2. Electronic commerce involves the exchange of some
form of money for goods and services.
Cash can’t be a medium of payment between remote
buyer and seller
Implementation of electronic payment systems is still
growing.
Electronic payments are far cheaper than the
traditional method of mailing out paper invoices and
then processing payments received
Cost of billing a person by mail ranges from 10 to 15 Rs.
Billing a person electronically cost about 2 Rs.
The most common internet payment method for B2B
EC is credit card.
However a concern for customer is security
Electronic payment and protocol
4. Credit cards (e.g. Visa)
Spending limit based on credit history
Interest is charged on outstanding balances not paid
off within a given time
Accepted worldwide
User protection facilitated by a 30-day period that a
purchase may be disputed
Merchant account (that accepts credit card
payments) required by the business
5. Debit cards
The sale amount is removed from user’s account and transfers
to the sellers account
Limited by funds in account plus overdraft (if present)
Stored Value cards (e.g. American Express)
Are similar to prepaid card
Can be used for Micro payment
The amount due on the card is due at the end of the billing
period
They do not accumulate interest payments
Some vendors provide single-use-cards which are valid for a single
transaction
A unique card number is issued
This helps with card details security
6. Advantages of Payment Cards
Ease of use, no special hardware required
card holder’s liability is limited
Accepted worldwide
Currency conversion handled by card issuer
Disadvantages of Payment Cards
Service companies charge merchants per-transaction
and monthly processing fees
Price of goods for the consumer might be slightly
higher as a result
7. Electronic payment and protocol
Most commonly used protocol
Secure socket layer (SSL)
SSL allow their customer to encrypt their order at
their computer
Secure electronic transfer (SET)
SET Is designed to provide secure web credit and
transactions for both consumers and merchants.
SET require additional procedure like customer
certificate etc
8. Authentication
A method to verify the buyers identity before payment made
Encryption
A process of making message indecipherable (impossible to
read) except by those who have an authorized key (translator)
Integrity
Ensuring that all information is not altered or destroyed during
transmission
Non repudiation
Protection against customer : denial of order placed
Protection against merchant : denial of payment made
Essential security requirements
9. Private key , also called a symmetrical key encryption
the same key is used to both encrypt and decrepit the
message. key is agreed upon and shared by both the
sender and a receiver
Public key, public key is known by all authorized users,
the sender encrypt the message with receiver public
key, receiver public key be delivered in advance, . The
message only decrypted by receivers private key
Digital signature is used for authentication of sender,
is usually attached to sent message like handwritten
signature
Security Schemes in electronic payment
System
10. Hashed (muddled ) message is called a message
digest
Certificate is issued by a trusted third party
Certificate authority is a body like federal postal
service. A CA may be certified by another CA
Digital envelope is the process of encryption into a
secret key
Transaction certificate: some undeniable facts of
transaction
Time stamp: digital attestation that a document was in
existence at a particular time