash in business transactions indicate the need to re-engineer purchasing
processes. In order to displace cash, electronic payment systems need to have some cash-
like qualities that current credit and debit cards lack. For example, cash is negotiable,
meaning that it can be given or traded to someone else. Cash is legal tender, meaning that
the payee is obligated to take it. Cash is a bearer instrument, meaning that possession is
proof of ownership. Cash can be held and used by anyone, even those without a bank
account. Finally, cash places no risk on the part of the acceptor; the medium is always
good. In comparison to cash, debit and credit cards have a number of limitations. First,
credit and debit cards cannot be given away because, technically, they are identification
cards owned by the issuer and restricted to one user. Credit and debit cards are not legal
tender, given that merchants ‘have the right to refuse to accept them. Nor are credit and
debit cards bearer instruments; their usage requires an account relationship and
authorization system. Similarly, checks require either personal knowledge of the payer, or
a check guarantee system. A really novel electronic payment method needs to do more
than recreate the convenience that is offered by credit and debit cards; it needs to create a
form of digital cash that has some of the proper-ties of cash.
Any digital cash system must incorporate a few common features. Specifically, digital
cash must have the following four properties: monetary value, interoperability,
retrievability, and security.
Digital cash must have a monetary value; it must be backed by cash (currency), bank-
authorized credit, or a bank-certified cashier’s check. When digital cash created by one
bank is accepted by others, reconciliation must occur without any problems Without
proper bank certification, digital cash carries the risk that when deposited, it might be
returned for insufficient funds.
Digital cash must be interoperable or exchangeable as payment for other digital cash,
paper cash, goods or services, lines of credit, deposits in banking accounts, bank notes or
obligations, electronic benefits transfers, and the like. Most digital cash proposals use a
single bank .In practice, not all customers are going to be using the same bank or even be
in the same country, and thus multiple banks are necessary for the widespread use of
digital cash.
Digital cash must be storable and retrievable. Remote storage and retrieval (such as via a
telephone or personal communications device) would allow users to exchange digital cash
(withdraw from and deposit into banking accounts) from home or office or while
travelling. The cash could be stored on a remote computer’s memory, in smart cards, or
on other easily transported standard or special-purpose devices. As it might be
easy to create and store counterfeit cash in a computer, it is preferable to store cash on an
unalterable dedicated device. This device should have a suitable inter-face to facilitate
personal authentication using passwords or other means, and a display for viewing the
card’s contents. Digital cash should not be easy to copy or tamper with while it is being
exchanged. It should be possible to prevent or detect duplication and double-spending of
digital cash. Double spending, the electronic equivalent of bouncing a check, is a
particularly tricky issue .For in-stance, a consumer could use the same digital cash
simultaneously to buy items in Japan, India, and England. It is particularly difficult to
prevent double-spending if multiple banks are involved in the transactions.
For this reason, most systems rely on post-fact detection and punishment.
(b) Electronic checks:
Electronic checks are designed to accommodate the many individuals and entities that
might prefer to pay on credit or through some mechanism other than cash. Electronic
checks are modelled on paper checks, except that they are initiated electronically, use
digital signature for signing and endorsing, and require the use of digital certificate to
authenticate the payer, the payer’s bank and bank account.
Electronic checks are delivered either by direct transmission using telephone lines, or by
public networks such as the internet. Electronic check payments (deposits) are gathered
by banks and cleared through existing banking channels such as automated clearing
houses networks.
• Electronic checks work in the same way as traditional checks, thus simplifying
customer education.
• Electronic checks are well suited for clearing micro payments: the conventional
cryptography of electronic checks makes them easier to process than system based
on public-key cryptography (like digital cash).
• Electronic checks can serve corporate markets. Final can use electronic checks to
complete over the networks in a more cost-effective manner than present
alternatives.
• Electronic checks create float and the availability of float is an important
requirement for commerce. The third party accounting server can earned revenue
by charging the buyer and seller a transaction fee or a flat rate fee, or it can act as
a bank and provide deposit accounts and make money from the deposit account
pool.
• Electronic check technology links public networks to the financial payments and
bank clearing, leveraging the access of public networks with the exiting financial
payment infrastructure.
Electronic check process works in the following ways:
• Electronic check users must register with a third-party account server before they
are able to write electronic check
• Once registered, a consumer can then contact a seller of goods and services.
• Using e-mail or to other transport methods, the buyer sends an electronic check to
the seller for a certain amount of money.
• When deposited the check authorized the transfer of account balances from the
account against which the check was drawn to the account to which the check was
deposited.
Notify
Ideally, electronic checks will facilitate new online services by: allowing new payment
flows (the payee can verify funds availability at the payer’s bank); enhancing security at
each step of the transaction through automatic validation of the electronic signature by
each party (payee and banks); and facilitating payment integration with widely used EDI-
based electronic ordering and billing processes.
