Ирина Эланс

Автор который поможет с любыми образовательными и учебными заданиями

Electronic money

University of international Business

Department __Finance and credit__

«Approved»

Head of department «Finance and credit»

Doctor of economic science,

Associate Professor Omarbakiev L.

________________________________

«______» __________________ 2011y.

Methodological Instructive Regulations for Execution of Course Work on Discipline “Money, Credit, Banking” for Students of “Finance and Credit” Department

Almaty, 2011

Table of contents

Introduction and executive summary 3

1 Target of Evaluation description 7

E-money system: model 7

Main concepts of the model 7

Examples of e-money systems 9

History of electronic Money 10

Additional concepts: compensation, transactions,

EV life cycle, roles, actors, and quasi-actors 13

1.1.5 Interoperability of two e-money systems 19

1.2 Target of Evaluation 20

1.2.1 Elements that are part of the TOE 20

1.2.2 Elements that are outside the TOE 21

2 The electronic payment system in Kazakhstan 21

2.1 The popularity of electronic money. prospects for development 21

2.2 The role of the Processing Center and in the development of 23

payment card systems of the Republic of Kazakhstan

List of sources used 28

Introduction and executive summary

Electronic money (e-money) systems are gradually achieving some level of status as a means of payment in a number of countries.

In the light of the possible impact of the development of e-money, in 1998 the Euro system issued the “Report on Electronic Money”, addressing monetary policy effects, level playing field considerations and regulatory concerns, such as the smooth and efficient functioning of payment systems, confidence in payment instruments, protection of customers and merchants, stability of financial markets and protection

against criminal abuse. As part of their oversight responsibility for payment systems, central banks have to ensure that all relevant e-money systems comply with the requirements of the 1998 report.

Given the specific importance of IT security matters in relation to the conduct of an overall assessment of the reliability of e-money systems, on the issue of technical security on the 1998 report was further elaborated. The Euro system’s investigations resulted in the Electronic Money System

Security Objectives (EMSSO) report, which details the Euro system’s expectations in this field. The EMSSO report contains a comprehensive risk analysis for e-money systems and a list of security objectives that should be fulfilled in order to over these risks/threats in a given environment. In particular, the analysis provides an overall description of a typical e-money system and highlights the threats and organizational guidelines that arise on the basis of certain assumptions. The security objectives are defined broadly enough to cover both hardware and software-based e-money systems, including the newer server based initiatives. The EMSSO report benefited this final EMSSO report, which complements the 1998 report, will be used by the Euro system’s central banks to assess the overall reliability and technical security of e-money schemes in the euro area. The Euro system’s security objectives are also designed to level the regulatory playing field for the different schemes. Furthermore, the report could provide market participants with useful input for their own risk and security analyses and for the definition of their security policies.

The risk analysis and the definition presentation of the security objectives in the EMSSO report are based on the “Common Criteria for Information Technology Security Evaluation (CC)” methodology. This internationally agreed and standardized methodology was selected because it provides a coherent framework for describing e-money systems and related assumptions, threats and organizational aspects and for deriving a definition of security objectives from this description. According to the CC methodology, the drafting process should also cover other steps, such as the definition of security requirements, which would result in the drafting of a Protection Profile and in the definition of evaluation and assurance requirements. However, these additional steps are not addressed in this document.

The e-money system is described on the basis of a model with a set of sub-systems through which electronic value (EV) is transferred, under the responsibility of a System Supervisor who monitors the security of EV creation, EV extinguishment and EV circulation within the system. In the context of this report, electronic value is defined as a from a market consultation in March 2002.

This final EMSSO report, which complements the 1998 report, will be used by the Euro system’s central banks to assess the overall reliability and technical security of e-money schemes in the euro area. The

Euro system’s security objectives are also designed to level the regulatory playing field for the different schemes. Furthermore, the report could provide market participants with useful input for their own risk and security analyses and for the definition of their security policies.

The risk analysis and the definition/ presentation of the security objectives in the EMSSO report are based on the “Common Criteria for Information Technology Security Evaluation (CC)” methodology. This internationally agreed and standardized methodology was selected because it provides a coherent framework for describing e-money systems and related assumptions, threats and organizational aspects and for deriving a definition of security objectives from this description. According to the CC methodology, the drafting process should also cover other steps, such as the definition of security requirements, which would result in the drafting of a Protection Profile and in the definition of evaluation and assurance requirements. However, these additional steps are not addressed in this document.

