electronic commerce eighth edition chapter 11 payment systems for electronic commerce

Electronic CommerceEighth Edition

Chapter 11Payment Systems For Electronic

Commerce

Electronic Commerce, Eighth Edition 2Electronic Commerce, Eighth Edition 2

Learning Objectives

In this chapter, you will learn about:• The basic functions of online payment systems• The use of payment cards in electronic commerce• The history and future of electronic cash• How electronic wallets work• The use of stored-value cards in electronic

commerce• Internet technologies and the banking industry

Electronic Commerce, Eighth Edition 3

Online Payment Basics

• E-commerce– Exchange money for goods or services– Important function: handling Internet payments– B2B payment transactions

• Electronic funds transfers (EFTs)

• B2C payment transactions– Evolving and competing for dominance– Customer convenience, saves companies money

• Bill mailed by mail costs $1.00 to $1.50• Internet billing cost: 50 cents


Online Payment Basics (cont’d.)

• Four basic means to purchase items in B2C (traditional and electronic)– Cash, checks, credit cards, debit cards

• 90% of all United States consumer payments

• Electronic transfer: small but growing• Most popular: automated payments• Credit cards

– Worldwide: 90% of online payments– United States: 97% of online payments


Online Payment Basics (cont’d.)

• Scrip – Digital cash minted by a company

• Cannot be exchanged for cash• Exchanged for goods or services by company issuing

scrip– Like a gift certificate: good at more than one store– Current scrip offerings (eScrip)

• Focus: not-for-profit fundraising market• Merchant should offer customers payment options

– Safe, convenient, widely accepted– Companies sell payment processing package service


Payment Cards

• General term describing all types of plastic cards consumers (businesses) use to make purchases– Categories: credit cards, debit cards, charge cards

• Credit card (Visa, MasterCard)– Spending limit based on user’s credit history

• Charge purchases against credit line– Options for user billing cycle payments

• Pay off entire credit card balance; pay minimum amount

• Card issuers charge unpaid balance interest– Accepted worldwide, 30-day dispute period


Payment Cards (cont’d.)

• Credit card (cont’d.)– Card not present transactions

• Cardholder not present during transaction• Requires extra security

• Debit card – Removes sales amount from cardholder’s bank

account – Transfers sales amount to seller’s bank account– Issued by cardholder’s bank

• Carries major credit card issuer name



• Charge card (American Express)– No spending limit– Entire balance due at end of billing period– No line of credit or interest charges– Examples: department store, oil company cards

• “Payment card”– Refers to credit cards, debit cards, and charge cards



• Single-use cards– Cards with disposable numbers

• Addresses concern of giving online vendors payment card numbers

– Not used much anymore• Problem: required consumers to behave differently


Advantages and Disadvantages of Payment Cards

• Advantage for merchants– Fraud protection (built-in security)

• Charge paid through issuer of payment card

• Advantage for U.S. consumers– Liability of fraudulent card use: $50

• Card issuer frequently waives $50 charge if card stolen

• Good for merchants and consumers– Worldwide acceptance

• Currency conversion handled by card issuer


Advantages and Disadvantages of Payment Cards (cont’d.)

• Disadvantage for merchants– Per-transaction fees, monthly processing fees

• Cost of doing business– Goods and services prices are slightly higher

• As opposed to environment free of payments cards– For payment:

• Merchant must first set up merchant account

• Disadvantage for consumers– Annual fee

Payment Acceptance and Processing

• Internet payment card process easier than physical store process

• EMV standard– Single standard handling payment card transactions– Visa, MasterCard, MasterCard International

• United States online stores, mail order stores– Must ship merchandise within 30 days of charging

payment• Violation penalties are significant• Most do not charge payment card accounts until

merchandise shipped


Payment Acceptance and Processing (cont’d.)

