This thesis presents a new electronic payment framework that is based on the direct debit payment model currently used both of-line and via the Internet. The strength of the direct debit model is its fexibility in allowing customers to defer payments for goods and services until a later date. This fexibility also extends to merchants who can process consumer payments without any customer intervention thus making payment collections a faster and more effient business function.The current direct debit solutions used online are neither secure nor fexible and demand a "leap of faith" from customers who must trust merchants to behave honestly. Unlike its off-line counterparts that always use signed direct debit request (DDR) forms as legally binding contracts, online direct debit systems rarely require signatures (for example when using credit cards). As such, in most cases it is possible for merchants to change the terms of original debit agreements post-fact allowing them to arbitrarily charge customer accounts. Unsigned DDR agreements give merchants unprecedentedpower over customer accounts with little recourse for dispute. The aim of this thesis is to present a high-level architectural design and a first working prototype of a periodical payment application that addresses issues inherent in Internet direct debit payments. It takes a novel approach for securing electronic payments by using X.509 restricted proxy certifcates over Secure Socket Layer (SSL) to provide authentication, authorisation and non-repudiation services. To assure success of this proposal only currently available, standards compliant and industry supported technologies were utilised with emphasis placed on Web Services and related technologies such as, eXtensible Markup Language (XML) and Simple Object Access Protocol (SOAP). The concept of electronic payments is hardly new and there is a signifcant amount of interest in improving its security model, most notably from Visa and MasterCard. Current applications, however, focus on single payment transactions ignoring the growing trend favouring periodical payments. The framework presented in this thesis attempts to fill a niche by delivering signifcant improvements to an essentially paper-based direct debit payment model that currently does not integrate well into a purely electronic environment.
展开▼