In Chapter 1, the EMSSO report focuses on several basic concepts, such as the e-money system, electronic value and sub-systems. The e-money system is a mechanism that facilitates payments – generally of limited value – in which e-money can be considered as an electronic surrogate for coins and banknotes. The e-money system is described on the basis of a model with a set of sub-systems through which electronic value (EV) is transferred, under the responsibility of a System Supervisor who monitors the security of EV creation, EV extinguishment and EV circulation within the system. In the context of this report, electronic value is defined as a monetary value represented by a claim on an EV Issuer, which is: stored on an electronic device; issued on receipt of funds for an amount not less in value than the monetary value issued; and accepted as a means of payment by undertakings other than the Issuer.

The notion of a sub-system is intentionally flexible, i.e. the model does not impose any restriction on the number of sub-systems that form an e-money system, and a sub-system is defined only by:

– Its capacity to send or receive EV amounts;

– The System Supervisor’s ability to monitor these amounts.

The sub-systems are capable of generating Reporting Data (RD) and of making this data available (either directly or indirectly via other sub-systems) to the System Supervisor on request, thereby allowing EV exchanges to be traced.

After describing the concepts, in Chapter 2 the EMSSO report defines the main threats related to the unsecured and entrusted environment in which an e-money system usually works and that this report is intended to cover. The operation of an e-money system requires an adequate handling of risks relating to counterfeits, damages and criminal events, which can be translated into main threats.

Such threats, if not properly managed, can put issuers, merchants and customers at risk.

The main threats against which protection is to be provided are:

– Creation of fake EV: Circumstances in which it might be possible for an attacker to use fake EV, i.e. EV that does not represent an EV Issuer debt.

– Illicit extinguishment of EV: Attacks or incidents that lead to an abnormal and irrevocable EV loss.

– Embezzlement of EV: Attacks in which one actor embezzles EV from its legitimate owner.

– EV theft: Opportunities for an attacker to steal EV.

– Abuse of the e-money system: Use of the e-money system to infringe regulations unrelated to the system.

– Interference with the operation of the e-money system: Accidental or intentional malfunction that may result in the system being totally or partially unavailable.

To counter the above threats, the following security objectives should be met by appropriate technical and organizational action. Further details on these objectives, which are listed below, can be found in

Chapter 3 of the report.

– Access control: Unauthorized access to all assets is prohibited, even in the case of a malfunction in monitoring or in secrets management. Each identified actor has a clear set of access rights.

– Assessment: Important players are subject to assessment.

– Atomicity: Transactions are either completed or undone.

– Authentication: EV transactions and monitoring data exchanges are authenticated.

– Availability: The system ensures service availability, even during maintenance of part of the system.

– Commitment and validation: Transactions are conducted and validated under the terms of a commitment between the parties.

– Competence and responsibility: People involved in the system know and follow their own contractual obligations, and have sufficient means, training and information to perform their role.

– Confidentiality: Those assets that must remain confidential are preserved accordingly.

– Cryptography and protocols: State-of-the art cryptography, protocols and security procedures are required.

– Detection: The system has the capability to:

– detect abnormal events, including actual or attempted modification of assets and counterfeiting of transaction attributes;

– communicate all relevant information which traces these abnormal events to the System Supervisor.

– Identification: An unambiguous identification is required for some components of the e-money system.

– Integrity: The integrity of the assets is preserved, in particular EV amounts.

– Life cycle: State-of-the-art security procedures are used during the life cycle of the EV and sub-systems.

– Limitations: EV amounts are limited during the EV life cycle.

– Non-evaporation: Only authorized subsystems can perform extinguishment transactions.

– Partition: When a sub-system uses applications other than the e-money application, separation is enforced between the applications.

– Qualification and tests: System components are tested before and/or during operation.

– Reaction: The system provides means to limit or undo the consequences of an abnormal or illicit action.

– Secret management: Correct generation, correct distribution, physical storage protection, limited life span and renewal all preserve the confidentiality and integrity of secrets.