• General steps in payment card transactions – Merchant receives payment card information– Merchant authenticates payment – Merchant ensures funds are available and puts hold

on credit line or funds to cover charge– Settlement occurs (few days after purchase); funds

travel between banks and are placed into merchant’s account




• Open and closed loop systems– Closed loop systems

• Card issuer pays merchant directly• Does not use intermediary• American Express, Discover Card

– Open loop systems (three or more parties)• Third party (intermediary bank) processes transaction• Visa, MasterCard: not issued directly to consumers• Credit card associations: operated by association

member banks• Customer issuing banks: member banks



• Merchant accounts (acquiring bank) – Bank doing business with sellers (Internet, non-

Internet) wanting to accept payment cards– Merchant account

• Required for online merchant to process payment cards– Acceptance by bank of merchant account

• Merchant must provide business information• Risk of business type assessed

– Bank collects credit card receipts on merchant’s behalf• Credits value in merchant’s account



• Merchant accounts (cont’d.)– Chargeback

• Cardholder successfully contests charge• Merchant bank must retrieve money from merchant

account• Merchant may have to cover chargeback potential

– Problem facing online businesses• Level of online transaction fraud• Fewer than 5 percent of credit card transactions

completed online; accounts for 60 percent of total credit card dollar amount fraud



• Processing payment cards online– Payment processing service providers

• Companies offering payment card processing– Example: InternetSecure

• Supports Visa and MasterCard payments for Canadian and U.S. accounts

• Provides risk management and fraud detection• Handles online merchants transactions• Uses existing bank-approved payment card processing

infrastructure, secure links, and firewalls


• Processing payment cards online (cont’d.)– First Data

• Provides merchant payment card processing services with ICVERIFY and WebAuthorize programs

• ICVERIFY: for small retailers using Microsoft Windows electronic cash registers, point-of-sale terminal systems

• WebAuthorize: for large enterprise-class merchant sites– ICVERIFY, WebAuthorize connect directly to:

• Network of banks: Automated Clearing House (ACH)• Credit card authorization companies• Connect to ACH through highly secure, private leased

telephone lines




• Processing payment cards online (cont’d.)– Merchant Warehouse’s PayFlow Link system

• Online payment system developed by CyberCash• Now operated by VeriSign

– InfoSpace’s Authorize.Net• Online, realtime payment card processing service• Merchants link to system by inserting small HTML code

block into transaction page• Order encrypted, transferred to Authorize.Net server• Server relays transaction to bank network• Customers not aware of third-party supplier (usually)


Electronic Cash

• Electronic cash (e-cash, digital cash)– Describes any value storage and exchange system

created by private (nongovernmental) entity• Does not use paper documents or coins• Can serve as substitute for government-issued physical

currency

• Readily exchanged for physical cash on demand• Problem

– No standard among all electronic cash issuers– Not universally accepted


Electronic Cash (cont’d.)

• Small purchases not profitable for merchants– Bank fees greater than profits

• Factors in favor of electronic cash– Potentially significant market for electronic cash

• Market for Internet small purchases (below $10)– Most of world’s population does not have credit cards

• Electronic cash: solution to paying for online purchases

• Idea of electronic cash refuses to die– Despite failures


Micropayments and Small Payments

• Micropayments– Internet payments for items

• Costing few cents to a dollar

• Micropayments barriers– Not implemented very well on the Web yet– Human psychology

• People prefer to buy small value items in fixed price chunks

• Example: mobile phone has fixed monthly payment plans


Micropayments and Small Payments (cont’d.)

• Small payments – All payments of less than $10

• Companies that have developed micropayment systems– Millicent, DigiCash, Yaga, BitPass

• All have failed– No company has gained broad acceptance of its

system despite industry observers seeing such a need– No company devoted solely to offering micropayment

services

Privacy and Security of Electronic Cash

• Electronic payment methods concerns– Privacy and security, independence, portability,

convenience– Privacy and security: most important to consumers

• Transactions vulnerable• Electronic currency: copied, reused, forged

• Unique security problems of electronic cash– Possible to spend only once

• Not counterfeit; used in two different transactions– Anonymous use

• Prevents sellers from collecting information


Privacy and Security of Electronic Cash (cont’d.)

