MS-401 E-Business - Lecture 04 - Payment Issues in E-Commerce

MS-401 (Electronic Business) (For 4th Year Student of Management Studies, JU)
Lecture-04: Payment Issues in E-Commerce

***************************************************************
Introduction:
 In e-commerce, the final step before shipment is making payment- i.e.
getting the money. In any commercial transaction, payment is an integral
part for goods and services supplied.
 To make the e-commerce system functional, we need to incorporate
payment functions into the system.
 In all three forms of e-commerce, namely B2C, B2B and C2C, we need
appropriate methods of payment.
 In the real world commercial dealings, there are primarily three ways or
modes of payment for goods:
1. Cash payment:
The most common payment scheme between individual customers
and merchants is cash, particularly for small value purchases.
2. Credit card/debit card payment:

For larger value purchases, usually a credit/debit card is the one
accepted by most merchants. (Credit card, smart card, debit card,
ATM card etc. allow consumer to pay without cash. They are online
electronic payment media).
3. Cheque payment:
If you have a trusted relationship with a merchant, he would
normally accept cheque payment.
 Each of these requires a different system of payment.
 The payment system in e-commerce environment ensures-
 payment security,
 transaction privacy,
 system integrity,
 customer and vendor authentication,
 purchaser’s promise to pay.
What is Electronic Payment?

 Electronic payment is a system of payments made electronically rather
than by paper (e.g. cash, check, voucher etc) between parties using an
electronic surrogate which is backed by financial institutions and/or
trusted intermediaries.
***************************************************************
PREPARED BY: K M AKKAS ALI, B.SC. (HONORS) M.SC IN CSE Page 1 of 55
ASSOCIATE PROFESSOR, IIT, JAHANGIRNAGAR UNIVERSITY, DHAKA, BANGLADESH

***************************************************************
 Electronic payment systems are becoming central to on-line business

process.
 It helps the customer or user to make online payment for their shopping
for faster at lower cost.
 E-payment systems are proliferating in banking, retail, health care, on-
line markets and government.
Benefits of E-Payment:
 An online store that accepts e-payment allows you to be open 24/7
 This is an important convenience for your customers.
 It also means more revenues for you.
 It allows global reach to electronic market at high speed.
 It may reduce your overhead costs since you don’t need to hire
reception staff and people to take orders.
Demerits of E-Payment:
 In fact, e-payment is not always good:
 E-payment is more vulnerable to fraud. Neither merchant nor
consumer can be fully authenticated.
 E-payment maybe costly and challenging to install. For merchants,
around 3.5% of purchase price plus transaction fee of 20–30 cents
per transaction.
 Receiving e-payments causes extra costs since the retailer, for
example, must pay a commission to the financial institution
processing the card details.
 Infrastructure for e-payment is complex and expensive to deploy.
 Online payment is hard to implement globally.
Methods of Payment:
There are two basic types of payment:
 Methods of traditional payment:
o Check, voucher, credit card, or cash.
 Methods of electronic payment:

***************************************************************

***************************************************************
o Electronic cash (e-cash), e-wallets, smart cards, and credit/debit

cards.
Micropayments Vs. Small Payments

 Internet payments for items costing from a few cents to approximately a
dollar are called micropayments.
 Micropayment champions see many applications for such small
transactions, such as paying 5 cents for an article reprint or 25 cents for a
complicated literature search. However, micropayments have not been
implemented very well on the Web yet.
Key participants in Online Payment System:

Following are the key participants in processing online credit card payments:
 Merchant:
 Merchant is a seller, who is connected to an acquirer bank.
 A merchant can process various credit cards through a single acquirer.
 To accept credit-card payments, a merchant must have a merchant
account at the acquirer or acquiring bank.
 Cardholder/ Customer:
 Cardholder is a registered holder of the credit card who is a buyer and has
an account at the issuer or issuing bank.
 Issuer or issuing bank:

 It is the bank that issues the credit card to a cardholder and processes
transactions.
 That means it is the bank from which the buyer obtained the credit card,
and the credit-card association.
 Acquirer or acquiring bank:

 The bank that serves as an “agent” to link a merchant to multiple issuers.
 That is it is the bank with which the merchant holds an account.
***************************************************************

***************************************************************
 Credit Card Associations:

 They are nonprofit associations that set standards for issuing banks.
 Visa, MasterCard, Discover, American Express etc. are some credit card
associations.
 A credit or debit card will use a merchant account affiliated with one or
more traditional credit card associations.
 Payment Gateway Service:

 The payment gateway is situated between the SET system and the
financial network of the current credit card system for processing the
credit card payment
 This is typically connected to the acquiring bank.
Requirements of Payment Systems in E-Commerce:

 There are several essential and consequential requirements which should
be met by e-payment systems. They are:
 Payment security which requires that any payment authorization is
not tampered with by a hacker on the Internet.
 Privacy of transaction requires that third parties do not know for
what goods and services one is paying. This also requires that the
credit card number (transmitted over the Internet) is not stolen by
an eavesdropper.
 The payment systems integrity should be assured. In other words,
once an agreement is reached between a buyer and a seller, neither
can go back on their commitment.
 Mutual authentication of the customer and the merchant. In e-
payment there is no physical contact between the two parties.
There is no signed paper, transaction. Thus, establishing mutual
identities is essential.
 Besides the above requirements, electronic transactions must be designed
to satisfy the following:
Indivisible:
***************************************************************

***************************************************************
 Each payment transaction should be either whole or none. In

other words, transactions should not be interrupted in the
middle. If some malfunction occurs during a transaction, the
whole transaction should be aborted and the state restored
to the initial state.
Isolated:
 Each transaction should be independent of others.
Agreed:
 Both parties involved in the transaction should mutually
agree on the terms and conditions.
Reversible:
 If after conclusion of a transaction an error is found or if it is
found that terms and conditions are not fully met, one should
be able to reverse the payment and go to the initial state.
For example, in credit card payment, if a customer is
dissatisfied due to a valid reason, the card company should
credit the payment back to the customer and debit it from
the merchant's account.
 From the point of view of acceptability of a particular payment scheme for
implementation, the following requirements must be satisfied:
Standardized:
 The system should be acceptable across computing
platforms. In other words a universally accepted standard
should be used to ensure interoperability.
Economical:
 Transaction cost of each transaction should be minimal
(Ideally zero).
Scalable:
 The system should be able to handle several transactions
simultaneously. For example, if several customers login to a
***************************************************************

***************************************************************
merchant's e-shop, the system should simultaneously service

them while handling each customer as a separate entity.
Crucial Factors or Features of Payment Methods:

 Anonymity
 It means whether the payment method is anonymous.
 Security
 The payment method should be secure.
 Overhead cost:
 The overhead cost of processing a payment should be low.
 Transferability:
 It means whether a payment can be carried out without the involvement
of a third party. It should be transferable.
 Divisibility:
 It means whether a payment can be divided into arbitrary small payments
whose sum is equal to the original payment.
 Acceptability:
 It means whether the payment method is supported globally or locally.
Cash Versus E-Money (E-Cash):
Cash or money is-

- the most common anonymous form of payment. Anyone can walk
up, purchase an item, and pay in cash without having to show
identification.
- a medium of exchange to simplify transaction defined by a national
authority to represent value.
- a standard of value (to make it easier to decide on the worth of
goods)
***************************************************************

***************************************************************
- a store of value (to facilitate the concept of saving)
Electronic money (e-money) or Electronic cash (e-cash) or Digital cash

(Digi-cash):
- is a form of online payment that describes any value storage and
exchange system created and issued by a private entity.
- is also a medium of exchange to simplify transaction.
- does not use paper documents or coins.
- can serve as a substitute for government-issued physical currency.
- allows consumers to pay for goods without cash.
- can be readily exchanged for physical cash on demand.
- allows a person to pay for goods or services by transmitting a
number from one computer to another.
- includes credit card, smart card, debit card, ATM card etc.
- Although credit cards dominate online payments today, electronic
cash shows promise for the future. Gartner, Inc. estimates that
electronic cash will be used in more than 60 percent of all online
transactions by 2009.
- Because electronic cash is issued by private entities, there is a need
for common standards among all electronic cash issuers so that one
issuer’s electronic cash can be accepted by another issuer. This
need has not yet been met. Each issuer has its own standards and
electronic cash is not universally accepted, as is government-issued
physical currency.
Merits/ Features of Cash:

Cash is the most widely used form of payment. It offers several features:
1. Convenience:
– It is easy to use, easy to carry, and easy to handle in small quantities.
2. Wide acceptance:
– The U.S. dollar is the most widely accepted paper currency in the world
because of its stability and durability.
3. Anonymity:
– No identification is needed to pay in cash.
4. No cost of use:
– For customers who use cash, there are no hidden costs, overhead, or
processing fees. For the merchant, it means transporting cash to the bank
***************************************************************

***************************************************************
for safekeeping on a daily basis.
5. No audit trail:
– Lack of traceability means you can do what you want with your cash. In
countries where trust in the currency, the banking system, or the
government is in question, cash is used to buy all kinds of products,
including homes, automobiles, and other big-ticket items. Trust is the
basis of electronic payment systems.
6. Convertible to other form:

