home > Windows 7 > Methods for protecting the system of electronic payments digital money. Protection of information of electronic payment systems. Principles of functioning of electronic money systems

Methods for protecting the system of electronic payments digital money. Protection of information of electronic payment systems. Principles of functioning of electronic money systems

It is difficult to surprise anyone with the presence of electronic savings, because they have long been used by every person and are used to make purchases on the Web, make transfers and convert funds. The popularity of this currency is due to the convenience of its use, as well as the minimum commission. The issue of money security deserves special attention. Ensuring the proper functioning of the standards and mechanisms for storing virtual assets is usually provided by payment services, but users are also required to take elementary precautions when manipulating the latter.

With the advent of Internet banking, the opportunities have become even greater. People have gained access to make purchases or conduct other transactions without leaving their homes. To carry out any operation, all you need is a computer, smartphone or other device, as well as a stable Internet connection.

Despite a number of advantages, electronic money needs additional protection from the user. This is due to the emergence of a large number of scammers who know how to hack into personal accounts and get the necessary passwords. That is why it is important to take some steps to ensure the security of any transaction on the Web. After all, schemes for unauthorized access to other people's virtual savings are progressing, and very often online scammers are one step ahead of the developers of protective mechanisms.

Existing risks and main ways of protection

There are many types of fraud on the Internet that allow attackers to cleverly deceive people, steal personal data, and subsequently money. The most popular varieties include:

Phishing is a sophisticated method of fraud that involves the theft of personal data, namely passwords, bank accounts, logins, plastic card numbers. The essence of the method is to send a letter by e-mail on behalf of some authoritative organization, for example, a banking institution. In the text, employees of the pseudo-organization recommend updating or transmitting any information under various pretexts. The peculiarity of phishing lies in the detailed study of the fraudulent scheme. For greater reliability, attackers create websites that exactly copy the Internet resource of a front organization. Consequently, a person is unaware of the deception, gets on the "hook" and loses money. To avoid such troubles, it is important to be extremely vigilant and learn how to detect fake sites.

Skimming is a direction that involves the use of special devices that allow you to read the necessary information from the magnetic tape of a plastic card. The algorithm of actions is as follows. First, the attacker fixes the skimmer on the ATM receiver. The peculiarity of this device is that it almost does not differ from the factory connector. The device is based on a special circuit that provides data reading. At the same time, a video camera is attached to the ATM, the purpose of which is to record the PIN code. At the last stage, the fraudster makes a copy of the card and withdraws all funds using the stolen code.

One of the advantages of electronic money is the impossibility of counterfeiting them (in the classical sense). They cannot be printed and then purchased using counterfeit banknotes. Virtual currency has an electronic digital form and is used only on the Web, but even this guarantees one hundred percent protection. As noted above, many fraud options have been developed to deceive gullible people.

But there are several main ways to protect money that allow you to protect electronic savings from intruders:

Passwords. Almost every user of the global network daily faces the need to enter special codes to enter the personal account of a particular site. A similar system has been implemented in electronic payment services, many of which use this method as the main method of ensuring security. In practice, not one, but several passwords can be used at once, which are stationary or changing. In the latter case, the code is updated every time the resource is visited. The new combination comes to e-mail or mobile phone. The control password, as a rule, is entered during any financial transaction on the Web. This measure allows you to additionally protect the user who has made a transaction and temporarily left the computer. Another person, without specifying the control code, will not be able to carry out any financial manipulation and use other people's money. The considered system is in wide demand in many payment systems, including Yandex.Money, Qiwi and others (called the "Payment Password"). The issue of money security is well thought out in another service - WebMoney. Here, one password to enter the wallet is not enough - you need a key file. The use of a PIN code as a protection is also typical for bank cards, which were mentioned at the beginning of the article. It usually consists of four digits, which each user sets individually. As practice has shown, this method of protecting electronic money is not very reliable, and the security system itself is subject to hacking. If the attacker stole the card and tries to guess the password, the "plastic" is blocked after three mistakes made in a row. From the above, we can conclude that the password is a popular way to ensure the security of electronic currency, and it is present in almost all modern payment systems. The only drawback is the insufficient level of reliability, so it is recommended to combine it with other protection methods.

Key files. The considered method is used in WebMoney and provides additional reliability. Its essence is that after registration, the client is given a special file, which contains the keys to the vault. To gain access to savings, the user must have a password at hand, as well as the document mentioned above. In addition, the wallet file has its own protection that ensures the safety of money. Here you also need to enter a certain combination of letters, numbers and symbols. For additional protection of personal savings, it is recommended to store the file mentioned above outside the hard drive of the computer, for example, on a USB flash drive. In a different situation, after penetrating the PC, the attacker receives all the necessary data to hack the wallet. In case of loss of this file, it is advisable to make a copy of it and save it on an external medium.
Display character set. One of the ways to protect against various worms, trojans and viruses is the on-screen keyboard. This technique is used in one of the most popular EasyPay systems. Unlike other EPS, the required characters are entered not from a conventional keyboard, but through a special image on the monitor screen. This defense approach has two sides. In the case of typing a password, another person can spy on the information, and subsequently use it to hack. If you carefully approach this moment and dial when strangers are absent, you can protect almost all types of electronic money from keyloggers. The latter are programs that penetrate the user's computer and read a special log file (it stores information about the characters entered through the keyboard). But there are other programs that capture and subsequently reproduce any user actions, including mouse movement. Therefore, it is necessary to make a decision on the relevance of using a conventional or display keyboard on an individual basis, taking into account the current situation.

Special phrase. To increase the level of protection of their funds, each user must come up with one or more words. The use of this technique allows you to protect yourself from phishing, which was mentioned at the beginning of our story. After opening the operating page of the service, a person should see the set passphrase. If it does not match the original or it does not exist at all, it is safe to talk about a fraud attempt.
Account blocking. This step has to be resorted to in a situation where the methods discussed above did not work or cannot provide the necessary level of protection. This is possible when a person accidentally lost his password, became a victim of data theft from a PC, or cannot find a plastic card. So, if the basic protection methods did not work, the user sends an SMS to a specific number or makes a call with a command to block an electronic account. This measure is suitable for extreme cases, but it is the one that provides the best protection for electronic money in an emergency.

The above methods individually do not guarantee complete safety and should be used exclusively in combination. The most "weak link" in this matter is the presence of the human factor, which makes even a reliable system vulnerable.

