The principle of operation of the payment system. Electronic payments and electronic payment systems

Useful tips

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

MINISTRY OF AGRICULTURE OF THE RUSSIAN FEDERATION

Federal State Budgetary Educational Institution

higher professional education

"Saratov State Agrarian University named after N.I. Vavilova"

College of Finance and Technology

Specialty: 090305.51 Information security of automated systems

COURSE WORK

Topic: “Electronic payment systems: principles of operation and information security”

Student Makarov Anton Sergeevich

Course 3 Group IB-20301

Head of Coursework

Brusentsova Irina Vladimirovna

Saratov, 2014

Introduction

1.1 Payment system

2. Protection of information in electronic payment systems

Conclusion

Bibliography

Introduction

In the twenty-first century, Internet payment systems have become almost a generally accepted method that allows you to make payments with customers and clients online. Thousands go through this electronic payment system service and this is a completely normal practice for many residents. The concepts of electronic money and payment systems have firmly entered the vocabulary of both Internet users and financiers. You can create an electronic wallet on the Internet in a matter of minutes and almost always for free. The existing electronic money system allows any type of exchange: within the system, exchange between different electronic money and different currencies; exchanging electronic money for non-cash or cash and vice versa. You can deposit money into and withdraw money from the electronic system through banks, checks, etc. The scope of use of electronic money is expanding every day, more and more people are starting to use electronic money. You can also use electronic money to pay for goods and services purchased on the Internet, you can pay fines, Internet services and much more. All this can be done while sitting at home at the computer. Purpose of the study: study and analysis of the protection of electronic payment systems. Object of study: security of payment systems.

Subject of research: methods of protecting payment systems.

To achieve this goal, it is necessary to consider the following issues:

1. Payment systems

2. Types of electronic payment systems

3. Principles of operation of electronic payment systems

4. Ensuring the security of payment systems

5. Vulnerabilities and methods of protection

1. Electronic payment systems

1.1 Payment system

A payment system is a set of rules, procedures and technical infrastructure that ensure the transfer of value from one economic entity to another. Payment systems are one of the key parts of modern monetary systems.

It is usually understood that money is transferred through payment systems. From a legal point of view, in most cases there is a transfer of debt: the funds that the payment system owes to one of the clients, it becomes owed to another client. When the first client transfers his money to the payment system, the amount of such transfer is recorded, that is, the amount of debt to the first client. By his order, the client can indicate that the payment system now owes not to him, but to the second client. When the second client contacts the payment system, he has the opportunity to receive the cash equivalent of such a debt. In some cases, the means of payment are not money or debts denominated in money, but conventional units of payment or specialized securities. Extended forms of payment systems (including physical or electronic infrastructure and associated procedures and protocols) are conducting financial transactions using ATMs, payment kiosks, POS terminals, stored value cards; electronic wallets. Electronic payment systems are a subtype of payment systems that provide electronic payment transactions via networks (for example, the Internet) or payment chips.

The electronic money system is presented in the form of sets of accounts that can exchange electronic money with each other.

Electronic money is the same money, only digital. Using electronic money, you can purchase goods or services on the Internet, and purchased products can be delivered directly to your home or office, using money while at your computer. You can pay for goods and services with electronic money, and you can also transfer money from electronic form to real form (paper). For example, you can transfer money from China to Russia or any other country in a couple of minutes. You can transfer money from your account to another account within the system, or to other systems. So you can withdraw money from your account through an ATM.

Electronic payment systems have made it possible to simplify financial transactions between sellers and buyers on the Internet. Electronic systems have contributed to the development of e-commerce; they allow transactions to be carried out instantly, just as in real life you paid for an item and received it immediately. Fast and convenient, there is no need to resort to the services of a bank and post office, wasting your time on concluding a transaction. If not electronic payment systems, then I had to go to the bank, transfer money to my account, order a transfer of money to the seller’s account, and then wait 2-8 days for the money to be delivered to the seller (Fig. 1).

Figure 1. Typical scheme for implementing electronic payment

In the Electronic Payment system, payments occur subject to certain conditions:

Maintaining confidentiality. When making payments via the Internet, the buyer needs to ensure that his data (credit card number and other information about him) is known only to organizations that have the legal right to do so.

Maintaining the integrity of information. Purchase information cannot be changed. payment electronic security information

Authentication. Buyers and sellers must be confident that everyone involved in the transaction is who they say they are.

Means of payment. Possibility of payment using any means of payment available to the buyer.

Seller's risk guarantees. When trading online, the seller is exposed to a lot of risks associated with product refusals and buyer dishonesty. The level of risk must be agreed upon with the payment system provider and with other organizations introduced into the trading network through certain agreements.

Minimizing transaction fees. Payment for processing order transactions and payment for goods is naturally included in their cost, so reducing the transaction price increases competitiveness. It is important to note that the transaction must be paid in any case, even if the buyer refuses the goods.

1.2 Principles of operation of electronic payment systems

An electronic payment system is a set of methods and entities implementing them that ensure the use of bank plastic cards as a means of payment within the system. A plastic card is a personalized payment instrument that provides the person using this card with the opportunity to make cashless payments for goods and services, as well as receive cash from ATMs and bank branches. Trade and service enterprises and bank branches that accept the card as a payment instrument form a receiving network of card service points. When creating a payment system, one of the main tasks to be solved is the development and compliance with general rules for servicing cards issued by issuers included in the payment system, conducting mutual settlements and payments. These rules cover both purely technical aspects of operations with cards - data standards, authorization procedures, specifications for the equipment used and others, as well as financial aspects of card servicing - settlement procedures with trade and service enterprises that are part of the receiving network, rules for mutual settlements between banks and etc.

From an organizational point of view, the core of the payment system is an association of banks, united by contractual obligations. In addition, the electronic payment system includes trade and service enterprises that form a network of service points. For the successful functioning of the payment system, specialized organizations are also needed to provide technical support for card servicing: processing and communication centers, technical service centers, etc. (Fig. 2).

Figure 2. Scheme of functioning of electronic payment systems

A bank that has entered into an agreement with the payment system and received the appropriate license can act in two capacities: an issuing bank and an acquiring bank (Fig. 3).

Figure 3. Payment terminal. Acquiring bank

The issuing bank issues plastic cards and guarantees the fulfillment of financial obligations associated with the use of these cards as means of payment. The acquiring bank serves trade and service enterprises that accept cards for payment as means of payment, and also accepts these means of payment for cashing in its branches and through its ATMs. The main integral functions of the acquiring bank are financial transactions related to the execution of settlements and payments by service points. Technical attributes of the acquiring bank’s activities (processing requests for authorization; transferring funds to settlement accounts of points of sale for goods and services provided using cards; receiving, sorting and forwarding documents recording transactions using cards, etc.) can be delegated by the acquirer processing centers. The non-automated procedure for accepting payment using a card is relatively simple. First of all, the cashier of the enterprise must verify the authenticity of the plastic card according to a certain number of criteria. When paying, the company must transfer the client’s plastic card details to a special check using an imprinter copy machine Imprinter(English imprinter) - a mechanical device designed to create a slip when performing a transaction with a payment card. A cliche is inserted into the imprinter, on which the identification data of the receiving point is embossed. The plastic card is inserted into the imprinter and the slip is inserted. An imprint of the identification data of the reception point and the client’s card remains on the slip, enter the amount for which the purchase was made or the service was provided on the check, and obtain the client’s signature. A check issued in this way is called a slip.

In order to ensure the security of payment system operations, it is recommended not to exceed the lower limits of amounts for various regions and types of business for which payments can be made without authorization. If the limit amount is exceeded or if there is doubt about the client’s identity, the company must carry out an authorization procedure. Upon authorization, the company actually gains access to information about the client’s account status and can establish the ownership of the card by the client and his payment ability in the amount of the transaction. One copy of the slip remains at the enterprise, the second is transferred to the client, the third is delivered to the acquiring bank and serves as the basis for reimbursement of the payment amount to the enterprise from the client’s account.

In recent years, automated trading POS terminals (Point-Of-Sale-payment at the point of sale) and ATMs have gained wide popularity. When using POS terminals there is no need to fill out slips. The details of a plastic card are read from its magnetic stripe on the reader built into the POS terminal. The client enters his PIN code (Personal Identification Number), known only to him, into the terminal. PIN code elements are included in the overall encryption algorithm for the magnetic stripe record and serve as the electronic signature of the card owner. The transaction amount is entered on the POS terminal keyboard. If the transaction is carried out at a bank branch and in the process cash is issued to the client, in addition to bank POS terminals, an electronic ATM cashier can be used. Structurally, it represents an automated safe with a built-in POS terminal. The terminal, via a built-in modem, applies for authorization to the appropriate payment system. In this case, the capacity of the processing center is used, the services of which are provided to the merchant by the acquiring bank.

