Introduction
Debit and credit cards are used by customers for post paid and pre-paid transactions respectively. They promote cashless society since individuals do not carry their money with them while going to shop. The holder of the cards can use them to either debit or credit their bank accounts at any transaction terminal where the holder will have to produce the card for reading confirmation through the assistance of the system of computer before the actual transaction can be completed. The debit card for instance is a payment method which can be accepted at the terminal of transaction using PIN or signature authentication. The interest in this case is to focus on the authentication using PIN which is unique numbers to be entered through the keypad by the card holder. The use of PIN authentication is extra efficient and has lower risk unlike the use of checks which are unsafe and which can be easily forged. The use of PIN just like signatures has really developed fast thereby displacing checks as apportion of consumer payment volume (Miller & Arts, 2014).
The debit or credit system of transaction verification
The electronic system of authenticating transaction is used together with the tokens of transactions. The credit and debit cards are the token used that collects and transmits transaction information together with the biometric data. The verification system if possible has the capability to scan or read the transaction together with the information for accounts that are either printer or encoded on the token transaction. The biometric data are encoded digitally for this case and the transaction cards scanned with the customer’s PIN number taken at the transaction place with an aim of carrying out account authentication or verification. The system used or employed for the verification of electronic transaction possibly digitizes number of token like the magnetic ink character readers’ line printed on either of the card. The information data for the transaction are then transmitted to the central system of processing. The central processing system then does the comparison of the input data with the available database of the of information with an aim of finding out whether the customer at the transaction terminal is under authority to utilize account and whether the condition of the account is pleasing or suitable for the transaction approval. The total system for transaction verification comprises of data for biometric device for both recording and transmission of biometric data gotten at the site of the business deal. The system can too be utilized together with the transaction processing system for the reason of determining whether the transaction instrument presented for payment is connected to the account that is established for the authorized user (McNeal, 2013).
During the transaction, the customer will be required to supply or type the PIN number, that is, PIN which is used for user authentication process. The entered information is encrypted using secret codes and then transmitted online to the customer’s bank account where the same secret codes will be decrypted through the system of computer. The decrypted information is what is compared with the customer’s account details for a match. The status of the account is also checked to find out if the customer is credit worthy to carry out the transaction in question. In a situation where the information decrypted does not match the customer’s details in terms of PIN, then the negative response is received from the customer’s bank to the transaction terminal, informing the tailor at the transaction terminal that the PIN number entered sent is invalid, else the positive feedback is sent. In a situation where the decrypted information are all valid but the customer is not credit worthy in terms of the account status, then a negative feedback is still sent back by the bank to the transaction terminal terminal to inform the customer about the impossibility of business dealing as at that time, else the business deal is permitted. If the business deal is allowed, then the customer’s bank account is either credited or debited and the respective electronic data is transmitted to the transaction terminal of the shop. The whole process of transaction between the transaction terminal and the bank takes place through the electronic data interchange.
The customers can also make purchases as they use credit and debit cards with their mobile phone handsets through telecommunication network. In this case, the card transaction permits the customer or card holder to ensure that the loading of value is done on debit or credit card prior to making purchases. The system for loading comprises of handset mobile device together with device for reading the card, computer that operates as a gateway, computer for the funds issuer in addition to the computer for authentication process. The handset mobile device gets the request to load some value from the user on to credit/debit card. The handset phone later produces a message for funds request which results to value compromise and transmits the funds message of request to the computer system of the issuer for funds which is responsible for debiting an account related to the client or customer. Then the handset produces the message for the load request by way of the cryptography signature that bears the signature and transmits the message request to the computer for authentication where by credit/debit card is authenticated. Then the handset gets the message response which comprises of signature for cryptography and the load approval. Eventually, the signature of cryptography is confirmed by the handset and the value is loaded on the credit/ debit card. The system of payment consists of the server for the merchant together with the server for settling payment. First, the handset sends a request of order and then receives the purchase message instruction in return. Then the handset does the processing of the message instruction of the purchase locally, and then transmits the message of request for draw to the server payment computer. The server used for payment then transmits the message for debit which consists of the signature of cryptography together with the endorsement to debit the payment card. At the end, the mobile authenticates the signature followed by debiting of the individual card ( Hoffman & Adams, 2014).
Using secure website is also part and parcel of enhancing security for transactions carried out using credit and debit cards. The safe website employs the technology of encryption for the data/ information transfer from the computer of the customer to the merchant’s computer that is online. As a result, encryption prevents computer hackers from getting secretly coded information. This is because; those who can unscramble the secretly coded information are those having genuine access privileges. Security is thus the fundamental requirement for safeguarding information sent across the internet. Therefore, high level of confidence is required when it comes to issues of authenticity and privacy of both credit and debit card transactions which can be hard to maintain in cases where transactions are exchanged over the untrusted public network like the internet (Sen, Ahmed & Islam, 2015).