Electronic checks are delivered either by direct transmission using telephone lines, or by
public networks such as the Internet. Electronic check payments (deposits) are gathered
by banks and cleared through existing banking channels, such as automated clearing
houses (ACH) networks. This integration of the existing banking infrastructure with
public networks. This integration provides an implementation and acceptance path for
banking, industry, and consumers to build on existing check processing facilities.
Electronic checks have the following advantages: Electronic checks work in the same
way as traditional checks thus simplifying customer education. By retaining the basic
characteristics and flexibility of paper checks while enhancing the functionality,
electronic checks can be easily understood and readily adopted.
Electronic checks are well suited for clearing micro payments; the conventional
cryptography of electronic checks makes them easier to process than systems based on
public-key cryptography (like digital cash). The payee and the payee’s and payer’s banks
can authenticate checks through the use of public-key certificates.
Digital signatures can also be validated automatically. Electronic checks can serve
corporate markets. Firms can use electronic checks to complete payments over the
networks in a more cost-effective manner than present alternatives. Further, since the
contents of a check can be attached to the trading partner’s remittance information, the
electronic check will easily integrate with EDI applications, such as ac-counts receivable.
Electronic checks create float, and the availability of float is an important requirement for
commerce. The third-party accounting server can earn revenue by charging the buyer or
seller a transaction fee or a flat rate fee, or it can act as a bank and provide deposit
accounts and make money from the deposit account pool.
Electronic check technology links public networks to the financial pay-ments and bank
clearing networks, leveraging the access of public net-works with the existing financial
payments infrastructure.
Credit card payment negotiation involves two steps: The merchant presents the customer
with product/ service price, order confirmation and status, de-livery notifications, and
payment options accepted by the merchant; and the buyer presents the merchant with
payment choice and associated information in a secure manner. As of yet, there is no
standard way of sending secure payment instructions over the Web.
Currently, consumers can “shop”-look at content and read product descriptions-in the
Web environment, but have to go off-line in order to use their credit cards to actually
make their purchases.
Recently, several companies, including Cyber Cash, VISA, and First Virtual, have
implemented payment systems. Different vendors have lined up behind different
proposed security measures, each fighting to be the dominant standard. As vendors
continue to wage security standards battles, it is perfectly reasonable for consumers to be
cautious about making online purchases. Until consumers feel as comfortable using heir
credit cards online as they do over the telephone, Web based commerce will languish
rather than flourish.
The different payment schemes require customers to set up special ac-counts, and/or buy
or download and install special software for their personal computers. However, not all
banks can handle different payment systems. In order to avoid losing customers by
selecting one payment method over another,
Some merchants sidestep the confusion caused by multiple payment standards by
verifying credit card transactions manually. They take credit card numbers over the
Internet, and then, at the end of the day, batch the verification process. If there is a
problem, they send e-mail to the customers informing them of the problem.
Safe credit card-based commerce will not be possible until security standards are in place.
Security standards ensure the negotiation of payment schemes and protocols, and the safe
transport of payment instructions. Microsoft/VISA and Netscape contends that they can
vastly simplify the payment process by developing software for both banks and
merchants. The bank software would allow banks to use their existing computer systems
to verify and process encrypted credit cards coming from the online world. The merchant
software would allow merchants to buy one single package integrated with a Web server
that serves as a storefront and payment system. The customer can simply continue to use
his or her current browser to interact with the electronic storefront
A smart card looks similar to the credit and debit cards. It ahs a plastic body and a
microprocessor chip embedded in it. A smart card chip had the capacity to store data.
Thus, users also use it as a mini database for storing their personal and work related
information, identification details, and medical details and address books. Cards were also
used to store a value of money, which decreased with use.
Smart card can be accessed only with the unique PIN of an individual. Smart cards are
secure because they are in an encrypted form and a user can personally encrypt or decrypt
the data stored in the chip of a card.
Smart cards, also called stored value cards, use magnetic stripe technology or
integrated circuit chips to store customer-specific information, including electronic
money. The cards can be used to purchase goods or services, store information, control
access to accounts and perform many other functions.
Smart cards offer clear benefits to both merchants and consumers. They reduce cash-
handling expenses and losses caused by fraud, expedite customer transaction at the
checkout counter and enhance consumer convenience and safety. Many state and federal
governments are considering stored value cards as an efficient option for dispersing
government entitlements. Other private sector institutions market stored value products to
transit riders, university students, telephone customers and retail customers. Smart cards,
also called stored value cards, use magnetic stripe technology or integrated circuit chips
to store customer-specific information, including electronic money. The cards can be used
to purchase goods or services, store information, control access to accounts, and perform
many other functions. Smart cards offer clear benefits to both merchants and consumers.
