Wednesday, February 25, 2009

ONLINE PAYMENT SYSTEM

ONLINE PAYMENT SYSTEMS

Various methods have been used for online payments. In general, the various payment mechanisms can be broadly classified in to three categories- cash, cheques and credit cards. Many virtual shops, on the internet, accept payment through digital cash, electronic cheques or the credit card mechanism. Digital cash is the electronic equivalent of physical cash, with all the4 inherent properties of cash embedded in it. Digital cash represents, in a sequence of binary numbers, an intrinsic value in a chosen currency. During transmission from the buyer to the seller, the binary numbers are susceptible to interception by packet sniffing programs, and hence resultant fraud. Encryption offers solutions to some of these problems. In order to implement versatile solutions, a payment protocol and storage mechanism, for digital currency, need to be implemented and followed by all the parties involved in the transaction. In case of any breach, the system should be capable of providing safeguards to prevent frauds. Security remains a paramount concern in an electronic payment system. As the payment systems involve direct financial transaction, dealing with the movement of actual money, they become prime targets for defrauders all over the world. Digital money is represented in bits and bytes, thus, unlike minted money it is far easier to replicate, at almost zero cost. Even though they can be in a secure format locally, the very nature of electronic commerce requires its movement over the network. The open environment of the internet makes it susceptible to interception, duplication, and manipulation. Thus, the issue of ensuring integrity, confidentiality and non-refutability acquire an added significance.
In order to become widely acceptable, the digital financial transactions need to infuse a degree of confidence in users. Users of the system have to feel secure, not only from intruders, but also from system failures during the transaction. In other words, although transactions are carried out in distributed environment, they have to exhibit the Atomicity, Consistency, Isolation, and Durability (ACID) properties. In traditional currency (cash) transactions the user/payer can maintain anonymity and untraceability. Anonymity implies that buyers are able to hide their identity while making certain purchases. Untraceability implies that no one can link different payments made by a single buyer. As a result, no one should be able to learn or monitor the spending patterns, or sources of funds of a particular individual.
Irrespective of the type of payment mechanism adopted, digital payment mechanisms have to exhibit certain characteristics, to meet the basic requirements becoming a viable alternative to traditional payment mechanism. These requirements include broad acceptability of the digital currency across the commercial world, anonymity, untraceability, reliability, scalability, convertibility, and efficiency. The important basic requirements are discussed as follows:
Acceptability: the payment infrastructure should not only be robust, but also available and accessible to a wide range of consumers and sellers of goods and services. The value stored in the digital cash should be honoured and accepted by other banks and financial institutions for reconciliation.
Convertibility: the electronic currency should be interoperable and exchangeable with the other forms of electronic cash, paper currencies, deposits in bank accounts, bank notes or any other financial instrument.
Flexibility: Payment systems should be in a position to accept several forms of payments rather than limiting the users to a single form of currency.
Reliability: The payment system should ensue and infuse confidence in users. The users should be completely shielded from systemic or a single point failure.
Efficiency: efficiency here refers mainly to the cost overheads involved in the operation of digital payments. The cost of payment per transaction should be ideally close to zero. This assumes added significance in the case of micro payments that are typically in the range of fraction of a currency unit.
Security: digital currency should be stored in a form that is resistant to replication, double-spending, and tampering. At the same time, it should offer protection from the intruders trying to tap it and put it to unauthorized use, when transmitted over the internet.
Usability: The user of the payment mechanism should be able to use it as easily as real currency. This requires that the payment system should be well integrated with the existing applications and processes that acquire the role of transacting parties in electronic commerce.
Scalability: The payment system should offer scalable solution, i.e., it should be able to offer the same performance and cost per transactions overheads with a growing number of customers and transactions. Although, ideally a payment system’s scalability should range from micro payments to business payments, the differing nature of demands placed by these two ranges are difficult to reconcile in a single payment system. 
With the growth of the internet economy, a variety of transactions, some of extremely low value, while others of high value, need to be handled. Based on the size of payment, all payment transactions can be classified in the following three categories:
Micro Payments: These transactions usually involve ones that have very low payment value. At times, the value of a transaction may be a fraction of a currency unit. Typically, transactions that are of five or lesser currency units, in case of dollars and fifty in case of the rupee, are treated as micro payments.
Consumer Payments: These payments typically involve values of five to five hundred currency units, in the case of dollars and euros, and may be 50-50000 units, in case of the rupee. These are the dominant form of payment transactions, as most of the consumers buying in a single shopping trip fall under this category.
Business Payments: Usually transactions that are of higher amounts- five hundred and above in case of dollars or five thousands and above in case of rupee- are treated as business payments. Business- to- Business payment transactions are in the higher range, and fall in this category.
In the real world, we have three distinct types of payment systems- Pre paid, Instant-paid, and Post-paid. None of the electronic payment systems are as of now equivalent to or carry the Government/Central Bank guarantee, like physical cash; debit cards come closest to instant-paid electronic payment systems. The electronic/digital cash in fact is a prepaid payment system, where physical currency is used for acquiring the digital cash that can be spent in the electronic payment environment. 


