Secure Electronic Payment Mechanisms

7/28/2019 Secure Electronic Payment Mechanisms

1/6

Secure Electronic Payment Mechanisms

Priam Kasturiratna

MBA (Sri J); AIB (Sri Lanka)

PG Dip. in Bus.& Fin. Admin (ICASL); Dip. in Credit Mgt.(ICMSL)

ABSTRACT

Secure Electronic Payment Mechanisms provide akey foundation on which cashless society and E-Commerce is built.

Sri Lanka Inter-bank Payment System (SLIPS)implemented in 1988 can be regarded as the firstSecure Electronic Payment Mechanism in thecountry. Similar Mechanisms operating today arePoint of Sale Networks, ATM Networks, Phone

Banking, Internet Banking, Credit Card PaymentGateways, GSM based Mechanisms to SWIFTand Real Time Gross Settlement Systems.

Advancement of technology and internetpenetration has helped to accelerate developmentof Secure Electronic Payment Mechanisms duringthe last decade.

Secure Electronic Payment Mechanisms are usedin almost all businesses domains for collectingpayments and making payments. Banking, Billing,

Sellers of Products/ Services, SubscriptionCollections and Remittances rank among the mostpopular business applications. Secure ElectronicPayment Mechanisms mainly rely on instrumentssuch as Credit Cards, Debit Cards, InternetBanking Accounts and Virtual Cards forobtaining payments.

Today, Secure Electronic Payment Mechanismshave grown to such an important state whereunderstanding them has become a coreknowledge area, irrespective whether someone is

a Business Strategist or a Systems Architect.

This paper will analyse and elaborate onemploying Secure Electronic PaymentMechanisms for setting-up and developing

sustainable business frameworks that support SriLankas economic growth.

1 INTRODUCTIONDefinition or the salient features of SecureElectronic Payment Mechanisms (SEPM) forthe purpose of this paper will be,

i. Use of electronic equipment or methods

ii. Transfer of Value between two partiesiii. Implemented with securityiv. No involvement of hard currency

The key focus of this paper is present daybusiness use of SEPM in Sri Lanka. Theobjective of the paper is promoting SEPM usewithin the country by understanding the features,implications and exploring ways to implementtechnically sound SEPM frameworks for thebenefit of business ventures.

2 TYPES OF SEPM SERVICESSEPM we use in Sri Lanka can be broadlydivided into two categories.

2.1 SEPM operated by AuthorisedInstitutions

The SEPM is accessible only to a Bank, FinancialInstitution or other Authorised Institution. Allearly SEPM belong to this category.

The SEPM falling within this category are,

i. Point of Sale (POS) Systemsii. Sri Lanka Interbank Payment System

(SLIPS)

iii. Society for Worldwide InterbankFinancial Telecommunications (SWIFT)

iv. Real Time Gross Settlement System(RTGS)

2.2 Self-Service Type SEPMSuccess and stability of SEPM Operated byAuthorised Institutions has led to the birth of Self-Service type SEPM Systems. Self-Service typeSEPM systems popular in Sri Lanka are,

i. Phone Banking and SMS Bankingii. Internet Banking

iii. Automated Teller Machines (ATM)iv. Internet Payment Gateways

24th National Information Technology Conference - CSSL -2005,

Colombo, Sri Lanka


2/6

3 POPULAR BUSINESSAPPLICATIONS OF SEPM

3.1 Point of Sale NetworksPOS Network Terminal is the most common

application ofSEPM in Retail Business sector.

The POS machine reads Data from the MagneticStripe in Credit/Debit card and then transmits datato the transaction acquirer. Data is encrypted

before transmitting over a voice grade telephoneline. Success or failure of the transaction iscommunicated back to the POS via the samemethod.

Both Credit and Debit Cards can be used in POS

networks. A single POS machine is capable ofprocessing cards issued by different card issuers,and/or directing transaction requests to differentacquirers according to business rules.

