Over the next five years, the retail banking business in Russia will change dramatically - payment technologies are rapidly developing. Major changes have already taken place: electronic databases are being introduced, processing systems are being improved, legislation and the market environment are changing. Internet banking and mobile banking will gradually displace conventional tellers from the banking business.

What is a payment system

A payment system is understood as a set of rules and means that allow settlements to be made between the buyer of a product or service and a trade or service organization. A payment includes a set of transactions for authorization, settlement and transfer of payments, as well as other financial and non-financial information. Typically the payment process involves:

  1. Client, buyer
  2. Shop, seller of goods or services
  3. Bank as a guarantor of payment legitimacy
  4. A processing company acts as a technological intermediary between all parties to the transaction.

There are several main types of non-cash payments

  • Using a bank card and personal code indicated on the card
  • Using an electronic wallet (a separate application of the payment system)
  • Using an electronic invoice with authorization via an Internet browser
  • Using a mobile phone from the client's account with a mobile operator
  • Using mobile banking (when the bank account is linked to the client’s mobile phone)

Payment systems user interface

Are you wondering what a client’s personal account looks like in various payment systems?

Internet banking, mobile banking

Use of non-cash funds

Cash payments

To date, only one type of remote cash payment for goods or services is known - through payment terminals of independent payment systems (for example, QIWI) or through similar bank terminals. Payment is accepted through the automatic bill acceptor of the terminal.

Transfer of electronic funds between payment systems

Find out more about security in payment systems

Payment systems protect payment transactions to prevent payments from intruders. Firstly, encrypted protocols are used. Secondly, each payment is often protected by confirmation using a code sent via SMS to the customer's registered phone number. Thirdly, if we are talking about Internet payments using plastic cards or electronic wallets, transactions in the payment system can be additionally protected by binding to a specific computer or IP address, as well as time-limited authorization methods - this helps to avoid logging into the system another user on public computers.

Each payment system tries to certify the participants in the transaction - the seller and the buyer. In order to receive a certificate in the electronic payment system, an individual is required to provide identification data (for example, a passport). Organizations provide legal documents indicating registration and availability of appropriate licenses for their activities.

Doing business on the Internet has ceased to be something innovative and has become a “self-evident” concept. Almost every store has its own store or catalog online.

However, as easy as it is to find and order a product online, it is just as difficult to pay for the product online; in this case, I’m talking specifically about Belarus. In the best case, a courier with a terminal will come to you to make payment by card. One of the reasons for this phenomenon lies in the low culture of the population in the field of electronic payments. It comes from a banal misunderstanding of how it works.

In this article I want to talk about the key points of making an online payment.

A little theory, diagrams and important points

First, a little theory.

1. To make your payment online, the client needs to transfer his hard-earned money into electronic form. To do this, you need to go to the bank and open an account there. After this, dear cash turns into a set of bytes on one of the bank servers. In reality, there is no need to go anywhere, because the banking system in the country is quite developed. According to statistics, the population has more than 10 million bank cards, so we can safely say that every person in our country has a bank (debit, credit, salary) card, which means there is “electronic” money. The bank that issues the payer's card and ensures the safety of funds on it is called the Issuer.

2. In order for clients of different banks to be able to make payments without problems and use any terminal or ATM, and not just the services of “their” bank, a common standard for interaction between banks and some kind of regulator is needed that would ensure this interaction. This role is performed by processing centers. These centers are the international payment systems Visa and MasterCard. Within our country there is also BelKart and the Bank Processing Center. Each bank that issues you a card with the BelKart Visa MasterCard logo is a participant in this system.

3. In order to accept card payments, you again need to go to the bank and open a special “Merchant Account” or Merchant Account there. The bank where you can open such accounts is called an Acquirer.

Let's see how all this already works using the example of the usual card payment in a regular store.

1. They tell you the amount - you hold out your card.

2. Your card is swiped through a special device (terminal), which reads the data from the card.

It's important to understand that only the card number and owner information are read.

PIN code or CVC code are security elements - the data on them is not embedded in a magnetic stripe or chip. Therefore they cannot be read as easily. You may be asked to confirm the check with a signature or PIN. But you can’t just name or transfer this data. This is important to know and remember - in order to avoid possible fraud with your card

3. The terminal is programmed to make a specific request to the acquiring bank, which issued the device data to the store. This request contains a pointer to the merchant/store account number at this bank and card details.

4. Having received this request, the bank sends a request with card data to the processing center. The processing center determines the card issuer and sends a request to this bank. The Issuer Bank, in turn, checks whether the requested funds are on the card account and, if so, freezes them and gives a positive response to the operation.

5. The Acquiring Bank gives a positive response to the terminal - and your payment is successfully processed.

Important point in this scheme, which many miss. The issuing bank freezes the money in the client's account, and does not make an instant transfer from the client's account to the seller's account. Depending on the location and operating rules of banks, the final transfer of funds can take up to several days. Often, many traders have a misunderstanding at this point. The payment is approved - the goods are delivered, but there are no funds in the account. It's okay - they will be there within the next few days.

How is payment on the Internet fundamentally different from the scheme described above? Not many, actually. The Acquirer Bank and the Issuer Bank, as well as the scheme of their interaction remain unchanged. The only difference is how the request gets to the acquiring bank. To implement online payment, the Acquiring Bank must open access to its data center. In order to protect itself, the bank opens this access either to its division responsible for online payments or to certified processing companies.

These companies perform 2 roles:

  1. They ensure the payment is checked for fraud before entering the bank's network.
  2. They provide a convenient request form for marketplaces. As a rule, you need to make a simple POST request to the resource of the processing company, which will then turn it into the necessary request for the bank (essentially posing as a terminal). This is also convenient if the merchant changes the Acquiring Bank - the trading platform does not need to change the integration.

So, now let's see how it works in case of online payment.

  1. You go to the cart on some trading platform.
  2. You will be shown the order amount and a form for entering your payment and personal data. Looks like the picture for the article.
  3. After filling out all the information, you click the “Pay” button.
  4. The platform collects your data and generates a request for the processing company.
  5. The processing company checks it and sends it to the Acquiring Bank.
  6. The following scheme is similar to the previous one: Acquirer Bank - Processing Network - Issuer Bank
  7. The processing company delivers the result to the site.

There are even simpler payment schemes: the trading platform simply redirects the client to the Payment page of the Processing company. Next, the client will be greeted with a convenient data entry form, shown a beautiful spinner while the payment is being processed, and just as gently shown the payment result and returned to the site from which the client came.

