Electronic Payment System

Electronic payment system is the alternative to the coin or paper based cash payment system to easy the user to make payment for their purchased goods or services over the network or internet and in absence of the physical (entity) presence. Initially cheque in bank payment systems are used to serve the purpose of the same but now in the era of internet and e-commerce paying securely over the internet is important task for the electronic payment system. Currently credit card are also in use for the payments over the network but still users are doubting about trustworthy and the security of their money because of the increase in the frauds [38] which ultimately causes loss of value(money) either of users, merchant or participating banks.

Present electronic payment system are to far from ideal payment system because of the higher transaction cost, more fraudulent activities, and multiple parties are involved in the payment processing simultaneously lacks users acceptance, proper application plans and incompatible standards/specifications. The good payment system should satisfy the user’s acceptance and merchants in the mass scale.

Present electronic payment system can be divided in two group electronic cash and credit/debit system [39] or token based and account based system [40]. Tokens or electronic cash are like the physical cash which represent the value and credit/debit or account based system does not carry value but a message to transfer value.

 

Characteristics of Electronic Payment System

Characteristics of electronic payment system are looked from various points of view as technology, user, market and more. [40] [41]

• Applicability: acceptance of the user where he/she can use the method to buy goods or services.
• Easy to use: the system should not be complex particularly in Indian context a user from the remote area should be able to use the system.
• Security: is concerned with unforgeability of the value(money). Creation, modification and over spending of the value(money) should be protected.  Integrity of the value as well as authorization for value should be spent by the concerned user only.
• Reliability: Smooth running of the system.
• Trust:  degree of the confidence that the money and the personal information is safe
• Scalability: system should be scalable by timely changes in the underlying infrastructure
• Convertibility: money conversion may be possible from one method to another like loyalty point convertible to the money
• Interoperability: system should be operable in between multiple service providers.
• Efficiency: reasonable cost of the handling micro-payment.
• Anonymity: is basically privacy to protect the identity of the user
• Traceability: traceability of the money in the system who and when it occurs with anonymity cause to built trust.
• Authorization type: whether offline or online transactions can be made in same way.

Architecture/ Structure/Model of Electronic Payment System

User a payers always spends the money and the merchant receives the money for the goods or the services he has given to users. In traditional system user spends his own physical money and merchant receives direct physical money no third party come in between transaction but in electronic payment system variety of models are specified by different organization / researchers, which are summarized here. Ahmad-Reza Sadeghi & Markus Schneider, in Electronic Payment Systems[41], presented four types of payment systems electronic cash, Cheque or credit card, Remittance and Debit orders base system.

In cash base transaction users withdraw his e-cash or an electronic token, from the bank where he has his account for this bank debit same amount from users account. User does purchase it as per his requirements and the need by using this e-cash. Merchant receives the e-cash and deposit in bank on his own account. Afterward its merchant bank, who sends the request to user’s bank for transfer of money and deposit in merchant account. Figure 2.5

 
In Cheque and credit card payment system user stage 1 withdrawal is not present, merchant deposit cheque or credit card slip to bank settlement between banks transfer value in respective merchant account Figure 2.6

 

 

 

 

 

 
In other two types user and merchant give payment order to their respective banks for transfer of money [42]. User bank and merchant banks are called Issuer  and Acquirer respectively in [42].

Payment System Standards

MasterCard and Visa international have derived the standards for the global application of smart card in payment system. Initially started with EMV specification in 1996 and subsequently updated with latest version EMV2000, This specifies the specification for Card based on the ISO 7816 compliance, and further specification needed for electronic payment/purse. It also specifies the security criteria for the and authentication methods.

CEPS

The Common Electronic Purse Specifications (CEPS) developed by the Europium country in October 1999 by the CEPSCO, LLC, which define requirements for all components needed by an organization to implement a globally interoperable electronic purse program, while maintaining full accountability and auditability.  CEPS states overall system security, certification and migration.  CEPS have paved the way for the creation of an open, de facto, global electronic purse standard and has no associated royalty costs. 

The lack of interoperability is the single greatest obstacle to the growth of smart cards in payment system. The proliferation of electronic purse programs has resulted in many non-interoperable, proprietary systems. The need for scaleable solutions, international usage and cost-effective ways of implementing programs has highlighted the importance of a globally interoperable set of electronic purse specifications. 

