UNIT -3 Notes

Syllabus Topics
 Electronic Payment System, Types of Electronic Payment System
 Concept of e-Money
 Infrastructure Issues and Risks in EPS
 Electronic Fund Transfer
 Security Issues in E-Commerce- Need and Concept
 Security threats in E-Commerce Environment
 Basics of Encryption and Decryption

Electronic Payment System, Types of Electronic Payment System 

An e-payment system is a way of making transactions or paying for goods and services
through an electronic medium, without the use of checks or cash. It’s also called an
electronic payment system or online payment system. Read on to learn more.

The electronic payment system has grown increasingly over the last decades due to the
growing spread of internet-based banking and shopping. As the world advances more
with technology development, we can see the rise of electronic payment systems and
payment processing devices. As this increase, improve, and provide ever more secure
online payment transactions the percentage of check and cash transactions will
decrease.

METHODS OF ELECTRONIC PAYMENT SYSTEM

One of the most popular payment forms online is credit and debit cards. Besides them,
there are also alternative payment methods, such as bank transfers, electronic wallets,
smart cards or bitcoin wallet (bitcoin is the most popular crypto currency).

E-payment methods could be classified into two areas, credit payment systems and cash
payment systems.

1. Credit Payment System

 Credit Card — A form of the e-payment system which requires the use of the card
issued by a financial institute to the cardholder for making payments online or through
an electronic device, without the use of cash.
 E-wallet — A form of prepaid account that stores user’s financial data, like debit and
credit card information to make an online transaction easier.
 Smart card — A plastic card with a microprocessor that can be loaded with funds to
make transactions; also known as a chip card.
2. Cash Payment System

 Direct debit — A financial transaction in which the account holder instructs the bank to
collect a specific amount of money from his account electronically to pay for goods or
services.
 E-check — A digital version of an old paper check. It’s an electronic transfer of money
from a bank account, usually checking account, without the use of the paper check. E-
cash is a form of an electronic payment system, where a certain amount of money is
stored on a client’s device and made accessible for online transactions.
 Stored-value card — A card with a certain amount of money that can be used to
perform the transaction in the issuer store. A typical example of stored-value cards are
gift cards.

Advantages of electronic payment systems

(i) Time savings- Money transfer between virtual accounts usually takes a few minutes,
while a wire transfer or a postal one may take several days. Also, you will not waste
your time waiting in lines at a bank or post office.

(ii) Expenses control- Even if someone is eager to bring his disbursements under

control, it is necessary to be patient enough to write down all the petty expenses, which
often takes a large part of the total amount of disbursements. The virtual account
contains the history of all transactions indicating the store and the amount you spent.
And you can check it anytime you want. This advantage of electronic payment system
is pretty important in this case.

(iii) Reduced risk of loss and theft- You can not forget your virtual wallet somewhere
and it can not be taken away by robbers. Although in cyberspace there are many
scammers, in one of the previous articles we described in detail how to make your e-
currency account secure.

(iv) Low commissions- If you pay for internet service provider or a mobile account
replenishment through the UPT (unattended payment terminal), you will encounter
high fees. As for the electronic payment system: a fee of this kind of operations consists
of 1% of the total amount, and this is a considerable advantage.

(v) User-friendly- Usually every service is designed to reach the widest possible

audience, so it has the intuitively understandable user interface. In addition, there is
always the opportunity to submit a question to a support team, which often works
24/7. Anyway you can always get an answer using the forums on the subject.

(vi) Convenience- All the transfers can be performed at anytime, anywhere. It’s enough
to have an access to the Internet.
Disadvantages of electronic payment systems

(i) Restrictions- Each payment system has its limits regarding the maximum amount in
the account, the number of transactions per day and the amount of output.

(ii) The risk of being hacked- If you follow the security rules the threat is minimal, it
can be compared to the risk of something like a robbery. The worse situation when the
system of processing company has been broken, because it leads to the leak of personal
data on cards and its owners. Even if the electronic payment system does not launch
plastic cards, it can be involved in scandals regarding the Identity theft.

The problem of transferring money between different payment systems- Usually the
majority of electronic payment systems do not cooperate with each other. In this case,
you have to use the services of e-currency exchange, and it can be time-consuming if
you still do not have a trusted service for this purpose. Our article on how to choose the
best e-currency exchanger greatly facilitates the search process.

(iii) The lack of anonymity- The information about all the transactions, including the
amount, time and recipient are stored in the database of the payment system. And it
means the intelligence agency has an access to this information. You should decide
whether it’s bad or good.

