Download No Slide Title

Document related concepts

Computer security wikipedia , lookup

Transcript
Electronic Payment Systems (EPS)
CITE EPS
Modules 11 and 12
Version 2
1
Electronic Payment Systems (EPS)
1. Issues and Problems
2. EPS Requirements
3. EPS Applications
4. EPS Technologies
5. EPS Case Studies
6. EPS Evaluation
7. Summary
2
Electronic Payment Systems (EPS)
1. Issues and Problems
1.1. Transportation Agency Perspective
1.2. Customer Perspective
3
Electronic Payment Systems (EPS)
1. Issues and Problems
1.1. Transportation Agency Perspective
• Costs and liability associated with coin and
cash collection
• Accurate data collection and reporting
• Intermodal coordination
• Flexibility in fare policy implementation
• Reduction of fare evasion and fraud
4
Electronic Payment Systems (EPS)
1. Issues and Problems
1.1. Transportation Agency Perspective
1.2. Customer Perspective
• Problems associated with need to have exact
change
• Difficulties associated with intermodal transfer
and multiple fares
• Need for a single payment medium accepted
by various transit agencies, other
transportation providers, and retail stores
5
Electronic Payment Systems (EPS)
2. EPS Requirements
2.1. Convenience
2.2. Flexibility
2.3. Higher throughput
2.4. Durability
2.5. Reliability
2.6. Security
2.7. Cost efficiency
2.8. Cost effectiveness
6
Electronic Payment Systems (EPS)
2. EPS Requirements
2.1. Convenience
• EPS should be more convenient to use then
cash or tokens
• The value and frequency of card downloads
should meet customer needs
• The cardholder should be able to regain value
of lost card
7
Electronic Payment Systems (EPS)
2. EPS Requirements
2.2. Flexibility
• EPS should facilitate the use of a single
medium for several interrelated applications
such as road tolling, different modes of transit,
and parking
• EPS should aid transportation providers in
implementation of more efficient and equitable
fare policies
8
Electronic Payment Systems (EPS)
2. EPS Requirements
2.3. Higher throughput
• EPS should accommodate high transaction
speeds and large volumes of transactions at
peak hours
• EPS throughput performance should be at
least as good as cash and token payment
systems
9
Electronic Payment Systems (EPS)
2. EPS Requirements
2.4. Durability
• Durability of an electronic payment medium
should be in accordance with its production
cost, stored value, and purpose
• All components of the EPS should be designed
to address specific transportation
environments such as high levels of vibration,
dust, frequent and significant temperature
changes, etc
10
Electronic Payment Systems (EPS)
2. EPS Requirements
2.5. Reliability
• Mean time between incidents (MBTI) for
various EPS components should be better than
corresponding MBTI for cash and token
payment systems
• Probability value of EPS incidents should be
lower than this value for cash and token
payment systems
11
Electronic Payment Systems (EPS)
2. EPS Requirements
2.6. Security
• EPS should address a set of security issues
such as accuracy of transactions and data
integrity
• All customer databases should be protected
against improper use and unauthorized access
and be kept confidential as much as possible
• Repudiation issues should also be taken into
account
12
Electronic Payment Systems (EPS)
2. EPS Requirements
2.7. Cost efficiency
• EPS operating costs per unit of service output
should be lower than that for cash or token
payment systems
13
Electronic Payment Systems (EPS)
2. EPS Requirements
2.8. Cost effectiveness
• EPS operating costs per unit of service
consumption should be lower than that for
cash or token payment systems
• Superior characteristics of EPS should
increase patronage of a particular service
14
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.2. Road Tolling
3.3. Parking
3.4. Multipurpose
15
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.1. Rail
3.1.2. Motorbus
16
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.1. Rail
– As of today, most EPSs on transit have been
designed for rail rapid systems
– However, commuter rail and light rail are often
integrated into regional transportation services
17
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.1. Rail
3.1.1.1. Anticipated benefits
3.1.1.2. Centralized architecture
3.1.1.3. On-line mode
18
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.1. Rail