CEPS requires compatibility with the EMV (Europay MasterCard Visa) specifications for smart cards and defines the requirements for an interoperable card application, the card-to-terminal interface, the terminal application for point-of-sale and load transactions, data elements, and recommended message formats for transaction processing.  CEPS also provides functional requirements for electronic purse scheme participants and uses public key cryptography for enhanced security.  CEPS builds on the EMV foundation by extending global interoperability to electronic purse schemes worldwide and is committed to its global proliferation has no associated royalty cost. 

Currently, organizations from over 30 countries, representing more than 90 percent of the world's electronic purse cards have agreed to implement CEPS. India is also one of them, who decided to accept CEPS as the national specification for smart card based electronic purse [??]. In addition, over 200 organizations have signed license agreements for CEPS and have received the specifications.
CEPS come in three part Business requirement Specification, Functional requirement Specification and Technical Specification. CEPS was developed with the following goals in the mind.

• Provide consumers and merchants worldwide with payment products that are faster, easier, less expensive and more convenient than cash, particularly in small value transactions (micro-payment).
• Provide an interoperable environment for different technology platforms or schemes.
• Offer merchants a means to offer electronic purse services to both domestic and internationally traveling cardholders.
• Enable issuers and acquirers to offer international electronic purse services to cardholders and merchants.
• Ensure that the electronic purse application may coexist with other applications on the same chip to use on Multiplication Card.

Electronic Value Transfers in CEPS

• Electronic Purse – Merchant: Electronic value may be transferred from an electronic purse card to a merchant terminal/PSAM. (Purchase)
• Merchant - Electronic Purse: Electronic value must only be transferred from a merchant terminal/PSAM to an electronic purse card to support a cancel last purchase transaction or a purchase reversal transaction.
• Merchant – Merchant Acquirer - System Operators – Networks:  Value may be transferred from a merchant terminal/PSAM through to a merchant acquirer, system operator(s) and network(s) as part of the clearing and settlement process. (Transaction Batch Download )
• Electronic Purse - Electronic Purse: Electronic value must not be transferred from one electronic purse card to another.
• Merchant – Merchant: Electronic value must not be transferred from one PSAM or merchant terminal to another except in environments where a controller terminal acts as a transaction consolidator for other terminals of the same merchant.
• Card Issuer - Electronic Purse: Value may be transferred from an electronic purse card issuer to an electronic purse to perform a load transaction.
•  Electronic Purse - Card Issuer: Electronic value may be transferred from an electronic purse to an electronic purse card issuer to perform an unload transaction.
• Electronic Purse - Other Non-Financial Application On the Same Card: Electronic value may be transferred from the purse application to nonfinancial application(s) on the same chip on the card.

Payment System (Model..?) in CEPS

A distributed entity model is used in CEPS for electronic payment system. The Figure 2.7 shows entities Scheme provider, Processor, Fund issuer, Card issuer, Load acquirer,

 Merchant acquirer, Merchant (POS Device). Card Holder (CEP Card) participating in the CEPS.

Scheme Provider

The scheme provider is the authority who establish the scheme for electronic purse and is responsible for

• Establishment of the scheme and its Rules & Regulation.
• Establishing an infrastructure for the overall functionality and security of a CEP system.
• Establishing policies and procedures to ensure that all transactions are secured
• Procedure for completion of transaction if other scheme entity is interacting with the own scheme
• Establishing Certification Authority (CA) for the over all scheme
• Fraud detection and risk prevention policies and procedures for the scheme

Card Issuer

It is the main entity responsible for issuing the CEPS card to the cardholder. The card issuer may issue CEP card for more than one CEP scheme.

• The card issuer has the liability for all value loaded onto the CEP card and the management of the funds pool
• The card issuer is responsible for monitoring transactions received to ensure that a valid CEP card issued by the card issuer made the transaction.
• The card issuer authenticates the CEP card for all load transaction

Fund Issuer

Manages the funds in the card and keeps a log of the transaction. Fund issuer coordinates with the card issuer to load/unload the amount in the card with help of loading device.

