Electronic Fund Transfer (EFT)

Electronic payment means paying the amount for purchased goods electronically which was developed when
guided transmission media were used for transferring information.

Electronic Fund Transfer (EFT), is defined as a process of transferring funds electronically from one
financial institution to another. This type of electronic transfer started using different electronic devices like
computers, telephone devices, electronic terminals, telecommunications devices. This transfer is done for
ordering, instructing and authorizing a bank to debit/credit an account.

Electronic fund transfer is different from traditional methods of payment that depends on physical
delivery of cash by using physical means of transport. Electronic funds transfer can be segmented into three
broad categories :

1. Banking and financial payments

♦ Large-scale or wholesale payments - Bank-to-bank transfer is a good example for this kind of
payment where the funds flow from one bank to another.
♦ Small-scale or retail payments -Automated teller machines and cash dispensers are examples for
this kind of payment using ATM, a customer can withdraw money from anywhere and at anytime.
♦ Home banking - Home banking service can be classified into three types.
1) Basic services include personal finance service.
2) Intermediate services include financial management.
3) Advanced services include trading service.

2. Retailing payments -

♦Credit cards (e.g., VISA or MasterCard)

♦Private label credit / debit cards (e.g., J.C. Penney Card)
♦Charge cards (e.g., American Express)

3. On-line electronic commerce payments i) Token-based payment systems

♦ Electronic cash (e.g., DigiCash)

- It is a form of digital cash which provides a high level of security. It also reduces the overhead of
paper cash.

♦ Electronic checks (e.g., NetCheque)

 - E-check is another form of electronic payment system. These checks are
preferred when a customer is willing to make a payment without using
paper currency.

♦ Smart cards or debit cards (e.g., Mondex Electronic Currency Card)

- Smart cards are similar to debit/credit card but with enhanced features such as
microprocessor that have the ability to store massive amount to information which is 80
times greater than conventional, magnetic strip cards.

ii) Credit card - based payment systems

The different types of credit-card based payment systems are :

♦ Plain credit-card payment system - In this type of payment system, the credit card transaction is
provided without using any encryption techniques. It is one of the simplest form of payment
system.
♦ Encrypted credit-card payment system - In this type of payment system, the credit card is encrypted
before performing any transaction using various encryption schemes like Privacy Enhanced Mail
(PEM) and Pretty Good Privacy (PGP).
♦ On-line Third party credit card payment system - Security and verification can be provided by using
third-party, which is a company that gathers and verifies the payment of funds that flow from one
party to a another.

Digital Token-Based Electronic Payment Systems

None of the banking or retailing payment methods are completely adequate in their present . form for the
consumer-oriented e-commerce environment. Their deficiency is their assumption that the parties will at some
time or other be in each other’s physical presence or that there will be a sufficient delay in the payment process
for frauds, overdrafts, and other undesirables to be identified and corrected. These assumptions may not hold for
e-commerce and so many of these payment mechanisms are being modified and adapted for the conduct of
business over networks.

Electronic tokens are of three types :

1. Cash or real-time : Transactions are settled with the exchange of electronic currency. An example of
on-line currency is electronic cash (e-cash).
2. Debit or prepaid : Users pay in advance for the privilege of getting information. Examples of prepaid
payment mechanisms are stored in smart cards and electronic purses that store electronic money.
3. Credit or postpaid: The server authenticates the customers and verifies with the bank that funds are
adequate before purchase. Examples of postpaid mechanisms are credit/debit cards and electronic
checks.

Four dimensions that are useful for handling electronic tokens are :

1. Nature of transaction
2. Settlement system
3. Approach to security, anonymity, and authentication .4. Risk assumption
1. The nature of the transaction for which the instrument is designed. Some tokens are specifically
designed to handle micropayments, that is, payments for small snippets of information. Others are
designed for more traditional products. Some systems target specific niche transactions; others
seek more general transactions. The key is to identify the parties involved, the average amounts,
and , the purchase interaction.
2. The means of settlement used. Tokens must be backed by cash, credit, electronic bill payments,
cashier's checks, IOUs, letters and lines of credit, and wire transfers, to name a few. Each option
incurs trade-offs among transaction speed, risk, and cost. Most transaction settlement methods
use credit cards, while others use other proxies for value, effectively creating currencies of dubious
liquidity and with interesting tax, risk, and float implications.
3. Approach to security, anonymity, and authentication. Electronic tokens vary in the protection of
privacy and confidentiality of the transactions. Encryption can help with authentication,
nonrepudiability, and asset management.
4. The question of risk. Risk also rises if the transaction has long lag times between product delivery
and payments to merchants. The tokens might suddenly become worthless and the customers
might have the currency that nobody will accept. If the system stores value in a smart card,
consumers may be exposed to risk as they hold static assets. Also electronic tokens might be
subject to discounting or arbitrage. This exposed merchants to the risk that buyers don't pay or
vice-versa that the vendor doesn't deliver.
Electronic Cash (e-cash)

Electronic, cash (e-cash) is a new concepts in on-line payment systems because it combines computerized
convenience with security and privacy that improve on paper cash. It versatility opens up a host of new markets
and applications. E-cash presents some interesting characteristics that should make it an attractive alternative for
payment over the Internet.