3.1.1.1. Anticipated benefits
– Increased throughput
– Lower maintenance costs
– More flexible fare policies
19
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.1. Rail
3.1.1.2. Centralized architecture
– One of intrinsic characteristics of fare collection
systems for rail rapid transit is that fare
collection equipment is permanently installed at
station entrances and can be operated from a
central computer
20
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.1. Rail
3.1.1.3. On-line mode
– Due to the fact that all fare collection equipment
for rapid rail is permanently installed at
specified locations and can be linked to a
central computer, the entire fare collection
system can work in an on-line mode (i.e. every
payment transaction can be recorded to the
main database and authorized by a central
computer)
21
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.2. Motorbus
– Fewer efforts have been made to implement EPS on
motorbus and light rail systems
– Major challenges associated with EPS
implementation on motorbus systems result from
relatively high EPS capital costs and necessity to
install EPS validation and authorization equipment
on individual vehicles
22
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.2. Motorbus
3.1.2.1. Anticipated benefits
3.1.2.2. Distributed architecture
3.1.2.3. Off-line mode
23
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.2. Motorbus
3.1.2.1. Anticipated benefits
– EPS on motorbus systems can contribute to
substantial improvements in boarding times,
help to lower stress on a driver, and lead to
more flexible fare structure
24
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.2. Motorbus
3.1.2.2. Distributed architecture
– EPS has not been rigorously adapted for motorbus
and light rail systems is that validation and
authorization equipment has to be installed on each
vehicle
– In addition, this equipment tends to be more
expensive due to the fact that a card reader on each
vehicle performs many functions of the central
computer in a centralized system
– Lower throughput and higher equipment costs make
it more difficult to justify investment in EPS
25
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.1.2. Motorbus
3.1.2.3. Off-line mode
– In addition to higher equipment costs
associated with the distributed architecture
EPS, the necessity to operate the system in offline mode creates a greater potential for data
loss and fraud and significantly complicate
testing, maintenance, and repair of equipment
26
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.2. Road Tolling
–
–
27
The use of EPS for road tolling promises
two major benefits to toll road operators
and users. The first benefit results from a
large reduction in operating costs of toll
collection. The second benefit results
form alleviating congestion on toll plazas
However, some critics argue that road
users do not save much time because of
electronic toll collection. They say that
"we are just relieving traffic on the way
into more congested areas"
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.2. Road Tolling
3.2.1. Wireless communication system
3.2.2. Centralized architecture
3.2.3. On-line mode
28
Electronic Payment Systems (EPS)
3. EPS Applications
3.2. Road Tolling
3.2.1. Wireless communication system
–
–
29
Capability of validation equipment on toll
plazas to communicate with electronic
tags in moving vehicles
The system should operate reliably in
hostile weather conditions (rain, snow, fog,
etc.), be protected against radio
interference, and satisfy all security EPS
requirements
Electronic Payment Systems (EPS)
3. EPS Applications
3.2. Road Tolling
3.2.2. Centralized architecture (CA)
–
–
–
30
All validation and authorization equipment
is connected to the host computer
CA employs one database for all client
accounts and track all transactions.
While this approach helps to eliminate
data loss, discrepancy, and fraud, it
provides ground for misuse of sensitive
personal information (e.g. travel behavior,
travel destinations, etc.) and other privacy
concerns
Electronic Payment Systems (EPS)
3. EPS Applications
3.2. Road Tolling
3.2.3. On-line mode
–
–
–
31
EPS for road tolling operates in the on-line
mode (all transactions are authorized in
real time)
Benefits of the on-line mode include
higher security and better system
diagnosing and management.
