|
|||||
|
Home |
|
|
||
|
General Questions
1.0 What is ePocket electronic cash? Bank Security
2.0 Since the bank records the cash I withdraw from my account, how are my ePocket payment transactions kept
private? Merchant Security
3.0 Can I make a payment to a merchant anonymously? General ePocket cash is money in the form digital coins. These coins are stored on your computer or mobile device in your ePocket wallet. Like everything else stored on your computer, ePocket cash is just another type of data, but for security reasons, ePocket coins are encoded using advanced encryption in a way that for all practical purposes makes them impossible to forge, steal, or duplicate. ePocket cash can be used to make payments in ways that are quite similar to using physical cash. You make payments with ePocket cash to someoneby simply sending them some coins. You can do this using email, for example. You can also pay participating online merchants with ePocket cash. If their online shop supports automatic ePocket payments, the checkout page will provide you with an Epocket payment option, in addition to the usual card payments. When you choose to pay by ePocket, the merchant's web site will automatically communicate with your ePocket wallet, behind the scenes, and request payment from your wallet. Assuming you approve the payment to the wallet, the ePocket wallet software app will send some coins to the merchant, totaling the amount of the payment. The merchant's website will then verify that the received coins are valid, and if everything checks out, will initiate order fulfillment. The merchant website will also send a message to your wallet with the order payment details, and a digital receipt. 1.1 How do I link my computer to my bank account? You typically do this on your participating bank's online banking web site. A special ePocket setup web page allows you to download the ePocket wallet for installation on your computer or mobile device. Once you have installed your wallet, you can then test your connection to the bank. Assuming that works, then you can choose which bank accounts that you can link to your ePocket wallet. When the website and the wallet both show that the link is established, you can initiate a withdrawal from a linked bank account into the wallet. You can initiate the withdrawal from either the wallet, or from the banks web page. When the withdrawal process completes, you will see that your bank account balance has been debited and the balance in your wallet has been increased, by the amount of the withdrawal. The withdrawal process normally takes place in just a few seconds. When you connect your wallet to your bank, the wallet software sets up a highly secure encrypted link to the bank's ePocket mint server. This link ensures that all data transmsitted between your wallet and the bank's server is protected from access by everyone else. When you set up your ePocket wallet, you will also be asked to register a chosen password with your wallet, that is at least as strong as would be needed for accessing your web banking. In addition, you will be asked a number of security questions, which when answered correcly, will enable you to recover your password. You will also be given a special high security access key password which is needed to recover your unspent cash if you need to replace your wallet. Your access key must be printed and kept a safe place, or saved to a file or USB key, preferably somewhere not on your computer. 1.2 What protects the cash stored on my computer?
The cash stored on your computer is encrypted, using high-strength financial cryptographic techniques.
Encrypted data can only be unencrypted with the proper keys. The ePocket wallet stores your keys, which are themselves encrypted,
either on your hard drive, on a usb stick, or on a cloud virtual drive, and are accessible only via your password.
1.3 What if I forget my password? The ePocket wallet enables you to choose and set a new password by first correctly answering the several security questions you would have chosen during wallet set up. The answers to these questions, like all other ePocket data, are stored in encrypted form, so there is no risk of anyone hacking the answers.
If you forget your password and you also forget the
correct answers to your security questions, then you will not be
able to access your ePocket wallet. Under such circumstances,
or if you are migrating your wallet to a new computer or mobile device,
you will need to reinstall the wallet, and enter the recovery key that you previously put in a safe place.
With the recovery key, any value that was previously stored in your wallet will be restored.
The restore process can take from a few seconds, to several minutes, depending on your previous payment activity.
1.4 Can I make multiple copies of my wallet and wallet data, and spend my ePocket cash for than once?
That would be fun. However, that would not be a very secure system, and thus, there are several
cryptographic techniques that prevent your ePocket cash from being spent more than once. Your bank's mint server
keeps track of every single coin that has been spent, and makes sure that no coins can ever be spent more than once.
1.5 If ePocket cash is stored as data in my computer or mobile device, how does the system prevent hackers from forging their own coins and spending them just like those that came from my bank? Coins are encoded using really really big numbers. ePocket coins use numbers that are over 100 digits long. The interesting thing about really big numbers, is that they are really hard to guess, even with supercomputers. For example, an 80-digit number is big enough to represent every single atom in the so-called "observable" universe, so guessing and picking just the right one would be fairly time consuming. After a few billion years or so, and paying for more electricity than has ever been generated by mankind, you might hit on a winner, and steal a few pennies worth of coins. Have fun! 1.6 If my computer or mobile device is lost or destroyed, what happens to the cash in my ePocket wallet? As long as you have saved a copy of your recovery key, and remember the answers to your recovery questions, you won't lose any money. If you have lost your recovery key, and also can't remember your secret answers either, then its about the same as losing your "real world" wallet. The cash will be gone. So, its a good idea to manage your backups properly, and, like with your real world wallet, keep just enough cash in your wallet for planned transactions. 1.7 If someone steals my computer, will the thief get any of my money?
