Lecture 8 (Chapter 11)

Online Payment Systems

Md. Mahbubul Alam, PhD

Professor
Intended Learning Objectives (ILOs)

• The basic functions of online payment systems

• The use of payment cards in electronic commerce
• The history and future of electronic cash
• How electronic wallets work
• The use of stored-value cards in electronic commerce
• Internet technologies and the banking industry

02/28/2021 2
Online Payment Basics

• Online payment systems

 Still evolving
 Competition for dominance
 Cheaper than mailing paper checks
 Convenient for customers
 Save companies money

• Costs per bill

 Billing by mail: between $1.00 and $1.50
 Internet billing and payment costs: 50 cents
 Significant environmental impact
02/28/2021 3
Online Payment Basics (cont’d)

• Four ways to purchase items (traditional and electronic)

 Cash, checks, credit cards, debit cards
 90% of all United States consumer payments

• Electronic transfer: small but growing segment

 Popular example: automated payments

• Credit cards
 Worldwide: 90% of online payments
 United States: 97% of online payments
 Non-card payment alternatives (PayPal) becoming increasingly
popular
02/28/2021 4
Payment Cards

• Payment card
• Describes all types of plastic cards used to make purchases
• Categories: credit cards, debit cards, charge cards

• Credit card (Visa, MasterCard)

• Spending limit based on user’s credit history
• Pay off entire credit card balance
• May pay minimum amount
• Card issuers charge unpaid balance interest
• Widely accepted
• Consumer protection: 30-day dispute period
02/28/2021 5
Payment Cards (cont’d)

• Debit card • Charge card (American Express)

o Removes sales amount from o No spending limit
cardholder’s bank account o Entire amount due at end of billing
o Transfers sales amount to seller’s period
bank account o No line of credit or interest charges
o Issued by cardholder’s bank o Examples: department store, oil
o Carries major credit card issuer name company cards
o Retailers may offer their own charge
cards
o Often called store charge cards or
store-branded cards

02/28/2021 6
Payment Cards (cont’d)

• Single-use cards
• Prepaid Cards
o Cards with disposable numbers
o Cards that can be redeemed by
o Addresses concern of giving online
anyone for future purchases
vendors payment card numbers
o People who do not want to be
o Valid for one transaction only
tempted to purchase more than they
o Designed to prevent unscrupulous can afford
vendor fraud o Often called ‘gift card’
o Withdrawn from the market
 Problem: required different
consumer behavior

02/28/2021 7
 Payment Cards: Advantages Vs. Disadvantages

• Advantage for merchants • Disadvantage for merchants

o Fraud protection o Per-transaction fees, monthly processing fees
 Can authenticate and authorize o Viewed as cost of doing business
purchases using a payment card o Goods and services prices: slightly higher
processing network
o Advantage for U.S. consumers
 Liability of fraudulent card use: $50
 Frequently waived if card stolen
o Greatest advantage • Disadvantage for consumers
 Worldwide acceptance o Annual fee
 Currency conversion handled by
card issuer
02/28/2021 8
Payment Acceptance and Processing

• 2 general processes:
1. Acceptance of payment
 Determine that the card is valid and that the transaction will not exceed any credit
limit

2. Clearing the transaction

 All the steps needed to move the funds from the card holder’s bank account into the
merchant’s bank account

02/28/2021 9
Payment Acceptance and Processing (cont’d)

• Closed loop systems

• Card issuer pays merchant
directly
• Does not use intermediary,
such as bank or clearing
house
• e.g., American Express,
Discover Card

02/28/2021 10
 Payment Acceptance and Processing (cont’d)

• Open loop systems

 Involves three or more parties
 Add additional intermediaries
 Third party (intermediary bank)
processes transaction
 Visa, MasterCard: not issued
directly to consumers
 Credit card associations:
operated by association
member banks
 Customer issuing banks: banks
issuing cards

02/28/2021 11
Payment Acceptance and Processing (cont’d)

• CVN/CVV/CV2/CSC
• Chargeback process
 Three- or four-digit number
 Cardholder successfully contests
printed on the credit card
charge
 Not encoded in the card’s
 Merchant bank must retrieve
magnetic strip
money from merchant account
 Merchant may have to cover
chargeback potential

