E-Commerce: Payment Systems and Security

This type of payment takes a great deal of time to go through. In the case of product purchase the same method would be used, the customer would pay the amount due through the bank accounts. This mechanism, of course, Is not considered as a pure Internet payment. To avoid this kind of transaction, a more advanced method would be to use credit cards as a method of payment.

The client would use internet to provide the supplier of the product or services with the credit card information.The supplier would charge the amount instantly and the credit card company would take care of the rest. At this point Is when private and delicate Information starts circulating through the Internet, attempting against the privacy of the buyer (that can be monitored), and the confidentiality of banking information, which could be stolen and fraudulently used. Security mechanisms are implanted to guarantee the confidentiality and integrity of the content, as well as the identity of the client and supplier.

The solution would seem to be the use of encryption to securely send the number and Information of the credit card. But still, some certain factors have to be considered. One would be that the amount of the transaction itself could be increased. The next step taken would be the introduction of a third party that guaranties that such Information circulates through the Internet. This requires the registration of the Involved parties, where the Identities and the solvency of both sides would be checked.Possible limitations of this method are that, on one hand, the possibility that some payments could be refused because the credit limit has been reached, and on the other hand, the accumulation of data from the participants in the hands of the third party could be attempting against the right of the persons' privacy.

A different method alms to the reproduction of the characteristics of physical money n its computer (or in an intelligent card, such as the internet credit cards banking companies have come up with) "anonymous money", that can be used to carry out payments.Always with a bank behind that supports the value of this money representation. Some problems appear like protecting against money theft and the payment of different products with the same money. In the methods that are going to be discussed in this paper it can be observed most of them introduce specialized agencies capable of carrying out transactions over unsecured media and with out physical presence of the involved parties. Because of this, the requirements point to the confidentiality, integrity, and authentication of the implied parties.

The need for encryption is obvious and all methods use it.The Diggings proposal is the only one that breaks away from the usual, using the desired anonymous cash. Diggings has a few interesting characteristics, such as anonymous payment, no profiling possible by third parties, and the ability to recuperate the money in case of theft. These characteristics make it a very attractive method, but up until now it has been considered a very complex method. Logically, being the matter on hand money, the present systems are very conservative.

All the businesses adopt numerous cautions facing frauds and technical failures.If the number of incidences was high, the commissions would increase rapidly and the associated prices to e-commerce would not be tolerable. Leader solutions: Checkable is an integrated system for Electronic Commerce based on its own protocols, between clients and specific servers. It works under the Windows platform and it is under the sponsorship of Compuserve. The orders are transmitted through Internet, coded using the RASA algorithm and utilizing public keys of 756 bits.

The size of this key one is considered sufficiently secure being used in commercial transactions.Businesses have to be registered in Checkable (www. Checkable. Com). The buyer sends information to execute the payment to the business, which sends it to Checkable.

Once the payment is authorized, the client receives a proof of purchase, and the commerce receives the authorization to deliver the order. Checkable deals with the banks to carry out the transfer of funds. Virtually sponsors a system known as Green Commerce Model, acting like a Nanking entity and acts as the third party between clients and merchants. It deals with the establishment of agreements between the parties and the bank. Deal done," the parties receive a proper identifier that is tied to a bank account and Virtually (wry.

Iv. Com) maintains virtual accounts of clients that are liquidated periodically against traditional credit cards. An e-mail address is needed, since every communication between the user and IV' will be carried out through this media, included the confirmation of purchase that the user must comply, along with the authorization to N to charge it to the credit card. To register, a form must be filled with all the personal data and a password, which will generate our PIN.Later, an e-mail with a key, one of 12 digits, and a telephone number is sent. This phone number if for giving the credit card's data.

To carry out a purchase, the user gives the PIN to a merchant, who communicates with Iv'. IV' sends the buyer an e-mail to confirm the operation. The cost of having a PIN is of 5 $ per year. When a client wants to carry out a purchase, it sends an order to the merchant, which sends it to Virtually, together with the user's identification in Virtually(Pulp). IV' contacts the client by e-mail to confirm that the charge is accepted.The system does not use encryption, alleging that the financial information never travels through the Internet (only the PIN) and that its cautions are sufficient and preferably to the relative security of encryption.

Netball (http://www. In. UCM. Dude/) is a project developed in the University Carnegie- Mellon. Netball is a small bank in which clients and merchants maintain private accounts. The clients can put money in their accounts to execute payments, and the commerce can retire it.

It is based on a system of symmetric key.It is based on its own protocols, with clients and specific merchants that can be incorporated into browsers, ,or another type of user interfaces. All the transactions are properly encrypted and signed by means of public keys, with authentication based on Cerberus. The system is very adequate for the sale of information through the internet.

A client does a request, and he receives the product (the information) coded. When he receives it, he orders the payment that, once executed, he asks the merchant to deliver him, the buyer, the necessary key for decrypting the information.In this way it is accomplished to tie both parts to avoid frauds by sudden disappearance, or by losses derived from failures of the network or of the terminals Diggings ( www. Diggings.