REQUIREMENTS METRICS OF A PAYMENT SYSTEM



The importance of individual characteristics is determined by the actual need of the transacting parties. For example, for one user remaining anonymous during transactions could be the most important thing, while for other the ability to carry out low value transactions, efficiently, may be the important t feature. When deciding on a particular digital payment system, the possible characteristics have to be ranked according to the preferences and needs of the decision maker. Here, we discuss these requirements in a payments system can be evaluated.


TRANSACTION

Transaction, in context of payment systems, refers to the actual exchange of currency with the goods being transferred. Every transaction should exhibit the following four characteristics.

ATOMICITY: it refers to the system’s ability to ensure that no partial transactions or exchange can take place. In other words, if system failure takes place in the middle of a transaction, the effect of the transaction is fully erased, and system will be restored to the original state. That is, either a transaction should occur completely or should not occur at all.

TRANSFER OF FUNDS: there should not be any currency loss in the transaction. Either a full transfer – in which the account of the payer is debited and the account of the payee credited with the corresponding amount – should take place or no change of accounts should occur at all.

CONSISTENCY: There should be no ambiguity in the transaction. All parties concerned must agree on the relevant facts i.e., amount and reason of transfer, of the transaction.

DURABILITY: durability becomes important in case the system crashes during the transfer. Even after a system crashes, the system should recover to a state, where transaction and status information is consistent. If the crash occurred prior to transfer than the system should reflect the prior state, otherwise it should show the durable effect of the transfer.
 

  
SECURITY

Security, in the context of payment systems, refers to the system’s ability to protect all parties from frauds, due to interception of online transmission and storage. The payment system should be secure enough to offer the following:

FRAUD PROTECTION: digital payment system must be tamper resistant and should have built in mechanism to prevent illegal use of digital cash. At the very least, the digital payment systems must provide the means for detection and punishment of misuse, after fraud.

NO DOUBLE SPENDING: since digital cash is represented by bytes that can be easily copied and resents, the digital payment system should safeguard against reuse of currency. This type of fraud can be initiated not only by customers who might reuse digital money for several purchases, but also by merchants who could attempt to resubmit digital money for redemption.

NO OVERSPENDING: the system should have the means to ensure that the user is unable to spend beyond the money represented by token, or held in the purse. Prevention of customer overspending i.e., exceeding spending limits, is another fraud protection issue, especially in account based systems.

NON-REFUTABILITY: the parties involved should be able to verify that payment transaction has taken place, along with the amount and the purpose of transaction. A record of the transaction should be produced, in demand, in case of dispute, though it may have implications on the control of privacy.

UNATHORIZED USE: the tokens stored in soft formats/digital data are easy to steal, a good payment system should prevent the stealer from being able to spend the tokens. In the case of devise dependent payment system, it should not be easy to steal the payment device, and unauthorized owners should not be able to use the payment device.

PRIVACY CONTROL: the payment system should make it possible for customers to keep their spending habits private from observers, merchants and banks.

CONFIDENTIALITY: the grants of confidentiality by the payment system are essential to the user. In an ideal situation, the payment transaction should be carried out in such a manner that it maintains confidentiality if all the intermediate information and yet ensures the value transfer.

NON-TRACEABILITY: payment system should ensure ruling out any possibility of two different payments, by the same user, being linked together. The transaction should also maintain anonymity and non traceability similar to cash payment in a shop.


INTEROPERABILITY

The interoperability of the payment systems refers to the ability to operate in multiple online as well as offline payment environments. The various issues involved under this are:

DIVISIBILITY: money should allow for both low value and high value transactions. Hence, it should be possible for users to replace a single high denomination transaction by several low denomination transactions as and when desired.

BI-DIRECTIONALITY: the payment system should not only allow the regular merchants to receive payments, but also customers to receive refunds. The payment instrument should work both ways, without either party being required to attain registered merchant status.

ACCEPTABILITY: in interest of long term viability, the payment system should not be restricted to any particular financial institution. All institutions and banks should also accept the electronic cash issued by an institution.

MULTI-CURRENCY SUPPORT: since e-commerce has a global reach, a single national currency support impedes worldwide acceptance. Hence, the payment system should support multiple currencies and a reasonable mechanism for converting one currency into another. Of course, this requirement is not a very easy to implement, given the volatility in exchange rates and limited convertibility of many currencies around the world.

