What Is Electronic Payment Methods
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View What Is Electronic Payment Methods as PDF for free.
More details
- Words: 3,919
- Pages: 10
introduction the purpose of this document is to provide a brief background to the rapid emergence of methods which use electronic means to transfer value, or to facilitate the transfer of value. some of these are operational (e.g. eft/pos, f-edi and stored-value cards), whereas others are in trial or on the drawing boards (e.g. electronic cash, especially of the 'milli-cent' variety). receiving electronic payments incurs extra costs. when you pay for a good or service in a shop using a credit or debit card the retailer must pay a commission to the financial institution processing the card details; additionally there will be operating costs for the system used to process the cards. these systems are often costly, challenging to implement and sometimes technically difficult to understand. these hurdles represent a ‘barrier to entry’ , which, if overcome, can give you the competitive edge. electronic business is real and continues to grow as a medium with over 44% of uk adults having used the internet to order tickets, goods or services (office of national statistics, 2002). this website and its diagnostic tool give you impartial and informed information to make the right choices for your business and help push your revenues and the uk economy forward in the digital age.
conventional payment mechanisms value has been conventionally transferred using a variety of techniques, including: •cash •notes, which were until this century issued in many cases by banks, but during this century largely by national governments; •coins; and •unofficial tokens accepted as having value, e.g. sweets for small change in italy in the 1960s and 1970s, when the intrinsic value of the metals in the coins exceeded their face value; •documents •bills of exchange; •cheques drawn on a bank; •money orders written by an accepted authority such as a national post office; •letters of credit; prashant sharma : [email protected]
1
•payment card vouchers. these mechanisms have various characteristics, such as the extent to which the parties are identified, the traceability of the transaction, and the taxability of the transaction. the reason that so many mechanisms exist is that there are many different circumstances in which value is exchanged, and each of the mechanisms has niche-markets in which it is perceived by at least some parties to have advantages.
electronic payment methods introdution electronic payment methods may be costly and challenging but they will give you the competitive edge. different payment systems include traditional card payments, mail order, online payments, and payment bureaus, secure order forms, bacs alternative payment options and no payment option. receiving electronic payments incurs extra costs. when you pay for a good or service in a shop using a credit or debit card the retailer must pay a commission to the financial institution processing the card details; additionally there will be operating costs for the system used to process the cards. these systems are often costly, challenging to implement and sometimes technically difficult to understand. these hurdles represent a ‘barrier to entry’, which, if overcome, can give you the competitive edge. there are several approaches to taking electronic payments. all of these types of payment systems can be compared by trying the electronic payments comparison tool. some of them can co-exist with others and some are mutually exclusive. in this section we will discuss: •traditional card payments •mail-order •online payments •acquiring banks •payment bureaus •secure order forms •bacs •alternative payment options
prashant sharma : [email protected]
2
•no payment option electronic payment systems one of the main requirements in e-commerce is the ability to accept a form of electronic payment. this form of electronic payment is referred to as financial electronic data interchange (fedi). fedi has become increasingly popular over the last number of years due to the widespread use of the internet based shopping and banking. there are dozens, if not hundreds, of electronic payment systems being developed to facilitate secure web transactions. electronic payment systems can be grouped into four basic categories, as follows: •
session level protocols for secure communications
•
credit card and debit cards
•
electronic cash
•
micro payment systems
•
financial cyber-mediaries
to be considered secure, an electronic financial transaction should satisfy the following four requirements: 1. ensuring communications are private 2. verifying that the communications have not been altered in transmission 3. ensuring the server and client are who they claim to be 4. ensuring the information to be transferred was written by the signed author
session level protocols for secure transmission secure socket layer (ssl) one of the earliest internet security protocols, the secure socket layer protocol (ssl) is currently the most popular protocol for the secure transfer of information over the web. ssl is a protocol-independent encryption scheme developed by netscape that provides channel security between the application layer and the transport layer of a network packet. in plain english, this means that encrypted transactions are handled "behind the scenes" by the server and are essentially transparent to the html or cgi author. ssl supports, but does not mandate the use of public key encryption and certification techniques. it is important to note that ssl is not an electronic payment system. ssl is a secure transmission protocol which can be used to provide security not just for payments over the internet but also for other types of server-to-client communications. ssl’s popularity as a secure transmission protocol has allowed it to become the most popular method of conducting financial transactions are over the web. currently there are over 65,000 ssl enabled hosts on the web. there are a number of other session layer
prashant sharma : [email protected]
3
protocols that compete with ssl. however, none of the other protocols have attracted any significant level of use on the web. ssl has achieved such a wide acceptance because it was one of the earliest security protocols, capturing the attention of the early on-line merchants and consumers. ssl also benefits from netscape’s powerful brand recognition as one of the leaders in internet related software. programmers like ssl because it is protocol-independent, allowing for easier development of online commerce applications. ssl also benefits from the fact that many other security protocols are still in testing stage or have yet to gain wide acceptance. however, ssl’s dominance is being challenged by a host of new secure electronic payment systems.