Simple ways to protect - a powerful addition to the main methods

Each person should understand that the safety of electronic money directly depends on his attention and following some recommendations:

Never share passwords with other people, regardless of the explanation. The PIN code of the card or the character set for entering the wallet of the electronic payment system is personal information that cannot be trusted to anyone. Any attempt to find out these facts should be alarming, even if the personal data is asked to be provided by a support representative. By ignoring this recommendation, you level the main methods of protection, which become simply ineffective. Of particular suspicion should be attempts to lure personal data through e-mail. In this case, with a high probability we can talk about Internet fraud.
If online shopping is common, it is advisable to issue a separate bank card and use it as a payment instrument for paying for services or goods on the Internet. You should not pay with various cards, because in this case their degree of confidentiality is reduced. In addition, it is advisable to set a limit in order to avoid losing a large amount in the event that the “plastic” is hacked by an attacker.
Before withdrawing money from an ATM, it is advisable to carefully inspect the machine for the fact that there are no special devices for skimming. If poorly attached elements are noticeable, it is worth reporting the problem to bank representatives, and looking for another machine for cashing out yourself.
Do not use the wallets of electronic payment systems through public computers in Internet cafes or other similar establishments. In this case, attackers can easily intercept confidential information, after which the main methods of protecting money are useless. The administrator of such an institution can easily check the history of each user and remove the information necessary for himself.
Do not click on links that come to e-mail, if you are not sure about the accuracy of the data, and you do not know the sender. If you ignore the recommendations, you can "pick up" a virus or a Trojan that will collect confidential information and send it to its creator. Also, don't trust the users you know 100%, because the mailbox could have been hacked. If the link is suspicious, it is better to separately find out its relevance.
When paying with a bank card in any institution, always keep the "plastic" in sight. If the waiter passes the magnetic tape through a separate reader, all the necessary data will pass into his hands.
Never use the same password on different services, because in case of hacking, the attacker gets access to all the money. In addition, it is desirable to use a complex combination of symbols to make matching impossible.
When buying goods using an EPS or a card on the Web, it is advisable to work only with reputable online stores. You should not transfer money to dubious persons, regardless of the proposed benefit.
Periodically check the account of the card or payment system in order to quickly detect the loss and use the blocking.
Install a reliable antivirus on your PC and update it regularly. Also, turn on the firewall, which will provide additional protection against intruders.

Any type of electronic money requires attention. It depends only on the user whether he will be able to save the earned funds, or they will go to scammers.

For some time, the development of the WWW was held back by the fact that html pages, which are the basis of the WWW, are static text, i.e. with their help, it is difficult to organize an interactive exchange of information between the user and the server. Developers have proposed many ways to extend HTML's capabilities in this direction, many of which have not been widely adopted. One of the most powerful solutions, which was a new stage in the development of the Internet, was Sun's proposal to use Java applets as interactive components connected to HTML pages.

A Java applet is a program that is written in the Java programming language and compiled into special bytecodes, which are the codes of some virtual computer - a Java machine - and are different from the codes of the Intel processors. Applets are hosted on a server on the Web and downloaded to the user's computer whenever an HTML page is accessed that contains a call to that applet.

To execute applet codes, the standard browser includes a Java machine implementation that interprets the bytecodes into machine instructions of the Intel (or other) family of processors. The capabilities embedded in the Java applet technology, on the one hand, make it possible to develop powerful user interfaces, organize access to any network resources by URL, easily use the TCP / IP, FTP, etc. protocols, and, on the other hand, make it impossible to implement access directly to computer resources. For example, applets do not have access to the computer's file system and connected devices.

Microsoft's Active X technology is a similar solution for expanding WWW capabilities. The most significant differences between this technology and Java are that components (analogues of applets) are programs in Intel processor codes and that these components have access to all computer resources , as well as Windows interfaces and services.

Another less common approach to WWW enhancement is Netscape's Plug-in for Netscape Navigator technology. It is this technology that seems to be the most optimal basis for building information security systems for electronic payments via the Internet. For further presentation, let's consider how this technology solves the problem of protecting Web server information.

Suppose that there is some Web server and the administrator of this server needs to restrict access to some part of the server's information array, i.e. organize so that some users have access to some information, while others do not.

Currently, a number of approaches to solving this problem are proposed, in particular, many operating systems running Internet servers require a password to access some of their areas, i.e. require authentication. This approach has two significant drawbacks: firstly, the data is stored on the server itself in an open form, and, secondly, the data is also transmitted over the network in an open form. Thus, an attacker has the opportunity to organize two attacks: on the server itself (guessing a password, bypassing a password, etc.) and attacking traffic. The facts of the implementation of such attacks are widely known to the Internet community.

Another well-known approach to solving the problem of information security is an approach based on SSL (Secure Sockets Layer) technology. When using SSL, a secure communication channel is established between the client and the server, through which data is transmitted, i.e. the problem of transmitting data in clear text over a network can be considered relatively solved. The main problem with SSL lies in the construction of a key system and control over it. As for the problem of storing data on the server in an open form, it remains unresolved.

Another important disadvantage of the approaches described above is the need for their support from the software side of both the server and the network client, which is not always possible and convenient. Especially in the systems focused on the mass and unorganized client.

The approach proposed by the author is based on the protection of html pages directly, which are the main information carrier on the Internet. The essence of protection lies in the fact that files containing HTML pages are stored on the server in encrypted form. At the same time, the key on which they are encrypted is known only to the person who encrypted it (the administrator) and clients (in general, the problem of building a key system is solved in the same way as in the case of transparent file encryption).

Clients access secure information through Netscape's Plug-in for Netscape technology. These modules are programs, more specifically software components, that are associated with certain file types in the MIME standard. MIME is an international standard that defines file formats on the Internet. For example, there are the following file types: text/html, text/plane, image/jpg, image/bmp, etc. In addition, the standard defines a mechanism for specifying custom file types that can be defined and used by independent developers.

So, Plug-ins are used, which are associated with certain MIME file types. The connection lies in the fact that when the user accesses files of the corresponding type, the browser launches the Plug-in associated with it, and this module performs all actions to visualize the file data and process the user's actions with these files.

The most famous Plug-in modules are modules that play video clips in avi format. Viewing these files is not included in the regular capabilities of browsers, but by installing the appropriate Plug-in, you can easily view these files in the browser.

Further, all encrypted files in accordance with the established international standard order are defined as files of the MIME type. "application/x-shp". Then, according to Netscape technology and protocols, a Plug-in is developed that associates with this file type. This module does two things: first, it asks for a password and user ID, and second, it does the job of decrypting and displaying the file in the browser window. This module is installed, in accordance with the regular, established by Netscape, order on the browsers of all client computers.

At this preparatory stage of work, the system is ready for operation. During operation, clients access encrypted html pages at their standard address (URL). The browser determines the type of these pages and automatically launches the module we developed, passing it the contents of the encrypted file. The module authenticates the client and, upon successful completion, decrypts and displays the page content.

When performing this entire procedure, the client gets the feeling of “transparent” page encryption, since all the system operation described above is hidden from his eyes. At the same time, all the standard features embedded in html pages, such as the use of pictures, Java applets, CGI scripts, are preserved.

It is easy to see that this approach solves many information security problems, since in open form, it is only on the computers of clients; data is transmitted over the network in encrypted form. An attacker, pursuing the goal of obtaining information, can only carry out an attack on a specific user, and not a single server information protection system can protect against this attack.

Currently, the author has developed two information security systems based on the proposed approach for the Netscape Navigator (3.x) and Netscape Communicator 4.x browsers. In the course of preliminary testing, it was found that the developed systems can function normally under the control of MExplorer, but not in all cases.

It is important to note that these versions of the systems do not encrypt the objects associated with the HTML page: pictures, script applets, etc.