(vi) The necessity of Internet access- If Internet connection fails, you can not get to
your online account.

Concept of e-Money
Broadly, electronic money is an electronic store of monetary value on a technical
device. The definition of electronic money is becoming more scientific and specific with
developments associated with it. The European Central Bank defines e-money in the
following words. “E-money can be defined as amount of money value represented by
a claim issued on a prepaid basis, stored in an electronic medium (card or computer)
and accepted as a means of payment by undertakings other than the issuer” (ECB).

E money is a monetary value that is stored and transferred electronically through a

variety of means – a mobile phone, tablet, contactless card (or smart cards), computer
hard drive or servers. Electronic money need not necessarily involve bank accounts in
transaction but acts as a prepaid bearer instrument.  They are often used to execute
small value transactions.

Electronic Money
 Scrip or money that is exchanged only through electronically is referred to as electronic
money. Electronic Money is also referred as e – money, Electronic Cash, Digital Money,
Electronic Currency, Digital Currency, e – currency, Digital Cash, and Cyber Currency.
Electronic Money uses Internet, Digital Stored Value systems, and Computer Networks.

Some of the examples of electronic money are Direct Deposit, EFT (Electronic Funds
Transfer), Virtual Currency, and Digital Gold Currency.

TYPES OF ELECTRONIC CURRENCIES

There are two types of electronic currencies namely: Hard Electronic Currency and Soft
Electronic Currency-

 Hard Electronic Currency does not allow reversing charges i.e. it supports only Non –
Reversible transaction. The advantage of this type is that it reduces the operating cost of
e – currency system.
 Soft Electronic Currency allows payment reversals. The payment is reversed only in
case of dispute or fraud. The payment reversible time will be 72 hrs or even more. Some
examples of this type are Credit Card and Pay Pal.

Electronic Money systems are developing day by day. Some of the developments are: it
can be used with Secured Credit Cards for wide range facilities and the bank accounts
that are linked can be used with an internet to exchange currency with Secure
Micropayment system like Pay Pal.

Different Systems of Electronic Money

Electronic Money includes three different systems namely

1. Centralized Systems,
2. Decentralized Systems, and
3. Offline Anonymous Systems.

Centralized Systems

There are many centralized systems that directly sell their e – currency to end users is
Web Money, Pay Pal, Hub Culture Ven, and CashU but Liberty Reserve sells only via
3rd party digital currency exchangers.

Decentralized Systems

Electronic Money includes some decentralized systems. They are:

 Bitcoin, and Ripple Monetary System.

(i) Bitcoin: – Bitcoin is a Peer to Peer Electronic Money system with maximized inflation
limit.

(ii) Ripple Monetary System: – Ripple Monetary system is a system that is developed
to distribute electronic money system independent to local currency.

Offline Anonymous System

Offline Anonymous System can be done ‘offline’. In this electronic money system, the
merchants do not need to have interaction with banks before receiving currency from
the users. Instead of that, the merchants can collect spent money by users and deposits
the money later to the bank. The merchant can deliver his storage media in bank for
exchanging the electronic money to cash.

Infrastructure Issues and Risks in EPS

Infrastructure is necessary for the successful implementation of electronic payments.
Proper Infrastructure for electronic payments is a challenge.

1. For electronic payments to be successful, there is the need to have reliable and cost
effective infrastructure that can be accessed by majority of the population.
2. Electronic payments communication infrastructure includes computer network. such as
the internet and mobile network used for mobile phone.
3. In addition, banking activities and operations need to be automated. A network that
links banks and other financial institutions for clearing and payment confirmation is a
pre-requisite for electronic payment systems. mobile network and Internet are readily
available in the developed world and users usually do not have problems with
communication infrastructure.
4. In developing countries, many of the rural areas are unbanked and lack access to critical
infrastructure that drives electronic payments.
5. Some of the debit cards technologies like Automated Teller Machines (ATMs) are still
seen by many as unreliable for financial transactions as stories told by people suggested
that they could lose their money through fraudulent deductions, debits and other lapses
for which the technology had been associated with by many over the last few years.
6. Telecommunication and electricity are not available throughout the country, which
negatively affect the development of e-payments. The development of information and
communication technology is a major challenge for e-payments development. Since ICT
is in its infant stages in Nepal, the country faces difficulty promoting e-payment
development.
RISKS IN ELECTRONIC PAYMENT SYSTEMS

Electronic payments allow you to transfer cash from your own bank account to the bank
account of the recipient almost instantaneously. This payment system relies heavily on
the internet and is quite popular due to the convenience it affords the user. It would be
hard to overstate the advantages of electronic payment systems, but what about the
risks? Certainly they exist, both for financial institutions and consumers.

