Scheme of electronic payment systems. Electronic payments - how it works. Payment systems - a brief excursion in the history of electronic money

E-commerce development contributed to the emergence of electronic payment systems that allow you to pay for the purchase on the Internet from home. The general name "Payment Systems" combines different types of online payments. The most common credit systems that allow us to use regular credit cards on the network.

The technology of credit cards serving calculations on plastic cards is represented in Russia with such systems as Assist and CyberPlat (Fig. 5.2). The scheme of the work of such a system is as follows: the client gets the opportunity to make purchases in online stores and pay them in real time or from their account in the bank, or by its bank card, receive statements and the results of payments. The client can directly issue payment orderallowing you to perform a bank transfer to any account in any russian bank. Thus, it is possible to translate funds from the system to your account in any other bank or pay typical services, such as social operators or Internet providers.

Other niche in the electronic payment market is occupied by systems using electronic money. As noted in subsection 5.3, the essence of such money is to introduce a digital equivalent of real money, with which calculations are carried out. In many cases, this technology is more convenient, especially when paying for small purchases that make up most of the goods market. In addition, such systems are attractive in that they are anonymous and do not require confirmation of the third party.

Digital cash technology is represented in Russia such systems as Paycash and WebMoney. The scheme of operation of these systems looks like this: the client opens an "electronic wallet" in the "Electronic Bank" (the opening of the account is carried out on the Internet "from the house") and translates money on this account (cash with cash in cash bank, bank or postal transfer, with the help of credit Cards, and finally, another client can pay him within the system). After that, he becomes a client. To be able to pay within the system, the client creates one or more payment books in his computer. Then the client translates

some amount of money from your account on one of the books, that is, in your computer. Now the client is ready to pay in the network, and anonymously, those money that lie on his payment books. Each payment is authorized by the bank.

Fig. 5.2 CyberPlat payment system page

With the help of the "Electronic Wallet", it is convenient to pay in online stores hosting electronic money. In addition, if the client paid "with the protection of a trade transaction", the seller receives money only after delivering the goods, that is, the buyer's defense is laid in the system algorithmically.

Consider some payment systems.

« CyberPlat » - This is a universal multibank integrated Internet payments system, which provides the entire range of financial services - from micropagles to interbank settlements.

The main properties of the CyberPlat system are:

1) Integration - the system combines various business tools on the Internet:

- "CyberPlat" - a subsystem of servicing class "Business" for business with elements of electronic document management for customers registered in "CyberPlat";

- "CyberPlat" - subsystem of service of payments on plastic cards of international and Russian payment systems, focused on the "Business" services for the consumer and not requiring registration of buyers in the CyberPlat system;

Internet banking - the account management of the system participant via the Internet (in more detail this will be discussed in subsection 5.6);

2) Multibanicity - CyberPlat system allows for an unlimited number of banks, is open to interact with any other payment systems and, unlike many of them, provides support for many processing centers. Processing center - this is a legal entity or its structural unit, providing information and technological interaction between the calculations. Collection, processing and mailing to participants of information calculations on operations with bank cards are called processing ;

3) Universality - the system is cliviating using various payment instruments: plastic cards International and Payment Systems, including Visa, Europay, Diners Club, JCB, American Express, Union Card, E-Port Maps, as well as Payments directly from payer bank accounts in banks - system participants on any bank account, including external.

"CyberPlat" guarantees the full confidentiality of transactions and the inaccessibility of payment details for the Posodnors.

« Assist » It is a system that allows real-time to carry out authorization and processing of payments performed using credit cards from any computer connected to the Internet. As a multibank system for holding payments on plastic and virtual cards over the Internet, "Assist" occupies a leading position in the Russian market and conducts more than 80% of all Internet transactions. No additional software, except browser, is not required. Dynasite is used as server software. All calculations are held through the Back Office CyberPlat. To ensure insoleness of the transmitted data from the buyer, the SSL (Secure Socket Layer) protocol is used in Assist. The system is not anonymous, but confidential information about the client credit card (requisites) in the online store is not transmitted.

"Rapid" Provides individuals, banks, commercial and service enterprises the possibility of distance payment service (remote

management of bank accounts, universal payment cards and monetary translations). Technologies and principles of system operation are built on the use of remote control of means in real time, without opening additional bank accounts. Pay for goods or services (mobile, long-distance or international Communications, utility bills and insurance services, Internet access, the use of paid information materials, purchases in online stores, etc.) you can travel around the clock in a stationary or mobile phone, and I can buy through the Internet. You can use the services of the system using the Rapid Universal Payment Card. It combines the possibility of paying access to the Internet, long-distance talks, shopping in online stores.

« WebMoney. TRANSFER » - Universal non-bank system, allowing you to carry out instantaneous settlements on the Internet. The system is open to free use by all those wishing and has no territorial restrictions. The system of calculation in the system is the titular signs of WebMoney, the stability of the course and the liquidity of which are provided by the guarantors. Currently, WebMoney's guarantors are:

· In Russia - autonomous non-profit organization "VM-Center" (sells a type R type R type in the WEBMONEY TRANSFER system);

· In the USA - IMTB Inc. (sells in the WebMoney type Z).

One WebMoney (WM) type R is equivalent to the cost of one Russian ruble, 1 WM type Z is one US dollar, 1 WM type E is one euro.

All Webmoney, which are in the system is stored on electronic accounts (wallets) of its participants (WM type R - Equivalent of RUR - on R-wallets, WM type Z - Equivalent USD - on Z-wallets). At the same time, financial settlements between participants are carried out only using the same type of wallets. Webmoney stored on wallets at any time can be removed from the system with a conversion in the currency of the corresponding type by a non-cash payment to the bank account specified by their owner.

Get WM can be:

· In the guarantors by cashless translation from any bank, including Sberbank of Russia, as well as postal transfer to the guarantor's current account indicating the number of the purse's replenished (cash will be automatically converted to WM and enrolled on the wallet specified when transferring);

· Through a prepaid WM-card (replenishment of Z-wallets);

· From any of the participants in the system in exchange for goods, services or in exchange for cash.

With the help of "WebMoney Transfer" you can make purchases in electronic stores, create your own stores that implement sales in real time on the Internet, as well as make calculations with other participants in the system. WEBMONEY TRANSFER has a high degree of protection: all information transmitted through the Internet channels is encoded by an algorithm equivalent to RSA (see subsection 5.8), with a long key of 1040 bits.

« Paycash. " Schools of this payment system are the Bank (system operator) and customers. Individuals and legal entities can act as clients, as well as robots - autonomously functioning computer programs that play the role of shops, casinos, dealing centers, bookmakers, etc., acting on behalf of those and others. For the bank, all customers are equal. In particular, in order to be able to accept payments, the client does not require any special status of the "store". All of its operations within the framework of the "PayCash" system holds the client using a special software "Wallet". The system participants interact with each other by sending messages on the Internet.

The future client with the help of a "wallet" opens an account in the bank and translates money on this. After that, he becomes a client. To be able to pay as part of the "PayCash" system, the client creates one or more payment books on his computer using a "wallet". Then again with the help of the "wallet" translates some amount of money from his account to one of the books, that is, to your computer. At the same time, the bank can not determine which book money is being transferred. In addition, the bank does not know who belongs to specific payment records. Now the client is ready to pay on the Internet, and anonymously, those money that lie on his payment books. Each payment is authorized by the bank.

The chain of messages during the payment is as follows:

Seller - Buyer - Seller - Bank - Seller - Buyer.

In the first step, the seller asks for money from the buyer, and the signed contract of transaction is included in the request. In the second step, the buyer refers payment data to the seller. Next, the seller refers payment data to the bank for authorization. Bank

conducts the necessary checks and sends the seller receipt, as well as a receipt for the buyer. The seller reports to the Buyer its decision and forwards it data encrypted by the Bank to the buyer.

It should be borne in mind that in the "PayCash" system, the client is at its disposal electronic cash, which, like ordinary paper money, can be lost. For example, if the client's computer "burns" or stole it, then the client will lose all the money he translated into his computer and did not have time to spend. However, if the prudent client has backup copies of the wallet parameters for the last translation of money from the account to the computer, then it can restore his money.

Thus, PayCash is an anonymous electronic money system, and not just the client-bank system. This is also expressed in the fact that the bank can not, for example, at the request of the court, prevent the client to spend electronic money, which he managed to translate into his computer, otherwise, how to stop all payments in the system. If the client needs to withdraw its money outside the PayCash system, it submits the command to translate part or all the means from his account in the system of the system to account in some unpetual bank, where he himself or his representative can physically receive them. When shipping over the network, all data is encrypted by open keys do not shorter than 1024 bits and symmetrical keys are not shorter than 128 bits, so interception of encrypted messages in the foreseeable future is not possible. When implementing the system, precautions are also provided, enclosing the client from attempts to steal information directly from its computer.