System 1 offers protection (encryption) of the actual html pages as a single entity. You create a page, then you encrypt it and copy it to the server. When accessing an encrypted page, it is automatically decrypted and displayed in a special window. Support of the security system by the server software is not required. All work on encryption and decryption is carried out on the client's workstation. This system is universal, i.e. does not depend on the structure and purpose of the page.

System 2 offers a different approach to protection. This system provides display of protected information in some area of your page. The information is in an encrypted file (not necessarily in html format) on the server. When you go to your page, the protection system automatically accesses this file, reads data from it and displays them in a certain area of the page. This approach allows you to achieve maximum efficiency and aesthetic beauty, with minimal versatility. Those. the system turns out to be focused on a specific purpose.

This approach can also be applied in the construction of electronic payment systems via the Internet. In this case, when accessing a certain page of the Web server, the Plug-in module is launched, which displays the payment order form to the user. After the client fills it out, the module encrypts the payment data and sends it to the server. At the same time, he can request an electronic signature from the user. Moreover, encryption keys and signatures can be read from any medium: floppy disks, electronic tablets, smart cards, etc.

Basic rules to be observed by the buyer

Never share your password with anyone, including payment system employees.
Check that the connection really takes place in secure SSL mode - a closed padlock icon should be visible in the lower right corner of your browser;
Check that the connection is established with the address of the payment system or Internet bank;
Never save your password information on any media, including a computer. If you suspect that someone has gained access to your personal account, change your password or block your account;
Be sure to click the Exit button when finished.
Make sure your computer is not infected with any viruses. Install and activate antivirus programs. Try to update them constantly, as the action of viruses can be aimed at transferring information about your password to third parties;
Use software from proven and trusted sources and update regularly.

Statistics
According to statistics, the following systems are most often attacked: terminals (32%), database servers (30%), application servers (12%), web servers (10%). Workstations, authentication servers, backup servers, file storages, etc. account for only 10%. From these statistics, the relevance of security is clearly visible. sites and applications, since through their vulnerabilities it often becomes possible to gain access to data.

What ensures the security of payment systems

Secure/Encrypted Internet Connections

Currently, the presence of an SSL certificate on the site is not a sufficient condition for secure online payments. Only an integrated approach, certified according to modern international standards, allows us to say that the security of processing Internet payments is provided at the highest level.

Client Protection

Login / password for access to the system, which is tested for complexity;
Combination of bank card number, expiration date, cardholder's name, CVV/CVC codes;
The ability to create a virtual card that duplicates the main one for making Internet payments;

Technical protection

Linking the payment service to a fixed IP address and phone number of the client;
Implementation of client access to the system via encrypted protocol HTTPS/SSL;
Ability to use a virtual keyboard to set identification data (counter interception of personal data);
Separation of transaction formation channels and transaction authorization channel:

authorization of transactions is carried out through a special code, which, when making a payment, the client receives from the system to his mobile phone via SMS (a random combination of letters and numbers, valid only for a few minutes).

Protection of plastic cards
Malefactors most often try to get access to card data. The research reports of experts in the field of payment security - companies Verizon and Trustwave indicate statistics: in 85 and 98 cases out of 100, respectively, the target of the attack was card data.

Payment systems certification
Certification of service providers and business owners (merchants) with more than 6 million transactions per year is subject to Qualified Security Assessor (QSA) certification, which is issued in Russia by IBM, NVision Group, Deiteriy, Digital Security, TrustWave, EVRAAS IT, Informzaschita, Jet Infosystems, Croc Incorporated.

Certificate of Compliance Payment Card Industry Data Security Standard(PCI DSS);
Security certificate for compliance with international requirements for information security management in the development, implementation and maintenance of software ISO/IEC 27001:2005;
Use of an electronic digital signature (EDS);
Licenses for the right to carry out activities for the provision, maintenance, distribution of encryption (cryptographic) means.

Starting July 1, 2012, non-certified applications will not be allowed to be used by companies subject to PCI DSS.
The PCI DSS information security standard in the payment card industry was developed by the international payment systems Visa and MasterCard and is a set of 12 detailed requirements for ensuring the security of data about payment card holders that are transmitted, stored and processed in the information infrastructures of organizations. Taking appropriate measures to ensure compliance with the requirements of the standard implies an integrated approach to ensuring the information security of payment card data.

Vulnerabilities and methods of protection
From the point of view of information security in electronic payment systems, there are the following vulnerabilities:

Forwarding payment and other messages between the bank and the client and between banks;
Processing of information within the organizations of the sender and recipient of messages;
Clients' access to funds accumulated on accounts.
One of the most vulnerable places in the electronic payment system is the transfer of payment and other messages between banks, between a bank and an ATM, between a bank and a client.

Protection when forwarding payment messages:

The internal systems of the organizations of the sender and the recipient must be adapted for sending and receiving electronic documents and provide the necessary protection during their processing within the organization (protection of end systems);
The interaction of the sender and recipient of an electronic document is carried out indirectly - through a communication channel.

Problems solved when organizing payment protection:

mutual identification of subscribers (the problem of establishing mutual authentication when establishing a connection);
protection of electronic documents transmitted via communication channels (problems of ensuring the confidentiality and integrity of documents);
ensuring the execution of the document (the problem of mutual distrust between the sender and the recipient due to their belonging to different organizations and mutual independence).

Ensuring the security of payment systems

message delivery guarantees;
the impossibility of refusing to take action on the report;

The quality of the solution of the above problems is largely determined by the rational choice of cryptographic tools in the implementation of protection mechanisms.

Payment system is a system of interaction between participants
From an organizational point of view, the core of the payment system is the association of banks, united by contractual obligations. In addition, the electronic payment system includes trade and service enterprises that form a network of service points. For the successful functioning of the payment system, specialized organizations providing technical support for servicing cards are also needed: processing and communication centers, technical service centers, etc.

Security of electronic payment systems

The modern practice of banking operations, trade transactions and mutual payments cannot be imagined without settlements using plastic cards.

The system of cashless payments using plastic cards is called electronic payment system .

To ensure normal operation, an electronic payment system must be securely protected.

From the point of view of information security in electronic payment systems, there are the following vulnerabilities:

forwarding payment and other messages between banks, between a bank and an ATM, between a bank and a client;
processing of information within the organizations of the sender and recipient of messages;
access of clients to the funds accumulated on the accounts.

Forwarding payment and other messages is associated with the following features:

the internal systems of the organizations of the sender and the recipient must provide the necessary protection when processing electronic documents (protection of end systems);
the interaction of the sender and recipient of the electronic document is carried out indirectly - through a communication channel.

These features give rise to the following problems:

mutual identification of subscribers (the problem of establishing mutual authentication when establishing a connection);
protection of electronic documents transmitted via communication channels (the problem of ensuring the confidentiality and integrity of documents);
protection of the process of exchanging electronic documents (the problem of proof of sending and delivery of the document);
ensuring the execution of the document (the problem of mutual distrust between the sender and the recipient due to their belonging to different organizations and mutual independence).

