. Brainwave

Security and Trust in Electronic Payments
Dr. Ashutosh Saxena,
Associate Professor, IDRBT, Hyderabad.



The growth of the Internet as a me dium of transaction has ma de possible an economic transformation in which commerce is becoming electronic. The critical factors of success for every commercial entity to implement and operate an electronic business mechanism are money flow; material flow and authentication information flow. The majority of trust theories are built up on the basis that there is a history of exchanges between partners i.e. past experiences, but the fluid nature of e-commerce market makes the issue of trust hard because of the weakness to scale the reliability of participants. Strong and long-lasting business relationships have always depende d on tru st. The transition to digital economy, forces enterprises not only to de velop customer intimateness but also to ensure that security requirements are part of the customer relationship strategy.

Transactions in electronic commerce can occur without any prior human contact or established interpersonal relationships. This lack of interpersonal trust creates a circumstance for a security threat. Generally, security is a set of procedures, mechanisms and computer programs to authenticate the source of information and guarantee the integrity and privacy of the information (data).

The focus of every processing e-commerce transaction is to minimize the transaction risk. In parallel, a trust framework in e-commerce must ad dress scalability and cost. It is characteristic that there are no face-to-face ope ra tions and all transactions are performed electronically with the use of communication networks. This demands establishment of the concepts of trust and security.

Electronic Payments
The security requirements can be considered as follows [Spinellis et al. 1999].
Authentication: persons participating in a transaction are the one they claim to be.
Identification : unique identification of a person or entity.
Confidentiality : prevention of unauthorized parties to capture, interpret or understand data.
Integrity : certainness that data have not been altered or manipulated by unauthorized parties,
i.e. sureness that information has not been altered since the data were signed
Non-repudiation : prevention of denying the action of participating into a transaction by a
person or entity.
Fraud prevention and tolerance: prevention of parties from fraud and financial losses in case
the system crashes or the network fails.
Access Control : control on the actions of a person or entity, based upon its identity.
Availability : uninterrupted provision of banking and other related services.

This list by no means can be considered as comprehensive and can be extended to include
other security requirements more specific to environment. But broadly the security with
regard to electronic payment can be categorised into three areas.
1. Systems security : technical infrastructure and implementation.
2. Transaction security : secure payment according to specific and well defined rules.
3. Legal security : a legal framework for electronic payment.


1. Divisibility: possibility of multiple denominations.

2. Transferability: spending via electronic payments without the need to contact the issuer.

3. Double-spending prevention: prevention of copied coins to spend repeatedly.

4. Payment confidentiality: payment details including payer, payee, account numbers, amounts, date and time must not become known to electronic observers, who are able to monitor network traffic.

5. Payment anonymity: the payee will know only pseudonym of the payer.

6. Payer untrac eability: payment system cannot trace payer payments.

We must mention that these all properties are of an ideal electronic payment system. No currently working electronic payment system meets all of these properties.

Identification of trust

The phase of electronic payment (e-payment) is confidential when all phases of the process are capable to satisfy the needs of participants and their security expe ctations. A fundamental prerequisite must be that all participa nts have absolute trust in the system that they participate in. Trust has been defined as ‘‘the willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party''

[Mayer et al., 1995]. Trust requires a party to make a rational decision based on the knowledge of possible rewards for trusting and not trusting. Trust enables higher gains while distrust avoids potential loss [Jean Camp, 2003]. ‘‘Generally, an entity can be said to ‘‘trust'' a second entity when it (the first entity) makes the assumption that the second entity will behave exactly as the first entity expects'' [X.509 ITU, 2000].

The purpose of modeling trust is to establish a secure way to describe the decision of commerc e process. A trusted environment is characterised by:

- the fact that all entities are uniquely identifiable,

- that there is a minimum number of a priori trusted entities, and

- that these entities have unquestionable trust to other participating entities.

To design for trust, it is necessary to determine if, and under what conditions trust mechanisms are brittle. Security architecture presum es that a trust model defines the trusted relationships between all involved components. Trust and trustworthiness are fundamental for every security solution. The needs for these trust aspects and the means that are used to implement it, affect the security mechanism of any commercial system. But there is distinction between trust and trustworthiness. Trust is an act of a trustor, in which an entity places trust in some object. In contrast, trustworthiness is a characteristic of someone or something that is the object of trust. Trust is the enabling of confidence that something will or will not occur in a predictable or promised manner. The enabling of confidence is supported by identification, authentication, accountability, authorization, and availability [Andert et al., 2002].

