advertisement

Payment Gateway

50 %
50 %
advertisement
Information about Payment Gateway
Technology

Published on February 15, 2009

Author: Ashraf.Bashir

Source: slideshare.net

Description

an introduction to how payment gateway works, with some security issues.
advertisement

Payment Gateway

Agenda Terminology Payment Gateway life cycle Types of Payment Gateways Advantages and Disadvantages Security Issues Vulnerabilities Related Vulnerabilities “ Must Do” list Payment Gateway Implementation over SSL What to ask in third payment gateways parties ? Example …. Most famous payment gateways Questions

Terminology

Payment Gateway life cycle

Types of Payment Gateways

Advantages and Disadvantages

Security Issues

Vulnerabilities

Related Vulnerabilities

“ Must Do” list

Payment Gateway Implementation over SSL

What to ask in third payment gateways parties ?

Example ….

Most famous payment gateways

Questions

Some Terminologies : Individuals Merchant – seller of goods Customer – buyer of goods Institutions Customer’s Issuing Bank – provides customer’s credit card information and verification Merchant’s Acquiring Bank – provides internet merchant account Processor – authorizes credit card transactions and settles funds for merchants

Individuals

Merchant – seller of goods

Customer – buyer of goods

Institutions

Customer’s Issuing Bank – provides customer’s credit card information and verification

Merchant’s Acquiring Bank – provides internet merchant account

Processor – authorizes credit card transactions and settles funds for merchants

Basic Elements Interactions : Processes Authorization – the process of verifying a customer’s credit card Settlement – the process of collecting funds from the customer’s account Services Payment Processing Service – connects merchants, customers, and banks through secure online transactions. Gateway – the secure pipe between the banks and the processor

Processes

Authorization – the process of verifying a customer’s credit card

Settlement – the process of collecting funds from the customer’s account

Services

Payment Processing Service – connects merchants, customers, and banks through secure online transactions.

Gateway – the secure pipe between the banks and the processor

Authorization Process Customer decides to make an online purchase and inputs credit card information Merchant ’s website receives customer information and sends it to a payment processing service Payment processing service routes information to processor Processor routes information to bank that issued customer’s credit card (issuing bank) Issuing bank sends authorization (or declination) to processor Processor routes transaction results to payment processing service Payment processing service sends results to merchant 2 Payment Processing Service 7 6 5 Customer Merchant 1 Processor 3 Customer’s issuing bank 4 Merchant decides to accept or reject purchase 8

Customer decides to make an online purchase and inputs credit card information

Merchant ’s website receives customer information and sends it to a payment processing service

Payment processing service routes information to processor

Processor routes information to bank that issued customer’s credit card (issuing bank)

Issuing bank sends authorization (or declination) to processor

Processor routes transaction results to payment processing service

Payment processing service sends results to merchant

Merchant decides to accept or reject purchase

Settlement Process Merchant informs the payment processing service to settle transactions Payment processing service sends transaction information to the processor Processor checks the information and forwards settled transaction information to the issuing bank Issuing bank transfers funds to the processor Processor routes funds to the acquiring bank Acquiring bank credits merchant’s bank account Issuing bank includes merchant’s charge on customer’s credit card account 7 2 Payment Processing Service Processor 6 4 Merchant’s acquiring bank 5 Merchant Customer 1 Customer’s issuing bank 3

Merchant informs the payment processing service to settle transactions

Payment processing service sends transaction information to the processor

Processor checks the information and forwards settled transaction information to the issuing bank

Issuing bank transfers funds to the processor

Processor routes funds to the acquiring bank

Acquiring bank credits merchant’s bank account

Issuing bank includes merchant’s charge on customer’s credit card account

PayPal (As an example) All-in-One Solution Customer’s issuing bank Merchant’s acquiring bank Customer Merchant Processor Payment Processing Service

Payment Gateways Types COM based Gateways requires that you install software called a DLL provided by the gateway company on your web hosting server. requires that you have your own dedicated SSL certificate XML transport Gateways do NOT require a DLL install. They use a facility already installed on most Windows servers. requires SSL certificate. FORM based Gateways do not require any extra software to be installed on your web hosting server. some, but not all, require that you have your own SSL certificate.

COM based Gateways

requires that you install software called a DLL provided by the gateway company on your web hosting server.

requires that you have your own dedicated SSL certificate

XML transport Gateways

do NOT require a DLL install. They use a facility already installed on most Windows servers.

requires SSL certificate.

FORM based Gateways

do not require any extra software to be installed on your web hosting server.

some, but not all, require that you have your own SSL certificate.

Advantages and Disadvantages (for user) Fixed fee per month Percentage fee per amount spent Fixed fee per transaction User bank or the gateway's bank will charge a merchant fee for the privilege of allowing credit card purchases. This can range from 1-5% or more Credit card validation and processing in real time Money is normally deposited into bank account automatically (Transparency) Reports are auto generated for users. Doesn’t need special user deployment (a browser is adequate) Advantages Disadvantages

Fixed fee per month

Percentage fee per amount spent

Fixed fee per transaction

User bank or the gateway's bank will charge a merchant fee for the privilege of allowing credit card purchases. This can range from 1-5% or more

Credit card validation and processing in real time

Money is normally deposited into bank account automatically (Transparency)

Reports are auto generated for users.