To ensure information security functions, the following security mechanisms should be implemented at individual nodes of the electronic payment system:

access control on end systems;
message integrity control;
ensuring the confidentiality of the message;
mutual authentication of subscribers;
the impossibility of renouncing the authorship of the message;
message delivery guarantees;
the impossibility of refusing to take action on the message;
registering a sequence of messages;
message sequence integrity control.

So, electronic plastic cards are used as a means of payment in the electronic payment system.

Electronic plastic card is a storage medium that identifies the owner and stores certain credentials.

There are credit and debit cards.

Credit cards are the most common type of plastic cards. These include cards of the US national systems Visa and MasterCard, American Express and a number of others. These cards are used to pay for goods and services. When paying with a credit card, the buyer's bank opens a credit for the amount of the purchase, and then after some time (usually 25 days) sends an invoice by mail. The buyer must return the paid check (bill) back to the bank. Naturally, a bank can offer such a scheme only to the most wealthy and trusted of its clients who have a good credit history with the bank or solid investments in the bank in the form of deposits, valuables or real estate.

Owner debit card must deposit a certain amount into their account at the issuing bank in advance. The size of this amount determines the limit of available funds. When making payments using this card, the limit is reduced accordingly. To renew or increase the limit, the owner must again deposit money into his account. In order to insure the time gap between the moment of making a payment and the moment the bank receives the relevant information, a minimum balance must be maintained on the client's account.

Both credit and debit cards can be not only personal, but also corporate. Corporate cards provided by the company to its employees to pay for travel or other business expenses. Corporate cards of the company are connected with any one of its accounts. These cards may have a split or unsplit limit. In the first case, an individual limit is set for each of the corporate card holders. The second option is more suitable for small companies and does not involve delineating the limit.

A plastic card is a plate made of a special plastic that is resistant to mechanical and thermal stress. According to the standard ISO 9001 all plastic cards measure 85.6×53.9×0.76 mm.

To identify the owner, the following is applied to the plastic card:

logo of the issuing bank;
logo of the payment system serving this card;
Cardholder's Name;
account number of the cardholder;
card validity period, etc.

In addition, the card may contain a photo of the owner and his signature.

Alphanumeric data (name, account number, etc.) can be embossed, i.e. printed in embossed type. This makes it possible, when manually processing cards accepted for payment, to quickly transfer data to a check using a special device - an imprinter that "rolls" the card.

According to the principle of action, they distinguish passive and active plastic cards. Passive plastic cards only store information. These include plastic cards with a magnetic stripe.

Magnetic stripe cards are by far the most common - there are over two billion cards of this type in circulation. The magnetic strip is located on the back of the card and, in accordance with the ISO 7811 standard, consists of three tracks. Of these, the first two are for storing identification data, and information can be written to the third track (for example, the current value of the debit card limit). However, due to the low reliability of the repeatedly repeated write/read process, writing to a magnetic stripe is not usually practiced.

Magnetic stripe cards are relatively vulnerable to fraud. To increase the security of their cards, Visa and MasterCard/Europay systems use additional graphic security tools: holograms and non-standard fonts for embossing. Embossers (devices for embossing relief on a map) are produced by a limited circle of manufacturers. In a number of Western countries, the free sale of embossers is legally prohibited. Special characters confirming that the card belongs to a particular payment system are supplied to the embosser owner only with the permission of the governing body of the payment system.

Payment systems with such cards require on-line authorization at retail outlets and, as a result, the presence of branched, high-quality means of communication (telephone lines).

A distinctive feature of an active plastic card is the presence of an electronic microcircuit built into it. The principle of a plastic card with an electronic microcircuit was patented in 1974 by the Frenchman Roland Moreno. Standard ISO 7816 defines the basic requirements for cards based on integrated circuits or chip cards.

Chip cards can be classified in two ways.

The first feature is the principle of interaction with the reader. Main types:

cards with contact reading;
cards with contactless (induction) reading.

Card with contact reading has on its surface from 8 to 10 contact plates. The placement of contact plates, their number and purpose of pins are different for different manufacturers and it is natural that readers for cards of this type differ from each other.

Data exchange between contactless card and the reader is produced by induction. Obviously, such cards are more reliable and durable.

The second sign is the functionality of the card. Main types:

counter cards;
memory cards;
microprocessor cards.

Counter cards are applied, as a rule, in cases where a particular payment transaction requires a decrease in the balance on the cardholder's account by a certain fixed amount. Such cards are used in specialized prepaid applications (payment for the use of a pay phone, parking deductions, etc.). It is obvious that the use of cards with a counter is limited and does not have much prospects.

Memory cards are transitional between counter cards and cards with a microprocessor. A memory card is a rewritable counter card with measures that increase its security against intruder attacks. The simplest memory cards have a memory capacity of 32 bytes to 16 KB. This memory can be organized as:

programmable read-only memory (EPROM) that can be written once and read multiple times;
an electrically erasable programmable read-only memory (EEPROM) that can be written and read multiple times.

Memory cards can be divided into two types:

with unprotected (fully accessible) memory;
with protected memory.

In the cards of the first type, there are no restrictions on reading and writing data. These cards cannot be used as payment cards, as they are easy enough to "hack".

Cards of the second type have an identification data area and one or more application areas. The identification area allows only a single entry during personalization and is then available only for reading. Access to application areas is regulated and carried out only when certain operations are performed, in particular when entering a secret PIN code.

The level of protection of memory cards is higher than that of magnetic cards. As a means of payment, memory cards are used to pay for public payphones, travel in transport, and in local payment systems (club cards). Memory cards are also used in systems for admission to premises and access to computer network resources (identification cards).

Microprocessor cards also called smart cards or smart cards. These are essentially microcomputers that contain all the main hardware components:

microprocessor with a clock frequency of 5 MHz;
random access memory up to 256 bytes;
permanent memory with a capacity of up to 10 KB;
non-volatile memory with a capacity of up to 8 KB.

The smart card provides a wide range of functions:

differentiation of access rights to internal resources;
data encryption using various algorithms;
formation of an electronic digital signature;
maintenance of the key system;
performance of all operations of interaction between the cardholder, the bank and the merchant.

Some smart cards provide a "self-lock" mode when unauthorized access is attempted.

All this makes the smart card a highly secure payment instrument that can be used in financial applications that place high demands on information security. That is why smart cards are the most promising type of plastic cards.

Important stages in the preparation and application of a plastic card are personalization and authorization.

Personalization carried out when the card is issued to the client. At the same time, data is entered on the card that makes it possible to identify the card and its owner, as well as to check the solvency of the card when accepting it for payment or issuing cash. The original method of personalization was embossing.

Personalization also includes magnetic stripe coding and chip programming.

Magnetic stripe encoding usually produced on the same equipment as embossing. At the same time, part of the information about the card, containing the card number and the period of its validity, is the same both on the magnetic stripe and on the relief. However, there are situations when, after the initial encoding, it is required to additionally enter information on the magnetic strip. In this case, special devices with the "read-write" function are used. This is possible, in particular, when the PIN code for using the card is not generated by a special program, but is chosen by the client at his own discretion.

