Payment Systems for ECommerce

1
Chapter 12

• Payment Systems for E-Commerce

2
Electronic Payment Systems

• Electronic commerce involves the exchange of some
  form of money for goods and services.
• Implementation of electronic payment systems is
  in its infancy and still evolving.
• Electronic payments are far cheaper than the
  traditional method of mailing out paper invoices
  and then processing payments received.
• Merchants today want innovative payment solutions
  giving them higher cost savings and increased
  fraud protection for both online and offline
  transactions.
• Consumers want secure and convenient payment
  solutions that can be used both online and
  offline.

3
Concerns for electronic payments

• Concerns about electronic payment methods
  include
• Privacy
• SecurityThis,together with privacy, make up the
  most important issues.
• Independence unrelated to any network or storage
  device
• Portability freely transferable between any 2
  parties
• Convenience

4
Electronic Payment Systems

• Estimates of the cost of billing one person vary
  between 1 and 1.50.
• Sending bills and receiving payments over the
  Internet promises to drop the transaction cost to
  an average of 50 cents per bill.
• Today, three basic ways to pay for purchases
  dominate B2C commerce, accounting for more than
  90 of all consumer payments in the U.S.
• Cash (includes money order)
• Checks
• Credit card debit card (the most popular option)

5
E-Commerce Payment System
Payment methods of U.S. consumer transactions,
2003
Due to lack of trust, some people give their
credit card number over the telephone after
placing an order electronically.
6
Limitations of Traditional Payment Instruments

• Using non-electronic payment means for e-commerce
  transactions has the following limitations
• There is a delay in the payment process to allow
  verification and authorization of the instrument
  used (e.g. check).
• There is a risk that the money will be lost (e.g.
  postal fault).
• The cost of processing is too high for
  micro-payments.

7
Technologies for e-payment systems

• 5 technologies will be discussed in this chapter
• Credit and debit cards
• Electronic cash
• Electronic checks
• Software wallets
• Smart cards

8
Debit Cards, Credit Cards and Charge Cards

• A credit card, such as a Visa or a MasterCard,
  has a preset spending limit based on the users
  credit limit.
• A charge card, such as one from American Express,
  carries no preset spending limit.
• A debit card removes the amount of the charge
  from the cardholders account and transfers it to
  the sellers bank.
• The collective term payment card refers to
  credit cards, debit cards, and charge cards.

9
Advantages of Payment Cards

• Payment cards provide fraud protection.
• Merchants can authenticate and authorize
  purchases using a payment card processing network
  (even for card not present situations).
• Cardholders are protected if the card is used
  fraudulently (A consumer is protected by a 30-day
  period during which he or she can dispute any
  online payments). The cardholders liability is
  limited to 50 in this case.
• Credit card fraud
• On the web 1.3
• In physical stores 0.7
• PayPal below 0.5
• They have worldwide acceptance, with currency
  conversion handled by the card issuer.

10
Advantages of Payment Cards (cont.)

• They are good for online transactions.
• Very convenient to use without the need for
  additional hardware or software by the consumer.
• Merchants already accept card in a
  brick-and-mortar store can immediately accept
  credit card payment online because they already
  have a merchant account with an acquiring bank.

11
Disadvantages of Payment Cards

• Payment card service companies charge merchants
  per-transaction fees and monthly processing fees.
• Cardholders might need to pay an annual fee for
  the credit card.
• An additional charge might be levied on the
  cardholders in case currency conversion is
  needed.
• Acquiring banks are reluctant to accept
  responsibility for Cardholder not present
  transactions (chargeback cases). Under UK law,
  the risk of these transactions is taken by the
  merchant.

12
Disadvantages of Payment Cards (cont.)

• Merchants need to be responsible for credit card
  fraud, if
• they did not get an authorization
• they did not obtain the cardholders signature,
  or electronic imprint of the card
• Refer to Q.12 13 of http//www.internetsecure.co
  m/faq.html204

13
Phases Involved for A credit card sale

• A credit card sale consists of three phases
• authorization getting approval from issuing
  bank about the validity of the card and the
  permission to charge the appropriate amount.
• capturing the transaction or clearance merchant
  submits all the credit card transaction data
  electronically to the acquiring bank, usually as
  an overnight function. The acquiring bank then
  credits the merchants account, and sends the
  transaction data to the credit card company, who,
  in turn, delivers them to the issuing bank, who
  adds the charges to the customers account.
• Clearance can be done only after the merchant
  has shipped the goods or delivers services.