"Yandex money" . This system (Fig. 5.3) is not just a combination of reliable PayCash technology and a multimillion yandex audience, but also a partnership with hundreds of participants. Among partners are banks, Internet providers, online shopping, mail, utilities, other payment systems. Affiliate program is open to all.

Fig. 5.3 Scheme of the system "Yandex.Money"

To become a member of the system, you do not necessarily have an account in a bank or credit card, it suffices to register in the Yandex.Money payment system (Fig. 5.3). At the same time, the billing system will automatically be opened in the payment system associated with your "wallet". On this account, you credit any money convenient for you, after which you can spend the calculations, you can make money yourself into your "wallet" from anyone. Electronic money from a virtual account You can always exchange for real money.

Work in the Yandex.Money system is as follows:

1) Install the Internet program on your computer. Wallet and put money on your account in the processing center of the Yandex.Money system. Then you replenish your "wallet" of a certain amount of money - translate it from the account in the processing center. Thus, in your "wallet" it turns out electronic cash;

2) Choose a product or service in an electronic store and send the order (Fig. 5.4) - click the "Buy" button. Your "wallet" at this moment must be launched. "Wallet" of the seller (store) exhibits your "wallet" payment requirement containing the text of the contract (contract contract). The contract was signed by an electronic digital signature of the seller;

Fig. 5.5 Purchase agreement

3) Your "wallet" makes you the text of the contract. If you agree, you have enough money in the account, then your "wallet" sends a "wallet" of the seller electronic money and signed by your electronic signature agreement (Fig. 5.5);

4) the "wallet" of the seller presents the electronic money received from you to the processing center to confirm their authenticity (Fig. 5.6);

Fig. 5.6 Transition of money from the wallet of the buyer to the seller's wallet

Fig. 5.7 Answer the seller about the operation of the operation

5) In the case of a positive test result, the processing center of the Yandex.Money system credits the corresponding amount of money to the seller's account. This message is transmitted to the "wallet" of the seller together with the "receipt" for you (Fig. 5.7);

6) Having received an answer from the bank, the "wallet" of the seller passes a message about the successful enrollment of money on his account, and sends a "receipt" to your "wallet" (Fig. 5.8).

Fig. 5.8 Transition of the receipt in the wallet

7) When buying a purchase using the Yandex.Money system ", together with electronic money, the contract of sale between the participants of the transaction is also transmitted. During the calculations, this contract is automatically signed by electronic digital signatures of wallets owners transmitting and receiving money under this contract. Thus, the buyer remains an electronic document confirming the commodity commodity obligations, with its electronic signature.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted by http://www.allbest.ru/

Ministry of Agriculture of the Russian Federation

Federal State Budgetary Educational Institution

higher professional education

"Saratov State Agrarian University named after N.I. Vavilova "

Financial and Technology College

Specialty: 090305.51 Information security of automated systems

COURSE WORK

Topic: "Electronic payment systems: the principles of operation and information protection"

Student Makarov Anton Sergeevich

Course 3 Group IB-20301

Head of Course Work

Brustentsova Irina Vladimirovna

Saratov, 2014.

Introduction

1.1 Payment System

2. Protection of information in electronic payment systems

Conclusion

Bibliography

Introduction

In the twenty-first century, the transmission systems of the Internet began, almost a generally accepted way to make settlements with buyers and customers in online mode. Thousands of service through this service of the electronic payment system and this is quite normal practice for many residents. Presentations electronic money and payment systems Firmly fitted in the lexicon, both users of Internet resources and financiers. Create an electronic wallet on the Internet can be in a matter of minutes and almost always for free. An existing electronic money system allows you to make any kind of exchange: inside the system exchange between different electronic money and different currencies; exchange of electronic money on non-cash or cash and vice versa. Investigate money in the electronic system and it is possible to remove from it by means of banks, checks, etc. The field of using electronic money is expanding with each day, more and more people start using electronic money. Also electronic money can be paid for goods and services purchased on the Internet, you can pay fines, Internet services and much more. All this can be done sitting at home at the computer. The purpose of the study: study and analysis of the protection of electronic payment systems. Object research: Security of payment systems.

Research Subject: Methods Protection of payment systems.

To achieve his goal, it is necessary to consider the following questions:

1. Payment systems

2. Types of electronic payment systems

3. Principles of operation of electronic payment systems

4. Ensuring the security of payment systems

5. Vulnerable places and protection methods

1. Electronic payment systems

1.1 Payment System

The payment system is a set of rules, procedures and technical infrastructure that ensure the transfer of value from one subject of the economy to another. Payment systems are one of the key parts of modern monetary systems.

It is usually implied that money transfer through payment systems. From a legal point of view, in most cases, debt transfer takes place: funds that the payment system should be one of the clients, it becomes another client. When the first client transmits its money to the payment system, then the amount of such a transfer is recorded, that is, the amount of debt before the first client. By your order, the Client may indicate that the payment system should now not be the second client. When contacting the second client to the payment system, it has the opportunity to get a cash equivalent of such a debt. In some cases, payment facilities are not money or debts nominated in money, but conditional payment units or specialized securities. Extended formations of payment systems (including physical or electronic infrastructure and related procedures and protocols) are financial transactions with ATMs, payment kiosks, POS terminals, cards with stored money costs; Electronic wallets. Electronic payment systems are a subspecies of payment systems that provide transactions of electronic payments through networks (for example, Internet) or payment chips.

The electronic money system is presented in the form of sets of accounts that can exchange electronic money among themselves.

Electronic money is the same money, only digital. With the help of electronic money, you can buy goods or services on the Internet, as well as purchased products can be delivered directly home or office using money, while at the computer. Electronic money you can pay products and services, and you can also withdraw money from the electronic form in a real view (paper). For example, you can transfer money from China in Russia in a couple of minutes or another any country. You can transfer money from the account to another account within the system, or to other systems. So you can money from the account through an ATM.

Electronic payment systems made it possible to simplify financial transactions between sellers and buyers in the Internet. Electronic systems contributed to the development of e-commerce, they allow us to make transactions instantly, as in real life I paid for the goods and immediately received it. Quick and convenient, there is no need to resort to the services of a bank and mail, spending your time to conclude a deal. If not electronic payment systems, I had to go to the bank, crediting money on your own expense, order the transfer of money to the seller's account, and then wait 2-8 days until the money was delivered (Fig. 1).

Figure 1. Typical scheme for implementing electronic payment

In the electronic payment system, payments occur subject to certain conditions:

Configuring confidentiality. When conducting payments over the Internet, the Buyer needs its data (credit card number and other information about him) that they would be known only to organizations that have legal right.

Saving the integrity of information. Buying information cannot be changed. Payment Electronic Security Information

Authentication. Buyers and sellers must be sure that all participating in the transaction are those who they give themselves.

Payment funds. The ability to pay any available to the buyer by payments.

Risk Guarantees. Carrying out trade on the Internet, the seller is exposed to the mass of risks associated with refusal and unscrupiance of the buyer. The risk level should be agreed with the provider of the payment system and with other organizations introduced into the trading network, through certain agreements.

Minimizing the transaction fee. Payment for the processing of order transactions and payment of goods, of course, is included in their cost, so the reducing of the transaction price increases competitiveness. It is important to notice that the transaction is obliged to be paid in any case, even if the buyer's failure is refused.

1.2 Principles of operation of electronic payment systems

The electronic payment system is called a set of methods and implementing their subjects providing within the system the use of bank plastic cards as a means of means. Plastic card is personalized payment toolproviding the possibility of cashless payment for goods and services, as well as receiving cash in banking machines and branches of banks. ENTERPRISE AND SERVICES AND BRANCHES OF BOARDS MAKING CARD as a payment instrument form a receiving network of card service points. When creating a payment system, one of the main solid tasks is to develop, and comply with the general rules for servicing cards issued by issuers, carrying out in the payment system of mutual settlements and payments. These rules cover both purely technical aspects of operations with data-data standards, authorization procedures, specifications for the equipment used and other and financial aspects of maintenance of the calculation procedure with trade and service enterprises, which are part of the receiving network, the rules of mutual settlements between banks and etc.

From an organizational point of view, the core of the payment system is the Association of Banks, united by contractual obligations. In addition, the electronic payment system includes trade and service enterprises that generate a network of service points. For the successful functioning of the payment system, specialized organizations are needed to provide technical support for maintenance of cards: processing and communication centers, maintenance centers, etc., (Fig. 2).

Figure 2. Scheme of the functioning of electronic payment systems

The Bank, who concluded an agreement with the payment system and received the appropriate license, can act in two qualities as a bank-issuer and as an accuar bank (Fig. 3).

