1

E-commerce Systems

Electronic Payment Systems

2

E-payment systems

• To transfer money over the Internet• Methods of traditional payment

– Check, credit card, or cash

• Methods of electronic payment– Electronic cash, software wallets, smart cards, and

credit/debit cards– Scrip is digital cash minted by third-party

organizations

3

Requirements for e-payments

• Atomicity– Money is not lost or created during a transfer

• Good atomicity– Money and good are exchanged atomically

• Non-repudiation– No party can deny its role in the transaction– Digital signatures

2/16/00 4

Desirable Properties of Digital Money

• Universally accepted• Transferable electronically• Divisible• Non-forgeable, non-stealable• Private (no one except parties know the amount)• Anonymous (no one can identify the payer)• Work off-line (no on-line verification needed)

No known system satisfies all.

5

Types of E-payments

• E-cash• Credit card

6

Electronic Cash

• Primary advantage is with purchase of items less than $10– Credit card transaction fees make small purchases

unprofitable– Micropayments

o Payments for items costing less than $1

7

E-cash ConceptMerchant

Consumer

Bank

1

2

3

4

5

1. Consumer buys e-cash from Bank2. Bank sends e-cash bits to consumer (after charging that amount plus fee)3. Consumer sends e-cash to merchant4. Merchant checks with Bank that e-cash is valid (check for forgery or fraud)5. Bank verifies that e-cash is valid6. Parties complete transaction: e.g., merchant present e-cash to issuing back for deposit once goods or services are delivered

8

Electronic Cash Issues

• E-cash must allow spending only once• Must be anonymous, just like regular currency

– Safeguards must be in place to prevent counterfeiting

– Must be independent and freely transferable regardless of nationality or storage mechanism

• Divisibility and Convenience• Complex transaction (checking with Bank)

– Atomicity problem

9

Advantages and Disadvantages of Electronic Cash

• Advantages– More efficient, eventually meaning lower prices– Lower transaction costs– Anybody can use it, unlike credit cards, and does not

require special authorization

• Disadvantages– Tax trail non-existent, like regular cash– Money laundering– Susceptible to forgery

Characteristics of payment system

SECURE ELECTRONIC TRANSACTION (SET)

Requirements That SET Must Accomplish

• Provide confidentiality of ordering and payment information.

• Ensure the integrity of all transmitted data• Provide authentication that a cardholder is a

legitimate user of a credit card account.• Provide authentication that a merchant can accept

credit card transactions through its relationship with a financial institution.

Key Features of SET

• Confidentiality of information.

• Integrity of Data.

• Cardholder account authentication.

• Merchant authentication.

Confidentiality of Information

A credit card holder’s personal and payment information is secured as it travels across the network. An interesting feature of SET is that the merchant /seller never sees the credit card number; this is only provided to the issuing bank. Conventional encryption using DES is used to provide confidentiality.

Integrity of Data

Payment information sent from cardholders to merchants include order information, personal information and payment instructions. SET guarantees that these message contents are not altered in transit. RSA digital signatures, using SHA-1 hash codecs, provide message integrity.

Cardholder Account Authentication

SET enables merchants to verify that a cardholder is legitimate user of a valid card account number. SET uses X.509v3 digital certificates with RSA signatures for this purpose.

Merchant Authentication

SET enables cardholders to verify that a merchant has a relationship with a financial institution allowing it to accept payment cards. SET uses X.509v3 digital certificates with RSA signatures for this purpose.

Typical SET Purchase Trans.Payment GatewayMerchantCardHolder

PInitReq

PInitRes

PReq

PRes

AuthReq

AuthRes

CapReq

CapRes

How SET Transactions Work

Figure 6.5, Page 320

An important innovation introduced in SET is the dual signature. The purpose of the dual signature is the same as the standard electronic signature: to guarantee the authentication and integrity of data. It links two messages that are intended for two different recipients. In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. The merchant does not need to know the customer's credit card number, and the bank does not need to know the details of the customer's order. The link is needed so that the customer can prove that the payment is intended for this order.

The message digest (MD) of the OI and the PI are independently calculated by the customer. The dual signature is the encrypted MD (with the customer's secret key) of the concatenated MD's of PI and OI. The dual signature is sent to both the merchant and the bank. The protocol arranges for the merchant to see the MD of the OI without seeing the PI itself, and the bank sees the MD of the PI but not the OI itself. The dual signature can be verified using the MD of the OI or PI. It doesn't require the OI or PI itself. Its MD does not reveal the content of the OI or PI, and thus privacy is preserved.