14
Phases Involved for A credit card sale (cont.)

• settlement acquiring bank receives money from
  the issuing bank and deposits the money into the
  merchants account. Once the customer pays the
  issuing bank, the cycle is complete.

15
Payment Acceptance and Processing

• An acquirer (or acquiring bank) is a bank or a
  financial institution that establishes a merchant
  account with merchants who want to accept payment
  cards, and processes their payment card
  authorizations and payments.
• To ensure that sufficient funds are available to
  cover chargebacks, a merchant bank might require
  a company to maintain funds on deposit in the
  merchant account.
• A seller without a merchant account can still
  open an e-commerce site to accept credit card
  payments with an online escrow service.
• Software packaged with your electronic commerce
  software can handle payment card processing
  automatically. It allows for connection to both
  credit card and banking networks.

16
Internet-based credit card process flow
Merchants storefront application
Customers PC
Ordering application (e.g. electronic wallet)
Payment gateway
Merchants POS application
Financial network
Encryption of credit card information is usually
handled by SSL.
Card issuer
Acquirer
17
Payment Acceptance and Processing
Holds account information of customer.
Holds account information of merchant.
18
Options for Payment Acceptance and Processing

• Option1 Insecure credit card details manual
  processing
• Advantage simple to implement, no extra work
  needed for a brick-and-mortar store
• Disadvantage no security, merchants can access
  credit card information, no automation
• Option 2 Use of server-side encryption key to
  secure the link
• Advantage information no longer visible in the
  Internet, customers have greater confidence in
  the merchant because of the use of digital
  certificate
• Disadvantage merchants can access credit card
  information, no automation

19
Options for Payment Acceptance and Processing
(cont.)

• Option 3 Use of an automated card gateway
• Advantage Automation - credit card details are
  extracted from server application and entered
  into the acquiring banks network. Amount within
  floor limit defined by acquiring bank,
  merchants can authorize themselves by scanning a
  hot list of stolen cards without connecting to
  the bank.
• Disadvantage merchant might still retain the
  card information for some time.
• For demo, visit http//www.internetsecure.com/tran
  saction.html http//www.authorizenet.com/solutions
  /connectionMethod.php (offers solutions for both
  options 2 and 3)

20
Electronic Cash

• Electronic cash, also called e-cash or digital
  cash.
• Electronic cash is a general term that describes
  the attempts of several companies to create a
  value storage and exchange system that operates
  online in much the same way that
  government-issued currency operates in the
  physical world.
• Use electronic messages to act as cash tokens.
  The customer withdraws money from a bank account
  and the bank supplies messages signed with the
  banks private key which represent electronic
  coins.
• Electronic cash distribution and payment can be
  handled by wallets, smart cards, or proprietary,
  limited-use scrip (similar to gift certificates)
  - e.g. Beenz already ceased operation by August
  2000.

21
Attractiveness of E-Cash

• E-cash is attractive in 2 areas
• In micro-payment transactions that are too small
  for credit cards (0.25 - 10) pay-per-view
  areas, excerpts from content such as reports,
  one-day passes to sites that otherwise require
  monthly subscriptions, pay-per-play games.
• In the sales of higher-priced goods and services
  to those without credit cards (due to age or
  minimum income requirements of past debt
  problems, etc.)

22
Characteristics of E-Cash

• Electronic cash should have two important
  characteristics in common with real currency
• It must be possible to spend electronic cash only
  once.
• Electronic cash ought to be anonymous.
• The most important characteristic of cash is
  convenience.
• If electronic cash requires special hardware or
  software, it will not be convenient for people to
  use.

23
Holding Electronic Cash Online and Offline Cash

• Two approaches to holding cash online storage
  and offline storage.
• Online cash storage means that an online bank is
  involved in all transfers of electronic cash and
  holds the consumers cash account without the
  consumer personally processing e-cash.
• Advantage helps prevent fraud by confirming that
  the consumers cash is valid.
• Offline cash storage is the virtual equivalent of
  money you keep in your wallet, without any third
  party involvement. However, it must prevent
  double or fraudulent spending.