• Electronic cash companies– eCharge, InternetCash, Valista

• Advantages of electronic cash– Independent

• Unrelated to any network or storage device• Ideally pass transparently across international borders;

converted automatically to recipient country’s currency– Portable

• Freely transferable between any two parties

• Credit and debit cards: not portable or transferable• Important characteristic of cash: convenience



Holding Electronic Cash: Online and Offline Cash

• Online cash storage– Consumer has no personal possession of electronic

cash• Trusted third party (online bank) involved in all

transfers, holds consumers’ cash accounts

• Online system payment– Merchants contact consumer’s bank

• Helps prevent fraud (confirm valid cash)• Resembles process of checking with consumer’s bank

to ensure valid credit card and matching name

Holding Electronic Cash: Online and Offline Cash (cont’d.)

• Offline cash storage– Virtual equivalent of money kept in wallet– Customer holds it

• No third party involved in transaction– Protection against fraud concern

• Hardware or software safeguards needed – Double-spending

• Spending electronic cash twice• Too late to prevent fraudulent act by time same

electronic currency clears bank for second time• Prevent double-spending: use encryption techniques



Advantages and Disadvantages of Electronic Cash

• Traditional brick-and-mortar billing methods– Costly

• Generate invoices, stuff envelopes, buy and affix postage to envelopes, send invoices to customers

– Accounts payable department• Keeps track of incoming payments, posts accounts in

database, ensures current customer data

• Online stores have the same payment collection inefficiencies– Online customers use credit cards to pay for

purchases


Advantages and Disadvantages of Electronic Cash (cont’d.)

• Online auction customers use conventional payment methods– Checks, money orders

• Electronic cash system– Less popular than other payment methods– Provides unique advantages and disadvantages

• Advantages of electronic cash transactions– More efficient (less costly)

• Efficiency fosters more business (lower prices)– Occurs on existing infrastructure (Internet)


• Advantages of electronic cash transactions (cont’d.)– Internet spans globe

• Distance transaction travels does not affect cost– Does not require one party to obtain authorization

• Disadvantages of electronic cash transactions– No audit trail– Money laundering

• Technique criminals use to convert money illegally obtained into spendable cash

• Purchase goods, services with ill-gotten electronic cash• Goods sold for physical cash on open market




• Disadvantages of electronic cash transactions (cont’d.)– Susceptible to forgery– Other potentially damaging digital economic factors

• Expansion of money supply when banks loan electronic cash on consumer and merchant traditional bank accounts

• Electronic cash has not yet become a global success– Will require wide acceptance and solution to problem

of multiple electronic cash standards


How Electronic Cash Works

• Consumer opens account with electronic cash issuer– Presents proof of identity

• Consumer withdraws electronic cash using issuer’s Web site– Presents proof of identity

• Digital certificate issued by certification authority• Combination of credit card number and verifiable bank

account


How Electronic Cash Works (cont’d.)

• After consumer identity is verified:– Electronic cash amount is issued

• Amount deducted from consumer’s account• Issuer may charge small processing fee

• Consumer stores electronic cash– In electronic wallet – On his or her computer– On stored-value card

• Consumer can authorize issuer to make third-party payments– From electronic cash account


Providing Security for Electronic Cash

• Significant electronic cash problem– Potential for double-spending

• Main deterrent– Threat of detection and prosecution

• Keys to creating tamperproof electronic cash that can be traced back to origins– Cryptographic algorithms– Two-part lock

• Provides anonymous security• Signals someone is attempting to double-spend cash


Providing Security for Electronic Cash (cont’d.)

• When second transaction occurs– Complicated process reveals:

• Attempted second use• Identity of original electronic cash holder

• Electronic cash used correctly– Maintains user’s anonymity

• Double-lock procedure– Protects anonymity of electronic cash users– Simultaneously provides built-in safeguards to

prevent double-spending



• Double-spending– Neither detected nor prevented with truly anonymous

electronic cash• Anonymous electronic cash

– Cannot be traced back to person who spent it• Tracing electronic cash

– Attach serial number to each electronic cash transaction

• Cash positively associated with particular consumer• Does not solve double-spending problem



• Single issuing bank can detect when two deposits of same electronic cash are about to occur– Impossible to ascertain fault (consumer or merchant)

• Electronic cash contains serial numbers– No longer anonymous

• One reason to acquire electronic cash– Raises privacy issues

• The use of serial numbers to track consumers’ spending habits



• Creating truly anonymous electronic cash– Bank issues electronic cash with embedded serial

numbers• Bank digitally signs electronic cash while removing

association of cash with particular customer


Electronic Cash Systems

• Electronic cash– More successful in Europe and Japan

• Consumers prefer to use cash (does not work well for online transactions)

• Electronic cash fills important need– Not successful in United States

• Consumers have payment cards and checking accounts

• KDD Communications (KCOM)– Internet subsidiary: Japan’s largest phone company– Offers electronic cash through NetCoin Center


Electronic Cash Systems (cont’d.)