secure credit card / debit payment systems consumers are comfortable using credit cards to make purchases in the physical world. in 1996, over $500 billion worth of goods and services were purchased worldwide using credit cards. currently the bulk of purchases on the web are made using credit cards. not surprisingly, many companies, including mastercard and visa, are rushing to develop secure credit card payment systems for the web. the secure electronic transactions (set) specification one of the major reasons electronic commerce is expected to grow rapidly over the next few years is because of the secure electronic transactions specification. released to the public on may 31st, 1997, set was jointly developed by mastercard and visa with the backing of microsoft, netscape, ibm, gte, saic, terisa systems, and verisign. the stated goal of this consortium is "to develop a single method that consumers and merchants will use to conduct bankcard transactions in cyberspace as securely and easily as they do in retail stores today". mastercard and visa publicly state that they believe creating the set standard will speed the acceptance of commerce on the internet. currently, the bulk of business-to-consumer electronic commerce is conducted by transmitting a credit card number using ssl. set represents a bold attempt to make credit card payment the choice for the future for online payment. technically speaking, set is an open standard, multi-party protocol for conducting secure credit card payments over the internet. the set specification is based on public key cryptography and digital certificates. i it is important to note that set’s development as an open standard, multi-party protocol will facilitate and encourage the interoperability of set across various software and network providers. the graphic below outlines the basic steps involved in a set transaction:
1. an online shopper wishes to make a credit card purchase from a web merchant that supports the set specification. using a browser plug in called an electronic wallet, the customer transmits
prashant sharma : [email protected]
4
encrypted financial information (ie. credit card number) to the merchant, along with his or her digital certificate. 2. the merchant’s server sends the set transaction to a payment gateway where it is decrypted, processed, and verified by a certification authority. 3. the payment gateway then routes the transaction back to the financial institution that issued the credit card for approval.
4. the merchant is advised electronically that the purchase is approved, and the cardholder is debited. the merchant can then ship merchandise knowing that the customer transaction has been approved.
digital cash (also called electronic cash) the term "digital cash" defines a category of electronic payment systems that attempt to replicate the benefits of cash in the off-line world. there are a number of electronic cash protocols. to a degree, all digital cash schemes operate in the following manner: 1. a user installs a "cyberwallet" onto his or her computer. money can be put in the wallet by deciding how much is needed and then sending an encrypted message to the bank asking for this amount to be deducted from the user's account. the bank reads the message (by using its private key to decode the message) and sees that it has been digitally signed (which requires a certificate authority such as verisign) so it knows that the request comes from the individual who authorizes account debits. 2. the bank then generates "serial numbers", encrypts the message, signs it with its digital signature and then sends it back. the user can then take the message, often referred to as a coin or a token, and spend it at merchant sites. 3. merchants receive ecash during a transaction and see that it has been authorized by a bank. they then contact the bank to make sure the coins have not been spent somewhere else, and the amount is credited to the merchant's account. (computer money: a systematic overview of electronic payment systems, andreas furche and graham wrightson, dpunkt: heidelberg, 1996.)
accept credit card payments summary traditional card payments take place offline. offline electronic payments are common and need you to have a merchant service and pdq machine from your acquiring bank. there are ten basic steps to setting up offline payment. most high street stores can take offline electronic payments through their credit and debit card facilities. all banks can process these transactions and some will also process internet based transactions. to take offline electronic payments you usually need to apply for the appropriate facility from your bank. here are some key electronic payment terms to consider: merchant service: this is the generic term for the service provided by banks that allow you to ‘swipe’ credit and debit cards at your place of business. pdq machine: this generic term for the prashant sharma : [email protected]
5
machine that is used to ‘swipe’ a credit or debit card. acquiring bank: once you have ‘swiped’ the card, the customer’s details are passed to an acquiring bank for processing. the acquiring bank checks the details of the card and authorizes the transaction. the acquiring bank is the bank that provides your merchant service. ten steps to setting up offline electronic payment: •
apply to a bank for a merchant service.