24
Advantages of Electronic Cash

• Electronic cash transactions are more efficient
  than other methods.
• Transferring e-cash on the Internet costs less
  than processing credit card transactions.
• The distance that an electronic transaction must
  travel does not affect cost, unlike physical
  checks and cash.
• The fixed cost of hardware to handle electronic
  cash is nearly zero.
• Electronic cash does not require that one party
  have any special authorization, as in the case of
  credit card transactions. As a result, anyone can
  use it for almost any kind of transactions, large
  or small.

25
Disadvantages of Electronic Cash

• Electronic cash provides no audit trail.
• Because true electronic cash is not traceable,
  money laundering is a problem.
• Potential tax collection problems.
• Electronic cash is susceptible to forgery and
  double spending abuses, although it is much more
  difficult to forge electronic cash than it is to
  use a fraudulently obtained credit card number.
• Double spending occurs because of delays in a
  merchant presenting the cash for deposit.
• The electronic cash must be protected from both
  theft and alteration.

26
Disadvantages of Electronic Cash

• So far, electronic cash is a commercial flop.
• Merchant acceptance is slow and too many e-cash
  standards from different vendors.
• No standards were ever developed for the entire
  e-cash system.
• Customers are faced with an array of proprietary
  e-cash alternatives none of which are
  interoperable.

27
How Electronic Cash Works

• To make use of electronic bank notes, both the
  customer and merchant establish E-cash accounts
  at the issuing bank.
• To establish electronic cash, a consumer goes in
  person to open an account with a bank, which
  provides special software for their PCs.
• The consumer uses a digital certificate to access
  the bank through the Internet to make a purchase
  or obtain e-cash, the amount of which is deducted
  from consumers account.
• The e-cash is identified by serial number and
  endorsed with a digital signature of the issuing
  bank.

28
How Electronic Cash Works (cont.)

• The bank uses a different signature key for each
  coin denomination (a one-cent signature, a 5-cent
  signature, a 10-cent signature, )
• Customers then inquire whether the money is
  available by using the banks public key.
• Consumers store the e-cash in an electronic
  wallet in his computers hard disk, or on a smart
  card.
• Consumers can spend their electronic cash at
  sites that accept electronic cash for payment.
• Merchants use the banks public keys to verify
  the e-cash.

29
How Electronic Cash Works (cont.)

• Merchants then present the e-cash to the issuing
  bank for deposit after the goods/services are
  shipped (that is why double spending might
  happen).
• The issuing bank keeps an online database of all
  spent serial numbers and compares it with notes
  presented for payment.
• The match must not exist before the bank accepts
  the notes for payment.
• The expires property of e-coins ensures that the
  serial numbers of coins that have expired can be
  removed, making the database a manageable size.
• The customers wallet software will be
  responsible for ensuring that the e-cash is
  returned to the bank before they are expired.

30
Providing Security for E- Cash

• To prevent double spending, the main security
  feature is the threat of prosecution.
• Complex cryptographic algorithms are the keys to
  creating tamperproof e-cash that can be traced
  back to its origins.
• A complicated two-part lock provides anonymous
  security that also signals when someone is
  attempting to double spend cash.

31
Providing Security for E-cash (cont.)

• Identity of original e-cash holder is revealed
  only when double spend occurs.
• Double spending can neither be detected nor
  prevented with truly anonymous e-cash.
• Forgery and alteration is prevented by verifying
  the attached digital signatures of issuing banks.
  

32
E-cash example Clickshare

• Clickshare is an electronic cash system aimed at
  magazine and newspaper publishers (visit solution
  of http//www.clickshare.com/) .
• Also popular for purchasing information, music,
  video, software, and other items simply and
  securely, across the Internet.
• Users with an ISP that supports Clickshare are
  automatically registered with Clickshare.
• Or, users can open an account with a Clickshare
  membership service provider (cable, bank, card
  issuer), and make single-click purchases
  throughout the web without having to use a credit
  card or pass around private information.
• Clickshare keeps track of transactions and bills
  the users ISP, or membership service provider,
  who then bills the user for his/her
  purchases.