EXCHANGEABILITY: it should be possible for electronic payments of one digital payment system to be exchanged for payments of another digital payment, or for any other bankable instrument.

PORTABILITY: security and usability of a payment system should not be dependent on a certain physical location. E.g. On a particular computer. The owner of the digital currency should be able to spend it from any location, even when on move.



SCALABILITY


Scalability refers to the level of operations possible within a certain payment system. In a mature electronic payment system there will be very high volumes of payment made online; it may have certain peak hours, resulting in burst load pattern on the system. The payment systems should be able to support many consumers buying goods at the same time from many merchants, even under peak conditions. The service should be scalable for the load performance and efficient for the micro payments as well as general payments.
OFFLINE OPERATION: usually, the payment system involve a trusted third party who is online for validation and authorization. It should also support offline operations where the third party is not necessarily available online all the times. Direct transactions between customers and merchants, conducted securely without a trusted third party being online all the time, reduces delays and increases availability of the payment system.
MICRO PAYMENTS: micro payments refer to payments for the services that are offered even at fractions of the basic unit of currency. These services are normally made available on a pay per use basis. A payment system should make low value transactions economically feasible. Therefore, micro payments techniques need to be both inexpensive and fast.

LOW COSTS: the cost of executing a payment transaction should be low enough to render low value transactions economical.

EFFICIENCY: digital payment systems must be able to perform micro payments without noticeable loss of performance.

MACRO PAYMENTS: these payments refer to transactions that usually start from multiple units of the basic currency unit. The system should be able to handle these payments in a secure and efficient fashion.




ECONOMY ISSUES

In order to become an accepted economical instrument, a digital payment system needs to provide a trusted, reliable and economically feasible service to a sufficiently large user community.

OPERATIONAL: a system should be deployable immediately, i.e., the testing of the payment system should not be so protracted as to render the mass use impossible.

LARGE USER BASE: the payment system should be used by a large number of customers. The size of customer base willing to use the digital payment system affect the merchant’s attraction to it, while currency acceptance by large number of merchants affects the size of the user base.

LOW RISK: the electronic payment system should minimize the risk of financial loss associated with the use of such payment system, it should at best be limited and controlled. In order to develop trust, users should be protected, to some extent by the payment system, from the financial losses emanating from system misuse.

RELIABILITY: an electronic payment system must be highly reliable in its operations. It should ensure high availability as even a temporary failure can cause uncontrollable losses to its user base.

CONSERVATION: it refers to the conservation of value stored in digital currency, over a period of time. It should be easy to store and retrieve the value. The value of money should be lasting in nature, it should diminish when spent, rather than become invalid with the passage of time.

EASE OF INTEGRATION: the electronic payment system needs to be integrated with applications that conduct the e-commerce process over the network. The process of integrating electronic payment system with e-commerce applications should be easy, to facilitate their growth of usage.


EASE OF USE

The usability of the electronic payment system plays an important role in its being adopted by the user community. The electronic payment system should be easy for the user to relate to accessible and simple enough to understand. It should operate in a fashion that builds confidence in users. At no stage should the users feel lost or confused in the process of making payments.

UNOBTRUSIVENESS: this refers to the operational transparency of the electronic payment system. A payment process should be clear, concise, simple to understand and yet should operate with minimal interruption and intervention from the user.

LOW LATENCY: the payment protocol used in the transaction should have a low performance overhead. It should not become an overhead on the purchase transaction.

LOW TRANSACTION COST: the overhead cost charged to the users, in making the payment through the electronic payment system, should be extremely low and depend on the value of the transaction. It acquires added significance in the case of micro payments.

HARDWARE INDEPENDENCE: users should not require specialized hardware to make use of the payment system. Hardware dependence, which is expensive, would vastly limit the popularity and hence the use of the payment system itself.


SMART CARDS


The enormous potential of electronic tokens is currently stunted by the lack of a widely accepted and secure means of transferring money on-line. In spite of the many prototypes developed, we are a long way from a universal payment system because merchants and banks have to be signed up and a means has to be developed to transfer money. Such a system moreover must be robust and capable of handling a large number of transactions and will require extensive testing and usage to iron out all the bugs.

  In the meantime, thousands of would-be sellers of electronic commerce services have to pay one another and are actively looking for payment substitutes. One such substitute is the smart card. Smart cards have been in existence since the early 1980s and hold promise for secure transactions using existing infrastructure. Smart cards are credit and debit cards and other card products enhanced with microprocessors capable of holding more information than the traditional magnetic stripe. The chip, at its current state of development, can store significantly greater amounts of data, estimated to be 80 times more than a magnetic stripe. Industry observers have predicted that, by the year 2000, one-half of all payment cards issued in the world have embedded microprocessors rather than the simple magnetic stripe.
   
