E-commerce Payment System

8.3 E-commerce Payment System

8.3.1 E-commerce and Online Payment

Electronic payment is an important component of e-commerce, and a complete e-commerce operation process typically includes three links that are market information communication, fund payment and goods distribution. It could be figured out from the operation process of e-commerce that online capital payment plays connecting part in the whole process. How consumers do electronic payment for all kinds of products and services is the key link of e-commerce. If this link were not resolved well, the trade flow would be delayed or even aborted.

E-commerce makes the electronic payment more and more important, and the urgency for resolving the electronic payment well is extremely great. For example, foreign trade corporations need to promote products online, and expect to sell product online and that requires banks to supply electronic payment. Civil aviation and railway also expect to sell tickets on the Internet. Government also expects to take various revenue on the Internet. However, all of these online economic activities need the support of the electronic payment. The commercial bank is the main agency organization in realizing e-payment.

Thus we can conclude that, e-payment is closely integrated with online trade, and they are needed each other. If the online trade is uncertain, e-payment will not happen; while if the e-payment is not carried on, the online trade will not finish finally. Therefore, e-payment naturally and closely related to e-commerce. The e-payment is the core and most crucial link, which is an important step of two trade parties to realize their trade goals, and also is the premise of carrying on e-commerce.

The core and crucial problem of e-commerce is the security problem of trade. In the e-commerce activities, online trade faces various risks and is sensitive to

8 E-commerce Architecture and System Design

security and secrecy. For example, the issue which users concern about e-payment is that the security of account and password information. Therefore, it is not hard to figure out that, with the increasing of risks and uncertainty of online trade, higher requirements are brought forward on security and secrecy of data in the network transmission process, especially on the sensitive data involved in e-payment which requires safer environment. E-commerce payment subsystem is

a very important link in the whole e-commerce architecture. If it breaks away with e-payment, the e-commerce will never become to a real economic revolution; if the e-payment problem is not resolved appropriately, the popularisation and application of e-commerce will be bosh.

The e-commerce security subsystem should serve the e-commerce payment subsystem to solve the most important security and secrecy problem in the payment process. The payment subsystem needs encryption technology and authentication technology etc. to meet the basic e-commerce security demand; at the same time, it also needs to apply various electronic payment protocol and different e-payment methods on the basis of security technology, to satisfy the security control requirements of e-payment.

8.3.2 Data Flow and Process Control of Payment System

As described above, many big corporations and academic organizations develop and apply many different or incompatible payment protocols at present. When considering the length and practicability, it is impossible to analyze in detail the data flow and process control of all the protocols in the book. Next, payment subsystem will be detailedly analyzed with current popular SET payment protocol guaranteeing the generality of payment subsystem.

A complete handling process of e-payment could be divided into the following steps:

1. Cardholder register and apply

A cardholder firstly needs to apply certificate from CA before taking part in online electronic trade, and the certificate contains credit card information such as account and period of validity. To ensure the private information not leaking, generally we need to encrypt private information by a one-way hash function to make outside unable to capture the information when the certificate of the cardholder is used and transmitted online. The process of cardholder applying certificate with secure payment protocol is shown in Fig. 8.20.

The process in the flow chart is described as follows: Starts payment system, and sends an initial request to CA. CA sends a response: when CA receives the request, it sends its certificate to

the cardholder.

Introduction to E-commerce

Figure 8.20 The cardholder registers and applies a certificate

The payment system receives the response, and applies to register the registration form. CA deals with the request and sends the registration form. The cardholder receives the registration form and requests a certificate. CA deals with the request and issues a certificate. The cardholder receives the certificate. The seller registers and applies the certificate.

When receiving the SET instruction from the cardholder or dealing with SET trade through a gateway, the seller also needs to start seller software to request a certificate. The process is similar to the applying process of the cardholder, so it is not detailed here. What is needed to point out is that, there are typically two models of applying certificate for a seller, online and offline. Because of the number of sellers is far less than the number of cardholders, it is censored more strictly. The offline mode is usually adopted.

2. Purchase request

Online shopping is more convenient and quicker than going to supermarket in person. Connecting to the Internet, you can enter online shops by opening a browser. After browsing and shopping all needed goods, the seller will provide you with a detailed order for the goods, which includes quantity and price. You can modify the goods and quantity in the order, and then press the purchase key. The whole trade processes of payment system begin here, which is indicated in Fig. 8.21.

The cardholder sends an initial request. The cardholder sends an initial purchase request to the seller after making choice

of goods. The seller responds to the request and sends a certificate.

