E- Commerce

Lectureslides–III

© 2021 Er. Santosh Panth

Electronic Payment Systems
• Method to make payments online in e-commerce systems.
• major cashless payment system in online business process
• Electronic payment systems and e-commerce are linked as online consumers
must pay for products and services
• This payment systems must be secure, have a low processing cost, and be
accepted widely as global currency
• Issues are :
– What form and characteristics of payment systems - for example, electronic cash,
electronic checks, credit/debit cards will consumers use
– In online markets, how can we manage the financial risk associated with various
payment systems- privacy, fraud, mistakes, as well as other risks like bank
failures? What security features (authentication, privacy, anonymity) need to be
designed to reduce these risks 2
Types of Electronic Payment Systems
• Electronic payment systems are growing rapidly in banking, retail, health care,
online markets, and even government - in fact, anywhere money needs to
change hands.
• Work on EFT(Electronic Fund Transfer) can be segmented into three broad
categories
1. Banking and financial payments
– Large-scale or wholesale payments (e.g. bank-to-bank transfer)
– Small-scale or retail payments (e.g. automated teller machines and cash dispensers)
– Home banking (e.g. bill payments)
2. Retailing Payments
– Credit cards (e.g. VISA or MasterCard)
– Charge cards (e.g. American Express)

3
Types of Electronic Payment Systems
3. Online electronic commerce payments
– Token-based payment systems
(Electronic cash, Electronic checks, Smart cards or debit cards)
– Credit card-based payment systems

• Retail payments and large-scale payments between banks and business are
widely recognized as the pioneering efforts in electronic commerce that
involve the extensive use of EDI for transferring payment information

4
Risks Associated with Electronic Payment System
• Electronic payment is a popular method of making payments globally.
• It involves sending money from bank to bank instantly, regardless of the
distance involved
• Such payment systems use Internet. Electronic payment systems are popular
because of their convenience, however, they also may pose serious risks to
consumers and financial institutions as :
– Tax Evasion
– Fraud
– Impulse Buying
– Payment Conflict

5
Risks Associated with Electronic Payment System
• Tax Evasion :
– Tax evasion is an illegal activity in which a person or organization deliberately avoids
paying a true tax liability
– Businesses are required by law to provide records of their financial transactions to the
government so that their tax compliance can be verified but e-payment however can
frustrate the efforts of tax collection
– the government may not know the truth, which could cause tax evasion

• Fraud :
– Electronic payment systems are prone to fraud.
– The payment is done usually after keying in a password and sometimes answering
security questions.
– There is no way of verifying the true identity of the maker of the transaction.
– As long as the password and security questions are correct, the system assumes you are
the right person.
– If this information falls into the possession of fraudsters, then they can defraud you of
your money
6
Risks Associated with Electronic Payment System
• Impulse Buying :
– Electronic payment systems encourage impulse buying, especially online.
– You are likely to make a decision to purchase an item you find on sale online,
even though you had not planned to buy it, just because it will cost you just a
click to buy it through your credit card.
– Impulse buying leads to disorganized budgets and is one of the disadvantages of
electronic payment systems

• Payment Conflicts :
– Payment conflicts often arise because the payments are not done manually but by
an automated system that can cause errors.
– This is especially common when payment is done on a regular basis to many
recipients.
– If you do not check your pay slip at the end of every pay period, then you might
end up with a conflict due to these technical glitches, or anomalies 7
Digital Token based Electronic Payment Systems
• None of the banking or retailing payment methods is completely adequate in
their present form for the consumer-oriented e-commerce environment.
• there may be a sufficient delay in the payment process for frauds, overdrafts,
and other undesirables to be identified and corrected
• many of these payment mechanisms are being modified and adapted for the
conduct of business over networks
• Entirely new forms of financial instruments are also being developed
• One such new financial instrument is "electronic tokens" in the form of
electronic cash/money or checks
• Electronic tokens are designed as electronic analogs of various forms of
payment backed by a bank or financial institution.
• Simply stated, electronic tokens are equivalent to cash that is backed by a
bank
2
 Types of Electronic Tokens
• There are three types of electronic tokens
– Cash or Real-Time : Transactions are settled with the exchange of electronic
currency. An example of online currency exchange is electronic cash (e-cash).
– Debit or Prepaid : Users pay in advance for the privilege of getting information.
Examples of prepaid payment mechanisms are stored in smart cards and
electronic purses that store electronic money
– Credit or Postpaid : The server authenticates the customers and verifies with
the bank that funds are adequate before purchase. Examples of postpaid
mechanisms are credit/debit cards and electronic checks