E-cash focuses on replacing cash as the principal payment vehicle in consumer-oriented electronic
payments. Although it may be surprising to some cash is still the most prevalent consumer payment instrument
even after thirty years of continuous developments in electronic payment systems.

Cash remains the dominant form of payment for three reasons :

1) lack of trust in the banking system

2) inefficient clearing and settlement of non cash transactions, and
3) negative real interest rates paid on bank deposits.

The predominance of cash indicates an opportunity for innovative business practice that revamps the
purchasing process where consumers are heavy users to cash. To really displace cash, the electronic payment
systems need to have some qualities of cash that current credit and debit cards lack. For example, cash is
negotiable, meaning it can be given or traded to someone else. Cash is legal tender, meaning the payee is
obligated to take it. Cash is a bearer instrument, meaning that possession is prima facie proof of ownership. Also,
cash can be held and used by anyone even those who don't have a bank account, and cash places no risk on the
part of the acceptor that the medium of exchange may not be good.

Properties of Electronic Cash

There are many ways that exist for implementing an e-cash system, all must incorporate a few common features.

Specifically, e-cash must have the following four properties :

1) Monetary value
2) Interpretability
3) Irretrievability and
4) Security

1) Monetary value - E-cash must have a monetary value; it must be backed by either cash, by one bank is
accepted by others, reconciliation must occur without any problems. Stated another way, e-cash
without proper bank certification carries the risk that when deposited, it might be returned for
insufficient funds.

2) Interoperability - E-cash must be interoperable i.e., exchangeable as payment for other e-cash, paper cash,
goods or services, lines of credit, deposits in banking accounts, bank notes or obligations, electronic
benefits transfers, and the like. Most e-cash proposals use a single bank. In practice, multiple banks are
required with an international clearinghouse that handles the exchangeability issues because all
customers are not going to be using the same bank or even be in the same country.
3) Retrievability and Storability - E-cash must be storable and retrievable. Remote storage and reactively (e.g.,
 from a telephone or personal communications device) would allow users to exchange e-cash (e.g.,
withdraw from and deposit into banking accounts) from home or office or while traveling. The cash
could be stored on a remote computer's memory, in smart cards, or in other easily transported
standard or special-purpose devices. Because it might be easy to create counterfeit cash that is stored
in a computer, it might be preferable to store cash on a dedicated device that cannot be altered. This
device should have a suitable interface to facilitate personal authentication using passwords or other
means and a display so that the user can view the card's contents.
4) Security and Protection - It is very important to provide security while an e-cash exchange transaction is
being processed so that it is not easy to copy or swindle the transaction. The major problem present in
the internet is forgery which is very difficult to.detecf if appropriate conformity is not available.
Methods should be implemented to detect and avoid double spending of e-cash. It is very difficult to
prevent this issue if multiple banks are responsible for handling transaction exchange.

Operational Risks in E-cash

Operational risk can be handled by introducing limitations on,

1) Validity period of electronic money

2) Amount that can be stored and sent by electronic money
3) Number of transactions that occur before redepositing the cash in a bank.
4) Number of exchange transaction that occur over a period of time.

Because of these limitations, there could be problem while implementing e-cash. The main purpose of
introducing or enforcing there limitations is to confine the liability of and Be enforced to an individual transaction
depending on the cost. It is not possible to report about exchange transaction if a PC is programmed to run micro
transaction recursively at a high speed. In order to overcome this problem, a new system can be developed to
execute the transactions keeping in view the size and its time period.

It is possible to limit the exchanges depending on the product or service standards. The major threat to
a seller occurs when the buyer refuses to pay the seller until the product is delivered within the specific time
period and the threat to the buyer occurs when seller refuses to deliver the product and buyer until it receive the
payment.