• Reasons for failure of United States electronic cash systems – Electronic cash systems implementation

• Required to download and install complicated client-side software that ran in conjunction with browser

– Number of competing technologies• No standards developed• Array of proprietary electronic cash alternatives

– No interoperable software• That runs transparently on variety of hardware

configurations and different software systems



• CheckFree– Largest online bill processor (in the world)– Payment processing services since 1981 to:

• Large corporations, individual Internet users– 2007 Fiserv bought CheckFree ($4.4 billion)

• Offers online bill processing under CheckFree brand



• Clickshare– Electronic cash system for magazines and newspaper

publishers– Uses technology called micropayment-only system– An ISP supporting Clickshare automatically registers

users – When users click links leading to Clickshare sites

• They can make purchases without registering again• Clickshare keeps track of transactions and bills user’s

ISP



• Clickshare (cont’d.)– Tracks user on the Internet

• Significant value to advertisers, marketers• Defeats anonymity

– Micropayment capability• By-product of core functionality of tracking identified

users• Tracks users with standard HTTP Web protocol• Does not require cookies or software wallets



• PayPal– Payment processing services to businesses,

individuals– Earns profit from float

• Money deposited, not used immediately– Charges transaction fee

• Businesses using service to collect payments– Peer-to-peer (P2P) payment system

• Free payment clearing service for individuals• Payments from one type of entity to another of the

same type



• PayPal (cont’d.)– Eliminates writing and mailing checks or payment cards– Send money instantly and securely to anyone with an

e-mail address– Convenient for auction bidders to pay for purchases– Convenient for auction sellers

• Eliminates risks posed by other online payment types– Transactions clear instantly– Redemption

• PayPal check• Direct deposit to checking accounts



• PayPal (cont’d.)– Merchants and consumers first register for PayPal

account• No minimum amount account balance• Add money by authorizing checking accounts transfer,

using credit card• Merchants need PayPal accounts to accept PayPal

payments



• PayPal (cont’d.)– Competition from Billpoint

• Joint venture between eBay, Wells Fargo• PayPal maintained first-mover advantage

– Remained most widely used eBay payment processing system

• eBay purchased PayPal– Other peer-to-peer payment business companies

• First Data Corporation offered electronic money orders through BidPay site (closed in 2007)

• Citibank’s c2it payments service (closed in 2003)


Electronic Wallets

• Concerns of consumers when shopping online– Entering detailed shipping and payment information

for each online purchase– Filling out forms

• Solution– Electronic commerce sites allows customer to store

name, address, credit card information on the site– Problem

• Consumers must enter information at each site


Electronic Wallets (cont’d.)

• Electronic wallet (e-wallet)– Holds credit card numbers, electronic cash, owner

identification, owner contact information– Provides information at electronic commerce site

checkout counter– Benefit: consumer enters information once

• More efficient shopping• Server-side electronic wallet

– Stores customer’s information on remote server of merchant or wallet publisher

– No download time or installation on user’s computer



• Server-side electronic wallet (cont’d.)– Main weakness

• Security breach can reveal thousands of users’ personal information (credit card numbers)

• Servers must employ strong security measures to minimize possibility of unauthorized disclosure

• Client-side electronic wallet– Stores information on consumer’s computer– Disadvantages

• Must download wallet software onto every computer• Not portable



• Client-side electronic wallet (cont’d.)– Advantage

• Sensitive information stored on user’s computer– Sensitive information safer on client machine

• Attackers must launch many attacks on user computers (more difficult to identify)