A processing center is a specialized service organization that ensures the processing of authorization requests and transaction protocols received from acquiring banks or directly from service points - recorded data on payments made through plastic cards and cash withdrawals. For this purpose, the processing center maintains a database, which, in particular, contains data on member banks of the payment system and plastic card holders. The processing center stores information about cardholder limits and fulfills requests for authorization if the issuing bank does not maintain its own database (off-line bank). Otherwise (on-line bank) the processing center forwards the received request to the issuing bank of the authorized card. Obviously, the processing center also ensures that the response is forwarded to the acquiring bank.

The acquiring bank's performance of its functions entails settlements with the issuing banks. Each acquiring bank transfers funds to service points for payments from cardholders of issuing banks included in this payment system. Therefore, the corresponding funds must then be transferred to the acquiring bank by the issuing banks. The prompt execution of mutual settlements between acquirers and issuers is ensured by the presence in the payment system of a settlement bank (one or more), in which member banks of the system open correspondent accounts. Based on the transaction protocols accumulated during the operating day, the processing center prepares and distributes the final data for mutual settlements between banks participating in the payment system, and also generates and sends stop lists (lists of cards for which transactions for various reasons) to acquiring banks and directly to service points. suspended). The processing center can also meet the needs of issuing banks for new cards by ordering them at factories and subsequent personalization. The peculiarity of sales and cash withdrawals using plastic cards is that these operations are carried out by stores and banks “on credit”, i.e. goods and cash are provided to customers immediately, and funds for their reimbursement are credited to the accounts of service companies after some time (no more than a few days). The guarantor of fulfillment of payment obligations arising in the process of servicing plastic cards is the issuing bank. The nature of the issuing bank’s guarantees depends on the payment authority granted to the client and recorded by the type of card. The types of payments carried out using plastic cards include credit and debit cards. Credit cards are the more common of the types of plastic cards. These include cards from the nationwide Visa and MasterCard systems and others. These cards are used in retail establishments and to pay for goods and services. When paying with credit cards, the bank allows the buyer to open a loan for the purchase amount, and then after some time (25 days) sends an invoice by mail equal to the purchase amount. The buyer must return the paid check (invoice) back to the bank. Naturally, the bank can offer such a scheme only to the most wealthy and trusted of its clients who have a good credit history with the bank or solid investments in the bank in the form of deposits, valuables or real estate.

The holder of a debit card is required to deposit a certain amount into his account at the issuing bank in advance. The size of this amount sets a limit on available funds. When making payments using this card, the limit is reduced accordingly. This limit is controlled during authorization, which is mandatory when using a debit card. To restore or increase the limit, the cardholder must deposit funds into his account. Credit and debit cards can be not only personal, but also corporate. Corporate cards are given by a company to its employees to pay for travel or other business expenses. A company's corporate cards are linked to any one of its accounts. This card may have a split or unsplit limit. In separate cases, each corporate card holder is given a certain card limit. In the undivided version, it is better suited for small companies and does not involve limiting the limit. In recent years, electronic payment systems using microprocessor cards have attracted increasing attention. The fundamental difference between microprocessor cards and all those listed above is that they directly carry information about the client’s account status, since they are, in essence, a transit account. All transactions are made off-line during the card-terminal or customer card-merchant card dialogue. Such a system is almost completely safe due to the high degree of security of the microprocessor crystal and a full debit payment scheme. In addition, although a card with a microprocessor is more expensive than a regular one, the payment system turns out to be cheaper to operate due to the fact that in off-line mode there is no load on telecommunications. To ensure reliable operation, the electronic payment system must be reliably protected.

From an information security point of view, there are vulnerabilities in electronic payment systems:

1. Forwarding payment and other messages between the bank and the client.

2. Processing information from organizations of the sender and recipient of messages.

3. Clients’ access to funds spent on accounts.

More vulnerable points in the electronic payment system are the transfer of payment and other messages between banks, bank and ATM, bank and client. Forwarding payment and other messages is associated with the following features:

The internal systems of the sender and recipient must be adapted to send and receive electronic documents and provide the necessary protection when they are processed within the organization. The interaction between the sender and recipient of an electronic document is carried out through a communication channel.

To ensure the information security functions of the electronic payment system, the following security mechanisms must be used:

1. Message integrity control.

2. Confidentiality of messages.

3. Subscriber authentication.

5. The impracticability of refusing to take action on a message.

6. Registering a sequence of messages.

7. Access control on initial systems.

8. Monitoring the integrity of the message sequence.

9. Message delivery guarantees.

1.3 Types of electronic payment systems

Electronic money is a new phenomenon in economic science and home practice, which is why there are different opinions regarding what is considered electronic money. Some believe that electronic money is a perpetual monetary obligation of a banking or other company, expressed in electronic form, certified by an electronic digital signature, used as a means of payment and repaid at the time of presentation with ordinary money.

Others say that this is a monetary value, which represents a claim on the issuer, which is contained on an electronic device, is issued after receiving funds in an amount not less than the volume of obligations assumed, and is accepted as a means of payment not only by the issuer, but also by other companies. The third is that it is an electronic analogue of cash that can be purchased, it is stored electronically in special devices and is at the disposal of the buyer.

Smart cards or certain computer systems are used to store money. This is information transmitted by any means of electronic communication, in the form of banknotes when making payments on the Internet, or without it.

At the consumer level, users classify as electronic money any payment services that allow making payments for goods or services, creating payments between users using electronic means of communication, mainly using the Internet. Electronic money is the same as regular money, only more convenient. You can also earn them, pay for goods and services with them, such as burning the Internet, television and others, receive and transfer, accumulate and other functions. It can be noted, as with ordinary money, cash payments occur in real time, in some cases anonymously.

There are two main groups of electronic money, which differ in the type of media:

Based on smart cards (electronic wallet)

Network-based (network money)

Smart cards are multi-purpose plastic cards with chips built into them, this chip is a microprocessor. A money file equivalent to money, previously transferred to the issuer of these cards, is deposited onto such a chip. Bank users can transfer money from their accounts to smart cards, transactions can be carried out within the limits of the amount of funds credited to them. The procedure for maintaining a personal account for a smart card differs from the procedure for maintaining a personal account for traditional cards. An ordinary card does not contain information about the cash balance of the account; it is only used as a tool for accessing the current account. At the moment when funds are credited by the bank to the card, no receipt is made to this bank card. At the time of such replenishment of the smart card funds on the personal account, the amount by which the card was topped up is reduced. Electronic cash appears on the card, resulting in possible secure authorization of offline transactions.

Chip cards are classified:

1. debit/credit cards;

2. electronic cash

Debit/credit chip cards are simple debit or credit cards containing a microprocessor (chip). Unlike cards with a magnetic stripe, they have additional identification data on the card; there are customized parameters that can improve the security and efficiency of various operations. Operations with such cards remain the same.

Pre-authorized cards are e-wallets and e-cash cards allow the storage of a sum of money on the card and are therefore called stored value cards, which are different from debit and credit cards. On such chip cards, a certain balance of available funds is stored in the chip. Before carrying out the operation, it is compared with the amount of the operation and, in a good case, the result of the check performed is reduced by the amount of the requested operation. Such card transactions are performed offline, without communication with the bank at the time of use of the transaction.

The main feature of pre-authorized cards from an electronic wallet and electronic cash is that the amount is written off from the user’s account only after the processing center receives settlement information about the transactions that occurred. When a certain amount is credited to an electronic wallet or an electronic cash card, this amount is instantly debited from the card user’s card account. If an electronic cash card is lost, the amount on it is lost to the card user. This is similar to an e-wallet card and an e-cash card with a regular cash wallet.

The electronic wallet system, as a financial product, has a certain limitation on the amount of funds stored in the wallet and its use for relatively small payments.

The peculiarity of chip cards that implement the concept of electronic cash is that they use special electronic devices that function autonomously and confidentially without communication with the issuer. The card owner has the opportunity to check the balance of money on the card, transfer money to another card, send money by phone, exchange a money file back to traditional money, etc. An indicator of such a card is the “Mondex” bank card.

To save funds transferred from a bank account, a device called a wallet (Mondex wallet) has been implemented, which allows you to transfer funds from card to card, read the balance, and change the PIN. Funds on the card have every chance of being transferred from the wallet as needed. Thanks to this, the anonymity of transactions was ensured and the security of the system was increased: part of the money is in the wallet, and some of it is on the card. In addition, the Mondex system envisages the introduction of ATMs for cashing out funds and trading terminals for transferring funds from the client’s card to the merchant’s card, who then, using a “Mondex” compatible phone, can credit the funds accumulated on his card to the company’s bank account. In a payment system that uses electronic cash cards, there are restrictions on transactions with merchant cards. Thus, the so-called quality of operational safety is guaranteed. Electronic money is becoming a less dangerous system.

Payment associations Visa International., MasterCard Int. and Europay Int. created a working group that developed international “ISO” standards for cards with a microprocessor, the standard is called “EMV” (the name is collected from the first capital letters of the systems of the main developers, such as EuroPay/MasterCard/Visa).