Doesn’t need special user deployment (a browser is adequate)

Some security Issues An estimated $2.8B USD was lost to online fraud in the U.S. and Canada in 2005 The rate of credit card fraud for online sales is three to four times higher than the overall fraud rate Authentication is a challenge Hackers can break into a merchant’s network Hackers can also steal customer identities Recorded session attack Vulnerabilities … … leading to losses

An estimated $2.8B USD was lost to online fraud in the U.S. and Canada in 2005

The rate of credit card fraud for online sales is three to four times higher than the overall fraud rate

Authentication is a challenge

Hackers can break into a merchant’s network

Hackers can also steal customer identities

Recorded session attack

Common Fraud-Related Risks Using stolen information to open new credit cards Issuing unauthorized credits or payments Identity theft Cash theft Accessing a payment network to complete fraud Accessing payment networks Using a stolen credit card to purchase goods and services Product theft Chargebacks A cardholder disputes a credit card purchase

How to Protect Your Business Against Fraud Transaction Level Ensure each transaction you accept and process is valid, and be careful in reviewing suspicious transactions because some may be valid. Account Level Make sure only authorized users have access to your payment gateway account, and be alert for suspicious account access patterns. Network Level Ensure your perimeter is defended against unauthorized access. 1 2 3

Your Disclosure Policy Tells Customers that You Are Honest and Dependable Business Description – Explains what the company does Shipping Policy – Details shipping terms, shipping classes offered, & expected delivery timeframe Privacy Policy – Describes how the company treats and protects customers’ information Return Policy – Provides clear guidelines on how a return is handled Contact Information – Makes it easy for customers to get in touch with the merchant via different communication channels

Business Description – Explains what the company does

Shipping Policy – Details shipping terms, shipping classes offered, & expected delivery timeframe

Privacy Policy – Describes how the company treats and protects customers’ information

Return Policy – Provides clear guidelines on how a return is handled

Contact Information – Makes it easy for customers to get in touch with the merchant via different communication channels

Security basics “must do” list Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Use and regularly update anti-virus software Develop and maintain secure systems and applications Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain a policy that addresses information security Control Objective Requirement Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters

Protect stored cardholder data

Encrypt transmission of cardholder data across open, public networks

Use and regularly update anti-virus software

Develop and maintain secure systems and applications

Restrict access to cardholder data by business need-to-know

Assign a unique ID to each person with computer access

Restrict physical access to cardholder data

Track and monitor all access to network resources and cardholder data

Regularly test security systems and processes

Maintain a policy that addresses information security

Install and maintain a firewall configuration to protect cardholder data

Do not use vendor-supplied defaults for system passwords and other security parameters

Payment Gateway Implementation over SSL Refer to the attached PDF “ Payment Gateway Implementation.pdf”

What to ask in third payment gateways parties ? How long has this company been in service ? What is the company history ? How long has their particular software package been in use ? Can you test a demo software ? How much will the setup and service bundle cost ? How much are processing costs and fees ? Does the system needs special installation equipments ? Does the system provides extra services ? What is the level of support provided by this third party ? Who are the customers that already exist and uses this system ? What are provided system authentication and authorization ?

How long has this company been in service ?

What is the company history ?

How long has their particular software package been in use ?

Can you test a demo software ?

How much will the setup and service bundle cost ?

How much are processing costs and fees ?

Does the system needs special installation equipments ?

Does the system provides extra services ?

What is the level of support provided by this third party ?

Who are the customers that already exist and uses this system ?

What are provided system authentication and authorization ?

An example of applying to a payment gateway (WorldPay) Refer to the attached PPS “ worldpay application.pps”

Most famous Payment Gateways    

Questions Confidential and Proprietary

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Die eCommerce-Lösung der TeleCash - Testen & bestellen

Sie möchten Zahlungen von Kunden entgegen nehmen und haben einen Onlineshop, ein Spendenportal, eine App oder Ähnliches? Das Internet Payment Gateway ist ...
Read more

payment gateway | payment processing

CommDoo GmbH - payment gateway | payment processing - professionelle Payment Lösungen für Shops, Browsergames, Esoterik, Downloads und Micropayment
Read more

Payment gateway - Wikipedia

A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing ...
Read more

payment gateway - Deutsch-Übersetzung – Linguee Wörterbuch

Viele übersetzte Beispielsätze mit "payment gateway" – Deutsch-Englisch Wörterbuch und Suchmaschine für Millionen von Deutsch-Übersetzungen.
Read more

Online Payment Gateways - Credit Card Payment Gateway ...

A comprehensive list of online international payment gateway providers that integrate with the Shopify platform.
Read more

dict.cc | payment gateway | Wörterbuch Englisch-Deutsch

Übersetzung für payment gateway im Englisch-Deutsch-Wörterbuch dict.cc.
Read more

Payment gateway provider, India, payment gateway company ...

PayUmoney is best payment gateway company in India. Signup and collect credit card/debit cards payments online and offline with PayUmoney payment gateway.
Read more

Payment Module | Payment Gateway | Payment Processing ...

CommDoo GmbH - Payment Module | Payment Gateway - professionelle Payment Lösungen für Shops, Browsergames, Esoterik, Downloads und Micropayment
Read more

credit card payment gateway - Deutsch-Übersetzung ...

Viele übersetzte Beispielsätze mit "credit card payment gateway" – Deutsch-Englisch Wörterbuch und Suchmaschine für Millionen von Deutsch-Übersetzungen.
Read more

Send Money, Pay Online or Set Up a Merchant Account - PayPal

Paypal Home. Shopping online shouldn't cost you peace of mind. Buy from millions of online stores without sharing your financial information.
Read more