(i) The Risk of Fraud

Electronic payment systems are not immune to the risk of fraud. The system uses a
particularly vulnerable protocol to establish the identity of the person authorizing a
payment. Passwords and security questions aren’t foolproof in determining the identity
of a person. So long as the password and the answers to the security questions are
correct, the system doesn’t care who’s on the other side. If someone gains access to your
password or the answers to your security question, they will have gained access to your
money and can steal it from you.

(ii) The Risk of Tax Evasion

The law requires that businesses declare their financial transactions and provide paper
records of them so that tax compliance can be verified. The problem with electronic
systems is that they don’t fit very cleanly into this paradigm and so they can make the
process of tax collection very frustrating for the Internal Revenue Service. It is at the
business’s discretion to disclose payments received or made via electronic payment
systems in a fiscal period, and the IRS has no way of knowing if it’s telling the truth or
not. That makes it pretty easy to evade taxation.

(iii) The Risk of Payment Conflicts

One of the idiosyncrasies of electronic payment systems is that the payments aren’t
handled by humans but by an automated electronic system. The system is prone to
errors, particularly when it has to handle large amounts of payments on a frequent basis
with many recipients involved. It’s important to constantly check your pay slip after
every pay period ends in order to ensure everything makes sense. Failure to do this
may result in payment conflicts caused by technical glitches and anomalies.

(iv) The Risk of Impulse Buying

Impulse buying is already a risk that you face when you use non-electronic payment
systems. It is magnified, however, when you’re able to buy things online at the click of a
mouse. Impulse buying can become habitual and makes sticking to a budget almost
impossible.
 ELECTRONIC FUND TRANSFER

Electronic Funds Transfer (EFT) is the electronic transfer of money from one bank
account to another, either within a single financial institution or across multiple
institutions, via computer-based systems, without the direct intervention of bank staff.
EFT transactions are known by a number of names. In the United States, they may be
referred to as electronic checks or e-checks.

Types of Electronic Fund Transfer

The term covers a number of different payment systems, for example:

 Cardholder-initiated transactions, using a payment card such as a credit or debit card

 Direct deposit payment initiated by the payer
 Direct debit payments for which a business debits the consumer’s bank accounts for
payment for goods or services
 Wire transfer via an international banking network such as SWIFT
 Electronic bill payment in online banking, which may be delivered by EFT or paper
check
 Transactions involving stored value of electronic money, possibly in a private currency.

HOW IT WORKS?

EFTs includes direct-debit transactions, wire transfers, direct deposits, ATM

withdrawals and online bill pay services. Transactions are processed through the
Automated Clearing House (ACH) network, the secure transfer system of the Federal
Reserve that connects all U.S. banks, credit unions and other financial institutions.

For example, when you use your debit card to make a purchase at a store or online, the
transaction is processed using an EFT system. The transaction is very similar to an ATM
withdrawal, with near-instantaneous payment to the merchant and deduction from
your checking account.

Direct deposit is another form of an electronic funds transfer. In this case, funds from
your employer’s bank account are transferred electronically to your bank account, with
no need for paper-based payment systems.

Types of EFT payments

There are many ways to transfer money electronically. Below are descriptions of
common EFT payments you might use for your business.

 Direct deposit lets you electronically pay employees. After you run payroll, you will
tell your direct deposit service provider how much to deposit in each employee’s bank
 account. Then, the direct deposit provider will put that money in employee accounts on
payday. Not all employers can make direct deposit mandatory, so make sure you brush
up on direct deposit laws.
 Wire transfers are a fast way to send money. They are typically used for large,
infrequent payments. You might use wire transfers to pay vendors or to make a large
down payment on a building or equipment.
 ATMs let you bank without going inside a bank and talking to a teller. You can
withdraw cash, make deposits, or transfer funds between your accounts.
 Debit cards allow you to make EFT transactions. You can use the debit card to move
money from your business bank account. Use your debit card to make purchases or pay
bills online, in person, or over the phone.
 Electronic checks are similar to paper checks, but used electronically. You will enter
your bank account number and routing number to make a payment.
 Pay-by-phone systems let you pay bills or transfer money between accounts over the
phone.
 Personal computer banking lets you make banking transactions with your computer or
mobile device. You can use your computer or mobile device to move money between
accounts.