The European Union decided to transfer plastic cards to smart cards or “EMV” EMV(Europay, MasterCard and VISA) is an international standard for transactions using bank cards with a chip. This standard was developed jointly by Europay, MasterCard and Visa to improve the security of financial transactions.” cards. At this time, there are options for combining payment system products on the smart card core:

1. MasterCard has proposed connecting pre-authorized card and debit/credit card applications. In this case, operations occur both online to replenish the card account within a certain limit for the amount of one offline transaction, and offline to execute payments (See Fig. 4)

Rice. 4. Example of an electronic payment card MasterCard

2. Visa introduced multi-application EMV cards. The system guarantees buyers additional Convenience when using payments using Visa debit or credit cards and mobile phones. The solution is based on the developments of EMV and Infrared Financial Messaging, or IrFM (an international standard that ensures compatibility of devices when transmitting data via infrared channels). Visa card users and SKT system subscribers have every chance to pay for goods and services by sending an encrypted infrared signal from their mobile phone to small infrared receivers that are built into POS terminals at points of sale, vending machines, a variety of transport terminals and other devices that receive such payments (Fig. 5)

Rice. 5. Example of an electronic Visa payment card

Also, the payment data of the card user will be securely stored in the EMV-compatible microprocessor of the mobile phone. Apparently, the initialization of payment transactions in the future will occur not only from the corresponding mobile phones, but also from other mobile devices with an IR port.

The 2nd group of electronic funds includes network money, which is issued in the form of a sent currency file by the organizer of payments upon receipt of ordinary money, stored in memory on PC hard drives or other removable media and transferred during payments via electronic communication channels, including through the Internet. They are used to pay for goods and services in web stores and other companies doing business on the Internet. They are also allowed to be exchanged for traditional money. By its nature, electronic money is closer to non-cash bank money.

Different electronic payment systems organize work with electronic funds in different ways. For example, in the digital cash model, the guarantee of safety is the strength of the cryptographic protocols used in the creation (issuance) of digital funds and regulating their circulation. By analogy with cash bills, digital money, like electronic documents, contains a nominal price, an indication of the issuer, personal characteristics: series, number, etc. Elements of protection against counterfeiting by verifying them with the digital signature of the issuer. To ensure the anonymity of circulation of digital money, individual characteristics are selected by their future owner and are transferred in a closed form to the issuer for signature. The issuer signs the banknote “blindly” (without knowing its personal characteristics, but knowing exactly the denomination), for which a special digital signature and cryptographic protocol are used.

Therefore, the issuer can control only the size of issued digital funds, but not their distribution among respondents, which guarantees complete anonymity of calculations. When issuing digital money in exchange for cash or other means of payment, the issuer may not even know the respondent. To eliminate repeated calculations with the same electronic banknote, digital money is made “disposable”; any banknote is used for payments only once. For this purpose, the issuer is obliged to maintain a database of used banknotes and check it with each payment. The issue and use of digital money are not regulated by current legislation, therefore their mobility is guaranteed by the issuer and is based on agreements on their use as means of payment.

The main advantages of electronic money compared to non-cash payments through a bank include the following parameters:

1. Low cost of transaction and transfer from one electronic account to another;

2. High speed of the transaction, which is limited only by the capabilities of the payment system; practically the action occurs instantly.

The main disadvantages of electronic money are that:

1. The issuer of electronic money is not the state, but a specific payment system, which is responsible for maintaining their solvency;

2. The use of electronic money is possible only within the issuing payment system;

3. There are security problems when making electronic payments.

In Russia, electronic payment systems are mainly used, such as PayPal, QIWI, Web Money, Yandex. Money, RUpay, E-gold, E-port, Pay Cash, Money Mail, Cyber Plat, Rapida, etc.

2. Protection of information of electronic payment systems

2.1 Ensuring the security of payment systems

Banking operations, trade transactions and mutual payments are impossible to imagine without payments using plastic cards. The system of non-cash payments using plastic cards is called an electronic payment system. To ensure normal operation of the electronic payment system, it must be reliably protected.

It is believed that there are vulnerabilities in information security in electronic payment systems:

Forwarding payment and other messages between banks, between a bank and an ATM, between a bank and a client;

Processing of information by the organization of the sender and recipient;

Customer access to funds spent on accounts.

Forwarding payment and other messages has the following features:

The internal systems of the sender and recipient organizations are required to provide suitable protection when processing electronic documents (end system protection);

The interaction between the sender and recipient of an electronic document is carried out directly through the communication channel.

These features cause difficulties:

Mutual identification of subscribers (the problem of establishing mutual authenticity when establishing a connection);

Protection of electronic documents transmitted via communication channels (problem of ensuring confidentiality and integrity);

Protection of the process of exchanging electronic documents (the problem of proving the sending and delivery of a document);

ensuring the execution of the act (the problem of mutual distrust between the sender and the recipient due to their belonging to different organizations and mutual independence).

To ensure information security functions, some nodes of the electronic payment system must implement security mechanisms:

Access control on initial systems;

Message integrity control;

Ensuring the confidentiality of the message;

Mutual client authentication;

Message delivery guarantee;

Impossibility of refusing to take action on a message;

Logging a sequence of messages;

Message sequence integrity monitoring.

Electronic plastic cards are used as means of payment in electronic payment systems.

An electronic plastic card is a carrier of certain information that identifies the user and stores certain data.

Distinguishing between credit and debit cards.

Electronic cards are a more common type of plastic card. Electronic cards are used to pay for various goods and services. When paying with a credit card, the client's bank opens a loan for the amount of the purchase, and then after a while sends an invoice by mail for the amount of the purchase made. The buyer must return the paid check back to the bank. Of course, the bank can recommend a similar scheme only to the wealthier and more trusted of its own clients, who have a good credit history with the bank or significant deposits with the bank in the form of deposits, valuables or real estate.

A plastic card is a plate made of a special plastic that is resistant to mechanical and thermal effects. According to the ISO 9001 standard, all plastic cards have dimensions of 85.6x53.9x0.76 mm.

To identify the owner, the following are applied to the plastic card:

logo of the issuing bank;

logo of the payment system servicing this card;

Cardholder Name;

cardholder account number;

card expiration date, etc.

In addition, the card may contain a photo of the owner and his signature.

Alphanumeric data (name, account number, etc.) can be embossed, i.e. printed in raised font. This makes it possible, when manually processing cards accepted for payment, to quickly transfer data to a receipt using a special device - an imprinter that “rolls” the card.

Based on the operating principle, a distinction is made between passive and active plastic cards. Passive plastic cards just store information. These include plastic cards with a magnetic stripe.

Cards with a magnetic stripe are still more common - there are more than two billion analogue cards in circulation. The magnetic stripe is located on the back of the card and, in accordance with the ISO 7811 standard, consists of 3 tracks. Of these, the first two are intended for storing identification data, and the third track allows you to enter information (for example: the current value of the debit card limit). However, due to the low reliability of the repeated write/read process, magnetic stripe recording is not usually practiced.

Magnetic stripe cards are relatively vulnerable to fraud. To increase the security of their cards, Visa and MasterCard/Europay systems use additional graphic security measures: holograms and non-standard fonts for embossing. Embossers (devices for embossing relief on a card) are produced by a limited number of manufacturers. In a number of Western countries, the free sale of embossers is prohibited by law. Special symbols confirming that the card belongs to a particular payment system are supplied to the owner of the embosser only with the permission of the governing body of the payment system.

Payment systems with such cards require on-line authorization at retail outlets and, as a result, the presence of extensive, high-quality communication means (telephone lines).

A distinctive feature of an active plastic card is the presence of an electronic chip built into it. The ISO 7816 standard defines the basic requirements for integrated circuit cards or chip cards.

Cards with a chip can be classified according to two criteria.

The first sign is the principle of interaction with the reading device. Main types:

cards with contact reading;

cards with contactless (inductive) reading.

A contact-reading card has 8 to 10 contact plates on its surface. The placement of contact plates, their number and the purpose of the pins are different for different manufacturers, and it is natural that readers for cards of this type differ from each other.

Data exchange between the contactless card and the reader is carried out inductively. Obviously, such cards are more reliable and durable.

The second sign is the functionality of the card. Main types:

counter cards;

memory cards;

microprocessor cards.

Counter cards are used, as a rule, in cases where a particular payment transaction requires reducing the balance in the cardholder's account by a certain fixed amount. Such cards are used in specialized prepaid applications (payment for using a pay phone, paying for parking, etc.). It is obvious that the use of cards with a counter is limited and does not have much prospects.

Memory cards are transitional between counter cards and microprocessor cards. The memory card is a rewritable meter card that has measures in place to make it more secure from malicious attacks. The simplest memory cards have a memory capacity from 32 bytes to 16 KB. This memory can be organized as:

programmable read-only memory (EPROM), which can be written once and read many times;

An electrically erasable programmable read-only memory (EEPROM) that can be written to and read multiple times.

Memory cards can be divided into two types:

with unprotected (fully accessible) memory;

with protected memory.