Supermarkets, Shopping Malls, Tourism Industry,

Billing/Utility Companies are heavy users ofPOStechnology in their day-to-day business.

According to the Annual Report of Central Bankof Sri Lanka 9,759,000 Credit Card Transactions

amounting to Rs. 33.3 bn. have been recorded in

Sri Lanka in 2004. Naturally, majority of thesetransactions originate at a POS Terminal.

3.2 Sri Lanka Inter-Bank PaymentSystem (SLIPS)

Sri Lanka Interbank Payment System (commonlyknown as SLIPS) facilitates Account-to-Accounttransfers between banks. Direct access to SLIPSis limited to Commercial Banks participating inthe cheque clearing.

A SLIPS transaction originate when a BankCustomer request his/her banker for a Inter-Bankaccount to account transfer. A SLIPS requestcould be oneoff or recurring in nature. Value is

given to the Beneficiary Account within two daysfrom presenting to Lanka Clear (Pvt) Ltd., theClearing House. The system uses a proprietaryencryption for data security.

Applications of SLIPS range from StandingOrders, Salary Payments, Raw Material or otherSupplier Payments, Interest/dividend Payments,Insurance Premiums and Loan Repayments.Transactions, which were traditionally handled by

using Bank Drafts, are now handled moreefficiently by SLIPS System.

Annual Report of Central Bank of Sri Lanka(2004) reports 2,411,000 SLIPS transactionsamounting to Rs. 60. bn during last year.

Cost of a SLIPS Transaction is very low, andthere is no limit to the value of a transaction.Considering its economic potential, SIPS couldbe put to more and more commercial use thantoday.

Direct Debit, which is the reverse of SLIPS, is aless known and less used SEPM available withinthe same SLIPS framework.

Direct Debit caters to requesting a Payment(Debit) from an account in another bank, in orderto credit originators account held with therequesting bank.

Direct Debit systems are widely used in somecountries for Bill Presentment Services. Althoughsome local utility providers are using Direct Debitfor their collections, its usage is comparativelylow in volumes. Similar to SLIPS, lot of businessuse opportunities exist for Direct Debit.

3.3 SWIFTSri Lankan Banks are connected to banks in othercountries via SWIFTNet FIN. Connection toSWIFTNet FIN is technically a Dial-up withPublic Key Infrastructure. SWIFTNet FINfacilitates electronic exchanges of FinancialTransaction/Data between Banks in the network.Primary use ofSWIFT is for Country-to-CountryTransactions.

Commonly used SWIFT transactions are

Payments under Letters of Credit, DocumentCollections, Investments, Remittances and LoanRepayments.

SWIFT transactions are costly, but it remains themost secure and reliable method for country-to-country transactions.

3.4 RTGS / Lanka SettleReal Time Gross Settlement System (RTGS, orLanka Settle) also operates through SWIFTNet

FIN infrastructure. RTGS is primarily meant for


3/6

Real Time Payments between Local Banks, whichare also members ofSWIFT network.

RTGS is extensively used for Same Day ValueTransactions, high value commercial transactions,investments, Central Depository SystemSettlements, transactions between CommercialBanks and Central Bank, Bank-to-BankPayments, and transactions between PrimaryDealers.

Annual Reports of Central Bank of Sri Lankareports 138,119 RTGS transactions worth Rs13,701 bn. in year 2004.

3.5 Automated Teller MachinesCommonly known as ATM, cash-dispensingtechnology has been in Sri Lanka since mid1980s.

However, ATM was not used as a SEPM in SriLanka until a few years ago. Presently, morebanks are positive on using ATM as a SEPM,where key focus is on facilitating Bill Payments

and Credit Card Settlements.

ATM Cardholders can use their own banksATM network for making payments.

3.6 Phone Banking and SMS BankingSystems

Phone Banking provides secure online access to

Current or Savings Accounts of the customer. Theservice relies on voice grade phone lines,including mobiles. SMS banking uses SMS

features available in mobile phone networks.