  The smart card technology is widely used in countries such as France, Germany, Japan, and Singapore to pay for public phone calls, transportation, and shopper loyalty programs. The idea has taken longer to catch on in the United States, since a highly reliable and fairly inexpensive telecommunications systems has favored the use of credit and debit cards. 

  Smart cards are basically of two types: relationship-based smart credit cards and electronic purses. Electronic purses, which replace money, are also known as debit cards and electronic money.

Relationship-Based Smart cards  


Financial institutions worldwide are developing new methods to maintain and expand their services to meet the needs of increasingly sophisticated and technically smart customers, as well as to meet the emerging payment needs of electronic commerce. Traditional credit cards are fast evolving into smart cards as consumers demand payment and financial services products that are user-friendly, convenient, and reliable.
  A relationship-based smart card is an enhancement of exiting card services and/or the addition of new services that a financial institution delivers to its customers via a chip-based card or other device. These new services may include access to multiple financial accounts, value-added marketing programs, or other information cardholders may want to store on their card. The chip-based card is but one tool that will help alter mass marketing techniques to address each individual’s specific financial and personal requirements. Enhanced credit cards store cardholder information including name, birth date, personal shopping preferences, and actual purchase records. This information will enable merchants to accurately track consumer behavior and develop promotional programs designed to increase shopper loyalty.
   

  Relationship-based products are expected to offer consumers far greater options, including the following:

 Access to multiple accounts, such as debit, credit, investments or stored value for e-cash, on one card or an electronic device.
 A variety of functions, such as cash access, bill payment, balance inquiry, or funds transfer for selected accounts.
 Multiple access options at multiple options at multiple locations using multiple device types, such as an automated teller machine, a screenphone, a personal computer, a personal digital assistant (PDA), or interactive TVs.

Companies are trying to incorporate these services into a personalized banking relationship for each customer. They can package financial and nonfinancial services with value-added programs to enhance convenience, build loyalty and retention, and attract new customers. Banks are also attempting to customize services on smart cards, offering a menu of services similar to those that come up on ATM screens. As with credit cards, banks may link up with health care providers, telephone companies, retailers, and airlines to offer frequent shopping and flyer programs and other services.

Electronic Purses and Debit Cards


Despite their increasing flexibility, relationship-based cards are credit based and settlement occurs at the end of the billing cycle. There remains a need for a financial instrument to replace cash. To meet this need, banks, credit card companies, and even government institutions are racing to 

introduce “electronic purses,” wallet-sized smart cards embedded with programmable microchips that store sums of money for people to use instead of cash for everything from buying food, to making photocopies, to paying subway fares.

  The electronic purse works in the following manner. After the purse is loaded with money, at an AM or through the use of an inexpensive special telephone, it can be used to pay for, say, candy in a vending machine equipped with a card reader. The vending machine need only verify machine equipped with a card reader. The vending machine need only verify that a card is authentic and there is enough money available for a chocolate bar. In one second, the value of the purchase is deducted form the balance on the card and added to an e-cash box in the vending machine. The remaining balance on the card is displayed by the vending machine or can be checked at an ATM or with a balance-reading device. Electronic purses would virtually eliminate fumbling for change or small bills in a busy store or rush-hour toll booth, and waiting for a credit card purchase to be approved. This allows customers to pay for rides and calls with a prepaid card that “remembers” each transaction.  
  And when the balance on an electronic purse is depleted, the purse can be recharged with more money. As for the vendor, the receipts can be collected periodically in person-or, more likely, by telephone and transferred to a bank account. While the technology has been available for a decade, the cards have been relatively expensive, from $5 to $10. Today the cards cost $1, and special telephones that consumers could install at home to recharge the cards are projected to cost as little as $50. A simple card reader would cost a merchant less than $200.

Smart-Card Readers 


The benefits of smart cards will rely on the ubiquity of devices called smart card readers that can communicate with the chip on a smart card. In addition to reading from and writing to smart cards, these devices can also support a variety of key management methods. Some smart-card readers combine elements of a personal computer, a point-of-sake terminal, and a phone to allow consumers to quickly conduct financial transactions without leaving their homes.

Business issues and Smart Cards


For merchants, smart cards are a very convenient alternative to handling cash, which is becoming a nightmare. Cash is expensive to handle, count, and deposit and incurs slippage, a commercial term for theft, fraud, or misplacement. Long-range planners in the banking industry see the weaning of small businesses and consumers from cash as the last step to closing many expensive branches and conducting virtually all business by telephone through cash machines and perhaps home computers. In fact, it is estimated that 4 percent of the value of cash that is deposited gets eaten up in handling costs. Banks and card issuers also expect to cut down on fraud, given that an embedded microchip is harder to tamper with than magnetic stripe technology.