Figure 3. Payment terminal. Bank-accuher

The bank-issuer releases plastic cards and guarantees the fulfillment of financial obligations related to the use of these cards as payments. Bank-the Equiler serves trade and service enterprises that make payments as payment funds, and also takes these payment funds to cash in their branches and through ATMs belonging to it. The main integral functions of the Equiler Bank are financial transactions related to the execution of calculations and payments of service points. Technical attributes of the Equiler Bank (processing of authorization requests; transfer to the current accounts of funds for goods and services provided by cards; reception, sorting and forwarding documents recording transactions using maps, etc.) can be delegated by the acciler processing centers. A non-automatic procedure for receiving the payment using the card is relatively simple. First of all, the cashier of the enterprise must make sure the authenticity of the plastic card on a certain number of signs. When paying, the company must transfer the requisites of the client's plastic map to a special check using the Imprintera copier Imprinter (English Imprinter) is a mechanical device designed to design a sliding when performing an operation with a payment card. The Imprinter is inserted into the cliché on which the identification data of the reception point is embossed. Plastic card is inserted into the Imprinter and put slip. An impression of the identification data of the reception point and maps of the client remains on the slip., To check the amount to which the purchase was made or was provided, and get a customer signature. The check is chosen in a similar way called slick.

In order to ensure the safety of the payment system operations, it is recommended not to exceed the lower limits of amounts for different regions and types of business, which can be calculated without authorization. If a limit amount is exceeded or in the event of a doubt in the identity of the client, the enterprise must conduct an authorization procedure. When authorized, the company actually gets access to the status of the client's account state and can establish the maps of the Card and its payment ability in the amount of the transaction amount. One copy of the slip remains at the enterprise, the second is transmitted to the client, the third is delivered to the Equiler Bank and serves as the basis for reimbursement of the payment amount from the Client's account.

In recent years, automated trading POS terminals have been widely popular (Point-of-Sale pay at the point of sale) and ATMs. When using POS-terminals, there is no need to fill the slips. Requisites of the plastic card are read from its magnetic strip on the reader built into the POS terminal. The client enters its PIN code to the terminal (personal identification number), known only to him. The PIN elements are included in the general encryption algorithm for the magnetic strip and serve as an electronic signature of the card holder. A transaction amount is recruited on the POS-terminal keyboard. If the transaction is carried out in the bank's separation and in its process, the cash client is issued, in addition to banking POS terminals, an electronic cashier-anatom can be used. Constructively, it represents an automated safe with a built-in POS terminal. The terminal via the built-in modem is referred to as authorization in the appropriate payment system. At the same time, the capacity of the processing center, the services of which are provided by the Equile Bank merchant.

The processing center is a specialized service organization that provides the processing of commercial accommodation from banks or directly from requests for service requests for authorization and transaction protocols - fixable data on plastic payments and cash issues. For this, the processing center maintains a database, which, in particular, contains data on the banks of the payment system and plastic cardholders. The processing center stores information about the limits of the cardholders and executes authorization requests if the Issuer bank does not conduct its own database (Off-Line Bank). Otherwise (on-line bank), the processing center forwards the received request to the bank-issuer of the authorized card. Obviously, the processing center provides and send an answer to the Equilee Bank.

The bank's execution of its functions entails settlements with issuers' banks. Each Equiler Bank provides a transfer of funds to service points for payment holders of bank-issuing cards included in this payment system. Therefore, the appropriate means must be, then transferred to the ECulee bank to the issuers banks. The operational conduct of mutual settlements between the accurators and issuers is ensured by the presence in the payment system of the settlement bank (one or several), in which the system banks open correspondent accounts. Based on the transaction protocols accumulated for the operating day, the processing center prepares and sends total data to carry out mutual settlements between banks participating in the payment system, and also forms and sends to the Equile Banks and directly to the Stop service points (lists of cards, operations for various reasons suspended). The processing center may also provide the needs of issuing banks in new maps, carrying out their order at factories and follow-up personalization. A feature of sales and issuance, cash on plastic cards is that these operations are carried out by shops and banks "in debt", i.e. Products and cash are provided to customers at once, and funds for their compensation come to the accounts of serving enterprises after some time (no more than a few days). The guarantor of payment of payment obligations arising in the process of servicing plastic cards is the issuer bank-issuer. The nature of the guarantees of the bank-issuer depends on the payment powers provided by the Client and the recorded type of card. The type of calculations carried out by plastic cards, credit and debit cards are used. Credit cards are more common of plastic cards. These include Visa and MasterCard nationwide systems and others. These cards are used in trade enterprises and for payment for goods and services. When paying with credit cards, the Bank allows the buyer to open a loan for the purchase amount, and after some time (25 days) sends an account by mail equal to the amount of purchase. The buyer must return the paid check (account) back to the bank. Naturally, a similar scheme can offer only the most wealthy and proven from its customers who have a good credit history to the Bank or solid investments in the bank in the form of deposits, values \u200b\u200bor real estate.

Owner debit card It is obliged to make a certain amount in advance in the bank-issuer. The amount of such a sum assigns the limit of available funds. When implementing calculations using this card, the limit is reduced accordingly. Control of this limit is carried out during authorization, which, when applying a debit card, is mandatory. To restore or increase the limit, the card holder needs to make funds to your account. Credit and debit cards may not only be personal, but also corporate. Corporate maps are given by their employees to pay for travel or other official expenses. Corporate maps of the company are associated with any one by one account. This card may have a divided or undivided limit. Declaring cases of each of the owners of corporate maps establishes a certain limit on the Carter. In an undivided version, it is best suited to small companies and does not imply the distinction of the limit. In recent years, electronic payment systems are increasingly attracted to themselves using microprocessor cards. The fundamental difference of microprocessor cards from all listed above is that they directly carry information about the status of the client's account, since are, in essence, transit account. All transactions are performed in the OFF-LINE mode during the Dialogue Map Terminal or Customer Map - Map of the merchant. Such a system is almost completely safe thanks to a high degree of crystal protected with a microprocessor and a complete debit scheme of calculations. In addition, although the map with the microprocessor is more expensive than the usual, the payment system is cheaper in operation due to the fact that in the OFF-Line mode there is no load on telecommunications. To ensure reliable operation, the electronic payment system must be securely protected.

From the point of view of information security in electronic payment systems, there are vulnerable places:

1. Shipment of payment and other messages between the bank and the client.

2. Processing the information of the sender's organizations and recipient messages.

3. Customer access to funds spent on accounts.

More vulnerable places in the electronic payment system are sending payment and other messages between banks, a bank and an ATM, a bank and a client. Shipment of payment and other messages is related to the following features:

The internal sender and recipient systems must be adapted to send and receive electronic documents and provide the necessary protection when they are processed within the organization. The interaction of the sender and the recipient of the electronic document is carried out through the communication channel.

To provide electronic payment system information protection functions, security mechanisms must be used:

1. Monitoring the integrity of the message.

2. Confidentiality of the message.

3. Subscriber authentication.

5. The failure of the refusal to take action.

6. Registration of message sequence.

7. Access control on initial systems.

8. Monitoring the integrity of the message sequence.

9. Message delivery guarantees.

1.3 Types of electronic payment systems

Electronic money is a new phenomenon in economic science and home practice, which is why there are various opinions regarding what to consider electronic money. Some believe that electronic money is indefinite monetary obligations bank or other companies expressed in electronic form certified by electronic digital signature used as settlement And redeemed at the time of their presentation by ordinary money.

Others - that this is the money value, which is a requirement for the Issuer, which is contained on the electronic device, issued after receiving funds in the amount of no less obligations assumed, is adopted as a means of payment not only by the issuer, but also by other firms. Third - that this is an electronic cash equivalent that can be bought, they are stored in electronic form in special devices and are at the disposal of the buyer.

Smart cards or certain computer systems are used as storage of money. This is information transmitted by any electronic communication methods that performs bills when performing payments on the Internet and without it.

At the level of the consumer, users refer to electronic money any payment services allowing payments for goods or services, create calculations between users using electronic communications, mainly through the Internet. Electronic money is the same ordinary money, only more convenient. You can also earn them, pay for goods and services, such as Internet, television, and other, receive and transmit, accumulate other functions. It can be noted, as with conventional money, payments for money occur in real time, in some cases anonymously.

There are two main electronic money groups that have a difference from the type of carrier:

On the basis of smart cards (electronic wallet)

On the basis of networks (network money)

Smart cards are multipurpose plastic cards with chips built into them, this chip microprocessor. The cash file is made on such a chip. The equivalent of money is pre-translated by the issuer of these cards. Users of banks can translate money from their accounts to smart cards, operations may be carried out within the limits enrolled on them by the system of money. Rules for the maintenance of the personal account of the smart card differs from the schedule of the facial account of traditional cards. An ordinary card does not contain cash card information, it is only used as a tool for accessing a settlement account. At the time when the cash is credited with the bank on the card, no receipt is made to this bank card. At the time of such replenishment of the smart card, the amount of card replenishment was reduced on a personal account. On the map there is an electronic cash, as a result, it becomes possible, and safe authorization of operations is possible.

