E-Commerce Architecture arr 5! Viruses: Computer viruses and Malicious software are some of the biggest threats to an e-commerce « ‘ode into the server running the internal problem. _E-COMMERCE SECURITY: website, where it becomes an Despite the existence of hackers and crackers, e-Commerce remains a safe and secure activity. At the end of the day, your system is only as secure as the people who use it. Education is the best way to ensure that your customers take appropriate precautions: ¢ _ Install personal firewalls for the client machines. * — Store confidential information in encrypted form. ¢ Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and the e-Commerce Web site. * Use appropriate password policies, firewalls, and routine external security audits. * Use threat model analysis, strict development policies, and external security audits to protect ISV software running the Web site.32 rrr Vipul’s™ IT in Banking and Insurance . | (83 i Produce rogue Education: Your system is only as secure as the people who use it. Ifa d, or does not keep their shopper chooses a weak passwor password confidential, then an attacker can pose as that user. This is significant if the compromised password belongs to an administrator of the system. In this case, there is likely physical the administrator client may not be exposed outside the firewall. Users need to use good judgement when giving out information, and be educated about possible phishing schemes and other social engineering attacks. security involved because Personal firewalls: When connecting your computer to a network, it becomes vulnerable to attack. A personal firewall helps protect you! computer by limiting the types of traffic initiated by and directed to your computer. The intruder can also scan the hard drive detect any stored passwords.E-Commerce Architecture Grr ee Secure Socket Layer (SSL); Secure Socket Layer (SSL) between the shopper's comput SGL-protected page is requeste as a trusted entity and initiat key information back and fo the server, the information 1 is a protocol that encrypts data er and the site's server. When an d, the browser identifies the server €s a handshake to pass encryption rth. Now, on subsequent requests to Owing back and forth is encrypted so twork cannot read the contents. The SSL certificate is issued to the server by a certificate authority authorized by the government. When a request is made from the shopper's browser to the site's server using https://..., the shopper's browser checks if this site has a certificate it can recognize. If the site is not recognized by a trusted certificate authority, then the browser issues a warning as shown in the figure below Pies a Unable to verify the idensty of [ Tlpmcom as a trusted ate, 4 Possible reasons for this error: ot ~ Your browser does nat recagnirs the Certificate Authority that sued the ames corbfcate, | ~ The ske's certificate is incomplete due to a server misconiguration, + Youre commactad te » ste pretending te be afhm.com, possibly to obkain, your corfidental information. Please nobfy the ate's webmaster about ths problem. Before accepting thi corbficete, rou should examine Use ske's certiicate corstuly. Are you veding to to accept this certificate for the purpose of identifying the web ute ben.comn? © accept ths certficate temporary for thes session © donot accept this certfitate and do net connect te thik web ste eS GE GD | As an end-user, you can determine if you are in SSL by checking your browser. For example, in Mozilla® Firefox, the Secure icon is at the top in the URL entry field as shown in the figure below.56 rr Vipul’s™ IT in Banking and Insurance - | (Bay Suppose that you have implemented a password policy, sug, as the FIPS policy described in the section above. a shoppe makes 6 failed logon attempts, then his account is locked out. }, this scenario, the company sem to the custome, i i i is | informing them that his account is be logged in the system, either by sending an email to the administrator, writing the event to a security log, or both. You should also log any-attempted unauthorized access to the system. If a user logs on, and attempts to access rh ai ie he is not entitled to see, or performs actions that he is not entitled t) perform, then this indicates the account has been co-opted ang should be locked out. Analysis of the security logs can detect allowing the administrator to take ds an email locked. This event should als, patterns of suspicious behavior, action. In addition to security logs, use business auditing to monitor activities such as payment processing. You can monitor and review these logs to detect patterns of inappropriate interaction at the business process level. QUESTIONS (1) Explain Client-Server Model. (2) Explain two-tier model. (3) What is 3-tier model? (4) Explain E-commerce infrastructure. (5) What are the threats to e-commerce? (6) Write a note on: (a) e-commerce security? tSAe Network Infrastructure for... wae mt Chapter 3 The Network Infrastructure for E-commerce and WWW In this chapter you will learn about www Components of I-Way Information Superhighway (I-Way) Market Forces Influencing I-Way Network Access Equipment Questions SVL StP Vipul’s™ IT in Banking and Insurance . | (8a, N The 58 cre cr! m Berners-Lee, a scientist at CERN (CERN is the Europe, pater Nuclear Research), invented the World Wig ay Web (WWW) in 1989. The Web was originally conceived myeced developed to meet the demand for automatic information shari,, ao between scientists working in different universities and institut — all over the world. Ti Organization for user" WWW was to merge the technologies y eithe The basic idea of the king and hypertext into , uses personal computers, computer networ. powerful and easy to use global information system. Clie Mosaic: The Original Browser: T proe By 1992, the Internet had become the most popular network linking researchers and educators at the post-secondary leve| ¥, throughout the world. Researchers at the European Laboratory for Particle Physics, known by its French acronym, CERN, hai = developed and implemented the World Wide Web, a network. cont based hypertext system that let users embed Internet addresses in 45° their documents. Users could simply click on these references tv any connect to the reference location itself. Soon after its release, the wor Web came to the attention of a programming team at the Nationd CO! Center for Supercomputing Applications (NCSA). re c HTML: HyperText Markup Language is