Load acquirer

The load acquirer is the entity responsible for establishing a business relationship with one or more CEP scheme providers & to load the amount in the card in coordination with the card issuer.

Merchant acquirer

The merchant acquirer is the entity responsible for establishing a business relationship with one or more CEP scheme providers to clear and settle Purchase transaction and also for the creation and distribution of the PSAMs. Merchant acquirer must do the following.

• Collect and validate all transactions and provide acknowledgments of successful collection to the POS device or to the merchant.
• Ensure that each batch of transactions is cleared and settled once and only once.
• Ensure that CA public keys, aggregation parameters, certificate revocation lists and optional blocking lists from the scheme providers are sent to the POS devices.
• Make payment to the merchant and participate in settlement with the recipient of all transactions forwarded for card issuer processing.

Merchant

The merchant has responsibility for the use of a POS device to accept CEP cards for payment of goods and services.

Processor

Normally transaction flows directly from merchant acquirer or load acquirer to card issuer but some times an additional node is added in between merchant acquirer and the card issuer. These nodes are called processors. The processor must do the following tasks,

• Send transactions to other processors in the agreed format.
• Participate in a financial transaction with the connecting processors at the time that the transaction is sent or received.
• Participate in the scheme provider dispute resolution process with connecting processors to resolve any issues related to invalid transactions.

Card Requirements

The Common Electronic Purse Specifications specifies the requirements of card either single or multi-application card with its business requirement strategy. Either card should be used with in the boundaries of nation or worldwide with single electronic purse or co-exist with other financial and non- Financial application. The following are the card requirements:

• Card must be contact-based integrated circuit technology with serial number, support system-specific card numbering standards and PIN verification.
• Card must be able to be authenticated at a load device by the Issuer and point-of-sale terminal by the PSAM.
• Card must require a form of cardholder identification for electronic value load from accounts in both a proprietary environment and a shared network environment unless loading from cash.
• Card must support purchase reversal transactions, cancel last purchase transaction capability.
• Card must support unattended load device
• Card must be able to support off-line locking and unlocking, enabled at issuer option.
• Card must able to use multi currency slot, log the transaction. And should have the expiry date

Point of Sales

Point of sales devise must be user friendly with and able to accept variety of  CEPS compliance Cards. Purchase and purchase reversal, incremental purchase, and cancel last purchase transactions should able to process off-line. The following are the card requirements:

• EMV Compatible
• Support to have PSAM
• POS must have Date & Time, display card balance & transaction acceptance key.
• Place for Revocation list
• In built communication facility to download transaction to merchant acquirer ?

CEPS Security: Authentication Process, Keys & Signature

Security and successful authentication is a prerequisite for the processing of any CEPS card transactions, since it takes place in multi-application environment. CEPS specify the security on loading amount in CEPS card by load acquirer with the help of card issuer which is online transaction and purchase transaction done at merchant place with POS device which is offline transaction; other part security is not defined in the CEPS and kept on the scheme provider discretion. For purchase (offline) transaction Two-way mutual authentication between the CEP card and POS terminal is necessary. Asymmetric cryptography is used for authenticating CEP card with PSAM and exchange of secret key. RSA is the public key algorithm chosen for CEPS. Dynamic data authentication is necessary for load, unload, purchase, incremental purchase, and cancel of last purchase. Symmetric cryptography is used for on line transaction to protect the integrity of the data by generating the MAC’s.

Signatures are generated & used at various levels in CEPS transaction to validate the transactions. The card uses a unique diversified secret key, personalized into the card, to generate and authenticate transaction signatures for load, unload, currency exchange, purchase and cancel last purchase transactions. In load & unload transaction S1, S3 are generated by the CEP card for validating transaction data and sends to Card Issuer and Load acquirer respectively. S2 is generated by Card Issuer and sends it to the CEP card.

During purchase CEP card and PSAM authenticate each other and POS device generate PS2 signature and S3, S4, S5, S6 MAC’s generated during purchase transaction.

 
Batch of each complete POS transaction, which is attached with MAC by the PSAM, is kept in the POS device memory until collected by the merchant acquirer. This batch in POS contains the total count and amount of the transactions for ensuring the integrity by merchant acquirer. The count and amount of the transactions in the batch must be protected by the S4 MAC.