Chip cards classified:

1. Debit / credit cards;

2. Electronic cash

Debit / credit chip cards are simple debit or credit cards containing a microprocessor (chip). Unlike such cards as with a magnetic strip, they have additional identification data on the map, there are configured parameters that are allowed to improve the safety and efficiency of various operations. Operations with such maps remain the same.

Pre-authorized cards These are electronic wallets and electronic cash cards allow the deposit amount of money on the map, in connection with this they are called cards with a stored amount, such cards differ from debit and credit cards. On such chip cards in the chip stored a certain balance of available funds. Before carrying out the operation, it is compared with the amount of the operation and in a good case the result of the conducted verification decreases to the amount of the requested operation. Such card operations are performed in offline, without a bank connection at the time of using the operation.

The main feature of pre-authorized cards from the electronic wallet and electronic cash is that the write-off of the amount from the account account occurs only after receiving the processing center for the current operations. When enrolling a certain amount on an electronic wallet or on a card with electronic cash, this amount is instantly written off from the card account of the card. When the electronic cash card is lost, the amount on it is lost for the card user. In this semblance of an electronic wallet card and electronic cash cards with a conventional wallet with cash.

The system of electronic wallets, as a financial product, has a certain limitation on the amount of the means stored in the wallet and use it for relatively small payments.

The peculiarity of chip cards implementing the concept of electronic cash is that by applying special electronic devices that function autonomously and confidentially without communication with the Issuer. The owner of the card has the ability to check the balance of money on the map, transfer money to another card, send money by phone, exchange money back to traditional money, etc. An indicator of such a card is the bank card "Mondex".

To save the funds listed from the bank account, the Mondex Wallet is implemented, which allows you to translate funds from the map to the card, read the balance, change the PIN. Funds on the map have all the chances of translating from the wallet as needed. Due to this, the anonymity of operations was performed and the security of the system was improved: part of the money - in the wallet, and some part on the map. In addition to whom, in the Mondex system, the introduction of ATMs for the cashing of funds and trading terminals to translate funds from a client map to a merchant card, which later, using the "Mondex" compatible phone, can enroll the funds clustered on its map, to the company's bank account. In the payment system applying cards with electronic cash, there are restrictions on operations with sales cards. Thus, the phase is guaranteed by the quality of the safety of operations. Electronic money becomes a less dangerous system.

Visa International payment associations., MasterCard Int. and Europay int. Created a labor group that developed international "ISO" standards for cards with a microprocessor, the standard is called "EMV" (the name is assembled according to the first capital letters of basic developer systems, such as Europay / MasterCard / Visa).

In the European Union, it was decided to translate plastic cards on smart cards or "EMV EMV. (Europay, MasterCard and Visa) - International Standard for Banking Card Operations with Chip. This standard has been developed by the joint efforts of Europay, MasterCard and Visa companies to raise the security level. financial operations. " cards. At this time, there are options for combining payment systems on the smart card kernel:

1. MasterCard offered to connect the applications of pre-authorized cards and debit / credit cards. In this case, the operation occurs both online to replenish the card account within a certain limit for the amount of one offline operation and offline mode for the execution of payments (see cris.4)

Fig. 4. Example of electronic payment map MasterCard

2. Visa introduced multi applications EMV cards. The system guarantees buyers extra. Amenities when using payments using debit or credit cards "Visa" and mobile phones. The solution is based on the developments of EMV and Infrared Financial Messaging, or IRFM (International Standard, which provides compatibility of devices when transmitting data on infrared channels). Users visa cards And the subscribers of the SKT system have all the chances of paying for goods and services, sending an encrypted infrared signal from a mobile phone to small infrared radiation receivers, which are built into POS terminals in the place of sale, vending machines, various transport terminals and other devices taking such payments ( Fig.5)

Fig. 5. Example of an electronic payment card VISA

Also, the payment details of the user card will be securely stored in an EMV-compatible microprocessor of a mobile phone. Apparently, the initialization of payment transactions in the future will occur not only from the relevant mobile phones, but also other mobile devices possessing the IR port.

The 2nd group of electronic means includes network money that is issued in the guise of a forwarded currency file by the organizer of calculations upon receipt of ordinary money to them, stored in memory on the Hard Discs of the PC or the remaining removable media and are transferred when payments across electronic communication channels, including through the Internet. They are used to pay for goods and services in web stores and other companies leading business on the Internet. They are allowed to change more on traditional money. According to its own nature, electronic money closer to non-cash banking money.

Different payment electronic systems are in different ways to work with electronic means. For example, in the model of digital cash (Digital Cash), the preservation guarantee is the resistance of cryptographic protocols used in the creation of (emissions) of digital means and regulating their turnover. By similarity with cash bills, digital money, as electronic documents contain a nominal price, an indication of the issuer, personal signs: series, number and more. Elements of fake protection by the method of consistent with their digital signature of the issuer. To ensure the anonymity of the circulation of digital money, individual signs are selected by their future owner and in the closed form are transmitted to the issuer's signature. Signs the banknote the Issuer "blindly" (not knowing its personal signs, but, for sure knowing the nominal), for which special digital signature and cryptographic protocol.

Therefore, the issuer can only control the size of the released digital funds, but not the distribution of them according to respondents, which guarantees the complete anonymity of the calculations. When issuing digital money in exchange for cash or other payment funds, the Issuer may not even know the respondent. To exclude repeated calculations of the same electronic banknotes, digital money is made by "disposable", any banknote is used for calculations only once. With this purpose, the issuer is obliged to maintain a database of used banknotes and checked with it with each payment. Emissions and the use of digital money with current legislation are not regulated, so their mobility is guaranteed by the Issuer and is based on agreements on their use as payment.

The main advantages of electronic money compared to non-cash payments through the bank include the following parameters:

1. Low cost of transaction and translation from one e-bill account to another;

2. High speed of operation, which is limited only by the capabilities of the payment system, practically action occurs instantly.

The main disadvantages of electronic money can be considered that:

1. The issuer of electronic money is not a state, but a specific payment system, which is responsible for the preservation of their solvency;

2. The use of electronic money is possible only within the framework of the Issuer's payment system;

3. There are problems with safety when conducting electronic payments.

In Russia, electronic payment systems are mainly used, as PayPal, Qiwi, Web Money, Yandex. Money, Rupay, E-Gold, E-Port, Pay Cash, Money Mail, Cyber \u200b\u200bPlat, Rapida, etc.

2. Protection of electronic payment systems information

2.1 Ensuring the security of payment systems

Banking operations, trade transactions and mutual payments cannot be imagined without calculations using plastic cards. The non-cash payment system with plastic cards is called an electronic payment system. To ensure the normal operation of the electronic payment system, it must be securely protected.

It is believed that in information security in electronic payment systems there are vulnerable places:

Shipment of payment and other messages between banks, between the Bank and ATM, between the bank and the client;

Processing of information by the organization of the sender and the recipient;

Customer access to funds spent on accounts.

Shipment of payment and other messages is connected to such features:

Internal systems of the sender and recipient organizations are obliged to provide suitable protection in the processing of electronic documents (protection of terminal systems);

The interaction of the sender and the recipient of the electronic document is executed directly through the communication channel.

These features cause difficulties:

Mutual identification of subscribers (the problem of establishing mutual authenticity when establishing a compound);

Protection of electronic documents transmitted through communication channels (problem of ensuring confidentiality and integrity);

Protection of the electronic document exchange process (the problem of proof of the departure and delivery of the document);

ensuring the implementation of the Act (the problem of mutual distrust between the sender and the recipient due to their belonging to various organizations and mutual independence).

To ensure information security features in some nodes of the electronic payment system, protection mechanisms are required to be implemented:

Control of access on initial systems;

Monitoring the integrity of the message;

Ensuring confidentiality of the message;

Mutual customer authentication;

Message delivery guarantee;

Impracticability of refusal to take action on communication;

Registration sequence of messages;

Monitoring the integrity of the message sequence.

Electronic plastic cards are used as payment facilities in electronic payment systems.

Electronic plastic card is a medium of specific information that identifies the user and stores certain data.

Distribution of a credit and debit card.

Electronic maps are a more common type of plastic cards. Electronic cards are used to pay for various goods and services. When paying with a credit card, the Client's bank opens a loan for the amount of acquisition, and after some time he sends an account by mail on the amount of purchases. The buyer must return the paid check back to the bank. Of course, a similar scheme of the bank can recommend only more wealthy and proven from its own customers who have a good credit history to the Bank or significant contributions to the bank in the form of deposits, values \u200b\u200bor real estate.

Plastic card is a plate made from a special plastic, resistant to mechanical and thermal action. According to ISO 9001, all plastic cards have dimensions of 85.6ch53.9ch0.76 mm.