– Security update: A periodic security update is required for all sensitive parts of the system.

– Traceability: The System Supervisor is able to trace and audit all strategic events (as defined in the report). Sub-systems record and keep the data required by the System Supervisor for as long as required. Trace data accurately reflect recorded events.

– Transaction order: Every transaction consists of a set of basic operations executed in a predefined order.

– Trusted location: A physically protected environment is required for sensitive security devices.

– Trusted path: Interaction with the system is achieved through protected communication means.

Additional information is provided in the annexes, such as the rationale for the model, a list of acronyms used in the document, a glossary, and a cross-reference table linking the security objectives with the relevant assumptions, threats and organizational issues.

1 Target of Evaluation description

The intention of this section is to define the Target of Evaluation (TOE), which is the part of the system that is to be evaluated (i.e. to which the security objectives are to be applied).

The TOE is defined in a rather generic manner, by using a high-level model for e-money systems, in order to cover as many e-money systems as possible and to be able to deal with interoperability situations, which are likely to arise in the euro area. Section 2.1 first introduces the model and the various concepts related to it. Section 2.2 then defines the TOE, which is a subset or part of this model, with clearly defined transactions and actors.

E-money system: model

This section defines the model and several concepts that will be relied upon in this report. The concepts are first defined formally, then illustrated by a practical example.

The three main elements which make up our e-money system model are EV, EV circulation between sub-systems and supervision. Put together, these elements constitute the core of the e-money system model. The notions of transactions, compensation, EV life cycle and actors then complete this model.

1.1.1 Main concepts of the model

The e-money system is modeled as a set of sub-systems through which the EV specific to the system is transferred, under the responsibility of a System Supervisor who monitors the security of EV creation, EV

Extinguishment and EV circulation within the system.

EV4 is a monetary value represented by a claim on an EV Issuer, which is:

– stored on an electronic device;

– issued on receipt of funds for an amount not less in value than the monetary value issued;

– accepted as a means of payment by undertakings other than the issuer.

The EV circulation starts with a first phase called EV creation, and ends with a final phase called EV extinguishment.

This model does not impose any restriction on the number of sub-systems that form an e-money system.

The sub-system notion is intentionally flexible.

A sub-system is generally defined by its capability to:

– send or receive EV amounts;

– generate Reporting Data (RD);

– make this data available (directly, or indirectly via other sub-systems) to the System Supervisor on request, thereby allowing EV exchanges to be traced.

Furthermore, the System Supervisor is responsible for monitoring the sub-systems. A sub-system may be able to aggregate EV received into a single amount, the value of which equals the sum of the amounts received. Conversely, the EV amount stored in a sub-system may be broken into smaller amounts, the sum of which equals the value of the EV amount stored.

Card-based system

In a card-based system, the sub-systems which participate in the EV flow generally consist of four entities or functions: a loading agent, a customer, a merchant and a collecting agent.

The loading and collecting agents are banks participating in the system and the customer uses a smart card to pay at the terminal of the merchant. The customer’s purse (the smart card) is a simple, stand-alone sub-system, while the point-of-sale (POS) terminals and the central information systems to which they are connected constitute a more complex sub-system.

In this example, there is a central entity which issues EV and operates as a bookkeeping entity to which the creation and extinguishment of EV is reported via Accounting Data (AD)

1.1.2 Examples of e-money systems

The general model is in principle applicable to any type of e-money system, whether card based or software-based (including server based/ network-based types). An example of both types is illustrated below.

Server-based system

In a server-based system, the customer and the merchant do not keep the EV in devices held in their possession. The EV is stored in customer and merchant accounts on servers accessed via the internet. The customer and merchant sub-systems are therefore software processes running on the central server.

The general model also covers these types of e-money systems, in view of the specificity of the use of centrally stored accounts.

1.1.3 History of Electronic Money

Electronic money is a fairly recent invention in the history of money and commerce, and typically means that currency with real value, and which can be exchanged for traditional cash, is instead entirely digital (or virtual). Electronic money only exists in digital format, and can be primarily based on the Internet or on smart cards that maintain a record of their stored value. Transactions carried out electronically are also known as electronic money. Other names for electronic money include e-money, digital cash, digital money, digital currency, or electronic cash.