•
negotiate the costs.
•
on acceptance, pay the set-up costs.
•
receive and install a pdq machine.
•
‘swipe’ the customer’s card to collect their credit or debit card details.
•
wait while the card details are passed to the acquiring bank <merchant_service.jsp> for approval.
•
ask the customer to sign the sales voucher.
•
verify the signature and process the payment.
•
a transaction charge is automatically paid to the bank.
•
the customer leaves with the goods or service.
for electronic payment in a shop, the customer is present to sign the sales voucher. if the transaction takes place via the phone or the internet, the customer is not present so there is an increased fraud risk. any merchant service (whether offline or online) is provided at the discretion of the financial institution concerned. there are few set rules as to which businesses can and cannot be approved for a merchant service. be prepared to negotiate the product at a price that suits your needs mail order payments by phone, post or fax are more at risk of fraud. acquiring banks ask for more commission to carry out these customer not present transactions.mail order payments involve more risks for banks and financial institutions than transactions where the customer is present at the point of sale. consequently, acquiring banks usually ask for more commission per transaction (perhaps 3.1% instead of 2.79%) and a more detailed agreement on the fraud checks you use. with proper planning, your mail order operation should be able to get a customer not present merchant service from your bank without difficulty. if you already have an offline service negotiate with your bank to avoid paying another set up charge. the bank will approve each application individually but there are other equally valid options available if you cannot get a merchant service .
prashant sharma : [email protected]
6
micropayments credit card and debit card fees charged by the issuing banks range from 1.5-3%, with a typical minimum fee of 20 cents. thus, to preserve margins from being eroded by transaction fees, most vendors in the off and online world require minimum credit card purchases of around $5.00. is there an online market for information, products and services priced below $5.00? you bet your cookie! enter micropayment systems. micropayments are transactions that range from 1/10 of a cent to $10.00 and up, with varying limits being set by the micropayment system developer. under this concept, a consumer can buy one chapter from an online book for $1.00 versus having to pay 10.00 for the entire contents. single articles from the wall street journal online could be bought for 10 cents, freeing the consumer from the obligation of a long term subscription. typically, micropayment systems require the consumer to purchase micropayment currency in bulk either from a broker or the content provider. this bulk purchase is paid for with a credit card and the currency is then stored in a "wallet" which resides in the user’s hard drive, at the mp’s or content provider’s web site. each time a consumer makes a purchase from a content provider, their wallet is debited the appropriate amount of currency. the idea of selling inexpensive products and services opens a world of options for content providers and new realm of flexibility and selection to consumers. however, small transactions demand proportionately small transaction fees. the most promising micropayment systems are designed to meet the goal of minimizing transactions fees first. to varying degrees, each micropayment system addresses the need for transaction security and the anonymity of the consumer.
cybank cybank is an example of an online bank somewhat similar to first virtual but using alternatives to credit card transactions. cybank offers free ccounts and software. users contact cybank merchants and authorize debits to their accounts for merchandise (all with encryption). users can add credit to their account by using a credit card, check, money order, or "phonecash"--which credits your account a specified amount of money that is paid out via your phone bill. a new type of payment method is emerging whereby vendors create their own forms of currency using the model of frequent flyer points. this phenomenon of points conveying value both within the issuer's system of products and for exchange in other vendors' systems is undoubtedly occurring. companies such as netcentives have been created to capitalize on just this opportunity. netcentives aggregates merchants affinity point programs on the net and allows users to use them interchangeably for a variety of merchandise. however, we contend that these point systems are at their heart, essentially loyalty programs. they are very effective at consumer retention and they do use the model of creating a system of value outside of the world of cash, but their underlying premise is that the points were a reward for the use of cash payments to the merchants.
prashant sharma : [email protected]
7
ecash with ecash, the user purchases digital money from an ecash licensed bank (with which she has an existing account) on the internet. the "coins" are then stored on the user’s hard drive. when a user makes a purchase at an ecash enabled site, the system software deducts the coins form her hard drive and forwards them to the vendor. the vendor then sends the coins to the users bank for verification. the vendor then chooses whether to be issued new ecash or to have a deposit made into an ecash account. one major advantage of ecash is that the user can engage in direct person to person transactions. in addition, this system provides complete user anonymity.
