Wednesday, December 29, 2021

Cryptography – Examples

 1.WhatsApp Encryption:

End-to-end encryption in WhatsApp is a notable example of cryptographic encryption these days. This functionality is available in WhatsApp via the asymmetry model or through public-key techniques. Only the intended recipient is aware of the real message. After installing WhatsApp, public keys are registered with the server, and messages are sent.

2. Digital signatures:

Digital signatures are another real-time application of cryptography. When two clients need to sign paperwork for a commercial transaction. However, if two clients never meet, they may not believe each other. Then, encryption in digital signatures guarantees improved authenticity and security.

3. Email Encryption/Decryption:

Email encryption protects the content of emails from anyone outside of the email discussion who wants to access a participant’s information. An email is no longer readable by a human when it is encrypted. Your emails can only be unlocked and encrypted with your private email key.

4. Authentication of SIM cards:

The SIM must be authenticated before it may be used to access the network. The operator generates a random number and sends it to the mobile device. This random number, together with the secret key Ki, is fed into the A3 algorithm (it is this Ki that recently has been compromised). The result of this computation is returned to the operator, who compares it to the result of the calculation he performed himself.

5. Disk Encryption:

Disk encryption software encrypts your whole hard disc, eliminating the need to worry about leaving any traces of unencrypted data on your disc. PGP may be used to encrypt data as well. In this example, PGP encrypts the file with IDEA using the user’s private key and a password given by the user. To unlock the file, the same password and key are needed.

Types of Cryptography

1Secret Key Cryptography (Symmetric Cryptography)

2Public Key Cryptography (Asymmetric Cryptography)

3Hash Functions

1Secret Key Cryptography (Symmetric Cryptography):

Secret Key Cryptography, also known as symmetric cryptography, encrypts data with a single key. Because symmetric cryptography uses the same key for both encryption and decryption, it is the simplest kind of cryptography.

The cryptographic method encrypts the data using the key in a cypher, and when the data has to be retrieved again, a person entrusted with the secret key can decode the data. Secret Key Cryptography may be used on both in-transit and at-rest data, although it is most often employed on at-rest data since revealing the secret to the message’s receiver might lead to compromise.

Secret-key or symmetric-key encryption algorithms generate a predetermined number of bits known as a block cypher with a secret key that the creator/sender uses to encrypt data and the receiver uses to decrypt it.

It is written as P = D(K,E( P) )

Where,

K = Encryption and decryption key

P = Plain text

D = Decryption

E§ = Encryption of plain text

Some of the examples of Secret Key Cryptography are as follows:

  • AES
  • DES
  • Caesar Cipher

2Public Key Cryptography (Asymmetric Cryptography):

The Public Key to encrypt data, cryptography, also known as asymmetric cryptography, employs the use of two keys. The first key is used for encryption, while the second key is utilized to decode the communication.

One key is kept secret and is known as the “private key,” while the other is released openly and may be used by anybody, therefore the “public key.” The keys’ mathematical relationship is such that the private key cannot be deduced from the public key, while the public key can be deduced from the private key. The private key should not be disseminated and should be kept only by the owner. Any other entity can be granted the public key.

Public-key or asymmetric-key encryption algorithms encrypt information with a public key associated with the creator/sender and decode that information with a private key known only to the originator (unless it is exposed or they want to share it).

It is written as P = D(Kd,E(Ke,P)).

Where,

Ke = Encryption key

Kd = Decryption Key

D = Decryption

E(Ke,P) = Plain text encryption using an encryption key

P = Plain text

Some of the examples of Private Key Cryptography are as follows:

  • ECC
  • Diffie-Hellman
  • DSS

3Hash Functions:

Hash functions are one-way, irreversible functions that secure data at the expense of not being able to recover the original message. Hashing is a method of converting a given string into a set length string. A decent hashing algorithm will provide distinct outputs for each input. The only method to crack a hash is to test every conceivable input until you obtain the same hash. A hash can be used to hash data (for example, passwords) and in certificates.

Some of the most well-known hashing algorithms are as follows:

  • MD5
  • SHA-1
  • SHA-2 family which includes SHA-224, SHA-256, SHA-384, and SHA-512
  • SHA-3
  • Blake 2
  • Blake 3
  • Whirlpool

Monday, December 27, 2021

Card Tokenization

In India, RBI announced new rules for Tokenization, which is going to effective from Jan 1st 2022. Lot of my colleagues, friends are asking whats the impact to end users. Just wanted to write few things about Tokenization and that impact.