7-21

Dual Signature• customer creates dual messages

– order information (OI) for merchant– payment information (PI) for bank

• neither party needs details of other• but must know they are linked• use a dual signature for this

– signed concatenated hashes of OI & PIDS = E(PRc , [ H(H(PI) || H(OI))])

7-22

SET Purchase Request

• SET purchase request exchange consists of four messages

1. Initiate Request - get certificates2. Initiate Response - signed response3. Purchase Request - of OI & PI4. Purchase Response - ack order

7-23

Purchase Request – Customer

7-24

Purchase Request – Merchant

1. verifies cardholder certificates using CA sigs2. verifies dual signature using customer's public

signature key to ensure order has not been tampered with in transit & that it was signed using cardholder's private signature key

3. processes order and forwards the payment information to the payment gateway for authorization (described later)

4. sends a purchase response to cardholder

7-25

SET Purchase Request

• SET purchase request exchange consists of four messages

1. Initiate Request - get certificates2. Initiate Response - signed response3. Purchase Request - of OI & PI4. Purchase Response - ack order

7-26

Purchase Request – Merchant

7-27

Payment Authorization1. Purchase-related information - PI+Dual Signature+OIMD+Digital Envelop

2. Authorization-related information - Authorization block (Transaction ID, PRm)

- Digital Envelop, E(PUG(Ks))

3. Certificates Cardholder’s CA, Merchant’s CA, and Merchant’s

Key-Exchange CA

7-28

Payment Gateway Authorization1. verifies all certificates2. decrypts digital envelope of authorization block to obtain

symmetric key & then decrypts authorization block3. verifies merchant's signature on authorization block4. decrypts digital envelope of payment block to obtain

symmetric key & then decrypts payment block5. verifies dual signature on payment block6. verifies that transaction ID received from merchant matches

that in PI received (indirectly) from customer7. requests & receives an authorization from issuer8. sends authorization response back to merchant

7-29

Payment Capture

• merchant sends payment gateway a payment capture request

• gateway checks request• then causes funds to be transferred to

merchants account• notifies merchant using capture response

30

EDI: Electronic Data Interchange

• What is EDI?

– Exchange of electronic data between companies using precisely defined transactions

– Set of hardware, software, and standards that accommodate the EDI process

31Figure 11.2 Benefits of EDI

Electronic Data Interchange

32

Electronic Data Interchange

Figure 11.3 Suppliers, manufacturers, and retailers cooperate in some of the most successful applications of EDI.

33

Electronic Data Exchange

• How does EDI work? (Figure 11.4)– Supplier’s proposal sent electronically to purchasing

organization.

– Electronic contract approved over network.

– Supplier manufactures and packages goods, attaching shipping data recorded on a bar code.

– Quantities shipped and prices entered in system and flowed to invoicing program; invoices transmitted to purchasing organization

34

Electronic Data Exchange

– Manufacturer ships order.– Shipment notice EDI transaction sent (not shown)– Purchasing organization receives packages, scans

bar code, and compares data to invoices actual items received.

– Payment approval transferred electronically.

– Bank transfers funds from purchaser to supplier’s account using electronic fund transfer (EFT).

35

Electronic Data Interchange

Figure 11.4

36

Electronic Data Interchange

• EDI Standards– EDI requires companies to agree on standards

• Compatible hardware and software• Agreed upon electronic form format

– Established EDI standards• Automotive Industry Action Group (AIAG)• X.12 de facto umbrella standard in U.S. and Canada• EDI for Administration, Commerce, and Trade

(EDIFACT) umbrella of standards in Europe

37

Electronic Data Interchange

• How to Subscribe to EDI

– Larger companies purchase hardware and software

– Medium and small companies seek third-party service• Value-added networking (VAN) • Managed network services available for a

fee

38

Electronic Data Interchange

• EDI on the Web

– Advantages of Web EDI• Lower cost• More familiar software• Worldwide connectivity

– Disadvantages of Web EDI• Low speed• Poor security

39

Electronic Data Interchange

• The Importance of EDI– Need for timely, reliable data exchange in response to

rapidly changing markets– Emergence of standards and guidelines– Spread of information into many organizational units– Greater reliability of information technology– Globalization of organizations

40

What are Micropayments?

Very small payments made over the Web.

Transactions too small for credit cards.

Can be as little as a fraction of a cent.

Alternative to subscription and advertising.

Can go in either direction.