To identify the owner on a plastic card are applied:

bank issuer logo;

the logo of the payment system serving this card;

name of card holder;

card holder account number;

card validity, etc.

In addition to this, the map can be a photo of the owner and its signature.

Alphanumeric data (name, account number, etc.) may be embossed, i.e. Defended fonts. This makes it possible when manual processing of payment received to pay quickly transfer data to a check using a special device - an imprinter that exercises "rolling" cards.

According to the principle of operation, passive and active plastic cards are distinguished. Passive plastic cards just stored information. These include plastic cards with a magnetic strip.

Magnetic strip cards are still more common - in circulation is above two billion cells of analog type. The magnetic strip is placed on the reverse side of the map and, in accordance with the ISO 7811 standard, consists of 3 tracks. Of these, the first two are provided for storing identification data, and the third track is allowed to enter information (for example: the current value of the debit card limit). However, due to the low reliability of the repeated recording / read process, the magnetic strip recording is usually not practiced.

Maps with a magnetic stripe relatively vulnerable for fraud. To increase the security of your cards visa systems And MasterCard / EUROPAY use additional graphics tools: holograms and non-standard fonts for embossing. Embossors (embossing devices on the map) produces a limited circle of manufacturers. In a number of Western countries, the free sale of embosserov is legally prohibited. Special characters confirming the affiliation of the card to a payment system are supplied by the Embossor owner only with the permission of the governing body of the payment system.

Payment systems with similar cards require on-line authorization in retail outlets and, as a result, the presence of branched, high-quality communications (telephone lines).

A distinctive feature of the active plastic card - the presence of an electron microcircuit embedded in it. The ISO 7816 standard determines the basic requirements for the cards on integrated chips or chip cards.

Cards with a microcham can be classified on two features.

The first feature is the principle of interaction with the reading device. Main types:

cards with contact reader;

cards with contactless (induction) reading.

Card with contact reader has on its surface from 8 to 10 contact plates. The placement of contact plates, their number and purpose of the conclusions are different from different manufacturers and naturally, the readers for the maps of this type differ in each other.

Data exchange between the card with contactless reading and the reader is made with an induction method. Obviously, such cards are more reliable and more durable.

The second feature is the functionality of the card. Main types:

card counters;

maps with memory;

maps with a microprocessor.

Counter cards are applied as the rules, in cases where one or another payment operation requires a decrease in the balance on the account of the card holder to some fixed amount. Such cards are used in specialized prepaid applications (fee for using the phone-machine, payment of parking, etc.). Obviously, the use of cards with a counter is limited and has a lot of perspective.

Maps with memory are transitional between cards and maps with a microprocessor. Map with memory is a rewritable meter card, which adopted measures to increase its security from attacks attackers. The simplest memory cards have a memory capacity from 32 bytes to 16 Kbytes. This memory can be organized as:

programmable permanent storage device PPZ (EPROM), which allows one-time recording and multiple reading;

electrically washed programmable permanent storage device EEPROM (EEPROM), which allows multiple recording and multiple reading.

Maps with memory can be divided into two types:

with unprotected (sexual) memory;

with protected memory.

In the cards of the first type there are no restrictions on the read and write data. These cards cannot be used as payment, as they are enough to simply "hack."

Second-type cards have an identity area and one or more applied areas. The identification area allows only a single recording during personalization and further is only available for reading. Access to application areas is regulated and implemented only when performing certain operations, in particular when entering a secret PIN code.

The level of protection of cards with memory is higher than that of magnetic maps. As a payment card with memory cards are used to pay for payphones common use, travel in transport, in local payment systems (club cards). Memory cards are also applied in the access control systems and access to computer network resources (identification cards).

Smart card provides a wide range of functions:

delimitation of permissions access to internal resources;

encryption of data using various algorithms;

formation of electronic digital signature;

key system maintenance;

perform all operations to interact the owner of the map, bank and merchant.

Some smart cards have a "self-lock" mode when trying to unauthorized access.

Important stages of preparation and application of plastic card are personalization and authorization.

Personalization occurs when issuing a card to the buyer. The map records data to determine the card and its owner, as well as check the card solvency when paying or issuing cash. The initial method of personalization was embossed.

Personalization includes the coding of the magnetic strip and the programming of the chip.

The coding of the magnetic strip is manufactured, as a rule, on the same equipment as embossed. At the same time, part of the card information that stores the map number and the time of its action is the same both on the magnetic strip and on the relief. But they happen, situations occur when after the initial coding it is necessary to additionally make information on the magnetic strip. In this case, special devices are used with the "Read-Record" function. This is possible, in particular, when the PIN code for using the card is not formed by a special program, but is selected by the client at its discretion.

The microcircuit programming does not require special technological techniques, but it has some organizational features. So the operations on programming individual areas of chips are separated geographically and delimited by the rights of various employees. Usually this procedure is divided into three stages:

at the first workplace, the card is activated (in force);

in the second workplace, operations related to security are performed;

in the third workplace, personalization itself is performed.

Such measures increase safety and exclude possible abuses.

Authorization is carried out either "manually" or automatically. In the first case, voice authorization is carried out when the seller or cashier transmits the request to the operator by phone. In the second case, the map is placed in the automated shopping POS terminal (Point-of-Sale - payment at the point of sale), the data is read from the card, the cashier introduces the amount of payment, and the cardholder - PIN (Personal Identication Number - Personal Identic Number) . After that, the terminal executes authorization by establishing communication with the database of the payment system (on-line mode), or by implementing additional data exchange with the card itself (OFF-LINE mode). When issuing cash, the process has a similar character, with the only feature that money in automatic mode is issued by an ATM, which conducts authorization.

The experienced method of identifying the plastic card owner is the use of the secret personal identification number PIN. The PIN value must be known only to the cardholder. On the one hand, PIN should be long enough so that the likelihood of guessing with the help of full of exemption was acceptable. On the other hand, PIN should be short enough for the owner to remember him. Usually the PIN length ranges from 4 to 8 decimal digits, but can reach 12.

The PIN value is uniquely associated with the corresponding plastic card attributes, so Pin can be interpreted as the signature of the cardholder.

Protection of personal identification number PIN for a plastic card is critical for the security of the entire payment system. Plastic cards can be lost, stolen or forged. In such cases, the only countermeasure against unauthorized access remains the secret PIN. Therefore, the open form PIN should be known only to the legitimate owner of the card. It is never stored and is not transmitted within the framework of the electronic payment system.

The generation method of PIN values \u200b\u200bhas a significant impact on the security of the electronic payment system. In general, personal identification numbers can be formed either by a bank or cardholders.

If the PIN is assigned to a bank, then one of two options is usually used.

With the first PIN version, the cryptographically is generated from the card holder account. Encryption is carried out according to the DES algorithm using a secret key. Dignity: PIN value does not need to be stored within the electronic payment system. Disadvantage: If you need to change Pin, you must change the client's account number or the cryptographic key. But banks prefer the client's account number to remain fixed. On the other hand, since all PIN is calculated using one key, a change in one PIN while saving the client's account entails a change in all personal identification numbers.

With the second embodiment, the bank selects the PIN randomly, while maintaining this value as a cryptogram. The selected PIN values \u200b\u200bare transmitted to the owners of the cards over a protected channel.

Using a PIN appointed by the bank is uncomfortable to customers even with a small length. Such Pin is difficult to keep in memory, and therefore the owner of the card can write it somewhere. The main thing is not to record PIN directly on the card or another prominent place. Otherwise, the task of attackers will be greatly facilitated.

For greater convenience, the client uses the PIN value selected by the client itself. This method of determining PIN allows the client:

use the same PIN for different purposes;

set in PIN not only numbers, but also letters (for ease of memorization).

The PIN client selected can be transferred to the bank by registered mail or shipped through a secure terminal of a banking office, which immediately encrypts it. If the bank must use the PIN selected by the client, then they are applied as follows. Each digit of the chosen PIN client is folded by module 10 (excluding ports) with the corresponding PIN number displayed by the bank from the client's account. The resulting decimal number is called "offset". This displacement is remembered on the client map. Since the PIN output has a random character, the PIN selected by the client cannot be determined by its displacement.

The main security requirement is that the PIN value must be memorized by the owner of the card and should never be stored in any readable form. But people are imperfect and very often forget their PIN. But for such cases, special procedures are intended: Restore forgotten PIN or new generation.

When identifying a client by the PIN value and the submitted map, two main methods of checking PIN are used: non-algorithmic and algorithmic.

A non-algorithmic method is carried out by direct comparison of the PIN entered by the client with the values \u200b\u200bthat are stored in the database. Usually, the database with PIN values \u200b\u200bis encrypted by transparent encryption to increase its secure, not complicating the comparison process.