the main markup info language for creating web pages and other information that can be displayed in a web browser. aa ‘ ce HTTP: HTTP (Hypertext Transfer Protocol) is the set of rules seg) for transferring files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. As soon as a Web use! gin, opens their Web browser, the user is indirectly making use of the HTTP. HTTP is an application protocol that runs on top of the pro -the Network Infrastructure for ...... ree 59 qcP/IP suite of protocols (the foundation protocols for the internet). (HyperText Transfer Protocol) The communications protocol ysed to connect to Web servers on the Internet or on a local network (intranet). Its Primary function is to establish a connection with the server and send HTML pages back to the user's browser. It is also used to download files from the server either to the browser or to any other Tequesting application that uses HTTP. Client-server model: The client-server model is an approach to computer network programming developed at Xerox PARC during the 1970s. It is now prevalent in computer networks. Email, the World Wide Web, and network printing all apply the client-server model. Network infrastructure is required for e-commerce to transport content. I-way is a high-capacity, interactive electronic pipeline used to transfer content in case of e-commerce. I-way can transfer any type of context like, text, graphics, audio, video. In other words, multimedia contents are easily transported through I-way. COMPONENTS OF I-WAY: Consumer access equipment, Local on-ramps, and - Global information distribution networks. Consumer access equipment are devices used by consumers to access the multimedia interactive contents of e-commerce. In this - Segment, hardware and software vendors are also included. Local or access road, or on-ramps: This segment of I-way simplify linkages between businesses, universities, and homes to the communications backbone. There are four different types of Ptovider of access ramps: - telecom-based - cable TV-based -60 rrr vipul’s™ IT in Banking and Insurance | ty 1 wireless-based and - computer-based online information sery;, c . These providers link users and e-commerce application PrOVide, distribution networks are Global information : untries and continents. infrastructure that is connecting ©O INFORMATION SUPERHIGHWAY (I-WAY): Any successful E-commerce application will require the I-w, infrastructure in the same way that regular commerce needs interstate highway network to carry goods from point to point, , munications networks, ani 3 myriad of computers, CO communication software forms the nascent Informatig, Superhighway (-Way). The I-Way is not a US phenomenon put a global one, x instance, it is aly reflected by its various labels worldwide. For called the National Information Infrastructure (NII) in the Unite, States, Data-Dori in Japan and Jaring, which is Malay for "net" Malaysia. The I-Way and yet-to-be developed technologies will’ key elements in the business transformation. And while earlie resulted in small gains in productivity and efficiency, integratin them into the I-Way will fundamentally change the way busine is done. These new ideas demand radical changes in the design« the entire business process. I-Way is not one monolithic dat highway designed according to long-standing, well-defined rule and regulations based on well-known needs. The I-Way will be! mesh of interconnected data highways of many forms: telephot wires, cable TV wires, radio-based wireless-cellular and satellite The I-Way is quickly acquiring new on-ramps and even sma highway systems. MARKET FORCES INFLUENCING I-WAY: Cost: The investment cost is comparatively high in I-way- TW question as to who can bear the cost of constructing the [wiThe Network Infrastructure for ...... TTT 6! remains odel fered. (i) Some people favour the interstate highway ie wee government contribution with ownership and maintenance. (ii) Some people favour regulations like in ane (iii) Some people favour private company owned m els. Subsidies: I-way requires huge investment but the return could not be expected over night. Hence, the organizations are expected to get subsidies, tax concessions and use by the government and other public corporations. In the developing countries, the governments have to come forward to give major subsidies, tax concessions tax holiday and promise to use these highways for government purpose. Store resource allocation: There is always an element of risk in providing I-way. Some feel that the investments may not give back reasonable returns. There is also no guarantee that this -way will be fully utilized. However, many feel that I-way may create new markets globally. Local regulations: I-way infrastructure requires the assistance from the local governments also. The governments may impose regulations even though the investments are made by private companies. Government may regulate the provisions relating to access procedure, privacy aspects and fees or cost aspects. Global access: This cost of access may differ in various countries. The countries must have uniform Telecom policy, but the policy should provide equal access opportunities to all globally. Some consumers may have to be served at a lesser cost so that the system spreads globally. The providers of I-way have to serve all the people with all the countries so that the cost is affordable by the people in each and every country. The reduced cost at certain places may provide new markets and these concessions may be adjusted in the new market incomes.a eee 62 ree Vipul’s™ IT in Banking and Insurance . c , : : Information privacy issues: Many companies are Provigi, the information relating to the consumers to others. For exam, ' On Line Services Company had seleased market CUSto, The _ list contained following Consup, ly information _ list. i i information such as marital status, hobbies, occupation, typ, ¢ computer equipment used by the customer, number a childs, ofiles were made available to : income, expenditure etc. These pr members. Fears arose as to whether this information may 5 abused by others for the personal favor. Thus, there is always of privacy in the network. Social barriers: Cyberspace represents a place for free speeq and a form of democracy. Censorship cannot be enforced in thes, networks. It may cause social or religious problems. question Other forces: Users: becoming information publishers. Consumers, end users, or businesses: consuming