The electronic payment system is composed of the intermediary agencies providing payment services, the laws and regulations governing currency transfer and the electronic information technology means to realize payment. That is to say, the payment information of the new payment means is transmitted to the bank or the corresponding processing agency through the network security to realize the electronic payment.
The electronic payment system is composed of the intermediary institutions providing payment services, the laws and regulations governing currency transfer and the electronic information technology means to realize payment, which is used to pay off the debts borne by the participants in economic activities when they acquire physical assets or financial assets. That is to say, the payment information of new payment means (including e-cash, credit card, debit card, smart card, etc.) is transmitted to the bank or the corresponding processing agency through network security to realize e-payment. Therefore, electronic payment system is not only one of the important social infrastructure for electronic transactions, but also the foundation and catalyst for the sound operation of social economy.
电子支付系统是实现网上支付的基础.电子支付系统的发展方向是兼容多种支付工具,但目前的各种支付工具之间存在较大差异,分别有自己的特点和运作模式,适用于不同的交易过程.因此当前的多种电子支付系统通常只是针对某一种支付工具而设计的.Mondex 系统、First Virtual 系统和 FSTC 系统是目前使用的几种主要的电子支付系统。
E-payment system is the basis of online payment. The development direction of e-payment system is to be compatible with a variety of payment tools, but there are great differences among various payment tools at present, which have their own characteristics and operation modes, and are suitable for different transaction processes. Therefore, the current multiple e-payment systems are usually designed for a certain payment tool Virtual system and FSTC system are the main electronic payment systems.
Payment system is a special way and arrangement, which is composed of intermediary institutions providing payment services, laws and regulations governing currency transfer and technical means to realize payment. It is used to pay off debts incurred by participants in economic activities when they acquire physical assets or financial assets. Therefore, payment system is one of the important social infrastructure.
Different payment systems are usually linked to different economies. Economic society has used various forms of money to transfer value in commodity exchange. The development from the original physical exchange to commodity currency (such as precious metals) marks the progress of social productivity.
The emergence of legal tender is the first leap in the history of payment instrument. As a means of payment, bank deposit is a great progress of monetary system. It can be realized technically that electronic payment instrument can completely replace paper voucher cash and non cash payment instrument. People regard electronic payment tools as the second leap or revolution in the development history of payment tools.
Online payment is the development and innovation of electronic payment system. The traditional transfer of bank settlement and payment instructions completely relies on face-to-face manual processing and entrusted transfer by postal and telecommunication departments, so there are problems such as high settlement cost, long voucher transfer time, large occupation of funds in transit and slow capital turnover. Electronic funds transfer system shortens the delivery time of payment instructions between banks and reduces the occupation of funds in transit.
The electronic transaction payment system based on Internet consists of seven parts: customer, merchant, certification center, payment gateway, customer bank, merchant bank and financial special network.
It mainly deals with the transfer of large amount of funds between banks. Generally, the initiator and receiver of the payment are commercial banks or financial institutions that open accounts with the central bank. Large sum system is the core application system of a national payment system. The current trend is that large amount systems are usually operated by the central bank to process credit transfers, and of course, there are also large amount payment systems operated by the private sector. Although such systems can process payment transactions in real time, they need to carry out net fund clearing at the end of the day. The large payment system deals with a small amount of payment business (1% – 10%), but the amount of capital exceeds 90%. Therefore, the risk management in the large payment system is particularly important.
Mainly refers to ach (automatic clearing house), which mainly deals with pre authorized regular credit (such as salary payment) or regular debit (such as public facilities payment). Payment data shall be submitted to clearing house by magnetic medium or data communication.