Hence the main conclusion: if you want to start accepting payments on your trading platform, you need to contact the Bank, which opens “Merchant Accounts”, or a processing company that will study your business and select the appropriate Acquiring Bank for you, and also help with integration your site.

If there is interest in this article, in the following articles I can talk about various types of integration of your site, touch on the main points of security, payment schemes and cancellations.

In the twenty-first century, Internet payment systems have become almost a generally accepted method that allows you to make payments with customers and clients online. Thousands go through this electronic payment system service and this is a completely normal practice for many residents. The concepts of electronic money and payment systems have firmly entered the vocabulary of both Internet users and financiers. You can create an electronic wallet on the Internet in a matter of minutes and almost always for free. The existing electronic money system allows any type of exchange: within the system, exchange between different electronic money and different currencies; exchanging electronic money for non-cash or cash and vice versa. You can deposit money into and withdraw money from the electronic system through banks, checks, etc. The scope of use of electronic money is expanding every day, more and more people are starting to use electronic money. You can also use electronic money to pay for goods and services purchased on the Internet, you can pay fines, Internet services and much more. All this can be done while sitting at home at the computer. Purpose of the study: study and analysis of the protection of electronic payment systems. Object of study: security of payment systems.

Subject of research: methods of protecting payment systems.

To achieve this goal, it is necessary to consider the following issues:

1. Payment systems

2. Types of electronic payment systems

3. Principles of operation of electronic payment systems

4. Ensuring the security of payment systems

5. Vulnerabilities and methods of protection

1. Electronic payment systems

1.1 Payment system

A payment system is a set of rules, procedures and technical infrastructure that ensure the transfer of value from one economic entity to another. Payment systems are one of the key parts of modern monetary systems.

It is usually understood that money is transferred through payment systems. From a legal point of view, in most cases there is a transfer of debt: the funds that the payment system owes to one of the clients, it becomes owed to another client. When the first client transfers his money to the payment system, the amount of such transfer is recorded, that is, the amount of debt to the first client. By his order, the client can indicate that the payment system now owes not to him, but to the second client. When the second client contacts the payment system, he has the opportunity to receive the cash equivalent of such a debt. In some cases, the means of payment are not money or debts denominated in money, but conventional units of payment or specialized securities. Extended forms of payment systems (including physical or electronic infrastructure and associated procedures and protocols) are conducting financial transactions using ATMs, payment kiosks, POS terminals, stored value cards; electronic wallets. Electronic payment systems are a subtype of payment systems that provide electronic payment transactions via networks (for example, the Internet) or payment chips.

The electronic money system is presented in the form of sets of accounts that can exchange electronic money with each other.

Electronic money is the same money, only digital. With the help of electronic money, you can purchase goods or services on the Internet, and purchased products can be delivered directly to your home or office, using money while at your computer. You can pay for goods and services with electronic money, and you can also transfer money from electronic form to real form (paper). For example, you can transfer money from China to Russia or any other country in a couple of minutes. You can transfer money from an account to another account within the system, or to other systems. So you can withdraw money from your account through an ATM.

Electronic payment systems have made it possible to simplify financial transactions between sellers and buyers on the Internet. Electronic systems have contributed to the development of e-commerce; they allow transactions to be carried out instantly, just as in real life you paid for an item and received it immediately. Fast and convenient, there is no need to resort to the services of a bank and post office, wasting your time on concluding a transaction. If not electronic payment systems, then I had to go to the bank, transfer money to my account, order a transfer of money to the seller’s account, and then wait 2-8 days for the money to be delivered to the seller (Fig. 1).

Figure 1. Typical scheme for implementing electronic payment

In the Electronic Payment system, payments occur subject to certain conditions:

Maintaining confidentiality. When making payments via the Internet, the buyer needs to ensure that his data (credit card number and other information about him) is known only to organizations that have the legal right to do so.

Maintaining the integrity of information. Purchase information cannot be changed. payment electronic security information

Authentication. Buyers and sellers must be confident that everyone involved in the transaction is who they say they are.

Means of payment. Possibility of payment using any means of payment available to the buyer.

Seller's risk guarantees. When trading online, the seller is exposed to a lot of risks associated with product refusals and buyer dishonesty. The level of risk must be agreed upon with the payment system provider and with other organizations introduced into the trading network through certain agreements.

Minimizing transaction fees. Payment for processing order transactions and payment for goods is naturally included in their cost, so reducing the transaction price increases competitiveness. It is important to note that the transaction must be paid in any case, even if the buyer refuses the goods.

1.2 Principles of operation of electronic payment systems

An electronic payment system is a set of methods and entities implementing them that ensure the use of bank plastic cards as a means of payment within the system. A plastic card is a personalized payment instrument that provides the person using this card with the opportunity to make cashless payments for goods and services, as well as receive cash from ATMs and bank branches. Trade and service enterprises and bank branches that accept the card as a payment instrument form a receiving network of card service points. When creating a payment system, one of the main tasks to be solved is the development and compliance with general rules for servicing cards issued by issuers included in the payment system, conducting mutual settlements and payments. These rules cover both purely technical aspects of operations with cards - data standards, authorization procedures, specifications for the equipment used and others, as well as financial aspects of card servicing - settlement procedures with trade and service enterprises that are part of the receiving network, rules for mutual settlements between banks and etc.

From an organizational point of view, the core of the payment system is an association of banks, united by contractual obligations. In addition, the electronic payment system includes trade and service enterprises that form a network of service points. For the successful functioning of the payment system, specialized organizations are also needed to provide technical support for card servicing: processing and communication centers, technical service centers, etc. (Fig. 2).

Figure 2. Scheme of functioning of electronic payment systems

A bank that has entered into an agreement with the payment system and received the appropriate license can act in two capacities: an issuing bank and an acquiring bank (Fig. 3).

Figure 3. Payment terminal. Acquiring bank

The issuing bank issues plastic cards and guarantees the fulfillment of financial obligations associated with the use of these cards as means of payment. The acquiring bank serves trade and service enterprises that accept cards for payment as means of payment, and also accepts these means of payment for cashing in its branches and through its ATMs. The main integral functions of the acquiring bank are financial transactions related to the execution of settlements and payments by service points. Technical attributes of the acquiring bank’s activities (processing requests for authorization; transferring funds to settlement accounts of points of sale for goods and services provided using cards; receiving, sorting and forwarding documents recording transactions using cards, etc.) can be delegated by the acquirer processing centers. The non-automated procedure for accepting payment using a card is relatively simple. First of all, the cashier of the enterprise must verify the authenticity of the plastic card according to a certain number of criteria. When paying, the company must transfer the client’s plastic card details to a special check using an imprinter copy machine Imprinter(English imprinter) - a mechanical device designed to create a slip when performing a transaction with a payment card. A cliche is inserted into the imprinter, on which the identification data of the receiving point is embossed. The plastic card is inserted into the imprinter and the slip is inserted. An imprint of the identification data of the reception point and the client’s card remains on the slip, enter the amount for which the purchase was made or the service was provided on the check, and obtain the client’s signature. A check issued in this way is called a slip.