informatio, products/services. ISPs: commercial, government or private. Value added information providers: includes third pari brokers, intermediaries, originators of services who add value t services provided by others. NETWORK ACCESS EQUIPMENT. An IT network connects all your devices, plus other peripherd equipment such as printers To build a network you will need a range of equipmet! including the following: Sables and connectors. These link together the computets printers, servers and other equipment on your network. rae cc céyr The Network Infrastructure for ...... ure 63 A router. oe manages network traffic, ensuring devices can communicate with each other via both wired and wireless connections, and provides internet connectivity. A wireless access point (optional). This will extend your wireless network if the router is incapable of offering coverage in certain parts of the building. An internet connection. This could be a faster fibre connection or dedicated leased line. A hardware firewall. This creates a secure barrier between your network and the internet, blocking security threats. Networks sometimes include an on-site network server which runs central applications, acts as an email server and provides file storage. Network hardware building blocks: Some businesses still build their network with cables because they’re very reliable and fast. The most common type is Ethernet cable, which is rated for speed. Cat 6 cables can carry data fast enough for any business purpose. When building their network most businesses install network sockets at convenient locations in their premises, so computers and other devices can be plugged into the network. The router: a vital network component: The router acts as signpost, indicating where data on your network should go and enables devices to communicate with one another. Routers also connect directly to the internet and share the connection via cable or Wi-Fi with devices on the network.Vipul’s™ IT in Banking and Insurance . i ST (Rp) | | Going wireless: Routers also include Wi-Fi capability, enabling people fe connect laptops, smartphones, tablets and other devices to the network wirelessly. Wi-Fi is ideal for providing network access to staff with Mobile devices and in meeting rooms or common areas. It’s also usefy for offering internet access to visitors, with many router, including a separate ‘guest’ network for the purpose. Network equipment speeds: Most network equipment complies with common standards, so you can combine routers, cables and firewalls from different manufacturers. However, the speed of your network might be governed by the slowest element. For example, if all your cables and computers are rated to Cat 6, make sure your router is rated to Cat 6 too. There are a number of wireless networking standards to take into account, although the majority of modern devices will include support for the latest versions. Try to get a wireless router or access point rated to ‘Wireless n’ or ’802.11n’; it’s the fastest type available, but will still work with older wireless equipment, too. QUESTIONS (1) Write a short note on WWW. (2) What is |-way? What are the components of I-way? (3) What are the market forces influencing I-ways? (4) Write short notes on Network Access Equipment. yeewr os e-Bankiné UNIT - Il: E-BANKING Chapter 4 E-Banking In this chapter you will learn aboutg and Insurance . | rn r 4 66 rrr Vipul’s™ IT in Bankin INTRODUCTION: king) is an e-commerce applicat; Banking) of the virtual bank E-Banking (Internet to perform any tected and secu, Q which allows the customers s : ceain 8 functions, financial functions online in s using the internet for delivery of bankiy function includes Bry manner. It involve! i E-banking products and_ services. ‘ (Banking, Finance, Securities and Insurance). Banking concen about providing the customers virtual banking ction, whereas, financial functions include stock broking, paymen, tual funds etc. gateways, mu! E-Banking includes: ¢ Bill payment service. ¢ Fund transfers. ¢ Querying the account balance. Credit card customers. Applying for/ claiming Insurance. Investment through Internet Banking. o ¢ Shopping. Automated Teller Machines. ¢ Credit Cards. ¢ Debit Cards. ¢ Smart Cards. Electronic Funds Transfer (EFT) System. ¢ Cheques Truncation Payment System. ¢ Mobile Banking.e-Banking re 67 ° ° Internet Banking, Telephone Banking. BENEFITS OF E-BANKING;: qd) (3) (4 Time saving: Online banking, undoubtedly, saves time by allowing direct transaction from office, home or any place. The medium relieves from visiting the bank and waiting ina queue and provides a mental and physical relief from the unwanted rushes in the bank. Convenience: The biggest advantage that online banking brings to the table is its convenience. We can pay phone and electricity bills via online banking without rushing to the utility company’s bill collection outlets. It helps you avoid delayed payments. 24x7 services: Online banking transactions can be performed at any time and from anywhere. Eco-friendly Process: Online banking is an eco-friendly progess as it does not consume volumes of paper like conventional banking modes and hence helps protect the environment. Easy Access: To perform online banking tasks, all you need is a basic computer system connected to the Web. Faster Banking: Online banking is a faster way of performing banking functions. Whether you buy goods online, pay bills or transfer money, it gets done in realtime and within moments. Cost Saving: The process is very cost-effective. It rids businesses of the practice of deputing people to specially pay company bills, who waste hours making the rounds of the banks to perform all the firm’s banking-related functions.68 wy Vipul’s™ IT In Banking and Insurance . . j i has several other benos, 1 (8) Other Benefits: Online banking make advanced booking s, Users can shop online, buy tickets, etc. CHALLENGES IN E-BANKING: The information technology in itself is not a solution and it ha, The concept of e-banking cannot wo, to be effectively utilized. a unless and until have 4 centralized body or institution, which cq, formulate guidelines, regulate, and monitor effectively the functioning of Internet banking. The most important requiremen for the successful working of Internet banking is the adoption o; the best security methods. This presupposes the existence of , uniform and the best available technological devices and method to protect electronic banking transactions. In order fo, computerization