In the first type of cards there are no restrictions on reading and writing data. These cards cannot be used as payment cards, as they can be easily hacked.

Cards of the second type have an identification data area and one or more application areas. The identification area allows only one entry during personalization and is then only available for reading. Access to application areas is regulated and is carried out only when performing certain operations, in particular when entering a secret PIN code.

The level of protection of memory cards is higher than that of magnetic cards. As a means of payment, memory cards are used to pay for public payphones, travel on public transport, and in local payment systems (club cards). Memory cards are also used in systems for access to premises and access to computer network resources (identification cards).

The smart card provides a wide range of functions:

differentiation of access rights to internal resources;

data encryption using various algorithms;

formation of an electronic digital signature;

maintaining the key system;

performing all operations between the cardholder, bank and merchant.

Some smart cards have a "self-locking" mode if unauthorized access is attempted.

Important stages in the preparation and use of a plastic card are personalization and authorization.

Personalization occurs when the card is issued to the buyer. Data is recorded on the card that allows you to identify the card and its owner, as well as check the solvency of the card when paying or issuing cash. The original method of personalization was embossing.

Personalization includes magnetic stripe coding and chip programming.

Magnetic stripe encoding is usually done on the same equipment as embossing. At the same time, part of the information about the card, which stores the card number and its validity period, is the same both on the magnetic strip and on the relief. But there are situations when, after initial encoding, you need to add additional information to the magnetic stripe. In this case, special devices with a read-write function are used. This is possible, in particular, when the PIN code for using the card is not generated by a special program, but is chosen by the client at his own discretion.

Programming a microcircuit does not require special technological techniques, but it does have some organizational features. Thus, operations for programming individual areas of the microcircuit are distributed geographically and are differentiated according to the rights of various employees. Typically this procedure is divided into three stages:

at the first workplace the card is activated (putting it into use);

at the second workplace, operations related to ensuring safety are performed;

in the third workplace the actual personalization is carried out.

Such measures increase security and eliminate possible abuse.

Authorization is carried out either manually or automatically. In the first case, voice authorization is carried out when the seller or cashier transmits the request to the operator by phone. In the second case, the card is placed in an automated trading POS terminal (Point-Of-Sale - payment at the point of sale), the data is read from the card, the cashier enters the payment amount, and the cardholder enters the PIN code (Personal Identification Number) . After this, the terminal carries out authorization by establishing a connection with the payment system database (on-line mode), or implementing additional data exchange with the card itself (off-line mode). When issuing cash, the process is similar, with the only peculiarity that the money is automatically issued by an ATM, which carries out authorization.

A proven way to identify the owner of a plastic card is to use a secret personal identification number PIN. The PIN value should only be known to the card owner. On the one hand, the PIN must be long enough so that the probability of guessing by brute force is acceptably small. On the other hand, the PIN must be short enough for the owner to remember it. Typically the PIN length ranges from 4 to 8 decimal digits, but can be up to 12.

The PIN value is uniquely associated with the corresponding attributes of the plastic card, so the PIN can be interpreted as the signature of the cardholder.

Protecting the personal identification number PIN for a plastic card is critical to the security of the entire payment system. Plastic cards can be lost, stolen or counterfeited. In such cases, the only countermeasure against unauthorized access is the secret PIN value. Therefore, the clear form of the PIN should only be known to the rightful card owner. It is never stored or transmitted within the electronic payment system.

The method for generating the PIN value has a significant impact on the security of the electronic payment system. In general, personal identification numbers can be generated either by the bank or by cardholders.

If the PIN is assigned by the bank, then one of two options is usually used.

In the first option, the PIN is cryptographically generated from the cardholder's account number. Encryption is carried out using the DES algorithm using a secret key. Advantage: The PIN value does not need to be stored within the electronic payment system. Disadvantage: if you need to change the PIN, you must change either the client's account number or the cryptographic key. But banks prefer that the customer's account number remains fixed. On the other hand, since all PINs are calculated using one key, changing one PIN while maintaining a customer account entails changing all personal identification numbers.

In the second option, the bank selects a PIN randomly, storing this value as a cryptogram. The selected PIN values are transmitted to cardholders over a secure channel.

Using a PIN assigned by a bank is inconvenient for clients, even if it is short. Such a PIN is difficult to remember, and therefore the cardholder may write it down somewhere. The main thing is not to write the PIN directly on the card or other visible place. Otherwise, the task of attackers will be greatly facilitated.

For greater client convenience, a PIN value selected by the client is used. This method of determining PIN allows the client:

use the same PIN for different purposes;

enter not only numbers, but also letters into the PIN (for ease of memorization).

The PIN selected by the customer can be sent to the bank by registered mail or sent through a secure bank office terminal, which immediately encrypts it. If the bank needs to use the PIN chosen by the client, then proceed as follows. Each digit of the PIN selected by the client is added modulo 10 (excluding transfers) with the corresponding digit of the PIN withdrawn by the bank from the client’s account. The resulting decimal number is called the "offset". This offset is stored on the client card. Since the displayed PIN is random, the PIN selected by the client cannot be determined by its offset.

The main security requirement is that the PIN value must be remembered by the cardholder and should never be stored in any human-readable form. But people are imperfect and often forget their PINs. But for such cases, special procedures are intended: restoring a forgotten PIN or generating a new one.

When identifying a client by the PIN value and the presented card, two main methods of checking the PIN are used: non-algorithmic and algorithmic.

The non-algorithmic method is carried out by directly comparing the PIN entered by the client with the values stored in the database. Typically, the customer PIN database is transparently encrypted to increase security without complicating the comparison process.

The algorithmic way of checking PIN is that the PIN entered by the client is converted according to a certain algorithm using a secret key and then compared with the PIN value stored in a certain form on the card. Advantages of this verification method:

the absence of a copy of the PIN on the main computer prevents its disclosure by bank personnel;

the absence of PIN transmission between the ATM or POS terminal and the main computer of the bank excludes its interception or imposition of comparison results;

Simplification of the work on creating system software, since there is no longer a need for real-time actions.

Promising solutions. Mobile banking

The main area of application of the Mobil-ID + EDS SIM card is the use of a mobile phone to confirm transactions that require strict procedures for verifying the authenticity of data and subjects of information interaction. WirelessPKI services for a cellular operator must be provided by a special service provider called a Mobile Signature Service Provider (MSSP).

In practice, two-channel multifactor mobile authentication based on a Mobil-ID SIM card + digital signature will allow not only to identify the owner in the electronic service delivery system, but also to use electronic signatures throughout the entire communication session or even at the end of the phone call. The owner will no longer have to remember all of their passwords and usernames. He will be able to completely abandon coded bank cards and PIN calculators. If for different services the user is now forced to use different identification data (passwords and usernames), then such a SIM card will allow you to log in to all services with one single personal code. Functionally, the owner of the new SIM card will be able to perform the same electronic operations as owners of regular smart cards - access online banking, service portals, sign various contracts, etc. At the same time, MSSP provides two-channel support for strong authentication based on combinations of many factors , including GOST R. 34.10-2001, GOST R. 34.11-94 (public key cryptography), GOST 28147-89.

2.2 E-commerce security

The high level of fraud on the Internet is a deterrent to the development of e-commerce. People mainly use the Internet as an information channel to obtain information that interests them.

Classifications of possible types of fraud in e-commerce:

Transactions (non-cash transactions) carried out by fraudsters using the correct card details (card number, expiration date, etc.);

Obtaining customer data through hacking the database of trading enterprises or by intercepting customer messages containing his personal data;

Butterfly shops (scammers), which usually appear for a short time, only to disappear after receiving money from customers for non-existent services or goods;

An increase in the cost of goods in relation to the price offered to the buyer or repeated debits from the client’s account;

Stores or sales agents designed to collect information about card details and other personal data of the buyer.

SSL protocol

The SSL - Secure Socket Layer protocol provides data protection between service protocols and transport protocols (TCP/IP) using modern cryptography in point-to-point connections. Previously, it was possible to view the data exchanged between clients and servers without any special technical tricks.

The SSL protocol is designed to solve traditional problems of ensuring the security of information interaction:

the user and the server must be mutually confident that they are exchanging information not with fake subscribers, but with those that are needed, not limited to password protection;

after establishing a connection between the server and the client, the entire information flow between them must be protected from unauthorized access;

and finally, when exchanging information, the parties must be sure that there are no accidental or intentional distortions in its transmission.

...

How electronic payment systems work.

There are a lot of electronic payment systems on the Internet. Here are just a few of them:

The operating principles of electronic payment systems are different. Most founders of electronic payment systems tend to introduce their own digital currency. Since it is illegal to consider it money, nice-sounding symbolic names are invented:

Electronic payment obligations.
Certificates for specific online stores.
Gift certificates.
Digital letters of credit or checks.
Loan obligations guaranteed in gold reserves.