In order to ensure the security of payment system operations, it is recommended not to exceed the lower limits of amounts for various regions and types of business for which payments can be made without authorization. If the limit amount is exceeded or if there is doubt about the client’s identity, the company must carry out an authorization procedure. Upon authorization, the company actually gains access to information about the client’s account status and can establish the ownership of the card by the client and his payment ability in the amount of the transaction. One copy of the slip remains at the enterprise, the second is transferred to the client, the third is delivered to the acquiring bank and serves as the basis for reimbursement of the payment amount to the enterprise from the client’s account.

In recent years, automated trading POS terminals (Point-Of-Sale-payment at the point of sale) and ATMs have gained wide popularity. When using POS terminals there is no need to fill out slips. The details of a plastic card are read from its magnetic stripe on the reader built into the POS terminal. The client enters his PIN code (Personal Identification Number), known only to him, into the terminal. PIN code elements are included in the overall encryption algorithm for the magnetic stripe record and serve as the electronic signature of the card owner. The transaction amount is entered on the POS terminal keyboard. If the transaction is carried out at a bank branch and in the process cash is issued to the client, in addition to bank POS terminals, an electronic ATM cashier can be used. Structurally, it represents an automated safe with a built-in POS terminal. The terminal, via a built-in modem, applies for authorization to the appropriate payment system. In this case, the capacity of the processing center is used, the services of which are provided to the merchant by the acquiring bank.

A processing center is a specialized service organization that ensures the processing of authorization requests and transaction protocols received from acquiring banks or directly from service points - recorded data on payments made through plastic cards and cash withdrawals. For this purpose, the processing center maintains a database, which, in particular, contains data on member banks of the payment system and plastic card holders. The processing center stores information about cardholder limits and fulfills requests for authorization if the issuing bank does not maintain its own database (off-line bank). Otherwise (on-line bank) the processing center forwards the received request to the issuing bank of the authorized card. Obviously, the processing center also ensures that the response is forwarded to the acquiring bank.

The acquiring bank's performance of its functions entails settlements with the issuing banks. Each acquiring bank transfers funds to service points for payments from cardholders of issuing banks included in this payment system. Therefore, the corresponding funds must then be transferred to the acquiring bank by the issuing banks. The prompt execution of mutual settlements between acquirers and issuers is ensured by the presence in the payment system of a settlement bank (one or more), in which member banks of the system open correspondent accounts. Based on the transaction protocols accumulated during the operating day, the processing center prepares and distributes the final data for mutual settlements between banks participating in the payment system, and also generates and sends stop lists (lists of cards for which transactions for various reasons) to acquiring banks and directly to service points. suspended). The processing center can also meet the needs of issuing banks for new cards by ordering them at factories and subsequent personalization. The peculiarity of sales and cash withdrawals using plastic cards is that these operations are carried out by stores and banks “on credit”, i.e. goods and cash are provided to customers immediately, and funds for their reimbursement are credited to the accounts of service companies after some time (no more than a few days). The guarantor of fulfillment of payment obligations arising in the process of servicing plastic cards is the issuing bank. The nature of the issuing bank’s guarantees depends on the payment authority granted to the client and recorded by the type of card. The types of payments carried out using plastic cards include credit and debit cards. Credit cards are the more common of the types of plastic cards. These include cards from the nationwide Visa and MasterCard systems and others. These cards are used in retail establishments and to pay for goods and services. When paying with credit cards, the bank allows the buyer to open a loan for the purchase amount, and then after some time (25 days) sends an invoice by mail equal to the purchase amount. The buyer must return the paid check (invoice) back to the bank. Naturally, the bank can offer such a scheme only to the most wealthy and trusted of its clients who have a good credit history with the bank or solid investments in the bank in the form of deposits, valuables or real estate.

The holder of a debit card is required to deposit a certain amount into his account at the issuing bank in advance. The size of this amount sets a limit on available funds. When making payments using this card, the limit is reduced accordingly. This limit is controlled during authorization, which is mandatory when using a debit card. To restore or increase the limit, the cardholder must deposit funds into his account. Credit and debit cards can be not only personal, but also corporate. Corporate cards are given by a company to its employees to pay for travel or other business expenses. A company's corporate cards are linked to any one of its accounts. This card may have a split or unsplit limit. In separate cases, each corporate card holder is given a certain card limit. In the undivided version, it is better suited for small companies and does not involve limiting the limit. In recent years, electronic payment systems using microprocessor cards have attracted increasing attention. The fundamental difference between microprocessor cards and all those listed above is that they directly carry information about the client’s account status, since they are, in essence, a transit account. All transactions are made off-line during the card-terminal or customer card-merchant card dialogue. Such a system is almost completely safe due to the high degree of security of the microprocessor crystal and a full debit payment scheme. In addition, although a card with a microprocessor is more expensive than a regular one, the payment system turns out to be cheaper to operate due to the fact that in off-line mode there is no load on telecommunications. To ensure reliable operation, the electronic payment system must be reliably protected.

From an information security point of view, there are vulnerabilities in electronic payment systems:

1. Forwarding payment and other messages between the bank and the client.

2. Processing information from organizations of the sender and recipient of messages.

3. Clients’ access to funds spent on accounts.

More vulnerable points in the electronic payment system are the transfer of payment and other messages between banks, bank and ATM, bank and client. Forwarding payment and other messages is associated with the following features:

The internal systems of the sender and recipient must be adapted to send and receive electronic documents and provide the necessary protection when they are processed within the organization. The interaction between the sender and recipient of an electronic document is carried out through a communication channel.

To ensure the information security functions of the electronic payment system, the following security mechanisms must be used:

1. Message integrity control.

2. Confidentiality of messages.

3. Subscriber authentication.

5. The impracticability of refusing to take action on a message.

6. Registering a sequence of messages.

7. Access control on initial systems.

8. Monitoring the integrity of the message sequence.

9. Message delivery guarantees.

1.3 Types of electronic payment systems

Electronic money is a new phenomenon in economic science and home practice, which is why there are different opinions regarding what is considered electronic money. Some believe that electronic money is a perpetual monetary obligation of a banking or other company, expressed in electronic form, certified by an electronic digital signature, used as a means of payment and repaid at the time of presentation with ordinary money.