to take care of the emerging needs, the recommendations of the Committee on Technology Upgradation in the Banking Sector (1999) may be considered. These are: « Need for standardizati and application software to on of hardware, operating systems, system software, facilitate interconnectivity of systems across branches. «Need for high levels of security. Communication and networking - use of networks which would facilitate centralized databases and distributed processing. ¢ Technology plan with periodical upgradation. ¢ Business process re-engineering. ‘Address the issue of human relations in a computerized environment. ¢ Sharing of technology experiences.E-Banking ror 69 ¢ Payment systems which use information technology tools. The Heserva Bank of India has played a lead role in this sphere of activity - with the introduction of cheque clearing using the MICR (Magnetic Ink Character Recognition) technology in the late eighties. The Reserve Bank of India constituted a “Working Group on Internet Banking” which focused on three major areas of E-Banking. (1) Technology and security issues. (2) Legal issues. (3) Regulatory and supervisory issues. These areas are selected in such a manner that the problems faced by banks and their customers can be minimized to the maximum possible extent. The Group recommended certain guidelines for the smooth and proper working of Internet banking. These centralized guidelines would bring uniformity in the selection and adoption of security measures, with special emphasis on a uniform procedure. The security of Internet banking transactions would not be endangered if these security mechanisms are adopted. This is because the success of Internet banking ‘ultimately depends upon a uniform, secure and safe technological base, with the most advanced features. The RBI has accepted the recommendations of the Group, to be implemented in a phased manner. The RBI has issued the following guidelines through a Circular for implementation by banks in this regard: (1) Technology and Security Issues: The technology and security issues are of prime importance as the entire base of Internet banking rests on it. If the technology70 rer Vipul’s™ IT in Banking and Insurance | (e J ] and security standards are inadequate, then Internet banking not provide the desired results and will collapse ultimately, tl RBI realizing this crucial requirement issued the fol] Owin, guidelines in this regard: 8 * Banks should designate a network and databa,, with clearly defined roles. ¢ Banks should have a security policy duly approved by th Board of Directors. There should be a segregation of duty ¥ Security Officer / Group dealing exclusively wig, information systems security and Information Technolog, Division, which actually implements the computer systems Further, Information Systems Auditor will audit the administrator information systems. ¢ Banks should introduce logical access controls to data, systems, application software, utilities, telecommunication lines, libraries, system software, etc. Logical access contro] techniques may include user-ids, passwords, smart cards or other biometric technologies. At the minimum, banks should use the proxy server type of . firewall so that there is no direct connection between the| Internet and the bank’s system. ¢ All the systems supporting dial up services through modem | on the same LAN as the application server should be isolated| to prevent intrusions into the network as this may bypass the | Fe proxy server. ¢ All computer accesses, including messages received, should | be logged. Security violations (suspected or attempted) | should be reported and follow up action taken should be kept in mind while framing future policy.E-Banking » All applications of banks sh adopted. Further, these issues should al existing laws, particularly the Informa The RBI, keeping in mind these facto guideline: So be compatible with the tion Technology Act, 2000. rs, has issued the following ¢ There is an obligation on the part of banks not only to establish the identity but also to make enquiries about integrity and reputation of the Prospective customer. Therefore, even though request for Opening account can be accepted over Internet, accounts should be opened only after proper introduction and physical verification of the identity of the customer. ¢ Security procedure adopted by banks for authenticating users needs to be recognized by law as a substitute for signature. In India, the Information Technology Act, 2000, provides for a particular technology as a means of authenticating electronic record. ¢ Under the present regime there is an obligation on banks to maintain secrecy and confidentiality of customers’ accounts. In the Internet banking scenario, the risk of banks not meeting the above obligation is high on account of several factors. Despite all reasonable precautions, banks may be exposed to enhanced risk of liability to customers on account72 wre vi pul’s™ {T in Banking and Insurang, ) | . ( of breach of secrecy, denial of service ete, becay \ 8 hacking/ other technological failures. s very little scope ¢, Dr ¢ In Internet banking scenario there i instructions frop, h banks to act on stop-payment ce, banks should clearly notify {, M th and the circumstances in Which s could be accepted. " t, 1986 defines the right, licable to banking service, ‘ bilities of customers avail, eing determined by bil ate, customers. Hen customers the timeframe stop-payment instruction: The Consumer Protection Ac consumers in India and is app well. Currently, the rights and lial of Internet banking services are b agreements between the banks and customers (3) Regulatory and Supervisory Issues: The banks operating in real space are regulated and supervisy by the RBI on regular basis. This regulation and supervision ; d to be extended to Internet banking as well. Thus, the Ri require this regard: has issued the following guidelines in re licensed and supervised in Ind; and have a physical presence in India will be permitted | offer Internet banking products to residents of India. Thu both banks and virtual banks incorporated outside th g no physical presence in India will not, fo ¢ Only such banks which a country and havin the present, be permitted to offer Internet banking services t Indian residents. The products should be restricted to account holders only ani should not be offered in other jurisdictions. The services should only include local currency products. Overseas branches of Indian banks will be permitted to offer Internet banking services to their overseas customers subjete-banking roe 3 ir satisfying, i iti to the fying, in addition to the host supervisor, the e supervisor What are the e-commerce challenges in Banking sector? 