– Cash can be instantly convertible into other forms of value without
intermediation of any kind.
7. Portability:
– Cash is portable, requires no authentication, and provides instant
purchasing power.
Demerits of using Cash:

 Despite the above features, cash has some drawbacks:
 Cash is-
- easy to loose/ easily stolen.
- difficult to trace.
- cumbersome to carry (when amount is large and hence more space
and more security measures are needed).
- time consuming to count, organize and manage.
- limited to smaller transaction.
Key Features or characteristics of E-Money:

 E-money is becoming more attractive for conducting business in online.
 It offers several features:
a. Speed of transfer
b. Ease of handling, i.e. easy to count, organize or manage
c. Convenience, since safety of not having to carry cash
d. Ease of trace
e. Universally accepted
f. Transferable electronically
***************************************************************

***************************************************************
g. Divisible
h. Non-forgeable, non-stealable
i. Private (no one except parties know the amount)
Merits and Demerits of using e-cash:

• Advantages of electronic cash:
– E-cash is cheaper, more efficient:
Since less paper and personnel are required to process
transactions. Transfer of e-cash on the Internet costs less than
processing credit card transactions.
– E-cash is faster:
Since the transfer of e-cash occurs on the Internet that spans
the globe – this enables consumers to transfer cash at very
rapidly.
– It is especially useful for making micropayments.
– Sale of goods and services to those without credit cards
– E-cash is cheaper, since.
– Portable and usable for international transactions
– More efficient, eventually meaning lower prices
– Lower transaction costs
– Anybody can use e-cash. Unlike credit cards, e-cash does not
require one party to receive special authorization.
• Disadvantages of electronic cash:

– Use of anonymous e-cash provides no audit trail which can lead to
fraud such as money-laundering (this occurs when criminals
convert cash obtained illegally into money they can use
without questions being raised as to its origin).
– Illegally obtained e-cash is used to purchase goods/services
which are then sold to the public for real cash.
– E-cash can be forged
– Tax trail non-existent, like regular cash
***************************************************************

***************************************************************
Holding Electronic Cash:

There are two methods for holding e-cash:
A. Online Cash:
 In this case, an online bank holds the consumer’s e-cash and pays the
merchants when payment is requested.
B. Offline Cash:
 Here, the consumer keeps the cash and pays the vendors directly. This
can lead to double-spending: forgery that occurs when the consumer
uses the same e-cash to make two separate transactions. This problem
can be corrected using encryption.
Types of E-Money:
E-money is a notational money system that may be online or offline, identified
or anonymous.
Identified e-money:
– This type of e-money is also called digital cash which is a system of
purchasing cash and storing the credits in consumer’s computer.
– Computerized stored value is used as a form of cash to be spent in small
increments.
– A third party is involved in the payment transactions, examples: Beenz,
Billpoint, Paypal etc.
– This type of money contains information that makes it possible to identify
the person who withdrew the money from the bank. The process
generates an audit trail.
Anonymous e-money:
This e-money contains no information, so it is not possible to identify the person
who withdrew the money from the bank, i.e. anonymous money cannot be
traced. It is like paper money and leaves no audit trail.
Online e-money:
It means, each transaction is verified and approved by the issuing institution
(such as bank) before payment is made.
Offline e-money:
This type of e-money requires no validation.
***************************************************************

***************************************************************
Therefore, the FOUR types of e-money are:
1. Identified and online e-money (+I+L)

This is unique to credit card and debit card transactions. The buyer is
clearly identified and the card is validated against the issuing bank’s
computer before payment is made. Making a deposit at the teller window
is another example of transaction that is identified and online. The teller
asks for a picture id to identify the customer and uses the workstation to
credit (or debit) the account online.
2. Identified and offline e-money (+I-L)

It is like purchasing by check, traveler’s check, or postal service money
order. The merchant asks for id to make sure the identity of the
purchaser, but no verification is made against the account. If the check
bounces, the merchant has to call the purchaser, backtrack through the
issuing bank, and chase the purchaser for payment.
3. Anonymous and online e-money (-I,+L)

This is like cash payment where the identity of the purchaser is
anonymous and a purchase is made on the spot for cash. The same
applies to ATM (automated teller machine) transactions such as
withdrawals from savings, checking, or special accounts. In the case of
deposits, the transaction is offline. The account records the amount of the
deposit, but the bank does not make the money available until the
deposited check clears.
4. Anonymous and offline e-money (-I-L)

This is electronic cash which includes transactions such as making
deposits in one’s account via ATM and using a credit card with a merchant
who does not have an online connection to the Visa/MasterCard network.
How Electronic Cash Works:
A typical consumer will go through the following steps in order to use e-cash:
 The consumer opens an account with an electronic cash issuer using some
form of ID
 To obtain e-cash, the consumer then accesses the issuer’s Web site, and
presents ID (such as a digital certificate or a combination of a credit
card/bank account number)
 The issuer verifies the consumer’s ID
 Once the ID is confirmed, the bank issues e-cash and adjusts the account
balance
 The consumer stores the e-cash in an e-wallet or a stored-value card
***************************************************************

***************************************************************
 The consumer may pay a small processing fee for the service
In some cases, the consumer can request the issuer to pay e-cash to a third
party.
Providing Security for Electronic Cash:
 We mentioned double-spending earlier. Let us look at how this crime can

be prevented. First of all, there must be a way to detect the crime early,
and secondly, there must be a fine or some type of punishment to deter
others.
 One technique is to use cryptographic algorithms to create secure e-cash
that can be traced to the origin. A two-part lock signals when a consumer
is attempting to use the cash for a second transaction and reveals their
identity. Refer to Fig. 11-4 which shows the double detection process:
 Anonymous e-cash is a more difficult problem. One technique is to attach
a serial number to each transaction in order to trace who made it. This
defeats the whole purpose of anonymity, allows vendors to track
consumer activities, and doesn’t solve the double-spending problem. To
create anonymous e-cash, the bank issues the e-cash, a serial number
created by the customer, and the bank’s digital signature to the customer.
The customer removes the serial number before spending the cash so the
owner cannot be traced.
FIGURE: Detecting Double Spending of Electronic Cash
***************************************************************

***************************************************************
Several E-cash Systems:

E-cash systems are more prevalent in Europe and Japan. U.S. consumers tend to
use credit/debit/charge cards or checking accounts. E-cash has not caught on in
the U.S. due to the complexity of the system, lack of standards, and competing
technologies. Some successes are noted below:
 CheckFree
– This company provides online payment processing for
business and individuals using electronic checks.
– Largest ACH (Automated Clearing House), i.e. bill processor in the
world
– Provides online payment processing services
 Clickshare
– This company’s micro-payment system is targeted at magazine and
newspaper publishers.
– Clickshare is an electronic cash system that allows a consumer to
have one account at a most-trusted website and buy from other
websites without having to pass around a credit-card number,
register or give out personal information. One ID, one account, one
bill.
– Designed for magazine and newspaper publishers.
– Users whose ISPs support Clickshare, can make purchase on
Clickshare sites without having to register. Clickshare bills the ISPs
who then bill their customers. This is the only company that can
track customer activity using HTTP protocol so it serves an
important role for marketers and advertisers.
 PayPal
– Founding in 2000 and purchased by eBay in 2002
– Provides payment processing services to businesses and to
individuals
– Pay anyone, anywhere via email
– Draws funds from user’s bank account, places credit hold on credit
card for guarantee
– 16 million users
– Bank of America has 3.3. million
– Accounts insured up to $100,000
– Based on automated clearinghouse
– Withdraw funds anytime, or send to someone else
– Mobile payments (WAP)
This company provides payment processing services for business and
individuals. It generates revenue from the float (unused money in its accounts).
Today, businesses are charged a transaction fee while individuals use a peer-to-
peer (P2P) payment system. Individuals can send money to an online merchant
***************************************************************

***************************************************************
or others with an e-mail address. Debits and credits occur immediately and
transmission is secure. In addition, PayPal can issue checks to account holders
or even deposit money into their bank accounts. PayPal is currently owned by
eBay.
 CyberCash
– Combines features from cash and checks
– Offers credit card, micropayment, and check payment services
– Connects merchants directly with credit card processors to provide
authorizations for transactions in real time
o No delays in processing prevent insufficient e-cash to pay for
the transaction
 CyberCoins
– Stored in CyberCash wallet, a software storage mechanism located
on customer’s computer
– Used to make purchases between .25c and $10
 DigiCash
– Allowed customers to purchase goods and services using
anonymous electronic cash.
 Coin.Net
– Electronic tokens stored on a customer’s computer is used to make
purchases
– Works by installing special plug-in to a customer’s web browser
– Merchants do not need special software to accept e-Coins.
BidPay: This system allows customers to pay for auction transactions

using electronic money orders issued by First Data Corporation.
Privacy and Security of Electronic Cash:

Two major customer concerns are privacy and security. Most consumers will not
use e-commerce sites if they fear their personal information or credit card
information will be open to theft or fraudulent use. Other concerns include
independence, portability, and convenience.
Let us examine what aspects make e-cash successful:
 it can only be used for one transaction,

 the consumer’s identify remains invisible throughout the transaction
process,
 there is a guarantee that the transaction takes place between two parties
only,
 the transaction is legitimate,
***************************************************************

***************************************************************
 it is not designed to work on a specific network or storage device,

 it is easily transferred in different locations without the need for a
merchant account,
 it is easy to use and does not require complicated hardware or software,
 a standard must be developed for e-cash payments and receipts, and
 e-cash from different vendors must be easily interchanged
Two companies that deal with e-cash are eCharge and Valista.
Requirements for Internet-based payments:

Regardless of the form of money, there are two distinct sets of properties to
consider in money transfer:
(1) The ACID test
It is a set of properties in a money transfer that include:
- Atomicity
A transaction must occur completely or not at all.
- Consistency
All parties involved in the transaction must agree to the exchange.
- Isolation
Each transaction must be independent of any other transaction and
be treated as a stand-alone episode.
- Durability
It must always be possible to recover the last consistent state or
reverse the facts of the exchange.
(2) ICES test

It is also a set of properties of a money transfer that include:
- Interoperability
Ability to move back and forth between different systems.
- Conservation
How well money holds its value over time and how easy money is
to store and access.
- Economy
Processing a transaction should be inexpensive and affordable.
- Scalability
It refers to the ability of the system to handle multiple users at the
same time.
***************************************************************

***************************************************************
In addition to ACID and ICES tests, the important properties required for an
Internet-based payment system are:
1. Acceptability:
For electronic payment to work, the system must be widely accepted, and
acceptable to, merchants. Merchants must have the technical ability and
the processes to expedite a sale without delay.
2. Ease of integration:
The website interface must be effective and well integrated into the total
network environment. It also should be independent of any other payment
instrument.
3. Customer base:
Enough users and enough traffic must be present to justify investing in
the electronic payment mechanism.
4. Ease of use:
The use of payment system should be as easy as pressing a button on the
screen.
5. Ease of access:
The access to the payment system should be very easy. Users don’t like
to wait.
Electronic Payment Media
Some Keywords:
Money Laundering
 Money laundering is the process whereby the origin of dishonest (or
dirty) money generated by criminal activities and/or illegally
obtained money is concealed so that it appears to come from a
legitimate source and cannot be easily traced back to their legal
origin.
 Money laundering is often used to disguise the proceeds of
corruption, and is widely practiced by drug traffickers, human
traffickers, and white-collar criminals. Bank secrecy and tax havens
make laundered money particularly hard to trace.
***************************************************************

***************************************************************
Biometrics
 It means the use of a body part such as the thumb (fingerprint),
retina, iris, facial analysis etc. or the use of behavioral
characteristics such as voice pattern, hand geometry-vein pattern,
hand-written signature etc. to authenticate identity. It may be used
as a replacement for computer passwords.
 With the proliferation of credit cards and other payment media in e-
commerce, one big headache a customer will encounter is keeping
track of passwords for different cards. A single card could replace
all these passwords and be activated simply by pressing thumb on
the card. The card would carry a digital fingerprint.
 Many ATM machines scan the customer’s retina for a few seconds in
lieu of traditional password.
Credit Card Associations

 Visa, MasterCard, Discover, American Express etc are some credit
card associations. A credit or debit card will use a merchant account
affiliated with one or more traditional credit card associations.
Point Of Sale (POS)

 It is the location at which the sale or transaction takes place, i.e. the point
at which goods and services are received in exchange for payment.
POS (Point-of-Sale) Terminal

 It is a computerized device (that records items purchased and calculate
the total amount due for each sale) used for verifying and processing
credit card transactions at the point of sale by communicating transaction
information to a remote central computer of a bank connected directly via
telecommunication lines or through a network. If the credit card is
available, the merchant can swipe the card through the terminal. A POS
terminal has the capability to read and change information on a card to
assist in or complete a retail transaction
***************************************************************

***************************************************************
Automated Teller Machine (ATM)

 It is a cardholder-operated terminal that performs basic teller functions,
such as accepting deposits, cash withdrawals, account transfers, loan
payments, and account balance enquiries. This machine reads ATM card or
debit card, deducts funds after withdrawal from a customer’s checking
account.
Automated Clearing House (ACH)

 It is a service that electronically processes payments of funds and
government securities among institutions and businesses. ACH routes
bank transactions involving more than one financial institution so that
accounts held by respective financial institutions can be debited and
credited.
Shopping Cart:
 It is a utility program that keeps track of items selected for purchase and
automates the purchasing process. We know that the elements required
to do business on the Internet are: a storefront (website), a shopping
cart, a merchant account, and an electronic transaction processing system
to pay the merchant against the customer’s credit or debit card. The
shopping cart program allows users to collect their purchases. It interfaces
with the payment processing system, calculates the costs and taxes for
the items collected, and delivers a complete bill for customer approval.
E-Wallet
 It is an electronic payment system that operates like a carrier of e-cash
and other information in the same way a real-world wallet carries real
cash and various IDs. The aim of the e-wallet is to give the shoppers a
single, simple, and secure way of carrying currency electronically. As a
form of electronic payment, trust is the basis of the e-wallet. The
procedure for using an e-wallet is easy:
(1) Decide on an online site where you would like to shop.

(2) Download a wallet from the merchant’s website where you intend
to shop. The special form requires the buyer to fill in some personal
information.
(3) Fill in the personal information such as your credit card number,
name, address, and phone number, and where merchandise should
be shipped.
***************************************************************

***************************************************************
(4) When you are ready to buy, click on the wallet button and the
buying process is fully executed. Billing information is filled out
automatically. Another option is to drag information out of the
wallet and drop it into the online form.
What is Credit Card?
 There are various ways to pay for goods or services, e.g. by cash, check,
or credit card.
 A credit card (also called charge card) is a small plastic card with a
coded magnetic stripe on the back that can be read at the point of
sale (POS terminal).
 It is a system of payments accepted by merchants worldwide which
is the electronic equivalent of a check issued by bank to an
individual that can be used more than once to allow consumers to
borrow money or to purchase goods and services from a merchant
on credit. The cardholder then pays the issuing bank in full or on
installment basis upon billing.
 Credit amount and interest rate are set by the lender and are determined
by the borrower's income and credit report. Generally, different credit
limit is established for different cardholder. It has a spending limit based
on a user’s credit history.
 A credit card requires the user to have an account on a server or at an
issuing bank equipped with the proper Internet connection. Whenever you
use a credit card, you are borrowing money from someone else to
purchase something. A credit card is then, in essence, a loan. It doesn’t
matter if it is a secure credit card, a small business credit card or anything
else: the credit card company is lending you money in order to make your
purchase, for which you are going to be charged interest on later
(assuming you don’t pay the total balance within a predetermined period).
 The issuer of the card grants a line of credit to the consumer (or the user)
from which the user can borrow money for payment to a merchant or as a
cash advance to the user.
 Most credit cards are issued by local banks or credit unions, and are the
same shape and size, as specified by the ISO 7810 standard.
***************************************************************

***************************************************************
 There are two separate approaches used for a credit card

payment:
 Simple method:
In this approach, the credit card number is exposed to a merchant
and the privacy of purchases made by a client is not ensured.
 Complicated method:
In this approach, the credit card number is not exposed to the
merchant and the privacy of purchases is also ensured. This
method requires a customer to have a public key certificate which
many casual customers may not have. This method, however,
ensures that the credit card number is not exposed to a merchant
and the privacy of transactions is ensured. We will describe both
these methods in this section.
Parties Involved in a Credit Card Transaction:

Four parties are involved in credit card transaction:
(i) the cardholder (customer),
(ii) the merchant (who accepts credit cards (typically a merchant
would accept credit cards of several companies such as Visa, Master
card, etc.),
(iii) Issuer or issuing bank, the bank that issues the credit card to
customers, guarantees payment to merchants and collects bills
from its customers. The customer's bank collects an annual fee
from its customer and also a large monthly interest on outstanding
overdue payments. Monthly interest may range from 1.5 to 3% on
overdue bills.
(iv) Acquirer or acquiring bank, the merchant's bank which
establishes an account with a merchant, validates card information
presented by a merchant and approves sales based on a customer's
credit status. The acquirer normally charges a commission of
around 2% on each sale from the merchant.
Manual Credit Card Transaction/ Process of using credit cards offline:
 Credit cards are issued after an account has been approved by the credit
provider, after which cardholders can use it to make purchases at
merchants accepting that card.
***************************************************************