Others say that this is a monetary value, which represents a claim on the issuer, which is contained on an electronic device, is issued after receiving funds in an amount not less than the volume of obligations assumed, and is accepted as a means of payment not only by the issuer, but also by other companies. The third is that it is an electronic analogue of cash that can be purchased, it is stored electronically in special devices and is at the disposal of the buyer.

Smart cards or certain computer systems are used to store money. This is information transmitted by any means of electronic communication, in the form of banknotes when making payments on the Internet, or without it.

At the consumer level, users classify as electronic money any payment services that allow making payments for goods or services, creating payments between users using electronic means of communication, mainly using the Internet. Electronic money is the same as regular money, only more convenient. You can also earn them, pay for goods and services with them, such as burning the Internet, television and others, receive and transfer, accumulate and other functions. It can be noted, as with ordinary money, cash payments occur in real time, in some cases anonymously.

There are two main groups of electronic money, which differ in the type of media:

Based on smart cards (electronic wallet)

Network-based (network money)

Smart cards are multi-purpose plastic cards with chips built into them, this chip is a microprocessor. A money file equivalent to money, previously transferred to the issuer of these cards, is deposited onto such a chip. Bank users can transfer money from their accounts to smart cards, transactions can be carried out within the limits of the amount of funds credited to them. The procedure for maintaining a personal account for a smart card differs from the procedure for maintaining a personal account for traditional cards. An ordinary card does not contain information about the cash balance of the account; it is only used as a tool for accessing the current account. At the moment when funds are credited by the bank to the card, no receipt is made to this bank card. At the time of such replenishment of the smart card funds on the personal account, the amount by which the card was topped up is reduced. Electronic cash appears on the card, resulting in possible secure authorization of offline transactions.

Chip cards are classified:

1. debit/credit cards;

2. electronic cash

Debit/credit chip cards are simple debit or credit cards containing a microprocessor (chip). Unlike cards with a magnetic stripe, they have additional identification data on the card; there are customized parameters that can improve the security and efficiency of various operations. Operations with such cards remain the same.

Pre-authorized cards are e-wallets and e-cash cards allow the storage of a sum of money on the card and are therefore called stored value cards, which are different from debit and credit cards. On such chip cards, a certain balance of available funds is stored in the chip. Before carrying out the operation, it is compared with the amount of the operation and, in a good case, the result of the check performed is reduced by the amount of the requested operation. Such card transactions are performed offline, without communication with the bank at the time of use of the transaction.

The main feature of pre-authorized cards from an electronic wallet and electronic cash is that the amount is written off from the user’s account only after the processing center receives settlement information about the transactions that occurred. When a certain amount is credited to an electronic wallet or an electronic cash card, this amount is instantly debited from the card user’s card account. If an electronic cash card is lost, the amount on it is lost to the card user. This is similar to an e-wallet card and an e-cash card with a regular cash wallet.

The electronic wallet system, as a financial product, has a certain limitation on the amount of funds stored in the wallet and its use for relatively small payments.

The peculiarity of chip cards that implement the concept of electronic cash is that they use special electronic devices that function autonomously and confidentially without communication with the issuer. The card owner has the opportunity to check the balance of money on the card, transfer money to another card, send money by phone, exchange a money file back to traditional money, etc. An indicator of such a card is the “Mondex” bank card.

To save funds transferred from a bank account, a device called a wallet (Mondex wallet) has been implemented, which allows you to transfer funds from card to card, read the balance, and change the PIN. Funds on the card have every chance of being transferred from the wallet as needed. Thanks to this, the anonymity of transactions was ensured and the security of the system was increased: part of the money is in the wallet, and some of it is on the card. In addition, the Mondex system envisages the introduction of ATMs for cashing out funds and trading terminals for transferring funds from the client’s card to the merchant’s card, who then, using a “Mondex” compatible phone, can credit the funds accumulated on his card to the company’s bank account. In a payment system that uses electronic cash cards, there are restrictions on transactions with merchant cards. Thus, the so-called quality of operational safety is guaranteed. Electronic money is becoming a less dangerous system.

Payment associations Visa International., MasterCard Int. and Europay Int. created a working group that developed international “ISO” standards for cards with a microprocessor, the standard is called “EMV” (the name is collected from the first capital letters of the systems of the main developers, such as EuroPay/MasterCard/Visa).

The European Union decided to transfer plastic cards to smart cards or “EMV” EMV(Europay, MasterCard and VISA) is an international standard for transactions using bank cards with a chip. This standard was developed jointly by Europay, MasterCard and Visa to improve the security of financial transactions.” cards. At this time, there are options for combining payment system products on the smart card core:

1. MasterCard has proposed connecting pre-authorized card and debit/credit card applications. In this case, operations occur both online to replenish the card account within a certain limit for the amount of one offline transaction, and offline to execute payments (See Fig. 4)

Rice. 4. Example of an electronic payment card MasterCard

2. Visa introduced multi-application EMV cards. The system guarantees buyers additional Convenience when using payments using Visa debit or credit cards and mobile phones. The solution is based on the developments of EMV and Infrared Financial Messaging, or IrFM (an international standard that ensures compatibility of devices when transmitting data via infrared channels). Visa card users and SKT system subscribers have every chance to pay for goods and services by sending an encrypted infrared signal from their mobile phone to small infrared receivers that are built into POS terminals at points of sale, vending machines, a variety of transport terminals and other devices that receive such payments (Fig. 5)

Rice. 5. Example of an electronic Visa payment card

Also, the payment data of the card user will be securely stored in the EMV-compatible microprocessor of the mobile phone. Apparently, the initialization of payment transactions in the future will occur not only from the corresponding mobile phones, but also from other mobile devices with an IR port.

The 2nd group of electronic funds includes network money, which is issued in the form of a sent currency file by the organizer of payments upon receipt of ordinary money, stored in memory on PC hard drives or other removable media and transferred during payments via electronic communication channels, including through the Internet. They are used to pay for goods and services in web stores and other companies doing business on the Internet. They are also allowed to be exchanged for traditional money. By its nature, electronic money is closer to non-cash bank money.

Different electronic payment systems organize work with electronic funds in different ways. For example, in the digital cash model, the guarantee of safety is the strength of the cryptographic protocols used in the creation (issuance) of digital funds and regulating their circulation. By analogy with cash bills, digital money, like electronic documents, contains a nominal price, an indication of the issuer, personal characteristics: series, number, etc. Elements of protection against counterfeiting by verifying them with the digital signature of the issuer. To ensure the anonymity of circulation of digital money, individual characteristics are selected by their future owner and are transferred in a closed form to the issuer for signature. The issuer signs the banknote “blindly” (without knowing its personal characteristics, but knowing exactly the denomination), for which a special digital signature and cryptographic protocol are used.