Micropayments - by Ricardo Szmit 41

Cybercash

Micropayments - by Ricardo Szmit 42

Digicash

Micropayments - by Ricardo Szmit 43

Millicent

Strategies of Marketing

45

Web Marketing Strategies

• Four Ps of marketing– Product

• Physical item or service that company is selling

– Price• Amount customer pays for product

– Promotion• Any means of spreading the word about product

– Place• Need to have products or services available in

different locations

46

Product-Based Marketing Strategies

• When creating a marketing strategy

– Managers must consider both the nature of their products and the nature of their potential customers

• Most office supply stores on the Web

– Believe customers organize their needs into product categories

47

Customer-Based Marketing Strategies

• Good first step in building a customer-based marketing strategy– Identify groups of customers who share

common characteristics

• Customer-based marketing approaches– More common on B2B sites than on B2C sites

• B2B sellers– More aware of the need to customize product

and service offerings to match their customers’ needs

48

Communicating with Different Market Segments

• Identifying groups of potential customers

– The first step in selling to those customers

• Media selection

– Can be critical for an online firm

• Challenge for online businesses

– Convince customers to trust them

49

Trust and Media Choice

• The Web

– An intermediate step between mass media and personal contact

• Cost of mass media advertising

– Can be spread over its audience

• Companies can use the Web

– To capture some of the benefits of personal contact, yet avoid some of the costs inherent in that approach

50

Trust in Three Information Dissemination Models

51

Market Segmentation

• Targeting specific portions of the market with advertising messages

• Segments

– Usually defined in terms of demographic characteristics

• Micromarketing

– Targeting very small market segments

52

Market Segmentation (Continued)

• Geographic segmentation

– Creating different combinations of marketing efforts for each geographical group of customers

• Demographic segmentation

– Uses age, gender, family size, income, education, religion, or ethnicity to group customers

53

Market Segmentation (Continued)

• Psychographic segmentation

– Groups customers by variables such as social class, personality, or their approach to life

54

Television Advertising Messages Tailored to Program Audience

55

Behavior-Based Categories

• Simplifiers – Users who like convenience

• Surfers – Use the Web to find info and explore new ideas

• Bargainers– In search of a good deal

• Connectors – Use the Web to stay in touch with other people

• Routiners – Return to the same sites over and over again

56

Site Sponsorships

• Give advertisers a chance to promote products, services, or brands in a more subtle way

• Helps build brand images and develop reputation rather than generate immediate sales

57

E-Mail Marketing

• Sending one e-mail message to a customer – Can cost less than one cent if the company

already has the customer’s e-mail address

• Conversion rate– The percentage of recipients who respond to

an ad or promotion

• Opt-in e-mail– Practice of sending e-mail messages to

people who request information on a particular topic

58

Technology-Enabled Customer Relationship Management

• Clickstream

– Information that a Web site can gather about its visitors

• Technology-enabled relationship management

– Firm obtains detailed information about a customer’s behavior, buying patterns, etc. and uses it to set prices and negotiate terms

59

Creating and Maintaining Brands on the Web

• Key elements of a brand

– Differentiation

• Company must clearly distinguish its product from all others

– Relevance

• Degree to which product offers utility to a potential customer

– Perceived value

• Key element in creating a brand that has value

60

Elements of a Brand

61

Affiliate Marketing Strategies

• Affiliate marketing– One firm’s Web site includes descriptions,

reviews, ratings, or other information about a product that is linked to another firm’s site

• Affiliate site– Obtains the benefit of the selling site’s brand in

exchange for the referral

• Cause marketing– Affiliate marketing program that benefits a

charitable organization

62

Viral Marketing Strategies

• Relies on existing customers

– To tell other people about products or services they have enjoyed using

63

Search Engine Positioning and Domain Names

• Search engine– Web site that helps people find things on the

Web– Spider, crawler, or robot

• Program that automatically searches the Web

• Index or database– Storage element of a search engine

• Search utility– Uses terms provided to find Web pages that

match

64

Paid Search Engine Inclusion and Placement

• Paid placement

– Option of purchasing a top listing on results pages for a particular set of search terms

– Rates vary

• Search engine placement brokers

– Companies that aggregate inclusion and placement rights on multiple search engines

65

Web Site Naming Issues

• Domain names

– Companies often buy more than one

– Reason for additional domain names

• To ensure that potential site visitors who misspell the URL will still be redirected to intended site

• Example: Yahoo! owns the name Yahow.com