virtualpin virtualpin is an email based system that stores a user’s credit card information off-line. user’s register with the service over the phone, so credit card information is never transmitted over the internet. upon receiving the user’s account information, first virtual issues him/her a pin. when making a purchase, a user gives the vendor the pin and the vendor then sends the transaction information to first virtual for approval. first virtual then confirms the purchase with the user via email and then charges the proper amount to the users credit card. this system is very flexible in that it can handle purchases from $1.00 on up. however, the entire process can be slow and transaction costs are relatively high (thus, the unusually high "micropayment" minimum).
cybercoin users download the cybercoin wallet and register it with a cybercoin participating financial institution (bank or credit card company). users buy the cybercoins in bulk using a credit card or their existing checking account. the cybercoin enabled bank stores the account balance and transfers all the real money within the established banking network. the wallet is simply a legal record of who the owner is and what exists in his or her account. cybercoin acts as the middleman, taking a transaction fee from both the merchant and the bank in order to facilitate the exchange. cybercoin allows the user to remain anonymous to the vendor. financial information is encrypted, but the actual message is not.
millicent digital’s millicent system does not issue one standard "currency." instead, each vendor has their own specific scrip, which it sells to a broker at a dicount. users register with one broker and buy broker scrip in bulk. brokers will vary in the way they bill users (through credit cards, isp accounts, or cybercash type wallets). when a user wishes to make a purchase, s/he converts broker scrip into vendor-specific scrip, which is then stored in the users hard drive wallet. when the user enacts the purchase from the vendor, their wallet pays the vendor with its specific currency. the major feature of this system is its low transaction costs, which allow for purchases of as little as 1/10 of a cent. while millicent transactions are not as well encrypted as other micropayment systems, it does allow for some degree of user anonymity.
prashant sharma : [email protected]
8
clickshare this system is aimed at newspaper and magazine publishers. users register with one content provider or isp, then enter that password once per session. that content provider then becomes the users home site. links to other publishers registered with clickshare exist on that site and the user is free to make purchases at those sites without having to enter any additional information. clickshare keeps transaction records and bills the user’s isp, who already has an account relationship with the user. another major feature of clickshare is that it keeps anonymous records of users’ "travels," which can then be sold to marketers for analysis.
brief overview of cryptography, digital signatures and digital certificates almost every electronic payment system developed or under development relies on some form of encryption and/or the use of digital certificates. therefore, a brief discussion of the cryptography and digital certificates is appropriate before launching into a discussion of the various electronic payment systems. cryptography is the science of keeping messages secret. the original text, or plaintext, is converted into a coded equivalent called ciphertext via an encryption algorithm. the ciphertext is decoded (decrypted) at the receiving end and turned back into plaintext. the encryption algorithm uses a key, which is a binary number that is typically from 40 to 128 bits in length. the data is "locked" for sending by combining the bits in the key mathematically with the data bits. at the receiving end, another key is used to "unlock" the code, restoring it to its original binary form. there are two cryptographic methods being used in electronic payment systems: secret key and public key. the traditional secret key method uses the same key to encrypt and decrypt. this is the fastest method, but transmitting the secret key to the recipient in the first place is not secure. the second method, public-key cryptography, uses both a private and a public key. each recipient has a private key that is kept secret and a public key that is published for everyone. the sender looks up the recipient's public key and uses it to encrypt the message. the recipient uses the private key to decrypt the message. key owners do not need to transmit their private keys to anyone in order to have their messages decrypted and thus the private keys are not in transit and are not vulnerable. the security of a strong system resides with the secrecy of the key rather than with secrecy of the algorithm. in theory, any cryptographic method with a key can be broken by trying all possible keys in sequence. however, using brute force to try all keys requires computing power that increases exponentially with the length of the key. a system with using a 40 bit keys take 2^40 steps. this kind of computing power is available in most universities. however, keys with 64 bits would require computing power available only to major governments. keys with 80 bits and 128 bits will probably remain unbreakable by brute force for the foreseeable future.