The algorithmic method of checking PIN is that the PIN entered by the client is converted according to a specific algorithm using a secret key and then compared with the PIN value stored in a certain form on the map. Advantages of this method of verification:

the absence of a copy of PIN on the main computer excludes its disclosure of the Bank's staff;

the lack of transfer of PIN between an ATM or POS terminal and the main computer of the bank excludes its interception or imposing comparison results;

Simplifying software creation of the system, as there is no longer a real-time action.

Promising solutions. Mobile banking

The main scope of the SIM card Mobil-ID + EDS is the use of a mobile phone to confirm operations requiring the execution of strict data authentication procedures and subjects of information interaction. WirelessPKI services for a cellular operator must provide a special service provider called Mobile Signature Service Provider (MSSP).

In practice, two-channel Mobil-Id + EDS, two-channel Mobil-ID-based Mobile Authentication will allow not only to identify the owner in the electronic services system, but also use electronic signatures during the entire communication session or even upon completion of the phone call. The owner will no longer have to remember all its passwords and user names. It will be able to completely abandon code banking cards and PIN calculators. If for various services now the user is forced to use various identification data (passwords and user names), then such a SIM card will allow you to log in to all services and services with one-sole personal code. Functionally owner of the new SIM card will be able to make the same electronic operations as the owners of ordinary smart cards, - to enter the Internet bank, to the portals of services, to sign various contracts, etc. At the same time, MSSP provides two-channel support for strict authentication on combinations of many factors , Including GOST R. 34.10-2001, GOST R. 34.11-94 (open key cryptography), GOST 28147-89.

2.2 E-commerce Safety

The high level of Internet fraud is a deterrent to the development of e-commerce. People mainly use the Internet as an information channel for the information you are interested in.

Classification of possible types of e-commerce fraud:

Transactions (non-cash calculation operations) performed by fraudsters using the correct details of the card (card number, the term of its action, etc.);

Obtaining data on the client through the hacking of the database of trading enterprises or by interception of the buyer's messages containing its personal data;

Butterfly shops (deceivers) arising, as a rule, for a short time, in order to disappear after receiving funds from buyers for non-existent services or goods;

An increase in the cost of the goods in relation to the price offered to the buyer or repeat the write-offs from the account of the client;

Shops or trade agents designed to collect information on the details of maps and other customer personal data.

SSL protocol

SSL - Secure Socket Layer Protocol provides data protection between service protocols and transport protocols (TCP / IP) using modern cryptography in point-to-point connections. Previously, it was possible without special technical tricks to view the data that clients and servers exchanged.

SSL protocol is designed to solve traditional tasks to ensure the protection of information interaction:

the user and server must be mutually confident that they exchange information not with submersible subscribers, namely, those that are needed, not limited to password protection;

after establishing a connection between the server and the client, the entire information flow between them should be protected from unauthorized access;

finally, when exchanging information, the parties must be confident in the absence of random or intentional distortions when it is transmitted.

...

4.4.1. General information on electronic payment systems

Any business deal ends with cash payments that represent the system of organization and cash or non-cash payments for monetary requirements and obligations.

Currently, there is a global trend of transition from cash to non-cash settlements. At the heart of any non-cash settlement system lies some payment technology. It is it that determines the information processing scheme in the system, the relationship between its participants, specific security requirements, as well as the functionality of the system. The most promising direction in this area is payments using plastic cards.

There are a number of international payment systems (American Express (Amex), Diners Club (DC), JCB), as well as many national,

regional and local (inter-and monobank) monovatic systems.

For example, the number of card holders "Visa", Master-Card / EuroCard (EC / MC)

makes more than 600 million people.

The history of payment cards.Attempts to use a variety of cardboard or metal cards have been taken from the end of the last century. But only the increase in filling stations during the development of the automotive industry led to the emergence of mass calculation systems using cards. First universal maps Were released by the famous payment organizations American Express and Diners Club at the beginning of the 50s of the 20th century.

Transactions. Non-cash payments can be carried out both in documentary formal (bank transfer, collection, letter of credit) and in electronic form. The banking transaction transaction is called transaction (Transaction - a deal agreement). Transaction is a sequence of messages generated by the participant of the system and transmitted from the participant to the participant to the participant to maintain the card holder.

Properties of transactions.The transaction has the following properties: indivisibility, isolation, reliability, interaction between the cardholder and the economic entity servicing these cards.

Individually implies the implementation of all operations that make up the transaction, or non-fulfillment of any of them.

Consistencyensures saving the correctness of information in the cards of cards, accounts, residues.

Isolationexpands the independence of one transaction from other transactions.

The reliability of the transaction is related to the fact that the completed transaction can be recovered after a failure, and the unfinished operation is to cancel.

The interaction of the cardholder and the economic entity taking these cards is a relationship, as a result of which the state of the card holder account changes.

Difficulties of introducing plastic card technologies in Russia. Russia

the West West on the introduction of payment cards technology (trade in petroleum products), but by a faster pace. Disadvantage of the necessary regulatory and technical and legal documentation, the absence legislative base On working with plastic cards inhibits the development of this type of service.

The use of debit smart card technology assumes the presence of a certain level of banking culture and customer service experience, which is achieved by decades. Foreign banksThanks to many years of work with magnetic maps, gained extensive experience in direct account management. During the same time, bank customers - the owners of cards acquired serious credit storiesproviding bank confidence when issuing a credit card. Russian payment systems are only to be. That is why in Russia Currently, only the electronic wallet circuit is distributed on smart cards.

4.4.2. Functioning of electronic payment systems

Electronic payment system structure

The payment system using plastic cards can have the following status: international, Russian, single-monitant. The content of these system status follows from the name.

Functioning of electronic payment systems Consider the example of SmartPay-EMV "Scanlet".

SmartPay-EMV system uses an electronic wallet based on MPCOS-EMV smart card, which implements:

1. International Application of Visa- Easy Entry. This application: facilitates the transition of Visa participants from magnetic cards on cards with a microprocessor; Emows the function of the magnetic card and implements similar functions.

2. Comfortable payment application for Russian conditions with a circuit of an electronic wallet (up to four copies on one card).

SmartPay-EMV may consist of one or more payment subsystems that can function independently from each other or together. In the combined card system, issued within the same payment subsystem, are served by terminals of another payment subsystem. It is possible to pair the autonomous subsystems into a single system.

The SmartPay-EMV payment system participants are: System Center, Issuer, Equiler, Terminal. The overall scheme of the functioning of electronic payment systems is presented in Fig. 4.4.1.

The Bank, who concluded an agreement with the system and received the appropriate license, can act as the issuer of payment aids of this system and the Equiler.

	Company

holder		enterprises


	Processing

Fig. 4.4.1. General scheme for the functioning of electronic payment systems

The issuer is a bank that makes the issue of payment cards made to pay by other participating banks, and servicing card holders cards. The issuer performs the following functions in the payment system:

- personalization of cards (creating payment applications on cards);

Maintaining card accounts card holders;

- management of card authentication keys;

- management of key signatures of transactions;

- management of lending keys;

Processing on-Line requests;

- collection and accounting of transactions;

- preparation of documents for banking system.

The Equiler is a bank that serves organizations making money and cashing of a map of this system, namely:

- provides informational support of payment terminals related to the Equiler;

- preparation of documents for mutual settlements between banks.

The functions of the efficiency are as follows:

- serialization of payment terminals (assigning an unique number terminal, as well as setting the initial value of the terminal transaction meter);

- transfer to the terminals of all tables and lists used in the payment system, as well as open key authentication keys;

- receiving transactions from payment terminals (binding transactions to the serialized payment terminal);

- checking the integrity and reliability of transaction delivery from payment terminals;

- transaction to all Issuers of the Payment System:

Processing on-Line requests from terminals (establishing a direct connection of the payment terminal with the Issuer);

- collection and accounting of transactions;

- checking the correctness of transactions (transaction signatures);

Preparation of data for the mutual settlements of the participants in the payment system and the provision of their banking system.

The system of system (processing) provides centralized management and distribution of cryptographic key authentication keys. The center of the system signs open (public) Issuer keys and sends the access to the external key information necessary to authenticate the cards of the system terminals.

In the general case, the terminal (eng. Terminal is the end related to the end) - an external computer device intended for I / O information, data exchange through communication channels. Payment terminal -the lower link of the payment system, the source of the flow of transactions circulating in the system.

The main purpose of the terminal is to accept payments on cards, salary issuing, etc. The terminal also performs the following functions:

- card Leat;

- crediting card;

- issuance of certificate of funds on the map;

- receiving from the efficiency of the information needed to make a debit or crediting card, as well as the transfer of requests for the provision of such information whenon-line lending;

- transaction transactions to the ECuaer.

Payment procedure

Two options for carrying out payment transactions are possible:

- payment with the issuance of a special check;

- payment without issuing a check.