What is card tokenisation?

When you shop online or even book tickets on travel portals, you tend to save your credit card details in those websites. So, you just don’t need to remember your card details each time you shop. Just enter the CVV and you check out in a matter of seconds.

But that was risky. If your online site or travel portal gets hacked, your card details could be leaked. Besides, you may have also saved your card details on some website years ago and forgotten all about that. “There is a high chance some of the merchants will not know how to store secure card information,”

Enter tokenisation. This is a process of converting your card details into a unique token that is specific to your card and only to one merchant at a time. This code masks the true details of your card, without which no one can misuse your card. This token can be saved on the online portal’s server.

The new tokenization rule that comes into effect from January 1 2022, prohibits all online shopping portals from saving your card numbers, CVV, expiry date etc. on their servers. So, you either make a token before you buy an item and save that token on the particular website (for future use) or enter your card details every time you buy stuff off the internet.

“In the past, there have been instances of data leaks from merchant websites; digital transactions are also growing significantly, requiring added safety. So, this is a precautionary step mandated by the regulator to enhance card data security,” 

How does this card tokenisation work?

At check-out time on an online shopping portal, enter your card details and opt for tokenisation. Your merchant forwards it to the respective bank or the card networks (VISA, Rupay, Mastercard, etc). A token is generated and sent back to your merchant, which then saves it for you. Now, the next time you come back to shop, just select this saved token at check-out time. You will see the same masked card details and last four digits of your card number. You will need to enter your CVV and complete the transaction. Tokenisation is not mandatory, but it makes it easier to shop repeatedly.

“As a customer, you don’t need to remember the token. The end-customer experience is not changing while making the payment,” 

Is the tokenization service free?

Yes, tokenisation of card is absolutely free, and can be availed by anyone. Currently, tokenisation is applicable only to domestic cards. International cards are not covered by this guideline. You can request for tokenisation on any number of cards to perform a transaction. “If a merchant has not integrated with the card network and bank issuing the cards by December 31, you will have to enter the card details every time, as you cannot store your card details in the token format,” 

Does a card have different tokens for different merchants?

One token is limited to just one card and one merchant (online portal). For instance, if you have, say, an ICICI Bank credit card tokenised on Amazon, then, this same card will have a different token on Flipkart. However, as a customer you don’t need to know or remember the token linked with the card. You can tokenise multiple cards with the same merchant, or tokenise the same card with multiple merchants.

What is the best way to manage my tokens?

If you have multiple cards and like to shop online frequently, there’s a better way to manage your tokens. Say, you want to remove some tokens you had got long ago from a specific website. Mathur of Razorpay says that an issuer bank will now provide a dedicated portal (on its own bank’s website) to manage tokenised cards. In simple words, your dashboard would now show you a list of your cards and where (merchants) you have tokenized them. Delete the tokenised cards of websites you do not use frequently.

What will happen to the token once the card gets replaced or renewed or reissued or upgraded?

You need to visit the merchant page and create a fresh token. That is because your new card (credit or debit) comes with a new number and CVV. 

Sunday, December 19, 2021

BaaS - How Banking as a Service works

 


Digital Payments - In Future

Digital payments must be 

  • Faceless, 
  • Cashless and 
  • via completely electronic means of end to end transaction 

without compromising availability, provenance and traceability, repudiation and of course information security. 

Since last decade digital payments have garnered a lot of interest and adoption from the users and positively influenced the digital agenda for enterprises and governments.

According to Gartner,

  • 5 countries will launch digital initiatives to remove cash from circulation by 2023 fully replacing cash by digital means
  • Global cash in circulation will reduce after decades of year-on-year increases by 2024
  • Consumers using mobile proximity payment methods will be almost 2 billion, up from 2019’s figure of less than 1 billion, by 2024