• Prevents easily identifiable wallet vendor’s servers from attack



• Characteristics of useful wallets– Wallet accessibility

• Populate data fields in any merchant’s forms for any site consumer visits

– Electronic wallet manufacturer and merchants from many sites must coordinate efforts

• Wallet recognizes consumer information going into each field of given merchant’s forms



• Electronic wallets – Store shipping and billing information

• Consumer’s first and last names, street address, city, state, country, postal code

– Hold credit card names, numbers• Offers consumer choice of credit cards at online

checkout– Hold electronic cash from various providers



• Electronic wallet used by business companies – Example: MasterCard– Most abandoned efforts

• Current major browsers include feature to remember names, addresses, other commonly requested information

• Browsers provides one-click Web form field completion– Two e-wallet arena survivors

• Microsoft Windows Live ID• Yahoo! Wallet


Microsoft Windows Live ID

• Formerly called Passport, Microsoft .NET Passport• Single sign-in service

– Includes server-side electronic wallet• Operated by Microsoft

• All personal data entered into Windows Live ID wallet– Encrypted and password protected


Microsoft Windows Live ID (cont’d.)

• Four integrated services– Single sign-in service (SSI)

• Allows user to sign in at participating Web site using username and password

– Wallet service• Provides electronic wallet functions (secure storage,

form completion of credit card, address information)– Kids service

• Helps parents protect, control children’s online privacy– Public profiles

• Allows consumers to create public page of information about themselves


Yahoo! Wallet

• Server-side electronic wallet offered by Yahoo!• Completes order forms automatically

– Identifying information, credit card payment information

• Stores information– Several major credit, charge cards, Visa and

MasterCard debit cards• Accepted by:

– Thousands of Yahoo! Store merchants, Yahoo! Travel– Yahoo! Services

• Premium e-mail storage, Web hosting fees


Yahoo! Wallet (cont’d.)

• Yahoo! Advantage– Number of services and shops accommodate own

wallet• Large number of merchants accept wallet

• Privacy concern– Company issuing wallet has access to great deal of

information about individual using wallet


Stored-Value Cards

• Microchip smart card or magnetic strip plastic card– Records currency balance

• Microchip versus magnetic strip– Microchip stores more information– Tiny microchip computer processor

• Performs calculations and storage operations on card– Different microchip card reader needed

• Examples: prepaid phone, copy, subway, bus cards• “Stored-value card” and “smart card” used

interchangeably


Magnetic Strip Cards

• Holds rechargeable value• Passive magnetic strip cards cannot:

– Send or receive information– Increment or decrement cash value stored

• Processing done on device into which card inserted• Magnetic strip cards and smart cards store

electronic cash– Smart card better suited for Internet payment

transactions• Has processing capability


Smart Cards

• Stored-value card – Plastic card with embedded microchip

• Credit, debit, charge cards store limited information on magnetic strip

• Store information– About 100 times more than magnetic strip plastic card

• Hold private user data– Financial facts, encryption keys, account information,

credit card numbers, health insurance information, medical records


Smart Cards (cont’d.)

• Safer than conventional credit cards– Information encrypted on smart card

• Popular in Europe, parts of Asia– Public telephone calls, cable television programs– Hong Kong

• Retail counters, restaurant cash registers have smart card readers

• Octopus is the public transportation smart card: can be reloaded at transportation locations, 7-Eleven stores


Smart Cards (cont’d.)

• Beginning to appear in United States– San Francisco TransLink integrated ticketing system

for public transportation– Smart Visa card (2000)– Target Visa smart card (2002)

• Smart Card Alliance– Advances smart card benefits– Promotes widespread acceptance of multiple-

application smart card technology– Promotes compatibility among smart cards, card

reader devices, applications


Internet Technologies and the Banking Industry

• Paper checks– Largest dollar volume of payments– Processed through world’s banking system

• Other major payment forms– Involve banks one way or another

• Banking industry Internet technologies– Providing new tools– Creating new threats

Check Processing

• Physical check processing (banks, clearinghouses)– Person wrote check; retailer deposited check in bank

account– Retailer’s bank sent paper check to clearinghouse

• Clearinghouse managed fund transfer (consumer’s bank to retailer’s account)

– Paper check transported to consumer’s bank– Send cancelled check to consumer

• Many banks stopped sending cancelled checks to consumer – Provide PDF images of processed checks



Check Processing (cont’d.)