digital signatures a digital signature is an electronic signature that cannot be forged. it is a coded message that accompanies the text message transmitted over a network. to send a digital signature, the sender uses an algorithm to compute a hash value from his or her text message. using the sender's private key, the sender encrypts the hash value, turning it into a message digest. the text message is then encrypted with the private key, and both message and message prashant sharma : [email protected]
9
digest are transmitted to the recipient. the recipient uses the sender's public key to decrypt the message and message digest. using the same hashing algorithm, a new message digest is computed from the text message and compared with the message digest that accompanied it. if they match, the signature is authenticated. however, the sender could still be an impersonator and not the person he or she claims to be. to verify that the message was indeed sent by the person claiming to send it requires a digital certificate (digital id) which is issued by a certification authority.
prashant sharma : [email protected]
10
conventional payment mechanisms value has been conventionally transferred using a variety of techniques, including: •cash •notes, which were until this century issued in many cases by banks, but during this century largely by national governments; •coins; and •unofficial tokens accepted as having value, e.g. sweets for small change in italy in the 1960s and 1970s, when the intrinsic value of the metals in the coins exceeded their face value; •documents •bills of exchange; •cheques drawn on a bank; •money orders written by an accepted authority such as a national post office; •letters of credit; prashant sharma : [email protected]
1
•payment card vouchers. these mechanisms have various characteristics, such as the extent to which the parties are identified, the traceability of the transaction, and the taxability of the transaction. the reason that so many mechanisms exist is that there are many different circumstances in which value is exchanged, and each of the mechanisms has niche-markets in which it is perceived by at least some parties to have advantages.
electronic payment methods introdution electronic payment methods may be costly and challenging but they will give you the competitive edge. different payment systems include traditional card payments, mail order, online payments, and payment bureaus, secure order forms, bacs alternative payment options and no payment option. receiving electronic payments incurs extra costs. when you pay for a good or service in a shop using a credit or debit card the retailer must pay a commission to the financial institution processing the card details; additionally there will be operating costs for the system used to process the cards. these systems are often costly, challenging to implement and sometimes technically difficult to understand. these hurdles represent a ‘barrier to entry’, which, if overcome, can give you the competitive edge. there are several approaches to taking electronic payments. all of these types of payment systems can be compared by trying the electronic payments comparison tool. some of them can co-exist with others and some are mutually exclusive. in this section we will discuss: •traditional card payments •mail-order •online payments •acquiring banks •payment bureaus •secure order forms •bacs •alternative payment options
prashant sharma : [email protected]
2
•no payment option electronic payment systems one of the main requirements in e-commerce is the ability to accept a form of electronic payment. this form of electronic payment is referred to as financial electronic data interchange (fedi). fedi has become increasingly popular over the last number of years due to the widespread use of the internet based shopping and banking. there are dozens, if not hundreds, of electronic payment systems being developed to facilitate secure web transactions. electronic payment systems can be grouped into four basic categories, as follows: •
session level protocols for secure communications
•
credit card and debit cards
•
electronic cash
•
micro payment systems
•
financial cyber-mediaries
to be considered secure, an electronic financial transaction should satisfy the following four requirements: 1. ensuring communications are private 2. verifying that the communications have not been altered in transmission 3. ensuring the server and client are who they claim to be 4. ensuring the information to be transferred was written by the signed author
session level protocols for secure transmission secure socket layer (ssl) one of the earliest internet security protocols, the secure socket layer protocol (ssl) is currently the most popular protocol for the secure transfer of information over the web. ssl is a protocol-independent encryption scheme developed by netscape that provides channel security between the application layer and the transport layer of a network packet. in plain english, this means that encrypted transactions are handled "behind the scenes" by the server and are essentially transparent to the html or cgi author. ssl supports, but does not mandate the use of public key encryption and certification techniques. it is important to note that ssl is not an electronic payment system. ssl is a secure transmission protocol which can be used to provide security not just for payments over the internet but also for other types of server-to-client communications. ssl’s popularity as a secure transmission protocol has allowed it to become the most popular method of conducting financial transactions are over the web. currently there are over 65,000 ssl enabled hosts on the web. there are a number of other session layer
prashant sharma : [email protected]
3
protocols that compete with ssl. however, none of the other protocols have attracted any significant level of use on the web. ssl has achieved such a wide acceptance because it was one of the earliest security protocols, capturing the attention of the early on-line merchants and consumers. ssl also benefits from netscape’s powerful brand recognition as one of the leaders in internet related software. programmers like ssl because it is protocol-independent, allowing for easier development of online commerce applications. ssl also benefits from the fact that many other security protocols are still in testing stage or have yet to gain wide acceptance. however, ssl’s dominance is being challenged by a host of new secure electronic payment systems.