Com ) is a system of anticipated payment, where the money is previously obtained from the bank and stored digitally in the software of the user, which can utilize it in any virtual commerce that accept this media for payment. This system permits the anonymous purchase, since it does not require identification.It is a method of digital money in cash, that uses a sophisticated system of key and chital 'fingerprints' to offer electronic wallets with anonymous money. The client withdraw the money, with other individuals for exchange, and with merchants to carry out payments.

To withdraw the money from the bank a technical encryption method is used, called "blind signature. " The client invents serial numbers for the desired cash, he codes them with a random digital key that impedes to see the serial number, and sends it to a bank for authorization.The bank disposes of a series of signatures, for each monetary value (for example, there is a signature that is worth 100 dollars). The bank signs the currency of the client and it is returned, also coded.

The client is capable of eliminating the digital key that hides the serial number without altering the signature of the bank. This way, the client arranges money validated by the bank whose serial number is only known by the client itself. The bank deducts the quantity from the account; but ignores the serial number of the electronic cash, making it impossible to associate a payment to a concrete client.Summarizing, Cash is the payment system for the Internet created by the Dutch business Diggings, under the direction of the well known cryptographer David Chasm.

The plan functions through an electronic wallet. Cybercafé (www. Cybercafé. Com ) is one of the payment systems of more success in the United States, and in full expansion toward the rest of the world.

It functions from an electronic wallet and upon the habitual credit card system, but provided with additional strong cryptographic protection.Cybercafé establishes a plan of payment using its own cryptographic methods of public keys (Secure Internet Payment Service). It is also a business that acts as a third party between the client and the bank. It offers its own client-merchant product to monomaniac confidential values and credit card numbers. Cybercafé combines the possibilities of immediate payment and creation of virtual accounts to carry out payments (Cybernetic).

The software of Cybercafé sends its data encrypted to the merchant, who at the same time adds its own identifications and requests authorization to Cybercafé.The rest of the process is carried out through the traditional payment methods network. Credit, debit, business cards, cash, intelligent cards and alternative types of payment, are all supported in the payment solutions of Cybercafé. Cybercafé includes: ICVERIFY@, PACIFIER? Christensen, Intervene? , cybernetic and Payne?. Cybercafé takes the lead in electronic commerce. A global reach to do banking operations and processing networks and easy connection assure that Instable will become the consumer's interface trough the entire world of commerce over the internet.

Ewing able to use the same wallet and the same password in other commercial sites with the certainty of a private and secure storage of their financial information. Instable and their implementation are provided with the security and the ease of use that make of Instable the platform for the future. With Instable, the payment information of the consumer is stored in a secure way, thanks to the technology of electronic Wallet, for the use in subsequent purchases in consequent transactions. Instable does the complete transaction simply with one click.Instable uses the Wallet technology of Cybercafé, "The Gillette," which is a secure electronic process with information of the purchase and payment of the consumer that permits the secure execution of transactions. Another option of payment, the electronic check, recently has also been explored by Cybercafé with the Payne Service and it is being announced like the method with a elation cost - effective most convenient to do repetitive internet transactions.

Mastered ( www. Mastered. Com ) sponsors payment protocols kip De IBM based on the kip protocols of MOM.These protocols are introduced in an application known as Secure Electronic Payment Protocol (SEEP), and has been developed in collaboration with MOM, Netscape, Cybercafé and GET Corp..

The mechanism is bases on the use of public key. Visa ( wry. Visa. Com ) in collaboration with Microsoft, has developed a complete specification, the Secure Transactions Technology (SST), based on the use of public eyes, responding to the following commercial requirements: -To Respect the confidentiality of the transactions, using encryption. To Assure the integrity of the data transferred, by means of digital signatures. -Authenticate the card holder, by means of digital signatures and certificates.

-To put the specification in the public domain, so that client products and servers can be developed and be capable of interpretation among themselves. SST utilizes the concept of "double signature", that is used to tie the data of the order (which only interests the commerce) with the financial data (that only interests the ann.). The client, that has both, calculates its digital 'fingerprint', and then concatenates and digitally signs it.The merchant receives the request and the 'fingerprint' of the order. (with difficult to be falsifiable).

The bank receives, the banking data and the 'fingerprint' of the request. Thus, each receptor can verify the signature of the assembly, being respected at all time the confidentiality of the data, credentials that authenticate the public key, SST proposes a hierarchy of authorizations. In the first level an authority of the sector, A, exists properly accredited. A accredits the buyer's financial institution, and the bank of the merchant.

Each bank accredits its respective clients. With this delegation in cascade form, any of the parties can be assured of the identity of the others. The delegations hierarchy plan does not yet seem mature and will require more elaboration. The authority A emits to the public the certificates, tying a public key to a number of the card and to an account in a bank. Carefully, it is avoided to introduce the name of the user to maintain its anonymity, remaining only tied the digital 'fingerprints' of the charged account.Summarizing: Secure Electronic Transaction (SET) is the future alternative credit-card processing method, supported by card issuing banks.

SET protocol was developed by Visa and Mastered and now backed by American Express. It is the method that is being adopted by most of the businesses involved in secure electronic transactions. It is designed for cardholders, merchants, banks and other card processors. SET uses digital certificates to ensure the identities of all parties involved in a transaction. SET also encrypts credit and purchase information before transmission on the Internet.