Therefore, the issuer can control only the size of issued digital funds, but not their distribution among respondents, which guarantees complete anonymity of calculations. When issuing digital money in exchange for cash or other means of payment, the issuer may not even know the respondent. To eliminate repeated calculations with the same electronic banknote, digital money is made “disposable”; any banknote is used for payments only once. For this purpose, the issuer is obliged to maintain a database of used banknotes and check it with each payment. The issue and use of digital money are not regulated by current legislation, therefore their mobility is guaranteed by the issuer and is based on agreements on their use as means of payment.

The main advantages of electronic money compared to non-cash payments through a bank include the following parameters:

1. Low cost of transaction and transfer from one electronic account to another;

2. High speed of the transaction, which is limited only by the capabilities of the payment system; practically the action occurs instantly.

The main disadvantages of electronic money are that:

1. The issuer of electronic money is not the state, but a specific payment system, which is responsible for maintaining their solvency;

2. The use of electronic money is possible only within the issuing payment system;

3. There are security problems when making electronic payments.

In Russia, electronic payment systems are mainly used, such as PayPal, QIWI, Web Money, Yandex. Money, RUpay, E-gold, E-port, Pay Cash, Money Mail, Cyber ​​Plat, Rapida, etc.

2. Protection of information of electronic payment systems

2.1 Ensuring the security of payment systems

Banking operations, trade transactions and mutual payments are impossible to imagine without payments using plastic cards. The system of non-cash payments using plastic cards is called an electronic payment system. To ensure normal operation of the electronic payment system, it must be reliably protected.

It is believed that there are vulnerabilities in information security in electronic payment systems:

Forwarding payment and other messages between banks, between a bank and an ATM, between a bank and a client;

Processing of information by the organization of the sender and recipient;

Customer access to funds spent on accounts.

Forwarding payment and other messages has the following features:

The internal systems of the sender and recipient organizations are required to provide suitable protection when processing electronic documents (end system protection);

The interaction between the sender and recipient of an electronic document is carried out directly through the communication channel.

These features cause difficulties:

Mutual identification of subscribers (the problem of establishing mutual authenticity when establishing a connection);

Protection of electronic documents transmitted via communication channels (problem of ensuring confidentiality and integrity);

Protection of the process of exchanging electronic documents (the problem of proving the sending and delivery of a document);

ensuring the execution of the act (the problem of mutual distrust between the sender and the recipient due to their belonging to different organizations and mutual independence).

To ensure information security functions, some nodes of the electronic payment system must implement security mechanisms:

Access control on initial systems;

Message integrity control;

Ensuring the confidentiality of the message;

Mutual client authentication;

Message delivery guarantee;

Impossibility of refusing to take action on a message;

Logging a sequence of messages;

Message sequence integrity monitoring.

Electronic plastic cards are used as means of payment in electronic payment systems.

An electronic plastic card is a carrier of certain information that identifies the user and stores certain data.

Distinguishing between credit and debit cards.

Electronic cards are a more common type of plastic card. Electronic cards are used to pay for various goods and services. When paying with a credit card, the client's bank opens a loan for the amount of the purchase, and then after a while sends an invoice by mail for the amount of the purchase made. The buyer must return the paid check back to the bank. Of course, the bank can recommend a similar scheme only to the wealthier and more trusted of its own clients, who have a good credit history with the bank or significant deposits with the bank in the form of deposits, valuables or real estate.

A plastic card is a plate made of a special plastic that is resistant to mechanical and thermal effects. According to the ISO 9001 standard, all plastic cards have dimensions of 85.6x53.9x0.76 mm.

To identify the owner, the following are applied to the plastic card:

logo of the issuing bank;

logo of the payment system servicing this card;

Cardholder Name;

cardholder account number;

card expiration date, etc.

In addition, the card may contain a photo of the owner and his signature.

Alphanumeric data (name, account number, etc.) can be embossed, i.e. printed in raised font. This makes it possible, when manually processing cards accepted for payment, to quickly transfer data to a receipt using a special device - an imprinter that “rolls” the card.

Based on the operating principle, a distinction is made between passive and active plastic cards. Passive plastic cards just store information. These include plastic cards with a magnetic stripe.

Cards with a magnetic stripe are still more common - there are more than two billion analogue cards in circulation. The magnetic stripe is located on the back of the card and, in accordance with the ISO 7811 standard, consists of 3 tracks. Of these, the first two are intended for storing identification data, and the third track allows you to enter information (for example: the current value of the debit card limit). However, due to the low reliability of the repeated write/read process, magnetic stripe recording is not usually practiced.

Magnetic stripe cards are relatively vulnerable to fraud. To increase the security of their cards, Visa and MasterCard/Europay systems use additional graphic security measures: holograms and non-standard fonts for embossing. Embossers (devices for embossing relief on a card) are produced by a limited number of manufacturers. In a number of Western countries, the free sale of embossers is prohibited by law. Special symbols confirming that the card belongs to a particular payment system are supplied to the owner of the embosser only with the permission of the governing body of the payment system.

Payment systems with such cards require on-line authorization at retail outlets and, as a result, the presence of extensive, high-quality communication means (telephone lines).

A distinctive feature of an active plastic card is the presence of an electronic chip built into it. The ISO 7816 standard defines the basic requirements for integrated circuit cards or chip cards.

Cards with a chip can be classified according to two criteria.

The first sign is the principle of interaction with the reading device. Main types:

cards with contact reading;

cards with contactless (inductive) reading.

A contact-reading card has 8 to 10 contact plates on its surface. The placement of contact plates, their number and the purpose of the pins are different for different manufacturers, and it is natural that readers for cards of this type differ from each other.

Data exchange between the contactless card and the reader is carried out inductively. Obviously, such cards are more reliable and durable.

The second sign is the functionality of the card. Main types:

counter cards;

memory cards;

microprocessor cards.

Counter cards are used, as a rule, in cases where a particular payment transaction requires reducing the balance in the cardholder's account by a certain fixed amount. Such cards are used in specialized prepaid applications (payment for using a pay phone, paying for parking, etc.). It is obvious that the use of cards with a counter is limited and does not have much prospects.

Memory cards are transitional between counter cards and microprocessor cards. The memory card is a rewritable meter card that has measures in place to make it more secure from malicious attacks. The simplest memory cards have a memory capacity from 32 bytes to 16 KB. This memory can be organized as:

programmable read-only memory (EPROM), which can be written once and read many times;

An electrically erasable programmable read-only memory (EEPROM) that can be written to and read multiple times.

