Aalto University autumn 2012 Outline Money transfer Card payments Anonymous payments 2 MOney transfer 3 Common payment systems Cash Electronic credit transfer e lasku Direct debit ID: 573910
Download Presentation The PPT/PDF document "Payment systems" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Payment systems
Aalto
University
,
autumn
2012Slide2
Outline
Money transfer
Card payments
Anonymous payments
2Slide3
MOney transfer
3Slide4
Common payment systems
Cash
Electronic credit
transfer, e-laskuDirect debitCheck Credit card
Cash transfer
Mobile payment
Anonymous payment
Which are regulated?
4Slide5
Electronic credit transfer
Also called
bank transfer, wire transfer
Payment process (e.g. UK CHAPS):
Clearing
: if the payment is between
two
banks, the sending bank sends the information to a central processor, which keeps track of payments
Settlement
: transfer of funds between the central-bank reserve accounts of the two banks at the end of the day for the balance of all transactions that day
(
risk to central bank or receiving bank if a sending bank goes bust)Float: money between debit from the sender’s bank account and credit to the receiver’s account banks gain interest on float payments in some systems take days without any technical reasonFinality varies for sender, banks and receiver Most electronic transfers immediately final to sender and bank, not receiverOld direct debit in Finland is final for sender; SEPA direct debit is reversible
5
Central processor
Sending bank
Receiving bank
Sender
Receiver
Sender makes
payment
Clearing
Settlement
between banks
Funds available
to receiver
Timeline
floatSlide6
Check
Check payment:
Payer writes
the check
Clearing
: payee deposits the check, bank collects payment, paying bank inspect the check for authenticity and sufficient funds
Settlement
: transfer of funds between banks
Float
: in some countries, funds are available immediately after deposit, before clearing and settlement
payee effectively gets an interest-free loan
6
Payer
writes
check
Clearing
Settlement
between
banks
Funds
available
to payee
Timeline
Payee
deposits
check
/negative) float
[classhelper.org]Slide7
Credit card
Credit card issuer takes a ~2-5% transaction fee from seller
Buyer protection:
card issuer takes some of the riskInitial 30–60 days of interest-free credit for buyer
Kickbacks to some card holders
Transaction
final after 90 days
clearer rules on finality
than in bank transfer (one of the reasons why businesses like credit cards)
7
Credit
card
purchase
Transaction
final
Buyer
may
pay balance
Interest-free
Timeline
Funds
available
to seller
n
egative
floatSlide8
Cash transfers
Western Union, MoneyGram
: money transfer for people without bank accounts
Sender pays cash at one branch office; receiver gets the cash at another branch office (no bank account needed)Used mostly by migrants to send money to 3rd-world countries
Receiver must have id card or answer test question
Example:
NAME: MICHAEL SMITH
ADDRESS: 144 EAST STREET LAGOS
TEST QUESTION
: WHAT IS THE DOGS NAME
ANSWER: SPOT
Hawala: informal network of agents based on Islamic law or honor systemThis and other informal systems conflict with money laundering legislation8Slide9
Issues with float
Victim receives a check or credit card details; ships goods before payment clears
Victim receives a check; funds available before the check clears; victim makes an irreversible payment (e.g. refunds all or part of the money)
9
Scammer
writes
false check
Check found
to be false or
no funds
deposit reversed
Funds
available
to victim
Timeline
Victim
deposits
check
Victim returns
(part of)
the money
Funds available
to scammer
Scammer
writes
false check
Check found
to be false or
no funds
deposit reversed
Funds
available
to victim
Timeline
Victim
deposits
check
Victim ships
goodsSlide10
Issues with float
Victim receives a reversible payment; victim makes an irreversible payment
10
Criminal
(
e.g
phisher
)
makes a
money transfer
to mule
Mule
asked to
repay
Funds
available
to mule
Timeline
Mule makes
forward
payment
Funds available
to scammerSlide11
Mobile payment
Replacing banks in countries where branch network is sparse and carrying cash may be unsafe
M-PESA
in KenyaMTN Mobile Money in South Africa
Implemented with SMS and SIM-Toolkit
PIN and some kind of symmetric crypto
Deposit and withdrawal at agent offices
Money transfer and bill payment with phone
SMS money transfer to unregistered users
Anyone can just start using the service; some limits relaxed
after
strong authentication with id cardSimilar services in IndiaDiscontinued Nokia Money: app on phone, not on SIM11Slide12
PayPal
Payment between registered accounts on central server
Used for Internet purchases especially on auction web sites
Depends on credit cards and banks accounts for deposit and withdrawalPayer and payee can remain pseudonymousStronger traceability of verified accountsLinks user to a bank account
12Slide13
Card payment
13Slide14
Threats against card payment
Discussion
14Slide15
Mag-stripe
b
ank
cardsMagnetic stripe c
ontains
primary account number (PAN), name, expiration date, service code, PVKI, PVV, CVV1
Signature and (sometimes) photo id required at point of sale (POS)
PIN
required
by automated teller machines (ATM) and some POS
PIN is a function of data on mag stripe and key in terminal
offline PIN verification at disconnected POS or ATMPossible to copy data on the mag stripeCVV1 is a cryptographic MAC of the PAN, name, expiration and service code (based on 3DES)Offline terminal has a security module to store the card and PIN verification keys
CVV2 to make online fraud harder
3-4 digits printed on card but not on mag stripe
Required for web and phone (“card not present”) transactionsNot stored by merchant after online verification safe from server hackingVulnerable to phishing
15Slide16
Mag-stripe Visa PIN verification
Input from magnetic stripe:
Primary account number (PAN)
i.e. 15-digit card number
PIN verification key indicator
(
PVKI
, one digit 1..6)
PIN verification value
(
PVV
, 4 decimal characters)Verifier must havePIN verification key (PVK, 128-bit 3DES key)PVKI is an index for PVK to enable PVK changesCreate security parameter (TSP):Concatenate 11 rightmost digits of PAN, PVKI and PIN
The 16-digit concatenation is one hexadecimal DES block
PVV generation:
3DES encryption of TSP with the key PVKDecimalization
of the encryption result to 4-digit PVVDecimalization happens by taking the 4 leftmost digits 0..9 from the hexadecimal encrypted blockIf less than 4 such digits, take 4 first digits A..F and map A=0,B=1,C=3...