33
E-cash example InternetCash

• InternetCash (http//www.internetcash.com/)
  provides electronic currency that is very similar
  to traditional cash.
• Customers must first purchase an InternetCash
  card from stores.
• Customers then go online and activate their cards
  by entering a 20-digit code and creating a PIN.
  No personal information is required from the
  consumer.
• After their card is activated, customers can pay
  for purchases using the InternetCash card at any
  site that accepts it, with anonymity.

34
E-cash example InternetCash

• InternetCashs centralized database maintains the
  account of all activated cards.
• Hence, customers do not have to worry which
  client computer they are using to make InterCash
  purchase.
• For each purchase, money is transferred to the
  merchants account by deducting the value from
  the card.
• InternetCash makes money by subtracting a
  transaction fee before remitting customer
  payments to merchant.
• InternetCash provides a convenient online
  purchase solution for teens and others who do not
  have access to credit cards.

35
E-cash example InternetCash
36
E-cash example eCoin.Net

• Consumers use the electronic tokens called ECoins
  to pay for online goods.
• The electronic cash is stored in an eCoin wallet
  on the consumers computer, as a plug-in to
  his/her web browser.
• The eCoin system uses a three-link chain
  consisting of a consumer, a merchant, and the
  eCoin server, which acts as a broker to maintain
  and update consumers and merchant accounts.
• eCoin system employs security features that
  prevent double spending.
• Consumers are anonymous to merchants but not to
  eCoin server.
• Out of service since January 2003.

37
Electronic Checks (e-checks)

• E-checks are similar to regular checks.
• Includes names of payer and payee, the check
  amount, the name of the paying bank, the account
  number of the payer, a number that identifies the
  check, and an encrypted signature that can be
  verified.
• When the electronic check is offered, the payer
  signs it digitally. The payee also signs it
  digitally before it is deposited.
• They are secured by public-key cryptography and
  are suitable for some micro-payments.

38
How e-checks work?

• Customer establishes a checking account with a
  bank or other financial institution.
• Customer contacts a seller, buys a product or a
  service, and emails an encrypted e-check.
• Merchant deposits the check in his account money
  is debited in the buyers account and credited to
  the sellers account.
• Special software is needed for both the clients
  and the merchants.

39
Examples of E-checks

• NetCheque (http//www.isi.edu/gost/info/netcheque/
  )
• a research prototype not offered as a commercial
  service yet
• Intell-A-Check (www.icheck.com)
• uses the checking account information given by
  your customer on your Web site to create a check
  or automated clearing house transfer that can be
  deposited immediately into your bank account and
  immediately credited against a customers
  account. Works in the U.S., only with Microsoft
  Site Server 3.0

40
CheckFree

• E-checks used by use-based companies for periodic
  bills this service allows clients direct
  electronic transfers from their bank to a
  merchant. Once the consumers payment
  authorization is received, an Electronic Funds
  Transfer (EFT) request is submitted to debit the
  consumers checking account through the existing
  bank system.
• CheckFree (www.checkfree.com), the largest online
  bill processor in the world, provides online
  payment processing services to both large
  corporations and individual Internet users.
• CheckFree permits users to pay all their bills
  with online electronic checks.
• CheckFree provides part of the technology that
  the Web portal Yahoo! uses to provide its Yahoo!
  Bill Pay service (http//finance.yahoo.com/bp).
  

41
Electronic Wallets

• An electronic wallet serves a function similar to
  a physical wallet it
• holds credit cards, electronic cash, owner
  identification, and owner contact information
• provides owner contact information at an
  electronic commerce sites checkout counter
• Some electronic wallets contain an address book.
• Electronic wallets also solve the problem of
  providing a secure storage space for electronic
  cash and credit card data.
• Electronic wallets make shopping more efficient,
  without the need to fill in the same information
  for each online shopping.

42
Electronic Wallets (cont.)

• Electronic wallets store shipping and billing
  information, including a consumers first and
  last names, street address, city, state, country,
  and zip or postal code.
• Electronic wallets automatically enter required
  information into checkout forms.
• Two survivors in the e-wallet arena are Microsoft
  .NET passport and Yahoo!Wallet.