3
 Electronic Cash (e-cash)
• It is a new concept in online payment systems because it combines
computerized convenience with security and privacy that improve on paper
cash.
• Its versatility opens up a host of new markets and applications.
• E-cash presents some interesting characteristics that should make it an
attractive alternative for payment over the Internet
• It focuses on replacing cash as the principal payment vehicle in consumer-
oriented electronic payments
• Cash remains the dominant form of payment for three reasons:
– lack of trust in the banking system,
– inefficient clearing and settlement of noncash transactions
– negative real interest rates paid on bank deposits
4
 Electronic Cash (e-cash)
• Electronic cash is one of the instruments that can be used to conduct
paperless transactions
• Paperless transaction is a term used to describe financial exchanges that do
not involve the physical exchange of currency
• monetary value is electronically credited and debited
• Often called e-cash or digital money, and is commonly used to conduct distant
transactions, such as those between parties on the Internet and those
between parties in different countries
• Eg. E-cash can allow a freelancer in Nepal to be paid for work that he did for
a contractor present anywhere in the world. (Paypal, esewa)

5
 Electronic Cash (e-cash)
• One advantage of e-cash is that it
eliminates the apprehension that many
people feel about carrying and exchanging
paper currency.
• Another advantage of e-cash is that it is
usually easily converted to another
currency, making traveling and international
business substantially easier
Transac tion of e-c ash

6
Electronic Cash (e-cash)
• Ideal properties of a Digital Cash system should be :
1. Secure : Alice should be able to pass digital cash to Bob without either of them,
or others, able to alter or reproduce the electronic token
2. Anonymous : Alice should be able to pay Bob without revealing her identity,
and without Bob revealing his identity. Moreover, the Bank should not know who
Alice paid or who Bob was paid by. Even stronger, they should have the option
to remain anonymous concerning the mere existence of a payment on their
behalf
3. Portable : The security and use of the digital cash is not dependent on any
physical location. The cash should be able to be stored on disk or USB memory
stick, sent by email, SMS, internet chat, or uploaded on web forms. Digital cash
should not be restricted to a single, proprietary computer network. Eg. Electronic
Cash Registers
4. Offline Capable : The protocol between the two exchanging parties is
executed offline, meaning that neither is required to be host-connected in order
to proceed
7
 Electronic Cash (e-cash)
• Ideal properties of a Digital Cash system should be :
5. Wide acceptability : The digital cash is well-known and accepted in a large
commercial zone. With several digital cash providers displaying wide
acceptability, Alice should be able to use her preferred unit in more than just a
restricted local setting
6. User-friendly : The digital cash should be simple to use from both the
spending perspective and the receiving perspective. Simplicity leads to mass use
and mass use leads to wide acceptability

8
Pros and Cons of the online electronic cash system
• Pros :
– Provides fully anonymous and untraceable digital cash
– No double spending problems (coins are checked in real time during the
transaction).
– No additional secure hardware required

• Cons :
– Communications overhead between merchant and the bank
– Huge database of coin records - the bank server needs to maintain an ever-
growing database for all the used coins’ serial numbers
– Difficult to scale, need synchronization between bank servers

9
 Electronic Checks
• An electronic check, or e-check, is a form of payment made via the Internet, or
another data network, designed to perform the same function as a conventional paper
check.

• Additionally, it has more

security features than
conventional paper check
including authentication,
public key cryptography,
digital signatures, and
encryption, etc.

2
 Electronic Checks
• Generally, the costs associated with issuing an electronic check are notably
lower than those associated with paper checks
• Electronic checks can be used to make a payment for any transaction that a
paper check can cover, and are governed by the same laws that apply to
paper checks
• Generally, the costs associated with issuing an electronic check are notably
lower than those associated with paper checks.
• Electronic checks also come with a lower risk of the associated funds being
stolen, as there is no tangible item to intercept
• eChecks use the Automated Clearing House (ACH) to direct debit from a
customer’s checking account into a merchant’s business bank account, with
the help of a payments processor
3
How Electronic Checks work?
• In order to accept eCheck payments, a business must first obtain the
customer’s information including their bank routing and checking account
numbers.
• This information can be obtained online, by phone, or in person via a paper
form.
• Most businesses today have websites and can provide a secure form page for
this customer information
• Using this information, the merchant’s bank can communicate directly with a
customer’s bank.
• Once the funds are verified, the direct debit happens via ACH(Automated
Clearing House)