The age of computer has made possible the creation of electronic money, and began back in the 1960s when IBM and American Airlines jointly created a system known as SABRE (Semi-Automatic Business Research Environment) which allowed offices of American Airlines to be fitted with terminals connected to telephone lines that would allow agencies to directly check flight times, seat availability, and then electronically make reservations that could be paid for using a system of credits.

By the 1970s banks in the US and Europe had started using mainframe computers to track transactions between branches and other banks, a system that proved particularly successful across international boundaries when currency exchange was needed. Initially, any transactions that had been initiated but not cleared were effectively in limbo, and as computer use spread within corporations, tracking funds that were processed electronically became an important financial consideration.

Consumer uptake of electronic money first started to be noticed in France with the introduction of the Minitel service in 1982 that operated in a similar way to pre-Internet bulletin boards. Countries like the UK and the US had developed basic tele-text services that allowed televisions to display text such as program guides, weather, game show results, or news directly onto the television screen, with users keying in page numbers on their TV remote control to access pages. The tele-text system was a simple one way service, and whilst it was useful, it didn’t allow users to query data.

The French Minitel service by contrast used a dumb terminal with built in modem and since the service operated over standard telephone lines and the terminals were equipped with full AZERTY keyboards, it was possible for subscribers to type messages, or search queries, a fundamental difference from tele-text services. The French Minitel terminals were given away free to over 9 million households encouraging French business entrepreneurs to offer Minitel shops such as travel agencies, flower delivery, As Seen on TV, music catalogs and more. Payment could be made using credit card or charged to the telephone account, marking the first use of electronic money in the consumer market.

A slightly similar service had been launched in the UK in 1979 named Prestel but supported equipment was expensive and a Prestel based retail service didn’t develop with the exception of package tour travel agencies who would provide quotes but still required customers to call and arrange payment over the phone. In 1983, a service known as Homelink started with the support of the Bank of Scotland and Nottingham Building Society where account holders could subscribe to a special Prestel service that allowed online banking, and marks the first recorded use of electronic money.

In the US, similar services to the French Minitel and the UK Prestel existed, but without dedicated hardware, users would own their own micro-computers and modems and pay to dial into a local bulletin board service such as Compuserve or TheSource, however transactions for products and services were not offered until 1989 when US grocery delivery company Peapod was founded in Evanston, Illinois and sold a dial-up disk with software allowing customers to order and pay for groceries that the company would later deliver.

1991 saw the introduction of the Internet in the consumer market with the disbanding of the Arpanet network, and the creation of the NSFNET backbone formed by IBM, MCI, and Merit. CERN also released Tim Berners-Lee’s HTML specification that allowed easier display of Internet data. It wasn’t long until America Online took advantage of the new Internet and then in 1992, started offering retail services directly to their subscribers who could pay using a credit card, and firmly ushering in the era of electronic money. 1-800-Flowers was one of the first AOL retail partners.

In 1994, and taking a lind leap of faith that the Internet would help their business, Pizza Hut adopted the same model used by Peapod, and thus allowing online pizza ordering, with a choice of payments, credit card vie he Internet, or in person on delivery. The same year J.C. Penney start their first website offering a department store on the Internet, sales are slow but company shareholders are happy to see the corporation taking the initiative.

The late 1990s were a pivotal moment for electronic money as Amazon.com is launched in 1995, and then in 1998 PayPal is formed to make it easy for consumers to spend money online without risk of their credit card number being stolen. PayPal’s innovation was to offer a virtual account for consumers that could be topped up using a credit card or wire transfer, and then an email address used to send and receive funds. The services offered by PayPal marked the true beginning of electronic money as being distinctly different from traditional over the phone and online credit card processing.

Further developments in the electronic money industry saw PayPal’s model copied by other providers, along with new ideas for securing customer funds using the gold standard or silver, platinum, or palladium, yet still offering the flexibility of sending and receiving payments with an email address. Virtual currency backed by precious metals can be exchanged for any supported currency, but is typically tracked as direct comparison of the price the precious metal is fetching in the international precious metal markets. Web-money, e-gold, and e-Liberty Reserve have become the biggest gold backed electronic money providers.