Experienced financiers understand that all these beautiful words mean only one thing - the complete absence of any legislative guarantees. In relation to electronic money, an ordinary user can rely only on the concern of the owners of the electronic payment system about their reputation. After issuing its own virtual currency, the electronic payment system organizes a cloud financial infrastructure:

The official portal where new members register and most transactions take place.
Electronic wallets, which record how much electronic money a particular depositor has.
Electronic terminals or gateways for accepting payments on websites. All these critical nodes are united by a specially developed network of encrypted communication channels, through which electronic money is exchanged.
Some electronic payment systems create their own networks of ATMs, points of exchange of electronic money into regular ones.

Additionally each electronic payment system must establish connections with real banks in order to convert real money into virtual money. However, the dependence of EPS on conventional payment systems is minimal, which explains the presence of a large number of advantages of the former.

Advantages of electronic payment systems

Almost instantaneous transactions, money transfers, payment for goods, currency exchange.
Due to the lack of a deployed physical infrastructure, the cost of an online transaction tends to zero. Most electronic payment systems on the Internet try not to charge commissions at all from ordinary users.
Privacy and anonymity. This is an attractive point for many semi-legal online services such as adult services or gambling.
Simplicity and speed of opening electronic accounts.
Replenishing wallets and transferring funds to real banks.
Transaction security. If we omit the moment of trust in the payment system itself, then it is possible to protect currency transactions at the digital level much more reliably than at the physical level. Transferring web currency over an encrypted Internet channel is not like handing over a suitcase with dollars in an abandoned warehouse.

Most of all, freelancers like to use online payment systems for settlements with remote customers, players in virtual casinos, buyers of online stores, and investors. Gradually, offline services are being drawn into the digital payment infrastructure. It’s very easy and quick to top up your mobile phone account with digital currency, pay your Internet tariff, and even pay for some utilities.

Disadvantages of electronic payment systems

The disadvantages of electronic money stem from their incomplete legitimation. Not all services and purchases can be paid for using your e-wallet. Indeed, transactions with electronic money may be free, but conversion into real bills is expensive. Since accredited banks do not convert virtual money into real money, private online exchangers charge huge percentages for transferring homemade certificates.

Due to weak government regulation and the difficulty of control by law enforcement agencies, scams and fraud are flourishing in the field of electronic money. In principle, any advanced user can, in five minutes, create a “type of payment system site” or an exchanger on a free hosting, and collect coupons from gullible users for a while.

How can you practically find out whether a given electronic money service is fraudulent? It is necessary to check whether such state banks as SBRF, Gazprombank, etc. cooperate with this system. If the giants of the financial world agree to deal with EPS, then the average user has nothing to fear.

The future and prospects of electronic money

It is difficult to imagine that states will long tolerate the existence of parallel financial institutions and even currency issuers that have little control over governments. Evidence of this is the one adopted not so long ago.

So far, parliamentarians simply do not know what to do with it, with this Internet. When they figure it out, electronic money will smoothly transform into regular convertible currency. And then there will be peace and universal harmony in the world at the level of fiscal structures.

Already today, the largest payment systems on the Internet are working closely with the state and are striving to obtain the status of legitimate financial organizations and become equal to real banks and funds. Therefore, services such as WebMoney, Yandex.Money are vitally interested in the trust of users and will try to do everything to avoid any problems with electronic money transactions.

Good Investments and success in all your endeavors. See you on the blog pages.

Doing business on the Internet has ceased to be something innovative and has become a “self-evident” concept. Almost every store has its own store or catalog online.

However, as easy as it is to find and order a product online, it is just as difficult to pay for the product online; in this case, I’m talking specifically about Belarus. In the best case, a courier with a terminal will come to you to make payment by card. One of the reasons for this phenomenon lies in the low culture of the population in the field of electronic payments. It comes from a banal misunderstanding of how it works.

In this article I want to talk about the key points of making an online payment.

A little theory, diagrams and important points

First, a little theory.

1. To make your payment online, the client needs to transfer his hard-earned money into electronic form. To do this, you need to go to the bank and open an account there. After this, dear cash turns into a set of bytes on one of the bank servers. In reality, there is no need to go anywhere, because the banking system in the country is quite developed. According to statistics, the population has more than 10 million bank cards, so we can safely say that every person in our country has a bank (debit, credit, salary) card, which means there is “electronic” money. The bank that issues the payer's card and ensures the safety of funds on it is called the Issuer.

2. In order for clients of different banks to be able to make payments without problems and use any terminal or ATM, and not just the services of “their” bank, a common standard for interaction between banks and some kind of regulator is needed that would ensure this interaction. This role is performed by processing centers. These centers are the international payment systems Visa and MasterCard. Within our country there is also BelKart and the Bank Processing Center. Each bank that issues you a card with the BelKart Visa MasterCard logo is a participant in this system.

3. In order to accept card payments, you again need to go to the bank and open a special “Merchant Account” or Merchant Account there. The bank where you can open such accounts is called an Acquirer.

Let's see how all this already works using the example of the usual card payment in a regular store.

1. They tell you the amount - you hold out your card.

2. Your card is swiped through a special device (terminal), which reads the data from the card.

It's important to understand that only the card number and owner information are read.

PIN code or CVC code are security elements - the data on them is not embedded in a magnetic stripe or chip. Therefore they cannot be read as easily. You may be asked to confirm the check with a signature or PIN. But you can’t just name or transfer this data. This is important to know and remember - in order to avoid possible fraud with your card

3. The terminal is programmed to make a specific request to the acquiring bank, which issued the device data to the store. This request contains a pointer to the merchant/store account number at this bank and card details.

4. Having received this request, the bank sends a request with card data to the processing center. The processing center determines the card issuer and sends a request to this bank. The Issuer Bank, in turn, checks whether the requested funds are on the card account and, if so, freezes them and gives a positive response to the operation.

5. The Acquiring Bank gives a positive response to the terminal - and your payment is successfully processed.

Important point in this scheme, which many miss. The issuing bank freezes the money in the client's account, and does not make an instant transfer from the client's account to the seller's account. Depending on the location and operating rules of banks, the final transfer of funds can take up to several days. Often, many traders have a misunderstanding at this point. The payment is approved - the goods are delivered, but there are no funds in the account. It's okay - they will be there within the next few days.

How is payment on the Internet fundamentally different from the scheme described above? Not many, actually. The Acquirer Bank and the Issuer Bank, as well as the scheme of their interaction remain unchanged. The only difference is how the request gets to the acquiring bank. To implement online payment, the Acquiring Bank must open access to its data center. In order to protect itself, the bank opens this access either to its division responsible for online payments or to certified processing companies.

These companies perform 2 roles:

They ensure the payment is checked for fraud before entering the bank's network.
They provide a convenient request form for marketplaces. As a rule, you need to make a simple POST request to the resource of the processing company, which will then turn it into the necessary request for the bank (essentially posing as a terminal). This is also convenient if the merchant changes the Acquiring Bank - the trading platform does not need to change the integration.

So, now let's see how it works in case of online payment.

You go to the cart on some trading platform.
You will be shown the order amount and a form for entering your payment and personal data. Looks like the picture for the article.
After filling out all the information, you click the “Pay” button.
The platform collects your data and generates a request for the processing company.
The processing company checks it and sends it to the Acquiring Bank.
The following scheme is similar to the previous one: Acquirer Bank - Processing Network - Issuer Bank
The processing company delivers the result to the site.

There are even simpler payment schemes: the trading platform simply redirects the client to the Payment page of the Processing company. Next, the client will be greeted with a convenient data entry form, shown a beautiful spinner while the payment is being processed, and just as gently shown the payment result and returned to the site from which the client came.

Hence the main conclusion: if you want to start accepting payments on your trading platform, you need to contact the Bank, which opens “Merchant Accounts”, or a processing company that will study your business and select the appropriate Acquiring Bank for you, and also help with integration your site.

If there is interest in this article, in the following articles I can talk about various types of integration of your site, touch on the main points of security, payment schemes and cancellations.

Section 1. Concept of payment system, types payment systems.

Payment system- This a set of rules, procedures and technical infrastructure that ensure the transfer of value from one economic entity to another. Payment systems are one of the key parts of modern monetary systems.

The concept of payment system, types of payment systems

In monetary systems, where the functions of money as a means of circulation and a means of payment are performed by full-fledged metal coins, the problem of creating and regulating a payment system does not arise. Transfer of full money from seller to buyer, from borrower to debtor means the fact of final completion payment and debt repayment. When using paper and credit money there is a need to develop special rules for their circulation and transfer procedures, which should ensure unambiguous recognition by all participants of settlements of the fact of payment and repayments debt. A special system for transmitting payment information is being formed.

The importance of these rules, procedures, and systems increases significantly with the transition to the use of non-cash payments and electronic money. In each country, an independent payment system is created within the financial system. With the development of international exchange, international payment systems arise that ensure payments between participants in international markets located in different countries.