Drawbacks include higher then for the offline mode requirements regarding
throughput, reliability, and security of the
system
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.2. Road Tolling
3.3. Parking
Most often sited benefits of EPS for parking
include:
– reduction in collection costs,
– increase in meter up-time,
– reduction in theft-motivated meter vandalism,
– improvement in rate flexibility, potentials for
parking trend monitoring, and
– reduction of fraud
32
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.2. Road Tolling
3.3. Parking
3.3.1. Distributed architecture
3.3.2. Off-line mode
3.3.3. Vandalism concerns
3.3.4. Security concerns
33
Electronic Payment Systems (EPS)
3. EPS Applications
3.3. Parking
3.3.1. Distributed architecture
–
–
34
EPS for parking employ distributed
architecture concept where some of the
functions of a central computer are
performed by individual parking meter
equipment
Parking service personnel uploads data
from parking meters and transfers it to the
central computer database on a regular
basis
Electronic Payment Systems (EPS)
3. EPS Applications
3.3. Parking
3.3.2. Off-line mode
–
–
35
Individual parking meter EPS equipment
operates in off-line mode
Since there is no direct communication
link between the central computer and the
parking meter EPS equipment, each piece
of equipment should meet requirements
toward its own power supply, security,
memory capacity, and other essential
parameters
Electronic Payment Systems (EPS)
3. EPS Applications
3.3. Parking
3.3.3. Security concerns
–
–
36
Security concerns become especially
important for parking EPS
While EPS for rail and road tolling operate in
the on-line mode (thus making it easier to
detect malfunctioning of equipment or breach
of security) and EPS equipment on motorbus is
monitored by a bus driver (again making it
easier to detect malfunctioning of equipment or
breach of security), parking meter EPS
equipment operates in the off-line mode and is
not monitored on a continuous basis
Electronic Payment Systems (EPS)
3. EPS Applications
3.3. Parking
3.3.4. Vandalism concerns
–
–
37
Theft-related and other meter vandalism is
yet another question that should be
considered
The data loss caused by vandalism should
not jeopardize the integrity of the whole
system
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.2. Road Tolling
3.3. Parking
3.4. Multipurpose
– Multipurpose EPS can integrate a variety of
services and be operated by several
institutional parties
– The ultimate solution to the multipurpose card
concept is the so-called "e-purse" that would
permit its holder to pay for all small purchases
and services within a large geographic region
with a single card
38
Electronic Payment Systems (EPS)
3. EPS Applications
3.1. Public Transit
3.2. Road Tolling
3.3. Parking
3.4. Multipurpose
3.4.1. Transit-Parking
3.4.2. Transit-Parking-Tolling
3.4.3. Transit-Parking-TollingGas/Phone/Vendors/Bank
39
Electronic Payment Systems (EPS)
3. EPS Applications
3.4. Multipurpose
3.4.1. Transit-Parking
–
–
–
40
One of the most basic schemes of
multipurpose EPS is the one that serves
one or more transit modes and parking at
park-and-ride facilities
Such a scheme can be administered by a
single transit agency or a group of transit
agencies
Fares, transfers, and discounts can be
coordinated by participating agencies in
order to provide incentives for transit
riders
Electronic Payment Systems (EPS)
3. EPS Applications
3.4. Multipurpose
3.4.2. Transit-Parking-Tolling
–
41
A higher level of integration is achieved
when transit agencies, toll road
authorities, and parking service providers
join their efforts to administer a single
payment medium for all transportation
services in a given region
Electronic Payment Systems (EPS)
3. EPS Applications
3.4. Multipurpose
3.4.2. Transit-Parking-Tolling
42
Electronic Payment Systems (EPS)
3. EPS Applications
3.4. Multipurpose
3.4.3. Transit-Parking-TollingGas/Phone/Vendors/Bank
–
–
43
The highest level of integration is reached
when a single payment medium is used to
pay for transportation, gas, and phone and
to make purchases at retail stores and
restaurants
In this case, a single party or a consortium
can administer the system whereas the
number of participants in the scheme can
be unlimited
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.2. EPS Architecture and Components
4.3. Electronic Media Types and
Characteristics
44
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.1.1. Accuracy
4.1.2. Data Integrity
4.1.3. Confidentiality
4.1.4. Impersonality
4.1.5. Repudiation
45
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.1.1. Accuracy
–
–
46
The risk of a random error (most often due
to a poor mechanical contact between the
card and reader or radio/magnetic
interference) should be minimized
A number of security techniques, such as
message authentication checks, should be
incorporated into system design in order
to provide high level of accuracy
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.1.2. Data Integrity
–
–
47