Security Issues in E-Commerce: Need and Concept

In spite of its advantages and limitations E-commerce has got some security issues in
practical. E-commerce security is nothing but preventing loss and protecting the areas
financially and informational from unauthorized access, use or destruction.  Due the
rapid developments in science and technology, risks involved in use of technology and
the security measures to avoid the organizational and individual losses are changing
day to day.  There are two types of important cryptography we follow for secured E-
commerce transactions.

Symmetric (private-key) cryptography: This is an encryption system in which sender

and receiver possess the same key. The key used to encrypt a message is also used to
decrypt the encrypted message from the sender.

Asymmetric (public-key) cryptography:  In this method the actual message is encoded

and decoded using two different mathematically related keys, one of them is called
public key and the other is called private key.

Security is an essential part of any transaction that takes place over the internet.
Customers will lose his/her faith in e-business if its security is compromised. Following
are the essential requirements for safe e-payments/transactions :−

 Confidentiality − Information should not be accessible to an unauthorized person. It

should not be intercepted during the transmission.
 Integrity − Information should not be altered during its transmission over the network.
 Availability − Information should be available wherever and whenever required
within a time limit specified.
 Authenticity − There should be a mechanism to authenticate a user before giving
him/her an access to the required information.
 Non-Repudiability − It is the protection against the denial of order or denial of
payment. Once a sender sends a message, the sender should not be able to deny
sending the message. Similarly, the recipient of message should not be able to deny the
receipt.
 Encryption − Information should be encrypted and decrypted only by an authorized
user.
 Auditability − Data should be recorded in such a way that it can be audited for
integrity requirements.

E-COMMERCE SECURITY CAN BE DIVIDED INTO TWO BROAD TYPES:

(1) Client-Server Security

Client-server securities are popular because they increase application processing

efficiency while reducing costs and gaining the maximum benefit from all resources
working together. These benefits are gained by splitting processing between the client
machine/software and server machine/software. Each process works independently
but in cooperation and compatibility with other machines and applications (or pieces of
applications).

All independent processing must be performed to complete the requested service.

Cooperation of application processing produces another client-server advantage, it
reduces network traffic. Since each node (client and/or server) performs part of the
processing within itself, network communication can be kept to a minimum. For
example, static processes, like menus or edits, usually take place on the client-side. The
server, on the other hand, is responsible for processes like updating and reporting.

(2) Data and Transaction Security

Secure Electronic Transaction (SET) is a system for ensuring the security of financial
transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft,
Netscape, and others. With SET, a user is given an electronic wallet (digital certificate)
and a transaction is conducted and verified using a combination of digital certificates
and digital signatures among the purchaser, a merchant, and the purchaser’s bank in a
way that ensures privacy and confidentiality. SET makes use of Netscape’s Secure
Sockets Layer (SSL), Microsoft’s Secure Transaction Technology (STT), and Terisa
System’s Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all
aspects of a public key infrastructure (PKI).

Security threats in E-Commerce Environment

In the past few years it’s seemed like there has been a new widespread security breach
every other week. High profile incidents such as Heartbleed and WannaCry and hacks
of notable entities including Sony Pictures and the Democratic National Committee
have brought cyber security to the front of people’s minds. The magnitude of
Distributed Denial of Service (DDoS) attacks has risen with the increased number of
devices connecting to the internet, and as more of the population engages with these
devices the risk of sensitive information being taken advantage of continues to rise.

E-COMMERCE THREATS

Some of the common security threats we may come across:-

(i) Malware

Malware, or malicious software, is any program or file that is harmful to a computer

user. Malware includes computer viruses, worms, Trojan horses and spyware. These
malicious programs can perform a variety of functions, including stealing, encrypting
or deleting sensitive data, altering or hijacking core computing functions and
monitoring users’ computer activity without their permission.

(ii) Virus

A computer virus is a type of malicious software program (“malware”) that, when

executed, replicates itself by modifying other computer programs and inserting its own
code. When this replication succeeds, the affected areas are then said to be “infected”
with a computer virus.

Computer viruses currently cause billions of dollars’ worth of economic damage each
year, due to causing system failure, wasting computer resources, corrupting data,
increasing maintenance costs, etc. In response, free, open-source antivirus tools have
been developed, and an industry of antivirus software has cropped up, selling or freely
distributing virus protection to users of various operating systems. As of 2005, even
though no currently existing antivirus software was able to uncover all computer
viruses (especially new ones), computer security researchers are actively searching for
new ways to enable antivirus solutions to more effectively detect emerging viruses,
before they have already become widely distributed.

(iii) Spam

Spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in
your postbox. However, spam is more than just annoying. It can be dangerous –
especially if it’s part of a phishing scam.
Spam emails are sent out in mass quantities by spammers and cybercriminals that are
looking to do one or more of the following:-

(a) Make money from the small percentage of recipients that actually respond to the
message.