secure credit card / debit payment systems consumers are comfortable using credit cards to make purchases in the physical world. in 1996, over $500 billion worth of goods and services were purchased worldwide using credit cards. currently the bulk of purchases on the web are made using credit cards. not surprisingly, many companies, including mastercard and visa, are rushing to develop secure credit card payment systems for the web. the secure electronic transactions (set) specification one of the major reasons electronic commerce is expected to grow rapidly over the next few years is because of the secure electronic transactions specification. released to the public on may 31st, 1997, set was jointly developed by mastercard and visa with the backing of microsoft, netscape, ibm, gte, saic, terisa systems, and verisign. the stated goal of this consortium is "to develop a single method that consumers and merchants will use to conduct bankcard transactions in cyberspace as securely and easily as they do in retail stores today". mastercard and visa publicly state that they believe creating the set standard will speed the acceptance of commerce on the internet. currently, the bulk of business-to-consumer electronic commerce is conducted by transmitting a credit card number using ssl. set represents a bold attempt to make credit card payment the choice for the future for online payment. technically speaking, set is an open standard, multi-party protocol for conducting secure credit card payments over the internet. the set specification is based on public key cryptography and digital certificates. i it is important to note that set’s development as an open standard, multi-party protocol will facilitate and encourage the interoperability of set across various software and network providers. the graphic below outlines the basic steps involved in a set transaction:
1. an online shopper wishes to make a credit card purchase from a web merchant that supports the set specification. using a browser plug in called an electronic wallet, the customer transmits
prashant sharma : [email protected]
4
encrypted financial information (ie. credit card number) to the merchant, along with his or her digital certificate. 2. the merchant’s server sends the set transaction to a payment gateway where it is decrypted, processed, and verified by a certification authority. 3. the payment gateway then routes the transaction back to the financial institution that issued the credit card for approval.
4. the merchant is advised electronically that the purchase is approved, and the cardholder is debited. the merchant can then ship merchandise knowing that the customer transaction has been approved.
digital cash (also called electronic cash) the term "digital cash" defines a category of electronic payment systems that attempt to replicate the benefits of cash in the off-line world. there are a number of electronic cash protocols. to a degree, all digital cash schemes operate in the following manner: 1. a user installs a "cyberwallet" onto his or her computer. money can be put in the wallet by deciding how much is needed and then sending an encrypted message to the bank asking for this amount to be deducted from the user's account. the bank reads the message (by using its private key to decode the message) and sees that it has been digitally signed (which requires a certificate authority such as verisign) so it knows that the request comes from the individual who authorizes account debits. 2. the bank then generates "serial numbers", encrypts the message, signs it with its digital signature and then sends it back. the user can then take the message, often referred to as a coin or a token, and spend it at merchant sites. 3. merchants receive ecash during a transaction and see that it has been authorized by a bank. they then contact the bank to make sure the coins have not been spent somewhere else, and the amount is credited to the merchant's account. (computer money: a systematic overview of electronic payment systems, andreas furche and graham wrightson, dpunkt: heidelberg, 1996.)
accept credit card payments summary traditional card payments take place offline. offline electronic payments are common and need you to have a merchant service and pdq machine from your acquiring bank. there are ten basic steps to setting up offline payment. most high street stores can take offline electronic payments through their credit and debit card facilities. all banks can process these transactions and some will also process internet based transactions. to take offline electronic payments you usually need to apply for the appropriate facility from your bank. here are some key electronic payment terms to consider: merchant service: this is the generic term for the service provided by banks that allow you to ‘swipe’ credit and debit cards at your place of business. pdq machine: this generic term for the prashant sharma : [email protected]
5
machine that is used to ‘swipe’ a credit or debit card. acquiring bank: once you have ‘swiped’ the card, the customer’s details are passed to an acquiring bank for processing. the acquiring bank checks the details of the card and authorizes the transaction. the acquiring bank is the bank that provides your merchant service. ten steps to setting up offline electronic payment: •
apply to a bank for a merchant service.
•
negotiate the costs.
•
on acceptance, pay the set-up costs.
•
receive and install a pdq machine.
•
‘swipe’ the customer’s card to collect their credit or debit card details.
•
wait while the card details are passed to the acquiring bank <merchant_service.jsp> for approval.
•
ask the customer to sign the sales voucher.
•
verify the signature and process the payment.
•
a transaction charge is automatically paid to the bank.