Any accidental alteration of or
unauthorized access to the data stored on
the card or transmitted over the network
should be minimized
Different forms of encryption help to
maintain data integrity on the card and
during data transmission
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.1.2. Data Integrity
48
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.1.3. Confidentiality
–
–
49
Information stored in the system or on the
card must be protected against improper
use and unauthorized access (either
malicious or accidental)
Strict access control and encryption
should be employed to protect
confidentiality and privacy of clients
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.1.4. Impersonality
–
–
50
Different personal identification techniques
should be considered in order to avoid
access to the system by someone other
than the cardholder
Passwords and personal identification
numbers (PINs) can be used to approach
this problem
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.1.5. Repudiation
–
51
A detailed log of all activities taking place
on the system and their proper
authorizations should be maintained in
order to demonstrate clients of the system
its integrity and guard system operators
against repudiation
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.2. Terminals and Readers
4.2.3. Network
4.2.4. Host System
4.2.5. Clearinghouse
52
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.1.1. Carrier (material, dimensions, other
characteristics)
4.2.1.2. Security features (signature, photograph,
hologram, microprinting, other)
4.2.1.3. Memory (magnetic stripe, chip)
4.2.1.4. Integrated circuit (features and functions)
4.2.1.5. Mask
4.2.1.6. Interface (contacts, antenna)
53
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
54
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.1.1. Carrier (material, dimensions, other
characteristics)
–
Mechanical characteristics of the card's
body determine the life span of the card
–
Most cards are made of polyvinyl chloride
(PVC) or a similar thermoplastic
–
The card's body should provide adequate
flexibility and withstand high temperatures
–
Dimensions of the card should conform to
international standards for interoperability
55
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.1.2. Security features (signature, photograph,
hologram, microprinting, other)
–
Security features of a magnetic stripe card
can include cardholder signature and
photograph, hologram, microprinting, and
UV sensitive ink.
–
However, these features have limited effect
in authenticating the card and its holder
–
Electronic encryption of the information on
the card (available on smart cards only) in
conjunction with a PIN required to use the
card provide a much higher level of security
56
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
57
4.2.1.3. Memory (magnetic stripe, chip)
–
Different types of memory to store electronic
information on the card can be used
–
Magnetic stripe cards store data on a strip of
magnetic tape bonded to the external
surface of the card. Its capacity is limited by
1 Kbits and is prone to corruption by strong
magnetic fields
–
Smart cards store data on various types of
semiconductor memory, such as ROM,
RAM, and EEPROM
–
The total capacity of a smart card can be as
high as 20-30 Kbits
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
58
4.2.1.3. Memory (magnetic stripe, chip)
–
Different types of memory to store electronic
information on the card can be used
–
Magnetic stripe cards store data on a strip of
magnetic tape bonded to the external
surface of the card. Its capacity is limited by
1 Kbits and is prone to corruption by strong
magnetic fields
–
Smart cards store data on various types of
semiconductor memory, such as ROM,
RAM, and EEPROM
–
The total capacity of a smart card can be as
high as 20-30 Kbits
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.1.3. Memory (magnetic stripe, chip)
Magnetic Stripe
Cards
Integrated Circuit
Mem ory Cards
Integrated Circuit
Processor Cards
Optical Mem ory
Cards
59
Maxim um
Data
Capacity
Processing
Pow er
Cost of Card
Cost of Reader
and Connection
140 bytes
None
$0.20 - $0.75
$750
1 Kbyte
None
$1 - $2.50
$500
8 Kbytes
8-bit cpu,
moving to 16and 32-bit
$7-$15
$500
4.9 Mbytes
None
$7 - $12
$3,500 - $4,000
Source: Gartner Group
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.1.3. Memory (magnetic stripe, chip)
60
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.1.4. Integrated circuit (features and functions)
–
Integrated circuit (or chip) is embedded
into the body of the smart card
–
Its major functions include data
communication and card control, data
encryption and decryption, and memory
management
–
Most chips are 8-bit microprocessors with
speeds up to 5 MHz
61
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.1.5. Mask
–
Mask is the "operating system" of the
smart card
–
The type of mask installed onto the smart
card determines its features
–
Major functions of the mask include
communications management,
encryption/decryption, command handling,