(b) Run phishing scams – in order to obtain passwords, credit card numbers, bank
account details and more

(c) Spread malicious code onto recipients’ computers,

(IV) Spyware threats

Spyware is generally loosely defined as software that’s designed to gather data from a
computer or other device and forward it to a third party without the consent or
knowledge of the user. This often includes collecting confidential data such as
passwords, PINs and credit card numbers, monitoring keyword strokes, tracking
browsing habits and harvesting email addresses. In addition to all of this, such activities
also affect network performance, slowing down the system and affecting the whole
business process. It is generally classified into four main categories: Trojans, adware,
tracking cookies and system monitors.

(V) Trojan Horse

A Trojan horse is a destructive program that masquerades as a benign application.

Unlike viruses, Trojan horses do not replicate themselves but they can be just as
destructive. One of the most insidious types of Trojan horse is a program that claims to
rid your computer of viruses but instead introduces viruses into your system.

(VI) Worms

A computer worm is a standalone malware computer program that replicates itself in

order to spread to other computers.[1] Often, it uses a computer network to spread
itself, relying on security failures on the target computer to access it. Worms almost
always cause at least some harm to the network, even if only by consuming bandwidth,
whereas viruses almost always corrupt or modify files on a targeted computer.

Basics of Encryption and Decryption

ENCRYPTION

In computing, encryption is the method by which plaintext or any other type of data is
converted from a readable form to an encoded version that can only be decoded by
 another entity if they have access to a decryption key. Encryption is one of the most
important methods for providing data security, especially for end-to-end protection of
data transmitted across networks.

Encryption is widely used on the internet to protect user information being sent
between a browser and a server, including passwords, payment information and other
personal information that should be considered private. Organizations and individuals
also commonly use encryption to protect sensitive data stored on computers, servers
and mobile devices like phones or tablets.

Benefits of Encryption

The primary purpose of encryption is to protect the confidentiality of digital data stored
on computer systems or transmitted via the internet or any other computer network. A
number of organizations and standards bodies either recommend or require sensitive
data to be encrypted in order to prevent unauthorized third parties or threat actors from
accessing the data. For example, the Payment Card Industry Data Security Standard
requires merchants to encrypt customers’ payment card data when it is both stored at
rest and transmitted across public networks.

Modern encryption algorithms also play a vital role in the security assurance of IT
systems and communications as they can provide not only confidentiality, but also the
following key elements of security:-

 Authentication: The origin of a message can be verified.

 Integrity: Proof that the contents of a message have not been changed since it was sent.
 Non-repudiation: The sender of a message cannot deny sending the message.

Types of Encryption

(1) Symmetric key / Private key

In symmetric-key schemes, the encryption and decryption keys are the same.
Communicating parties must have the same key in order to achieve secure
communication.

(2) Public key

In public-key encryption schemes, the encryption key is published for anyone to use
and encrypt messages. However, only the receiving party has access to the decryption
key that enables messages to be read, Public-key encryption was first described in a
secret document in 1973;, before, then all encryption schemes were symmetric-key (also
called private-key).
DECRYPTION

The conversion of encrypted data into its original form is called Decryption. It is
generally a reverse process of encryption. It decodes the encrypted information so that
an authorized user can only decrypt the data because decryption requires a secret key
or password.

One of the reasons for implementing an encryption-decryption system is privacy. As

information travels over the Internet, it is necessary to scrutinise the access from
unauthorized organizations or individuals. Due to this, the data is encrypted to reduce
data loss and theft. Few common items that are encrypted include text files, images, e-
mail messages, user data and directories. The recipient of decryption receives a prompt
or window in which a password can be entered to access the encrypted data. For
decryption, the system extracts and converts the garbled data and transforms it into
words and images that are easily understandable not only by a reader but also by a
system. Decryption can be done manually or automatically. It may also be performed
with a set of keys or passwords.

There are many methods of conventional cryptography, one of the most important and
popular method is Hill cipher Encryption and Decryption, which generates the random
Matrix and is essentially the power of security. Decryption requires inverse of the
matrix in Hill cipher. Hence while decryption one problem arises that the Inverse of the
matrix does not always exist. If the matrix is not invertible then the encrypted content
cannot be decrypted. This drawback is completely eliminated in the modified Hill
cipher algorithm. Also this method requires the cracker to find the inverse of many
square matrices which is not computationally easy. So the modified Hill-Cipher method
is both easy to implement and difficult to crack.