•
the customer leaves with the goods or service.
for electronic payment in a shop, the customer is present to sign the sales voucher. if the transaction takes place via the phone or the internet, the customer is not present so there is an increased fraud risk. any merchant service (whether offline or online) is provided at the discretion of the financial institution concerned. there are few set rules as to which businesses can and cannot be approved for a merchant service. be prepared to negotiate the product at a price that suits your needs mail order payments by phone, post or fax are more at risk of fraud. acquiring banks ask for more commission to carry out these customer not present transactions.mail order payments involve more risks for banks and financial institutions than transactions where the customer is present at the point of sale. consequently, acquiring banks usually ask for more commission per transaction (perhaps 3.1% instead of 2.79%) and a more detailed agreement on the fraud checks you use. with proper planning, your mail order operation should be able to get a customer not present merchant service from your bank without difficulty. if you already have an offline service negotiate with your bank to avoid paying another set up charge. the bank will approve each application individually but there are other equally valid options available if you cannot get a merchant service .
prashant sharma : [email protected]
6
micropayments credit card and debit card fees charged by the issuing banks range from 1.5-3%, with a typical minimum fee of 20 cents. thus, to preserve margins from being eroded by transaction fees, most vendors in the off and online world require minimum credit card purchases of around $5.00. is there an online market for information, products and services priced below $5.00? you bet your cookie! enter micropayment systems. micropayments are transactions that range from 1/10 of a cent to $10.00 and up, with varying limits being set by the micropayment system developer. under this concept, a consumer can buy one chapter from an online book for $1.00 versus having to pay 10.00 for the entire contents. single articles from the wall street journal online could be bought for 10 cents, freeing the consumer from the obligation of a long term subscription. typically, micropayment systems require the consumer to purchase micropayment currency in bulk either from a broker or the content provider. this bulk purchase is paid for with a credit card and the currency is then stored in a "wallet" which resides in the user’s hard drive, at the mp’s or content provider’s web site. each time a consumer makes a purchase from a content provider, their wallet is debited the appropriate amount of currency. the idea of selling inexpensive products and services opens a world of options for content providers and new realm of flexibility and selection to consumers. however, small transactions demand proportionately small transaction fees. the most promising micropayment systems are designed to meet the goal of minimizing transactions fees first. to varying degrees, each micropayment system addresses the need for transaction security and the anonymity of the consumer.
cybank cybank is an example of an online bank somewhat similar to first virtual but using alternatives to credit card transactions. cybank offers free ccounts and software. users contact cybank merchants and authorize debits to their accounts for merchandise (all with encryption). users can add credit to their account by using a credit card, check, money order, or "phonecash"--which credits your account a specified amount of money that is paid out via your phone bill. a new type of payment method is emerging whereby vendors create their own forms of currency using the model of frequent flyer points. this phenomenon of points conveying value both within the issuer's system of products and for exchange in other vendors' systems is undoubtedly occurring. companies such as netcentives have been created to capitalize on just this opportunity. netcentives aggregates merchants affinity point programs on the net and allows users to use them interchangeably for a variety of merchandise. however, we contend that these point systems are at their heart, essentially loyalty programs. they are very effective at consumer retention and they do use the model of creating a system of value outside of the world of cash, but their underlying premise is that the points were a reward for the use of cash payments to the merchants.
prashant sharma : [email protected]
7
ecash with ecash, the user purchases digital money from an ecash licensed bank (with which she has an existing account) on the internet. the "coins" are then stored on the user’s hard drive. when a user makes a purchase at an ecash enabled site, the system software deducts the coins form her hard drive and forwards them to the vendor. the vendor then sends the coins to the users bank for verification. the vendor then chooses whether to be issued new ecash or to have a deposit made into an ecash account. one major advantage of ecash is that the user can engage in direct person to person transactions. in addition, this system provides complete user anonymity.
virtualpin virtualpin is an email based system that stores a user’s credit card information off-line. user’s register with the service over the phone, so credit card information is never transmitted over the internet. upon receiving the user’s account information, first virtual issues him/her a pin. when making a purchase, a user gives the vendor the pin and the vendor then sends the transaction information to first virtual for approval. first virtual then confirms the purchase with the user via email and then charges the proper amount to the users credit card. this system is very flexible in that it can handle purchases from $1.00 on up. however, the entire process can be slow and transaction costs are relatively high (thus, the unusually high "micropayment" minimum).