It is usually understood that money is transferred through payment systems. From a legal point of view, in most cases there is a translation debt: funds that the payment system owes to one of the clients, it becomes owed to another client. When the first client transfers his money to the payment system, the amount of such transfer is recorded, that is, the amount of debt to the first client. By his order, the client can indicate that the payment system now owes not to him, but to the second client. When the second client contacts the payment system, he has the opportunity to receive the cash equivalent of such a debt. In some cases, the means of payment are not money or debts denominated in money, but conventional payment units or specialized securities (an example is WMR).

Payment systems are a substitute for cash payments when making domestic and international payments and are one of the basic services provided by banks and other specialized financial institutions. The largest service of this kind is the SWIFT system (2012).

Extended forms of payment systems (including physical or electronic infrastructure and associated procedures and protocols) are financial transactions using ATMs, payment kiosks, POS terminals, stored value cards cost; carrying out transactions in the Forex currency markets, futures, derivatives and options markets. Some payment systems include credit mechanisms, but these should be considered outside of the payment systems aspect.

Electronic payment systems are a subtype of payment systems that ensure the implementation of transactions electronic payments via networks (for example, the Internet) or payment chips.

The efficiency of the payment system is the timeliness and reliability of the transfer and accounting of payment resources allocated for making payments. With the effective functioning of the payment system, operating costs are significantly reduced, and there is an opportunity for better liquidity management and banks, and in enterprises. Various failures, unintentional or unexpected delays in payments significantly undermine confidence in the payment system, and economic agents begin to doubt whether payments will be made at all. All this leads to an increase in risk, and thereby an increase in the costs of payment system participants and to a payment crisis. The crises of 1994 and 1998 clearly demonstrate this. in the Russian Federation, when customer non-payments resulted in non-payment private banks.

Tasks and functions of the payment system. The main tasks facing the payment system are the following:

uninterrupted operation, safety and efficiency of operation;

reliability and strength, guaranteeing the absence of disruptions or complete failure of the payment system;

efficiency, providing fast, economical and accurate workflow output;

fair approach, for example requiring participation in the payment system of persons who meet the necessary qualification criteria.

The main function of any payment system is to ensure the dynamics and sustainability of economic turnover. The presence of an effective payment system facilitates monetary control and helps banks actively manage liquidity, thereby reducing the need for large and excess reserves. As a result, it simplifies the compilation monetary programs and accelerated implementation of financial policy operations.

Elements of the payment system. These include the following:

institutions providing services for money transfers and debt repayment;

financial instruments and communication systems that ensure the transfer of funds between economic agents;

contractual agreements governing the procedure for non-cash payments.

The elements of the payment system are closely interconnected, their interaction is carried out according to certain rules enshrined in regulatory legal acts (RLA) states and international agreements. Operation of the payment system Russian Federation as a whole, it is built in accordance with the relevant legal acts, on the basis of which the rules for its functioning are developed. They are the same for any system and determine the set of procedures that are necessary for the functioning of the payment system and the transfer of funds from one economic agent to another. The procedures of the payment system include established forms of non-cash payments, standards of payment documents, as well as various means of transmission information(communication lines, software and hardware).

Payment system is

The main participants in the payment system are the Central Bank, private banks, non-banking institutions, including clearing and settlement centers. They act as institutions providing services for money transfers and debt repayment. Ensuring uninterrupted settlements rests directly with central bank states. Job payment system is closely related to the implementation of the main goal of the activity central bank- ensuring the stability of the banking system. In this case, the Central Bank can act as:

user of the payment system, i.e. carry out their own transactions;

payment system participant, i.e. make or receive payments on behalf of their clients;

person providing payment services;

protector of state interests, i.e., perform the function of a “regulator” of the payment system, supervising its participants and establishing general rules for them work.

The competence of central banks, as a rule, includes risk management of payment systems. Central Bank controls risk liquidity, credit and systemic risks in the payment system, regulates liquidity its participants, including based on the function borrower the last resort, acts as the operator of the payment system. Risk management by the central bank consists of:

applying preventive measures to private banks in difficulty;

monitoring the activities of credit institutions in the field of settlements;

development of legal norms to ensure the regulation of settlements between economic agents;

creation and implementation of appropriate forms of transmission channel protection information with payment instructions and negotiable payment instruments.

Lack of proper attention to any of the risks and ways to manage them can lead to very serious consequences, expressed in the destabilization of payments in the region or the country as a whole, causing the payment system. To reduce the risks of payment systems, it is important to follow certain principles of their construction.

Principles of building payment systems. The basic principles for building payment systems are determined by the Payment Systems Committee, which operates within the framework of the Basel Committee on Banking Supervision. They apply to all payment systems of different countries and are as follows:

the system must have a well-developed legal framework in all relevant jurisdictions;

the rules and procedures of the system must give participants a clear understanding of its impact on each of the financial risks they bear by virtue of participation in the system;

the system should have clearly defined procedures for managing credit and liquidity risks, establishing the appropriate responsibilities of the system operator and its participants and containing appropriate incentives to manage and contain these risks;

the system should provide quick final settlement on the value day, preferably during the day or, in extreme cases, at the end of the day;

the system in which multilateral netting is carried out must, at a minimum, be capable of ensuring the timely completion of daily settlement in the event that the participant with the largest single settlement obligation is unable to settle;

The system must have a high degree of security and operational reliability and have backup procedures to complete the day's data processing on time;

the means of payment offered by the system must be practical for users and efficient for the economy;

the system must have objective and publicly announced criteria for participation, ensuring fair and open access;

System management procedures must be effective, accountable and transparent.

In addition, the Payment Systems Committee has defined the role of central banks in the state payment system and their tasks in accordance with the basic principles.

The Central Bank must clearly define its goals and make public its main directions politicians in relation to significant payment systems.

The central bank must ensure that the systems it manages adhere to core principles.

Payment system is

The central bank must oversee compliance with core principles by systems it does not manage, and have the capacity to do so.

To ensure the safety and efficiency of payment systems through core principles, the central bank must cooperate with the central banks of other countries and any relevant national or foreign institutions.

Settlement processes. The payment system includes three main payment systems process:

payment initiation - process, through which a business entity instructs its servicing bank to transfer funds to another business entity. Payment initiation is carried out using payment instruments;

The process of transfer and exchange of payment instruments between banks - participants in the payment system;

The settlement process between participating banks that debit (credit) funds from their clients' accounts.

When paying in cash, the payment instrument is cash itself. Settlements occur directly between the payer and the recipient. The role of banks is reduced to servicing the circulation of cash: issuing it from bank cash desks, crediting it to accounts, collection, storage, etc. The Central Bank issues cash into circulation, establishes rules for conducting transactions with it, predicts the need for turnover, regulates the composition of cash bills -money supply, etc. The circulation of cash occurs in non-bank circulation; the rules for cash payments are essentially reduced to the rules for performing cash transactions.

For non-cash payments, all payments are made within banking system. To carry them out, an enterprise opens a settlement or current account in a private bank, in which its free cash is stored. In private banking, during a non-cash payment, money must be debited from the payer's account and credited to the account of the recipient - another enterprise. If the accounts of the payer and the recipient are in the same bank, then there is a simple movement of funds between the accounts. If their accounts are opened in different banks, then funds are transferred from one bank to another, i.e. interbank settlements are carried out. Correspondent accounts are used to carry out settlements between independent banks.

A correspondent account is an account that one (respondent bank) opens in another bank (correspondent bank) to carry out operations on this account as provided for in agreements between them. The account maintained by the correspondent bank is called LORO. On the balance sheet of the respondent bank it is called NOSTRO. Basic entries are made in the LORO account. They are decisive for ensuring timely settlements. Transactions on the NOSTRO account are carried out using the mirror accounting method.

Payment system is

Settlement transactions on these accounts are carried out subject to ensuring daily equality of their balances and are reflected in the balance sheets of the respondent bank and the correspondent bank on one calendar date (day, month, year) - the date of payment transfer (DPP). Correspondent accounts are opened by private banks to each other by mutual agreement. At the central bank RF Correspondent accounts of private banks are required to be opened. Each bank has one correspondent account in the current account private banks nogo bank of the Russian Federation. The settlement divisions of the Russian Central Bank include head settlement and cash centers and cash settlement centers.

Settlements between banks can take place both through the settlement network of the Central Bank of the Russian Federation, and on the basis of two or multilateral correspondent relations between private banks. The latter can carry out these relations with each other without opening correspondent accounts, but through an account that they maintain in a third bank.

Any interactions between payment system participants are based on certain contractual relationships. Based on the agreement, a correspondent account is opened in the settlement network Russian central bank and correspondent accounts in other banks and credit institutions. The agreement, as a rule, determines the procedure for opening and maintaining an account, the procedure for conducting transactions on the latter (including the timing of payments), the rights and obligations of the parties, and their responsibilities. It records the payment details of the parties. In addition, the agreement provides price provision of certain services by the parties, the duration of its validity, the procedure for changing, terminating, and resolving disputes.

Concessions Correspondent (sub-account) and bank (for individuals and legal entities) accounts serve as the basis for the functioning of the payment system of the Russian Federation.