Memory cards can be divided into two types:

with unprotected (fully accessible) memory;

with protected memory.

In the first type of cards there are no restrictions on reading and writing data. These cards cannot be used as payment cards, as they can be easily hacked.

Cards of the second type have an identification data area and one or more application areas. The identification area allows only one entry during personalization and is then only available for reading. Access to application areas is regulated and is carried out only when performing certain operations, in particular when entering a secret PIN code.

The level of protection of memory cards is higher than that of magnetic cards. As a means of payment, memory cards are used to pay for public payphones, travel on public transport, and in local payment systems (club cards). Memory cards are also used in systems for access to premises and access to computer network resources (identification cards).

The smart card provides a wide range of functions:

differentiation of access rights to internal resources;

data encryption using various algorithms;

formation of an electronic digital signature;

maintaining the key system;

performing all operations between the cardholder, bank and merchant.

Some smart cards have a "self-locking" mode if unauthorized access is attempted.

Important stages in the preparation and use of a plastic card are personalization and authorization.

Personalization occurs when the card is issued to the buyer. Data is recorded on the card that allows you to identify the card and its owner, as well as check the solvency of the card when paying or issuing cash. The original method of personalization was embossing.

Personalization includes magnetic stripe coding and chip programming.

Magnetic stripe encoding is usually done on the same equipment as embossing. At the same time, part of the information about the card, which stores the card number and its validity period, is the same both on the magnetic strip and on the relief. But there are situations when, after initial encoding, you need to add additional information to the magnetic stripe. In this case, special devices with a read-write function are used. This is possible, in particular, when the PIN code for using the card is not generated by a special program, but is chosen by the client at his own discretion.

Programming a microcircuit does not require special technological techniques, but it does have some organizational features. Thus, operations for programming individual areas of the microcircuit are distributed geographically and are differentiated according to the rights of various employees. Typically this procedure is divided into three stages:

at the first workplace the card is activated (putting it into use);

at the second workplace, operations related to ensuring safety are performed;

in the third workplace the actual personalization is carried out.

Such measures increase security and eliminate possible abuse.

Authorization is carried out either manually or automatically. In the first case, voice authorization is carried out when the seller or cashier transmits the request to the operator by phone. In the second case, the card is placed in an automated trading POS terminal (Point-Of-Sale - payment at the point of sale), the data is read from the card, the cashier enters the payment amount, and the cardholder enters the PIN code (Personal Identification Number) . After this, the terminal carries out authorization by establishing a connection with the payment system database (on-line mode), or implementing additional data exchange with the card itself (off-line mode). When issuing cash, the process is similar, with the only peculiarity that the money is automatically issued by an ATM, which carries out authorization.

A proven way to identify the owner of a plastic card is to use a secret personal identification number PIN. The PIN value should only be known to the card owner. On the one hand, the PIN must be long enough so that the probability of guessing by brute force is acceptably small. On the other hand, the PIN must be short enough for the owner to remember it. Typically the PIN length ranges from 4 to 8 decimal digits, but can be up to 12.

The PIN value is uniquely associated with the corresponding attributes of the plastic card, so the PIN can be interpreted as the signature of the cardholder.

Protecting the personal identification number PIN for a plastic card is critical to the security of the entire payment system. Plastic cards can be lost, stolen or counterfeited. In such cases, the only countermeasure against unauthorized access is the secret PIN value. Therefore, the clear form of the PIN should only be known to the rightful card owner. It is never stored or transmitted within the electronic payment system.

The method for generating the PIN value has a significant impact on the security of the electronic payment system. In general, personal identification numbers can be generated either by the bank or by cardholders.

If the PIN is assigned by the bank, then one of two options is usually used.

In the first option, the PIN is cryptographically generated from the cardholder's account number. Encryption is carried out using the DES algorithm using a secret key. Advantage: The PIN value does not need to be stored within the electronic payment system. Disadvantage: if you need to change the PIN, you must change either the client's account number or the cryptographic key. But banks prefer that the customer's account number remains fixed. On the other hand, since all PINs are calculated using one key, changing one PIN while maintaining a customer account entails changing all personal identification numbers.

In the second option, the bank selects a PIN randomly, storing this value as a cryptogram. The selected PIN values ​​are transmitted to cardholders over a secure channel.

Using a PIN assigned by a bank is inconvenient for clients, even if it is short. Such a PIN is difficult to remember, and therefore the cardholder may write it down somewhere. The main thing is not to write the PIN directly on the card or other visible place. Otherwise, the task of attackers will be greatly facilitated.

For greater client convenience, a PIN value selected by the client is used. This method of determining PIN allows the client:

use the same PIN for different purposes;

enter not only numbers, but also letters into the PIN (for ease of memorization).

The PIN selected by the customer can be sent to the bank by registered mail or sent through a secure bank office terminal, which immediately encrypts it. If the bank needs to use the PIN chosen by the client, then proceed as follows. Each digit of the PIN selected by the client is added modulo 10 (excluding transfers) with the corresponding digit of the PIN withdrawn by the bank from the client’s account. The resulting decimal number is called the "offset". This offset is stored on the client card. Since the displayed PIN is random, the PIN selected by the client cannot be determined by its offset.

The main security requirement is that the PIN value must be remembered by the cardholder and should never be stored in any human-readable form. But people are imperfect and often forget their PINs. But for such cases, special procedures are intended: restoring a forgotten PIN or generating a new one.

When identifying a client by the PIN value and the presented card, two main methods of checking the PIN are used: non-algorithmic and algorithmic.

The non-algorithmic method is carried out by directly comparing the PIN entered by the client with the values ​​​​stored in the database. Typically, the customer PIN database is transparently encrypted to increase security without complicating the comparison process.

The algorithmic way of checking PIN is that the PIN entered by the client is converted according to a certain algorithm using a secret key and then compared with the PIN value stored in a certain form on the card. Advantages of this verification method:

the absence of a copy of the PIN on the main computer prevents its disclosure by bank personnel;

the absence of PIN transmission between the ATM or POS terminal and the main computer of the bank excludes its interception or imposition of comparison results;

Simplification of the work on creating system software, since there is no longer a need for real-time actions.

Promising solutions. Mobile banking

The main area of ​​application of the Mobil-ID + EDS SIM card is the use of a mobile phone to confirm transactions that require strict procedures for verifying the authenticity of data and subjects of information interaction. WirelessPKI services for a cellular operator must be provided by a special service provider called a Mobile Signature Service Provider (MSSP).