Processing

The Fig xx.xx shows an overview of processing take place in the payment system, path 1, 2 and 3 are the transaction between CEP Card & POS, POS & Merchant Acquirer and Merchant Acquirer & Issuer.

 

Path-1 : Purchase, Incremental Purchase, Reversal Purchase & Cancel last Purchase Transaction

After inserting CEP Card in POS Terminal, CEP card authenticate it self to PSAM and PSAM to CEP Card using a combination of public key and symmetric cryptography. Value in the CEP card is then adjusted after confirmation from the user. After completion of transaction POS terminal validate the transaction and batch of transaction to store in the POS terminal data store. Figure xx.xx shows detail steps in the purchase transaction. After reset, POS initiate the purchase transaction by selecting the EMV application on the card with specific currency slot, followed by the exchange and verification of certificates to authenticate mutually to each other. After confirmation from the card holder about the value of purchase, PSAM sign data DS using public key of CEP Card (VKPCEP) where DS contain header,

 amount to be debited (MPDA), session key produced by PSAM for authentication purpose along with hash result of DS Hash [section 10.1.4, of ??], encrypted by private key of PSAM and send to CEP card to debit the amount. In response to debit command CEP Card decrement the amount and return S3 MAC and card issuer S6 MAC to POS Device to validate the transaction completion or return status condition if command fails to debit the value. CEP card also Logs the transaction details.

In case of incremental purchase; another debit command along with S2 MAC computed by PSAM, is sent to the card in response to this gets S3 and S6 MAC, reversal purchase; POS device send reversal commands along with S2 MAC and log the transaction details and in case of cancel last purchase additional processing is needed [Section 4.5.4 of 44]

After completion of valid mutual authentication by PSAM the amount of a purchase is added to the total amount for the batch (MTOTBATCH ), and the count of transactions in the batch is incremented by one(NTBATCH ) in batch summary record. The PSAM in the POS device generates a merchant acquirer S5 MAC to complete the transaction and logs the transaction [Table 65, of 45]. PSAM protect count and amount of the transactions in the batch by S4 MAC. This transaction batch is kept in data store of the POS device for transferring to the merchant acquirer [Table 2.2].

Table 2. 2  Batch Summary Record

Field	Value	Length (bytes)
RIDPSAM	Identifier of the RID owner that assigned the PSAM creator Identifier	5
IDPSAMCREATOR	Identifier of the PSAM creator	4
IDPSAM	PSAM Identifier assigned by the merchant acquirer	4
IDBATCH	Batch Number	2
MTOTBATCH	Net amount of all transactions (purchases less cancel last purchases) in batch - this  includes both aggregated and non aggregated transactions	4
NTBATCH	Total number of transactions in the batch. This includes a count of all detail transactions plus the NTAGG from each aggregation record.	2
S4	MAC - created using the PSAM MAC key - the minimum contents of the S4 are the data listed in this table (excluding the S4 MAC)	8

Table 2. 3  Transaction data Log in POS data store

Field	Contents	Length (bytes)
IDSCHEME	Usually the AID from the CEP card but may be a reference number	var
IDISS,CEP	Issuer Identifier	4
IDCEP	Card serial number	6
TIPDA	Transaction Indicator - set by POS device	1
DTHRPDA	Date & Time stamp from transaction initiation	5
CNTRYPDA	Country of the POS device	2
DOMPDA	Domain of the POS device	1
CURRPDA	Currency	3
AMCEP	Authentication method supported by the CEP card	1
NTCEP	Card transaction number	2
RIDPSAM	Owner of the RID that assigned the PSAM creator id	5
IDPSAMCREATOR	Identification of the PSAM creator	4
IDPSAM PSAM	Identifier assigned by the merchant acquirer	4
IDACQ	Acquirer ID; usually the actual IDACQ but may be a reference number	4
NTPSAM	PSAM transaction Number	4
MTOTPDA	Net value of transaction	4
MPDA	Value of last increment (either debit or recredit, depending on TI)	4
S6	MAC over Issuer-defined data	8
BALCEP	New Card Balance	4
DDCEP	Issuer discretionary data	0-16
DEXPCEP	Expiration date for transaction	3
IDBATCH	Batch Number	2
VKPCA,ISS,CEP	Version of the CA Public Key the PSAM must use for card authentication	1
IDREG,ISS	Identifier of the issuer region - zeros if no region	4
VKPREG,ISS	Version number of the region public key used to create the issuer certificate	1
CSNISS,CEP	Identifier of the Issuer’s certificate contained in the card	3
CCPDA	Transaction status	2
S5	MAC – created by PSAM MAC key	8

Path-2 : Transaction between Merchant & Merchant Acquirer.