They reduce cash-handling expenses and losses caused by fraud, expedite customer
transactions at the checkout counter, and enhance consumer convenience and safety. In
addition, many state and federal governments are considering stored value cards as an
efficient option for dispersing government entitlements. Other private sector institutions
market stored value products to transit riders, university students, telephone customers,
vending customers, and retail customers. One successful use of stored value cards is by
New York’s Metropolitan Transportation Authority (MTA). The MTA is the largest
transportation agency in the United States and, through its subsidiaries and affiliates,
operates the New York City subway and public bus system, the Long Island Railroad and
Metro-North commuter rail systems, and nine tolled intrastate bridges and tunnels. These
facilities serve four million customers each workday. In 1994, the MTA began the
operation of an automated fare-collection system based on a plastic card with a magnetic
stripe. The Metro Card is either swiped through a card reader at subway stations or dipped
into a fare box onuses are the fare is decremented. All 3,600 MTA buses became
operational in 1996. The full complement of 467 subway stations is expected to be
operational by mid-1997. By 1999, he MTA anticipates more than 1.2 billion electronic
fare collection transactions a year on subway and bus lines. The management challenges
created by smart card payment systems are formidable. Institutions such as the MTA have
made a considerable investment in the stored value card processing network, and to get a
good return on investment must identify new and innovative ways to achieve additional
operating efficiencies and value. For example, many commuters in the New York area
use two or three different mass transit systems to get to and from work. Each of these
systems bears the expense of maintaining its own proprietary network. In addition, the
customer ends up having to manage two or three different fare media, and make two or
three times as many free purchase transactions. New regional initiatives will be necessary
to integrate the multiple networks, and to make it cost –effective and possible to
implement a region wide transportation fare payment system that will link all of the
transit providers in that region.
The Federal Reserve recently created Payments System Research group to define the key
public policy issues related to the evolution of the smart card payments system. Some of
the questions being studied include: When is an account deposit insured? Is the account
still insured when the value has been loaded on a smart card? Is the value on a smart card
considered cash? Is a smart card more like a traveller’s check or a credit card? one reason
for the success of stored value cards is that the application focus is narrow and they build
upon existing infrastructure such as: credit, debit, and ATM cards; funds clearing and
settlement mechanisms; regional and national ATM networks; and retail, corporate, and
government customer relationships. It remains to be seen how the integration between
smart cards and online commerce will takes place.
The fastest growing numbers of electronic transactions today are debit cards.
Such transactions occur when a customer uses a debit card to make a purchase from a
merchant.
The transaction works much like a credit card transaction. For example: a customer
gives an ATM card to the merchant for the purchase. The merchant swipes the card
through a transaction terminal, which reads the information: the customer enters his
personal identification number and the terminal routes the transaction through the
ATM network back to the customer’s bank for the authorization against the
customer’s demand deposit account. The funds once approved are transferred from
customer’s bank to the merchant bank.
These transactions occur within the banking system and safety of payment is
measured. The third party processors who provide services for merchants are also
examined by the federal regulators for system integrity. Both transmitted inter-bank
with in the payment system. Authentication is provided by the use of the digital
signature or PIN numbers, just as it is at ATM’s.
Debit cards can also be used extensively for electronic benefits transfer. Electronic
benefits transfer uses debit cards for the electronic delivery of benefits and
entitlements to individuals who otherwise may not have bank accounts. In an EBT
system, recipients access their benefits in the same way that consumers use debit
cards to access their bank accounts electronically: the card is inserted into or swiped
through a card reader and the cardholder must enter a PIN associated with that card.
The benefit recipient can then access his or her benefits to make a purchase or obtain
cash.
Benefits that can be delivered via EBT generally fall into three categories:
Credit card payment negotiation involves two steps: the merchant presents the
customer with product/service price, order confirmation and status, delivery notifications, and
payment options accepted by the merchant: and the buyer presents the merchant with
payment choice and associated information secure manner.
It is perfectly reasonable for consumers to be cautious about making online purchase. Until
consumers feel as comfortable using their credit cards online as they do over the telephone,
web based commerce will languish rather than flourish. The different payment schemes
require customers to set up special accounts and/or buy or download and install software for
their personal computers. However not all banks can handle different payment systems. In
order to avoid losing customers by selecting one payment method over another, some
merchants sidestep the confusion caused by multiple payment standards by verifying credit
card transactions manually.
Microsoft/Visa and Netscape/Verifone contend that they can vastly simplify the payment
process by developing software for both banks and merchants. The bank software would
allow banks to use their existing computer systems to verify and process encrypted credit
cards coming from the online world. The merchant software would allow merchants to buy
one single package integrated with a web server that serves as a storefront and payment
system
Encryption is initiated when credit card information is entered into a browser or other
electronic commerce device and sent securely over the network from buyer to seller as an
encrypted message. To make credit card transaction truly secure and non refutable the
following sequence of steps must occur before actual goods service or funs flows:
• A customer presents his or her credit card information securely to the merchant.
• The merchant validates the customer’s identity as the owner of the credit card account.
• The merchant relays the credit card charge information and digital signature to his or
her bank or online credit card processor.
• The bank or processing party relays the information to the customer’s bank for
authorization approval.
• The customer’s bank returns the credit card data, charge authentication and
authorization to the merchant.
