1

The Present and Future of Electronic Payment Systems

Vivek Reddy
vjreddy@scu.edu
Coen 150
5/17/04
 2

Abstract. Electronic commerce and electronic business are the inevitable mediums of

exchange in an increasingly wired world. To better understand the problems and

perspectives of electronic payment systems, it is wise to look at not only the current

systems in place, but to also examine what the future may hold. This paper describes the

characteristics of current systems in place and provides a brief analysis of how each

works. Finally, it predicts the future of these systems and the possible changes to the

current structure of economic transactions.

1 Introduction

For more than decade there have been predictions of the elimination of physical

cash as a transaction medium and the substitution of one form or another of an electronic

payments system. Some forecasters view the prospect with delight, looking on it as

increasing the efficiency of the economy. Others fear its rise, anticipating it to be another

way in which the security and privacy of our lives become subject to monitoring and

scrutiny. But no matter which side one may fall on, it is clear that we're abolishing the

physical need for money, one step at a time. We're committing our futures, our families,

our societies, to cyberspace (Gleick). Because of this explosive development of electronic

commerce in recent years, the issue of paying over open networks has become very

important. Electronic payment systems are required to bring the necessary infrastructure

to facilitate payments. They are an essential part of the further development of commerce

and business (Gleick).

Before taking a closer look at the different types of payment systems, it is

important to classify or categorize them in order to get a better understanding of the

characteristics and properties of the systems. The first level in the categorization is based
 3

on the way in which money transfer is organized. Existing payment mechanisms can be

divided into two groups: electronic cash and credit-debit systems. Another approach,

based on the type of information that is exchanged, distinguishes between account-based

and token based systems, in which the former corresponds to credit-debit systems and the

latter to electronic cash (Abrazhevich).To be specific, electronic currency or cash is

similar to conventional cash where parties exchange electronic tokens that represent

value, just like paper money with respect to banks. The credit-debit approach, in contrast,

means that money is represented by numbers in bank accounts and these numbers are

transferred between parties over computer networks. Going one step further in the

classification of account-based systems, we can distinguish between debit and credit

cards systems and specialized ones, for example, those systems that use e-mail for money

transfer or notification. Electronic currency can be divided on systems that support smart

cards, and those that exist only in online environment. They can be called ‘online cash’ or

‘Web cash’. Prepaid cards and electronic purse systems can be also included in this

category (Abrazhevich).

Now that we have classified the payment systems, we can take a more in-depth

look at each of the categories. By choosing a specific example from each, we can analyze

the specific functionality of each system and why its security allows it to be either a

promising new technology or an already existing one. Under the scope of account based

systems, we will first see how credit cards work, then continue on to email-based

transaction systems, and finally a generic system such as PayPal. Moreover, under the

category of electronic currency, we will take a look at both smart cards and E-Cash.

Finally, we will anticipate how new innovations and technologies such as RF

 4

identifications will continue to morph the changing landscape of electronic payment

systems in the future.

2 Account-Based Systems: The Credit Card

A first step in the evolution of physical to electronic payment systems, the credit

card is a common piece of innovation used by almost everyone in today’s society. In

order to understand future technology such as the viability of the smart card, it is indeed

beneficial to see how a credit card actually works. In general, a credit card is a thin

plastic card, usually 3-1/8 inches by 2-1/8 inches in size that contains identification

information such as a signature or picture, and authorizes the person named on it to

charge purchases or services to his account. These will be billed periodically. Today, the

information on the card is read by automated teller machines, store readers, and bank and

Internet computers (how stuff works).

In order to authenticate these credit card transactions, there are three basic

methods of determining whether your credit card will pay for what you are charging.

Merchants with only a few transactions each month can do voice authentication using a

touch-tone phone. Additionally, terminals allow users to swipe their credit cards, easing

the need for an additional human being to be involved in the transaction (how stuff

works). For example, people often swipe their own card at the checkout of stores these

days. And finally, there are virtual terminals for internet transactions. More specifically,

the protocol for credit card use starts with a cashier swiping the card through a reader.

This dials a stored telephone number to call an acquirer. An acquirer is an organization

that collects credit authentication requests and provides the merchants with a payment

guarantee. When the acquirer company gets the credit card requests, it checks the
 5

transaction for validity and the record on the stripe for merchant ID, valid card number,

expiration date, credit card limit, and card usage. Single dial-up transactions are

processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment uses

much higher speeds via this protocol. In this system, the cardholder enters a personal

identification number (PIN) using a keypad (how stuff works).