4
 How Electronic Checks work?
• Following are the parties involved in ACH electronic check payment processing
1. An originator : The merchant cashing the eCheck. The originator initiates the
direct deposit process by obtaining the necessary information from the customer
2. The business bank : The originator’s bank, also called the Originating
Depository Financial institution (ODFI). The business bank places the ACH entry
at the originator’s order, aggregates payments from a variety of customers, and
sends the payments in batches to an ACH operator.
3. An ACH operator : The ACH operator sorts the fund request and settles the
funds into the business bank.
4. The customer’s bank : a Receiving Depository Financial Institution (RDFI)
receives the request, verifies that the funds are available, debits the customer’s
account and credits the business account.

5
 Benefits of Electronic Checks
• Saves you time with your deposits - no more bank runs or long teller lines
• Lowers traditional bank fees, like per item deposit and returned item fees
• Funds you quickly
• Secures your customer’s personal and bank account information by returning
the original item to the check writer
• Expandable equipment is simple and user friendly

6
 Smart Cards
• A smart card is a device that includes an
embedded integrated circuit chip (ICC) that
can be either a secure microcontroller or
equivalent intelligence with internal memory
or a memory chip alone
• The card connects to a reader with direct
physical contact or with a remote contactless
radio frequency interface.
• With an embedded microcontroller, smart
cards have the unique ability to store large
amounts of data, carry out their own on-card
functions (e.g., encryption and mutual
authentication) and interact intelligently with
a smart card reader
7
 Smart Cards
• Smart card technology is available in a variety
of form factors, including plastic cards, fobs,
subscriber identity modules (SIMs) used in
GSM mobile phones and etc

• Based on the working mechanism, there are

three types of smart cards :
– Contact Smart Card
– Contactless Smart Card
– Hybrid Smart Card

8
 Smart Cards
• Contact Smart Card :
– most common smart cards in use.
– ATM cards, most credit cards, SIM cards etc
fall into this category.
– the cards should be inserted into card readers,
it reads the information stored on the contact
pad and carry out transactions as required

9
 Smart Cards
• Contactless Smart Card :
– these cards do not require a reader.
– It works using Near Field Communication
technology or using radio frequencies which
establishes wireless communication between
the smart card and card reader.

10
 Smart Cards
• Hybrid Smart Card :
– Hybrid cards are cards with dual capacity.
– These cards can work both on contact and
contactless card readers.
– These cards are quite rare in use
– This type of smart card can has two chips, one
with a contact interface and one with a
contactless interface
– A dual-interface card has a single chip with
both contact and contactless interfaces and it
is possible to access the same chip using
either a contact or contactless interface

11
Applications of Smart Cards
• Secure identity applications :
– employee ID badges, citizen ID documents,
electronic passports, driver’s licenses, online
authentication devices

• Healthcare applications :
– citizen health ID cards, physician ID cards,
portable medical records cards

• Payment applications :
– contact and contactless credit/debit cards,
transit payment cards

• Telecommunications application :
– GSM Subscriber Identity Modules, pay
telephone payment cards 12
 Online Stored Value Payment System
• Stored value systems are a form of electronic payment technology
• They coexist with credit and debit technology and principally target the low value
transactions
• Online stored value systems have very low transaction cost.
• Stored value systems are based on creating a form of electronic value, for example on
smart cards or as computer files.
• The value can be bought (withdrawn) anytime
• Today Stored Value Cards (SVC) are one of the most dynamic and fastest growing
products in the financial industry
• One leading difference between SVC and debit cards is that debit cards are usually
issued in the name of the account holders. In contrast Stored Value Cards are usually
anonymous.
• The notion “stored value” means the funds and data which is stored on the card
• Eg: fare cards, telephone prepaid cards etc.
2
 Digital Wallets
• A digital wallet is an electronic method for securely storing various types of
sensitive information, including credit cards, debit cards, gift cards, electronic
cash, tickets, and IDs.
• Not every wallet stores every type of payment information. While terms such as
digital wallet, mobile wallet, and e-wallet all mean roughly the same thing, they
technically cover slightly different services
• Eg : Apple Pay, Google Pay, and Samsung Pay, paypal IMEPay etc