Periodically, Merchant Acquirer collects the transactions from the POS device’s data store and complete verification of S5, S4 MAC created by the PSAM and consolidation of transactions from multiple POS devices. CEPS does not provide the detail information or procedure for collecting the transaction batch from merchant to merchant acquirer in terms of protocol and the medium for transmission [Section 9.1 of 45] but insist on the minimum data to be transferred, Table 2.2 and Table 2.3.

Possibilities of the different type flows between POS device and Issuer are given in CEPS [Section 4.3.2, 43]. Theses possibilities are depend on the nature, structure and setup of the business by the scheme provider, which may includes intermediate processor between POS device and Issuer. Processing rules and the flows are decided by the scheme provider to deploy smooth operation of the scheme with achieved system security and data integety.

 
Either POS device, Merchant or Merchant Acquirer initiate the batch collection process by closing the batch in POS device and mark it ‘closed batch’, while after closing batch, no transaction should be added in to this.
Closed batch along with the batch summery record is then sent to merchant acquirer. Contents of the transaction data and batch summery record is given in table 2.2 and table 2.3. POS device wait for acknowledge from the merchant acquirer, till that closed batch remain in POS device. Merchant acquirer validates the batch using S4 MAC, logs batch and validate the each transaction using S5 MAC.
Merchant acquirer divides the batches by card issuer and arranges them for settlement with card issuers.

Path-3 : Transaction Between Merchant Acquirer and Card Issuer.

Merchant acquirer sends the transaction to issuer for settlement and managing the fund

 pool. Card issuer validates the batch, validate each transaction done by CEP card by verifying S6 MAC and logs the batch. After validation issuer send acknowledgment back to the merchant acquirer. CEPS does not specify any detail in this path also but gives minimum data requirement same as stated in  [section xx.xx]

 

Electronic Payment System Specification/standards for India

MIT report
Smars IIT Bombay
More transaction of lower value,??

Protocol Design and Verification

Success of electronic payment system is based on the design principals and its correctness.
Rules, formats, and procedures that have been agreed upon between participating parties are collectively called a protocol. The protocol, then, can contain agreements on the methods used for:

• Initiation and termination of data exchanges
• Synchronization of senders and receivers
• Detection and correction of transmission errors
• Formatting and encoding of data

A protocol specification consists of five distinct parts. To be complete, each specification should include explicitly:
1. The service to be provided by the protocol
2. The assumptions about the environment in which the protocol is executed
3. The vocabulary of messages used to implement the protocol
4. The encoding (format) of each message in the vocabulary
5. The procedure rules guarding the consistency of message exchanges

Characteristics of protocol

Simplicity — the case for light-weight protocols

A well-structured protocol can be built from a small number of well-designed and well-understood pieces. Each piece performs one function and performs it well. To understand the working of the protocol it should suffice to understand the working of the pieces from which it is constructed and the way in which they interact. Protocols that are designed in this way are easier to understand and easier to implement efficiently, and they are more likely to be verifiable and maintainable. A light-weight protocol is simple, robust, and efficient. The case for light-weight protocols directly supports the argument that efficiency and verifiability are not orthogonal, but complementary concerns.

Modularity — a hierarchy of functions

A protocol that performs a complex function can be built from smaller pieces that interact in a well-defined and simple way. Each smaller piece is a light-weight protocol that can be separately developed, verified, implemented, and maintained. Orthogonal functions are not mixed; they are designed as independent entities. The individual modules make no assumptions about each other’s working, or even presence. Error control and flow control, for instance, are orthogonal functions. They are best solved by separate light-weight modules that are completely unaware of each other’s existence. They make no assumptions about the data stream other than what is strictly necessary to perform their function. An error-correction scheme should make no assumptions about the operating system, physical addresses, data encoding methods, line speeds, or time of day. Those concerns, should they exist, are placed in other modules, specifically optimized for that purpose. The resulting protocol structure is open, extendible, and rearrangeable without affecting the proper working of the individual components.

