Today it’s hard to imagine a serious – and not necessarily large – business without Internet support in the form of its own resource, landing pages or an online store. The payment system allows you to turn a regular electronic catalogue into an existing virtual store with the ability to pick up goods and pay for it on the seller’s website. It is not surprising that the issue of the effective organization of electronic payment security is important for the owner of any Internet service specializing in financial settlements, including gaming resources, on which constant transactions take place around the clock.
Information security in electronic payment systems requires the following conditions:
• Confidentiality – in the process of Internet settlements, the buyer’s data (plastic credit card number or other means of payment) should remain known only to institutions and structures that have the legal right to do so;
• Authentication – most often a PIN-code or message, thanks to which the client (or seller) can make sure that the second party to the transaction is exactly who he claims to be;
• Authorization – makes it possible to determine whether the buyer has enough money to pay for the order before starting the transfer of money.
All this is aimed at providing a secure payment algorithm that can minimize the risks of electronic financial settlements for both the buyer and seller.
Modern methods of information protection of electronic payment systems
Today, information protection of electronic payment systems is carried out mainly with the help of:
• instant authorization of the payer;
•Encryption of financial information on the Internet;
• Special certificates.
Providing simultaneous interaction with thousands of users, modern applications of a purely commercial nature cannot work with classic “unambiguous” systems – both those that operate exclusively on public keys and those that operate only on private keys. Attacking at least one key of a completely “closed” system automatically leads to the complete opening of its entire protection chain. In turn, encryption using only public keys requires significant computational resources.
In this regard, today the security of payment systems provides the simultaneous use of protocols with private and public keys. Information that is transmitted over networks is encrypted using the private key. At the same time, its generation is carried out dynamically, and it is transferred to the second party to the transaction with a cypher based on the public key. As a rule, encryption is carried out using Secure Sockets Layer (SSL) protocol, as well as Secure Electronic Transaction (SET) – financial giants MasterCard, VISA was engaged in its development. The first protocol encrypts at the channel level, and the second one encrypts financial data directly. In the process of using applications with the SET protocol, a double electronic signature algorithm is used.
One part is sent to the seller, and the other to the bank. Thanks to this scheme, the buyer has access to all data on orders, but he does not have access to the settlement details of the selling party, and the bank, in turn, is open to all financial data of both parties to the transaction in the complete absence of information on the composition of the order. Virtual certification centres are also called upon to improve the protection of virtual transactions. They issue e-commerce representatives with unique “certificates” of an electronic format with a signed personal public key. An electronic certificate is issued by the centre on the basis of identification documents of the parties to the transaction and is valid for a certain time. With such a certificate, a participant in a commercial transaction can perform financial transactions by checking the validity of the public keys of other participants.
The use of such certificates is possible in several modes
• A website or store provides certification and builds cybersecurity directly on its engine. They use their own built-in payment methods. It is such options that are most often used in gaming services, such as via this weblink. But online stores often use the second option, which is described below.
• The process of verification of payments is outsourced to a larger player in the financial market – for example, the site enters into an agreement with the processing of a bank or payment system, and all operations go through it.
Both options have the right to life, and for different types of business, you can use one or another way to protect payments.