指 POSEFT 和 ATM 系统，其支付工具为银行卡（信用卡、借记卡或 ATM 卡、电子现金等）。主要特点是金额小、业务量大，交易资金采用净额结算（但 POSEFT 和 ATM 中需要对支付实时授信）
It refers to post ft and ATM system, and its payment instrument is bank card (credit card, debit card or ATM card, e-cash, etc.). The main features are small amount, large business volume, and net settlement of transaction funds (but real-time credit for payment is required in post ft and ATM)
电子支付不是新概念，从 1998 年招商银行率先推出网上银行业务之后，人们便开始接触到网上缴费、网上交易和移动银行业务。这个阶段，银行的电子支付系统无疑是主导力量，但银行自身没有足够的动力也没有足够的精力去扩展不同行业的中小型商家参与电子支付。于是非银行类的企业开始进入支付领域，它们通常被称为第三方电子支付公司。目前，我国主要存在四种模式：支付网关型模式、自建支付平台模式、第三方垫付模式、多种支付手段结合模式。
Electronic payment is not a new concept. Since China Merchants Bank took the lead in launching online banking business in 1998, people have begun to contact online payment, online transaction and mobile banking business. At this stage, the bank’s e-payment system is undoubtedly the leading force, but the bank itself does not have enough power and energy to expand the participation of small and medium-sized businesses in different industries in e-payment. As a result, non bank enterprises began to enter the field of payment, they are often called third-party electronic payment companies. At present, there are four modes in China: payment gateway mode, self built payment platform mode, third-party advance payment mode and multiple payment means combination mode.
1. Payment gateway mode
Payment gateway mode refers to the mode that some third-party payment companies with strong bank interface technology connect merchants and banks respectively in the form of intermediary to complete the electronic payment of merchants. Such third-party payment companies include online banking, Shanghai huanxun, Beijing Shouxin, etc. they are only the channel from merchants to the bank rather than the real payment platform. Their income is mainly the share obtained from the secondary settlement with the bank. Once the merchants are directly connected with the bank, this mode will be abandoned most easily because of the low added value.
2. Self built payment platform mode
Self built payment platform mode refers to the mode that a large-scale e-commerce company with a large user group mainly creates or creates its own payment platform. The essence of this mode is to use the created payment platform as a credit intermediary to temporarily keep the payment for goods on behalf of the buyer and the seller before the buyer confirms the receipt of the goods. This kind of guarantee can control the transaction risk of the buyer and the seller, mainly solve the security problem in the transaction, and easily guarantee the loyalty of consumers. Enterprises adopting self built payment platform mode include Taobao, eBay eBay, Huicong, PayPal, etc. This kind of payment platform mainly serves the main business of the parent company, and its development also depends on the size of the parent company platform.
3. Third party advanced payment mode
第三方垫付模式是指由第三方支付公司为买家垫付资金或设立虚拟账户的模式。它通过买卖双方在交易平台内部开立的账号，以虚拟资金为介质完成网上交易款项支付，这样的公司有 99bill、Yeepay 等。
The third-party advance payment mode refers to the mode that the third-party payment company advances funds or establishes a virtual account for the buyer. It uses the account opened by the buyer and the seller in the trading platform to complete online transaction payment with virtual capital as the medium. Such companies include 99bill, YeePay, etc.
4. Combination mode of multiple payment means
The combination mode of multiple payment means refers to the mode that the third-party e-payment company provides payment platform by means of telephone payment, mobile payment and online payment. In this mode, customers can make electronic payment by calling, SMS or bank card.
The data flow of the payment system can be divided into two modes based on merchant forwarding and non merchant forwarding. According to the current mode based on non merchant forwarding in China’s e-commerce transactions, the system completes the whole transaction process from the customer initiating the purchase request to the customer receiving the goods and the merchant receiving the funds, which requires the following payment process:
1. Users browse e-commerce websites, select products they like, and make purchase requests to businesses.
2. The merchant will digitally sign the order checked by the user and submit it to the payment system.
3. The payment gateway calls the payment interface and requires the user to fill in the account information.
4. The user encrypts the account information with the public key of the payment gateway of the payment system and transmits it to the payment gateway of the payment system;
5. The payment gateway of the payment system checks the account information provided by the user for data conversion, and sends it to the financial institution through the financial private network or special line, and requests to check the user account information.
6. The financial institution transmits the result of verification and the information used by the user for payment confirmation to the payment system.
7. The payment system transmits the user’s payment confirmation information from the financial institutions to the payment confirmation system, which requires payment confirmation.