Private currencies also proliferated around the same time, originally spurred by the demand for some form or marketplace within networked games such as World of War Craft and Second Life. Private currencies are sometimes redeemable for real world currencies at a fixed rate pegged to the dollar or other major currency. Since those times, private currencies have developed in many forums and webmaster services as a means of offering advertising amongst members, the most famous of these perhaps being Entrecard, a service where users visit other blogs and are paid in Entrecard Credits, which become redeemable for cash once a reserve level has been met.

In the offline world, perhaps the most successful electronic money has been facilitated with stored value cards that are denominated in local currency. The United States Military designed a stored value card known as Eagle Cash that provided an advance on a soldier’s earnings and could be used in base shops and canteens by simply presenting the chip side of the card for swiping. In Hong Kong, a stored value card originally designed to make subway ticket purchases quicker has become a defacto cash card now accepted by a majority of retailers and utilities in the city.

1.1.4 Additional concepts: compensation, transactions, EV life cycle, roles, actors, and quasi-actors

Compensation (CP)

Typically, seen as a model, an e-money system has two flows, i.e. the flow of EV (the solid line from left to right in Figure 4) and the flow of value to compensate the EV (the dotted line from right to left).

The obligation to deliver CP may be fulfilled either immediately or at some prior point in the past or in the future. In the case of goods or services, the related amount might not be known from the start and may be defined, by joint agreement, in the course of the provision of these goods or services.

Transactions

A transaction is defined as a flow of EV.

The following basic operations and attributes constitute the minimum characteristics which must be present for transactions: Basic operations constituting EV transactions:

– Initialization;

– EV debiting;

– EV crediting;

– Closure.

Attributes characterizing a transaction:

– the transaction type (payment, loading, collection, etc.);

– the identifier of the sub-system from which

EV is debited (hereafter “debited subsystem”);

– the identifier of the sub-system to which

EV is credited (hereafter “credited subsystem”);

– the EV amount exchanged (debited and credited);

– the existence of CP.

The RD generated upon request to allow the System Supervisor to monitor the system includes at least the transaction attributes listed above.

Two types of transactions can be distinguished:

– A transaction which involves an interaction between flows of both exchanges of EV and CP is called a transaction with CP.

Transactions with CP are generated against a flow of value in return. This may consist of a flow of fiduciary or scriptural money as well as of goods or services. A purchase transaction based on an e-money payment is an example of a transaction with CP.

– A transaction without this interaction between the two flows is called a transaction without CP.

Transactions without CP involve an EV circulation that is not balanced by a corresponding flow of value. Recycling of EV is a typical example of a transaction without CP.

The table below presents, as a rough guide, a non-exhaustive list of the types of transactions that can occur in e-money systems:

A particular specification of the model is that the System Supervisor11 must be able to monitor transactions between two subsystems.

Transactions inside a sub-system are not monitored by the system supervisor. Subsystems must be defined so that flows with compensation are made outside of these subsystems.

In an e-money system conforming to the model, the EV amount created is equal to the sum of the extinguished EV amount and the EV amount in circulation. If more EV is extinguished than the amount created, false EV is introduced into the system. One role of supervision is to try to detect such a situation;

Observing all transactions with compensation makes it easier to perform such supervision.

EV circulates inside a sub-system via transactions without CP. Generally, EV circulates between two sub-systems via transactions with CP.

EV life cycle

In the e-money system, the EV life cycle moves through the following EV states:

1. Initial (or source) state, in which EV is injected in the system;

2. One or more active states, in which EV remains in the system;

3. Final (or sink) state, in which EV is drained from the system.

The EV life cycle evolves through three state changes: creation, circulation and extinguishment, each of which is associated with a transaction.

• EV creation

EV is created via specific transactions with CP, which include two additional basic operations:

– Creation of an EV amount in the debited sub-system;

– Transmission, to a player called the EV

Issuer, of AD, which reports the EV creation and initiate the obligation of the actor whose sub-system created the EV to deliver an equivalent amount (i.e. the CP) to the EV Issuer.

With this state change, EV enters the system and reaches an active state.

• EV circulation

EV circulates inside a sub-system (via transactions without CP) and between two sub-systems via transactions with CP. With this state change, EV moves between two active states.