Future Technologies of Digital Payments
Use of Biometric - Using unique fingerprints and facial recognition, digital payments can be enabled via authenticating the users and authorizing the transactions, offering accurate, secure, instant and hassle-free way, rather than remembering various PINs and passwords from multiple entities and keeping track all the time. Most of the digital payment players leverage device based authentications and tokenize the transactions without need of user interventions. Most of the payment wallets running on the mobile devices have successfully paved way of this method and good amount of research and development is happening in this area.
Use of Voice/Speech Analytics and AI/ML based algorithms - They have been around for few years now and are driving the way we control our home appliances, even interact while driving, etc. As these technologies will become more efficient and accurate the digital payments would be the ones to leverage them in real life. This will help create more secure and simple way to trade and transact within the digital payment domain.
Near Field / Contactless - Using proximity of device via EVM & RFIDs, POS machines via NFC - there are many ways embedded workflows can be built to provide easy and secure way to transact. There are major credit card players already issuing the contactless that will work with ATMs and POS terminals and even interact with the mobile devices by and between the stakeholders involved in the workflow.
DLT's – Digital Ledgers / Blockchains’ foray with digital currency is well known and many regulators are finding ways to strike a balance between autonomous currencies and digital payments, which is significantly decentralized, anti-fraud and business continuity driven DLT’s will surpass our expectations and establish the technological governance to fool proof the digital transactions in years to come.
AI/ML and Data Science – It will substantially improve the insights on the volume and velocity of digital transactions which is a common barrier for fraud detection, risk management and regulatory mandates etc. Use of AI/ML coupled with established data science practices will pave way for governments and banks for traceability, customer acquisition and retention, royalty management, credit scores, marketing etc., expanding the canvas of intelligence of digital payment transactions.
The first wave of the digital payments started a few years ago. Users can no longer be constrained by banking hours, type of devices, physical cards etc., to transact by and between entities. 

AI - In Banking

 


Sunday, November 07, 2021

Revenue Streams for Financial Sectors/Banks

 Its NOT that easy to define revenue model for Financial Sectors and Banks. There are 5 Main streams for Financial sectors. Its also applicable to Banks

  1. Interchange
  2. Interest
  3. Payments
  4. Financing
  5. Software
Interchange is the portion of spend that the card issuer gets after cardholders use the cards to spend.

Interest paid on balances is perhaps the most obvious revenue stream in banking: simply park funds in a bank and let it pay you at the end of the month.

Just like banks, Financial Companies also, can get revenues from payment fees. Building a banking experience means offering payments in the form of ACH, wire, checks and bill pay.

Financing means giving your customers funds today and expecting them to pay them back in the future, potentially with an added fee or interest. 

Software revenues are the last (and often most overlooked) type of revenue associated with financial features. As the features become an important pillar in your software, you may choose to offer them at an extra cost.

Rise of Alternative Payments

 


Data -> Information -> KNOWLEDGE -> Wisdom

 


Saturday, May 22, 2021

How Does the Cash Back Debit Card Process Work?

The idea behind debit card cash back transactions is as simple as making change for any payment over the exact amount. At checkout, the customer can enter an amount of cash they would like to receive back. That amount is added to their purchase total, and the merchant gives the overage back as cash from the register. Cash back can only be given on debit card transactions, not credit cards (although Discover offers an exception to this rule).

Merchants can decide how much cash they are willing to offer back, but there are maximum upper limits, set by the card networks, which vary from region to region.

On the back end of the transaction process, cash back requires some special handling. What this means for merchants is that their payment terminals must have cash back functionality. They must be able to track the transaction and cash back amounts separately so they can be identified in authorization and clearing messages, and they must be able to handle Issuer Responses related to the cash back service.

Another rule is that merchants cannot process cash-back-only transactions; the total transaction amount must be higher than the cash back amount.

Though its widely used in America. Its NOT that much used in europe countries. For example, Its NOT allowed in netherlands

From Electronic to Digital Money

 


Friday, January 01, 2021

Biometrics Cards - 3

 BIOMETRIC PAYMENTS MYTHS & REALITIES:

1) Myth: Card stores the picture of the fingerprint.
Reality: The encrypted image stored in a series of digital 1’s & 0’s and not an actual picture. So the original image can’t be reverse-engineered.

2) Myth: The biometric data shared with every merchant.
Reality: The biometric data stored on the chip and so never leaves the card

3) Myth: The battery embedded in the card needs charging periodically.
Reality: So an electromagnetic field generated by the payment terminal provides the power needed by the card.

4) Myth: If dirt or sweat clings to the biometric emv card and the transaction will fail.
Reality: If biometric verification fails after multiple attempts due to some unknown reason. And the card will switch to PIN verification to authorize the transaction.

5) Myth: If the card’s stolen/lost, all the money stolen through contactless transactions.
Reality: A PIN entered from time to time to verify whether the cardholder is genuine.

6) Myth: Payment can be accidentally triggered for someone else if walking close to the contactless payment terminal
Reality: There is no chance of ending up paying for someone else’s transaction. Because contactless biometric emv card work
only and when they are a few centimeters away from the payment terminals