When the customer gets in to the market his or her membership is tested by the market server as shown in the second and third step of the member recognition diagram bellow. In case the customer is found to be a member, then he/she will receive a welcome message from the market server, else the customer is simply ignored.
The payment stage begins at the time when the customer who is card holder and a member in the mobile payment service reaches the cahier. In this case, the member is given the choice to pay through cash, credit/debit card. In case the member selects mobile payment then the first thing that takes places is that the market server ought to ensure the customer membership is met. Some steps will also have to take place in case the customer is a member. The market server contacts the debit or credit center to ensure that the payment amount is actually available. The encryption algorithm is also implemented with an aim of encrypting the customer’s information through blank public key. The information is later transmitted when encrypted as text to the center of the card. As the center receives the encrypted text, the algorithm is utilized in the decryption of the same through the bank’s private key and the test is carried out for the valid amounts. In case the amount is valid, the card center sends the result to the mobile company after when the mobile company sends information to the member for payment confirmation. The customer/member then responds to the sent information using PIN, which is only familiar to him/her (Hnaif & Alia, 2015).
Explanation of the payment process diagram
The diagram bellow shows the payment process stage. The visa in this case stands for the credit /debit card used for business dealing. Payment process as shown in the diagram bellow can be summarized in nine steps which start by the cashier testing the customer’s membership. The member/customer’s encrypted information is transmitted through bank public key. The forth step involve the decryption of the encrypted information by utilizing the bank private key. The information is then passed through the visa/card center where the amount validity is confirmed. If the amount is valid then the system confirms the payment after when the reply confirmation takes place using PIN number of the customer’s card. Finally a request is made from the Visa/card center to deduct the amount at the customer’s bank account (Hnaif & Alia, 2015).
Confirmation of the payment process
The next stage is to confirm the payment process which starts by sending the payment report process from the visa/card center to the market server as shown in the first step of the diagram bellow. The sent report is encrypted through the implementation of public key encryption cryptosystem(RSA) algorithm. The market The computer server in the market later gets the report that is already encrypted via private key as illustrated in the second step of the diagram bellow. In the meantime,, the payment card center/visa center sends the notification to the mobile company as depicted in the third step, showing the success of the payment operation. Eventually, the mobile company sends an authentication data/information to customer to show the successful operation (Hnaif & Alia, 2015).
The evaluation of performance for the for the public key RSA protocol is such that the quantity of time required for encryption and decryption of the various key size increases as the number of bits that makes the key size also increases.
Summing up of the credit /Debit card transaction process
Credit card
The payment process of the credit card takes seven steps. First, the electronic debit/credit card being given by the bank is also activated by the bank at a time when the customer request for it. Second is that credit card data/information is offered by the customer to the site of merchant. Third, the merchant authenticates the customer identification by getting the Brand Company endorsement of the payment card. Forth is that the authentication program of is completed by the Card brand company and the business dealing is paid by credit. A slip which is kept to merchant is then offered by the bank.
The slip gotten from Brand Company is offered to the bank of the acquirer through the merchant for the reason of making the charges paid for him or her. The Card Brand Company then obtains the request from the bank of the acquirer with an aim of making the amount credited and payment made off. Lastly, issuer bank clears the amount requested through the Card Brand Company where the amounts get transferred to.
Debit card
This card is very similar to the previous card for credit. For the case of debit card, the size of finances already remains within the debit card account. The customer then makes payment through the card whereby the value of business deal is reduced from debit card account. In this case, it is needed to keep the adequate amount in the bank account for the payment to take place (Sen, Ahmed & Islam, 2015).
References
Sen, P., Ahmed, R. A., & Islam, M. R. (2015). A Study on E-Commerce Security Issues and Solutions.
Hnaif, A. A., & Alia, M. A. (2015). MOBILE PAYMENTMETHODBASED ON PUBLIC-KEY CRYPTOGRAPHY. International Journal of Computer Networks & Communications, 7(2), 81.
Miller, A., & Arts, E. (2014, June). Defending Debit: A Historical Study of the Indirect Effects of the Durbin Amendment on Investment in Debit Card Security. In Workshop on the Economics of Information Security.
McNeal, J. T. (2013). U.S. Patent No. 8,485,442. Washington, DC: U.S. Patent and Trademark Office.
Davis, V. M., Cutino, S. C., Reid, M., & Hoffman, S. R. (2011). U.S. Patent No. 7,908,216. Washington, DC: U.S. Patent and Trademark Office.
Hoffman, S. R., & Adams, S. C. (2014). U.S. Patent Application 14/481,260.