2) explain the focus areas of Working Group on internet Bankin, Pe) What are the benefits of E-Banking? . hom74 rere Vipul’s™ IT in Banking and Msp &, Chapter 5 E-Payments ____—_——_ == In this chapter you will learn about V Introduction V — First Classification V Second Classification Y Questions ———— —————]]_=_=__rrr 75 ments RODUCT! ION: n important function of an e-commerce website is the pandling of pay a Over the internet. Electronic payments are ‘nat cial transactions made without the use of paper documents guch aS checks. Having paycheck deposited directly to your bank jccount, having your telephone bill paid electronically & having yransactions Via point-of-sale or debit cards are considered alectronic payments. Different electronic Payment systems are wvailable. These differ from each other but have the same purpose af facilitating the secure transfer of monetary value between Online Consumer Merchant Website Online Transaction Server Processing Network Issuing Merchant Bank The following 3 parties are involved in these transactions: e-Pay' iNT parties. Acquiring Merchant * Buyer (Payer). * Merchant (Payee). * Bank (Issuer and/or acquirer).P 76 rere Vipul’s™ IT in Banking and Insurance . | ty The transfer is accomplished with the help of Aiton, electronic payment protocols. , 1 FIRST CLASSIFICATION: t Account-Based Systems: The most common way of making electronic payments today, to directly transfer money between accounts. This is facilitated , : a number of ways, for example by credit cards and oo cards, well as cheques and money transfer. In a transaction using j), account transfer system, no electronic value is generated. Insteg d an authorization of a transfer of funds between two accounts j, transmitted. The actual transfer of value is done at the bank. Thi, system works well for high value transactions, but it is relatively expensive and slow. During the payment transaction, ; connection needs to be established to the account of the payee, and it needs to be checked whether there are sufficient fund available. The system further implies unconditional traceability o all payments, and every amount has to be cleared (verified) onlin, unless the system is combined with a credit mechanism. Token-Based Systems: This concept involves the issuing of electronic tokens by a central entity, such as a bank. These tokens represent value, and| can be stored locally on a user’s computer. Using this system, any token is valid for one use only, to ensure that it cannot be copied and used several times. As a consequence, such a token cannot be| passed on between several parties as paper cash or coins can. Because a user has the tokens stored locally on his computer, and| every token can have a particular denomination of value, the| system resembles banknotes and coins in a purse. This is why | these systems are often referred to as “electronic cash”. A token in this system consists of a message stating its value, and the electronic signature of. a central entity, e.g. a bank, to | guarantee its authenticity. Further information is added fot ee0 eres ror 7 various reasons, including Security, the possibility to identify a wer a7 automatically Benerated receipt for the payment, etc. ver token is limited to one use, and verified online at payment _ ne. Prepaid token-based systems do not require the overhead of acessiN account balance and transfer between accounts during nm nsaction. Apecord ot all transactions is usually not kept, further ucing administration overhead. Net risk of fraud is reduced as + only the existing tokens are at risk, not the total balance. It is asil possible to group withdrawals and deposits, especially for | gmall payments, thereby reducing transaction cost further. sECOND CLASSIFICATION: Token-based Systems: These systems use tokens, objects that are generally agreed to carry value themselves. The value carried by the tokens is conventional, a’matter of consensus. These systems are based on “prepayment “, i.e. drawing on one’s bank account in advance to get possession of payment instruments, token money, to be used in later transactions. We have two subcategories of token-based systems: (1) Electronic cash: it attempts to replace paper cash as the principal payment vehicle in online payments. (2) Electronic purse systems: they are based on smart cards, also called stored value cards, which use integrated circuit chips to store electronic money. Notational Systems: In these systems the transaction is directly or indirectly tied to value stored elsewhere. The three subcategories that we can distinguish here are: () Electronic payment orders (debit/credit) transferred over the nets: the transaction is directly tied to value stored elsewhere (usually in a bank account). These systems are also called78 rw Vipul’s™ IT in Banking and Insurance 7 “pay now” systems because they transfer deposit | | f “immediately” after the initiation of a payment on Examples: debit cards, checks and credit transfers, dy Credit card billing over the nets: the transaction ig indir tied to value in that when you use it you undertake to beg liable for the amount of the transaction. These system, also called “pay later” systems and they are based consumer credit and/or delayed debiting of the Payey, current account. They can be implemented in two Way encrypted credit cards or third-party authorization Tumbey (2) ty (3 Third-party authorization numbers: one solution to secury and verification problems during financial transactions jg th introduction of a third party to collect and approve Paymeny from one client to another. (4) Smart card-based notational systems: these systems 1g smart card technology to store customer-specific informatig, in an attempt to offer higher levels of protection tha software-only notational systems. THIRD CLASSIFICATION: Pre-paid, Pay-now and Post-pay: In pre-paid system th payment is debited from the payer's account before a payment processed and hence the term “pre-paid”. Most cash-like system such as an electronic-cash system fall in this category. In pay-now system, when an electronic transaction is processed, the payers account is debited and the payee’s account is credited with tl payment amount. Even though availability of funds depends ot the time when