One company that has implemented the preceding process is Cyber Cash. Cyber Cash
transaction moves between three separate software programs: one program that resides on the
consumer’s PC, one that operates as part of the merchant server, and one that operates within
the Cyber Cash servers.
Cyber Cash can also be used for micro payment, that is, people pay small change-usually a
nickel or a dime- as they click on icons, which could be information or files. The user
download free Wallet software t o their PC and load it up electronically with a credit card
cash advance. The plan for micro payments is to create a “small change” version which
would dip from a checking account as well as a credit card. After selecting a game to play to
item to buy an invoice comes on screen. The consumer clicks on a pay button and a
transaction is encrypted that transfers money out of a coin purse icon and into the vendor’s
account which is setup on a Cyber Cash server.
The internet payments system was formed by First virtual holding and gets around the
credit card security problem by ensuring that the credit card number never travels over the
internet. The fully operational system relies on existing mechanisms to enable the buying and
selling of information via the internet. First virtual makes servers available to sellers lacking
the computer capacity or warehouse internet servers to handle their sales directly.
The following seven steps process captures the essence of the first virtual system:
• The consumer acquire an account number by filling out a registration form which
gives FV a customer profile that is backed by a traditional financial instrument such
as a credit card.
• To purchase an article product to other information online the consumer requests the
item from the merchant by quoting her FV account number. The purchase can take
place in one of two ways: the consumer can automatically authorize the merchant via
browser settings to access her FV account and bill her or she can type in the account
information.
• The merchant contacts the first virtual payment server with the customer’s account
number.
• The first virtual payment server verifies the customer’s account number for the vendor
and checks the sufficient funds.
• The first virtual payment server sends an electronic message to the buyer. This
message could be an automatic www form or a simple e-mail.
• If the first virtual payment server gets a Yes from the customer, the merchant is
informed and the customer allowed downloading the material immediately.
• First virtual will not debit the buyer’s account until it receives confirmation of
purchase completion. Buyers who receive information or a product and decline to pay
must have their accounts suspended.
The easiest method of credit card payment is the exchange of unencrypted credit cards over a
public network such as telephone lines or the Internet. The low level of security inherent in
the design of the Internet makes this method problematic (any hacker can read a credit card
number and there are programs that scan the Internet traffic for credit card numbers and send
the numbers to their programmers).Authentication is also a significant problem, and the
vendor is usually responsible for ensuring that the person using the credit card its owner.
Payments Using Encrypted Credit Card Details
Even if credit card details are encrypted before they are sent over the Internet, there are still
certain factors to consider before sending them out. One such factor is the cost of a credit
card
One solution to security and verification problems is the introduction of a third party to
collect and approve payments from one client to another.
Encryption is initiated when credit card information is entered into a browser or other
electronic commerce device and sent securely over the network from buyer to seller as an
encrypted message. This practice, however, does not meet important requirements for an
adequate financial system, such as non refutability, speed, safety, privacy, and security. To
make a credit card transaction truly secure and no refutable, following sequence of steps must
occur before actual goods, services, or funds flow:
1. A customer presents his or her credit card information (along with an authentic signature or
other information such as mother’s maiden name) securely to the merchant.
2. The merchant validates the customer’s identity as the owner of the credit card account.
3. The merchant relays the credit card charge information and digital signature to his or her
bank or online credit card processor.
4. The bank or processing party relays the information to the customer’s bank for
authorization approval.
5. The customer’s bank returns the credit card data, charge authentication, and authorization
to the merchant.
• federally funded, but state administered benefits (such as food stamps, Aid to Families
with Dependent Children programs);
• state-funded and
SET PROTOCOL
The set protocol was developed jointly by MasterCard and visa with the goal of providing a
secure payment environment for the transmission of credit card data. The set specification
version 1.0 was published in May 1997. MasterCard and visa once again joined force in
December 1997 to form SETCO to lead the implementation and promotion of the set
application. An enabled version of set protocol is projected by some industry members to
become the standard specification of secure transmission of electronic commerce payment
mechanism although some skeptics disagree with the need for the set protocol. Feature of the
set specification version 1.0 are:
The initial version of the SET protocol version 1.0 is considered to be a stronger security
mechanism that other transmission protocols such as the secure sockets layer (SSL) protocol
because of its stronger authentication feature. Server SSL is good at providing confidentiality
during the transmission of sensitive data, but alone it does not authenticate either the sender
or the receiver of the message. If mutual authentication is used , authentication of the client is
possible but this is not a standard practice today. Both protocols provide confidentiality of
data transmitted over the internet via encryption. The SET protocol mandates the use of
digital certificate that are tied to the purchasers financial institution to help identify
authorized purchasers and their accounts. It also use digital certificates that are tied to the
merchants financial institutions and their accepted methods of payment brands. The SET
protocol used dual signatures on the digital certificates to allow the user to transmit only
necessary information to the merchant which is not always inclusive of credit card account
information.