In practice, two-channel multifactor mobile authentication based on a Mobil-ID SIM card + digital signature will allow not only to identify the owner in the electronic service delivery system, but also to use electronic signatures throughout the entire communication session or even at the end of the phone call. The owner will no longer have to remember all of their passwords and usernames. He will be able to completely abandon coded bank cards and PIN calculators. If for different services the user is now forced to use different identification data (passwords and usernames), then such a SIM card will allow you to log in to all services with one single personal code. Functionally, the owner of the new SIM card will be able to perform the same electronic operations as owners of regular smart cards - access online banking, service portals, sign various contracts, etc. At the same time, MSSP provides two-channel support for strong authentication based on combinations of many factors , including GOST R. 34.10-2001, GOST R. 34.11-94 (public key cryptography), GOST 28147-89.

2.2 E-commerce security

The high level of fraud on the Internet is a deterrent to the development of e-commerce. People mainly use the Internet as an information channel to obtain information that interests them.

Classifications of possible types of fraud in e-commerce:

Transactions (non-cash transactions) carried out by fraudsters using the correct card details (card number, expiration date, etc.);

Obtaining customer data through hacking the database of trading enterprises or by intercepting customer messages containing his personal data;

Butterfly shops (scammers), which usually appear for a short time, only to disappear after receiving money from customers for non-existent services or goods;

An increase in the cost of goods in relation to the price offered to the buyer or repeated debits from the client’s account;

Stores or sales agents designed to collect information about card details and other personal data of the buyer.

SSL protocol

The SSL - Secure Socket Layer protocol provides data protection between service protocols and transport protocols (TCP/IP) using modern cryptography in point-to-point connections. Previously, it was possible to view the data exchanged between clients and servers without any special technical tricks.

The SSL protocol is designed to solve traditional problems of ensuring the security of information interaction:

the user and the server must be mutually confident that they are exchanging information not with fake subscribers, but with those that are needed, not limited to password protection;

after establishing a connection between the server and the client, the entire information flow between them must be protected from unauthorized access;

and finally, when exchanging information, the parties must be sure that there are no accidental or intentional distortions in its transmission.


This is a fast and convenient way of payment. Electronic Payments are used to pay for Goods and services, top up a mobile account, pay for utilities, pay off Loans, etc.

Requirements for an electronic payment system: security, reliability, simplicity. The system must guarantee the confidentiality of the client’s personal data and the safety of his savings; have a “friendly” interface and competent support service; and finally, work stably and quickly. These are the components of her image.

International payment systems

Borders in the modern world are arbitrary, but on the Internet there are none at all. People buy and sell all over the world and use international payment systems to do this.

The main ones:

PayPal is the world's most popular payment system. By opening an account for free, you get many opportunities: transferring funds to several users at the same time, multi-currency Payments, account insurance, etc. When registering, personal data (full name, address, etc.) is indicated. Paypal account replenishment is carried out through bank transfers and bank cards. Withdrawals for Russian users are not (yet) available.

MoneyBookers (Skrill) is another international payment system common in the Russian Federation. To work with it, no additional software is required; the system supports the Russian interface. One of the main “trump cards” is the ease of registration. Deposits and withdrawals of funds are made through Banks, as well as Visa and MasterCard.

Click2Pay is an electronic payment system created by a German company, but which has become international. In particular, it works in the Russian Federation and the CIS. Of the minuses, it does not support the Russian language, which is (partially) compensated by the presence of Russian-speaking support. A card is used to top up your account Visa.

Electronic payment systems of the Russian Federation

There are two undisputed “leaders” in RuNet:

1. WebMoney is the largest domestic electronic payment system (it supports several currencies and operates in different countries). Work in the system is carried out both through special software (WM Keeper), and a web interface and mobile applications. There is a system of certificates, the possession of which provides users with different amounts of authority. WebMoney is considered one of the most secure, but difficult to use systems.

2. Yandex Money is also a popular and reputable payment system. The main advantage over WebMoney is simplicity. A Yandex account gives access to all its services, including financial ones. You can work both through the website and through the wallet program. Currency - . You can pay utilities, pay for the Internet, buy in online stores, etc. However " Yandex money» cannot be used in commercial activities.

Among the Russian electronic payment systems we can also highlight: Z-Payment, E-port, RUpay, Rapida and others.

advantage>When building an Internet business, you cannot do without electronic payment systems. Each of them has its own “+” and “-”. The choice of a specific electronic payment system depends on the purpose and objectives of your Internet project.

Thanks to the Internet, many new things have appeared in the world that make life much easier. Among them are various electronic payment systems that allow you to pay for services and transfer funds without leaving your home.

Elena Zaitseva is with you, a financial analyst at HeatherBober magazine. I will talk about the features and capabilities of electronic payment systems and analyze the most popular ones. If you want to choose or change a service for remote financial transactions, you will find a lot of useful information in the article.

1. What are electronic payment systems

An electronic payment system (EPS) is an organization that provides mutual settlements between users on the Internet. The participants in the process are individuals and commercial enterprises, banks and other financial institutions.

The activities of EPS in Russia are regulated by the state. The main regulatory act is the law “On the National Payment System”.

Electronic payment systems allow:

  • pay for utilities, mobile communications, television, etc.;
  • purchase goods in online stores;
  • withdraw funds to bank cards and accounts;
  • exchange currency;
  • transfer money to other participants in the system, for example, within a business.

The list is incomplete. The capabilities of virtual services are extensive, their functionality is constantly being improved and expanded.

For payments, electronic money is used - virtual digital units issued by the system.

Features of digital cash:

  1. Issued only in electronic form.
  2. Backed by real money.
  3. Guaranteed by the EPS that issued them (issuer).
  4. Stored on electronic media.
  5. They are recognized not only within the system, but also during settlements with external counterparties.

Virtual money is stored in electronic wallets - this is the name of the user’s account in the selected system.

2. How they work

The operating principle of EPS is similar to traditional non-cash transactions. Each user has a personal account through which settlements are carried out with counterparties and between their wallets.

The simplified scheme of work is as follows:

  • real money is transferred to the user’s digital account;
  • At the internal rate, the service exchanges for virtual currency;
  • the account holder makes the necessary transaction (transfers funds to an individual, buys a product, etc.);
  • the counterparty receives electronic currency;
  • the system buys its internal money back, giving traditional money in return.

After exchanging real money for digital money for the amount received, the issuer has obligations to the user. EPS guarantees that upon request of the participant, virtual currency will be exchanged for real money.

For the use of digital cash to be possible, the recipient organization must accept payment in virtual currency.

Often transactions go through intermediaries.