inter-bank settlements are carried out, the payers and payee’s account are updated to show the debited and credit balances immediately after an transaction is carried out. Credi card based system, like Secure Electronic Transaction (SE!) Verified by Visa, MasterCard secure-code fall into this category: I se fu Op Pa sy _Token Withdrawal Spend Token (Anonymously) In this, a bank B, payer P, and payee R, and three main sub protocols: withdrawal, payment and deposit. Payer and payee maintain their accounts with the bank. The payer withdraws electronic coins from their account with the bank, by performing a withdrawal protocol over an authenticated channel. The payer spends coins by participating in a payment protocol with the payee over an anonymous channel. In effect, the payee performs a deposit protocol, to deposit the coins into their account. The e- cash system also includes setup protocols: system setup, payer _ Setup and payee setup which performs system initialization functions, namely creating and publishing public keys and Opening payer and payee bank accounts. Pay now or Card based system: The most common method for “on-line” payment is card-based Systems. Most payment systems in this category are specifically7 82 rrr Vipul’s™ IT in Banking and Insurance - | (gp, | M Protocols. Systems like NetBill, ECheque and PayNow by | | CyberCash use a central server. Other e-checking systems 4, based on modified versions of e-cash protocols. But Mog | promising of all e-cheque system that has the support of majo, | financial institutions and government agencies has been the | e FSTC’s eCheck system. Micro payments: One of the most promising payment methods is the use otf micro payments: the ability to pay for data or services in smal ts can be seen as a solution to allow increments. Micro paymen' low-value payments for purchasing news articles, stock quotes, index queries, per-click purchase and other services over the Internet. ent protocols (micromint and payword;’ millicent by compaq, NetPay, and the years. The primary aim of all handle arbitrarily small t for the individual Various micro paym netbill, cybercoin by cybercash, miKP) have been proposed over micro payment system have been to amounts of money and keep the cos! with generic e-payment security transaction low along authentication and] requirements like confidentiality, integrity, non-repudiation. These are few of the ways e-Payment systems are classified in the industry. QUESTIONS (2) Write a note on E-payments flow. (1) Explain E-Payments. (3) Write a note on various classifications for E-Payments. | | } EElectronic Payment Syustem (EPs) rare ° 83 Ct lapter 6 Electronic Payment System (EPS) ———eeeEeESESESEEeEEEyya In this chapter you will learn about Introduction Modes of EPS / Types of EPS Payment Gateway Designing EPS EPS Framework vv vv v ov vo Payment G ateway v Algorithm of Vv Questions |A Vipul’s™ IT in Banking and Msuran, rw ce INTRODUCTION: An electronic payment system (EPS) is a system of fin, exchange between buyers and sellers in the online envirg ty that is facilitated by a digital financial instrument (ug tS encrypted credit card numbers, electronic checks, or digitay .. *| backed by a bank, an intermediary, or by legal tender. a EPS plays an important role in. e-commerce because it lo the e-commerce loop. * MODES OF EPS / TYPES OF EPS: Electronic payment system can be broadly divided into fou general types: (1) Online Credit Card Payment System: (a) A credit card is a small plastic card issued to users as , system of payment. (b) It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services, (c) The issuer of the card grants a line of credit to the consumer (or the user) from which the user can borrow money for payment to a merchant or as a cash advance to the user. An example of the front in a typical credit card: (1) Issuing bank logo. (2) EMV chip on "smart cards". (3) Hologram. (4) Credit card number. (5) Card brand logo. (6) Expiration Date. (7) Card Holder Name. fi \ Z¥ se ge (6 Qelectronic Payment Syustem (EPS) ae 85 (8) Contactless chip. @ Bank @ [a e @1234 5678 9123 Pd wo om MR A B PERSON Q) Electronic Cheque System: (a) A debit card (also known as a bank card or check card) is a plastic card that provides an alternative payment method to cash when making purchases. (b) => Functionally, it can be called an electronic cheque, as the funds are withdrawn directly from either the bank account, or from the remaining balance on the card. (c) Like credit cards, debit cards are used widely for telephone and Internet purchases and, unlike credit cards, the funds are transferred immediately from the bearer's bank account instead of having the bearer pay back the money at a later date. An example of the front in a typical debit card: (1) Issuing bank logo. (2) EMV chip on "smart cards". (3) Hologram. (4) Card number. (5) Card brand logo. (6) Expiration Date. (7) Cardholder's name.86 ‘An example of the reverse side rT Vipul’s™ IT in Banking and Insurance . \ ty © Bank @ i @1234 5678 are 01/99 Bra A B PERSON ofa typical debit card: (a) Magnetic stripe. (b) Signature strip. (0) Card Security Code. A aa ® (3) Electronic Cash System: (a) Electronic money ( (b only exchanged electronically. Typically, this involves the use of computer networks, the internet and digital stored value systems. Electronic Funds Transfer (EFT) and direct deposit are all examples of electronic money. i also known as e-currency, e-money, electronic cash, electronic currency, digital money, digital | cash or digital currency) refers to money or scrip whichisa elec" onic Payment Syustem (EPS) rerw 87 () GogoPay, Paypal, WebMoney, cashU, Hub Culture. a Electronic funds transfer or EFT: (i) It refers to the computer-based systems used to perform financial transactions electronically. (i) An EFT is the electronic exchange or transfer of money from one account to another, either within the same financial institution or across multiple institutions. (iii) The term is used for a number of different concepts: = Cardholder-initiated transactions, where a cardholder makes use of a payment card. » Direct deposit payroll payments for a business to its employees, possibly via a payroll services company. ia + Electronic payment orders | 2 Ses vwanes + Domestic funds transfers Direct debit transfers «Direct credit transfers + {nlemationat funds a + Person-to-person + Standing orders. : paymen! * Automatic bit! payments. + Bil presentment « Direct debit payments, sometimes called electronic checks, for which a business debits thevipul’s is IT in Banking and Insurance. 