Chip programming does not require special technological methods, but it has some organizational features. Thus, the operations for programming individual areas of the microcircuit are geographically separated and delimited according to the rights of various employees. Usually this procedure is divided into three stages:

at the first workplace, the card is activated (it is put into effect);
operations related to security are performed at the second workplace;
at the third workplace, personalization itself is carried out.

Such measures increase security and eliminate possible abuse.

Authorization is the process of approving a sale or disbursement of cash on a card. To carry out authorization, the service point makes a request to the payment system to confirm the authority of the card bearer and his financial capabilities. The authorization technology depends on the type of card, the payment system scheme and the technical equipment of the service point.

Authorization is carried out either "manually" or automatically. In the first case, voice authorization is carried out when the seller or cashier sends a request to the operator by phone. In the second case, the card is placed in an automated trading POS terminal (Point-Of-Sale - payment at the point of sale), the data is read from the card, the cashier enters the payment amount, and the cardholder enters a PIN code (Personal Identification Number - personal identification number). After that, the terminal performs authorization by establishing a connection with the payment system database (on-line mode), or by implementing additional data exchange with the card itself (off-line mode). When issuing cash, the process is similar in nature, with the only feature that the money is automatically issued by an ATM, which conducts authorization.

A proven way to identify the owner of a plastic card is to use a secret personal identification number. PIN . The PIN value should be known only to the cardholder. On the one hand, the PIN must be long enough so that the probability of guessing by exhaustive search is acceptably small. On the other hand, the PIN should be short enough for the owner to remember it. Usually the length of the PIN ranges from 4 to 8 decimal digits, but can be up to 12.

The value of the PIN is uniquely linked to the corresponding attributes of the plastic card, so the PIN can be interpreted as the signature of the cardholder.

The protection of a personal identification number PIN for a plastic card is critical for the security of the entire payment system. Plastic cards can be lost, stolen or counterfeited. In such cases, the only countermeasure against unauthorized access is the secret value of the PIN. Therefore, the open form of the PIN should be known only to the rightful cardholder. It is never stored or transmitted within the framework of the electronic payment system.

The method of generating the PIN value has a significant impact on the security of the electronic payment system. In general, personal identification numbers can be generated either by the bank or by cardholders.

If the PIN is assigned by a bank, then one of two options is usually used.

In the first option, the PIN is generated cryptographically from the cardholder's account number. Encryption is carried out according to the DES algorithm using a secret key. Advantage: PIN value does not need to be stored inside the electronic payment system. Disadvantage: if you need to change the PIN, you must change either the customer's account number or the cryptographic key. But banks prefer to keep the customer's account number fixed. On the other hand, since all PINs are calculated using the same key, changing one PIN while maintaining the customer's account entails changing all personal identification numbers.

In the second option, the bank chooses a PIN at random, storing this value as a cryptogram. The selected PIN values are transmitted to cardholders via a secure channel.

Using the PIN assigned by the bank is inconvenient for customers even if it is short. Such a PIN is difficult to keep in memory, and therefore the cardholder can write it down somewhere. The main thing is not to write down the PIN directly on the card or other visible place. Otherwise, the task of attackers will be greatly facilitated.

For greater convenience of the client, the PIN value chosen by the client is used. This way of determining the PIN allows the client to:

use the same PIN for different purposes;
specify in PIN not only numbers, but also letters (for ease of remembering).

The PIN chosen by the client can be sent to the bank by registered mail or sent through a secure terminal of the bank office, which immediately encrypts it. If the bank needs to use the PIN chosen by the client, then proceed as follows. Each digit of the PIN chosen by the client is added modulo 10 (excluding transfers) with the corresponding digit of the PIN withdrawn by the bank from the client's account. The resulting decimal number is called the "offset". This offset is stored on the client card. Since the displayed PIN is random, the PIN chosen by the client cannot be determined from its offset.

The main security requirement is that the PIN value must be memorized by the cardholder and must never be stored in any readable form. But people are not perfect and forget their PIN very often. Therefore, special procedures are designed for such cases: recovering a forgotten PIN or generating a new one.

When identifying a client by the PIN value and the presented card, two main methods of PIN verification are used: non-algorithmic and algorithmic.

The non-algorithmic method is carried out by directly comparing the PIN entered by the client with the values stored in the database. Typically, the client PIN database is encrypted using a transparent encryption method to increase its security without complicating the comparison process.

The algorithmic way of checking the PIN is that the PIN entered by the client is converted according to a certain algorithm using a secret key and then compared with the PIN value stored in a certain form on the card. Advantages of this verification method:

the lack of a copy of the PIN on the main computer excludes its disclosure by the bank's staff;
the absence of PIN transmission between the ATM or POS-terminal and the main computer of the bank excludes its interception or the imposition of comparison results;
Simplify the work of creating system software, since there is no need for real-time actions.

Electronic money is the monetary obligations of the organization that issued them (the issuer), which are on electronic media in the management of users.

The main features of electronic money:

issuance in electronic form;
storage on electronic media;
the issuer's guarantees for their provision with ordinary cash;
their recognition as a means of payment not only by the issuer, but also by a number of other organizations.

For a clear understanding of what electronic money is, it is necessary to distinguish them from the non-cash form of traditional money (the latter are issued by the central banks of various countries, they also set the rules for their circulation).

Credit cards, which are only a means of managing a bank account, have nothing to do with electronic money. All transactions using cards are made with ordinary money, albeit in a non-cash form.

The history of the emergence of electronic money

The idea of electronic payment systems appeared in the 1980s. It was based on the inventions of David Shaum, who founded the DigiCash company in the USA, whose main task was to introduce electronic money circulation technologies.

The idea was pretty simple. The system carries out operations with electronic coins, which are the issuer's obligation files with its electronic signature. The purpose of the signature was similar to the purpose of the security features of paper notes.

Principles of functioning of electronic money systems

For the successful operation of this payment instrument, the willingness of organizations selling goods and providing services to accept electronic money as payment is necessary. This condition was provided by the issuer's guarantees for the payment of amounts in real currency in exchange for electronic coins put into circulation by it.

In a simplified form, the system operation scheme can be represented as follows:

The client transfers real currency to the issuer's account, receiving in return a file-banknote (coin) for the same amount minus the commission. This file confirms the debt obligations of the issuer to its holder;
With electronic coins, the client pays for goods and services in organizations that are ready to accept them;
The latter return these files to the issuer, receiving real money from him in return.

With such an organization of work, each of the parties benefits. The issuer receives his commission. Trading enterprises save on the costs associated with the circulation of cash (storage, collection, work of cashiers). Customers receive discounts due to lower costs for sellers.

Advantages of electronic money:

Unity and divisibility. When making calculations, there is no need for change.
Compactness. Storage does not require additional space and special mechanical protection devices.
No need for recalculation and transportation. This function is performed automatically by payment and electronic money storage tools.
Minimum issuance costs. There is no need for minting coins and printing banknotes.
Unlimited service life due to wear resistance.

The advantages are obvious, but, as usual, there are no difficulties without difficulties.