3
 Digital Wallets : Major Functions
• Store Credit & Debit Card Information : Digital wallets can store
information of debit and credit cards. Some, allow payment directly from the
card as well
• Pay At A Store
• Peer-To-Peer (P2P) Payments : Most digital wallets allow users to transfer
funds to one another. Typically, these payments are small amounts used to split
a lunch bill, pay a babysitter, or even pay a share of the rent
• Online Payments : Digital wallets can be used to pay for online or in-app
purchases
• Hold Coupons & Loyalty Cards : Many digital wallets can hold coupons or
loyalty cards, so a user can be given the appropriate credit or discount for
using a particular card or shopping at a specific store
• Security : All digital wallets have hardware and software security features that
keep the stored information safe 4
 Peer-to-peer payment systems
• Peer-to-peer payment systems, also known as P2P payments or money transfer
apps - like Venmo, PayPal and Cash App allow users to send one another
money from their mobile devices through a linked bank account or card.
• These payments allow the transfer of funds between two parties using their
individual banking accounts or credit cards through an online or mobile app
• for whichever platform you choose, you’ll sign up for an account then link your
bank account or credit or debit card to it.
• Some apps might require further verification information and passwords to
increase security. After your account is set up you can find other users by their
username, their email, or your phone contacts.

5
Peer-to-peer payment systems

5
Virtual Currency
• Virtual currency is a type of unregulated digital currency that is only available in
electronic form
• It is stored and transacted only through designated software, mobile or
computer applications, or through dedicated digital wallets, and the
transactions occur over the internet through secure, dedicated networks.
• Virtual currency is considered to be a subset of the digital currency group, which
also includes cryptocurrencies, which exist within the blockchain network
• Virtual currency is currency held within the blockchain network that is not
controlled by a centralized banking authority
• Virtual currency is different than digital currency since digital currency is simply
currency issued by a bank in digital form
• Eg : bitcoin, pi etc
6
Virtual Currency
• Virtual currency can be defined as an electronic representation of monetary
value that may be issued, managed, and controlled by private issuers,
developers, or the founding organization.
• Such virtual currencies are often represented in terms of tokens and may
remain unregulated without a legal tender.
• Along with use by the common public, a virtual currency can have restricted
usage, and it may be in circulation only among the members of a specific
online community or a virtual group of users who transact online on dedicated
networks.

• Due to lack of a centralized regulatory authority, virtual currencies are prone to

wide swings in their valuations

7
Electronic Billing Presentment and Payment (EBPP) System
• Electronic bill payment and presentment (EBPP) is a system used by
companies or service providers that allows bills to be delivered to
customers, viewed, and paid—all electronically.
• is a process that companies use to collect payments electronically through
systems like the Internet, direct-dial access, and Automated Teller Machines
• It has become a core component of online banking at many financial
institutions today.
• Other industries - including insurance providers, telecommunications
companies, and utilities depend on EBPP services as well.

8
Electronic Billing Presentment and Payment (EBPP) System
• There are two types of EBPPs
– biller-direct
– bank-aggregator

• A biller-direct EBPP lets users pay bills directly via the company's website for goods
or services and might alert them when a payment is due via email.
• The customer then logs into the site via a secure connection, reviews the billing
information, and enters payment amount
• The bank-aggregator model allows customers to pay bills to many different
companies through one portal.
• That is, the service collects different payments from customers and distributes each
payment to the appropriate company
• A bank, for instance, might offer online users the option to make many different
payments like credit cards, utility bills, and insurance premiums.
• Standalone sites also exist that allow people to view and pay all of their bills 9
 EBPP and Online Banking
• Many large banks offer electronic bill payment and presentment services as a
part of their online banking system
• Online banking allows users to execute financial transactions via the Internet.
• Specifically, an online bank offers customers the ability to make deposits,
withdrawals, transfers between accounts, and other traditional services, as well
as online bill payments, such as EBPP
• Eg : Prabhu bank has its app that allows customers to pay different bills online.

10
 Auctioning in E-Commerce
• An e-auction is a transaction between sellers(the auctioneers) and
bidders (suppliers in business to business scenarios) that takes
place on an electronic marketplace.
• It can occur business to business, business to consumer, or consumer to
consumer, and allows suppliers to bid online against each other for contracts
against a published specification
• This kind of environment encourages competition, with the result that goods
and services are offered at their current market value

11
 Types of E-Auction
• English Auction : English auctions are where bids are announced by either an
auctioneer or the bidders, and winners pay what they bid to receive the object.
The most common and straightforward form of e-auction, they’re intuitive,
user-friendly and can help to reduce transaction costs
• Dutch auction : Dutch auctions start at a high price, which is then
incrementally lowered until a buyer accepts the price. The first person to bid
wins the auction, which makes them good for quick decisions
• First-price sealed-bid : When a single bid is made by all bidding parties and
the single highest bidder wins, and pays what they bid. The main difference
between this and English auctions is that bids are not openly viewable or
announced as opposed to the competitive nature which is generated by public
bids.