43
Electronic Wallets (cont.)

• Electronic wallets fall into two categories based
  on where they are stored
• Server-side electronic wallet
• Disadvantage a security breach could reveal
  thousands of users personal information.
• Client-side electronic wallet
• Personal wallets store user profile information
  locally on the users information appliance in an
  encrypted file which is password protected.
• Disadvantage every computer used to make online
  shopping has to download and install the wallet
  software, that is, it is not portable.

44
Smart Card

• Electronic money is not restricted to the
  Internet-based payment systems. Off-line
  electronic payment as through smart cards is also
  possible.
• A smart card is a plastic card with an embedded
  microchip containing information about you.
• A smart card can store about 100 times the amount
  of information that a magnetic strip plastic card
  can store.
• A smart card contains private user information,
  such as financial facts, private encryption keys,
  account information, credit card numbers, health
  insurance information, etc. in encrypted form.

45
Smart Card

• Conventional credit cards show account number on
  the face of the card and signature on the back.
• The card number and a gorged signature are all
  that a thief needs to purchase items and charge
  them against the card.
• With smart card, credit theft is much more
  difficult because the key to unlock the encrypted
  information is a PIN.

46
Mondex Smart Card

• Mondex was invented in 1990 and is now part of
  MasterCard International.
• Mondex is a smart card that holds and dispenses
  electronic cash.
• Mondex requires special equipment, such as a
  card reader, to process.
• Containing a microcomputer chip, Mondex cards can
  accept electronic cash directly from a users
  bank account.
• Funds are transferred immediately from the card
  to the terminal with no need for signatures or
  authorization.

47
Mondex Smart Card
48
Advantages of Mondex Smart Card

• Mondex is easy and convenient to use.
• It accommodates micro-payments, such as vending
  machines, and it will work both in the online
  world of the Internet and the off-line world of
  ordinary merchant stores.

49
Disadvantges of Mondex Smart Card

• Mondex represents a real cash deduction from a
  users account, a process time float or
  interest free period is not available to the
  user.
• The user bears the loss in the case of theft or
  abuse because of the real-cash nature of Mondex,
  unlike most credit cards where the financial
  institution sponsoring the card assumes the risk.

50
PayPal

• PayPal, founded in 1999, operates a service that
  lets people exchange money over the Internet.
• The most-used payment system for clearing auction
  transactions on eBay.
• Its system relies on software that searches
  millions of transactions as they occur everyday
  and looks for patterns that might indicate fraud.
• As long as PayPay can keep its fraud rate low, it
  can continue to charge lower transaction fees
  than its competitors and still make a profit.
• eBay spent 3 years to establish its own payments
  service that could compete effectively with
  PayPal. In 2002, eBay finally gave up and bought
  PayPal for 1.4 billion.

51
PayPal

• Payments using a third party more secure method
  since the credit card details are not transmitted
  over the Internet.
• PayPal.com is a free service that earns a profit
  on the float, which is money that is deposited in
  PayPal account and not used immediately.
• The free payment clearing service that PayPal
  provides to individuals is called a peer-to-peer
  payment system.
• A transaction fee is charged to businesses that
  use the service to collect payments.
• PayPal allows customers to send money instantly
  and securely to anyone with an e-mail address,
  including an online merchant.

52
PayPal (cont.)

• Anyone with a PayPal account can withdraw cash
  from their PayPal accounts at any time by
  requesting PayPal to send them a check or make a
  direct deposit to their checkings accounts.
• Merchants and customers must first register for a
  PayPal account and add money to their PayPal
  accounts by sending check or using a credit card.
• A convenient way for auction bidders to pay for
  their purchases. Customers can use PayPal to pay
  sellers not having a PayPal account.
• PayPal will send an email to the seller
  indicating a payment is waiting at the PayPal
  site. The money will then be sent to the seller
  through a check or a deposit into the sellers
  checking account as indicated by the seller in
  the registration process.

53
PayPal (cont.)

• Why anyone with a credit card would want to use
  an electronic payment system, such as PayPal, for
  an Internet transaction?
• More secure because it is not necessary to send
  credit card information to merchants
• Less expensive to use since various bank
  transaction fees could be avoided
• No minimum purchase requirement, which is often
  invoked for credit card purchases
• Transaction could not be traced as it can be with
  a credit card
• A potential market niche might be for the
  consumer who regularly buys items costing under
  10