02/28/2021 12
Processing Payment Card Transactions

• Payment processing service providers or Payment • Automated Clearing

Processors, companies offering payment card processing House (ACH)
 Two general types  Network of banks
 Front-end processor (Payment Gateways), authorizes connecting credit card
the transaction by sending the transaction’s details to processing software
the interchange network and storing a record of the vendors and card
approval or denial authorization companies
 Bank-end processor, receives the transaction from the  Transfer funds to clear their
front-end processor and coordinates information flows card payment accounts
through the interchange network to settle the with each other
transaction
 Example: InternetSecure

02/28/2021 13
Processing Payment Card Transactions
14
 Micropayments and Small Payments

• Micropayments •Small Payment

o Internet payments for items costing few o Payments that are between $1 to $10
cents to a dollar o Being offered through mobile
o e.g., Millicent, DigiCash, Yaga, BitPass telephone carrier
o Failed to gain popularity  Buyers make purchases using their
o Barriers mobile phones
• People prefer to buy small value items  Charges appear on monthly mobile
in fixed price chunks, e.g., mobile phone bill
phone fixed monthly payment plans

02/28/2021 15
Electronic Cash (e-Cash, Digital Cash)

• Describes any value storage and • Factors favoring electronic cash

exchange system created by o Potentially significant electronic cash
private (nongovernmental) entity market
o Does not use paper documents or coins o Internet small purchases (below $10)
o Can serve as substitute for o Most of world’s population does not
government-issued physical currency have credit cards
o Readily exchanged for physical cash on
demand
• Problems • characteristics of electronic cash
o No standard among all electronic cash o Ability to spend only once
issuers
o Anonymous use, just as currency is
o Not universally accepted
o Convenience
02/28/2021 16
Holding Electronic Cash: Online and Offline Cash

• Online cash storage • Offline cash storage

 Consumer has no personal possession of o Virtual equivalent of money kept in
electronic cash wallet
 Trusted third party (e.g., online bank) involved o Customer holds it
in all transfers, holds consumers’ cash accounts o No third party involved in
• Online system payment transaction
 Merchants contact consumer’s bank o Protection against fraud concern
o Receives payment for a purchase o Hardware or software safeguards
o Helps prevent fraud (confirm valid cash) needed
o Resembles process of checking with consumer’s
bank to ensure valid credit card and matching
name
02/28/2021 17
Holding Electronic Cash: Online and Offline Cash (cont’d)

• Double-spending • Keys to creating tamperproof

 Spending electronic cash twice electronic cash traceable back to
 Submit same electronic currency to origins
two different vendors  Cryptographic algorithms
 Two-part lock
• Main deterrent to double-  Provides anonymous security
spending  Signals an attempt to double-spend
 Threat of detection and prosecution cash

02/28/2021 18
 Detecting double-spending of electronic cash

02/28/2021 19
Advantages and Disadvantages of Electronic Cash

• Advantages: • Disadvantages:
 Less costly, than other form of  No audit trail, like physical
transactions cash it is untraceable
 No distribution method or  Money laundering, converting
human oversight is required money that obtained illegally
 Any additional cost is nearly into cash
zero  Not popular than credit card
 Does not require any and physical currency
authorization, as is required
with credit card transaction

02/28/2021 20
Electronic Wallets/Digital Wallet/e-Wallet

• Similar as a physical wallet

• An electronic device or software that holds credit card numbers, electronic cash,
owner identification, owner contact information
• Provides information at electronic commerce site checkout counter
• Benefits:
 Consumer enters information once
 More efficient shopping
• Types
• Software-only digital wallets, e.g., Yahoo! Wallet
• Hardware-based digital wallets, NFC-Supported Mobile phone, e.g., Osaifu-Keitai in
Japan
02/28/2021 21
Electronic Wallets (cont’d): Software-based Wallet

1. Server-side electronic wallet 2. Client-based digital wallet

o Stores customer’s information on o Stores information on
remote server of merchant or consumer’s computer
wallet publisher o Disadvantages
o No download time or installation  Must download wallet
on user’s computer software onto every
o Weakness: Security breach computer
o e.g., Microsoft Windows Live ID,  Not portable
Yahoo! Wallet