If a resident bank opens an account with a non-resident bank, then it signs with the correspondent bank not, but transaction tariffs, i.e., its consent to the conditions of the correspondent bank, according to which payment services are provided. All their relationships are subsequently regulated only within the framework of this tariff politicians counterparty, provided that this does not contradict the international and internal rules of the state of the correspondent bank.

Depending on the interbank settlement company, there are different types of payment systems.

Types of payment systems. In order to determine the characteristic models used in funds transfer systems, it is necessary to highlight the main differences between them, for example, such as:

system operator (central bank or private company);

settlement mechanism (gross or net settlements);

credit mechanism (with or without providing a loan to a participant in its settlements during the working day).

Payment system is

For a more detailed consideration of these concepts, let us turn to the classification of payment systems. According to the hierarchy, or degree of subordination, there are centralized systems, where each group of lower-level participants establishes relationships with one of the higher-level participants, and the latter are subordinate to a single center, and decentralized ones, where individual connections between participants can be formed independently of all the others. A centralized system includes a settlement system Central Bank of the Russian Federation, and to a decentralized one - a system of interbank settlements through the establishment of direct correspondent relations between credit institutions, a clearing system of interbank settlements, an intrabank (interbranch) settlement system.

According to the conditions for accepting participants, there are systems with equal requirements and equal access for all participants, as well as systems in which restrictions are established (for example, on the amount of equity capital and the volume of payments of the participant).

For example, in the cash settlement centers of the Central Bank of the Russian Federation (Russia), correspondent accounts are opened for all credit organizations on equal terms, and in non-state clearing institutions, participants can, as a rule, only be large and stable credit institutions. companies.

According to the procedure for reserving funds, a distinction is made between payment transactions that are carried out only after the preliminary deposit of funds by payment participants in separate accounts and without their preliminary deposit. Thus, in the settlement system of the Central Bank of Russia, operations are carried out only if there are funds in the correspondent account of the credit company. In interbank settlement systems based on clearing, at the beginning of their implementation, participants clearing may have a zero account balance.

Payment system is

Based on the methods of receiving the final payment (settlement mechanism), a distinction is made between gross settlement systems, or settlements on a gross basis, and net settlement systems, or settlements on a net basis. Systems by which settlements of interbank payments are carried out by subsequent postings for each individual transaction and then summed up one after another are called gross settlement systems. These include settlements between institutions of the Central Bank of the Russian Federation, direct settlements between credit transactions. There are two main types of gross settlement systems, in which:

settlements on transactions can only be carried out if there are sufficient funds in the account;

settlements are carried out in real time, despite the fact that the necessary funds may not be available at the time of settlement.

Gross settlement systems are used for large money transfers. Systems based on mutual settlements are known as net settlement systems.

Net settlement is a settlement in which equal claims or obligations of private banks are cancelled, and the difference in favor of one of them is transferred from the correspondent account of the private bank to the recipient's account. It is possible to distinguish between two- and multilateral net-settlement banking systems, which are settlements of non-state clearing institutions. Net settlement systems of private banks for carrying out large volumes of payments in small amounts. As world practice shows, in the 1990s. The volume of large payments in interbank settlements has increased sharply. In this regard, for the timeliness and security of payments, specialized systems for transferring large amounts of payments have been created in a number of countries with developed market economies. The amount of one payment processed by such a system is not subject to restrictions and can range from a million to several billion dollars. One of the main requirements for a system for transferring such amounts is its ability to process payments within one business day. Systems of this type include payment systems of the USA, Switzerland, etc.

Payment system is

Based on the size of the amounts and urgency of payments, there are systems in which payments are made on equal terms, regardless of the amount and deadline payment, and systems for transferring large and small amounts of funds, as well as urgent payments. In the Russian Federation, all existing systems of interbank settlements are not differentiated by the size of payments made. To quickly transfer funds, an electronic form of payment is used using banking telecommunications systems.

When it is possible to provide a loan, a distinction is made between systems that provide for the automatic termination of settlement operations in the event of a temporary lack of funds in the accounts of settlement participants, and systems within which it is possible to provide a loan to a settlement participant in the event of insufficient funds for a relatively short period of time (mainly these are loans in the form of an overdraft on account). As a rule, the conditions for providing loans to complete final settlements are stipulated in agreements on correspondent relations between participants in the settlement system.

Interbank settlement company in the Russian Federation. Currently, in the Russian Federation there are several systems of interbank settlements in parallel, which can be considered as the main tool of the payment technology used in settlement systems.

1. The payment system of the Central Bank of the Russian Federation, in which interbank settlements are carried out in a centralized manner - through its settlement network. In accordance with Russian legislation, upon obtaining a license to carry out banking operations, each private bank opens a correspondent account with the Russian Central Bank. It stores the free cash reserves of a private bank. Payments are made through cash settlement centers.

2. Interbank settlement systems of a private bank establishing direct correspondent relations between private banks.

3. Clearing systems in which settlements are carried out by independent clearing centers and clearinghouses, i.e., non-bank credit organizations. Correspondent relationships are established between private banks and clearing centers. Members of clearing centers, as a rule, are large banks; other banks can carry out settlements through participating banks.

The payment system of the Russian Central Bank is centralized

The remaining three are decentralized systems. However, intrabank settlements also take place in a centralized system, when they are carried out between divisions of the settlement network - GRCC and RCC, as well as at the regional and interregional levels. Considering all the systems existing in the Russian Federation, it should be noted that only the clearing system is based on net settlements.

Payment systems can use various payment technologies. First, there are paper-based technologies. They are used in both centralized and decentralized interbank settlement systems. Secondly, electronic payments take place. The Central Bank of the Russian Federation is leading private banks to switch to an electronic form of payments, increasing tariffs for transactions based on paper technology.

In direct correspondent relations between Banks, technologies based on private banks are used to carry out most settlement transactions, through the use of various means of banking communications. Currently, economic authorities use the following main types of payment instruments: payment orders, demand orders, letters of credit, checks and bills of exchange. The predominant form of payment is payment orders.

The payment system of the Russian Federation as of January 1, 2003 includes 1,172 institutions of the Russian Central Bank, 1,331 credit organizations, 41 non-bank settlement organizations, 3,326 branches of credit organizations.

Electronic payments. They represent a system for performing interbank settlement transactions based on customer orders transmitted electronically using electronic means of communication. The purpose of making Payments electronically is to accelerate turnover and reduce the volume of funds in settlements, improving the quality of banking services. Participants in electronic settlements are divisions of the settlement network of the Russian Central Bank, and users are credit firms (and their branches) and its other clients. The peculiarity of electronic Payments is their guarantee and irrevocability, provided that the electronic payment document is correctly prepared. The guarantee of an electronic Payment means the integrity of its transmission through telecommunications channels from the point of origin to the destination, and the irrevocability means the inadmissibility of the return of an electronic Payment along its entire route. In addition, it is important to determine the finality of the Payment. It becomes final from the moment in time when its amount can be returned to the payer only on the initiative (or with the consent) of the recipient.

Electronic Payments in the system of the Russian Central Bank are carried out at the intra- and interregional levels. Intraregional electronic settlements (IER) are understood as a set of relations between divisions of the settlement network of the Russian Central Bank, as well as between credit institutions and other clients of the Russian Central Bank located in the territory of one region (republic, territory), for making Payments using payment and service information documents compiled in electronic form. Interregional electronic settlements (MES) are relations between divisions of the settlement network of the Russian Central Bank, credit institutions and other clients of the Russian Central Bank located in various constituent entities of the Russian Federation.

Intraregional electronic Payments must be carried out “day to day”, i.e. funds debited from the accounts of senders (correspondent accounts (sub-accounts) of credit institutions and other clients) of the settlement division of the Russian Central Bank must be credited to the accounts of recipients during the business day, opened in the settlement division of the Russian Central Bank. In the regions, schedules are being developed for the delivery, transmission and acceptance of electronic Payments and messaging. Each region has its own procedures for conducting water and energy assessment, which differ significantly from each other both methodologically and technically. Each regional settlement system has its own characteristics.

The company and accounting of interregional electronic payments are carried out by their Leading Participant of the Ministry of Economic Development, which, as a rule, is GRKTs. The latter sends and receives electronic payment documents via the interregional telecommunications system and records transactions. The regulations for processing sent and received interregional electronic Payments in the region are approved by the territorial office of the Russian Central Bank. Deadlines sending messages for interregional and intraregional Payments are different, and in the second case they are much shorter. This is explained by the maximum approximation of the Deadlines Deliveries messages through a centralized system by the legally established Payment Deadlines. In order for the latter to reach the recipient as quickly as possible, it is written off at the interregional level, as a rule, in the first half of the day.

Payment system is

The exception is the Moscow region, where there is a special time-based technology for sending Payments through a centralized system of interbank settlements, which provides for the debiting of interregional Payments throughout the working day.

However, the payment will be delivered to a recipient in another region during the day only if the payer sends it on the first or second flight (i.e. before 11 a.m.).