Electronic Cash in Action

Electronic cash is based on cryptographic systems called ''digital signatures". This method involves a pair of
numeric keys (very large integers or numbers) that work in tandem: one for locking (or encoding) and the other
for unlocking (or decoding). Messages encoding with one numeric key can only be decoded with the other
numeric key and none other. The encoding key is kept private and the decoding key is made public.

By supplying all customers (buyers and sellers) with its public key, a bank enables customers to decode
any message (or currency) encoded with the bank's private key. If decoding by a customer yields a recognizable
message, the customer can be fairly confident that only the bank could have encoded it. These digital signatures
are as secure as the . mathematics involved and have proved over the past two decades to be more resistant to
forgery than handwritten signatures. Before e-cash can be used to buy products or services, it must be procured
from a currency server.

Purchasing E-cash from Currency Servers

The purchase of e-cash from an on-line currency server involves two steps :

1. Establishment of an account and

2. Maintaining enough money in the account to back the purchase.

Some customers might prefer to purchase e-cash with paper currency, either to maintain anonymity or
because they don't have a bank account.

Currently, in most e-cash trails all customers must have an account with a central on-line bank. This is
overly restrictive for international use and multicurrency transactions, for customers should be able to access and
pay for foreign services as well as local services. To support this access, e-cash must be available in multiple
currencies backed by several banks.

And finally, consumers use the e-cash software on the computer to generate a random number, which
serves as the "note". In exchange for money debited from the customer's account, the bank uses its private key
to digitally sign the note for the amount requested and transmits the note back to the customer.

This method of note generation is very secure, as neither the customer (payer) nor. the merchant
(payee) can counterfeit the bank's digital signature (analogous to the watermark in paper currency). Payer and
payee can verify that the payment is valid, since each knows the bank's public key. The bank is protected against
forgery, the payee .against the bank's refusal to honor a legitimate note, and the user against false accusations
and invasion of privacy.

Using the Digital Currency

Once the tokens are purchased, the e-cash software on the customer's PC stores digital money undersigned by a
bank. The user can spend the digital money at any shop accepting e-cash, without having to open an account
there first or having to transmit credit card numbers. As soon as the customer wants to make a payment, the
software collects the necessary amount from the stored tokens.

Detection of Double Spending in E-cash

Two types of transactions are possible using digital money:

1. Bilateral and
2. Trilateral

Typically, transactions involving cash are bilateral or two-party (buyer and seller) transactions, whereby
the merchant checks the veracity of the note's digital signature by using the bank's public key. Transactions
involving financial instruments other than cash are usually trilateral or three-party (buyer, seller, and bank)
transactions, whereby the "notes" are sent to the merchant, who immediately sends them directly to the digital
bank. The bank verifies the validity of these "notes" and that they have not been spent before. The account of
the merchant is credited. In this case, every "note" can be used only once.

To uncover double spending, banks must compare the note passed to it by the merchant against a
database of spent notes. Just as paper currency is identified with a unique serial number, digital cash can also be
protected. The ability to detect double spending has to involve some form of registration so that all "notes"
issued globally can be uniquely identified. However, this method of matching notes with a central registry has
problems in the on-line World. For most systems, which handle high volumes of micro payments, this method
would simply be too expensive. In addition, the problem of double spending means that banks have to carry
added overhead because of the constant checking and auditing logs.
 One drawback of e-cash is its inability to be easily divided into smaller amounts. It is often necessary to get
small denomination change in business transactions. A number of variations have been developed for dealing with
the "change" problem.

Legal Issues.

Electronic cash will force bankers and regulators to make tough choices that will shape the form of lawful
commercial activity related to electronic commerce. As a result of the very features that make it so attractive to
many, cash has occupied an unstable and uncomfortable place within the existing taxation and law enforcement
systems.

Anonymous and virtually untraceable, cash transactions today occupy a place in a kind of underground
economy. This underground economy is generally confined to relatively small-scale transactions because paper money
in large quantities is cumbersome to use and manipulate - organized crime being the obvious exception.

The Impact of e-cash on Taxation

Transaction-based taxes (e.g., sales taxes) account for a significant portion of state and local government revenue.
But it e-cash really is made to function the way that paper money does, payments we would never think of making
in cash to buy a new car, say, or as the down payment on a house could be made in this new form of currency
because there would be no problem of bulk and no risk of robbery. The threat to the government's revenue flow is a
very real one, and officials in government are starting to take cognizance of this development and to prepare their
responses.

Business Issues

Electronic cash fulfills two main functions:

1) as medium of exchange and

2) as a store of value.
Medium of exchange - Digital money is a perfect medium of exchange. E-cash has become an important and easy
way of processing exchange transactions. The complexity of interlocking credits and liabilities is simplified by
assigning value in terms of money of e-cash and by making settlements of transaction instantaneously.