7 y y \ & coer hy consumer's bank accounts for Paymeny ‘| ge“ goods or services. + Electronic bill payment in online bank, of! i delivered by EFT or pa, iy gb? which may be de! Paper che eal ot ! + Wire transfer via an international bap). | | network (generally carries a higher fee). y ya (4) Smart Card based Electronic Payment System: | 1 rd resembles a credit card in size and sha | as (a) A smart cal but inside it is comp! inside of a smart card usually con! letely different. (b) The tains an embeddy microprocessor. (0. The microprocessor is under a gold contact pad on on, side of the card. (d) Smart cards can provide identification, authentication data storage and application processing. Sample Structure of Smart Card Chip Adhesive Active Chip Side iMetal Contacts Chip i } Encapsulation { Card Body Substrate (5) Digital Wallet or E-Wallet or Virtual wallet: In oe : ce a digital wallet is a software application, usually fot artphone, that sei i i i — rves as an electronic version of a physic!Electronic Payment Syustem (EPs) we 89 Cash went out of fashion ages ago ona credit or debit card compani : Panies now want for j eryth : : you to pay for just tn w Uke hein ne * virtual wallet. After facing regulatory troubles ia has now tied up with Paytm to handle its cashless payments while others lik e Ol wallet systems of theit cy a have chosen to launch and instead of having to rely yme : in your wallet i i a credit card, debit card or net banking, which means your ae account doesn't need to be accessed. Of course, adding money to the wallet still requires you to use one of those methods, Once you've stored the money in a wallet, you can use it to make payments - to the wallet provider or to third party services depending on the type of wallet you've signed up for. Most services also come with a mobile app so you can easily check your balance and make purchases. Some wallet services such as Paytm are built around their own stores where you can buy goods, and some let you buy recharges for your phone or pay your DTH bill. You can also use these wallets to make payments at other websites - BookMyShow and JustEat.in both support Paytm, for example. Why would you want to do this? The biggest reason is probably ease of use - something that is particularly true for mobile users. Unless the site you want to make a payment on lets _ you save your credit or debit card details, you're going to have to spend a fair bit of time typing them in every time you need to make a payment. Add to that the fact that the RBI has decided that all transactions need to be secured by a second verification code or one-time-password, and the process of paying online using your90 Ter Vipul’s™ IT in Banking and Insurance .| ( : | credit or debit card becomes extremely cumbersome, 1YiNg Wit a wallet can also be safer - the wallet itself NL to have the same level of security as your cre ' hoe mt Sing your bank account isn’t touched ie ron Cia that Possible if the seller is compromised, is limited. That's because mobile wallets in India are limited {, ats s ,000 and are typically expect, maximum acoun een matt wallets are not subject , —— aoe This means oe you - USE One gy these wallet services to quickly and conveniently i € paymen, from your mobile phone after loading it with cash when you hay, free time - you could even do this from your computer, wher entering all the bank details is easier. And since the concept of a mobile wallet is still pretty new jn India, almost all the companies that offer them are also Offering deals, discounts and free top-ups - for example, Ola launched it wallet with an offer to double the money you stored in it, anq Paytm has regular discounts on products, offered as credit added to your wallet that can be used to shop some more. Not everyone is convinced that this concept is going to succeed universally though - for example, while Zomato is planning on bringing payments to its app soon, it is not looking at a wallet asa solution. Wallets work when the spend is low and a one-time significantly low value recharge can work for multiple uses. Restaurants involve high spends. I don't see wallets doing well as a user will need to put in a lot of money to last for 3 months. That's why zomato will work on credit cards being used. There are two main types of virtual wallets right now - the single-purpose closed wallet, and the more versatile semi-closed wallet, which is growing in Popularity now.i ly ig ) gecronie Payment Syustem (EPS) er Ne wy closed: ty A closed wallet is one where the flow of money is one- sctional. You can put your money into the wallet, but can't later sahara it. A dosed wallet can't be used for making payments to tl ied parties; it is in effect a prepaid card for these different | ervices: Paying with a closed wallet is usually automatic - like a | ’ re-paid card, your balance gets deducted as you use the service. Yne,| $0 for example, Ola has a closed wallet for its taxis, and the ’ money that you put into the service can only be used to pay for ‘hg those taxis. It will never expire, though, and since Ola controls the the| wallet, it can give you loyalty rewards and discounts with ease. semi-closed: { A semi-closed wallet lets you take money out of it and put it ‘thy pack into your bank account. This means that you have full ‘di, control over your money - and it can be used to pay for a wide ay range of services. Some well-known ones are Paytm, Oxigen and ld Mobikwik. These are much more flexible than fully closed wallets, but also come under far more oversight from the RBI. The concept is quickly gaining in popularity though. For example, Paytm launched in January 2014, and is now being used for over 8 lakh "' orders per day. asi im| |The mobile app has been downloaded by 12 million people (of ses, Which 90 percent are Android users); and Paytm has a total of 22 | Rillion members now, and post De-monetization, it grew more > ths than 200%. Since the announcement of demonetization, Paytm has |been raking in money like never before. One of the biggest beneficiaries of demonetization has been Paytm as people have ty Moved to cashless payments owing to cash crunch. Within 12 st days, Paytm had witnessed over 7 million transactions worth Rs 120 crore a day. Paytm has over 150 million mobile wallet users | Currently,92 rrr Vipul’s™ IT in Banking and Insurance . (% : \ (6) Digital money (Bitcoins): ection in this book. People