Well-formed protocols

A well-formed protocol is not over-specified, that is, it does not contain any  nreachable or unexecutable code. A well-formed protocol is also not under-specified or incomplete. An incompletely specified protocol, for instance, may cause unspecified receptions during its execution. An unspecified reception occurs if a message arrives when the receiver does not expect it or cannot respond to it. A well-formed protocol is bounded: it cannot overflow known system limits, such as the limited capacity of message queues. A well-formed protocol is self-stabilizing. If a transient error arbitrarily changes the protocol state, a self-stabilizing protocol always returns to a desirable state within a finite number of transitions, and resumes normal operation. Similarly, if such a protocol is started in an arbitrary system state, it always reaches one of the intended states within finite time. A well-formed protocol, finally, is self-adapting. It can adapt, for instance, the rate at which data are sent to the rate at which the data links can transfer them, and to the rate at which the receiver can consume them. A rate control method, for instance, can be used to change either the speed of a data transmission or its volume.

Robustness

It is not difficult to design protocols that work under normal circumstances. It is the unexpected that challenges them. It means that the protocol must be prepared to deal appropriately with every feasible action and with every possible sequence of actions under all possible conditions. The protocol should make only minimal assumptions about its environment to avoid dependencies on particular features that could change. Many link-level protocols that were designed in the 1970s, for instance, no longer work properly if they are used on very high speed data lines (in the Gigabits/sec range). A robust design automatically scales up with new technology, without requiring fundamental changes. The best form of robustness, then, is not over-design by adding functionality for anticipated new conditions, but minimal design by removing non-essential assumptions that could prevent adaption to unanticipated conditions.

Consistency

There are some standard and dreaded ways in which protocols can fail. We list three of the more important ones. Deadlocks — states in which no further protocol execution is possible, for instance because all protocol processes are waiting for conditions that can never be fulfilled.

• Livelocks — execution sequences that can be repeated indefinitely often without ever making effective progress.
• Improper terminations — the completion of a protocol execution without satisfying the proper termination conditions.

Ten rules of design

The principles discussed above lead to ten basic rules of protocol design.

• Make sure that the problem is well-defined. All design criteria, requirements and constraints, should be enumerated before a design is started.
• Define the service to be performed at every level of abstraction before deciding which structures should be used to realize these services (what comes before how).
• Design external functionality before internal functionality. First consider the solution as a black-box and decide how it should interact with its environment. Then decide how the black-box can internally be organized. Likely it consists of smaller black-boxes that can be refined in a similar fashion.
• Keep it simple. Fancy protocols are buggier than simple ones; they are harder to implement, harder to verify, and often less efficient. There are few truly complex problems in protocol design. Problems that appear complex are often just simple problems huddled together. Our job as designers is to identify the simpler problems, separate them, and then solve them individually.
• Do not connect what is independent. Separate orthogonal concerns.
• Do not introduce what is immaterial. Do not restrict what is irrelevant. A good design is ‘‘open-ended,’’ i.e., easily extendible. A good design solves a class of problems rather than a single instance.
• Before implementing a design, build a high-level prototype and verify that the design criteria are met.
• Implement the design, measure its performance, and if necessary, optimize it.
• Check that the final optimized implementation is equivalent to the high-level design that was verified.
• Don’t skip Rules 1 to 7.

The most frequently violated rule, clearly, is Rule 10.

Design and validation of computer protocol by Gerard J. Holzmann Bell Laboratories Murray Hill, New Jersey 07974
Verification using spin

Authentication Method and Attacks on Protocol

security of the system at various levels, both for off-line and on-line transaction in CEPS, Authentication and security mechanism is clearly stated in CEPS for purchase transaction between CEP Card and POS Terminal. Authentication and security of the transaction between Merchant and merchant acquirer are kept at the implementers decision.
Transaction between merchant and merchant acquirer is off line transaction and attempt is made here to solve the problem by giving innovative design for this transaction for requirements in Indian payment system stated in section 2.5
Two-way, or mutual, authentication must be performed for off-line transactions is the general requirement in CEPS,