For instance, small businesses that spend months waiting for big customers to pay their bills would
benefit hugely from a digital system in which instant settlement is the norm. Instant settlement of micro
payments is also a tantalizing proposition.

Storage of Values - Paper currency is perceptible and treated as legal tender which means that payee cannot
refuse to accept it. If this cash is bank certified, many people wishes to use financial institutions like banks to
store their money and settle their payments using checks or debit cards. On the other hand if e-cash is treated as
a legal tender it would create a problem if each component of e-cash represent a real cash element then there
will be no rate of interest earned on real balances of e-cash.

The other business issue that is related to e-cash arises if there is huge up and down in face value of
cash. E-cash is more suitable for being exchanged at traditional rates of market rather than using it for by passing
foreign exchange market. The only way of starting conventional exchange market is to develop its own gray
market.

Electronic Checks

Electronic checks are another form of electronic payment system. They are designed to accommodate the many
individuals and entities that might prefer to pay on credit or through some mechanism other than cash. In the
model shown in Fig. below, buyers must register with a third-party account server before they are able to write
electronic checks. The account server also acts as a billing service. The registration procedure can vary depending
on the particular account server and may require a credit card or a bank account to back the checks.

Once registered, a buyer can then contact sellers of goods and services. To complete a transaction, the
buyer sends a check to the seller for a certain amount of money. These checks may be sent using e-mail or other
transport methods. When deposited, the check authorizes the transfer of account balances from the account
against which the check was drawn to the account to which the check was deposited.

The e-check method was deliberately created to work in much the same way as a conventional paper
check. An account holder will issue an electronic document that contains the name of the payer, the name of the
financial institution, the payer's account number, the name of the payee and the amount of the check. Most of
the information is in uncoded form.

Like a paper check, an e-check will bear the digital equivalent of a signature : a computed number that
authenticates the check as coming from the owner of the account, And, again like a paper check, an e-check, an
e-check will need to be endorsed by the payee, using another electronic signature, before the check can be paid.
Properly signed and endorsed checks can be electronically exchanged between financial institutions through
electronic clearing houses, with the institutions using these endorsed checks as tender to settle accounts.

Electronic check is a form of electronic document which contains the following information:

1. Payer's name
2. Bank's name
3. Account number of payer
4. Payee's name
5. Amount to be paid

Electronic checks have the following advantages :

♦ They work in the same way as traditional checks, thus simplifying customer

♦ Electronic checks are well suited for clearing micropayments; their use of conventional cryptography
makes it much faster than systems based on public-key cryptography (e-cash).,
♦ Electronic checks create float and the availability of float is an important requirement for commerce. The
third-party accounting server can make money by charging the buyer or seller a transaction fee or a
flat rate fee, or it can acts as a bank and provide deposit accounts and make money on the deposit
account pool.
♦ Financial risk is assumed by the accounting server and may result-in easier acceptance. Reliability and
scalability are provided by using multiple accounting servers. There can be an inter account server
protocol to allow buyer and seller to "belong" to different domains, regions, or countries.

A prototype electronic check system called "NetCheque" was developed at Information Sciences Institute by
Clifford Neumann. NetCheque will include software for writing and depositing checks independent of other
applications and an application programming interface that will allow common functions to be called
automatically when, integrated with other programs. The interesting implication of NetCheque is that it can be
used as a resource management tool inside organizations, a form of an internal cash... .

Smart Cards and Electronic Payment Systems

As electronic tokens are not very secure and do not have the ability to manage multiple transactions,
another form of electronic payment system was developed that replaced the electronic token. This form of
system is called smart cards that provide more security while exchange transaction is being performed.

Smart cards are credit and debit cards and other card products enhanced with microprocessors capable
of holding more information than the traditional magnetic stripe. The chip, at its current state of development,
can store significantly greater amounts of data, estimated to be 80 times more than a magnetic stripe. Industry
observes have predicted that, by the year 2000, one-half of all payment cards issued in the world will have
embedded microprocessors rather than the simple magnetic stripe.

The smart card technology is widely used in countries such as France, Germany, Japan, and Singapore
to pay for public phone calls, transportation, and shopper loyalty-programs. The idea has taken longer to catch
on in the United States, since a highly reliable and fairly inexpensive telecommunications system has favored the
use of credit and debit cards.

Smart cards are basically of two types :

1. Relationship-based smart credit cards and

2. Electronic purses.

Electronic purses, which replace money, are also known as debit cards and electronic money.