cybercoin users download the cybercoin wallet and register it with a cybercoin participating financial institution (bank or credit card company). users buy the cybercoins in bulk using a credit card or their existing checking account. the cybercoin enabled bank stores the account balance and transfers all the real money within the established banking network. the wallet is simply a legal record of who the owner is and what exists in his or her account. cybercoin acts as the middleman, taking a transaction fee from both the merchant and the bank in order to facilitate the exchange. cybercoin allows the user to remain anonymous to the vendor. financial information is encrypted, but the actual message is not.
millicent digital’s millicent system does not issue one standard "currency." instead, each vendor has their own specific scrip, which it sells to a broker at a dicount. users register with one broker and buy broker scrip in bulk. brokers will vary in the way they bill users (through credit cards, isp accounts, or cybercash type wallets). when a user wishes to make a purchase, s/he converts broker scrip into vendor-specific scrip, which is then stored in the users hard drive wallet. when the user enacts the purchase from the vendor, their wallet pays the vendor with its specific currency. the major feature of this system is its low transaction costs, which allow for purchases of as little as 1/10 of a cent. while millicent transactions are not as well encrypted as other micropayment systems, it does allow for some degree of user anonymity.
prashant sharma : [email protected]
8
clickshare this system is aimed at newspaper and magazine publishers. users register with one content provider or isp, then enter that password once per session. that content provider then becomes the users home site. links to other publishers registered with clickshare exist on that site and the user is free to make purchases at those sites without having to enter any additional information. clickshare keeps transaction records and bills the user’s isp, who already has an account relationship with the user. another major feature of clickshare is that it keeps anonymous records of users’ "travels," which can then be sold to marketers for analysis.
brief overview of cryptography, digital signatures and digital certificates almost every electronic payment system developed or under development relies on some form of encryption and/or the use of digital certificates. therefore, a brief discussion of the cryptography and digital certificates is appropriate before launching into a discussion of the various electronic payment systems. cryptography is the science of keeping messages secret. the original text, or plaintext, is converted into a coded equivalent called ciphertext via an encryption algorithm. the ciphertext is decoded (decrypted) at the receiving end and turned back into plaintext. the encryption algorithm uses a key, which is a binary number that is typically from 40 to 128 bits in length. the data is "locked" for sending by combining the bits in the key mathematically with the data bits. at the receiving end, another key is used to "unlock" the code, restoring it to its original binary form. there are two cryptographic methods being used in electronic payment systems: secret key and public key. the traditional secret key method uses the same key to encrypt and decrypt. this is the fastest method, but transmitting the secret key to the recipient in the first place is not secure. the second method, public-key cryptography, uses both a private and a public key. each recipient has a private key that is kept secret and a public key that is published for everyone. the sender looks up the recipient's public key and uses it to encrypt the message. the recipient uses the private key to decrypt the message. key owners do not need to transmit their private keys to anyone in order to have their messages decrypted and thus the private keys are not in transit and are not vulnerable. the security of a strong system resides with the secrecy of the key rather than with secrecy of the algorithm. in theory, any cryptographic method with a key can be broken by trying all possible keys in sequence. however, using brute force to try all keys requires computing power that increases exponentially with the length of the key. a system with using a 40 bit keys take 2^40 steps. this kind of computing power is available in most universities. however, keys with 64 bits would require computing power available only to major governments. keys with 80 bits and 128 bits will probably remain unbreakable by brute force for the foreseeable future.
digital signatures a digital signature is an electronic signature that cannot be forged. it is a coded message that accompanies the text message transmitted over a network. to send a digital signature, the sender uses an algorithm to compute a hash value from his or her text message. using the sender's private key, the sender encrypts the hash value, turning it into a message digest. the text message is then encrypted with the private key, and both message and message prashant sharma : [email protected]
9
digest are transmitted to the recipient. the recipient uses the sender's public key to decrypt the message and message digest. using the same hashing algorithm, a new message digest is computed from the text message and compared with the message digest that accompanied it. if they match, the signature is authenticated. however, the sender could still be an impersonator and not the person he or she claims to be. to verify that the message was indeed sent by the person claiming to send it requires a digital certificate (digital id) which is issued by a certification authority.
prashant sharma : [email protected]
10
Related Documents
What Is Electronic Payment Methods
November 2019 5
Electronic Payment
July 2020 13
Electronic Payment System111
May 2020 14
International Payment Methods
December 2019 20
Electronic Payment Systems And
June 2020 18