The PIN is not on the card, it is rather encrypted in a database. For example,

before you get cash from an ATM, the ATM encrypts the PIN and sends it to the database

to see if there is a match. The PIN can be either in the bank's computers in an encrypted

form or encrypted on the card itself. The transformation used in this type of cryptography

is called one-way. This means that it's easy to compute a cipher given the bank's key and

the customer's PIN, but not really feasible to obtain the plain-text PIN from the cipher,

even if the key is known. This feature was designed to protect the cardholder from being

impersonated by someone who has access to the bank's computer files. Likewise, the

communications between the ATM and the bank's central computer are encrypted to

prevent hackers from tapping into the phone lines, recording the signals sent to the ATM

to authorize the dispensing of cash and then feeding the same signals to the ATM to trick

it into unauthorized dispensing of cash (how stuff works).

Now that we’ve seen how a credit card works, the advantages are quite apparent.

This system of electronic payment provides ease of use and scalability. As long as it can

use the existing networks and terminals, there is no need for creating new hardware or

infrastructure. All that needs to be tracked is what new accounts have been created.
 6

2.1 Account-Based Systems: E-mail Based Systems

E-mail is an inherently insecure medium. Whereas traditional bank paper and

other payment systems have levels of security built in, e-mail does not. E-mail payment

systems use e-mail for notification and traditional banking systems to transfer funds.

However, the actual security of payments remains relevant and can be divided into two

main concerns: transaction-level security and user authentication. The first is more

straightforward and concerns the guarding of sensitive payment details while in transit.

This can be addressed by 128-bit data encryption in a secured socket layer (SSL), which

is widely accepted and is generally believed to be adequate protection even for large-

value transactions (Finance Asia). This communication protocol, which also is used for

web-based credit card payments, works in a series of steps:

 Client enters a merchant site which uses SSL;

 Web browser and merchant server contact themselves (handshake process):
o Web browser and Merchant server establish the cipher suite;
o Web browser authenticates the server thanks to its digital certificate (and
optional client authentication);
o Web browser chooses a symmetric key, encrypts it with server’s public
key which he has obtained with server’s certificate and finally sends it
back;
o Merchant’s server decrypts it and the handshake is completed.
 The server performs the following steps:
o Computes the hash value (digest) of requested data;
o Encrypts data and hash value with a symmetric key which was chosen
during handshake process;
o Sends it to the client.
 The client’s browser proceeds as follows:
o It decrypts message with the chosen key;
o It crates message digest from the original message;
o It compares both digests;
o If they are equals it presents the data.
 The client fills in a form (e.g. the credit card number and order information)
 The client’s browser sends the form to the merchant’s server after proceeding
following operations:
o Computing the digest of the data;
 7

o Encrypting the data and the digest with the symmetric key
 The merchant’s server:
o Decrypts the message;
o Calculates the digest of the original data;
o Compares both digests;
o If they are equals it continues process… (Stabla).

Authentication is trickier and is a justified reason why large-value payments will

probably not be conducted using e-mail for some time. It is technically feasible to build a

public key infrastructure and an e-mail payment system to authenticate parties to a

transaction. This would in turn provide strong authentication. But this is not necessarily a

good user experience and is certainly not an established practice.

So in the end, electronic transmission of funds using e-mail can provide

significant benefits. Convenience is of course first and foremost in this category. It could

also provide viable security and possible cost savings. As it happens, it is not something

that is truly necessary in the short term. It is possible however in the future that it may

become more commonplace.

2.2 Account-Based Systems: PayPal

One of the more generic account based systems is PayPal. It is a widely used

online payment solution that works solely off of the existing financial infrastructure.

Once a user has a PayPal account and has entered information about the bank accounts

they wish to draw from, they can send money to anyone with an e-mail account. The

money is then taken from the sender and placed in a PayPal account for the recipient.

Basically, PayPal can be thought of as a middle man for credit card transactions. All

transactions between consumers take place indirectly through PayPal. Currently the
 8

payment method of choice for auction such as eBay, PayPal has shown itself to be a

viable payment solution for individuals. Similar to other web based transactions, PayPal

automatically encrypts confidential information in transit from the consumer’s computer

to the merchant’s using the Secure Sockets Layer protocol (SSL) with an encryption key

length of 128-bit. However it does not have the security features that are needed for

larger business transactions. Once again though, similar to the credit card itself, the

advantages of PayPal are both primarily ease of use and scalability since it does not need

to create a new infrastructure in order to go through with transactions.