1. Relationship-Based Smart Cards

Financial institutions worldwide are developing new methods to maintain and expand their services to meet the
needs of increasingly sophisticated and technically smart customers, as well as to meet the emerging payment
needs of electronic commerce. Traditional credit cards are fast evolving into smart cards as consumers demand
payment and financial' services products that are user-friendly, convenient, and reliable:

A relationship-based smart card is an enhancement of existing card services and/or the addition of new
services that a financial institution delivers to its customers via a chip-based card or other device.

The new services may include access to :

1) multiple financial accounts,

2) value-added marketing programs,
3) other information cardholders may want to store on their Card.

The chip-based card is but one tool that will help alter mass marketing techniques to address each
individual's specific financial and personal requirements. Enhanced credit cards store cardholder information
including name, birth date, personal, shopping preferences, and actual purchase records. This information will
enable merchants to accurately track consumer behavior and develop promotional programs designed to
increase shopper loyalty.

Relationship-based products are expected to offer consumers far greater options (advantages),
including the following:

1) Access to multiple accounts, such as debit, credit, investments or stored value for e-cash, on one
card or an electronic device.
2) A variety of functions, such as cash access, bill payment, balance inquiry, or funds transfer for
selected accounts.
3) Multiple access options at multiple locations using multiple device types, such as an automated
teller machine, a screen phone, a personal computer, a personal digital assistant (PDA), or
interactive TVs.

2. Electronic Purses and Debit Cards

Despite their increasing flexibility, relationship-based cards are credit based and settlement occurs at the end of
the billing cycle. There remains a need for a financial instrument to replace each, To meet this need, banks, credit
card companies, and even government institutions are racing to introduce "electronic purses", wallet-sized smart
cards embedded with programmable microchips that store sums of money for people to use instead of cash for
everything from buying food, to making photocopies, to paying subway fares.

The electronic purse works in the following manner:

- After the purse is loaded with money, at an ATM or through the use of an inexpensive special
telephone, it can be used to pay for, say, candy in a vending machine equipped with a card
reader.
- The vending machine need only verify that a card is authentic and there is enough money
available for a chocolate bar.
- The remaining balance on the card is displayed by the vending machine. The remaining balance
on the card is displayed by the vending machine or can be checked at an ATM or with a balance-
reading device.

When the balance on an electronic purse is deducted, the purse can be recharged with more money. As
for the vendor, the receipts can be collected periodically in person or, more Hkely, by telephone and transferred
to a bank account. While the technology has been available for a decade, the cards have been relatively
expensive.

Smart-Card Readers and Smart Phones

Smart card readers are used to perform reading and writing operations and also used as a tool for
supporting different types of key management methods. With the help of smart card exchange transactions can-
be performed remotely using electronic devices like computer, POS terminal and a screen phone.

The card reader features a two-line by 16-character display that can show both a prompt and the
response entered by the user. Efficiency is further enhanced by color-coded function keys, which can be
programmed to perform the most frequently used operations in a single keystroke. It can communicate via a RS-
232 serial interface with the full range of transaction automation systems, including PCs and electronic cash
registers

Screen phones are the most popular card reader. Some of the features of screen phones are:

1) Screen that displays 4 line by 32 characters display.

2) Magnetic strip embedded with card reader.
3) Keypad for executing complex transactions.
4) Full-duplex speaker phone capability.
5) Dialing directory
6) Call log for maintaining call history.
Smart card readers can be customized for specific environments. The operating environment allows
programmers to use the C programming language to create and modify applications without compromising the
device's security functions.

Electronic Tokens - Refer to Q.Nb.: 2

1. Electronic Cash - Refer to Q.No.: 3,4

2. Electronic Check - Refer to Q.No.: 7
3. Smart Cards - Refer to Q.No.: 8
Business Issues and Smart Cards

For merchants, smart cards are very convenient alternative to handling cash, which is becoming a
nightmare. Cash is expensive to handle, count, and deposit and incurs slippage, a commercial term for theft,
fraud, or misplacement. Long-range planners in the banking industry see the weaning of small businesses and
consumers from cash as the last step to closing many expensive branches and conducting virtually all business by
telephone, through cash machines and perhaps home computers. In fact, it is estimated that 4 percent of the
value of cash that is deposited gets eaten up in handling costs. Banks and card issuers also expect to cut down on
fraud, given that an embedded microchip is harder to tamper with than magnetic stripe technology.