Payment with the issuance of a special check it is carried out on outdated technology. In this case:

1. The company's cashier (seller) must make sure that the map is authenticated (see below).

2. Operations using cards suggest paperwork on paper (special check -slip) and / or in electronic form (Batch file from the electronic log of the terminal or ATM), as well as other documents (ATM receipt, etc.).

When paying on a slider with a copy machine - the Imprinter is entered:

1) details of the client maps; 2) the amount for which the purchase was made or was provided.

The terminal prints three instances of the slim, on which the client is signed (for the client, bank and the trading enterprise). With manual technology of work, three copies of the slip makes the seller, "rolling" card through a special device. In this case, the information applied by the embossing method is read from the card surface.

One copy of the slip remains in the enterprise, the second is transmitted to the client, the third is delivered to the Equiler Bank and serves as the basis for compensation for the payment amount from the Client's account.

Slips decorated in cash issuing, at the trade (services) or the ATM receipt should contain details whose list is given in Table. 4.4.1.

Table 4.4.1

Slip details

Props	Point of issue	Company	ATM
	cash	trade (services)
Cash Item Identifier /
enterprises / ATM
enterprises / ATM
transaction date
Amount of operation
Currency of operation

Details of the bank card according to the rules
security
security
Card holder signature
Cansira signature

3. Sometimes the rules for calculating the system do not provide for the authorization procedure. In this case, the obligations of the issuer of the card before the acquirer of the execution of documents on operations using bank cards.

In order to secure operation, the payment system recommends the lower limits of the amounts for different regions and types of business, according to which it is possible to calculate without authorization.

If the limit amount is exceeded or in the event of a doubt about the identity of the client, the authorization process is carried out. Without stopping at the technical aspects of the procedure, we indicate that when you authorize is actually installed:

- client account status;

- belonging to the client card;

- solvency in the amount of the amount of the transaction. Authorization means that the issuer of the card:

- allows the operation on the card;

- confirms its obligations to execute documents drawn up using the card.

- with the help of a special terminal.

Payment without issuing a check.In recent years, POS terminals operating without slippers appeared. (POS - Point of Service - Card reception item).

At the trade enterprise (services) equipped with an electronic terminal, a document is drawn up in electronic form.

The electronic terminal is a hardware and software device designed to perform operations using cards. Electronic magazine is a set of documents in electronic form compiled using cards. The e-journal documents are the basis for conducting accounts on accounts open in credit institutions.

IN depending on the purpose of the terminal, the owner of the card may: - Pay for the purchase(POS terminal);

Get cash (cash receipt point, exchange, ATM); - Top up the contents of the wallets (replenishment item).

IN any case the contents of one of the card wallets decreases to the amount of purchase (increases by the amount of income), and the terminal forms the appropriate transaction (record that"Where-when-how" operated with a card).

At the same time, transactions can be carried out in local currencies, but when liding the balance, the system recalculates them in unified currency (as a rule, US dollars) according to the cross-courses table published daily based on Reuters information.

All operations to write off the wallet are performed in offline mode, and lending wallets can be in operational communication mode with the issuer.

Operations on the terminal

1. The owner of the card places its merchant on terminals serving the issuer's cards.

2. Card details are read on the built-in inPOS-terminal reader.

3. From the keyboard, the amount of the transaction is entered, and the terminal via the built-in modem is referred to as authorization in the payment system.

When selling cash instead of POS terminals, an ATM can be used. Structurally, it is made in the form of an automated safe with a built-in POS terminal. To make a transaction, the client is obliged to use the PIN.

PIN code (Personal Identification Number) is a combination of numbers that serves as a password authorizing operations.

This uses technical capabilities. processing Centerwhose services are provided by the Bank.

Working with a smart card is possible in ON-LINE and OFF-LINE modes. In the latter case, during payment transactions, there is no connection between the bank and the terminal. This applies both to the payment terminals and to ATM.

Financial transactions accumulated in the terminal (ATM) are periodically transmitted by the modem or using a courier on a diskette.

Regardless of the mode (on-line / off-line) of the payment, the terminal registers the transaction indicating the card number (owner account) and the amount of payment. Select mode (on-line / off-line) "Makes" smart card itself, which

stores and analyzes the integral parameters of the payment threshold (exceeding the payment amount of the fixed value, exceeding the total number of payments in the OFF Line mode, etc.), established by the Issuer Bank.

Transaction processing.At the closure of the Operational Day, the system participants perform the following operations:

1. The company (seller) is reported to the accumulator copy of the cash ribbon with the Customer Signature Sample andbatch files that generate terminal.

2. AWIRER:

- "Invites" the terminals (gets for the day of the transaction) of its offices, ATMs, traffic police terminals and collects treated plugs of merchants;

- after check, it prepares data for mutual settlements between the participants of the payment system and sends the list of transactions adopted by their cards to the payment system to Issuents.

3. The system checks this list with a list of authorization queries and sends a system to the banking part for mutual settlements between banks and the system.

4. The issuer checks the correctness of each transaction received, makes the necessary changes to the database of the shadow subaccount and records the transaction to the archive. After processing all transactions, the issuer generates a report for the banking system and updates black lists for the accurators.

Technology of mutual settlements of bank member banks.

For mutual settlements, each bank participant has clearing accountin the authorized bank of this payment system, which opens with zero balance and linked to the cake of this bank.

At a certain billing hour, the system conducts accounting for all transactions over the past day and redistributes them on the lists of incoming and outgoing payments for each participant.

After that, the zero account of each bank is debited or credited to the difference of incoming and outgoing payments and the system again starts the accumulation of transactions. Until the next billing hour, the banks must bring their clearing accounts to zero balance, resolving them with their corschets.

The clearing account balance is checked with a list of debit and credit payments provided by the system of each participating bank. After that, the bank produces mutual settlements with customers.

In disagreement, the owner of the card with cash on delivery, the issuer may initiate a return payment towards the Equiler (so-called chargeback). Such payments occur by the agreed procedure through the payment system. For this, the original payment documents with the signature of the Cart-holder can be used.

Greetings all your regular investors' readers and my blog guests! This article opens the heading "Electronic Money", and to begin with, I propose to familiarize yourself with the concept of electronic money and find out what is e-payment systems (EPS).

I strongly advise to explore this article, because for us, as investors, this topic is in fact the basis, for investments on the Internet are inextricably linked with electronic money.

In today's article we will discuss issues such:

Most of us have long used electronic payment systems when paying for various purchases and services on the Internet. EPS also apply to transfer funds to their friends, relatives around the world.

Payment by electronic money on this moment enters the top three of the most "favorite" payment methods for cashless payment People aged 12 to 55 years old.

So, for what you need electronic money:

Well, first, most of us use electronic money when paying for various goods and services on the Internet;
Secondly, we also use them to transfer funds to your friends, relatives, etc. worldwide;
And, of course, we are online investors, electronic money is interested in as a tool for replenishing and withdrawing funds in online investments.

Electronic money - what it is when appeared

Electronic money is the currency that we use with you when paying or investing on the Internet. With these virtual units and calculations are carried out - as a rule, in real time.

This type of money is becoming increasingly popular, as it makes it possible to make calculations between people not only in different cities, but also countries around the world.

In fact, ED can be equated to real money, which are stored on our plastic cards or accounts.

Electronic money can be completely free to exchange for real currency (for example, you can exchange dollars from the PERFECT Money wallet and bring to ruble or dollar plastic card at the current course).

By the way, I recently wrote a detailed comparison of bank plastic cards, with which you can freely shoot dollars in ATMs around the world: you can familiarize yourself with this review

Additionally, I would like to pay attention to: Do \u200b\u200bnot confuse electronic money and funds on your plastic card or a bank account - these are different concepts.

Payment systems - a brief excursion in the history of electronic money

In general, the term payment systems and electronic money first appeared in the 70s of the twentieth century and a long time for the turnover of such money was very limited. Nowadays, the range of use has become much more.

At the moment, for example, the lack of payment of electronic money on the website of the online store is already perceived as a bad tone: With the help of electronic units, we can safely purchase a ticket for any kind of transport, replenish the balance of the mobile, pay for housing, and, of course, Invest funds in order to receive passive income!

So let's summarize:

Electronic money -it is fast, reliable and convenient for the implementation of financial operations online, for investments, conservation of anonymity. Modern financial market More and more appeals to the attractive conditions of Internet systems.

Electronic payment systems - principles of work

Eps are companies that are injected into use their own electronic money and invest them in the development of innovative technologies. On the Internet there are quite a few examples of large companies that have created their own EPS, for example - Yandex.Money.

ED of one system can be exchanged for the currency of other payment systems at a certain rate with some transfer commission.

Yes, certainly - all EPS, which are registered in a particular country, are obliged to comply with the norms of legislation. However, the financial transactions on the Internet is extremely difficult to track, so the acts of legislation are still not regulated strictly.

Moreover, many EPS are officially registered with the offshore, and therefore they do not fall under the regulation of other countries, which gives them certain advantages for their use.