Phone Banking became popular within a shortperiod, main reasons being simplicity of operationand rapid expansion of fixed and mobile phone

networks during mid 1990s.

Phone Banking provides payment of Utility Bills,Settling Credit Card dues and making payments

to pre-defined Third Party Accounts.

As per the Annual Report of Central Bank of Sri

Lanka, Phone Banking users have transacted64,000 times in the year 2004, transactions

totalling to Rs. 4.7 bn.

3.7 Internet Banking SystemsInternet Banking facilitates secure access and

transactions on banking accounts over theInternet.

Although Internet Banking received so manydoubts about security, it offers more features, user

friendliness and user interaction compared toATM and Phone Banking. Major limitation inInternet Banking is that it focuses only on clientswith internet literacy and access.

Despite security concerns and limited targetgroup, Internet banking has well established itselfduring the last few years. Concerns on securityhave more or less died down due to reliable

operational history of Internet Banking Services.

As a SEPM, Internet Banking facilitates Person-

to-Person Payments, Utility Bill Payments, e-Commerce transactions, settling Credit Card dues,Share Brokers, Insurance Premiums, School Fees,donations and doctor Channelling over theInternet.

Annual Report of Central Bank of Sri Lanka(2004) records 439,000 Internet Bankingtransactions worth Rs 110 bn. during 2004.

According to these statistics, Internet Banking hasrecorded the highest value in transactions withinthe Self-Service Type SEPM.

3.8 Internet Payment GatewaysInternet Payment Gateway is an InfrastructureSetup that links web sites with Credit Card andBanking Systems.

Payment Gateway services are mandatory fortodays e-commerce enabled web sites. A

Gateway can process payment requests fromCredit Cards, Bank Accounts (Debit) and Virtual

Cards (a version of Credit/Debit card which canonly be used on Internet Payment Gateways).

The surfer does shopping on the sellers websiteand taken to the Payment Gateway only formaking the payment. Once the user is within theGateway, Secure Socket Layer Encryption (SSL)gets activated between the users browser and theGateway. Sensitive data like Card Numbers,Account Numbers, Verification Codes, Namesetc. are exchanged within the secure connection toensure data security. None of the sensitive details


4/6

are divulged to the web site, except the value oftransaction, successful/unsuccessful status and aunique transaction reference code.

Most common applications of Internet PaymentGateways are Bill Payments and Buyinggoods/services. Internet Payment Gateways in SriLanka are also used for Retail Sales of HomeAppliances, Books, Magazines/ Newspapers,Electronic Entertainment, Hotel Bookings, AirlineTickets, and Doctor Channelling etc.

A unique application of Payment Gateways isfacilitating donations to charities like Temple ofTooth-Kandy and Jaya Sri Maha Bodhi-Anuradhapura.

Interestingly, a large volume of private donationsfor Tsunami assistance was received throughInternet Payment Gateways.

4 ADVANCED AND EMERGINGSEPM SYSTEMS

4.1 SLIPS and Internet BankingThis is a scenario where two SEPM systems arecombined to provide enhanced service.

One such application is initiating Inter-Banktransfers from Internet Banking and then linking-up with SLIPS for directing the transfer to therecipient bank.

This service is widely used for selfservice/customer initiated Bank to Bank transfersand Credit Card Settlements.

4.2 SLIPS and Phone BankingCustomer initiates a transaction via Phone or

SMS Banking and transaction gets routed throughSLIPS to reach the recipients Bank.

Popular uses of this service are selfservice/customer initiated Bank-to-Bank transfersand Credit Card Settlements.

4.3 Extending SLIPS to CorporateCustomer Desktop

This facility accommodates one-to-many bulkpayments directed to the credit of accounts spreadover a number of banks.

Transactions are created at the CorporateCustomers desktop and then electronicallytransmitted to the Bank. Encryption and otherprocedural mechanisms are used to ensuresecurity. Credits to other bank accounts areforwarded to SLIPSby the Corporate customersBank.