Version 1.0
The strong authentication provided by the SET protocol requires some mechanism for
identification and verification of the customer, merchant and banks. The SET protocol
requires that all parties involved in the transaction hold a valid digital certificate and use
either digital signature or message digest. This means that both the buyer and seller must
have a registered certificate from an approved certificate authority. A simplified depiction of
the SET credit card purchase model consist five entity types which are:
Cardholder, merchant, payment gateway, certificate authority and certificate trust chain.
Payment gateway:
An acquirer or some other designed third party is necessary in order to authorize and process
the transaction. The third party that performs these functions is called the payment gateway.
Some credit card services that are owned by financial institutions may perform more than one
role such as issuing the credit card and cardholder certificates and serving as the
acquirer/payment gateway. Some institutions may outsource some of these functions to a
third party and thus many different models are available.
Certificate issuance:
The two certificate authorities depicted the scenario in which the merchant and customer
certificates are signed by different certificate authorities; however the cardholder and
merchant could have received their certificated from the same certificate authority. The credit
card company or a third party agency representing the credit card company issues certificates
to the cardholders that are digitally signed by a financial institution. The account number
expiration date of the card and a secret value determined by the cardholder similar to a
personal identification number (PIN) are encoded in the certificate using a one way hashing
algorithm so that the information cannot be revealed by verified.
• Generate and securely store the SET root certificate authority public
and private keys
• Generate and self sign the SET root certificate authority certificates.
• The process brand certificate request and generate SET brand
certificate authority certificate.
• Generate and distribute certificate revocation lists.
Cryptography methods:
The set protocol used both randomly generated symmetric keys and public private key
pairs. The combination of these two methods is frequently used to combine the efficiency of
symmetric key encryption for the encoding of messages and the power of public private keys
to provide authentication. The customer payment message is encrypted using a randomly
generated symmetric key. Because the random key is needed to decrypt the payment
information it is encrypted using the public key of the merchant acquirer. Both the encrypted
message and the encrypted key are sent from the customer to the merchant in what is called a
digital envelope. This combination of methods:
The SET protocol used a unique application of dual signature. Dual signature incorporates the
use of the generation of two messages one for the acquirer and one for the merchant. Each
message contains only the information that is essential to that particular party in order to
protect privacy of as much information as possible. The message to the acquirer contains
account information and payment authorization in the case that the auction house accepts.
Both messages are encrypted and a message digest is created for each message. To provide an
authentication procedure both of the message digest are encrypted with private key. The
acquirer is also sent the dual signature. The dual signature is created by combining the two
messages digest and creating a new digest the dual signature message digest.
Compliance testing:
Compliance testing is necessary for each SET component. The four SET components are:
• Cardholder wallet: this wallet holds the cardholder digital certificate and card account
information. This component performs the authentication of the cardholder and
provides secure transmission of cardholder data.
• Merchant server: this component performs the authentication of the merchant and its
accepted payment brand.
• Payment gateway: this component provides the security of data transmission to/from
the acquirer and processed the payment request and authentication process.
• Certificate authority: this component issues and manages the cardholders’ merchant
and root key certificates.
A magnetic strip card is a small plastic card that has some form of magnetically
encoded strip or strips on its exterior. Magnetic strip card are widely used for applications
such as bank debit cards, credit cards, telephone cards, employees identification cards and
cards for building and machine access privileges, vending machines and copy machines. To
the extent that these cards are used as an electronic purse allowing the cardholder to use the
card to purchase goods and service, these cards support a form if electronic commerce.
Magnetic strip card are typically used of two types:
• Online Magnetic Strip Card
• Offline Magnetic Strip Card
Electronic money (also known as e-money, electronic cash, electronic currency, digital
money, digital cash or digital currency) refers to money or scrip which is exchanged only
electronically. Typically, this involves use of computer networks, the internet and digital
stored value systems. Electronic Funds Transfer (EFT) and direct deposit are examples of
electronic money. Also, it is a collective term for financial cryptography and technologies
enabling it.
While electronic money has been an interesting problem for cryptography (see for example
the work of David Chaum and Markus Jakobsson), to date, use of digital cash has been
relatively low-scale. One rare success has been Hong Kong's Octopus card system, which
started as a transit payment system and has grown into a widely used electronic cash system.
Singapore also has an electronic money implementation for its public transportation system
(commuter trains, bus, etc), which is very similar to Hong Kong's Octopus card and based on
the same type of card (FeliCa). A very successful implementation is in the Netherlands,
known as Chipknip.
VALUE ADDED NETWORK
A value added network is defined as a telecommunication network, primary for data
that processes or transforms data and information in some way and thereby provides services
beyond simple transport of information. In the context of EDI a Van is a communication
network that typically exchanges EDI messages among trading partners. It also provides
other services, including holding messages in electronic mailboxes, interfacing with other
VANs and supporting many telecommunication modes and transfer protocols. A VANs
electronic mailbox is a software feature into which a user deposits EDI transactions and then
retrieves those messages when convenient. In addition to receiving, storing and sending
electronic messages, a VAN also arranges to provide audit information.