Flaws:

The circulation of electronic money is not regulated by uniform laws, which increases the likelihood of abuse and arbitrariness;
The need for special tools for making payments and storage;
For a relatively short period of operation, reliable means of storing and protecting electronic money from counterfeiting have not been developed;
Limited application due to the unwillingness of all merchants to accept electronic payments;
Difficulty in converting funds from one electronic payment system to another;
Lack of state guarantees confirming the reliability of the issuer and electronic money as such.

Storage and use of electronic money

Online wallet- this is software designed to store electronic money and carry out transactions with them within one system.

Who organizes the functioning of these systems and issues electronic money?

Issuers of electronic money

Issuer requirements vary from country to country. In the EU, the issue is carried out by electronic money institutions - a new special class of financial institutions. In accordance with the legislation of a number of countries, including India, Mexico, Ukraine, only banks have the right to engage in this activity. In Russia - both banks and non-banking financial organizations, provided they obtain a license.

Electronic payment systems in Russia

Let's look at the most popular domestic systems and give answers to questions about how to buy and how to cash out electronic money in each of them.

The largest operators are "Yandex.Money" and "WebMoney", in total their share exceeds 80% of the market, but there are also "PayPal", and "Moneybookers", and "Qiwi" ....

WebMoney

WebMoney, positioning itself as an "international settlement system", was founded in 1998. Its owner is WM Transfer Ltd. It is registered in London, but technical services and the Main Certification Center are located in Moscow.

Operations are carried out with electronic equivalents of a number of currencies.

For each of them, the guarantor is legal entities registered in various countries: Russia, Ukraine, Switzerland, the United Arab Emirates, Ireland and Belarus.

For work, an electronic wallet "WebMoney Keeper" is used, which can be downloaded from the company's website. There is also an instruction for its installation, registration and use. The program allows you to operate with equivalents of US dollars (WMZ), Russian rubles (WMR), euros (WME), Belarusian rubles (WMB) and Ukrainian hryvnias (WMU). Gold circulation is provided, the unit of measurement of which is 1 electronic gram (WMG).

To carry out transactions, it is necessary to register in the system and obtain a participant certificate, of which there are 12 types.

A higher level of the certificate provides greater opportunities in work.

When making transactions, the payer is charged a commission in the amount of 0.8% of the amount of the transfer. It is possible to use various types of payment protection. All disputes are decided by the Arbitration.

Here are ways to deposit electronic money into a wallet:

bank, postal or telegraphic transfer;
through the Western Union system;
purchase of a prepaid card;
by depositing cash at exchange offices;
through electronic terminals;
from electronic wallets of other system participants.

All of these methods are associated with the payment of commissions. It is the least profitable to start money through terminals and buy prepaid cards.

And how to cash out electronic money in the WebMoney system? You can use the following methods:

transfer to a bank account from your electronic wallet;
using the services of an exchange office;
through the Western Union system.

There are virtual points where it is possible to automatically exchange one electronic currency for another at a specified rate, although the system does not formally take part in this.

Since 2009, the use of WebMoney has been prohibited at the legislative level in Germany. This prohibition also applies to individuals.

"Yandex money"

The system has been operating since 2002. It provides settlements between participants in Russian rubles. The owner of the Yandex.Money LLC system in December 2012 sold a 75% stake to Sberbank of Russia.

There are two types of accounts:

"Yandex.Wallet", which is available through the web interface;
"Internet. Wallet is an account with which operations are carried out through a special program. Its development was terminated in 2011.

Now for new users, only Yandex. Purse.

Users of Yandex.Money can pay for utilities, pay for fuel at gas stations, and make purchases in online stores.

The advantage of Yandex.Money is the absence of commissions for most purchases and account replenishment. For transactions within the system, it is 0.5%, and for withdrawals - 3%. When accepting payments and withdrawing funds, Yandex.Money partners can set commissions at their own discretion.

Significant disadvantages are the impossibility of doing business through the system and strict limits on the amount of payments.

You can replenish Yandex.Wallet in several ways:

converting electronic money of other systems;
by bank transfers;
through payment terminals;
depositing cash at points of sale;
through Unistream and Contact systems;
from a prepaid card (now the issue of cards has been discontinued, but activation of previously purchased cards is possible).

You can cash out electronic money of the system in the following way:

transfer to a card or bank account;
receiving from a Yandex.Money card at an ATM;
through the transfer system.

The main share of the electronic money circulation market in Russia falls on WebMoney and Yandex.Money, the role of other systems is much less significant. Therefore, we consider only their characteristic features.

PayPal

"PayPal" is the world's largest electronic payment system, created in 1998 in the United States and has more than 160 million users. It allows you to receive and send transfers, pay bills and make purchases.

For Russian participants, the acceptance of payments became possible only in October 2011, and the withdrawal of funds has so far been carried out only in American banks. These circumstances significantly reduce the popularity of the system among domestic users.

The planned conclusion of an agreement between PayPal and Russian Post can correct the situation, but this is a matter of a distant future.

If you are interested in PayPal, then the article PayPal - registration, deposit and withdrawal of funds will be very helpful.

Chapter 4 considered the features of the approach to the protection of electronic banking systems. A specific feature of these systems is a special form of electronic data exchange - electronic payments, without which no modern bank can exist.

Electronic Data Interchange (EDI) is a computer-to-computer exchange of business, commercial, financial electronic documents. For example, orders, payment instructions, contract offers, invoices, receipts, etc.

OED provides operational interaction of trading partners (customers, suppliers, resellers, etc.) at all stages of preparing a trade transaction, concluding a contract and implementing a delivery. At the stage of payment for the contract and transfer of funds, the EOS may lead to the electronic exchange of financial documents. This creates an effective environment for trade and payment transactions:

* It is possible to familiarize trading partners with offers of goods and services, select the necessary product / service, clarify commercial conditions (cost and delivery time, trade discounts, warranty and service obligations) in real time;

* Ordering goods/services or requesting a contract offer in real time;

* Operational control of the delivery of goods, receipt of accompanying documents by e-mail (invoices, invoices, component statements, etc.);

* Confirmation of the completion of the supply of goods / services, issuance and payment of invoices;

* Performing banking credit and payment transactions. The advantages of the OED include:

* Reducing the cost of transactions due to the transition to paperless technology. Experts estimate the cost of processing and maintaining paper records at 3-8% of the total cost of commercial operations and delivery of goods. The gain from the use of EOS is estimated, for example, in the US automotive industry at more than $ 200 per manufactured car;

* Increasing the speed of calculation and turnover of money;

* Improving the convenience of calculations.

There are two key strategies for the development of the EEA:

1. OED is used as a competitive advantage, allowing for closer interaction with partners. This strategy is adopted in large organizations and is called the Extended Enterprise Approach.

2. OED is used in some specific industrial projects or in initiatives of associations of commercial and other organizations to increase the efficiency of their interaction.

Banks in the United States and Western Europe have already realized their key role in the spread of EIA and have realized the significant benefits that come from closer interaction with business and personal partners. OED helps banks to provide services to customers, especially small ones, those who previously could not afford to use them because of their high cost.