[For details see IBM]
16Slide17
Chip-and-PIN bank cards
EMV
standard (
Europay, Mastercard, Visa)S
martcard
chip
(
ICC
) on the bank card
Tamperproof ICC
stodes a cryptographic signature keyCard also contains a certificateThree levels of secure transactions:Static data authentication (SDA): Certificate verification only; no longer used in FinlandDynamic data authentication (DDA): Card signs a random challenge sent by terminal
Combined DDA and application
cryptogram (CDA):Card signs transaction details incl. random challenge
Card holder authenticated with PIN or signaturePIN usually sent to the card, which answers yes/no
17Slide18
EMV security issues
Not possible to copy the chip
Mag
stripe can still be copied Possible to c
reate a copy of the mag stripe: use in the USA or as the fallback method after chip failure
Mag stripe data can also be read from the chip
PIN used frequently
easier to capture
18Slide19
Anonymous payments
19Slide20
Anonymous digital cash
David
Chaum
1982, later DigiCash product — never really used but an influential ideaParticipants:
bank, buyer Alice, merchant Bob
Anonymous
:
Bank cannot
link
issued and deposited coins, not even with Bob’s help
Not transferable
: must be deposited to bank after one useUses blind signatures: bank signs coins without seeing their contents cannot link events of coin issuing and use20
Bank
Alice
buyer
Bob
merchant
1. Bank
issues
coin
2. Alice spends coin
3. Bob
deposits
coinSlide21
Anonymous digital cash
Idea 1:
blind signature
:Bank has an RSA signature key pair key
(
e,d,n
)
for signing 1€ coins (and different keys for 10€, 100€,...)
Alice creates a
coin
from random “serial number”
SN and redundant padding required for RSA signature; Alice generates a random number R, computes coin ⋅ Re mod n, and sends this to the bankBank computes (coin ⋅ R
e)d
mod n =
coind ⋅ R mod n and sends this to Alice
Alice divides with R to get the signed coin coin
d mod n Bank has signed the coin without seeing it and cannot link the coin to AliceAlice can pay 1€ to Bob by giving him the coin
Bob deposits coin to bank; bank checks signature and only accepts the same coin once Problem: Cheaters are anonymous; if someone pays the same coin to two merchants, who was it?
21Slide22
Anonymous digital cash
Idea 2:
double-spending detection
Alice must set
SN = h( h(N) | h(N
xor
“Alice”) )
where N random
After
Alice has given the coin to Bob,
Bob asks Alice to reveal one of
h(N),N xor “Alice” or N,h(N xor “Alice”) If Alice spends the coin twice, she reveals her name with 50% probabilityMake each 1€ coin of
k separately signed sub-coins detection probability
p = 1-2
-kCoins will be quite large: k=128 with 2048-bit RSA signatures makes 32kB/coinProblem: What forces Alice to create
SN this way? How can bank check the contents of the message signed blindly?
22Slide23
Anonymous digital cash
Idea 3:
cut and choose
Alice creates
k
pairs
of sub-coins for signing
Bank asks Alice to reveal
N
for one sub-coin in each pair and signs the other one
cheating detection probability p = 1-2-kAlice can make anonymous payments but will be caught with probability p = 1-2-k if she tries to create an invalid coin or spend the same coin twice
23Slide24
Reading material
Ross Anderson: Security Engineering, 2nd ed., chapter 10
Interesting reading online:
Scam baiting sites have stories about advance-fee fraud (e.g. http://www.
419eater.com
) but not always nice
University of Cambridge Security Group:
http://www.cl.cam.ac.uk/research/security/banking/
24Slide25
Exercises
What are the main threats in
online card transactions?
POS transactions?ATM cash withdrawals?
What differences are there in the way credit cards and bank debit cards address these threats?
Could you (technically) use bank cards or credit cards
as door keys?
as bus tickets?
for strong identification of persons on the Internet?
How could a malicious merchant perform a man-in-the-middle attack against chip-and-PIN transactions?
When a fraudulent bank transaction occurs, who will suffer the losses? Find out about the regulation and contractual rules on such liability.
Bank security is largely based on anomaly detection and risk mitigation. In what ways could a bank reduce the risk of fraud in mag-stipe or chip-and-PIN payments?Even though DigiCash coins are unlinkable, what ways are there for the merchant or bank (or them together) to find out what Alice buys?25