EV extinguishment

EV is extinguished via specific transactions with CP, which include two additional basic operations:

– Extinguishment of an EV amount in the credited sub-system;

– Transmission to the EV Issuer of AD, which report the EV extinguishment and give effect to the obligation for the EV Issuer to deliver an equivalent CP amount to the player whose sub-system extinguished EV.

With this state change, EV leaves the system.

Throughout the remainder of this document, transactions do not include EV creation or extinguishment unless this is explicitly stated.

Figure 6 describes, as a rough guide, the EV life cycle in an e-money system, i.e. the transitions from one state to another resulting from transactions with CP typical of an e-money system. The initial state is the creation of EV, after which this is loaded on the customer’s purse (i.e. on a smart card or computer memory). This loading may take place directly from the issuer to the customer or, alternatively, through a bank or Electronic Money

Institution (ELMI; as defined in Directive 2000/46/EC) where the EV may be kept in stock before being loaded on the purse. The customer can decide either to make payments with the EV or to refund the EV to the issuer. A payment may also be cancelled, after which the EV is transferred back to the purse. The acquiring bank or ELMI ultimately collects the EV and either keeps it in stock to recycle and reload on a purse or else extinguishes it and thereby completes its life cycle.

Roles, actors, quasi-actors

Setting objectives for an e-money system requires the definition of a general security framework, which includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources. In this report this challenge is addressed by allocating responsibility to those who can most efficiently reduce the risk: system administrators and operators.

The model takes into account all players that are relevant for security and grants each a certain trust level. The co-operation of all players involved in the system is essential for globally effective security.

A player having responsibility for a subsystem is referred to in this document as an actor. The model defines the responsibilities of the different actors, each being responsible for a sub-system in the EV circulation. An actor is directly involved in the exchange of EV (e.g. EV Issuer, Loading Agent, etc.).

A player that is not responsible for a subsystem is defined as a quasi-actor. A quasiactor does not interact directly in the exchange of EV (e.g. IT provider, etc.).

Different roles for actors and quasi-actors are distinguished. The concept of role is related to players’ responsibilities. Their respective roles depend on skills, business objectives and the level of risk that they assume. A specific task and a particular trust level are associated with each role.

The roles defined in this report are

Administrator, Operator and User:

– Administrator

The Administrator is responsible for defining and managing the overall security of the e-money system. This means defining the policy statement, identifying risks, selecting security controls and managing the implementation and operation thereof.

Generally the Administrator bears all losses of the system and it is assumed that relevant legislation applies strict requirements to Administrators, for example as regards the company’s activities, its financial stability, recruitment policy, accounting practices, access to its premises, access to data and data processing. Main risks incurred by an Administrator could be: i) liquidity risks; ii) Compliance risks and iii) reputational risks. The Administrator enjoys a high trust level because he bears the ultimate responsibility for security.

– Operator

The Operator participates in implementing and operating the security of the e-money system. Generally the operator is bound to an Administrator by contractual obligations. Moreover an Operator must comply with relevant legislation and best practices, requirements that, although similar to those which apply to an Administrator, are less stringent. Main risks incurred by an Operator could be: i) operational

risks; ii) compliance risks and; iii) reputational risks. He enjoys a moderate trust level, because the operator is responsible for security implementation under the Administrator’s co-ordination.

– User

A User is a customer of the e-money system contractually bound to an Operator. The contract does not require that the User implements procedures which contribute to technical security.

However, it does require that he/she uses approved devices and follows the right security procedures. Main risks incurred by Users could be: i) frauds in EV transactions; ii) fraud in EV storage and iii) privacy breaches. To ensure simple, friendly and cost effective system usability, only a few, user-friendly security obligations should be assigned to the User. As a result, Users enjoy a low trust level, leaving the main security-related management and operating tasks to

Administrators and Operators. Thus, the trust level granted to Administrators is greater than that granted to Operators, which in turn is greater than that granted to Users. When a player subcontracts part of his activity in the e-money system, he passes the relevant e-money system obligations on to his subcontractor.