Cryptography and PKI

A logical question arises concerning which is the mechanism that could establish and efficiently implement both security and trust on Internet environment, knowing that Internet is referred as ‘‘the network of networks''; a set of interconnected networks, which is open, independe nt, heterogeneou s and universal. It is an environment that is driven by demand, not supply.

Cryptography provide s the only feasible way in which business can work as compared to traditional paper based mechanisms. Cryptographic methods should be trustworthy in order to generate confidence in the use of information and communication systems. Cryptographic methods are mainly developed in response to the needs and demands of businesses. The development of cryptographic methods is determined by the market in the competitive environment. The premise approach enables that solutions are in accordance to technology, the demands of market and needs of information and communications systems. The development of standards and protocols related to cryptographic methods must also take into the consideration the prevailing de mand of the industry. Cryptography is represented in two forms. The first is called symmetric or secret key cryptography, uses one common key for both encryption and decryption and a second named public key cryptography or asymmetric, uses two different keys (a private and public) to transform plaintext into ciphertext. In symmetric schemes, the sender and recipient of data, share a single encryption key, and the shared keys must not be revealed or exposed to unauthorized parties. In asymmetric schemes, two keys are used; a ‘‘public'' and a ‘‘private'' key. Public keys can be freely distributed but recipients still require a way to know that a key can be trusted. To certify each pu blic key, a central Certification Authority (CA) is required. Symmetric cryptography scheme s are based on the concept that only the users of the encrypted information should have the keys needed to decrypt it into something understandable. Public Key Crypto graphy [Sa nderson and Forcht, 199 6] is based on the principle that the two keys should be different, but related to each other. In a sense, they need to be inverses of one another. This form of cryptography relies heavily upon the assumption that it is computationally infeasible to determine the decryption key if the encryption key and algorithm, are known. This means that the problem cannot be solved in deterministic polynomial time and since the parameters are large, the time that is required for problem to solve will also be very large. All commonly used public key encryption techniques are based on mathematical functions which are easy to compute, and hard to invert.

The PKI (Public Key Infrastructure) comprises a complex infrastructure of hardware, software, networks, security procedures public key encryption techniques, policies and procedures for distribution and management of certificates, a group solution for key distribution problems; [Benantar, 2001] in a business environment and how it addresses the trust issues inherent in business models. The PKI is a business enabling initiative, one may refer [Saxena 2004] for details in the area of PKI. It provides a means for bo th trusted digital identity verification and data encryption in transit. In e-business, we want to establish relationships and identify the parties [Adams and Lloyd, 2002]. Certificates address the problem to verify the identity of the parties exchanging encrypted information over the Internet.

In the public key technology, an essential pro cess for establishing a trust relationship is for the first entity to import a public key from the second one and protect its integrity for storage or communication to other entities. T he entity that imports the public key is known as the relying party (intends to rely upon the public key) for protecting the succession exchange with the key-holde r, the entity from whom the key is imported.

With this backgro und, we now discuss the initiatives and the actions taken by the Reserve Bank o f India (RBI) to suppo rt electronic payments in the country.

RBI Initiatives

The RBI, the apex body for providing the guidelines for banking and financial industry, has said that it would set up an institution at the national level to own and operate all retail payment systems of the country. In its pa yment systems in India - Vision 2005-08, RBI said it will also establish a national settlement system through which the clearing houses/clearing organizations can settle the net position of the participating banks at the national level. To start with, all clearing settlements from four centres (M umbai, New Delhi, Kolkata and Chennai) would be settled through National Settlement System by December 2005. Coverage of all major clearing centres - the 40 MICR clearing centres - would b e completed by December 20 06. Towards this, RBI will take steps to build a sound legal base for payments systems. These include enactment of payment and se ttlement systems act, framing of regulations for authorized payment and settlement systems, finalization of electronic funds transfer regulations and drafting re gulations for electronic clearing system (debit clearing). To mitigate risks in payment systems, RBI plans to migrate inter-bank transactions at all places to Rea l Time Gross Settlement (RTGS) system and make high value clearing systems secured netting systems by introduction of guarantee funds. The central bank will also implement national settlement system for posting the net position of the clearing participants in all clearing houses in the country. And to address operationa l and legal risks, it will introduce digital signatures using PKI for enhanced secu rity of messages, encourage credit transfers in electronic mode and provide for high availability of all systems. The RBI will strive to have every cheque with MICR standards and make all pa yment and settlement services to be available on a national level - National ECS and National EFT. It will rationalize clearing operations by setting up new clearing houses, expansion of geographical jurisdiction of the clearing houses and merger and amalgamation of clearing houses.