file management, and data access control
62
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.1.6. Interface (contacts, antenna)
–
The magnetic stripe card interface is
represented by the magnetic stripe that
when passed in front of the reading head
induces pulses of current in the head's coil
–
These pulses are decoded into meaningful
information that is read by the card reader
–
In the case of smart cards, the data can
be transported to the reader either via
metal contacts or an antenna
63
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.2. Terminals and Readers
Terminals and readers perform several functions
that may include:
–
communication with the card and host
system,
–
encryption and decryption of data,
–
validation of the card, and
–
data processing
64
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.2. Terminals and Readers
4.2.2.1. Types
4.2.2.1.1. Insertion-type
4.2.2.1.2. Motorized-type
4.2.2.1.3. Radio Frequency (RF) Readers
4.2.2.2. Functions
4.2.2.2.1. Communication with the card
4.2.2.2.2. Data reading and validation
4.2.2.2.3. Data decryption and writing
65
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.2. Terminals and Readers
4.2.2.1. Types
4.2.2.1.1. Insertion-type
»
The major advantage of the
insertion-type readers (swipecard terminals) is their
simplicity and low cost
»
However, these devices are
disposed to vandalism and
dependant on atmospheric
conditions and proper card
insertion
66
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.2. Terminals and Readers
4.2.2.1. Types
4.2.2.1.2. Motorized-type
» Motorized-type readers can operate in
hostile atmospheric conditions and
better protected against vandalism
» Their reliability in terms of proper card
validation and transaction handling is
much higher than that of insertion-type
readers
» The drawback of the motorized-type
readers is higher cost and greater
maintenance expenses
67
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.2. Terminals and Readers
4.2.2.1. Types
4.2.2.1.3. Radio Frequency (RF) Readers
» No need for physical contact between RF
Reader and wireless smart card
» Reduction in operating and maintenance
costs of the equipment
» Increase in throughput of the EPS
» Ease of use and convenience
» Vulnerability to radio/magnetic interference
» Potential threat of RF eavesdropping
» No formal authorization from a cardholder
68
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.2. Terminals and Readers
4.2.2.2. Functions
4.2.2.2.1. Communication with the card
»
The first and main function of
the card reader is to establish
a communication link with the
card
»
Depending on whether the
reader works on-line or off-line
(i.e. connected to the host
system or not), it may also
perform validating and
processing functions
69
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.2. Terminals and Readers
4.2.2.2. Functions
4.2.2.2.2. Data reading and validation
»
The second function of the
card reader is to read the data
from the card, encrypt sensitive
data (if necessary) and pass it
to the host system for
validation and processing
70
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.2. Terminals and Readers
4.2.2.2. Functions
4.2.2.2.3. Data decryption and writing
»
Upon receiving response from
the host system the reader
performs data decryption (if
necessary) and closes the
session with the card
71
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.2. Terminals and Readers
4.2.3. Network
The network serves as a link connecting card
readers, the host system, and the
clearinghouse
4.2.3.1. Closed Networks
4.2.3.2. Open Networks
72
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.3. Network
4.2.3.1. Closed Networks
Usually, the closed network subsystem:
–
accepts transactions from a limited
number of card readers and terminals;
–
serves limited applications, and
–
maintained by a single operator
73
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.3. Network
4.2.3.1. Closed Networks
74
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.3. Network
4.2.3.2. Open Networks
–
Contrary, the open network subsystem
can always be expanded to serve a
greater number of card readers and new
applications and to be interconnected to
other networks
75
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.2. Terminals and Readers
4.2.3. Network
4.2.4. Host System
The core of the host system is a powerful
computer with a strong security protection
4.2.4.1. Functions
4.2.4.2. Features
76
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.4. Host System
4.2.4.1. Functions
Among the major functions of the host system are:
–
account management,
–
data encryption and decryption,
–
communication with card readers and
terminals, and
–
overall monitoring of the EPS operations
77
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.4. Host System
4.2.4.1. Functions
78
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.4. Host System
4.2.4.2. Features
–
The special characteristics of the host
system include provision of very high
stability, reliability, and security
