Download (direct link):
The problem of private key distribution is solved in the “public key infrastructure” (PKI) with two keys. The owner has both a private key and a public key. The private key, of course, is maintained with great secrecy, but the public key of the owner is widely distributed, often even available through the Internet. The public and private keys are related mathematically, but it is not computationally feasible to derive one key on the basis of knowledge of the other.
In the public key infrastructure, the sender of an electronic message creates a “message digest” and encrypts the digest, utilizing the private key of the sender. The encrypted digest is the “digital signature.” The recipient of the message then uses the public key of the sender to decrypt the message.
One problem remains in the public key infrastructure: How can the receiver have confidence that the key obtained publicly is in actual fact the authentic key of the sender?
The public key infrastructure seeks to solve this problem by using a trusted third party as a certifying authority (CA), which may be a bank or a bank consortium. The CA issues certificates to its subscribers. A certificate issued by the CA identifies the CA, identifies the subscriber, contains the subscriber’s public key, states the time period in which the public key is operational, and is digitally signed by the CA.
The subscriber sends the certificate to persons with whom the subscriber wishes to do business, and those persons rely on the certificate as proof of the subscriber’s identity. Because the certificate is digitally signed (see the earlier description of digital signatures) by the CA, the recipient of the certificate can use the public key of the CA to verify the digital signature of the CA on the certificate.
The term electronic check (or e-check) refers rather vaguely to paperless payment systems. More specifically, the term may be applied to the conversion of a consumer’s check into an ACH debit transfer, as described in the discussion of ACH transactions in Chapter 6. It may also be applied to telephone-initiated or Internet-initiated ACH transactions.
Check conversion at the point of purchase is a good illustration of what may be called an “electronic check” transaction. For
Commerce and Payments in Cyberspace
example, the consumer at a department store hands a check to the clerk at the cash register. The merchant inserts the check into a check reader that records the routing number, account number, and check number from the MICR line on the check. A sign may be posted next to the cash register indicating that checks presented at the register may be used to create “electronic checks” to be sent for collection by debits to the consumer’s account. The cashier voids the check and gives the consumer the voided check and a receipt. The monthly bank statement received by the consumer shows the merchant’s name as well as the check number and the date of the debit.
The great advantage of check conversion for merchants is in the cost savings—in particular, savings in front-end and backoffice time and labor in collecting and reconciling checks for deposit into the merchant’s depository bank, as well as in check deposit and encoding fees. In addition, the merchant receives earlier notification of returned checks, approximately 3 to 6 days in the case of a returned ACH debit entry, as opposed to about 8 to 12 days for a paper check. The earlier notice improves collection efforts and fraud detection.
Other examples of ACH transactions that can be described as involving electronic checks are “accounts receivable” entries, “returned check” entries, “telephone-initiated” entries, and “Internet-initiated” entries.
An accounts receivable entry and a returned check entry also start with a consumer’s check. In an accounts receivable entry, the consumer mails the check to a merchant or to the merchant’s dropbox. Instead of depositing the check, the merchant voids it and uses the information on the check to initiate a debit entry to the consumer’s account. In a returned check entry, the merchant uses the information on a check that has been returned for insufficient funds to initiate the debit entry to the consumer’s account.
In a telephone-initiated entry, the consumer authorizes a merchant over the telephone to initiate the debit transfer. The ACH rules allow such entries only if the consumer has purchased goods
Electronic Bill Presentment and Payment
from the merchant within the past two years, there is a written agreement between the consumer and the merchant, or it is the consumer (not the merchant) who initiated the telephone call. In an Internet-initiated entry, the consumer authorizes a merchant to initiate a debit transfer from the consumer’s account while the consumer is shopping on the merchant’s web site.