What makes EPS earn

Earnings of such systems are built on commissions charged for conducting transactions, exchange operations and other trade relations between clients. In other words, EPS are the same banks, only on the Internet.

Advantages of using electronic money and electronic payment systems

Work on anonymity - the ability to make payments and transfers without specifying personal data;
The efficiency of transactions for the transfer of money, payment services and the acquisition of goods;
Low Commission for payment: Moreover, many EPSs do not charge interest at all for payment, such as the AdvCash system;
The maximum simplified procedure for creating an electronic account;
High level of protection during operations;
The ability to transfer funds to the bank account and on plastic cards, as well as instantaneous replenishment of wallets.

Types of EPS

As I have already mentioned earlier, all EPS produces their own monetary units. Some of them are recognized worldwide, and part works only within several countries.

That is why before choosing a system you need to clearly decide for what needs it will be used. Of course, no one limits you with one system: my wallets are personally open in most payment systems, and I actively use them.

Let's briefly run through the most popular systems (I placed them in your priority order):

Perfect Money..

The undoubted leader of this review. I personally use it to participate in many investment projects.

The basis of the founding of this system is 2007. Perfect Money is often used for financial transactions both individuals and legal entities. This payment is accepted in 99% of investment projects, which makes it very popular in the investment environment.

Perfect Money Finance Corp received a license in Offshore (Panama), so it is almost impossible to influence it on it. More detailed overview and how to start a wallet in this system laid out on my blog on this >>>

Advcash.

The second most popular EPS personally for me.The system is relatively young, and its active development began only in 2014.

Initially, many investment projects did not use it as an opportunity for investment of funds, but more and more often I meet the opportunity to invest exactly through this payment aggregator.

Moreover, AdvCash service is constantly developing, and soon it is planned to issue a special program for iOS and Android. The huge plus of this system is the possibility of issuing a MasterCard bank card, with which you can pay for purchases and remove cash dollars in more than 200 countries around the world, including the CIS countries.

According to this system, I also wrote a detailed article, I recommend to familiarize.

PAYEER.

Also very popular with investors online.This payment service began to work as early as 2012 and quickly gained popularity on the Internet among brokerage companies and electronic stores.

The company began active expansion on the network, including in the United States and Europe, and as a result, the number of users is already more than 15 million.

The plus of this system is the absence of mandatory identification, the availability of its own exchange points, the possibility of issuing its own bank card, similar to AdvCash.

But I want to note that the commission in Peyer is less humans than in Advcash. You can familiarize yourself with the advantages and disadvantages of this system in my review on this system. >>>

OkPay.

Also popular EPS, which is in demand among investors and is recognized by many investment projects. She was given in 2009 (the system was registered in the British Virgin Islands). OkPay is also used in the calculations of both individuals and legal entities and is recognized in more than 200 countries of the world.

The system is easy to use, moreover, it was the first system among offshore wallets, which offered its customers a bank card issue. Personally, I actively used it earlier, despite the increased commission, but for a long time it was the only alternative to removing dollars in an ATM.

But with the advcash advcash, I began to use this system less actively, although periodically investing through it. According to OkPay, I was also written an overview, I recommend to familiarize >>>

PayPal.

It works from March 2000 and enters the structure of Ebay, through which the goods are purchased (online shopping, private individuals). The PayPal system is recognized in most countries of the world, however, in some of them - with restrictions. More than 140 million users use this system, it can carry out operations with 26 currencies.

In the CIS countries, this EPS is not very common, but the development is still coming: since 2013, it was possible to bring rubles to bank accounts and cards, albeit with a high commission.

I am registered in this system, but I use it exclusively for shopping on eBay. If you are planning to invest in the network, this system is not suitable for this in principle, so you can not waste time for registration.

WebMoney (WebMoney).

This EPS occupies a leading position both in the Russian Federation and in the CIS. From a legal point of view, WebMoney Transfer is not a payment system, because Ed does not release. However, it does not change the essence - this payment is actively used by users, the number of which is more than 25 million. Webmoney was founded even earlier than Paypal - in 1998.

Some investment projects connect this system to receiving payments, however it is worth noting that in the case of complaints about unscrupulous operation, the system responds promptly and blocks the user's wallet. These are competitors to block payments from investment projects, which leads to a panic and negative reviews (the project does not pay, etc.) and the early closure of the investment project.

I use it extremely rarely and only by acute need: I personally annoys a high percentage of the Commission for transactions, as well as robber percentages when cash out.

Yandex money

The second most popular EPS is within the Russian Federation. The system was launched in 2002 and enters the structure of Yandex. Transactions are carried out in ruble equivalent. Mostly used in the Russian Federation.

The system was created in collaboration with a foreign partner Paycash: as a result of this cooperation, "LLC Yandex Money" appeared.

In this system, I also have a wallet, but I try to use it at a minimum. The reasons are the same as webmoney: the robbing commissions for the transfer and withdrawal of funds. I extremely rarely meet this system and in investment projects, apparently for the same reason as the situation with webmoney - blocking accounts.

There is a possibility of ordering a bank card, but the reviews on the Internet about its use is quite contradictory. I did not order my opinion, so I have no opportunity to express my opinion about the use of this card. Use this system or not - to solve you personally.

QIWI.

Another popular EPS, the start of which was given in 2007. It functions on the territory of the following countries: Russia, Belarus, Moldova, Kazakhstan, America and a number of other countries.

The plus of this system is a large number of machine guns through which you can replenish the balance and translate funds.

I have a wallet in this system, but a couple of years ago I blocked the withdrawal of funds. I never heard a clear explanation from the support, and the blocking was eventually removed, but the unpleasant precipitate remained. Another minus is high percentages when cash out from this wallet.

Finally

Before registering in a particular system, for a start, decide for what purpose you are planning to use it. If your goal is -, I recommend Perfect Money, Advcash, Payeer and Okpay: After registration you will need to replenish the wallet withexchange points (Bestchange.), and then move to investment on the Internet.

When registering with EPS, I strongly recommend specifying my real data, since:

first, in most systems you just can not withdraw money without it;
secondly, it will be proof that the wallet belongs to you - if the attackers will kidnap your password and hack the wallet.

I hope, I was able to convey the information about what electronic payment systems and how to use it in detail.

Also, you have the opportunity to know where I put the money: Investment projects are presented in my portfolio on the links below:

At the moment, progress stepped far. Calculations have long happened not only in cash, but also the card, as well as online through electronic payment systems. The list of these services is regularly updated.

Currently, online investments and payments that cannot do without electronic money are developed. During the origin (the beginning of the 90s) it became clear that traditional financial products are not suitable for electronic calculations. This is how the current online payment systems appeared. The list and features of each of them are presented below.

Principle of operation

There are such systems in different ways. Basically, the founders of such services create their own e-currency. They call them original, as to use "money" in the title illegally. However, it is important to understand that beautiful terms talk about the absence of any financial guarantees and deposit insurance.

All at the conscience of founders who value their reputation. In fact, participants are registered and transactions are being conducted. Each depositor has personal Area and in which the amount of money is recorded on his account.

Separate services even have their own exchange offices for cash issuing.

Advantages and disadvantages

Electronic payment systems The benefits list are considerable.

Instant transactions (transfer of funds, payment for online shopping, conversion).
Low Commissions (due to high competition).
Anonymity (big plus for those who work semiably).
Funds can be transferred to any bank accounts.
Greater safety (than in cash calculations).
Very convenient for receiving salary remote employees.
Ability to pay housing housing and communal services, telephone, Internet.

Payment systems The list of disadvantages also have.

The main disadvantage is that accounts are not fully legal.
Not all purchases can be paid by electronic money.
The service of the conversion of funds to cash is expensive.
Due to the lack of control by the legislation, it is often possible to encounter fraudsters (on free hosting, such sites are created in 5 minutes, so you should check the service for authenticity).

To check the EPS to authenticity, it is enough to know whether large financial structures are collaborated with this service (Sberbank of Russia, Alfa-Bank).

List of payment systems in Russia

The main services operating on the territory of the Russian Federation:

"Yandex. Money" is one of the most popular in Russia. With it, you can exercise many payments. In particular, payment for paid games and other Internet services, utilities, telephone, shopping in online stores. It also uses money transfers.
ARSENAL PAY - payment system of the seaside edge of the country. This is another reliable service to transfer funds and make payments. The service does not accrue hidden commissions.
World (NSPK) is a Russian payment system, founded by the Central Bank. The system guarantees the safety and absence of interruptions in working during various financial transactions in Russia.

There are also other Russian and international payment systems, the list of which is presented below:

WebMoney is the most popular international service. With different currencies there is a separate guarantor. Users have unique number WMID to use the personal account.
PayPal is another global system. Her feature: All calculations are made in real money.
QIWI (Kiwi) is a global leader among instant payment systems.