The most extensive deployment of the electronic purses so far has come in Denmark, where a
consortium of banks and telephone companies, known as Danmont, has issued more than 150,000 stored-value
cards, aimed at very small transactions like those at parking the cards reduce theft and vandalism and increase
sales. Danmont makes money by earning interest on the money it holds on the cards, called the float, and by
charging vending machine owners who use the system about 3 cards and their ability to authenticate themselves
will make them useful for payment related to electronic commerce services.

Credit Card - Based Electronic Payment Systems

To avoid the complexity associated with digital cash and electronic checks, consumers and vendors are also
looking at credit card payments on the Internet as one possible time-tested alternative. There is nothing new in
the basic process. If consumers want to purchase a product or service, they simply send their credit card details
to the service provider involved and the credit card organization will handle this payment like any other.

The credit card payment on on-line networks are divided into three basic categories :

1) Payments using plain credit card details : The easiest method of payment is the exchange of
unencrypted credit cards over a public network such as telephone lines or the Internet. The low level
of security inherent in the design of the Internet makes this method problematic. Authentication is
also a significant problem, and the vendor is usually responsible to ensure that the person using the
credit card is its owner. Without encryption there is no way to do this.

2) Payments using encrypted credit card details : It would make sense to encrypt your credit card details
before sending them out, but even then there are certain factors to consider. One would be the cost
of a credit card transaction itself. Such cost would prohibit low-value payments by adding costs to
the transactions.
3) Payments using third-party verification : One solution to security and verification problems is the
introduction of a third party - a company that collects and approves payments from one client to
another. After a certain period of time, one credit card transaction for the total accumulated amount
is completed.

1. Plain Unencrypted Credit Cards

This is the simplest form of payment over public network such as internet. The problems that arises using plain
credit card are:

1) Security level provided by internet is very low that allow any hacker to interpret the network and
gather valuable information like credit card number, account number etc.
2) Lack of authentication techniques to that fails to identify the identity of the card holder.
 Security and authentication can be provided by using a thrid-party which is a company that gathers arid
verifies the payment of funds that flows from one party to another.

Companies that are providing infrastructure to online credit card processing are First Virtual Holdings
(FVH), interactive transaction partners, VISA interactive, Master banking.
2. Encryption and Credit Cards

Encryption is instantiated when credit card information is entered into at browser or other electronic
commerce device and sent securely over the network from buyer to seller as an encrypted message. To make a
credit card transaction truly secure and nonrefutable, the following sequence of steps must occur before actual
goods, services, or funds flow :

1. A customer presents his or her credit card information (along with an authenticity signature or
other information such as mother's maiden name) securely to the merchant.
2. The merchant validates the customer's identity as the owner of the credit card account.
3. The merchant relays the credit card charge information and signature to its bank or on-line credit
card processors.
4. The bank or processing party relays the information to the customer's bank for authorization
approval.
5. The customer's bank returns the credit card data, charge authentication, and authorization to the
merchant.

In this scheme, each consumer and each vendor generates a public key and a secret key is re-encrypted
with a password, and the unencrypted version is erased. To steal a credit card, a thief would have to get access to
both a consumer's encrypted secret key and password. The credit card company sends the consumer a credit
card number and a credit limit.
 Nobody can cheat this system. The consumer can't claim that he didn't agree to the transaction,
because he signed it (as in everyday life). The vendor can't invent fake charges,. because he doesn't have access
to the consumer's key. He can't submit the same charge twice, because the consumer included the precise time
in the message. To become useful, credit card systems will have to develop distributed key servers and card
checkers. Otherwise, a concentrated attack on these sites could bring the system to a halt.

3. Third-Party Processors and Credit Cards

In third-party processing, consumers register with a third party on the Internet to verify electronic micro
transactions. Verification mechanisms can be designed with many of the attributes of electronic tokens, including
anonymity.

They differ from electronic token systems in that

1) they depend on existing financial instruments and

2) they require the on-line involvement of at least one additional party and, in some cases, multiple
parties to ensure extra security.
However, requiring an on-line third-party connection for each transaction to different banks could lead
to processing bottlenecks that could undermine the goal of reliable use.

OTPPs(On-line Third Party Processors) have created a six-step process that they believe will be a fast
and efficient way to buy information on-line.