The main obstacle to the wide dissemination of EOS is the variety of representations of documents when exchanging them via communication channels. To overcome this obstacle, various organizations have developed standards for the presentation of documents in EOS systems for various industries:

QDTI - General Trade Interchange (Europe, international trade);

MDSND - National Automated Clearing House Association (USA, National Association of Automated Clearing Houses);

TDCC - Transportation Data Coordinating Committee;

VICS - Voluntary Interindustry Communication Standard (USA, Voluntary Interindustry Communication Standard);

WINS - Warehouse Information Network Standards (Warehouse Information Network Standards).

In October 1993, the international UN/ECE group published the first version of the EDIFACT standard. The developed set of syntax rules and commercial data elements was formalized in the form of two ISO standards:

ISO 7372 - Trade Data Element Directory (Directory of commercial data elements);

ISO 9735 - EDIFACT - Application level syntax rules.

A special case of EOD is electronic payments - the exchange of financial documents between customers and banks, between banks and other financial and commercial organizations.

The essence of the concept of electronic payments lies in the fact that messages sent over communication lines, duly executed and transmitted, are the basis for the performance of one or more banking operations. In principle, no paper documents are required to perform these operations (although they can be issued). In other words, the message sent over the communication lines carries information that the sender has performed some operations on his account, in particular on the correspondent account of the receiving bank (which may be the clearing center), and that the recipient must perform the operations specified in the message. Based on such a message, you can send or receive money, open a loan, pay for a purchase or service, and perform any other banking operation. Such messages are called electronic money, and the execution of banking operations on the basis of sending or receiving such messages is called electronic payments. Naturally, the entire process of making electronic payments needs reliable protection. Otherwise, the bank and its customers will face serious troubles.

Electronic payments are used for interbank, trade and personal settlements.

Interbank and trade settlements are made between organizations (legal entities), therefore they are sometimes called corporate. Settlements involving individual clients are called personal.

Most major thefts in banking systems are directly or indirectly related to electronic payment systems.

On the way to the creation of electronic payment systems, especially global ones, covering a large number of financial institutions and their clients in different countries, there are many obstacles. The main ones are:

1. Lack of uniform standards for operations and services, which significantly complicates the creation of unified banking systems. Each major bank seeks to create its own network of ETOs, which increases the cost of its operation and maintenance. Duplicate systems make it difficult to use them, creating mutual interference and limiting the ability of customers.

2. Increasing mobility of the money mass, which leads to an increase in the possibility of financial speculation, expands the flow of "wandering capital". This money is capable of changing the situation on the market in a short time, destabilizing it.

3. Failures and failures of hardware and software errors in the implementation of financial settlements, which can lead to serious complications for further settlements and loss of confidence in the bank on the part of customers, especially due to the close interweaving of banking ties (a kind of "error propagation"). At the same time, the role and responsibility of the operators and administration of the system, which directly control the processing of information, increases significantly.

Any organization that wants to become a client of any electronic payment system, or organize its own system, must be aware of this.

To work reliably, an electronic payment system must be well protected.

Trade settlements are made between various trading organizations. Banks participate in these calculations as intermediaries when transferring money from the account of the paying organization to the account of the receiving organization.

Trade settlement is critical to the overall success of an electronic payment program. The volume of financial transactions of various companies usually makes up a significant part of the total volume of bank operations.

Types of trade settlements vary greatly for different organizations, but two types of information are always processed during their implementation: payment messages and auxiliary information (statistics, summaries, notifications). For financial institutions, of course, the information of payment messages is of the greatest interest - account numbers, amounts, balance, etc. For trade organizations, both types of information are equally important - the first gives a clue to the financial condition, the second - helps in decision-making and policy development.

The most commonly used trade settlements are of the following two types:

* Direct deposit.

The meaning of this type of payment is that the organization instructs the bank to make certain types of payments for its employees or customers automatically, using pre-prepared magnetic media or special messages. The conditions for the implementation of such calculations are agreed in advance (source of funding, amount, etc.). They are used mainly for regular payments (payments of various kinds of insurance, repayment of loans, salaries, etc.). In organizational terms, a direct deposit is more convenient than, for example, payments by checks.

Since 1989, the number of employees using direct deposit has doubled to 25% of the total. More than 7 million Americans today receive wages in the form of direct deposit. For banks, direct deposit offers the following benefits:

Reducing the volume of tasks associated with the processing of paper documents and, as a result, saving significant amounts;

Increase in the number of deposits, since 100% of the volume of payments must be made on deposit.

In addition to banks, the owners and employees also benefit; increasing convenience and reducing costs.

* Calculations using EOS.

The data here are invoices, invoices, component statements, etc.

The implementation of the EEA requires the implementation of the following set of basic services:

X.400 e-mail;

File transfer;

Point-to-point communication;

Access to databases in on-line mode;

Mailbox;

Transformation of information presentation standards.

Examples of currently existing systems of trade settlements using EOS are:

National Bank and Royal Bank (Canada) connect with their customers and partners through the IBM Information Network;

The Bank of Scotland Transcontinental Automated Payment Service (TAPS), founded in 1986, connects the Bank of Scotland with customers and partners in 15 countries through correspondent banks and automated clearing houses.

Electronic interbank settlements are mainly of two types:

* Clearing settlements using a powerful computer system of an intermediary bank (clearing bank) and correspondent accounts of banks participating in settlements with this bank. The system is based on the offset of mutual monetary claims and obligations of legal entities with the subsequent transfer of the balance. Clearing is also widely used on stock and commodity exchanges, where the offset of mutual claims of participants in transactions is carried out through a clearing house or a special electronic clearing system.

Interbank clearing settlements are carried out through special clearing houses, commercial banks, between branches and branches of one bank - through the head office. In a number of countries, the functions of clearing houses are performed by central banks. Automated clearing houses (ACP) provide services for the exchange of funds between financial institutions. Payment transactions are basically either debits or credits. Members of the ACP system are financial institutions that are members of the ACP association. The Association is formed in order to develop rules, procedures and standards for the execution of electronic payments within a geographical region. It should be noted that the AKP is nothing more than a mechanism for the movement of funds and accompanying information. By themselves, they do not perform payment services. ACPs have been created to complement the systems for processing paper-based financial documents. The first ACP appeared in California in 1972, currently there are 48 ACPs in the USA. In 1978, the National Automated Clearing House Association (NACHA) was created, uniting all 48 ACP networks on a cooperative basis.

The volume and nature of operations are constantly expanding. ACPs begin to perform business settlements and electronic data exchange operations. After three years of efforts by various banks and companies, the CTP (Corporate Trade Payment) system was created, designed to automatically process credits and debits. According to experts, in the near future, the trend of expanding the functions of the AKP will continue.

* Direct settlements, in which two banks communicate directly with each other through loro nostro accounts, possibly with the participation of a third party in an organizational or support role. Naturally, the volume of mutual transactions should be large enough to justify the costs of organizing such a settlement system. Typically, such a system combines several banks, while each pair can communicate directly with each other, bypassing intermediaries. However, in this case, there is a need for a control center that deals with the protection of interacting banks (distribution of keys, management, control of functioning and registration of events).

