Note for Cyber Security - CS by Lakshmi Pandey

Topics ( 7 )

Text from page-1

UNIT-2 continued.. APPLICATION SECURITY ELECTRONIC PAYMENT SYSTEM An e-commerce payment system facilitates the acceptance of electronic payment for online transactions. E-commerce payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking. The ease of purchasing and selling products over the Internet has helped the growth of electronic commerce and electronic payments services are a convenient and efficient way to do financial transactions. Electronic payment has revolutionized the business processing by reducing paper work, transaction costs, labour cost. Electronic Payment is a financial exchange that takes place on-line between buyers and sellers. The content of this exchange is usually some form of digital financial instrument (such as encrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or an intermediary, or by a legal tender. The various factors that have lead the financial institutions to make use of electronic payments are: 1. Decreasing technology cost: The technology used in the networks is decreasing day by day, which is evident from the fact that computers are now dirt-cheap and Internet is becoming free almost everywhere in the world. 2. Reduced operational and processing cost: Due to reduced technology cost the processing cost of various commerce activities becomes very less. A very simple reason to prove this is the fact that in electronic transactions we save both paper and time. Comparison of electronic payment system on Internet with conventional payment mechanism 1. Lack of Convenience: Traditional payment systems require the consumer to either send paper cheques by snail-mail or require him/her to physically come over and sign papers before performing a transaction. This may lead to annoying circumstances sometimes. 2. Lack of Security: This is because the consumer has to send all confidential data on a paper, which is not encrypted, that too by post where it may be read by anyone. 3. Lack of Coverage: When we talk in terms of current businesses, they span many countries or states. These business houses need faster transactions everywhere. This is not possible without the bank having branch near all of the companies offices. This statement is selfexplanatory. 4. Lack of Eligibility Not all potential buyers may have a bank account.

Text from page-2

TYPES OF PAYMENT MODE ON INTERNET There are various ways available to pay online. Various modes of e-payment are as follows:  Payment Cards (Credit card, Debit card, Charge card)  Electronic Cash (E-Cash) / Digital Cash  Electronic Cheque  E-Wallet  Smart Card  Electronic Fund Transfer (EFT) 1. CREDIT CARD Payment using credit card is one of most common mode of electronic payment. Credit card is small plastic card with a unique number attached with an account. It has also a magnetic strip embedded in it which is used to read credit card via card readers. When a customer purchases a product via credit card, credit card issuer bank pays on behalf of the customer and customer has a certain time period after which he/she can pay the credit card bill. It is usually credit card monthly payment cycle. Following are the actors in the credit card system.  The card holder - Customer  The merchant - seller of product who can accept credit card payments.  The card issuer bank - card holder's bank  The acquirer bank - the merchant's bank  The card brand - for example , visa or mastercard. Credit cards are issued based on the customer's income level, credit history, and total wealth. The customer uses these cards to buy goods and services or get cash from the participating financial institutions. The customer is supposed to pay his or her debts during the payment period; otherwise interest will accumulate. 2. DEBIT CARD Debit card, like credit card is a small plastic card with a unique number mapped with the bank account number. It is required to have a bank account before getting a debit card from the bank. The major difference between debit card and credit card is that in case of payment through debit card, amount gets deducted from card's bank account immediately and there should be sufficient balance in bank account for the transaction to get completed. Debit cards free customer to carry cash, cheques and even merchants accepts debit card more readily. Having restriction on amount being in bank account also helps customer to keep a check on his/her spending. It removes the amount of the charge from the cardholder‟s account and transfers it to the seller‟s bank. The difference between credit cards and debit cards is that in order to pay with a debit card you need to know your personal identification number (PIN) and need a hardware device that is able to read the information that is stored in the magnetic strip on the back. The major benefits to this type of card are convenience and security. Along with the

Text from page-3

convenience of accessing account funds at anytime it also removes the hassles associated with having to write checks as payment like showing ID and associated fees. Debit cards are also considered to be a safer form of payment as a code is required to access the account funds, while checks can be easily stolen. Debit cards usually also allow for instant withdrawal of cash, acting as the ATM card for withdrawing cash. 3. SMART CARD Smart card is again similar to credit card and debit card in appearance but it has a small microprocessor chip embedded in it. It has the capacity to store customer work related/personal information. Smart card is also used to store money which is reduced as per usage. Smart card can be accessed only using a PIN of customer. Smart cards are secure as they stores information in encrypted format and are less expensive and provide faster processing. Mondex and Visa Cash cards are examples of smart cards. Some of the advantages of smart cards include the following: • Stored many types of information • Not easily duplicated • Not occupy much space • Portable • Low cost to issuers and users • Included high security 4. Electronic Fund Transfer (EFT) It is a very popular electronic payment method to transfer money from one bank account to another bank account. Accounts can be in same bank or different bank. Fund transfer can be done using ATM (Automated Teller Machine) or using computer. Now a day, internet based EFT is getting popularity. In this case, customer uses website provided by the bank. Customer logins to the bank's website and registers another bank account. He/she then places a request to transfer certain amount to that account. Customer's bank transfers amount to other account if it is in same bank otherwise transfer request is forwarded to ACH (Automated Clearing House) to transfer amount to other account and amount is deducted from customer's account. Once amount is transferred to other account, customer is notified of the fund transfer by the bank. The most popular application of EFT is that instead of getting a paycheck and putting it into a bank account, the money is deposited to an account electronically.EFT is considered to be a safe, reliable, and convenient way to conduct business. DIGITAL SIGNATURE A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity).

Text from page-4

Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. Digital signatures employ a type of asymmetric cryptography. For messages sent through a non secure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. A digital signature scheme typically consists of three algorithms: A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.  A signing algorithm that produces a signature given a message and a private key.  A signature verifying algorithm that either accepts or rejects the message's claim to authenticity given a message, public key and a signature. A digital signature is an authentication mechanism that enables the creator of message to attach a code that act as a signature. It is formed by taking the hash of message and encrypting the message with creator's private key. So for digital signature two main properties are required. First, the authenticity of a signature generated from a fixed message and fixed private key can be verified by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party without knowing that party's private key. Digital Signature