1. The consumer acquires an OTPP account number by filling our a registration form. This will give
the OTPP a customer information profile that is backed by a traditional financial instruments such
as a credit card.
2. To purchase an article, software, or other information on-line, the consumer requests the item
from the merchant by quoting her OTPP account number. The purchase can take place in one of
two ways : The consumer can automatically authorize the "merchant" via browser settings to can
automatically authorize the "merchant" via browser settings to access her OTPP account and bill
her, or she can type in the account information.
3. The merchant contacts the OTPP payment server with the customer's account number.
4. The OTPP payment server verifies the customer's account number for the vendor and checks for
sufficient funds.
5. The OTPP payment server sends an electronic message to the buyer. This message could be an
automatic WWW form that is sent by the OTPP server or could be a simple e-mail. The buyer
responds to the form of e-mail in one of three ways :

i) Yes, I agree to pay;

ii) No, I will not pay; or

iii) Fraud, I never asked for this.

6. If the OTPP payment server gets a Yes form the customer, the merchant is informed and the customer is
allowed to download the material immediately.
7. The OTPP will not debit the buyer's account until it receives confirmation of purchase completion. Abuse
by buyers who receive information or a product and decline to pay can result in account
suspension.
 An on-line environment suitable for micro-transactions will require that many of the preceding steps be
automated. World Wide Web browsers capable of encryption can serve this purpose. Here the two key servers
are merchant server and payment server. Users first establish an account with the payment server. Then, using a
client browser, a user makes a purchase from a merchant server by clicking on a payment URL (hyper links), which
is attached to the product on a WWW page.

For performing low-value payments on-line it is necessary to automate the previous steps. This can be
made possible by using WWW browser that consists of two servers :

1) seller server
2) billing and accounting server

In order to initiate the transaction both buyer and seller need to register themselves with accounting
server by creating an account. Then, a buyer sends a purchase request to seller server by clicking URL of the
accounting server. Unknown to the customer, the payment URL encodes the following details of purchase :

1) price of item,
1) target URL (for hard goods, this URL is usually an order status page; for information goods,
this URL points to the information customers are purchasing),
2) duration (for information goods, it specifies how long customers can get access to the target
URL).

Payment URLs send the encoded information to the payment server. In other words, the payment URL
directs the customer's browser to the payment server, which authenticates the user by asking her for the
account number and other identification information. If the information entered by the payment transaction. The
payment server then redirects the user's browser (using an HTTP redirect operation) to the purchased item with
an access URL, which encodes the details of the payment transaction (the amount, what was purchased, and
duration).
 The access URL is effectively a digital invoice that has been stamped "paid" by the payment server. It
provides evidence to the merchant that the user has paid for the information and provides a receipt that grants
the user access. The access URL is the original target URL sent by the merchant's server, with additional fields
that contain details of the access :

1) expiration time (optional),

2) user's address (to prevent sharing).

Once a customer is authenticated, the payment is automatically processed. The payment server
implements a modular payment architecture where accounts can be backed by different types of financial
instruments, credit card accounts, prepaid accounts, billed accounts, debit cards, and other payment
mechanisms.

Business Pros and Cons of Credit Card-Based Payment

Third-party processing for credit cards entails a number of pros as well as cons. These companies are chartered
to give credit accounts to individuals and act as bill collection agencies for businesses. Consumers use credit cards
by presenting them for payment and then paying an aggregate bill once a month. Consumers pay either by flat
fee or individual transaction charges for this service. Merchants get paid for the credit card drafts that they
submit to the credit card company. Businesses get charged a transaction charge ranging from 1 percent to 3
percent for each draft submitted.

Credit cards have advantages over checks in that the credit card company assumes a larger share of
financial risk for both buyer and seller in a transaction. Buyers can sometimes dispute a charge retroactively and
have the credit card company act on their behalf. Sellers are ensured that they will be paid for all their sales -
they needn't worry about fraud. This translates into a convenience for the buyer, in that credit card transactions
are usually quicker and easier than check transactions. One disadvantage to credit cards is that their transactions
are not anonymous, and credit card companies do in fact compile valuable data about spending habits.

Encryption and transaction speed must be balanced, however, as research has shown that on-line users
get very impatient and typically wait for 20 seconds before pursuing other actions. Hence, on-line credit card
users must find the process to be accessible, simple and fast. Speed will have design and cost implications, as it is
a function of network capabilities, computing power, available at every server, and the specific form of the
transaction. The infrastructure supporting the exchange must be reliable.

Infrastructure for On-line Credit Card Processing

Transaction processing is an extremely lucrative business and on-line retail transaction processing on
the I-way is expected to be even more so. There is also no question that banks and other financial institutions
must resolve many key issues before offering on-line processing services in e-commerce markets.

Competition among these players is based on service quality, price, processing system speed, customer
support, and reliability. Most third-party processors market their services directly to large regional or national
merchants rather than through financial institutions or independent sales organizations.