The cash stored in your computer can only be spent by you, using
your ePocket software, to which access is password protected.
No one can use the ePocket software on your
computer without your password. The ePocket wallet
ensures that you choose a password that is sufficiently long and
difficult to guess.It also detects and prevents repetitive
and automated guessing, and introduces increasingly long delays between attempts.
You can also set options in the wallet to limit the number of failed attempts.
1.8 How is my cash protected when I send it it to a friend by email, or with my favorite file sharing program?
When you want to send some cash to a friend, you can use ePocket wallet
to store coins in a ".ecash" file, which you can then send any way you like.
Bank Security 2.0 Since the bank records the amount of ePocket cash I withdraw from my account, how are all my payments kept private from my bank?
Your bank does not normally keep track of individual payments made from your ePocket wallet
because the coins are anonymous, just like cash. Nothing contained in a coin's data relates to your identity.
The ePocket wallet itself tracks your payments, as well as the amounts
that you withdraw or deposit to your bank.
2.1 How is the ePocket data protected at my bank?
The only ePocket-related data that your bank keeps that pertains to you is your wallet to account
linkage data, and your history of withdrawals and deposits to and from your wallet. This data is treated as sensitive data, and is fully
protected from unauthorized access.
Merchant Payments 3.0 Can I make a payment to a merchant anonymously?
Yes. When you use ePocket to pay a merchant, it is similar to using physical cash.
You send the cash to the merchant, and the merchant validates and deposits it.
Just like physical cash, ePocket cash payments do not disclose your identity.
3.1 How can I tell if the merchant whose web site I am buying from is a real merchant, and is not an imposter? Only merchants that have been approved by the ePocket Association may accept ePocket payments. Approved merchants are assigned an X.509 digital certificate, which is used to prove their identity. This merchnant certificate, which is traceable back to root certificates by a well-known certificate authority, is automatically checked by the ePocket wallet software before a payment is made. The ePocket wallet keeps copies of all merchant certificates and allows you to view the contents of the certificate, and the validation chain back to the root certificate authority. If a merchant's certificate is expired, for example, (which does happen occasionally) you are provided with a warning, but you are also provided with the option of proceeding with a payment, at your own risk of course. In this case, your payment transaction history will show the merchant ID as "unverified". 3.2 What if someone tries to intercept the ePocket cash when I am sending it to a merchant?
Ultimately, only the original issuer of the ePocket coins can verify
the validity of the coins. For this reason, the coin data is first encrypted
using the banks public key, so that only your issuing bank will be able to
examine and verify the coins. Also, when you send coins to a particular merchant, the coin
data payload is further encrypted for the merchant, so that only the merchant's ePocket payment
processing system will be able to make any use of your payment.
3.3 What if I make a payment to a merchant but they do not send a receipt?
The ePocket system rules require that the merchant's system provide digitally signed receipts as proof of payment.
In the rare situation, where your Internet link to the merchant is interrupted,
and the delivery of the receipt back to your wallet fails, then you can use the wallet to retry getting
the recipt from the merchant. These payment proof verifications can be set up to be done
automatically several times.
3.4 When I make a payment to a merchant, how does the system ensure that the merchant only receives the invoiced amount from me?
When you order from a merchant, the merchant web site sends your ePocktet wallet a digital
invoice, containing the requested payment amount, and other transaction details. This invoice is
stored in your wallet transaction history, and can be displayed.
3.5 Some merchants may ask for credentials when I make a payment. How will this affect my privacy? In order to purchase certain types of products or services online, a merchant may ask you to provide certain personal information. A merchant's website might try and determine your physical location, by using yor IP address, for instance. In mobile applications, the website might try and obtain your GPS coordinates from your smartphone. These are personal privacy issues that are not just related to payments, and it is up to you to manage what information gets exposed to a merchant. Unlike credit card payments, the ePocket system does not need personal credentials, such as address verfication for example, to work. However, the ePocket system also has mechanisms so that you can use provide credentials verifiable at a trusted credential authority. You can set up your wallet with your credentials, which can be transmitted with your payment, if the merchant site requires them, and you explicitly consent to their use. |
|
||||
 |
|||||