12
 Types of E-Auction
• Vickrey auction : A Vickrey auction, sometimes known as a second-price
sealed-bid auction in which bidders submit written bids without knowing the
bid of the other people in the auction. The highest bidder wins but the price
paid is the second-highest bid. This type of auction is strategically similar to an
English auction and gives bidders an incentive to bid their true value
• Double Auction : A double auction is a process of buying and selling goods
with multiple sellers and multiple buyers. Potential buyers submit their bids and
potential sellers submit their ask prices to the market institution, and then the
market institution chooses some price p that clears the market : all the sellers
who asked less than p sell and all buyers who bid more than p buy at this price
p. Buyers and sellers that bid or ask for exactly p are also included.
• Eg : stock exchange

13
SET Protocol
• Secure Electronic Transaction or SET is a system which ensures security
and integrity of electronic transactions done using credit cards in a
scenario.
• SET is not some system that enables payment but it is a security protocol
applied on those payments.
• Developed by Visa and MasterCard
• Designed to protect credit card transactions
Requirements in SET
SET protocol has some requirements to meet, some of the important
requirements are
• Confidentiality: In electronic commerce the payment information must be
safe and confidential and accessible only by the intended recipients. SET
guarantees confidentiality by the use of message encryption.
• Integrity: Integrity of data means that messages between different parties
cannot be changed without been discovered. SET ensures the data integrity
by the use of digital signatures.
• Cardholder Authentication: There must be the mechanism for the
merchant to ensure that a cardholder is a legitimate user of certain valid
payment card account number. In SET cardholder account authentication is
implemented by the use of digital signatures and cardholder certificates.
Requirements in SET (Cont..)
• Merchant authentication: Also cardholders have to be confirmed that an
identified merchant has a relationship with a financial institution allowing it
to accept payment cards. Merchant authentication and identification are
ensured by the use of digital signatures and merchant certificates.
• Interoperability: SET protocol must be applicable on a variety of hardware
and software platforms and any transport security implementation must not
prevent SET to be used. Interoperability is ensured by the use of specific
protocols and message formats.
• Non-repudiation: "SET doesn't provide non-repudiation"
Participants in SET
Participants in SET
• Cardholder
Cardholder is an authorized holder of a payment card supported and issued by an issuer.
Cardholder uses a payment card to perform electronic commerce. SET ensures that the
interactions the cardholder has with a merchant keep the payment card account
information confidential.
• Issuer
The card issuer is the financial institution (e.g. Luottokunta in Finland) that establishes an
account for a cardholder and issues the payment card. The issuer guarantees payment for
authorized transactions using the payment card in accordance with payment card brand
(e.g. VISA) rules.
• Merchant
A merchant offers goods or services for sale and accepts payments to be done electronically
with card. Merchant that accepts payment cards must have a relationship with an acquirer.
Requirements in SET (Cont..)
• Acquirer
An acquirer is the financial institution that establishes an account with a merchant and
processes payment card authorizations and payments.
• Acquirer's Payment Gateway
A payment gateway is a device operated by an acquirer or a designated third party that
processes merchant payment messages. .
• Certification Authority (CA)
Certification authority (CA) is an agent of one or more payment card brands that provides
for the creation and distribution of electronic certificates for cardholders, merchants and
payment gateways. A CA digitally signed certificate ensures that a certain public key belongs
to a certain claimed person or institution.
SET Transactions
SET Transactions :Shopping example
Below the variation of electronic shopping is briefly presented:
• The Cardholder views or browses a catalog, selects items and asks an order
form from the Merchant.
• The Merchant sends the order form to the Cardholder
• The Cardholder selects the means of payment, fulfills the order and sends it
to the Merchant.
• The Merchant request payment authorization from the Payment Gateway.
• Authorization response is delivered back to the Merchant.
• The Merchant sends the confirmation of the order and ships the goods or
delivers the service to the Cardholder.
• The Merchant requests payment from the Payment Gateway.
SET Transactions
In SET specification the following transactions are included:
• Cardholder registration
• Merchant registration
• Purchase request
• Payment authorization
• Payment capture
Cardholder registration
• If cardholder has only e-mail like (e.g. SMTP) communication method it is still
possible to do registration. This means that End Entity (EE, here cardholder) has
registration form and CA certificate to encrypt Certification Request (CertReq).
Cardholder registration needs two messages shown below. In this example it
assumed that Certification Response (CertRes) message doesn't include secret
information from cardholder, so only signature is needed. Otherwise the
message back to the cardholder is encrypted.
Merchant registration