A player may have more than one role in relation to the same device, depending on the transaction(s) being performed. In every instance, the player enjoys the trust level corresponding to the role he plays at a given time (i.e. the player’s trust level must be consistent with his role at all times).

All roles are carried out by identified players, with the possible exception of the EV Holder, who can remain anonymous.

The tables below present, as a rough guide, a non-exhaustive list of actors and quasiactors, together with their typical roles in card-based and software-based systems. A player may incorporate several actors/ roles, e.g. a player may be both an EV Issuer (and play the role of Administrator) and an IT Provider (and enjoy the trust level of Operator).

Composition of two e-money systems

In a situation where EV circulates between several sub-systems which belong to different e-money systems, the set of all sub-systems belonging to each e-money system should be regarded as another e-money system under the responsibility of a System Supervisor.

Thus, this situation is covered by the model and will not be mentioned further in this document.

Generally, the IT Provider provides the actors with a functional e-money system, i.e. he provides the Information Technologies (IT) for all of the sub-systems, especially the Purse Holder’s device application.

The System Supervisor and the IT Provider are quasi-actors, as they are not responsible for sub-systems through which EV circulates.

Nevertheless, the System Supervisor enjoys an Administrator trust level, and the IT Provider an Operator trust level.

When there is commercial interoperability between several e-money systems, which all comply with the definition given in this EMSSO, the interoperable elements of the systems constitute another e-money system compliant with this EMSSO only if there is a “global” System Supervisor who monitors the security of all EV. In practice, the System Supervisors could carry out “global” supervision jointly, either on a cooperative basis or by mutual acceptance of an appropriate contractual agreement.

1.1.5 Interoperability of two e-money systems

Sharing of a sub-system

A sub-system may be shared with one or several other systems, not all of which need necessarily be e-money systems. In such circumstances, the shared sub-system is regarded as any other sub-system, regardless of the other system(s) in which it takes part. For example, the terminal infrastructure could be shared by two or more different card-based e-money systems that use the same technology but do not share the EV.

Target Of Evaluation

The Target of Evaluation (TOE) is generally defined as the part of the system that will be evaluated. The definition of the Target of Evaluation is based on the e-money system as elaborated in the previous section. According to the Common Criteria, the elements that are not part of the TOE (but are necessary to the TOE to satisfy its security objectives) are called the TOE environment. For evaluation, the TOE must be run in an environment that is compliant with the security objectives for the environment.

Elements that are part of the TOE

Model

The model, as defined in the previous section, is part of the TOE:

• Sub-systems

• EV circulation

• RD flows and system supervision

A sub-system can be composed of one or more hardware and/or software device(s).

For each device in each sub-system, the TOE includes the following phases: initialization (including the personalization and activation of the device), operation and termination. Several kinds of security devices can be identified:

• the security module of the servers that store and process sensitive data relating to the whole e-money system (e.g. personal data, secrets) which must be kept secure;

• the devices that store and process sensitive data which relate to only one sub-system (e.g. derived keys);

• the security enclosures of intermediary devices, such as manned or self-service terminals, that store and process sensitive data which may relate to the whole e-money system or to only one sub-system.

Transactions

The TOE comprises the following transactions:

• Creation;

• loading;

• Payment;

• collection;

• refund;

Actors and quasi-actors

The TOE includes the following actors:

• the Loading Agent;

• the Acquirer;

• the EV Holder;

• the Service Provider;

• the System Supervisor;

• the EV Issuer;

• the IT Provider.

1.2.2 Elements that are outside the TOE

In general, all aspects that are not in the TOE are part of the TOE environment. System development and manufacturing (before EV creation), together with the clearing and settlement procedures (which take place after EV extinguishment), are outside the scope of the TOE, and are also not considered part of the environment. Development and manufacturing may be covered by dedicated PPs.

The compensation flows are not part of the TOE.

2. The electronic payment system in Kazakhstan

2.1 The popularity of electronic money. prospects for development

According to some analysts, in a short time electronic payment from the market completely replace cash and checks, as they represent a more convenient way to pay for goods and services.

According to the calculations of companies ABA / Dove, electronic payments may soon displace cash and checks, because today every second purchase in the store is made by electronic means of payment. Cash remains the primary means of payment in traditional stores for only 33% of buyers.
While most online shopping is made by credit card, almost half of respondents use e-commerce checks, money orders, and a quarter of virtual buyers enjoy the P2P payments.

