B Com Exam  >  B Com Notes  >  E-Commerce  >  Security Requirements in Electronic Payment Systems - Security and Payment, E-Commerce

Security Requirements in Electronic Payment Systems - Security and Payment, E-Commerce | E-Commerce - B Com PDF Download

SECURITY REQUIREMENTS IN ELECTRONIC PAYMENT SYSTEMS 

The concrete security requirements of electronic payment systems vary, depending both on their features and the trust assumptions placed on their operation. In general, however, electronic payment systems must exhibit integrity, authorization, confidentiality, availability, and reliability.

Integrity and authorization

A payment system with integrity allows no money to be taken from a user without explicit authorization by that user. It may also disallow the receipt of payment without explicit consent, to prevent occurrences of things like unsolicited bribery. Authorization constitutes the most important relationship in a payment system. Payment can be authorized in three ways: via out-band authorization, passwords, and signature.

Out-band authorization : In this approach, the verifying party (typically a bank) notifies the authorizing party (the payer) of a transaction. The authorizing party is required to approve or deny the payment using a secure, out-band channel (such as via surface mail or the phone). This is the current approach for credit cards involving mail orders and telephone orders: Anyone  who knows a user’s credit card data can initiate transactions, and the legitimate user must check the statement and actively complain about unauthorized transactions. If the user does not complain within a certain time (usually 90 days), the transaction is considered “approved” by default.

Question for Security Requirements in Electronic Payment Systems - Security and Payment, E-Commerce
Try yourself:
What are the two ways in which payment can be authorized in an electronic payment system?
View Solution

Password authorization : A transaction protected by a password requires that every message from the authorizing party include a cryptographic check value. The check value is computed using a secret known only to the authorizing and verifying parties. This secret can be a personal identification number, a password, or any form of shared secret. In addition, shared secrets that are short - like a six-digit PIN - are inherently susceptible to various kinds of attacks. They cannot by themselves provide a high degree of security. They should only be used to control access to a physical token like a smart card (or a wallet) that performs the actual authorization using secure cryptographic mechanisms, such as digital
signatures.

Signature authorization : In this type of transaction, the verifying party requires a digital signature of the authorizing party. Digital signatures provide nonrepudiation of origin: Only the owner  of the secret signing key can “sign” messages (whereas everybody who knows the corresponding public verification key can verify the authenticity of signatures.)

Confidentiality : Some parties involved may wish confidentiality of transactions. Confidentiality in this context means the restriction of the knowledge about various pieces of  information related to a transaction: the identity of payer/payee, purchase content, amount, and so on. Typically, the confidentiality requirement dictates that this information be restricted only to the participants involved. Where anonymity or un-traceability are desired, the requirement may be to limit this knowledge to certain subsets of the participants only, as described later.

Availability and reliability : All parties require the ability to make or receive payments whenever necessary. Payment transactions must be atomic: They occur entirely or not at all, but they never hang in an unknown or inconsistent state. No payer would accept a loss of money (not a significant amount, in any case) due to a network or system crash. Availability and reliability presume that the underlying networking services and all software and hardware components are sufficiently dependable. Recovery from crash failures requires some sort of stable storage at all parties and specific resynchronization protocols. These fault tolerance issues are not discussed here, because most payment systems do not address them explicitly.

The document Security Requirements in Electronic Payment Systems - Security and Payment, E-Commerce | E-Commerce - B Com is a part of the B Com Course E-Commerce.
All you need of B Com at this link: B Com
100 videos|55 docs|19 tests

FAQs on Security Requirements in Electronic Payment Systems - Security and Payment, E-Commerce - E-Commerce - B Com

1. What are the security requirements for electronic payment systems?
Ans. The security requirements for electronic payment systems include authentication, confidentiality, non-repudiation, and integrity. Authentication ensures that the user is authorized to access the system, confidentiality ensures that the data is encrypted and protected from unauthorized access, non-repudiation ensures that the transaction cannot be denied by either party, and integrity ensures that the data is not tampered with during transmission.
2. How do electronic payment systems ensure security?
Ans. Electronic payment systems ensure security through various measures such as encryption, tokenization, two-factor authentication, and fraud detection. Encryption ensures that the data is unreadable to anyone who does not have the key to decrypt it. Tokenization replaces sensitive data with a unique token, which is useless to anyone who intercepts it. Two-factor authentication requires the user to provide two different types of authentication, such as a password and a fingerprint, before accessing the system. Fraud detection uses machine learning algorithms to detect suspicious transactions and prevent fraud.
3. What are the risks associated with electronic payment systems?
Ans. The risks associated with electronic payment systems include data breaches, identity theft, fraud, system downtime, and cyber attacks. Data breaches occur when sensitive information is stolen or leaked, identity theft occurs when someone uses another person's identity to make unauthorized transactions, fraud occurs when someone intentionally deceives the system to gain financial advantage, system downtime occurs when the system is unavailable for use, and cyber attacks occur when the system is hacked or infected with malware.
4. How can users protect themselves when using electronic payment systems?
Ans. Users can protect themselves when using electronic payment systems by following some best practices such as using strong passwords, enabling two-factor authentication, avoiding public Wi-Fi networks, checking transaction history regularly, and not sharing personal information with anyone. They should also keep their devices up-to-date with the latest security patches, use anti-virus software, and be cautious of phishing emails or messages.
5. What are the benefits of using electronic payment systems?
Ans. The benefits of using electronic payment systems include convenience, speed, cost-effectiveness, and improved security. Electronic payment systems enable users to make transactions from anywhere at any time, without the need for physical cash or checks. They also provide faster transaction processing times, which can be useful in situations where time is critical. Electronic payment systems are usually more cost-effective compared to traditional payment methods, and they also offer improved security features that protect both the user and the merchant.
100 videos|55 docs|19 tests
Download as PDF
Explore Courses for B Com exam
Signup for Free!
Signup to see your scores go up within 7 days! Learn & Practice with 1000+ FREE Notes, Videos & Tests.
10M+ students study on EduRev
Related Searches

E-Commerce | E-Commerce - B Com

,

Important questions

,

Viva Questions

,

E-Commerce | E-Commerce - B Com

,

Objective type Questions

,

study material

,

E-Commerce | E-Commerce - B Com

,

Sample Paper

,

Security Requirements in Electronic Payment Systems - Security and Payment

,

Exam

,

Summary

,

Extra Questions

,

practice quizzes

,

Previous Year Questions with Solutions

,

shortcuts and tricks

,

mock tests for examination

,

past year papers

,

Security Requirements in Electronic Payment Systems - Security and Payment

,

video lectures

,

Semester Notes

,

MCQs

,

pdf

,

Free

,

ppt

,

Security Requirements in Electronic Payment Systems - Security and Payment

;