Unit 4
Electronic Payment
Systems and Internet Banking
Electronic Payment Systems and
Internet Banking:
Electronic payment systems
comprise payment services over the network for goods and services procured.
They are integral to the completion of e-commerce transactions. services
offered and pro[1]cured
over the Internet. Authentication, integrity, authorization and confidentiality
are the basic security required.
An electronic payment system
consists of the following components:
1) Buyer
2) Seller
(Merchant)
3) Payment
gateway
4) Buyer’s
bank (issuer of the payment instrument)
5) Seller’s
bank (acquirer)
When a buyer procures goods or services electronically from
a merchant, the method of payment could be chosen to be a credit card. Before
the merchant agrees to supply the item to the buyer, the merchant looks for the
assurance that the payment will be fulfilled.
A request containing the transaction details is sent to the
payment gateway by the merchant. The payment gateway, in turn, interacts with
the issuer bank on the financial network to carry out the verification. The
result is sent back to the merchant to enable the merchant to decide on whether
the goods/services should be supplied or not.
Payment gateways handle all the payment operations that are
needed for operating e-commerce sites. The servers on these sites have to be
secured and duly certified by a Certifying Authority. Payment gateways can
process multiple payment mechanisms including debit cards and smart cards.
Normally, there are two functions within payment gateway software. These are:
2)The settlement function which facilitates the carrying out of actual inter-bank transactions.
The entire system provides
facilities like formatting, encrypting and digital signing of the orders for
transferring to the financial network. In India, payment gateway services are
offered by ICICI, Citibank, Global Telesystems and HDFC Bank.
These systems enable the seller
to perform real-time credit card authorisation or debit card settlements from a
website over the Internet. Payment can be made within seconds after the gateway
obtains authorisation from the credit card institutions.
1) The
Direct Pay process flow involves the following steps:
2) The
customer browsing on the merchant site, finalises his/ her purchase.
3) The
customer decides to make payments for the transaction that he/she has
finalised.
4) The
customer selects ‘Debit my HDFC Bank A/C’
5) The
customer clicks on the pay button and he/she is traversed to page to make
payments
6) The
customer enters his/her Netbanking ID and password.
7) The
customer then selects the account, from which he/she wants to make the purchase
8) The
customer account with HDFC Bank is debited online and the transaction is over
for the customer.
9) The
merchant account is credited for the transaction amount, less the transaction
fee.
10The
customer is honoured with the purchase made as per the terms of the merchant
agreed upon by the customer.
Internet Banking
Internet banking allows any user
with a PC and a browser to get connected to his bank’s website to perform any
of the virtual banking functions and avail himself of any of the bank’ services.
There is no human operator
present in a remote location to respond to his needs such as in telephone
banking, or in a call centre. The bank has a centralised database that is web enabled.
All the services that the bank has permitted on the Internet are displayed in a
menu.
The Reserve Bank of India has
issued guidelines for Internet banking, covering:
1. Technology and security standards
2. Legal issues
3. Regulatory and supervisory
issues
Technology and Security Standards:
The need for banks to define
security policies has been emphasised. Although the use of Public Key
Infrastructure (PKI) has been suggested, the use of at least 128-bit SSL for
server authentication and for securing browser-to-web server communication has
been mandated
Legal Issues:
The asymmetric cryptosystem as
advocated in the IT Act, 2000 has been recommended as the security procedure
for digital signatures for authenticating electronic records.
Regulatory and supervisory issues:
The following guidelines apply
for these issues:
1) Internet
banking service can only be offered to the account holder of the bank and only
for Indian local currency products.
2) All
banks that offer transactional services on the Internet will do so after
obtaining approval from the RBI.
3)
Any breach or failure of security systems is
to be reported to the RBI. l Interbank payment gateways can only be set up by
those institutions that are members of the cheque clearing systems in the
country.
PayPal:
PayPal, an eBay
company, has a unique payment model wherein money can be sent to anyone who has
an e-mail address. Founded in 1998, PayPal was acquired by eBay Inc. in
October, 2002.
PayPal is not a
payment gateway. Customers of PayPal are allowed to move money electronically
from their bank account to other PayPal account holders, unlike traditional
banks wherein such transfers require cheques. Account holders can send money to
non-account holders by creating a virtual account attached to an e-mail
address.
In PayPal’s
model, when the recipient gets a ‘you’ve got cash’ e-mail and is directed to go
to PayPal’s website, he has to open an account by filling out a one-screen form
providing his name, phone number and e-mail address.
Once the
account is opened, the recipient claims the payment. The payment appears in the
recipient’s PayPal account balance. The recipient can choose to transfer the
funds to a bank account, request a cheque, or send the funds to someone else.
Customers were
encouraged by PayPal to register their bank accounts so that the PayPal account
could be funded from a bank account through the ACH. The account was then
verified by a process for which PayPal had applied for a patent.
The Secure Electronic Transaction (SET)
Protocol:
The SET
protocol was developed by Visa and MasterCard to provide security for credit
card-based payment transactions on the Internet. Figure 18.4 exhibits the SET
protocol.
SET addresses the following business
requirements of confidentiality, integrity, authentication and
interoperability:
1)
Confidentiality of payment information and order
information that is transmitted along with the payment information
2)
Integrity of all data that is transmitted
3)
Authentication that a cardholder is a legitimate
user of a branded payment card account.
4)
Authentication that a merchant can accept
branded payment card transactions through his relationship with an acquiring
financial institution
5) Use
of the best practices for security and system design so as to protect all
legitimate parties in an electronic commerce/payment transaction
When SET is
used for completing an e-commerce transaction, the entire process can be broken
up into the following activities:
1)
The cardholder selects items for procurement.
2)
The cardholder is presented with an order form
containing the list of items, their prices, and a total price including
shipping, handling and taxes. This order form can be obtained from the website
of the merchant or can be created on the cardholder’s computer by special
purpose electronic shopping software.
3)
The cardholder selects the means of payment—in
this case, a payment card is selected.
4)
The cardholder sends the merchant a completed
order form along with the payment instructions. The order and the payment
instructions are digitally signed by the cardholder who is already in
possession of digital signature certificates.
5)
The merchant requests payment authorisation from
the cardholder’s financial institution. On receiving authorisation, the
merchant sends confirmation of the order.
6)
The merchant ships the goods or performs the
requested services from the order.
7)
The merchant requests payment from the
cardholder’s financial institution.
Electronic Cheque:
Electronic
cheque is yet another mechanism for Internet payments. This facility is the
Internet version of Financial EDI systems which have allowed these functions to
be performed over VANs. The electronic cheques provide Internet websites with
the ability to perform the following functions:
1)
Present the bill to the payer
2)
Allow the payer to initiate payment of the
invoice
3)
Provide remittance information
4)
Allow the payer to initiate automatic payment
authorisations for a pre-specified amount or range of amount
5)
Interface with financial management software and
transaction processing software
6)
Allow payments to be made to new businesses
with which the payer has never before transacted.
Reference:
E-Commerce The Cutting Edge of
Business Second Edition by KAMLESH K BAJAJ & DEBJANI NAG , Tata McGraw-Hill
Publishing Company Limited NEW DELHI