This framework is successfully used for SalaryPayments, Raw Material Supplier Payments andInterest/dividend payments.

4.4 Mobile POSA POS unit connects to the Transaction acquirervia a mobile phone (GSM) connection.Traditional POS is enhanced with mobility.

This technology helps field or other personalisedsales situations where seller goes to the buyer.Mobile POS technology is relatively new and stilloperating as pilot implementations in Sri Lanka.

5 INTEGRATING SEPM FORBUSINESS NEEDS

Technically speaking, SEPM is simply acollection of Hardware, software and processes.

Integrating SEPM within a business environmentneeds firstly, understanding the basics of SEPM;secondly, comprehensive understanding of thebusiness; and finally matching the two areas to

create a business application.

Recommended areas to consider when integratinga SEPM with a business need are,

5.1 Identification of the need and theTarget Market

Identify and understand the needs of the TargetMarket. This activity is identical to the steps

followed for planning a new product, orimproving an existing product.

5.2 Business StrategyEvaluate whetherSEPM supports the Strategy ofthe Business. Where will the business and theindustry be in five years.

Ensure that the Senior Management of the

business is committed to integrate SEPM into itsprocesses.


5/6

5.3 Cost & FeasibilityEvaluate the business volumes, expected profitsas a result of integrating with SEPM. Checkwhether the investment on SEPM integration isfeasible.

There could also be exceptions; sometimes thebusiness may need a Strategic Investment,although it is not financially feasible in the shortrun.

5.4 Ease of UseSEPM system should offer high level ofoperational convenience, ease of use and userfriendliness when it interacts with clients as wellas internal staff.

Considering change management and trainingaspects; ease of use reduces costs and effortsneeded for both.

5.5 Managing RisksRisks can be internal, external or a combination of

both. Find out ways to Mitigate Risk, costsapplicable in doing so and viability ofimplementing risk mitigation measures. Seek

ways of integrating risk mitigation actions withinthe business processes.

Formal Business Continuity Planning should beconsidered in case of large organisations, ordepending on the Business Impact.

5.6 Industry Standards & Global TrendsLook for standards adopted within the industry.

Attempt to identify the Global Trends in theindustry.

For an example, a tourist hotel may consider aPOS service as a mandatory need in its industry,

but a Newspaper Stand can survive well without aone.

At the same time, fuel stations in some countriesuse self service pumps integrated with SEPM.

Today, Sri Lankan fuel stations can consider thesame as a Global Trend to follow.

5.7 Off-line and Online Security IssuesSecurity incidents could occur online or off-line.

Specially, Credit Card acceptance makes thebusiness vulnerable for issues arising fromfraudulent use of Credits Cards, Phising andSkimming.

Although E-Commerce websites should be moreprepared for on-line issues, as a practical rule,more frauds or Credit Card Related issues havebeen reported due to off-line vulnerabilities. Forexample, mis-handling Credit Card Sales Slipscould lead to misuse of credit card numbers etc.

5.8 Legal and Regulatory FrameworkThis is a fast developing area for Sri Lanka.Whenever changes are initiated, risks couldincrease due to changing rules, regulations.

Therefore, through and continuous emphasisshould be given to legal/ regulatory aspects ofSEPM operations.

Legislative changes needed for RTGS has beenimplemented in 2002, as amendments to

Monetary Law Act. Central Bank of Sri Lanka ispresently working on Payments and Settlement

Systems Law, which is expected to be completedby the end of year 2005.

Laws that govern SEPM Transactions, their

enforceability and validity could be different fromjurisdiction to jurisdiction. Such implications mayadversely affect transactions over the internet, bynon-nationals or performed outside Sri Lanka.

6 ROLE OF FINANCIALINSTITUTIONS AND

GOVERNMENT

As of today, ownership of core SEPM systemsremains with Financial Institutions. Therefore,maintaining, developing and securing SEPM are

responsibilities of Financial Institutions.

However, in discharging these responsibilities, theFinancial Institutions are justified in not

forgetting their primary business objective,expecting a sufficient level of return on theirinvestments in SEPM.