The Reserve Bank had earlier in December 2001 published its “Payment Systems – Vision Document” deta iling its vision, goals, objectives and proposed measures relating to the payments systems in India for a three-year period. An evaluation of the results of the steps taken as per the broad directions contained in the Vision statement for the period 2001-04 reveal that most of the goal sets outlined have been met with while a few are at various stages of implementation.

Under the approach to computerisation and networking, with the definitive role of technology in facilitating large scale developments in payment and settlement systems, the main requirements of INdian FInancial NET work (INFINET) in becoming the secure, dedicated communication backbone for the banking and financial sector, namely, a generic architecture model for connectivity, standardisation of hardware, operating systems, systems software, application software and messaging middleware, prescribing a Common Minimum Requ irement Level for hardware and networking requirements for payment gateways, secured connectivity between internet and INFINET , link between SWIFT and INFINET have all been achieved; applications for ATM transactions, intra-bank transactions like remittances and foreign exchange transactions do use INFINET. The setting up of Credit Information Bureau of India Ltd. (CIBIL) facilitates the ba nking industry to carry ou t a credit check on credit card holders and thus, reduces the incidence of frauds and default by individuals.

With the operationalisation of Real Time Gross Settlement (RTGS) System, this service is availab le at more than 4800 branches at 398 centres as at the end of April 2005. The implementation of Struc tured Financial Messaging Solution (SFMS) and Centralised Funds Management System (CFMS) showing the results, facilitating the banks with several value added services and options. Using CFM S, banks maintaining accounts with RBI at its various offices are in a position to know their ba lances at each location from their treasury branch. Enhancement in scope and coverage of Electronic Funds T ransfer (EFT) system has been achieved through the Special EFT and the proposed National EFT; many banks have also integrated EFT with their own product offerings.

With regard to up gradation of processing environment, banks are undertaking BPR as a part of implementing core banking, security standards have been prescribed, PKI based Digital Signatures are used for security and legal protection.

On the legal front, the Negotiable Instruments Act, 1881, has already been amended to enable cheque truncation and to define e-chequ e. A Payment and Settlement Systems Bill has been drafted. Consequent upon Government of India Gazette Notification dated February 18, 2005 of the Reserve Bank of India (Board for Regulation and Supervision of Payment and Settlement Systems) Regulation, 2005, a Board for Payment and Settlement Systems has been constituted with effect from March 7, 2005.

All these have benefited directly or indirectly to the customers. The Internet based banking which was one of the goals to be achieved has bee n implemented in 26 banks. The need for core banking solutions at banks, which is at the base of many centralised initiatives such as Internet and mobile banking is also being implemented by banks and as ma ny as 39 banks have implemented core banking solutions while 29 are at various stages of implementation. The delivery channels for customers have also improved with ATMs taking over a large number of cash related functions. Recognising the potential of this delivery channel, the

Reserve Bank not only set the direction for banks to share ATMs but also helped the settlement process in the form of an ATM switch which has been set up and is being operated by the IDRBT, Hyderabad. Thus, c ardholders of any bank among the grou p can use their cards at the ATMs of any bank in the group.

To conclude, electronic commerce and finance are growing rapidly in the country. New payments mechanisms designed to aid electronic commerce have become routine. Predictions flourish about the capabilities of the information and communication technology to bring

forth important tools for conducting electronic commerce and payments.

Spinellis D, Kokolakis S, Gritzalis S. Security requirements, risks and recommendations for small enterprise and home-office environments. Information Management and Computer Security 1999;121-128.
Mayer R, Davis J, Schooman F. An integrative model of organizational trust. Academy of Management Review 1995; 20(3):709-734.
Jean Camp L. In: Designing for trust. LNAI 2631; 2003. p. 15-29.
X.509 ITU-T Recommendation X.509. Information technology, open systems interconnection e the directory: public-key and attribute certificate frameworks; 2000.
Andert Donna, Wakefield Robin, Weise Joel. Professional services security practice. Sun BluePrints_ OnLined December 2002.
Sanderson Ethan, A. Karen Forcht. Information security in business environments.
Information Management and Computer Security 1996; 32-37.
Benantar M. The Internet public key infrastructure. IBM Systems Journal 2001;40(3).
Saxena Ashutosh. PKI: Concepts, Design and Deployment, Tata McGraw Hill, New Delhi, 2004.
Adams Carlisle, Lloyd Steve. Understanding PKI: concepts, standards, and deployment considerations. 2nd ed. Addison- Wesley; 2002.
Reserve Bank of India. Payment System in India – Vision 2005-08 Online.