Barriers to entry include

1) large initial capital requirements,

2) ongoing expenses related to establishing and maintaining an electronic transaction processing
network,
3) the ability to obtain competitively priced access to an existing network, and
4) the reluctance of merchants to change processors.

Risks in Electronic Payment Systems

One essential challenge of e-commerce is risk management. Operation of the payment systems incurs three
major risks :

1) fraud or mistake,
2) privacy issues, and
3) credit risk.

Preventing mistakes might require improvements in the legal framework. Dealing with privacy and
fraud issues requires improvements in the security framework. Curtailing credit risk requires devising procedures
to constrict or moderate credit and reduce float in the market.

1. Risks from Mistake and Disputes

Virtually all electronic payment systems need some ability to keep automatic records, for obvious reasons. From
a technical standpoint, this is no problem for electronic systems. Credit and debit cards have them and even the
paper based check creates an automatic record. Once information has been captured electronically, it is easy and
inexpensive to keep (it might even cost more to throw it away than to keep it).
 Given the intangible nature of electronic transactions and dispute resolution relying solely on records, a
general law of payment dynamics and banking technology might be: No data need ever be discarded. The record
feature is an after-the-fact transcription of what happened, created without any explicit effort by the transaction
parties.

Features of these automatic records include :

1. permanent storage;
2. accessibility and traceability;
3. a payment system database; and
4. data transfer to payment maker, bank, or monetary authorities.

The need for record keeping for purposes of risk management conflicts with the transaction anonymity
of cash. One can say that anonymity exists today only because cash is a very old concept, invented long before
the computer and networks gave us the ability to track everything. Although a segment of the payment-making
public will always desire transaction anonymity, many believe that anonymity runs counter to the public welfare
because too many tax, smuggling, and/or money laundering possibilities exist.

2. Managing Information Privacy

The electronic payment system must ensure and maintain privacy. Every time on purchase of goods using a credit
card, the request accesses a server, and the information goes into a database and stored somewhere.
Furthermore, all these records can be linked so that they constitute in effect a single dossier. This dossier would
reflect what items were bought and where and when. This violates one the unspoken laws of doing business: that
the privacy of customers should be protected as much as possible.

Privacy must be maintained against eaves droppers on the network and against unauthorized insiders.
The users must be assured that they cannot be easily duped, swindled, or falsely implicated in a fraudulent
transaction. This protection must apply throughout the whole transaction protocol by which a good or service is
purchased and "delivered. This implies that, for many types of transactions, trusted third-party agents will be
needed to vouch for the authenticity and good faith of the involved parties.

3. Managing Credit Risk

Credit or systemic risk is a major concern in net settlement systems because a bank's failure to settle its net
position could lead to a chain reaction of bank failures. The digital central bank must develop policies to deal with
this possibility. Various alternatives exist, each with advantages and disadvantages.

A digital central bank guarantee on settlement removes the insolvency test from the system because
banks will more readily assume credit risks from other banks.

Without such guarantees the development of clearing and settlement systems and money markets may
be impeded.

Designing Electronic Payment Systems

Despite cost and efficiency gains, many hurdles remain to the spread of electronic payment systems. These
include several factors, many nontechnical in nature, that must be addressed before any new payment method
can be successful:

1) Privacy : A user expects to trust in a secure system; just as the telephone is a safe and private
medium free of wiretaps and hacker, electronic communication must merit equal trust.

2) Security : A secure system verifies the identity of two-party transactions through "user
authentication" and reserves flexibility to restrict information/services through access control. No
systems are yet full-proof, although designers are concentrating closely on security.

3) Intuitive interfaces: The payment interface must be as easy to use as a telephone. Generally
speaking, users value convenience more than anything.

4) Database integration : With home banking, for example, a customer wants to play with all his
accounts. To date, separate accounts have been stored on separate databases. The challenge
before banks is to tie these databases together and to allow customers access to any of them
while keeping the data up-to-date and error free.
5) Brokers : A "network banker" - someone to broker goods and services, settle conflicts, and
facilitate financial transactions electronically - must be in place.
6) Pricing : One fundamental issue is how to price payment system services. For example, should
subsidies be used to encourage users to shift from one form of payment to another, from cash to
bank payments, from paper based to e-cash: The problem with subsidies is the potential waste of
resources, as money may be invested in systems that will not be used. Thus, investment in
systems not only might not be recovered but substantial ongoing operational subsidies will also be
necessary.

7) Standards: Without standards, the welding of different payment users into different networks and
different systems is impossible. Standards enable interoperability, giving users the ability to buy
and receive information, regardless of which bank is managing their money.