A merchant registration is a process between merchant's computer and CA's

computer. The overview of this process is described below.
• Merchant Computer requests registration form from the CA
• CA sends requested registration form to merchant
• Merchant requests certificates
• CA creates certificates and sends them to merchant
Purchase Request
• The most interesting issue for the individual card user is the purchasing
process.
• This process consists of a purchase request, a payment authorization and a
payment capture. These processes are presented below
Dual Signatures
• Links two messages securely but allows only one party to
read each.
MESSAGE 1 MESSAGE 2
HASH 1 & 2
WITH SHA
CONCATENATE DIGESTS
TOGETHER
DIGEST 1 DIGEST 2

HASH WITH SHA TO

CREATE NEW DIGEST
NEW DIGEST
ENCRYPT NEW DIGEST
PRIVATE KEY WITH SIGNER’S PRIVATE KEY

DUAL SIGNATURE
Dual Signature for SET
• Concept: Link Two Messages Intended for Two Different Receivers:
• Order Information (OI): Customer to Merchant
• Payment Information (PI): Customer to Bank

• Goal: Limit Information to A “Need-to-Know” Basis:

• Merchant does not need credit card number.
• Bank does not need details of customer order.
• Afford the customer extra protection in terms of privacy by keeping
these items separate.
• This link is needed to prove that payment is intended for this order and
not some other one.
Why Dual Signature?
• Suppose that customers send the merchant two messages:
• The signed order information (OI).
• The signed payment information (PI).
• In addition, the merchant passes the payment
information (PI) to the bank.

• If the merchant can capture another order information (OI)

from this customer, the merchant could claim this order goes
with the payment information (PI) rather than the original.
Dual Signature Operation

• The operation for dual signature is as follows:

• Take the hash (SHA-1) of the payment and order information.
• These two hash values are concatenated [H(PI) || H(OI)] and then
the result is hashed.
• Customer encrypts the final hash with a private key creating the
dual signature.
DS = EKRC [ H(H(PI) || H(OI)) ]
Payment Process
• The payment process is broken down into two steps:
• Payment authorization
• Payment capture
Payment Authorization
• The merchant sends an authorization request message to the payment
gateway consisting of the following:
• Purchase-related information
• PI
• Dual signature calculated over the PI & OI and signed with
customer’s private key.
• The OI message digest (OIMD)
• The digital envelop
• Authorization-related information
• Certificates
Payment Authorization (cont’d)
• Authorization-related information
• An authorization block including:
• A transaction ID
• Signed with merchant’s private key
• Encrypted one-time session key
• Certificates
• Cardholder’s signature key certificate
• Merchant’s signature key certificate
• Merchant’s key exchange certificate
Payment: Payment Gateway
• Verify All Certificates
• Decrypt Authorization Block Digital Envelope to Obtain Symmetric Key
and Decrypt Block
• Verify Merchant Signature on Authorization Block
• Decrypt Payment Block Digital Envelope to Obtain Symmetric Key and
Decrypt Block
• Verify Dual Signature on Payment Block
• Verify Received Transaction ID Received from Merchant Matches PI
Received from Customer
• Request and Receive Issuer Authorization
Payment capture
• After perhaps a long time Merchant wants the payment. Merchant generates
and digitally signs a capture request, which includes the final amount of
transaction , its id etc.
• This along with the encrypted capture token mentioned above is then
transferred to the payment gateway.
• Gateway decrypts symmetric key#4 with its own private key-exchange
key and decrypts the capture token using the symmetric key #4.
• After this gateway ensures that there is the consistency between
merchant capture request and the capture token. Gateway sends
capture request through a financial network to cardholder's financial
institution. Acquirer does the payment for Merchant.
Status of E-Payment Systems in Nepal
• https://kathmandupost.com/money/2021/11/29/digital-payments-double-
to-rs1-22-trillion-in-first-quarter

• https://nepalhikingadventure.com/latest-payment-system-in-
nepal/?utm_source=rss&utm_medium=rss&utm_campaign=latest-payment-
system-in-nepal