The owner of the wallet makes a request to transfer virtual money to a bank card. The operation takes place through an intermediary - an organization that accepts digital money, exchanges it for traditional money and transfers it to the specified details.

As a result, the client’s account receives an amount in the required currency, for example, rubles or dollars.

Transactions are carried out similarly in favor of companies that do not accept virtual money. Sometimes the role of intermediary is performed by the EPS itself.

3. How do electronic payment systems make money?

The main income comes from transaction fees. For example, Webmoney, one of the leaders in the digital cash market, retains 0.8% from each user transaction. The tariff applies to both external transfers and actions between the accounts of one user.

EPS receive additional income from:

  1. User certifications. There are wallets with different capabilities. To perform an expanded set of actions or transfer more money, you need to undergo certification - provide passport details, confirm your phone number, meet with a company representative for personal identification. There is often a fee for the service.
  2. Using terminals. You can top up your wallet in different ways, a payment terminal or a partner ATM is one of them. There is a fee for the transaction. For example, the Yandex.Money service, depending on the selected terminal, withholds from 0% to 19% for one replenishment.
  3. Using your own cards. To simplify the deposit and withdrawal of money, EPS issue cards, the maintenance and support of which costs money. A fee is charged for issuing, cash withdrawal, SMS notification and other operations.

The list is incomplete. In addition to the above, there are many other ways to earn money - fees for confirming transactions, commissions from partner organizations, providing intermediary services, etc.

4. Advantages and disadvantages

Electronic transactions are beneficial both to the EPS itself and to its corporate partners. The issuer of the virtual currency receives a commission for the transaction, and merchants do not have to spend money on collection and storage of cash.

The user receives from such calculations:

  • convenience - operations are carried out from home or another place with Internet access;
  • reliability - subject to the safety rules for using the wallet, the service ensures the protection of information and the safety of funds;
  • unlimited use - digital cash has no expiration date and does not expire;
  • free support - there is no fee for servicing the wallet;
  • high speed of payments - many transactions are carried out almost instantly, delays are possible when intermediaries are involved;
  • transparency - all transactions are recorded, the history of electronic payments can be requested at any time.

But in addition to its advantages, EPS also has disadvantages:

  • the need to confirm your identity - to fully use your account you will need to provide personal data and documents;
  • restrictions on use - not all companies and trade organizations accept virtual money, although their list is growing;
  • commissions - some mandatory fees are significant, which is especially noticeable for large amounts;
  • difficulties with recovery - if you lose your password, it will be difficult to resume work due to increased security requirements; you will need to provide a lot of information confirming your identity.

Each user will find significant advantages and significant disadvantages. For example, for me the commission for withdrawing funds from Webmoney to a card is too high. Because of this, I try to minimize the use of virtual money.

Watch the video to find out an independent expert opinion about the features and prospects of digital cash:

5. What types of EPS are there?

There are several types of electronic payment systems. They can be divided by transaction participants, by transaction amount, by payment terms, by currency, etc.

More often than others, classification is used based on the moment money is entered into the system. According to it, credit and debit types of EPS are distinguished.


For payments between participants in such services, credit cards with additional protection are used - message encryption and digital signature. To carry out the transaction, it is necessary to confirm the creditworthiness and compliance of the provided payment information with reality.

The main feature of such transactions is that first a contract is concluded, and then payment or money transfer is made.

Credit EPS include First Virtual, Open Market, CyberCash, CheckFree and others.


Almost all international electronic payment systems are debit. The principle of their operation is that transfers and payment transactions are available to the user strictly after replenishing the account.

Some debit EPS do not use digital cash, but electronic checks.

The principle of their operation is as follows:

  1. The sender of the payment issues a check and endorses it with a virtual signature.
  2. The document is transferred to the recipient through the arbitration system.
  3. The service checks the receipt.
  4. If no violations are found, then payment is accepted.
  5. Funds from the account of the user who issued the check are transferred to the recipient.

Digital checks use a limited number of systems - NetCash, NetChex, NetCheque and some others.

6. TOP 5 electronic payment systems in Russia

Not all world EPS are known or used in Russia. This is due both to difficulties with replenishing and withdrawing funds, and to restrictions in application.


Considered the market leader. The development of the company began in 1998. During this time, more than 36 million people joined Webmoney.

The account owner has the right to open an unlimited number of wallets in virtual analogues of various currencies, including Bitcoin and gold. All accounts are combined into a kind of Keeper storage, each one is assigned an individual WMID number.

All transactions are instant and irrevocable. The commission for any transaction is 0.8%. To work, you must provide personal data and confirm it. There are several types of certificates. The higher the account status, the more opportunities the user has.

Yandex money

A commercial non-banking organization licensed by the Central Bank.

The user is asked to open one of three possible wallets - anonymous, personal or identified. The status affects the maximum possible balance on the electronic account and limits on transfers.

NPO Yandex.Money has its own card for paying and withdrawing cash, linked to the wallet. Cost for 3 years - 200 rubles.


International EPS unites more than 200 million users. PayPal allows you to pay for purchases online and make transfers both domestically and internationally. You can open both a personal and corporate account.

The main advantage of the service is that domestic transfers for private clients will be free when funds are debited from a PayPal wallet. There is also no commission for paying for services.

If the transfer is made using funds on a linked card, the commission will be 3.4% + 10 rubles for each transaction.


Offers simplified registration - to create a wallet, just indicate your mobile phone number. When opening an account, the Qiwi service will assign the client a Minimum status, which, after passing the certification, will be replaced with Basic or Professional.

Through the service you can pay for services or transfer money. For ease of use, the client is invited to issue a free card associated with the funds in the wallet.


The service offers to transfer funds to more than 200 countries in dozens of ways. At the time of writing (March 2018), there are 157 online exchangers listed on the Payeer website.

It is possible to issue a free card and withdraw funds to it without commission.

To understand which service is more profitable to use for withdrawing funds to bank accounts and cards, the commission data is summarized in the table:

Service nameCommission for withdrawal to cardCommission for withdrawal to account
1 Webmoney2.5% + 40 rubles or 2% if the service finds a counter application from another participantDepends on suggestions from other participants, on average 2%
2 Yandex money3% + 45 rubles3% + 45 rubles
3 PayPalFree if you use funds from your wallet
4 Qiwi2% + 50 rubles2% + 15 rubles
5 PayeerFrom 0% to 5%From 0% to 5%

7. Conclusion

Now, knowing the basic information about EPS, you can easily choose the one that suits your needs.

The main thing is to ensure the safety of using the service. Use complex passwords and do not share personal information with anyone. When working at the computer from which you access your virtual account, do not visit dubious sites or follow suspicious links.