8 E-commerce Architecture and System Design

Figure 8.21 The purchase quest flow chart of cardholder The seller sends a response after receiving the request; the response message

of the seller generates digital watermark by a hash function; then digital signature is formed by using the private key of the seller; at last, the response message, the seller’s certificate and gateway certificate together are sent to the cardholder, as shown in Fig. 8.22.

Figure 8.22 Signatures flow chart

The cardholder receives the response and sends the request. Double signature technology is used in SET, that means the cardholder sends

the purchase instruction which contains order and payment instructions, and the seller could only read the order instruction and the gateway could only read payment instruction, thus the account of the cardholder is invisible to the seller.

Introduction to E-commerce

The order information of the cardholder is called OI, which is handled by the seller; the payment information is called PI, which is handled by the gateway. These two parts form an information package, which is sent by the cardholder together. When the seller requests authorization, the gateway connects OI with PI through object process identifier.

The payment system verifies the seller’s certificate and the gateway certificate through certificate chain after receiving the response, and saves these certificates for the order processes later. The payment system also generates digital watermark separately for OI and PI; then it is encrypted to generate digital signature with the private key of the cardholder; the payment system randomly generates symmetry key to encrypt the double signatured PI information; the payment system encrypts the account of the cardholder and the symmetric key with the public key of the gateway, and puts it in a digital envelope; at last, the payment system sends the information including the OI and PI together to the seller.

3. Handling of the request information by the seller

The seller first verifies the certificate of the cardholder by the certificate chain after receiving the order information; then it uses the public key of the cardholder to verify the digital signature, to ensure that the order information is not tampered in the transmission process; and then the seller begins to handle the order request and transmits the PI to the gateway to request authorization. After OI is handled, the seller generates a purchase response (including the signature certificate of the seller). It produces digital watermark of the response information and encrypts it with the private key of the seller; at last, the seller sends the response information to the cardholder. Once the trade is authorized, the seller delivers goods to the cardholder.

4. Receiving the purchase response by the cardholder

The cardholder verifies the signature certificate after receiving the purchase response, and checks the signature with the public key of the seller. The cardholder stores the purchase response and state information that can be queried. And the handling process proceeds as following:

ķ Authorizing the Account Deduction for the Purchase Before sending the goods to the cardholder, the seller first sends an instruction

of deducting payment to the gateway to check whether the cardholder has the ability to pay. Only if it is confirmed, will the seller sends goods to the cardholder.

This process is shown in Fig. 8.23. ĸ Authorizing Seller’s Request During handling the order of the cardholder, the seller’s software produces an

authorization request, which includes the number of goods that need to be authorized, identifier number of transaction and other information. Then the seller software produces digital watermark of the authorization request and sign

8 E-commerce Architecture and System Design

Figure 8.23 Authorizing the Account Deduction

it with its private key; it encrypts the digital signature with the symmetric key generated randomly, and encrypts the symmetric key with the public key of the gateway to form a digital envelope; then the seller’s software sends the encrypted authorization request and encrypted PI information in the purchase request of the cardholder together to the gateway.

Ĺ Handling Authorization Request by Gateway After receiving the authorization request, the gateway handles it as following: After receiving the authorization request, the gateway first acquires the

symmetric key and decrypts the request information; then verifies the validity of the signature certificate of the seller and the signature request information with the public key of the seller.

The gateway receives the symmetric key of the payment instruction and account information, verifies the validity of the signature certificate of the cardholder, checks the digital signature to ensure that the PI information is not tampered in the transmission process.

The gateway compares the transaction identifier number in the seller’s information with the one in the payment instruction of the cardholder to ensure the information is from the same trade, and if it is the case, then sends the request to the bank. After receiving the authorization information from the bank, the gateway produces response containing the gateway signature certificate. And the response is encrypted with the new generated symmetric key and then encrypted with the public key of the seller, and sends to the seller.

ĺ Handling Response by Seller After receiving the authorization response from the gateway, the seller acquires

and saves the authorization response information through a similar decryption process, and sends goods to the cardholder according to the order. So far, the order process is completed.

5. Getting Payment

When the purchase process is accomplished, the seller sends the payment- deducting request to the gateway to gain the payment for the goods. The gateway

Introduction to E-commerce

transfers the payment to the account of the seller through the finance network. Then a process of deducting payment follows, as shown in the Fig. 8.24.