VANs today require a global footprint with capabilities, tools and people to service supply
chains that extend from Shanghai to New York, Thailand to Hungary. Modern Value-Added
Networks today are also referred to as trading grids. A VAN not only receives, stores,
forwards messages but also adds audit information to the messages, it modifies the data
(automatic error detection and correction, protocol conversion) and then transport the
information
Digital library
A digital library is a library in which collections are stored in digital formats (as opposed to
print, microform, or other media) and accessible by computers.[1] The digital content may be
stored locally, or accessed remotely via computer networks. A digital library is a type of
information retrieval system.
The first use of the term digital library in print may have been in a 1988 report to the
Corporation for National Research Initiatives[2] The term digital libraries was first
popularized by the NSF/DARPA/NASA Digital Libraries Initiative in 1994.[3] The older
names electronic library or virtual library are also occasionally used, though electronic
library nowadays more often refers to portals, often provided by government agencies, as in
the case of the Florida Electronic Library. The DELOS Digital Library Reference Model[4]
defines a digital library as:
SMART CARD
A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with
embedded integrated circuits which can process data. This implies that it can receive input
which is processed — by way of the ICC applications — and delivered as an output. There
are two broad categories of ICCs. Memory cards contain only non-volatile memory storage
components, and perhaps some specific security logic. Microprocessor cards contain volatile
memory and microprocessor components. The card is made of plastic, generally PVC, but
sometimes ABS. The card may embed a hologram to avoid counterfeiting. Using smartcards
also is a form of strong security authentication for single sign-on within large companies and
organizations.
Benefits
Smart cards can be used for identification, authentication, and data storage.[1]
Smart cards provide a means of effecting business transactions in a flexible, secure, standard
way with minimal human intervention.
Smart card can provide strong authentication[2] for single sign-on or enterprise single sign-on
to computers, laptops, data with encryption, enterprise resource planning platforms such as
SAP, etc.
Credit card and emerging financial instruments, B2B e-commerce
Credit card
A credit card is part of a system of payments named after the small plastic card issued to
users of the system. The issuer of the card grants a line of credit to the consumer (or the
user) from which the user can borrow money for payment to a merchant or as a cash
advance to the user. A credit card is different from a charge card, where a charge card
requires the balance to be paid in full each month. In contrast, credit cards allow the
consumers to 'revolve' their balance, at the cost of having interest charged. Most credit
cards are issued by local banks or credit unions, and are the same shape and size as
specified by the ISO 7810 standard
Credit cards are issued after an account has been approved by the credit provider, after which
cardholders can use it to make purchases at merchants accepting that card.
When a purchase is made, the credit card user agrees to pay the card issuer. The cardholder
indicates his/her consent to pay, by signing a receipt with a record of the card details and
indicating the amount to be paid or by entering a Personal identification number (PIN). Also,
many merchants now accept verbal authorizations via telephone and electronic authorization
using the Internet, known as a 'Card/Cardholder Not Present' (CNP) transaction.
Electronic verification systems allow merchants to verify that the card is valid and the credit
card customer has sufficient credit to cover the purchase in a few seconds, allowing the
verification to happen at time of purchase. The verification is performed using a credit card
payment terminal or Point of Sale (POS) system with a communications link to the
merchant's acquiring bank. Data from the card is obtained from a magnetic stripe or chip on
the card; the latter system is in the United Kingdom and Ireland commonly known as Chip
and PIN, but is more technically an EMV card.
Each month, the credit card user is sent a statement indicating the purchases undertaken with
the card, any outstanding fees, and the total amount owed. After receiving the statement, the
cardholder may dispute any charges that he or she thinks are incorrect (see Fair Credit Billing
Act for details of the US regulations). Otherwise, the cardholder must pay a defined
minimum proportion of the bill by a due date, or may choose to pay a higher amount up to the
entire amount owed. The credit provider charges interest on the amount owed if the balance is
not paid in full (typically at a much higher rate than most other forms of debt). Some
financial institutions can arrange for automatic payments to be deducted from the user's bank
accounts, thus avoiding late payment altogether as long as the cardholder has sufficient funds.
ELECTRONIC DATA INTERCHANGE
Electronic Data Interchange (EDI) is a set of standards for structuring information that is to
be electronically exchanged between and within businesses, organizations, government
entities and other groups. The standards describe structures that emulate documents, for
example purchase orders to automate purchasing. The term EDI is also used to refer to the
implementation and operation of systems and processes for creating, transmitting, and
receiving EDI documents. Electronic Data Interchange can be formally defined as 'The
transfer of structured data, by agreed message standards, from one computer system to
another without human intervention'. Most other definitions used are variations on this theme.
EDI documents generally contain the same information that would normally be found
in a paper document used for the same organizational function. For example an EDI 940 ship-
from-warehouse order is used by a manufacturer to tell a warehouse to ship product to a
retailer. It typically has a ship to address, bill to address, a list of product numbers (usually a
UPC code) and quantities. It may have other information if the parties agree to include it.