There are quite a lot of such systems in the world - from small ones, connecting several banks or branches, to giant international ones, connecting thousands of participants. The best known system of this class is SWIFT.

Recently, a third type of electronic payment has appeared - the processing of electronic checks (electronic check truncation), the essence of which is to stop the path of sending a paper check to the financial institution in which it was presented. If necessary, its electronic counterpart “travels” further in the form of a special message. Forwarding and redemption of an electronic check is carried out using the ACP.

In 1990, NACHA announced the first phase of testing a national experimental program called "Electronic Check Truncation". Its goal is to reduce the cost of processing the huge amount of paper checks.

Sending money using an electronic payment system includes the following steps (depending on the specific conditions and the system itself, the procedure may vary):

1. A certain account in the system of the first bank is reduced by the required amount.

2. The correspondent account of the second bank in the first is increased by the same amount.

3. A message is sent from the first bank to the second containing information about the actions performed (account identifiers, amount, date, conditions, etc.); at the same time, the forwarded message must be adequately protected from forgery: encrypted, digitally signed and with control fields, etc.

4. The required amount is debited from the correspondent account of the first bank in the second.

5. A certain account in the second bank is increased by the required amount.

6. The second bank sends a notification to the first bank about the account adjustments made; this message must also be protected from forgery in a manner similar to that of a payment message.

7. The exchange protocol is fixed for both subscribers and, possibly, for a third party (in the network control center) to prevent conflicts.

There may be intermediaries on the way of transferring messages - clearing centers, intermediary banks in the transfer of information, etc. The main difficulty of such calculations is confidence in your partner, that is, each of the subscribers must be sure that his correspondent will perform all the necessary actions.

To expand the use of electronic payments, standardization of the electronic presentation of financial documents is being carried out. It was started in the 70s as part of two organizations:

1) ANSI (American National Standard Institute) published ANSI X9.2-1080, (Interchange Message Specification for Debit and Credit Card Message Exchange Among Financial Institute). In 1988, a similar standard was adopted by ISO and named ISO 8583 (Bank Card Originated Messages Interchange Message Specifications - Content for Financial Transactions);

2) SWIFT (Society for Worldwide Interbank Financial Telecommunications) has developed a series of standards for interbank messages.

In accordance with the ISO 8583 standard, a financial document contains a number of data elements (requisites) located in certain fields of a message or an electronic document (an electronic credit card, an X.400 message, or a document in EDIFACT syntax). Each data element (ED) is assigned its own unique number. The data element can be either mandatory (that is, included in every message of this type) or optional (it may be absent in some messages).

The bit scale determines the composition of the message (those EDs that are present in it). If some digit of the bit scale is set to one, this means that the corresponding ED is present in the message. Thanks to this method of encoding messages, the total length of the message is reduced, flexibility is achieved in the presentation of messages with many EDs, and it is possible to include new EDs and message types in an electronic document of a standard structure.

There are several ways of electronic interbank payments. Consider two of them: payment by check (payment after the service) and payment by letter of credit (payment for the expected service). Other methods, such as payment by means of payment orders or payment orders, have a similar organization.

Payment by check is based on a paper or other document containing the identity of the payer. This document is the basis for the transfer of the amount specified in the check from the account of the owner to the account of the submitter. Payment by check includes the following steps:

Receipt of a check;

Presentation of a check to the bank;

Request for transfer from the check holder's account to the issuer's account;

Money transfer;

Payment notice.

The main disadvantages of such payments are the need for an auxiliary document (check), which is easy to forge, as well as significant time spent on making a payment (up to several days).

Therefore, in recent years, such a type of payment as payment by letter of credit has become more common. It includes the following steps:

Notification of the bank by the client about the provision of a loan;

Notification of the beneficiary's bank about the provision of a loan and money transfer;

Notification of the recipient about the receipt of the loan.

This system allows you to make payments in a very short time. Loan notification can be sent by (e-mail) mail, diskettes, magnetic tapes.

Each of the above types of payments has its advantages and disadvantages. Checks are most convenient for paying small amounts, as well as for occasional payments. In these cases, the delay in payment is not very significant, and the use of credit is inappropriate. Letter of credit settlements are usually used for regular payments and for significant amounts. In these cases, the absence of a clearing delay saves a lot of time and money by reducing the turnover period. A common disadvantage of these two methods is the need for the cost of organizing a reliable system of electronic payments.

Articles on topic:

How to delete messages on whatsapp During active communication in WhatsApp, you can accidentally send the wrong message to the interlocutor, make a mistake, or even send it to another chat. In any of these cases, the best solution would be to delete the unnecessary “message” not only in yourself, but also in the mess.	Sidebar for Windows XP In the slightly outdated, but still peppy and beloved by many Windows XP, gadgets can also be used, albeit in a somewhat limited version. The limitation refers to the impossibility of using the scaling of gadgets in which such a
Description of the MTS tariff “Smart for their own Tariff plan smart for their own mts Date: 27 March 2018 "Smart for Friends" is a closed MTS tariff plan, which can be switched to using a special code. This tariff is extremely beneficial for most regions of Russia - the subscription fee is only 200 rubles per month, and the mi package	Cottages in Finland Selection of cottages in Finland Changing your privacy settings Select the cookies you wish to accept on the site. What are functional cookies? Functionality cookies help our website to function properly and allow you to create, log in and manage an account.

Popular

2022-11-11 01:47:41	Self-tuning channels NTV plus
2022-10-14 08:16:19	Three free dvd converters to convert discs to mp4 format
2022-10-14 08:16:19	Where is the folder with directx files located on the computer Where is directx installed
2022-10-14 08:16:19	Master class "how to remove the white background from images"
2022-10-14 08:16:19	Solving problems with screen sharing in Skype
2022-09-21 09:13:34	How to make notes and footnotes in Word
2022-09-21 09:13:34	The best desktop reminder program
2022-09-21 09:13:34	Picmonkey Photoshop is a handy online photo editor with many filters and effects.
2022-09-21 09:13:34	How to remove hyphens in a document
2022-09-21 09:13:34	How to add (transfer) all your contacts to ICQ How to add all your contacts to ICQ: step by step instructions

New

2022-08-25 14:34:34	Description and technical characteristics of the nebulizer Omron C24 Compressor inhaler omron nebulizer
2022-08-25 14:34:34	Omron inhalers (nebulizers) Omron steam inhaler
2022-08-25 14:34:34	AED inhaler: models, instructions and reviews
2022-08-25 14:34:34	How to make a paragraph indent in Word?
2022-08-25 14:34:34	Corn chips nachos without tortilla
2022-08-25 14:34:34	Tortilla chips with tomato-sour cream flavor
25.08.2022	Webinars and webinars: what is it and how do they work
25.08.2022	Abstract Library and Information System "Irbis
25.08.2022	Preparing to install Adobe Connect Server
25.08.2022	Preparing to install the Adobe Connect server Adobe connect installation and configuration
25.08.2022	Talk about making mistakes
25.08.2022	The most popular programming languages