2.3 Account-Based Systems: General

As stated earlier, account based systems use the SSL protocol in order to create a

secure transaction between the consumer and merchant. But as the internet marketplace

continues to expand, there is no safe standards-based payment system. With this protocol,

the card number is safely passed on to the merchant and protected from stealing or

changing information during transmission. But, neither non-repudiation nor fraudulent

use of card numbers are fully protected against, since merchants stock all confidential

account information about his clients on his server. In the case of an SSL transaction the

purchaser has no certainty that merchant will guard properly payment card information.

Moreover he or she has no assurance that merchant is authorized to accept credit card

payments. On the other hand, the merchant has no assurance that client is legible to use

the payment card.

Secure Electronic Transaction (SET) is a payment protocol developed by VISA

and MasterCard based on the RSA algorithm. It helps to ensure security of data during
 9

financial transactions over the Internet. Very similar to SSL, SET mainly depends on

cryptology and digital signature technologies. With SET, the cardholder uses software

called an “electronic wallet”, in which the credit card numbers and digital certificate are

stored. The merchant will acquire a digital certificate from a financial institution. Both

the cardholder and the merchant will present their digital certificates to each other in

order to verify their identities when conducting transactions over the Internet. During an

SET transaction, the cardholder’s credit card number is not be seen by the merchant, as

an encrypted code of the credit card number is sent to the credit card issuer, which

approves the transaction for the merchant (Secure Electronic Transaction). In this way,

unauthorized viewing and data corruptions will be prevented during transmission. SET is

simply a better version of SSL.

Now that we’ve examined the functionality of account based systems we can turn

our attention to electronic cash or currencies.

3 Electronic Currencies: Smart Cards

You can think of the smart card as a "credit card" with a "brain" on it, the brain

being a small embedded computer chip. This card-computer can be programmed to

perform tasks and store information. Smart cards currently are used in telephone,

transportation, banking, healthcare transactions, and the Internet. Smart cards are already

being used extensively in Japan and Europe and are gaining popularity in the U.S.

(DiGiorgio).
 10

The reason we classify them as an electronic currency is because systems that

employ smart cards like Chipknip, Chipper, Belgium Proton, Mondex, and Visa Cash

represent money as a number on the card. With this in mind, they act like an electronic

purse. The value is stored on a card and if the card is lost the money is gone, in a fashion

similar to cash (Abrazhevich).

The advantages of smart cards are numerous. First, they are more reliable than a

magnetic stripe card. They can also store a hundred times more information than a

magnetic stripe card. In terms of security, they are more difficult to tamper with than

magnet stripes. Furthermore they can be disposable or reusable. And finally they can

perform multiple functions in a wide range of industries because of their compatibility

with portable electronic devices such as phones, PDAs, and PCs (DiGiorgio).

3.1 Electronic Currencies: E-Cash

”Electronic money is broadly defined as an electronic store of monetary value on a

technical device that may be widely used for making payments to undertakings other than
the issuer without necessarily involving bank accounts in the transaction, but acting as a
prepaid bearer instrument” (European Central Bank).

“Electronic money products are defined […] as stored value or prepaid products in which
a record of the funds or value available to the consumer is stored on a device in the
consumer’s possession. This definition includes both prepaid cards (sometimes called
electronic purses) and prepaid software products that use computer networks such as the
internet (sometimes called digital cash)” (Bank for International Settlement ).

Summing these up, one can state that e-money is not like anything that has been

attempted before. It creates new sub-category of money. It constitutes, at the same time,

payment instrument, monetary value and account units, making it operate just like cash

would (Stabla).
 11

There are two types of e-money: identified and anonymous. Identifiable e-money

operates similar to bank products because the identity of the user and the way of spending

is well known to financial institutions and the latter can easily track the circulation of e-

money in the economy. Anonymous e-money is totally untraceable and to create it a blind

signature is needed. The process of the blind signing is a modification of the traditional

digital signing process (Stabla). To understand the process we must first keep in mind that

special software by the issuer creates an e-banknote upon a user’s request and after

verification. In essence, the prepared message or e-banknote is multiplied by a random

factor and thereby the receiver (issuer) knows nothing about the content except that it

carries the user’s digital signature (to identify user’s account for deduction). After the

issuer signs the e-banknote to confirm its validity, it returns to the user who divides the e-

banknote by the same factor. Now he can use it keeping whole anonymity while the

issuer does not know anything about the blind factor (Stabla). The following diagram

provides some structure about how the E-Cash system in general works.

