|
FREE online courses on ECOMMERCE FUNDAMENTALS - Electronic Payment Systems
- Security schemes |
The electronic check may consist of a document that is signed
by the consumer's private key. The receiver (the merchant or the merchant's
bank) uses the payer's public key to decrypt the digital signature. This assures
the receiver that the sender had indeed signed the check. It also provides for
non-repudiation, such that the payer cannot deny issuing the check since it is
signed by the payer's private key (that only the payer is expected to possess).
Additionally, the electronic
check may also require the digital signatures
of the originator's bank. This step will assure the receiver that the check is
written on a valid bank account. The receiver (or receiver's bank) can validate
the authenticity of the originator's bank by using the public key of the
originator's bank. For large sums of money, additional security requirements may
be levied.
The originator as well as the originator's bank must provide
their public keys to the receiver. Attaching their X.509 certificates to the
electronic checks can provide the public keys. These certificates may use
certificate chains including the signatures of the root Certification Authority. The public key of the root
Certification Authority should be well publicized to avoid fraud.
To avoid fraud, the consumer's private key needs to be
securely stored and made available to the consumer. This can be achieved by
providing a smart card that can be carried by the consumer.
A cashier's check is created by a bank and is signed using
the bank's private key. The originating bank includes its certificate with the
electronic check. The receiving bank uses the
originating bank's public key to decrypt the digital signature. In this way, the receiving bank is assured that
the cashier check was indeed originated by the name of the bank indicated on the
check. It also provides the receiving bank with non-repudiation such that the
originating bank cannot deny issuing this check since it is signed by the
originating bank's private key (that only the originating bank is expected to
possess).