However, EDI is not confined to just business data related to trade but encompasses all fields
such as medicine (e.g., patient records and laboratory results), transport (e.g., container and
modal information), engineering and construction, etc. In some cases, EDI will be used to
create a new business information flow (that was not a paper flow before). This is the case in
the Advanced Shipment Notification (856) which was designed to inform the receiver of a
shipment, the goods to be received and how the goods are packaged.
Organizations that send or receive documents from each other are referred to as
"trading partners" in EDI terminology. The trading partners agree on the specific information
to be transmitted and how it should be used. This is done in human readable specifications
(also called Message Implementation Guidelines). While the standards are analogous to
building codes, the specifications are analogous to blue prints. (The specification may also be
called a mapping but the term mapping is typically reserved for specific machine readable
instructions given to the translation software.) Larger trading "hubs" have existing Message
Implementation Guidelines which mirror their business processes for processing EDI and
they are usually unwilling to modify their EDI business practices to meet the needs of their
trading partners. Often in a large company these EDI guidelines will be written to be generic
enough to be used by different branches or divisions and therefore will contain information
not needed for a particular business document exchange. For other large companies, they may
create separate EDI guidelines for each branch/division.
EDI and other similar technologies save company money by providing alternative to or
replacing information flows that require a great deal of human interaction and materials such
as paper documents, meetings, faxes, etc. Even when paper documents are maintained in
parallel with EDI exchange, e.g. printed shipping manifests, electronic exchange and the use
of data from that exchange reduces the handling costs of sorting, distributing, organizing, and
searching paper documents. EDI and similar technologies allow a company to take advantage
of the benefits of storing and manipulating data electronically without the cost of manual
entry or scanning.
Barriers to implementation
There are a few barriers to adopting electronic data interchange. One of the most significant
barriers is the 1. Accompanying business process change. Existing business processes built
around slow paper handling may not be suited for EDI and would require changes to
accommodate automated processing of business documents. For example, a business may
receive the bulk of their goods by 1 or 2 day shipping and all of their invoices by mail. The
existing process may therefore assume that goods are typically received before the invoice.
With EDI, the invoice will typically be sent when the goods ship and will therefore require a
process that handles large numbers of invoices whose corresponding goods have not yet been
received.
Another significant barrier is 2 The cost in time and money in the initial set-up. The
preliminary expenses and time that arise from the implementation, customization and training
can be costly and therefore may discourage some businesses. The key is to determine what
method of integration is right for your company which will determine the cost of
implementation. For a business that only receives one P.O. per year from a client, fully
integrated EDI may not make economic sense. In this case, businesses may implement
inexpensive "rip and read" solutions or use outsourced EDI solutions provided by EDI
"Service Bureaus". For other businesses, the implementation of an integrated EDI solution
may be necessary as increases in trading volumes brought on by EDI force them to re-
implement their order processing business processes.
The key hindrance to a successful implementation of EDI is the perception many businesses
have of the nature of EDI. Many view EDI from the technical perspective that EDI is a data
format; it would be more accurate to take the business view that EDI is a system for
exchanging business documents with external entities, and integrating the data from those
documents into the company's internal systems. Successful implementations of EDI take into
account the effect externally generated information will have on their internal systems and
validate the business information received. For example, allowing a supplier to update a
retailer's Accounts Payables system without appropriate checks and balances would be a
recipe for disaster. Businesses new to the implementation of EDI should take pains to avoid
such pitfalls.
Increased efficiency and cost savings drive the adoption of EDI for most trading partners. But
even if a company would not choose to use EDI on their own, pressures from larger trading
partners called hubs often force smaller trading partners to use EDI.
All Organization and administrative association with large information system faces a
situation where typing and printing of all information arriving or leaving their domain is no
longer feasible. Everyone who works in a business organization where hundreds and
thousands of standard forms, (e.g. invoices) and received and responded to, knows how
difficult it is to manage this task. These forms should be entered in the computer for
processing, and response, should be generated and posted to the concerned parties. The whole
process is time-consuming and prone to human errors during data entry and expensive to
operate. Electronic Data Interchange (EDI) is the electronic exchange of business documents
in a standard, computer process able, and universally accepted format between-trading
partners. EDI is quite different from sending electronic mail, messages or sharing files
through a network. In EDI, the computer application of both the sender and the receiver,
referred to as Trading Partners (TPs) have to agree upon the format of the business document
which is sent as a data file over an electronic messaging services. Refer figure 5.1, it
illustrates how EDI messages can be used to totally automate the procurement process
between two trading partners.
The two key aspects of EDI that distinguish it from other forms of electronic communication,
such as electronic mail, are: The information transmitted is directly used by the recipient
computer without the need for human intervention is rarely mentioned but often assumed that
EDI refers to interchange between businesses. It involves two or more organization or parts
of organization communicating business information with each other in a common agreed
format. The repeated keying of identical information in the traditional paper-based business.