Figure 8.24 Payment-deducting Sketch

The above five steps describe the online shopping process based on SET protocol. In fact, an online shopping only includes three steps that are purchase request submitting, payment authorizing and payment acquiring. The cardholder and the seller only need one process of applying certificate in the whole valid period. Although SET has a strict encryption mechanism and a complicated information transmission process, all of these have already been included in software products, and users could acquire expected goods just through a simple shopping process. The appearance of the SET standard gets rid of people’s worry about the security of online shopping. Many manufacturers have developed software products based on SET one after another, in order to get the promising Internet e-commerce market. With the perfection and developing of the new technology of SET, it will become the leading solution in the e-commerce area.

E-commerce Payment System

Parts

Dokumen yang terkait

AN ALIS IS YU RID IS PUT USAN BE B AS DAL AM P E RKAR A TIND AK P IDA NA P E NY E RTA AN M E L AK U K A N P R AK T IK K E DO K T E RA N YA NG M E N G A K IB ATK AN M ATINYA P AS IE N ( PUT USA N N O MOR: 9 0/PID.B /2011/ PN.MD O)

Anal isi s L e ve l Pe r tanyaan p ad a S oal Ce r ita d alam B u k u T e k s M at e m at ik a Pe n u n jang S MK Pr ogr a m Keahl ian T e k n ologi , Kese h at an , d an Pe r tani an Kelas X T e r b itan E r lan gga B e r d asarkan T ak s on om i S OL O

The Effectiveness of Computer-Assisted Language Learning in Teaching Past Tense to the Tenth Grade Students of SMAN 5 Tangerang Selatan

Modul TK E 2016 150 hlm edit Tina M imas

Membangun aplikasi e-commerce pada Toko Reafshop Bandung

Pengaruh Persepsi Kemudahan dan Kepuasan Wajib Pajak Terhadap Penggunaan E Filling (Survei Pada Wajib Pajak Orang Pribadi Di Kpp Pratama Soreang)

PENGARUH ARUS PENGELASAN TERHADAP KEKUATAN TARIK PADA PENGELASAN BIMETAL (STAINLESS STEEL A 240 Type 304 DAN CARBON STEEL A 516 Grade 70) DENGAN ELEKTRODA E 309-16

Factors Related to Somatosensory Amplification of Patients with Epigas- tric Pain

TEKNIK PERLAKUAN PENDAHULUAN DAN METODE PERKECAMBAHAN UNTUK MEMPERTAHANKAN VIABILITAS BENIH Acacia crassicarpa HASIL PEMULIAAN (Pretreatment Technique and Germination Method to Maintain the Viability of Acacia crassicarpa Improved Seed)

The Risk and Trust Factors in Relation to the Consumer Buying Decision Process Model

Dukungan

Links

E-commerce Payment System

Parts

Dokumen yang terkait

AN ALIS IS YU RID IS PUT USAN BE B AS DAL AM P E RKAR A TIND AK P IDA NA P E NY E RTA AN M E L AK U K A N P R AK T IK K E DO K T E RA N YA NG M E N G A K IB ATK AN M ATINYA P AS IE N ( PUT USA N N O MOR: 9 0/PID.B /2011/ PN.MD O)

Anal isi s L e ve l Pe r tanyaan p ad a S oal Ce r ita d alam B u k u T e k s M at e m at ik a Pe n u n jang S MK Pr ogr a m Keahl ian T e k n ologi , Kese h at an , d an Pe r tani an Kelas X T e r b itan E r lan gga B e r d asarkan T ak s on om i S OL O

The Effectiveness of Computer-Assisted Language Learning in Teaching Past Tense to the Tenth Grade Students of SMAN 5 Tangerang Selatan

Modul TK E 2016 150 hlm edit Tina M imas

Membangun aplikasi e-commerce pada Toko Reafshop Bandung

Pengaruh Persepsi Kemudahan dan Kepuasan Wajib Pajak Terhadap Penggunaan E Filling (Survei Pada Wajib Pajak Orang Pribadi Di Kpp Pratama Soreang)

PENGARUH ARUS PENGELASAN TERHADAP KEKUATAN TARIK PADA PENGELASAN BIMETAL (STAINLESS STEEL A 240 Type 304 DAN CARBON STEEL A 516 Grade 70) DENGAN ELEKTRODA E 309-16

Factors Related to Somatosensory Amplification of Patients with Epigas- tric Pain

TEKNIK PERLAKUAN PENDAHULUAN DAN METODE PERKECAMBAHAN UNTUK MEMPERTAHANKAN VIABILITAS BENIH Acacia crassicarpa HASIL PEMULIAAN (Pretreatment Technique and Germination Method to Maintain the Viability of Acacia crassicarpa Improved Seed)

The Risk and Trust Factors in Relation to the Consumer Buying Decision Process Model

Dokumen yang Anda mencari sudah siap untuk unduhkan