Role of the Government is much broader. The

Government acts as a regulator and promoter ofSEPM. Governments role is instrumental inpromoting SEPM in all sectors of the economy.In addition, the Government is also responsible


6/6

for having Laws, Regulations and policies thatfoster, nurture and secure SEPM growth.

7 COMMERCIAL AND SOCIOECONOMIC BENEFITS OF SEPM

As outlined above, SEPM is a convenient methodfor making and receiving payments in bothcommercial and personal transactions. In a SEPM

transaction, the payment to the seller isguaranteed. Cash is not involved as transactionproceeds are directly credited to the sellers bankaccount. Cost of insurance/security against theftof cash is minimised.

Consumers transact without hard cash and also

capable of obtaining credit from their card

issuers/banks. This makes the consumer to freehimself from the burden of carrying cash, while atthe same time being less concerned about loosingbuying power. In certain social contexts, SEPM

also acts as a status symbol of the buyer. Theconsumer feels economically safer and mentallymore at ease, leading to better living atmosphere.

During the last decade, Internet has bridged thegap between the vendors and buyers, encouragingthem transact without ever seeing each other, orthe merchandise being sold.

Today, sellers get more sales as a result ofopening themselves up to global market, while theconsumer gets a wider range of buying optionswith competitive pricing.

Manufacturers have more raw material sourcingoptions with increased number of alternativesbetween the quality and the price. Fiercecompetition in Pricing allows only the fittest fewto survive.

In a nutshell, human behaviour, commerce,internet and SEPM have been merged to put

together a commercial framework that facilitatestransactions with convenience, trust andborderless in nature.

8 CONCLUSIONSUSING SEPMFOR STRATEGIC BUSINESS

BENEFIT

SEPM have spread into most industries and

organisations. Today, consumers, businessorganisations and governments have joined hands

in sponsoring SEPM.

E-commerce will cease to exist if SEPMcomponent is taken out. Majority of thesupermarkets, if not all would not make half oftheir daily sales without a POS Terminalalongside the cashier.

Looking from a broader perspective, Business toConsumer transactions have shown a hugegrowth, while Business to Business and Businessto Government sectors are comparatively slow inresponding to SEPM.

In the medium-term future, the planned E-Government initiatives will emulate use ofSEPMin Government transactions during the nextdecade. If one would try to foresee ten years

ahead, by 2015, utility companies would heavily

depend on SEPM for collecting their receivables;thousands of Sri Lankan entrepreneurs willsuccessfully engage in E-commerce and wouldsell to the global market. Government institutionswill install SEPM for routine transactions andprobably accept Credit Cards as well. Business toBusiness sector SEPM will complete its growthand become a vital payment mechanism in theeconomy.

Finally applying business sense, the facts, trendsand technological capabilities discussed above

should be sufficient to inspire a businessman,regulator, policy maker or a systems architect tostart thinking ofSEPM strategies.

9 REFERENCES & BIBLIOGRAPHY1. Bank for International Settlements, Generalguidance for payment systems development-Consultative Report, May 2005.http://www.bis.org

2. Central Bank of Sri Lanka, Annual Report2004, Central Bank of Sri Lanka Publication,

2005

3. Central Bank of Sri Lanka Websitehttp://www.lanka.net/centralbank/

4. Information and Communication TechnologyAgency of Sri Lanka Website.http://www.icta.lk/

5. Society for Worldwide Interbank FinancialTelecommunications Websitehttp://www.swift.com
http://www.bis.org/http://www.bis.org/http://www.lanka.net/centralbank/http://www.lanka.net/centralbank/http://www.icta.lk/http://www.icta.lk/http://www.icta.lk/http://www.swift.com/http://www.swift.com/http://www.swift.com/http://www.icta.lk/http://www.lanka.net/centralbank/http://www.bis.org/

Secure Electronic Payment Mechanisms

Documents

Transcript of Secure Electronic Payment Mechanisms