Communication creates a number of problems that can be significantly reduced through the
usage of EDI. These problems include: -
· Increased time
· Low accuracy
· Increased uncertainty.
To take full advantage of EDI’s benefits, a company must computerize its basic business
applications. Trading partners are individual organization that agrees to exchange EDI
transactions. EDI cannot be undertaken unilaterally but requires the cooperation and active
participation of trading partners. Trading partners normally consists of an organization’s
principal suppliers and wholesale customers. Since large retail stores transact business with a
large number of suppliers they were among the early supporters of EDI In the manufacturing
sector, EDI has enabled the concept of Just-In-Time inventory to be implemented. JIT
reduces inventory and operating capital requirements.
Wherever the EDI has been implemented, computers electronically exchange business
documents with each other, without human intervention. This only reduces the operating
costs, administrative errors, and delivery delays. The benefits accruing from EDI
implementation can be broadly classified into direct benefits and long-term strategic benefits.
Direct Benefits
· Cost of processing EDI documents is much smaller than that of processing paper
documents.
· Customer service is improved. The quick transfer of business documents and marked
decrease in errors allow orders to be fulfilled faster.
· There is an improved job satisfaction among the data entry operators, clerks etc. When
redeployed in more creative activities.
Strategic Benefits
· Customer relations are improved through better quality and speed of services.
· More accurate sales forecasting and business planning is possible due to information
availability at the right place at the right time.
For the successful functioning EDI, it assumes availability of a wide area network to which
organization can subscribe. All organization that is willing to join EDI services must
subscribe to the common network. In addition, all organization participating in a EDI service-
group that they will use, and load appropriate EDI software on their compute systems. This
software is responsible for providing translation services. EDI services and network access
services as shown in figure 5.2.
When a sender’s computer system produces a message and passes it to the translation service
software. This translates the message into the common agreed structure and passes it to EDI
service software. EDI service software executes necessary functions and procedures to send
the message, track it in the network and ensure that it reaches its destination. EDI services, in
addition, may include procedures to ensure security functions, billing and accounting
functions and generate necessary logs for auditing purposes. Network access services are
responsible for actually controlling the interaction with the network that transports messages
from one site to another. The transport network provides a powerful electronic messaging
service to support EDI services. Transport network uses a “store and forward mechanism”
and messages are sent to ‘mail boxes’ that are managed by the network service provider. The
originator can send his messages at any time independent of the recipient’s system status, Le.
whether or not it is ready for receiving. The recipient systems periodically check their
mailboxes and transfer messages from network mailboxes to their own memory. Thus a
transfer cycle is completed. The receiving computer applies necessary translator and converts
the received message into a format understandable by its application software. The
application software is programmed to recognize various messages and take necessary
actions such as generating response to receive messages and updating other database.
Functioning of EDI
Exchange of date with several trading partners directly. Interaction with multiple companies
through a central information-
clearing house.
party’s computer system, which then sends them to the appropriate receiver’s computer. This
enables the sender to communicate with an unlimited number of trading partners
without worrying about the proprietary system audit trails, variables transmission speeds,
and general computer compatibility.
· Prior to any computer work, representatives of two companies interested in exchanging data
electronically meet to specify the application in the EDI standards, which they will
implement.
· Each company-adds EDI program to its computer to translate the company data into
standard formats for transmission, and for the reverse translation in the data it receives.
The sender transmits the database formatted in the EDI standards tot he receiver who then
translates the formatted message to a computer record to be processed and used internally.
All transmission is checked both electronically and functionally and the protocol includes
procedure for the error detection and correction. Once a company has established
standardized communications with another company, it is now in a position to communicate
with any other company that is also using the EDI standards.
· Collection of data for its own operational or statistical requirements, which is edited to be
added to its own database.
EDI transaction sets, and finally it is transmitted to the company or organization requiring it
for valid reasons.· The frequency of preparing this information is determined by the
operational requirements of each recipient.
· The Receiver receives the information transmission, checks for its physical characteristics
(parity, checks character, transmission mode), and requests for retransmission if an error is
detected in the physical characteristics of the transmission.
· Checking the functional characteristics of the data by the receiver and an acknowledgement
sent to the original sender for receiving the transmission and to identify any errors detected.
· To process the information received by the receiver according to its own internal procedures
and timing requirement.
EDI Components
in figure 5.4.
1. Application Service.
2. Translation Service
3. Communication Service
EDI Services
Application Service
partners.
are available.
Services:
Translation Service.
this.
file.
communication Services.
For incoming documents:
files.
Communication Service
Service:
the trading partner. The file arrives through one of the gateways
Translation Service.
document format.
Transmission File
banking day. A third major network the society for World -Wide
be useful for almost any sector, banks have been the primary
of information.
modification.
encription key known as its private key and receiver decrypts the
else knows the private key of the pair allotted to the transmitter.
Messages are:
this feature.