***************************************************************
Manual credit card transactions are carried out as follows:
1. A customer presents a credit card to a merchant after purchasing items

from a store and agreeing to pay the billed amount.
2. The merchant swipes the card using a teleterminal which reads the data
contained in the magnetic strip of the card and enters the transaction
amount. The card data and amount are transmitted to the acquirer via a
private communication line.
3. The acquirer's computer forwards the data to the bank which issued the
card. The bank checks the validity of the card, credit available on the card
and approves transaction provided the card and credit are OK.
4. If all are OK, the acquirer authorizes sale and sends approval slip to the
merchant which is printed duplicate at merchant's terminal. The acquirer
also credits the merchant's account with sale amount minus commission.
The acquirer collects the amount from customer's bank.
5. The merchant requests the customer to sign the approval slip, compares
the signature with that in the card and if OK delivers the goods.
6. The bank sends a monthly statement to the customer and collects the
outstanding amount.
The above steps are illustrated in the figure below.
Note:
***************************************************************

***************************************************************
 In manual credit card transaction, there is physical proximity of a

customer with a merchant and the transaction is validated after obtaining
the signature of the customer on the payment slip.
 In e-commerce there is no physical contact between the merchant and the
customer and it is impossible to verify the physical signature. But, it is
necessary for the merchant to verify that a customer is genuine and the
customer to be assured that he or she is not dealing with a fake
merchant.
- Thus, a customer would be reluctant to disclose his or her

credit card number using the Internet as the merchant may
be fake or the number may be stolen by eavesdroppers on
the Internet.
- Furthermore, if the merchant is careless, a hacker may
access his or her database and steal credit card numbers.
 An ideal protocol named SET (secure electronic transaction) would be one

in which the credit card number is not revealed to the merchant but only
to the bank approving it. The approving bank need not know what a
customer bought but only the amount of payment to be approved (to
protect customer's privacy).
Figure: A sample credit card
***************************************************************

***************************************************************
The process of using credit cards Online:
8 1
9
Issuing Buyer Voucher to

Transaction Reimburse
Bank pays Acquiring 2 7
5 4 voucher to s merchant
Visa / Issuing Bank
Mastercard Bank
Sends transaction
voucher to Visa /
Mastercard
3
Visa / Mastercard
reimburses Acquiring
Bank
28
Credit Card Payment using Secure Socket Layer:
 SSL, short for Secure Socket Layer, is a widely used security protocol
developed in 1995 by Netscape Communication Corporation, the then-
dominant browser vendor.
 This protocol is designed to provide security (e.g. data encryption, server
authentication, and message integrity) for the transmission of private or
sensitive data over the Internet.
 SSL encrypts the data (like credit cards numbers) and other personally
identifiable information while it is being transmitted over the Internet
which prevents the "bad guys" (unauthorized people) from stealing your
information for malicious intent. The encryption is done in the
background, without any interaction from the user, so there is no
password to enter or remember.
 This protocol is used for establishing a secure connection between the
server and the browser. It controls the communication between the SSL
server and the browser.
***************************************************************

***************************************************************
 SSL is called secured socket, because it uses a "secure socket" or port for
transferring encrypted information between the server and the browser.
 SSL is a key to e-commerce security. Since its introduction, SSL has been
the de facto standard for e-commerce transaction security and is likely to
remain so into the future.
 SSL is used by all URLs that begin with http. SSL is used by all of
Netscape’s browser products, as well as Microsoft’s Internet Explorer 3.0
or higher. In addition, it is built into products such as Apache and Internet
Information Server. Most browsers and computers today can exchange
secure transactions using this protocol across the Internet.
 One requirement for proper use of SSL is that the merchant’s Web server
and the customer’s Web browser must use the same security system.
Credit card payment using SSL are as follows:
Step 1:
 A client accesses the web site of a merchant by using its URL. For
example, a request to buy from a hypothetical company Khan Bookstore
will look like https://www.KhanBookstore.com.
Step 2:
 The client examines the catalogue of books, and selects the books he or
she wants to buy. The selected items are placed in a virtual shopping cart
assigned by the merchant's server.
Step 3:
 The book store's server examines the shopping cart assigned to the client
and prepares an invoice including all taxes and shipping charges. This
invoice is displayed in the client's browser along with a form requesting
credit card information and shipping instructions.
Step 4:
 The server negotiates with the client's computer level of security. If the
client's browser does not have SSL security the transaction cannot
proceed as the credit card number will be exposed. A warning is displayed
in the client's browser.
Step 5:
 ' Assuming client's browser is SSL compliant the client now types:
 https://www.KhanBookstore.com
 https ensures that the data typed by the client is encrypted with a session
key and sent to the web site KhanBookstore.com. Thus, the credit card
number and the shipping address are encrypted. As the session" key is a
***************************************************************

***************************************************************
random number and is used only for one session, eavesdroppers cannot
use it even if they find it.
Step 6:
 The merchant decrypts the data. The credit card number, the amount to
be paid by the customer, invoice details along with the merchant's, public
key certificate, is sent to the acquirer by the merchant encrypted using
the acquirer's public key. The-merchant also digitally signs the data. The
details of invoice are sent to resolve any disputes between the customer
and the merchant at a later date.
Step 7:
 The acquirer checks with the bank which issued a customer's card its
validity, the customer's balance in this account and the merchant's digital
signature. The acquirer will transfer the amount electronically to the
merchant's bank and collects it from the customer's bank provided the
customer's bank approves the transaction. It then sends authorization to
the merchant to accept the sale. This authorization is encrypted with the
merchant's public key.
Step 8:
 The merchant accepts the customer's order and sends an encrypted
receipt to the customer. Later the merchant ships the items to the
customer's shipping address.
Step 9:
 Finally, the customer's bank sends a monthly bill to, the customer.
The above steps are illustrated in the figure below:
***************************************************************

***************************************************************
Note:
1. Using SSL, the customer's credit card is exposed to the merchant. It is

expected that the merchant will encrypt it and store it along with the -
invoice in his or her database.
2. The customer's purchase-details are exposed to the acquirer. This is
necessary to resolve disputes, if any, but the customer's: purchase details
will be exposed to the acquirer.
3. The major advantage of https protocol is that a customer need not have a
public key. Sensitive data is encrypted by SSL and customer need not
worry about eavesdroppers stealing his or her credit card number during
Internet transaction.
4. The whole transaction is automated. The customer, carries out the entire.
Operation by clicks of the mouse button. Picking the encryption key,
encryption; merchant authorization, etc., are all done by the https
software (which has SSL underneath it).
5. If a customer uses http protocol instead, of https, he or she will be
warned about the website not being secure and in many systems the
transaction will not be accepted.
***************************************************************

***************************************************************
Secure Electronic Transaction (SET) Protocol:

 In e-commerce there is no physical contact between the merchant and the
customer and it is impossible to verify the physical signature. It is also
necessary for the merchant to verify that a customer is genuine and the
customer to be assured that he or she is not dealing with a fake
merchant.
 The Secure Electronic Transaction, abbreviated as SET, is a protocol
designed specifically to secure credit card transactions over the
Internet. It will ensure that credit card and associated payment
order information travels safely and securely between the various
involved parties on the Internet.
 The two leading bankcard associations Visa International and
MasterCard International with the cooperation from Microsoft,
Netscape, IBM and many other leading technology companies
around the world developed SET as a common standard to process
card transactions on the Internet in 1996.
 The SET protocol is designed to operate both in real time, as on the World
Wide Web, and in a store-and-forward environment, such as e-mail.
 Furthermore, as an open standard, SET is designed to allow consumers,
merchants, and banking software companies to independently develop
software for their respective clients and to have them interoperate
successfully.
 Like other encrypting protocols, SET uses a combination of public and
private key cryptography to establish involved parties’ identity and to
ensure payment data security.
 SET employs digital signatures to enable merchants to verify the identity
of buyers. It also protects buyers by enabling their credit card number to
be transferred directly to the credit card issuer for verification and billing
without revealing the number to the merchant.
 However, in order for secure transactions to work, SET must possess the
following qualities:
 Confidentiality: others cannot eavesdrop on an exchange.
 Integrity: the messages received are identical to the messages
sent.
 Authenticity: you are assured of the persons with whom you are
making an exchange.
 Non-Repudiability: none of the involved parties can deny that the
exchange took place.
***************************************************************

***************************************************************
Phases of SET Protocol:

SET protocol has four phases:
 Initiation:
First, the cardholder sends a purchase initiation request to the merchant
for initializing the payment. Then the merchant returns a response
message to the cardholder.
 Purchase:
In the second phase, the cardholder sends the purchase order together
with the payment instruction to the merchant.
 Authorization:
In the third phase, the merchant obtains the authorization from the issuer
via the payment gateway.
 Capture:
Finally, the merchant requests a money transfer to its account.
How does SET Work?/ Credit card transactions using SET protocol:
 The SET protocol involves four parties:
(i) the cardholder (customer),

(ii) the merchant,
(iii) the bank that issues the credit card (Issuer or issuing bank),
(iv) the merchant's bank (Acquirer or acquiring bank).
 Credit card transactions using SET protocol are carried out as follows:
1. The customer and the merchant negotiate a transaction:

 The customer's PC and merchant's server exchange their certified public
keys.
 The merchant also sends acquirer's public key to the customer.
 They also negotiate the type of public key encryption and the hashing
function to be used.
2. The customer sends the order and payment information to the

merchant:
***************************************************************

***************************************************************
 The customer browses the merchant's web site. He/she goes through the
various goods and services on display and decides to buy something.
 Then, he/she fills the purchase order, amount payable and credit card
number in his or her PC.
 SET Software in customer’s PC creates two messages:
 Purchase Order and Amount (POA), which is encrypted using
merchant's public key and
 Credit Card number and Amount (CCA), which is encrypted
with acquirer's public key. This prevents the merchant from
peeking at the credit card number or the bank from peeking
at the order information.
 The software now computes a hash of the POA (termed as POH) and a
hash of the CCA (termed as CCH).
 It then signs POH and CCH jointly with the customer's private key. This
creates a "dual signature" DS that allows both merchant and merchant's
bank to validate the integrity of POA and CCA.
 The customer sends POA, CCH, POH and DS to the merchant. The
merchant verifies signature and proceeds further if the signature is OK.
3. The merchant forwards encrypted CCA, POH and DS to the acquirer.
4. The acquirer forwards it to the customer's bank.
5. The customer's bank checks the validity of the card (i.e., credit card
number, credit available and the dual signature of the customer).
The result of verification is sent to the acquirer.
6. The acquirer in turn approves or rejects the transaction and informs

the merchant. It credits the merchant’s account with purchase
amount minus commission.
7. The merchant approves the order and sends to the customer the
shipping details.
8. At the end of the month, the issuing bank (customer’s bank) sends a
consolidated bill to the customer.
***************************************************************

***************************************************************
The above steps are illustrated in the figure below. It shows how the SET
protocol coordinates the activities of the customer, merchant, merchant’s bank,
and card issuer.
Main Features of SET:

 Dual signature (DS) scheme is an innovation in SET protocol.
 Customer’s credit card number is not revealed to a merchant. It is
revealed only to the acquirer who authorizes payment.
 Purchase invoice details are not revealed to the acquirer. Only the credit
card number and total amount are revealed to him
 Purchase invoice and credit card number is digitally signed by the
customer. In case of a dispute, an arbitrator can use this to settle the
dispute.
Merits and Demerits of SET:
Merits of SET:
***************************************************************

***************************************************************
 SET is Extremely secure.

 Fraud reduced since all parties are authenticated.
 Requires all parties to have certificates.
 So far has received lukewarm reception.
 80 percent of SET activities are in Europe and Asian countries.
Demerits of SET:
 Not easy to implement.
 Not as inexpensive as expected.
 Expensive to integrated with legacy applications.
 Scalability is still in question.
Objectives of SET/ Important Goals of SET:
SET was developed with FOUR important goals in mind:
Confidentiality of payment:
 It means that as the payment is processed electronically, SET will enable
payment security for all involved in the commerce. It provides
confidentiality of payment information and enable confidentiality of order
information that is transmitted along with the payment information.
Integrity of transmitted data:

 This means that the payment data will not be corrupted during
transmission or during processing.
Authentication of the person using the card:

 It means that the cardholder is authentic. It also verifies that the
merchant handling a sale can accept an authorized card via the acquiring
bank.
Interoperability across network providers:

 This means a comprehensive way of making electronic payments over the
Internet 24 hours a day, seven days a week, without delay. SET will also
strive to achieve market acceptance on a global scale.
Dual Signature (DS):

SET protocol depends on an innovation called dual signature whose main
purpose is to give the merchant only the purchase order and amount without
disclosing the credit card number, and give to the acquirer only the credit card
number and the amount without disclosing the purchase details.
Using DS,
 customer’s credit card number is not revealed to a merchant. It is
revealed only to the acquirer who authorizes payment.
***************************************************************

***************************************************************
 purchase invoice details are not revealed to the acquirer. Only the credit
card number and total amount are revealed to him.
 Steps to be followed for creating dual signature in SET protocol are:
1. Customer purchase information has 3 parts-
(i) Purchase Order (PO)
(ii) Credit Card Number (CCN)
(iii) Amount to be paid
Merchant should know (PO + Amount)=POA
Acquirer should know (CCN+Amount)=CCA
2. Hash POA using standard Hash algorithm such as RSA’s MD5. Call it
POH.
3. Hash CCA using MD5. Call it CCH.
4. Concatenate POH and CCH. Call it (POH||CCH)
5. Hash (POH||CCH) giving PPH
6. PPH is encrypted using private key of customer. This is customer’s
digitally signed purchase order called dual signature (DS). It is called
so, since a private key is used to sign two separate digests
concatenated together. It is sent to merchant by customer.
 The process of creating dual signature system is illustrated in the figure

below:
Figure: Dual Signature System
Here,
POA: (Purchase Order + Amount)
POH: Hash of Purchase Order
CCA: (Credit card + Amount)
CCH: (Hash of Credit card + Amount)
***************************************************************

***************************************************************
|| : Concatenation operator which strings together POH and CCH

PPH : Hash of Purchase Payment
CPRK : Private Key of Customer, C
DS : Dual Signature
Electronic Fund Transfer (EFT):

 If Alice issues a cheque favoring Bob, it will be written on a cheque in
Alice's bank (say X). Bob will deposit the cheque in his bank (say Y).
 Before Bob's account (in bank Y) can be credited, the bank Y should check
with Alice's bank X whether she has enough money in her account. If the
bank X approves, then Alice's account in bank X will be debited and Bob's
account in bank Y will be credited. This process of cheque clearance has
been automated and is called Electronic Funds Transfer (EFT).
 Therefore, EFT is an essential part of clearing cheques in a banking
system.
 In order to implement electronic funds transfer, the following
requirements have to be met:
 An Automated Clearing House (ACH) should work as an
intermediary to negotiate transfer of funds when cheques are used.
 All banks should use ACH and become its members.
 There should be a secure electronic communication channel
between each bank and the ACH.
Clearance of Cheques in EFT:

 In electronic fund transfer, a cheque can be cleared either by Automated
Cheque Clearance or Electronic Clearing Service (ECS).
 We provide here the cheque clearance method using the first model.
 We will assume that A and B are the two parties involved and that A
has an account with bank X and B with bank Y. As an intermediary,
ACH (automated clearing house) maintains balances kept by all its
member banks.
 The steps are given below:
1. A sends a cheque drawn on his bank X to B.
2. B deposits the cheque in his bank Y.
***************************************************************

***************************************************************
3. Y will send the cheque to ACH.

4. ACH has an automated system to sort cheques based on unique
bank code. Based on X's code, it sends a query to bank X whether
the amount can be paid (A's physical cheque should be forwarded
to X by ACH).
5. If the reply from bank X is yes, it debits X's account and credits Y's
account with it.
6. It intimates bank Y that the cheque is cleared.
7. Bank Y credits B's account with the amount specified in the cheque
and updates B's account.
8. Bank X debits A's account by the amount specified in the cheque.
The above steps are illustrated in the figure below.
Benefits of Using Credit Card:

 Convenience:
 Credit cards are ‘buy now, pay later’ type payment system. They
are the most widely used and convenient way to get online
***************************************************************

***************************************************************
payments. Cardholders don't have to worry about carrying around a

lot of cash.
 Interest-Free Loans:
 Cardholders that pay off their card's balance each month on time
are getting an interest-free loan of money.
 Liability:
 If a stolen or lost card is reported to the issuing bank in a
reasonable timeframe, the cardholder's liability is limited to $50 in
fraudulent charges.
 Dispute Resolution:
 Until a dispute is resolved, a cardholder can legally withhold
payment to a vendor if they are dissatisfied with a transaction.
 Credit Rating:
 Using a card in a responsible manner tells lenders the cardholder
can be trusted to pay back borrowed money.
 Global Usage:
 Credit cards work around the globe, regardless of the location or
country of the issuing bank.
 Allow multiple currencies:

 They handle multiple currencies and clear transactions through a
series of clearinghouses or consortiums.
 Largely unencrypted
 ‘card-not-present’ transactions processed without customer &
merchant authentication
 Charge back risk for merchants

 charge-back is when customer demands a refund
 banks transfer liabilities of charge-backs to the merchants
 merchants need to have a bond to cover such charges
Demerits of Using Credit Card:
 Overspending:
 If not used in a disciplined manner, a consumer can quickly find
themselves with a large amount of credit card debt.
***************************************************************

***************************************************************
 Credit Rating:
 If a pattern of late payments emerge, the cardholder's credit score
may be negatively affected. It has a spending limit based on a
user’s credit history.
 Fees:
 Many card issuing companies offer low initial interest rates on
account balances, which are sometimes referred to as teaser rates.
Over time, these fees can increase and will add considerably to the
cost of borrowing money if the card balance is not paid-in-full each
month.
 Audit trail:
 Despite their widespread use in e-commerce, credit cards leave a
complete audit trail and continue to be an incredibly insecure form
of payment.
 Verification:
 No signature gets verified, and no face-to-face clues are available
to interpret. A merchant cannot tell whether the card is in hand of
the actual cardholder, a 10-year-old child, one’s spouse, or a thief.
 Acquring merchant account:

 Getting a merchant account is not a straightforward procedure
either.
 Online Credit-Card Fraud:

 It happens when a credit-card holder claims a purchase was made
by an unauthorized individual, or when a purchase was not
received.
 The charges in question are not the responsibility of the credit-card
holder.
 On the Internet, neither a scan of the card nor a signature is
registered and the cost is incurred by the merchant.
Credit Card Laundering:

 When a credit card is used for earning extra money by improper means, it
is termed as credit card laundering.
***************************************************************

***************************************************************
 Consider that, as a merchant, you extend an unsecured line of credit to

another merchant who can not get credit from a financial institution on its
own. If you agree to deposit another seller’s credit card sales into your
merchant account, you are taking more than a financial risk. Although you
will be charging a fee, this type of credit card laundering is a violation of
your merchant agreement with the bank or credit card company. It seems
like a simple procedure for earning extra cash, but the guaranteed easy
income often turns into losses beyond all commissions. Merchants that are
turned down for credit often have a bad credit history or bad
management.
 Many disreputable telemarketers use credit card-processing merchants to

bill consumers for their sales. Once they have received payment from the
processing merchants, they loose their operations or move to new or
undisclosed locations without ever sending any merchandise to the
customer. When consumers find out, they contact their credit card
company and dispute the charges. In this cases, everyone loses. The
customer loses time chasing the false charges, the credit card company
might have to write off the amount to bad debt, and the telemarketer has
blood on its neck.
***************************************************************

***************************************************************
What is Debit Card?
 A debit card (also known as a bank card), issued by a bank, is a plastic

card which allows an individual with direct access to his or her currently
available funds (account) electronically without having to physically go to
the bank.
 A debit card can be used to withdraw cash from an automated teller
machine (ATM) or to purchase goods or services using point-of-sale (POS)
systems at merchant locations that are instantly deducted from your
respective financial account (usually your checking account).
 The use of a debit card involves immediate debiting and crediting of

consumers' accounts.
 A debit card carries one of the major association brands such as Visa,
MasterCard etc.
 Debit cards issued with a Visa or MasterCard logo are accepted by any
merchant that also accepts Visa or MasterCard credit cards. Debit cards
are linked directly to a checking account.
 Functionally, it can be called an electronic check, as the funds are
withdrawn directly from either the bank account (often referred to as a
check card), or from the remaining balance on the card. In some cases,
the cards are designed exclusively for use on the Internet, and so there is
no physical card.
 The use of debit cards has become wide-spread in many countries and has
overtaken the check. Like credit cards, debit cards are used widely for
purchasing via telephone and Internet.
 Debit cards can also allow for instant withdrawal of cash, acting as the
ATM card for withdrawing cash and as a check guarantee card.
 Like credit cards, most debit cards are also issued by local banks, and are
the same shape and size, as specified by the ISO 7810 standard.
 Although many debit cards are of the Visa or MasterCard brand, there are
many other types of debit card, each accepted only within a particular
country or region, for example:
√ Switch (now: Maestro) and Solo cards are accepted in the UK .
√ Carte Bleue cards are accepted in the in France.
√ Laser Cards are accepted in the in Ireland.
√ EFTPOS cards are accepted in the in Australia and New Zealand.
***************************************************************

***************************************************************
An example of the front of a typical debit card:
1. Issuing bank logo

2. Embedded micro chip
3. Hologram
4. Card number
5. Card brand logo
6. Expiry date
7. Cardholder's name
An example of the reverse side of a typical debit card:
1. Magnetic stripe
2. Signature strip
3. Card Security Code
***************************************************************

***************************************************************
***************************************************************

***************************************************************
Merits of Using a Debit Card:

- For beginners, debit cards are safe as no one can access your account
without your PIN plus they allow you to conduct your banking online and they
give you 24 hour access to your money.
- Some other advantages of debit cards are given below:
 A debit card provides multiple functions:

 Most debit cards can be used to withdraw cash and to make
purchases, both in stores and online/by phone. They can also
double up as check guarantee cards and as a way of getting cash
back in certain stores. This makes them versatile as they give easy
access to the money stored in your bank account.
 Obtaining a debit card is easy:

 Obtaining a debit card is often easier than getting a credit card. A
consumer who is not credit worthy and may find it difficult or
impossible to obtain a credit card can more easily obtain a debit
card.
 Security:
 Using a debit card instead of carrying cash makes some consumers
feel safer. If you lost a card or had it stolen, then you won't
necessarily lose any money. Cards are PIN protected and, provided
the user keeps their security number a secret, are harder to use for
spending than cash.
 Less hassles:
 Debit card can be used instead of a check or cash. It frees you from
carrying cash or a checkbook. Debit cards removes the hassles
associated with having writing checks as payments like showing ID
or give out personal information at the time of the transaction.
Only you need is to keep records of all debit transactions so the
account balance in the check register will be accurate).
 Preventing users from racking up debt:

 The debit card user can use the limited amount available in his
account, thereby preventing the user from racking up debt as a
result of its use. Such cards do not charge any interest, late fees, or
fees exclusive to credit cards. That is, you can’t spend more than is
in the account (unless you have an automatic overdraft credit line
attached to the card).
***************************************************************

***************************************************************
 Finalizing transaction at the time of purchase:

 Besides avoiding check writing altogether, debit cards debits funds
from the user’s account on the spot of purchasing. This in turn
finalizes the transaction at the time of purchase and bypassing the
requirement to pay a credit card bill at a later date. Moreover a
debit card doesn’t require writing an insecure check containing the
holder’s personal information.
 Quick transaction:
 Like credit cards, debit cards are accepted by merchants with less
identification and scrutiny than personal checks, thereby making
transactions quicker and less intrusive. Unlike personal checks,
merchants generally do not believe that a payment via a debit card
may be later dishonored.
Demerits of Using a Debit Card:

Some disadvantages of debit cards are given below:
 Pre-set spending limit:

 Debit cards have pre-set spending limits. One can spend only with
the amount available in his/her account.
 Transaction monitoring or record keeping is essential:

 If you do not keep track of how much you spend and where you
spend it, you run the risk of overdrawing your account and be
charged a fee by your bank or have your transaction declined at a
store causing you feel embarrassment. So, you must keep an
accurate record of your debit card use to avoid becoming
overdrawn on your account.
 Hidden fees/ accidental charges:

 Many banks charge an overdraft fee for money transaction and
many also set a limit of daily, weekly or monthly transactions you
can use your debit card for. And crossing this limit can also result in
serious charges to your account.
 Using your debit card in an ATM that is not directly connected with
your bank will also cost you more.
 Debit cards do not allow you to build your credit history:
***************************************************************

***************************************************************
 With the help of debt card, one can purchases without carrying cash
and accessible to all the bank for money transaction as per bank
rules. Transactions and payments made through your debit card are
not reported to the credit agencies like they are with credit cards,
meaning that your good habits don't help you build your credit
score. Some banks introduced a new feature ‘overdraft’ (not exactly
but similar to credit limit) so you can withdraw more amount than
you have in your account. Certainly they charge for it too,
sometimes it may be very high.
 Less secure:
 Debit cards provide lower levels of security protection than credit
cards. Theft of the users PIN using skimming devices is much easier
than with a signature-based credit transaction. If your wallet is lost
or stolen, the thief will likely have all the information they need to
use your debit card for internet transactions. A debit card is
connected to your checking account, which means your entire
account could be drained at lightning speed, leaving you with no
cash with which to handle the situation. Even worse, you might
never get that money back.
 Debit card is not accepted everywhere:

 In some countries, debit card does not offer much security than
credit card; because of its direct connection to the cardholder’s
bank account. If someone steals it to get cash, you will have to
suffer financial loss but in credit cards you can stop payment due to
it takes enough time to take an action. Besides it, credit card
companies offer fraudulent alert utility (with a time limit up to 60
days) to credit card users so they can stop any suspicious activity
on time in order to minimize credit card fraud, this facility does not
come with debit cards.
 Debit card is not always accepted:

 Using a debit card as a deposit on a rental car or for a hotel room is
not always possible. In the cases where it is possible, many times
the vendor will freeze a portion of the money in the account, and
this can cause problems for other payments. Even when this money
is returned, it can take up to a week to make it back into your
account. This can mean that even when you believe you have
money, it may not be available for use.
 Banks may trick you into fees:

 Unfortunately, banks aren't always helpful when it comes to figuring
out how much you have in your account. Some banks report your
balance from the ATM when you use your debit card as what you
have in the bank, plus courtesy overdraft, leading you to believe
***************************************************************

***************************************************************
you have more in your account than you really do. This can cause
you to spend more than is in the account and rack up overdraft
fees.
 Money taken instantly:

 When you use a debit card, the money is immediately taken out of
your banking account. With a credit card, there is a float period
between the time you make the purchase and the date the credit
card bill is due. This means that you earn a little bit of extra
interest on your money when you use a credit card vs. a debit card.
 No added services:
 Credit cards often come with added benefits, such as extended
warranties on products purchased and insurance for rental cars and
airline travel. Debit cards do not offer these services, and that
means you will have to pay extra for them if you want them.
 Merchant disputes:
 If there is a dispute regarding a purchase you make, you are in a
weaker position when you use a debit card vs. a credit card. This is
because the merchant already has your money when a debit card is
used; this is not the case with a credit card, because the credit card
user can pursue the credit card issuer if the goods or services are
not delivered or are unmerchantable. That means that while the
dispute is taking place, your money will remain with the merchant
and will only be returned if the dispute is mutually settled in your
favor at the end.
Difference between credit card and debit card/ Debit card vs credit card.
 For consumers, the difference between a "debit card" and a "credit card"
is that the debit card deducts the balance from a deposit account, like a
checking account, whereas the credit card allows the consumer to spend
money on credit to the issuing bank. In other words, a debit card uses the
money you have and a credit card uses the money you don't have.
 While handling transactions using credit and debit card, a merchant is
usually charged higher transaction fees for credit card transactions than
that for debit card, since debit network transactions are less likely to be
fraudulent. This may lead merchants to "steer" customers to debit
transactions.
***************************************************************

***************************************************************
 In both cases, the merchant may have to pay a fixed amount to the bank.
In either case, the transaction will go through a major credit/debit
network (such as Visa, MasterCard, Visa Electron or Maestro). In either
case, the transaction may be conducted in either online or offline mode.
 Debit cards are sometimes used for dual-purpose, so that they can be
used seamlessly in place of a credit card, and can be charged by
merchants using the traditional credit networks. There are also "pre-paid
credit cards" which act like a debit card but can only be charged using the
traditional "credit" networks.
 Whenever you use a credit card, you are borrowing money from someone
else to purchase something. A credit card is then, in essence, a loan. It
doesn’t matter if it is a secure credit card, a small business credit card or
anything else: the credit card company is lending you money in order to
make your purchase, for which you are going to be charged interest on
later (assuming you don’t pay the total balance within a predetermined
period). A prepaid debit card, on the other hand, is not a loan. It is
simply a method following some of the principles of credit cards for the
basic transaction, but instead of borrowing money from a third party you
are taking money straight from your debit card account. This is why it is
referred to as prepaid: you put the money into the account, then you can
take the money out of it using your debit card, as opposed to paying for
the purchase after the fact with a credit card.
 Because of this, there are no interest rates applied to prepaid debit cards,
although there are sometimes fees associated with them. You never have
to worry about going into debt using a prepaid debit card, since you are
only taking out what you take in. Many people find them a welcome
alternative to traditional credit cards. Traditional debit cards, however, are
not prepaid but simply linked to a bank account. This means it is
sometimes possible to go overdrawn (effectively a loan), and incur
interest charges and/or fees. However, if the bank account has sufficient
funds to cover the transaction amount, no fees or charges will generally
be applied.
***************************************************************

***************************************************************
Typical debit card transaction machine, branded to McDonalds.
Types of Debit Card:
Debit card transactions are processed into two ways:

√ Online debit (also known as PIN debit or simply debit card)
√ Offline debit (also known as signature debit).
Some cards are blocked from making either online or offline transactions, while
other cards are enabled for both kinds of transactions.
Online debit ("PIN debit" or "debit")
 Online debit card means debit card with personal identification number
(PIN). It requires electronic authorization of every transaction and the
debits are reflected in the user’s account immediately when the user
insert the card in the machine (card reader) and enters the PIN number.
 The transaction using online debit card may be additionally secured with
the personal identification number (PIN) authentication system or with the
signature identification system. Some online cards require such
authentication for every transaction, essentially becoming enhanced
automatic teller machine (ATM) cards.
***************************************************************

***************************************************************
 One difficulty in using online debit cards is the necessity of an electronic

authorization device at the point of sale (POS) and sometimes also a
separate PINpad to enter the PIN, although this is becoming commonplace
for all card transactions in many countries.
 In UK, all shops accept the online debit cards provided by Visa Electron
and Maestro, while using signatures for identification.
Offline debit ("signature debit" or "credit")
 Offline debit card means debit card without peronal identification number
(PIN). It has the logo of major credit cards (e.g. Visa or MasterCard) or
major debit cards (e.g. Maestro in the United Kingdom and other
countries, but not the United States) and are used at the point of sale like
a credit card. The merchant’s terminal reads the card and identifies it as a
debit card that creates a debity against the cardholder’s bank account.
Because the transaction is offline, instead of debiting the account
immediately, there is two-to-three-day wait before final processing.
 This type of debit card may be subject to a daily limit, and/or a maximum
limit equal to the current/checking account balance from which it draws
funds.
 Transactions conducted with offline debit cards require 2-3 days to be
reflected on users’ account balances.
 In the U.S. and Australia, offline debit transactions are inaccurately
referred to as "credit" transactions even though no credit is actually
involved. This is because they are processed through the Visa or
MasterCard networks in the same manner as actual credit card
transactions. Since they are handled like any other Visa or MasterCard,
U.S. and Australian offline debit cards are also accepted worldwide at
virtually all merchants that accept credit cards of the corresponding
brand, even if they do not accept their own country's debit cards.
 In the U.S., Visa calls its debit card Visa Check Card; MasterCard calls its
debit card Debit MasterCard. The majority of U.S. debit cards are Check
Cards.
 In the United Kingdom, Maestro (formerly Switch) and Visa Debit
(formerly Delta) are examples of offline debit cards. This is in contrast to
the U.S. where Maestro is an online debit brand.
***************************************************************

***************************************************************
What is Smart Card:
 Smart card, sometimes called chip card and first produced in 1977 by
Motorola, is a credit card-type plastic card containing a programmable
microchip with memory and CPU capabilities which is capable of storing
information in its memory and also capable of performing predefined
operations on the card, like addition, subtraction, multiplication, division,
deletion, or manipulation of information.
 The chip’s ability to store information in its memory makes the card
smart. It can make a decision, because it has relatively powerful
processing capabilities, i.e., it has a limited amount of “intelligence”.
 A smart card allows electronic money to be stored in a secure, but
portable and updateable medium. Unlike a debit or credit card, the smart
card requires a prepayment of a specified amount for the future purchase
of goods, services, or admissions, i.e., a smart card can only spend out
the dollar amount its owner has already put into the card account. It is
similar in function to a prepaid calling card but is available for all
purchases. Smart card holders may use the card without debiting a
checking account or adding balances to a charge card.
 To avoid counterfeiting, the smart card may embed a hologram. Using
smartcards also is a form of strong security authentication for single sign-
on within large companies and organizations.
 The major boom in smart card use came in the 1990s, with the
introduction of the smart-card-based SIM used in GSM mobile phone
equipment in Europe. With the ubiquity of mobile phones, smart cards
have become very common.
 The international payment brands MasterCard, Visa, and Europay agreed

in 1993 to work together to develop the specifications for the use of smart
cards in payment cards used as either a debit or a credit card.
Figure: A smart card used for health insurance in France.
***************************************************************

***************************************************************
Smart Card Vs. Debit or Credit Cards:

 Magnetic strip cards like credit or debit card-
 can not send or receive information
 can not increment or decrement value of cash stored on the card
 processing must be done on a device into which the card is inserted
 Smart cards -
 are stored-value cards
 can hold private user data, such as financial facts
 can store about 100 times more information than a magnetic strip
plastic card
 are better and safer than conventional credit cards for internet
payment transactions.
Uses of Smart Card:
1. Smart card provides users with the ability to make a purchase. It contains
stored value the cardholder can spend at retailers.
2. It holds cash, ID information, and a key to a house or an office.
3. It provides encryption and decryption of messages to ensure security,
integrity, and confidentiality.
4. It is used to authenticate an individual’s claim of personal identification,
e.g. using passport, driver’s license, credit card, PIN number or password.
5. It is used for authorization of things like drug prescription fulfillment and
voting purposes.
6. It can be used in transaction processing. The smart card could be loaded
with cash value in ATM machine and used as a credit card.
7. A smart card acts as a carrier of value
Types of Smart Card:

There are basically two kinds of smart cards
 Contact Smart Card
 Contactless Smart Card
Contact Smart Card
 This type of smart card has a contact area, comprising several gold-plated
contact pads, that is about 1cm square. When inserted into a reader, the
chip makes contact with electrical connectors that can read information
from the chip and write information back.
***************************************************************