8. After receiving the information required to be confirmed, the payment confirmation system conducts the pre-processing of payment confirmation, and then informs the user (real-time confirmation, time-sharing confirmation) according to the pre selected confirmation mode to confirm.
9. The user fills in the corresponding confirmation data according to the selected confirmation method and submits it to the payment confirmation system.
10. The payment confirmation system compares the payment confirmation information submitted by financial institutions and users. If it is consistent, the next step of confirmation will be carried out. Otherwise, an error will be returned. Finally, the payment confirmation system will return the confirmation result to the payment gateway of the payment system.
11. If the confirmation is successful, E-mail shall be used to inform the user that his payment request is approved and the fund has been transferred out of his account. Otherwise, E-mail shall be used to inform the user that his payment request is not approved.
12. If the confirmation is successful, the return result of the digital signature financial institution shall be sent to the merchant, and the merchant shall be notified to deliver the goods, otherwise, the merchant shall be notified of the failure of the transaction;
13. The confirmation is successful and financial institutions are required to transfer funds.
14. The financial institution returns the transfer information with digital signature to complete the transaction
电子支付系统的安全要求包括：保密性、认证、数据完整性、交互操作性等。目前，国内外使用的保障电子支付系统安全的协议包括：SSL(Secure SocketLay-er,安全套接字层)、SET(Secure Electronic Transaction)等协议标准。
The security requirements of electronic payment system include: confidentiality, authentication, data integrity, interoperability, etc. At present, the protocols used at home and abroad to ensure the security of electronic payment system include: SSL (secure socket layer), set (secure electronic transaction) and other protocol standards.
安全套接层方法(Secure Socket Layer,SSL)协议在网络上普遍使用，能保证双方通信时数据的完整性、保密性和互操作性，在安全要求不太高时可用。它包括：
Secure socket layer (SSL) protocol is widely used in the network, which can ensure the integrity, confidentiality and interoperability of data when both sides communicate, and can be used when the security requirements are not too high. It includes:
(1) Handshake protocol. That is, before transmitting information, the handshake information is sent to confirm each other’s identity. After the identity is confirmed, both parties hold a shared key.
(2) Message encryption protocol. After the handshake, a random key is encrypted with the RSA public key, and then the information flow of both sides is encrypted with the random key to realize the security.
由于他被 IE，NESCAPE 等浏览器所内置，实现起来非常方便。目前的 B-C 网上支付大多采用这种办法。利用招商银行提供的网上支付接口可以很方便的实现基于此协议的网上支付。
Because it is built by ie, nescape and other browsers, it is very convenient to implement. Most of the current B-C online payment adopts this method. Using the online payment interface provided by China Merchants Bank can easily realize online payment based on this protocol.
SSL uses encryption to establish a secure communication channel to transmit the customer’s credit card number to the merchant. It is equivalent to using a secure phone connection to read the user’s credit card to the merchant over the phone.
SSL transaction process chart
虽然 SSL 握手协议可以用于双方互相确认身份，但实际上基本只使用客户认证服务器身份，即单方面认证。这一协议不能防止心术不正的商家的欺诈,因为该商家掌握了客户的信用卡号。商家欺诈是 SSL 协议所面临的最严重的问题之一。另外由于加密算法受到美国加密出口的限制，浏览器和 WebServer 都存在所谓的”512/40″的问题。既 DES 对称加密为 40 位，RSA 加密为 512 位。加密强度偏低使 B-C 的 SSL 协议难于推广到有更高要求的 B-B 领域。
Although SSL handshake protocol can be used to confirm the identity of both parties, in fact, it only uses the client authentication server identity, that is, unilateral authentication. This agreement can’t prevent the fraud of the unscrupulous merchant who has the customer’s credit card number. Merchant fraud is one of the most serious problems in SSL protocol. In addition, because the encryption algorithm is limited by the US encryption export, there are so-called “512 / 40” problems in browser and webserver. Both des symmetric encryption is 40 bits, RSA encryption is 512 bits. The low encryption strength makes the SSL protocol of B-C difficult to be extended to the B-B field with higher requirements.