–
To ensure that these requirements are met
at all times the host system may feature
multiple mirror-sites, on-line back-up
systems and independent power stations
79
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.1. Cards
4.2.2. Terminals and Readers
4.2.3. Network
4.2.4. Host System
4.2.5. Clearinghouse
80
Electronic Payment Systems (EPS)
4. EPS Technologies
4.2. EPS Architecture and Components
4.2.5. Clearinghouse
–
–
–
–
81
Usually, the clearinghouse is necessary to
operate an open-system EPS, where
multiple parties are involved
Its major function is to ensure the proper
use of the system by all clients and
operators and maintain its integrity
Specifically, the clearinghouse provides
encryption-key and Personal Identification
Number (PIN) management, authenticates
cards, and validates transactions
Sometimes, the host system can perform
functions of a clearinghouse
Electronic Payment Systems (EPS)
4. EPS Technologies
4.1. Security Criteria
4.2. EPS Architecture and Components
4.3. Electronic Media Types and
Characteristics
4.3.1. Magnetic Stripe Cards
4.3.2. Chip Cards
4.3.3. Hybrids
82
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and
Characteristics
4.3.1. Magnetic Stripe Cards
Magnetic stripe cards are those that store data on
a strip of magnetic tape bonded to the
external surface of the card
4.3.1.1. Paper tickets
4.3.1.2. Plastic
83
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and Characteristics
4.3.1. Magnetic Stripe Cards
84
4.3.1.1. Paper tickets (PT)
– Flexible carrier of various shapes and sizes
– Its memory capacity is the lowest among all types
of EP media (less than 1000 bits of data)
– PT are used with the motorized-type reader that
reads data from PT, performs transaction, erases
the data from PT, and writes new data on PT
– PT are not personalized and rarely have any
security features in excess to data encoding and
ticket's distinctive shape and size
– The life span of PT is usually limited to less than
100 erase-write cycles
– PT can be easily corrupted by stray magnetic fields
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and Characteristics
4.3.1. Magnetic Stripe Cards
4.3.1.1. Paper tickets (PT)
85
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and Characteristics
4.3.1. Magnetic Stripe Cards
86
4.3.1.2. Plastic (MSPC)
– MSPC are made of polyvinyl chloride (PVC) and
usually come in a standard "credit card" size
– Its magnetic tape stripe can hold up to 1,000 bits of
encoded data and is capable to withstand
magnetic fields generated by natural magnets
– These cards can be used with both insertion- and
motorized-type readers
– Additional security features such as cardholder's
name, signature, photograph, etc.
– Magnetic stripe plastic cards hold information
regarding cardholder account number and PIN
– Upon insertion of the card the card reader does not
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and Characteristics
4.3.1. Magnetic Stripe Cards
4.3.2. Chip Cards
– Chip cards can feature different types of silicon
memory chips and a central processing unit (CPU)
– There is an "operating system" that depending of
application can perform such functions as
communications management,
encryption/decryption, command handling, file
management, and data access control
– Chip cards have either a metal contact or an
antenna interface
87
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and Characteristics
4.3.1. Magnetic Stripe Cards
4.3.2. Chip Cards
88
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and
Characteristics
4.3.2. Chip Cards
4.3.2.1. Contact
4.3.2.2. Contactless
89
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and
Characteristics
4.3.2. Chip Cards
4.3.2.1. Contact
–
Contact cards have standardized interface
of several metal contacts that serve to
establish power data flow links between
the card and the reader
90
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and
Characteristics
4.3.2. Chip Cards
4.3.2.2. Contactless
–
Contactless card uses wire coil embedded
into the card's carrier to generate power
needed to operate the card and to receive
and transmit data from and to the card
reader
91
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and
Characteristics
4.3.1. Magnetic Stripe Cards
4.3.2. Chip Cards
4.3.3. Hybrids
–
92
Hybrid cards can feature a magnetic stripe
and components of a contact and
contactless chip card, thus providing
multiple interfaces to perform a
transaction
Electronic Payment Systems (EPS)
4. EPS Technologies
4.3. Electronic Media Types and
Characteristics
4.3.1. Magnetic Stripe Cards
4.3.2. Chip Cards
4.3.3. Hybrids
93
Electronic Payment Systems (EPS)
5. EPS Case Studies
5.1. Washington, DC -- WMATA
5.2. Seattle, WA
5.3. New York, NY -- MTA
5.4. Other systems (Cleveland, OH - GCRTA;
Atlanta, GA - MARTA; Twin Cities, MN;
Boston, MA - parking; Ann Arbor, MI; Los
Angeles, CA; San Francisco, CA; Ventura
Co, CA; Chicago, IL; Delaware; Phoenix,
AZ; Europe; Asia-Pacific)
94
Electronic Payment Systems (EPS)
6. EPS Evaluation
6.1. Costs
6.2. Benefits
95