Electronic Payment System
By Kang-Hun Lee
(MBA 693R E-Commerce)
I. Introduction
With the continuing rapid growth of E-commerce,
transactions on the Internet have been increasing exponentially. And such transactions
require some reliable and secure payment systems. In fact, one of the key
factors in the success of E-commerce is the development of convenient, reliable
and secure electronic payment system.
To understand the issues and current activities regarding
the development of electronic payment system, I discuss the following in this
paper.
·
Existing
paper-based payment system
·
Major issues
in designing an electronic payment system
·
Electronic
payment system
II.
Existing
paper-based payment system
The existing paper-based payment system can be largely
classified as paper checks and credit card systems. In a paper checks processing
system, the cost of normal operations is frequently outweighed by the costs
associated with exception handling. If a typical transaction
costs US 5 cents to process, and the manual labor associated with handling
errors and exceptions comes to an average of $25,
even with an error rate of only two per thousand, exception costs will equal
normal processing costs. As electronic processing
drives down the cost of normal transactions, exception handling becomes
relatively more significant. Payment systems must
therefore be implemented to the highest standards of reliability, with
automated procedures for recovering from
errors whenever possible.
On the other hand, the credit card system was designed to provide
immediate gratification of the wants of consumers by allowing them to purchase goods or services on credit. A credit card is a token of trust that
transfers the risk of granting credit from a merchant to the card-issuing bank.
III.
Major
issues in designing an electronic payment system
Translating checks or credit
card transactions to the Internet requires finding electronic and business
model equivalents for the functions used in the existing paper-based system. The simple model below illustrates the major issues that must be
addressed in designing an electronic payment system.
·
Naming:
there must be an unambiguous way of identifying the payers' bank accounts and the payees' bank accounts.
·
Signatures:
it must be possible for the payers' banks to verify that payment instructions were generated by people authorized
to use accounts.
·
Integrity:
electronic checks should be difficult to alter.
·
Confirmation:
payees must have confirmation that transfers took place; payers must have
notification of transfers out of their accounts.
·
Confidentiality:
third parties should not be able to monitor such payments.
·
Settlement:
separate banking institutions must have a way of settling their accounts.
Signatures and
confidentiality are the two biggest problems in creating digital payment
instruments. These issues are typically handled
with some form of cryptography. The use of public and private-key pairs allows
a message to be "signed" digitally and verified by anyone who has the public key. Some form of public-key
infrastructure, such as certificates, must be employed to associate a named user or an account unambiguously with a particular
public key. Message digests provide integrity.
Most payment systems require
special consumer and merchant software to prepare and process electronic
payment messages. Although the consumer
software is often described as an "electronic wallet," that term is
misleading; funds are never kept in the wallet,
which acts rather as an electronic checkbook for signing payment
orders--managing keys, performing cryptographic operations, and formatting messages, as well as acting as a check
register for keeping track of transactions.
The use of credit cards over
the phone for catalog shopping is well established. Some of the first Internet
systems propose to extend that model to
shopping from Web-based catalogs.
IV. Electronic Payment System
1. CyberCash's
gateway
CyberCash Inc. implemented a system for protecting credit card presentation on the
Internet in April 1995. The company, which provides software to both consumers
and merchants, operates a gateway between the Internet
and the authorization networks of the major credit card brands.
Since the information is
encrypted under CyberCash's public key, the merchant does not actually see the
consumer's credit card number--a procedure that in
theory cuts the risk that customer credit card numbers will be abused. In
practice, so many catalog
Companies organize their customer marketing records
by credit card numbers that an acquirer usually authorizes CyberCash to provide them to merchants on request.
2. Secure
electronic transactions
In February 1996, Visa and
MasterCard announced their joint support of a standard protocol, dubbed Secure
Electronic Transactions (SET), for
presenting credit card transactions on the Internet. SET is designed to operate
both in real time, as on the
World Wide Web, and in a store-and-forward
environment, such as e-mail. As an open standard, it is also designed to permit consumer, merchant, and banking software companies to develop software
for their respective clienteles independently and to have them interoperate successfully.
Although the software
industry is moving rapidly to implement SET, the protocol poses significant
problems for banks. Card issuers must invest
considerable sums to have public key pairs and certificates issued to their
cardholders. Yet the benefits to the SET card
issuers are not clear.
3. Electronic
checks
Beginning in the early
1970s, banks began searching for ways to reduce the costs of check processing
(6.5¢13¢ per item) by handling payments
electronically. In direct payroll deposit, an employer sends a list of payroll
payments to its bank, which then
transfers funds to the employees' accounts at their
banks through one of several automated clearinghouses (ACH). Consumers use direct payment to deal with recurring bills, such as utility,
mortgage, and auto loan payments. In 1995, four ACH operators--the Federal Reserve, the New York Clearinghouse, the Arizona
Clearinghouse, and VisaNet ACH Services--handled 2.9 billion transactions worth $13 trillion on their private electronic
networks. The cost to banks was only half of what they would have spent processing checks manually. Payers and payees saved even
more.
On the Internet, a paper
check can readily be replaced by a digitally signed message--that is, an
electronic check. A consortium of banks
working through the Financial Services Technology Consortium (FSTC) Inc. has
demonstrated a prototype electronic check system
4. Instant
debit systems
To the extent that FSTC's
electronic checks rely on the conventional ACH system for clearing, they cannot
give the merchant immediate payment
confirmation of the sort provided by credit card authorization. CyberCash,
Carnegie Mellon University, and
GC Tech have introduced, or are developing, low-cost
debit payment systems that give a merchant an immediate assurance that the payment will go through.
These systems provide a
service model based on the concept of an on-line bank account, with immediate
posting of transactions so that payees can get
real-time confirmation that funds are available.
5. NetBill
for information delivery
NetBill, a system under
development at Carnegie Mellon University is optimized for delivering such
information goods as text, images, and software over the Internet. The system has stressed the importance of
guaranteeing that consumers receive the information they pay for. To that end, consumers are not charged until the information has
actually been delivered to them. Similarly, merchants are guaranteed payment for goods delivered. The basic NetBill protocol has
eight steps, beginning with the authentication of identity (using public-key cryptography) and ending with the transmission of a
decryption key to the consumer so that the information being purchased can be decrypted and presented.
6. CyberCoin
for small deals
In September 1996, CyberCash
Inc., Reston, Va., introduced its CyberCoin service, which is designed to
support low-cost (25 cent to $10) transactions for
information goods over the World Wide Web. Like the NetBill and GC Tech
systems, this one relies on a real-time account database
to track Internet transactions.
IV. Summary
Payment systems can be
expected to go on proliferating for the next several years, until the market
determines the most desirable combinations of functions,
price, and performance. The paper world, after all, has many different
instruments, which embody different tradeoffs among
risk, cost, complexity, responsiveness, and the time until the transaction is
final. The same variety should be expected in electronic
credit and debit systems.
Yet new technologies uncover
new ways to distribute risk, liability, and cost among the parties to a
transaction. They will take somewhat longer to develop, however, as they require changes in regulatory assumptions, case law,
and participant behavior, all of which evolve much more slowly than technology does.
Reference
1.
Credits and
Debits on the Internet, Marvin A. Sirbu, Carnegie Mellon University, 1997