02/28/2021 22
Stored-Value Cards

• Magnetic Strip Card • Smart Cards

• Card hold value that can recharges by • Uses tiny microchip compute
inserting them into the appropriate processor
machine, inserting currency into the • Stores more information
machine and withdrawing the card.
• Performs calculations and storage
• Cannot send or receive information operations on card
• Cannot increment or decrement the • e.g., Octopus card in Hong Kong
value of cash stored on the card
• Processing only be done on a device
into which the card is inserted

02/28/2021 23
Internet Technologies and the Banking Industry

1. Check Processing • Technologies helping banks

• Disadvantage of paper checks reduce float
 Cost of transporting tons of  2004 U.S. law: Check Clearing for
paper checks the 21st Century Act (Check 21)
 Float, delay between the time  Banks eliminate movement of
person writes check and the time physical checks entirely
check clears person’s bank  Retailer scans customer's check
and transmitted instantly through
clearing system
 Posts almost immediately to both
accounts that eliminates
transaction float

02/28/2021 24
Internet Technologies and the Banking Industry (cont’d)

2. Mobile Banking
 Banks exploring mobile commerce potential
 2009: banks launched sites allowing customers using smart phones to:
 Obtain bank balance, view account statement, find a nearby ATM

 Future plans
 Offering downloadable applications smart phone users can install
 Use to transact all types of banking business

25
02/28/2021 25
Criminal Activity and Payment Systems: Phishing and
Identity Theft

• Online payment systems

• Offer criminals and criminal enterprises an attractive arena in which to operate
• Average consumers: easy prey
• Large amounts of money provide tempting targets

• Phishing expedition
• Technique for committing fraud against online businesses customers
• Particular concern to financial institutions

02/28/2021 26
Phishing Attacks

• Basic structure
 Attacker sends e-mail message
 To accounts with potential for an account at targeted Web site
 E-mail message tells recipient: account compromised
 Recipient must log on to account to correct problem
 E-mail message includes link
 Appears to be Web site login page
 Actually leads to perpetrator’s Web site disguised to look like the targeted Web site
 Recipient enters login name, password
 Perpetrator captures
 Uses to access recipient’s account
02/28/2021
 Perpetrator accesses personal information, makes purchases, withdraws funds 27
Phishing e-mail message
28
Phishing e-mail message (cont’d)
29
Phishing Attacks (cont’d)

• Spear phishing
 Carefully designed phishing expedition targeting a particular person or organization
 Requires considerable research
 Increases chance of e-mail being opened
 Example: 2008 government stimulus checks
 Phishing e-mails appeared within one week of passage

02/28/2021 30
Phishing e-mail with graphics

31
Using Phishing Attacks for Identity Theft

• Organized crime (racketeering)

• Unlawful activities conducted by highly organized, disciplined association
for profit
• Differentiated from less-organized groups
• Internet providing new criminal activity opportunities
• Generates spam, phishing, identity theft

• Identity theft
• Criminal act: perpetrator gathers victim’s personal information
• Uses information to obtain credit
• Perpetrator runs up account charges and disappears
02/28/2021 32
Types of personal information most useful to identity thieves

33
Using Phishing Attacks for Identity Theft (cont’d)

• Large criminal organizations

• Efficient perpetrators of identity theft
 Exploit large amounts of personal information quickly and efficiently
• Sell or trade information that is not of immediate use
 Other worldwide organized crime entities
• Zombie farm
 Large number of computers implanted with zombie programs
• Pharming attack
 Hacker sells right to use zombie farm to organized crime association

02/28/2021 34
Using Phishing Attacks for Identity Theft (cont’d)

• Two elements in phishing

 Collectors: collect information
 Cashers: use information
 Require different skills

• Crime organizations facilitate transactions between collectors and cashers

 Increases phishing activity efficiency, volume

• Each year
 More than a million people fall victim
 Financial losses exceed $500 million
02/28/2021 35
Phishing Attack Countermeasures

• Change protocol
 Improve e-mail recipients’ ability to identify message source
 Reduce phishing attack threat
• Educate Web site users
• Contract with consulting firms specializing in anti-phishing work
• Monitor online chat rooms used by criminals

02/28/2021 36
 Question
Please
?
Acknowledgement:
“E-business” by Gary Schneider

02/28/2021 Prepared & Presented by Md. Mahbubul Alam, PhD 37