***************************************************************
 The contact smart card does not contain batteries; energy is supplied by
the card reader.
 Contact smart card readers are used as a communications medium
between the smart card and a host, e.g. a computer, a point of sale
terminal, or a mobile telephone.
Contactless Smart Card
 In this type of smart card, the chip communicates with the card reader
through RFID (radio frequency identification) induction technology (at
data rates of 106 to 848 kbps). The card requires only close proximity to
an antenna (such as 10 cm or 50 cm apart) to complete transaction. It is
often used when transactions must be processed quickly or hands-free,
such as on mass transit systems (e.g., to get a list of journeys paid with
the card), where smart cards can be used without even removing them
from a wallet.
 Example of widely used contactless smart cards are Hong Kong's Octopus
card, South Korea's T-money(Bus, Subway, Taxi), and Japan Rail's Suica
Card; which predate the ISO/IEC 14443 standard.
 Like smart cards with contacts, contactless cards do not have a battery.
Instead, they use a built-in inductor to capture some of the incident radio-
frequency interrogation signal, rectify it, and use it to power the card's
electronics.
 There are dual-interface cards that implement contactless and contact

interfaces on a single card with some shared storage and processing.
How does Smart Card relate to the Internet:
A smart card can be used in Internet applications in several ways. First, it can
help an internet client to support an established protocol such as SSL or SET. For
example, the smart card can authenticate access to encrypted transactions or
files stored on a personal computer.
It also can be used for cryptographic functions such as digital signature and
storing the keys and certificates for the specified protocols. Key storage is an
important function that can be relegated to a smart car. Also, secret keys in the
***************************************************************

***************************************************************
chip let the card authenticate its communication with any device sharing the
same keys.
Some Applications of Smart Card:
Telecommunications:
 Smart cards are widely used in telecommunication industry.
 The Global Standard for Mobile Communication (GSM) uses smart card
(called SIM- Subscriber Identity Module) that contains information
necessary to access the network. This card can be inserted into any GSM
phone and the user is billed automatically. The user’s location is detected,
and any incoming phone calls are directed to that phone.
Computer security:
 The Mozilla Firefox web browser can use smart cards to store certificates for
use in secure web browsing.
 Smartcards are also used for single sign-on to log on to computers.
Government:
 Smart cards are often used in government agencies to control areas of

access for its employees.
 Postal workers in France carry smart cards to gain access to apartment

buildings. The card allows access only at certain times, facilitating easy
access to appropriate individuals and discouraging intruders.
Financial:
 The applications of smart cards include their use as-
 Credit or ATM cards

 As a fuel card
 SIMs for mobile phones
 Authorization cards for pay television, pre-pay utilities in household
***************************************************************

***************************************************************
 High-security identification and access-control cards

 Public transport cards
 Public phone payment cards
Identification/ E-identification:
 Because they have the capability to store personal information, including

pictures, biometric identifiers, digital signatures, and private security keys,
smart cards are being used in a variety of identification, access control, and
authentication applications.
 A quickly growing application of smart card is the use of authentication of

identity. The smart card will store an encrypted digital certificate issued
from a CA (Certificate Authority) along with any other relevant or needed
information about the card holder. Examples include the use of various
smart cards by many governments as identification cards for their citizens,
immigration cards, college campus ID, driver’s license etc.
Transportation:/ Transit Fares/Ticketless travel
 To eliminate the inconvenience of multiple types of tickets used in public

transportation, most major transit operators in the United States are
implementing smart card fare-ticketing systems
 The smart card is used widely as driver's license system that keeps an up-
to-date record of the cardholder (such as personal information, present and
permanent mailing address, photograph, license type, license number,
expiry date etc). Emergency medical information like blood type, allergies,
and biometrics (fingerprints) may be stored on the smart card chip if the
cardholder wishes.
 Driving license with smart card can reduce the level of road accidents,
driving offenses, and a poor record of recovering outstanding fines.
 Contactless smart card technology is quickly gaining acceptance in the

transportation industry throughout the world. In public transport system,
the owner of the smart card has the right to get a list of journeys paid with
***************************************************************

***************************************************************
the card. Hong Kong uses a single smart card (named Octopus card) in
most of its public transportation systems. Octopus equipment has been
installed in all buses in the city. Passengers also are able to travel
franchised trams, coaches, and railways in Hong Kong using the Octopus
Card.
Healthcare
 Smartcard is used in healthcare system for-
– Storing vital medical information in case of emergencies.
– Preventing patients from obtaining multiple prescriptions from

different physicians.
– Verifying a patient’s identity and insurance coverage.
– Speeding up the hospital or emergency room admissions process.
– Enabling patients to access their medical records over the Internet.
Retail Purchases/ E-purse:
 E-purse is a smart card application that loads money from a card holder’s
bank account onto the smart card’s chip.
 The e-purse is then used to make purchase.
Mall parking
 People going for shopping in a mall, can park their cars near shopping mall
using smart card technology.
Others:
 Smart cards are widely used to protect digital television streams.
***************************************************************

***************************************************************
 The Malaysian government uses smart card (called MYKAD) technology in

identity cards carried by all Malaysian citizens and resident non-citizens.
Benefits of using Smart card:

 A smart card carries more information than any other card containing
magnetic stripe such as credit card and debit card.
 Smart cards provide a means of doing business transactions in a flexible,

secure, standard way with minimal human intervention.
 Smart card can provide strong authentication for single sign-on or

enterprise single sign-on to computers, laptops, data with encryption.
 Since, in a smart card, value is stored in the chip, not in an externally

recorded account, the machines accepting the card need no network
connectivity.
 Smart cards with contactless interfaces are becoming increasingly popular

for payment and ticketing applications such as mass transit.
 Smart card manages expenditures more effectively, reducing paper work.
 Smart cards are also being introduced in personal identification and

entitlement schemes at regional, national, and international levels. Citizen
cards, drivers’ licenses, and patient card schemes are becoming more
prevalent; For example in Malaysia, the compulsory national ID scheme
MyKad includes 8 different applications and is rolled out for 18 million
users.
 Smart cards are “intelligent”,”interactive” and “interoperable”.
– Advantages
• Carry personal Accounts
• Credit and buying preferences
• Manage and control expenditures with automatic limits and

reporting
***************************************************************

***************************************************************
Problems of Using Smart Cards:
 A problem of smart cards may be the failure rate. The plastic card in
which the chip is embedded is fairly flexible, and the larger the chip, the
higher the probability of breaking. Smart cards are often carried in wallets
or pockets — a fairly harsh environment for a chip.
 Data stored in smart card can be altered or corrupted. Left undected for
long, these alterations could bankrupt the card backer.
 Using a smart card for mass transit presents a risk for privacy, because
such a system enables the mass transit operator (and the authorities) to
track the movement of individuals.
 Smart cards are more costly than debit or credit cards, since it needs a
smart card reader.
***************************************************************

MS-401 E-Business - Lecture 04 - Payment Issues in E-Commerce

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

MS-401 E-Business - Lecture 04 - Payment Issues in E-Commerce

Hochgeladen von

Copyright:

Verfügbare Formate

MS-401 (Electronic Business) (For 4th Year Student of Management Studies, JU)

Lecture-04: Payment Issues in E-Commerce

2. Credit card/debit card payment:

What is Electronic Payment?

Lecture-04: Payment Issues in E-Commerce

 Electronic payment systems are becoming central to on-line business

 Methods of electronic payment:

Lecture-04: Payment Issues in E-Commerce

o Electronic cash (e-cash), e-wallets, smart cards, and credit/debit

Micropayments Vs. Small Payments

Key participants in Online Payment System:

 Issuer or issuing bank:

 Acquirer or acquiring bank:

Lecture-04: Payment Issues in E-Commerce

 Credit Card Associations:

 Payment Gateway Service:

Requirements of Payment Systems in E-Commerce:

Lecture-04: Payment Issues in E-Commerce

 Each payment transaction should be either whole or none. In

Lecture-04: Payment Issues in E-Commerce

merchant's e-shop, the system should simultaneously service

Crucial Factors or Features of Payment Methods:

Cash Versus E-Money (E-Cash):

Cash or money is-

Lecture-04: Payment Issues in E-Commerce

- a store of value (to facilitate the concept of saving)

Electronic money (e-money) or Electronic cash (e-cash) or Digital cash

Merits/ Features of Cash:

Lecture-04: Payment Issues in E-Commerce

for safekeeping on a daily basis.

6. Convertible to other form:

Demerits of using Cash:

Key Features or characteristics of E-Money:

Lecture-04: Payment Issues in E-Commerce

Merits and Demerits of using e-cash:

• Disadvantages of electronic cash:

Lecture-04: Payment Issues in E-Commerce

Holding Electronic Cash:

Lecture-04: Payment Issues in E-Commerce

Therefore, the FOUR types of e-money are:

1. Identified and online e-money (+I+L)

2. Identified and offline e-money (+I-L)

3. Anonymous and online e-money (-I,+L)

4. Anonymous and offline e-money (-I-L)

How Electronic Cash Works:

Lecture-04: Payment Issues in E-Commerce

Providing Security for Electronic Cash:

 We mentioned double-spending earlier. Let us look at how this crime can

FIGURE: Detecting Double Spending of Electronic Cash

Lecture-04: Payment Issues in E-Commerce

Several E-cash Systems:

Lecture-04: Payment Issues in E-Commerce

BidPay: This system allows customers to pay for auction transactions

Privacy and Security of Electronic Cash:

Let us examine what aspects make e-cash successful:

 it can only be used for one transaction,

Lecture-04: Payment Issues in E-Commerce

 it is not designed to work on a specific network or storage device,

Requirements for Internet-based payments:

(2) ICES test

Lecture-04: Payment Issues in E-Commerce

Electronic Payment Media

Lecture-04: Payment Issues in E-Commerce