In the MER and VER systems, the transfer of Payments is carried out on the basis of an electronic payment order (EPD). Such forms of non-cash payments as collection orders and The letter of credit is in electronic form, just getting ready for implementation. Their use will become possible only after the use of an electronic digital signature (EDS) as an analogue of a handwritten signature is permitted at the legislative level. The exchange of EPD and electronic service information documents (ESID) between credit institutions or clients of the Russian Central Bank and the servicing division of the latter’s settlement network is carried out in packages that include one or more electronic documents (ED). Each package is signed (protected) with an electronic digital signature (EDS) [Regulated by the Regulations of the Central Bank of the Russian Federation dated October 3, 2002 No. 2-P “On non-cash payments in Russia” (as amended on March 3, 03) // Express Law . 2003. No. 9; Bulletin of the Russian Central Bank. 2003. No. 17.] sender. When transmitting ED packages, Information protection tools used in the system of the Russian Central Bank are used.

There are full and shortened formats of electronic payment orders. The full format contains all the main details of the payment order. When making Payments in the MER system, only the full ED format is used. In this case, there is no need to provide accompanying payment documents on paper. In intraregional settlements, both payment document formats can be used. However, the use of shortened formats increases the processing time of documents and leads to the need to transmit accompanying materials (i.e. payment orders on paper).

Improving the payment system of the Russian Federation is inextricably linked with the creation and development of an electronic system of interbank settlements, which takes into account and actively uses the capabilities of the modern system-technical environment, telecommunications and information protection. Currently, this problem is being solved by conducting an ever-expanding experiment on making intraregional and interregional electronic Payments, developing a unified telecommunications network, introducing a comprehensive information security system, creating a system of national formats for electronic banking messages, experimental testing of technological solutions at the federal level and their regulatory framework. provision.

During 1993 - 1997 In a number of regions of the Russian Federation, an experiment was conducted on the implementation of interregional electronic Payments. Its goal was to test additional means of making interbank settlements along with the existing postal and telegraphic advice. A feature of electronic Payment, as already noted, is its guarantee and irrevocability. The introduction of a system of interregional electronic payments made it possible to reduce the time for processing Payments from 10 - 12 to 1 - 5 days.

Private banks also carry out electronic payments within their structure, which allows them to make payments bypassing the RCC system, i.e., according to the “head bank - branches” scheme. This scheme is especially typical for former specialized banking structures (Promstroybank, Sberbank, etc.), as well as large, newly formed Private banks with many branches in various regions of the Russian Federation. The clearing system within the Bank can be built on different principles of mutual settlement.

Banks are developing Data systems to reduce Costs for making Payments, accelerating their passage, growth Liquidity translation.

Clearing settlements. They represent a system of private banking claims of Banks to each other or Banks within a group of Banks participating in the system. Currently under Clearing refers to a system of mutual offset of payment documents of credit institutions, carried out on the basis of two or multilateral net settlements.

The main characteristics of the possible options for the Interbank Clearing Firm are:

form of ownership (state or private);

membership (voluntary or compulsory);

type of clearing settlements (bilateral or multilateral netting);

Clearing Firm level (intracity, intraregional, interregional, interstate, mixed);

type of documents used in Clearing (electronic or paper);

methods for settling receivable positions of participating banks (insurance premiums, interbank, recalculation with return of documents, provision of overdraft, debt security, etc.);

Firm and frequency of preliminary and final clearing sessions (at the end of the day, after a specified period of time);

Banking accounting company (on a correspondent account, opening independent balance sheet and off-balance sheet accounts, sub-correspondent accounts or pseudo-correspondent accounts);

Interbank Clearing Firm (with or without preliminary deposit of funds in the accounts of Banks participating in clearing settlements);

the procedure of the Firm and the final settlement by the agent;

the procedure for interaction of the clearing system with other settlement Banking systems, in particular with the system for transferring large amounts of Payments; etc.

The purpose of introducing a clearing system for interbank settlements is to accelerate the turnover of funds of participating banks due to the ability for each of them to make mutual offsets within a certain Period of time, as well as to reduce the funds required by Banks to make Payments. Based on clearing systems, prerequisites are created for the development of new forms of non-cash payments (checks, bills, credit cards, etc.).

The interbank clearing settlement system concentrates certain risk factors that are functionally determined by the volume and cost of transactions performed. Numerous connections between participants, along with acceleration and increased efficiency of Information transfer, create potential conditions for disruption of Payment flows. These Risks, due to their possible occurrence and spread in the financial sector, in their totality can develop into a systemic one, which in turn can create the preconditions for the manifestation of moral hazard, i.e., distrust in the system as a whole on the part of its participants. Therefore, in clearing systems, special attention is paid to providing guarantees that allow their participants not only to control their Risk, but also to prevent the spread of Risks that are systemic in nature.

Payment system is

The development of the economy of any Country is impossible without a highly efficient system of non-cash payments and the use of modern payment mechanisms. The growing turnover between business entities requires confidence in the timely and accurate fulfillment of Payment obligations. The structure of money turnover and the increase in its non-cash component largely depend on trust in the payment system, which is a particularly acute and pressing problem for the Russian Federation. Improving the payment system involves a gradual transition to an automated system that operates primarily in real time based on electronic payments, as well as the development of settlement non-bank credit organizations, the development of standardization and certification systems for banking technologies. In this regard, the Russian Central Bank is reforming the regulatory framework for settlements, improving the means of ensuring their security and minimizing Risks, as well as changing the architecture of settlements. But the most important factor ensuring the creation and operation of a modern settlement system is the presence of an adequate telecommunications network capable of providing high-quality and timely service of information flows of the payment system.

This is a fast and convenient way of payment. Electronic Payments are used to pay for Goods and services, top up a mobile account, pay for utilities, pay off Loans, etc.

Requirements for an electronic payment system: security, reliability, simplicity. The system must guarantee the confidentiality of the client’s personal data and the safety of his savings; have a “friendly” interface and competent support service; and finally, work stably and quickly. These are the components of her image.

International payment systems

Borders in the modern world are arbitrary, but on the Internet there are none at all. People buy and sell all over the world and use international payment systems to do this.

The main ones:

PayPal is the world's most popular payment system. By opening an account for free, you get many opportunities: transferring funds to several users at the same time, multi-currency Payments, account insurance, etc. When registering, personal data (full name, address, etc.) is indicated. Paypal account replenishment is carried out through bank transfers and bank cards. Withdrawals for Russian users are not (yet) available.

MoneyBookers (Skrill) is another international payment system common in the Russian Federation. To work with it, no additional software is required; the system supports the Russian interface. One of the main “trump cards” is the ease of registration. Deposits and withdrawals of funds are made through Banks, as well as Visa and MasterCard.

Click2Pay is an electronic payment system created by a German company, but which has become international. In particular, it works in the Russian Federation and the CIS. Of the minuses, it does not support the Russian language, which is (partially) compensated by the presence of Russian-speaking support. A card is used to top up your account Visa.

Electronic payment systems of the Russian Federation

There are two undisputed “leaders” in RuNet:

1. WebMoney is the largest domestic electronic payment system (it supports several currencies and operates in different countries). Work in the system is carried out both through special software (WM Keeper), and a web interface and mobile applications. There is a system of certificates, the possession of which provides users with different amounts of authority. WebMoney is considered one of the most secure, but difficult to use systems.

2. Yandex Money is also a popular and reputable payment system. The main advantage over WebMoney is simplicity. A Yandex account gives access to all its services, including financial ones. You can work both through the website and through the wallet program. Currency - . You can pay utilities, pay for the Internet, buy in online stores, etc. However " Yandex money» cannot be used in commercial activities.

Among the Russian electronic payment systems we can also highlight: Z-Payment, E-port, RUpay, Rapida and others.

advantage>When building an Internet business, you cannot do without electronic payment systems. Each of them has its own “+” and “-”. The choice of a specific electronic payment system depends on the purpose and objectives of your Internet project.

Internet payment system

CLS (payment system)- The CLS (continuous linked settlement) payment system is an international system of foreign exchange transactions. This payment system was created by leading dealers in the foreign exchange market (the so-called G20) ... Wikipedia

Electronic payment system- Internet payment system is a system of settlements between financial organizations, business organizations and Internet users when purchasing, selling goods and for various services via the Internet. These systems are electronic versions of ... Wikipedia

VISA (payment system)- This term has other meanings, see VISA (meanings). Visa Inc ... Wikipedia

SWIFT (payment system)- SWIFT logo SWIFT (Society for Worldwide Interbank Financial Telecommunications, English Community of Worldwide Interbank Financial Telecommunications, pronounced SWIFT in Russian) is an international interbank information transfer system and... ... Wikipedia Great Soviet Encyclopedia audiobook

The principle of operation of the payment system. Electronic payments and electronic payment systems

Send your good work in the knowledge base is simple. Use the form below

Similar documents

How electronic payment systems work.

Advantages of electronic payment systems

Disadvantages of electronic payment systems

The future and prospects of electronic money

Popular articles

Latest articles

Sections

Pages

Special projects

Contacts