Two-thirds of consumers paying at least one monthly bill by electronic means, including credit / debit cards, direct payments or use online banking services. Analysts believe that by 2003, online bill payment to reach significant amounts, as most users will start using or increase the use of this payment option. At the same time significantly reduced the use of "paper" payments - 21% of respondents stated that they intend to refuse to pay their bills by check.
At the same time, analysts at Yankee Group noted that 8.7% of U.S. consumers today pay their bills via the Internet. Whereas last year there were 5.1%. Marketing efforts are beginning to bear fruit: 29% of consumers have already expressed interest in using electronic bill payment (EBPP), and 14.9% referred to the main inducement reduce time-consuming.

However, experts warn that banks in this area will face competition from providers of financial services, given that a provider that will provide users a convenient and simple interface will be able to hold them for a long time.
The growth speed of e-commerce «Business to consumer» Kazakhstan, million dollars (according to The Economist, Boston Consulting Group):

The growth of electronic commerce in the sector «Business to consumer», billion dollars (according to eMarketer):

Since its formation in the Kazakh market exchanges, trading platforms use modern technology to create from scratch unique characteristics of the system, trying to cover the whole market, all regions of Kazakhstan. Developing in line with best international trends, organized by the e-commerce is becoming increasingly attractive in the global market. The prerequisites for convergence of communication and trade areas, both within Kazakhstan and abroad. Today, information technology, determine the face of the global financial market. Global financial markets are becoming more global, and Kazakhstan is in line with the process. Calling time is the internationalization of the world economy, which today serves as a globally integrated economic system.
Our country is going to take an important step - to join the World Trade Organization (WTO). A necessary condition for entry into the WTO is the integration of Kazakhstan into the international financial market. Therefore, speaking about the prospects for the Russian market, as one of the main stages can be distinguished in the integration of world capital market infrastructure. This work has already begun.

2.2 The role of the Processing Center and in the development of payment card systems of the Republic of Kazakhstan

Despite the fact that debit cards have become widely used since the mid 60s of the twentieth century, the market for payment cards in the Republic of Kazakhstan has developed only since 1994 (cards "AlemKard" bank "Alembank Kazakhstan").
Preparations for the establishment of a National Inter-bank system of payment cards in the Republic of Kazakhstan began in 1993 with the participation of the company IBM (USA) with the project Smart City. The system of electronic cash was supposed to be a substitute for the usual coins and banknotes. This project used a chip card such as "The electron wallet" for small retail payments for goods and services. Additionally supposed to keep foreign currency in your wallet to protect against inflation.

It was envisaged that the National Bank will be issued electronic money through the sale of second-tier banks, like selling banknotes and coins.
Currently available in Kazakhstan payment systems on the basis of payment cards with magnetic stripes are not able to meet the retail payments market. Since the operation of the card with a magnetic strip mode is needed «ON-LINE», then this operation requires high-quality line of communication. However, the quality of these lines and their availability are far from perfect.
Payment instrument that satisfies the needs of the financial market for retail payments, and able to work in a poorly developed communications network, is a microprocessor-based technology. This technology enables the implementation of retail payments in either «OFF-LINE», and in a mode «ON-LINE». Payments in mode «OFF-LINE» enables the implementation of retail operations in the absence of communication.

In late 2000, the National Bank of Kazakhstan approved by the Joint-Stock Company "Processing Center". The purpose of creation of this organization is to create a common currency area in the Republic of Kazakhstan for the use of payment cards.
Processing Company - a dedicated computer center, which is the technological core of the payment system. Processing company operating in fairly harsh conditions, guaranteed processing in real time intensive transaction flow. Indeed, the use of a debit card makes it necessary to on-line authorization of each transaction at any point of service payment system. For transactions with a credit card authorization is required not in all cases, but, for example, in obtaining money from ATMs, it is also done at all times. No less demands on computing power makes the processing center and data preparation for settlement at closing, as the treatment protocols to be significant (if not overwhelming) part of the transaction and the required time to perform calculations is small - a few hours.

Electronic money 📙 Курсовая → 🆔 503