(Diagram from Stabla)

 12

3.2 Electronic Currencies: General

Smart Cards and E-Cash provide distinct advantages and disadvantages when

compared to account based systems. Smart Cards could be seen as a large advancement

over the system of credit cards. In terms of E-Cash, similar to physical cash, there is an

ability to create anonymity during financial transactions. In effect, it could be untraceable

if done with a blind signature. A significant disadvantage, however, is that a large

database of past transactions need to be kept to prevent double spending when it comes to

E-Cash. Because E-Banknotes would be quite easy to duplicate, systems need to be in

place to keep track of all notes that have been issued, but not yet deposited. This

obviously reduces the scalability and ease of use for the system. Furthermore, there may

be a necessity to purchase and install extra hardware and software adding burden to both

the merchant and consumer. These are probably the reasons that such promising

companies like DigiCash fell flat to the ground.

After looking at the present, both the account based systems and electronic

currencies, we can now examine what the future holds in the world of electronic payment

systems.

4 Future of Electronic Payment Systems: RF-Ids

Radio barcodes embedded into billions of different things which have value

sending out radio signals about what they are and where they are. They cannot

communicate with each other directly, but can exchange information through base

stations that send and receive information. These devices are tiny micro-computer

systems which already cost as little as a quarter and are used in such companies as Wal-
 13

Mart. They already allow retail outlets to know what goods are going in out of their

doors. They provide absolute precision about what remains in stock. The future of

electronic payment systems could be walking through a terminal with products and

services ranging from bottles of wine to travel tickets using a card that never leaves your

pocket. All the terminal needs to do is get the pulses emitted from the radio barcodes on

each item and send a signal to the card in your pocket. The transaction will automatically

occur without the need of a clerk or a register. In theory, RFIDs could enable a person to

read all the numbers and expiration information on the credit cards in your pocket as you

walk by, as well as where you do most of your clothes shopping, and the model of the

portable computer you are carrying in your briefcase, simply by hacking into the ID

communication system (Dixon). Obviously there are a lot of security details that need to

be taken care of, but this is just a glimpse of what could possibly be the next step in the

evolution of electronic payment systems, from paper bills to credit cards to digital cash to

RF-ids? The answer lies within the ability of RFID creators to create a system that is

highly scalable and easy-to-use for the consumer so it doesn’t have the same roadblocks

that E-Cash finds itself having.

5 Conclusion

After highlighting both account based systems and electronic currencies we have

seen both advantages and disadvantages. Account systems provide both ease of use and

scalability but don’t allow the same freedom of anonymity that physical cash allows. In

contrast, electronic currencies can provide this freedom but fall short when it comes to an

implementation of their systems without a lot of overhead and change in infrastructure.

The system that enjoys the most success are clearly those that don’t force the consumer to
 14

make drastic changes leaving credit card based transactions as the most viable alternative

to physical cash at the moment. But with technology continuing to evolve one thing is for

sure, it is clear that there will be a continued movement towards the elimination of

physical cash. Ongoing work needs to be done to figure out the most feasible solution in

this 21st century effort. Though much more research needs to be done, perhaps RF-Ids are

that killer innovation that people will come to accept.

.
 15

Works Cited

Abrazhevich, Dennis. “Classification and Characteristics of Electronic Payment

Systems.” Center for User-System Interaction. Technical University of Eindhoven.
<http://www.ipo.tue.nl/homepages/dabrazhe/ps/Library/data/ecwebLNCS.pdf>;

Anonymous. "Cashless Society gets Mixed Reviews." CNN.com/Technology.

8 Feb 2003. < http://www.cnn.com/2003/TECH/ptech/02/08/cash.smart.ap/>;.

Anonymous. “How Credit Cards Work.” How Stuff Works.

<http://money.howstuffworks.com/credit-card.htm>

Anonymous. “Secure Electronic Transaction.” What is ? .com.

<http://whatis.techtarget.com/definition/0,289893,sid9_gci214194,00.html>

DiGiorgio, Rinaldo. “Smart Cards: A Primer.” Java World. Dec. 1997

<http://www.javaworld.com/javaworld/jw-12-1997/jw-12-javadev.html>;

Dixon, Dr. Patrick. "RFIDs: Great New Logistics Business or Brave New World." Global
Change. Jan. 2004. <http://www.globalchange.com/rfids.htm>;

Gleick, James. “The End of Cash.” New York Times Magazine. 16 Jun 1996.
<http://www.around.com/money.html>;

Griffith, Reynolds. “Cashless Society or Digital Cash?” Southwestern Society of

Economists. Mar. 1994. <http://www.sfasu.edu/finance/FINCASH.HTM>;

Stabla, Witold. "Electronic Payment Systems." 2001. <http://ws19.webpark.pl/>;

Subscription now Required. Finance Asia.

<http://www.financeasia.com/articles/D81F1EC1-9494-4278-A994C47977599E16.cfm>;
16
17