in Ing 4 Note: Bitcoins is a bonus s' are not so familiar with this mode of payment. —_ WHAT IS BITCOIN?: When you type a website address into a browser you mj, have noticed that the letters ‘http’ appear at the front. ‘Hy, stands for Hypertext Transfer Protocol. In typing an address, You are actually sending an HTTP command to transmit that Websit to you. Hypertext Transfer Protocol is the means by whi ch information is shared across the web. Similarly, when setting up an email account, you might hay, noticed the letters ‘smtp’ — for example, ‘smtp.gmail.com’. SMyTp stands for Simple Mail Transfer Protocol. SMTP is the protocol by which we send emails to each other. What actually happens when you send an email through Gmail to, say, someone with a Yahoo address is that a Google server reaches out to a Yahoo server and transmits a text file; then the Yahoo server says to its user, ‘you've | got mail’. So, a protocol is an agreed system by shared across a network. which information is Bitcoin - with a capital ‘B’ — is another protocol. The function of the protocol is to send and receive payment information. ae With Bitcoin, your computer reaches out to another user's computer, gives it some binary gibberish proving you control X number of coins at this address and want them to increase the balance at that address. A The unit of money on the Bitcoin protocol is the ‘bitcoin’ (with a small ‘b’). As the Rupee is the unit of money on the Indian a ara glectronic Payment Syustem (PS) rer 93 panking network, so bitcoin is th : sy stem e unit of money on the Bitcoin So, Bitcoin is two things - a internet version of money). protocol and a unit of money (an itcoin is one o ‘ ss with no f the first attempts to create a real-world currency governments, no central banks, and no rules. itcoin is at its . Seared *6 a cryptographic protocol, which is why it is al crypto-currency.” The : : ic, - protocol creat unique pieces of digital property that can be transferred ml one Cr Oe Bite i proc also makes it impossible to doul Pp a Bitcoin, meaning you can’t spend the same Bitcoin twice- HOW BITCOINS WORK?: Bitcoins are generated. by using an open-source com, program to solve complex math problems in a process known as mining (more on that shortly). Each Bitcoin is defined by a public address and a private key, which are long strings of numbers and identity. This means that Bitcoin is letters that give each a specific not only a token of value but also a method for transferring that value. In addition to having a unique di also characterized by their position in transactions known as the blockchain. thought of as buying 4 spot in the block chain, your purchase publicly and permanently. The block chain is m yy a distributed network of computers around the world. This decentralization means no one entity, such as a government, controls it. Transactions happen digitally from person person, without middlemen such as banks or clearinghouses. The public Bitcoin network is the official puter gital fingerprint, Bitcoins are a public ledger of all Bitcoin Buying a Bitcoin can be which then records aintained b94 rer Vipul’s™ IT in Banking and Insurance - | (gp, i record for all of these transactions. You can also transfer Bitcojn . person. The direct approach significantly reduces the fees involy, uch easier ang with transferring traditional money and a. a - une i lobe. Bi i faster to send and receive money across the g) Bives ay efficiency increase relative to banking transactions comparable j, »\ the efficiency of email versus physical email. marily buy and_ sell Bitcoins through onling public address and private keys are both require d spend Bitcoin. using the public jled to each other publicly. but pseudonymous is currently quite difficult to trace, has been associated with illicit on the now-defunct Silk People pr exchanges- The to trade, sell, an transactions are done rs are Ve! tion is recorded Since keys, the identities of the buyers and selle! and to the public, even though the transac! People often say Bitcoin is anonymous, accurate. Transactions are which is why Bitcoin ch as buying and selling drugs more however, activity, su Road market. As with paper money, stores the public and private and execute a transaction. These can secure cloud environments or on a computer, or physical form. If a wallet is hacked or you lose your private Bitcoin key, you no longer have access to that Bitcoin. Possession of the public address and private key amounts to possession of the Bitcoin. : P ple enniicay buy and sell Bitcoins through exchan es isn tae! In order to Bitcoin can either be used y things online from merchants and organizations th: t at acceP you can save Bitcoins in a wallet, which keys needed to identify the Bitcoins be digital wallets that exist in they can take ges,\ we y geronle payment Syustem (EPS) ree 95 : it can b itt or i e cashed out through an exchange, brok ge, broker, oF t puyer- £DO BITCOINS COME FROM? el pite ire“ per with paper money, a government deci to print and distri lecides when and how _ as a ventral = distribute, Bitcoin, by contrast, doesn’t end oF government — people create Bitcoins dep ie yprogh mining. nin a the proces of solving complex math problems (also ashing”) using computers running Bitcoin software This called aires more computing power than regular PCs have, so peop! my specialized Bitcoin machines or form groups eer multiple computers together to mine. When the program solves one of these problems, it creates mplocks,” OF encrypted Bitcoin transactions. When you (or your pool) solve a block, you are rewarded with Bitcoins. get increasingly harder as more the rewards are cut in half at there's a gradual slow-down in irculation. There is a built-in have been These cryptographic puzzles Bitcoins enter circulation. Also, regular intervals. In other words, the rate at which new Bitcoins enter ¢ limit of 21 million Bitcoins, meaning when this many mined, production will stop completely. an be divided down to8 decimals, and people ins, so even tem is still usefu Asingle Bitcoin c ct with fractions of Bitco t, the sys can transa' known as satoshis, 1 for very tiny ifone Bitcoin is worth a lo} transactions. ' the transaction record The blocks created by mining make up lock contains a hash of the previous of the Bitcoin system. Every bl block, which creates 4 transaction database — the previously referenced block chain. The block chain is a public ledger and "ecords all transactions in chronological order.