• Disadvantage of paper checks – Cost of transporting tons of paper checks– Float

• Delay between the time person writes check and the time check clears person’s bank

• Bank’s customer obtains free use of funds for few days• Bank loses use of funds for same time period• Can become significantly longer than a few days


Check Processing (cont’d.)

• Technologies helping banks reduce float– 2004 U.S. law: Check Clearing for the 21st Century

Act (Check 21)• Banks eliminate movement of physical checks entirely

• Check 21-compliant world– Retailer scans customer's check– Scanned image transmitted instantly

• Through clearing system– Posts almost immediately to both accounts

• Eliminates transaction float

Phishing Attacks

• Phishing expedition– Technique for committing fraud against online

businesses customers– Launched against all online business types– Particular concern to financial institutions

• Customers expect high degree of personal information security

• Basic structure– Attacker sends e-mail message

• Large number of recipients• Account at targeted Web site


Phishing Attacks (cont’d.)

• Basic structure (cont’d.)– E-mail message tells recipient account is compromised

• Recipient must log on to account to correct problem– E-mail message includes link

• Appears to be Web site login page • Actually disguised perpetrator’s Web site

– Recipient enters login name, password• Perpetrator captures• Uses to access recipient’s account• Access personal information, make purchases, withdraw

funds




• Spear phishing – Phishing expedition that is carefully designed to target

particular person or organization– Requires considerable research– Increases chance of e-mail being opened– Example: 2008 government stimulus checks

• Phishing e-mails appeared within one week of passage



• E-mail link disguises and tricks– Example of Web server that ignores all characters

preceding “@”:https://[email protected]/fl/login.html

– Example of disguised link:https://[email protected]/fl/login.html

– Example of invisible phony site displayed due to JavaScript code:

http://leasurelandscapes.com/snow/webscr.dll

http://leasurelandscapes.com/snow/webscr.dll



• E-mail link disguises and tricks (cont’d.)– Pop-up windows

• Look exactly like browser address bar– Including Web site graphics of financial institutions

• Looks more convincing


Organized Crime, Identity Theft, and Phishing Attacks

• Organized crime (racketeering)– Unlawful activities conducted by highly organized,

disciplined association for profit– Differentiated from less organized terrorist groups– Internet providing new criminal activity opportunities

• Generates spam, phishing, identity theft– Identity theft

• Criminal act where perpetrator gathers victim’s personal information

• Uses information to obtain credit• Perpetrator runs up account charges and disappears


Organized Crime, Identity Theft, and Phishing Attacks (cont’d.)

• Large criminal organizations– Efficient perpetrators of identity theft

• Exploit large amounts of personal information quickly and efficiently

– Sell or trade information that is not of immediate use• Other worldwide organized crime entities

– Zombie farm• Large number of computers implanted with zombie

programs– Pharming attack

• Hacker sells right to use zombie farm to organized crime association


Organized Crime, Identity Theft, and Phishing Attacks (cont’d.)

• Two elements in phishing– Collectors: collect information– Cashers: use information – Require different skills

• Crime organizations facilitate transactions between collectors and cashers– Increases phishing activity efficiency, volume

• Each year– More than a million people fall victim– Financial losses exceed $500 million


Phishing Attack Countermeasures

• Change protocol– Improve e-mail recipients’ ability to identify message

source– Reduce phishing attack threat

• Educate Web site users• Contract with consulting firms specializing in anti-

phishing work• Monitor online chat rooms used by criminals

Summary• Online stores payment forms

– Credit, debit, charge cards (payment cards)• Ubiquitous, convenient, easy to use

– Electronic cash advantages and potential uses• Making micropayments, stored online or offline

– Convenience of electronic wallets– Stored-value cards

• Smart cards, magnetic strip cards

• Banks process most monetary transactions– Use Internet technologies to process checks

• Concerns: phishing expeditions, identity theft


electronic commerce eighth edition chapter 11 payment systems for electronic commerce

Documents