slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 8 PowerPoint Presentation
Download Presentation
Chapter 8

Loading in 2 Seconds...

play fullscreen
1 / 19
Download Presentation

Chapter 8 - PowerPoint PPT Presentation

Download Presentation

Chapter 8

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

    Slide 1:Chapter 8 Electronic Payment Systems and Security


    Slide 2:Security Protocols: SSL and SET

    Emergence of electonic shopping necessitates new payment methods Secured payment systems are critical to EC success Most common payment method: credit cards Customers have security concerns regarding sending credit card information (name card number, expiration date etc.)

    Slide 3:To provide security most companies use SSL (Secure Socket Layer, is available on customers browsers) SSL is an encryption mechanism for order taking, queries and other applications Can encrypt credit card numbers Does not protect against all security hazards Another protocoll, developed by Visa/ Mastercard is called SET (Secure Electronic Transaction) used very infrequently due to its complexity and the need for a special card reader by the user

    Slide 4:Is encryption secure enough to protect confidentiality and authentication? Basically with every credit card transaction (offline at merchants shop or online via envelope, fax, phone or email) customers credit card information will be unveiled Line sniffing is additional risk Using encryption techniques is the most secure protection method available

    Slide 5:Payments, Protocols and Related Issues

    Credit card payment not applicable to small item sales (e.g. $0,25 for a digital picture) because of high processing costs (about $1) Micropayments methods and Electronic Cash ( used like phone cards) are possible answers Question is how to integrate these methods with the Internet (e.g. how to read e-cash cards)

    Slide 6:Security requirements

    Payments, Protocols and Related Issues (cont.) Authentication: A way to verify the buyers identity before payments are made Integrity: Ensuring that information will not be accidentally or maliciously altered or destroyed, usually during transmission Encryption: A process of making messages undecipherable except by those who have an authorized decryption key Nonrepudiation: protection against customers unjustifiable denial of placed orders, and against the merchants unjustifiable denial of payments made

    Slide 7:Security Schemes

    Secret key cryptography (symmetric or private key encryption) Sender and receiver use the same key Message Text Ciphered Text Message Text Sender Receiver Encryption Decryption

    Slide 8:Public Key Cryptography (asymmetric encryption) uses two keys (private and public key)

    Security Schemes (cont.) Message Text Ciphered Text Message Text Sender Receiver Encryption Decryption

    Slide 9:Public Key Cryptography (asymmetric encryption) uses two keys (private and public key) Public key is known to all authorized users Private key is known to one person the owner Procedure Sender encrypts the message with the receivers public key (requires the key to be delivered in advance) Message can only be decrypted with receivers private key

    Security Schemes (cont.)

    Slide 10:Public Key Cryptography... Length of the key is main factor in securing a message 4 bit long (e.g. 0101) there are 16 possibilities (24=16) 56 bit long there are 256=72 quadrillion possibilities Two most popular methods: PGP (Pretty good privacy) and RSA (Rivest, Shamir, Adelman) Have never been broken by hackers (too time- and resources-consuming)

    Security Schemes (cont.)

    Slide 11:Digital Signature

    A digital signature is attached by a sender to a message encrypted in the receivers public key Sender encrypts a message with his private key Security Schemes (cont.) Analogous to handwritten signature

    Slide 12:Electronic Credit Card System offline or online)

    The Players Cardholder Merchant (seller) Issuer (your bank) Acquirer (merchants financial institution, acquires the sales slips) Brand (VISA, Master Card)

    Slide 13:The process of using credit cards offline

    Electronic Credit Card System (offline or online)

    Cardholder Credit Card Procedure (offline and online) 14 Prentice Hall, 2000

    Slide 15:Other Electronic Payment Systems

    Electronic Cash (E-Cash) Systems (Avoid high fees for small payments [micropayments]) Smart cards The concept of e-cash is used in the non-Internet environment Plastic cards with magnetic stripes (old technology) Current generation includes IC chips with programmable functions on them which makes cards smart Present: One e-cash card for one application (cards are recharged at designated locations [bank offices or kiosks]) Future: recharge at your PC

    Electronic Money DigiCash The analogy of paper money or coins Expensive, as each payment transaction must be reported to the bank and recorded Conflict with the role of central banks bill issuance Legally, DigiCash is not supposed to issue more than an electronic gift certificate even though it may be accepted by a wide number of member stores

    Slide 16:Other Electronic Payment Systems

    Stored Value Cards (prepaid cards) No issuance of money Delivering vehicle of cash in an electronic form implemented on the Internet without employment of an IC card (chip-card)

    Slide 17:Other Electronic Payment Systems

    Slide 18:Smart card-based e-cash Can be recharged at home through the Internet Can be used on the Internet as well as in a non-Internet environment Ceiling of Stored Values To prevent the abuse of stored values in money laundry S$500 in Singapore; HK$3,000 in Hong Kong Multiple Currencies Can be used for cross border payments

    Other Electronic Payment Systems

    Slide 19:Five Security Tips

    Dont reveal your online Passcode to anyone. If you think your online Passcode has been compromised, change it immediately. Dont walk away from your computer if you are in the middle of a session. Having finished banking on the Internet, always sign off before visiting other Internet sites. If anyone else is likely to use your computer, clear your cache or turn off and re-initiate your browser in order to eliminate copies of Web pages that have been stored in your hard drive. It is strongly recommended to use a browser with 128-bit encryption (e.g. Netscape 4.5 or higher) to conduct secure financial transactions over the Internet.