Payment Methods in Ecommerce
With the rapid advancement in technology and the expansion of business, more and more companies are venturing into E-commerce in a race to grow not just regionally but also internationally. E-commerce adaption necessitates the change of the business model companies have been following traditionally and with it comes the change in the modes to make the payments.With the popularity of the internet for common use in business since 1990, E-commerce has been growing and touching the new horizons in every category of business , there are organizations today that depends heavily upon the E-commerce and there are examples amongst the fortune 500 giants which have seen tremendous growth in the era of E-commerce conducting the business online .
(“Microsoft”,n. d) When the companies conduct business online the modes of financial payments become different from that of the traditional business payment ways like cash , checks, debit cards etc.Since while buying online, there is generally no physical presence involved and customers could order the products sitting anywhere using their computers.
B2B ( Business to Business)E-commerce today accounts for more than the 95 percent of total E-commerce and the B2B E-commerce means both the buying companies and the selling companies are the organizations and which consequently refer to larger amount of payment flow which is linked with buying or selling the products online , so electronic payment systems that are in place have to be very advanced when it comes to preciseness, security, privacy and the speed of processing the amount. “Turban et al” , 2004) There are always risk associated with the information that could be revealed over the internet while making a transaction and could lead to something unexpected like misuse of the instruments like credit cards and E-checks used to make the payment online. In an effort to make electronic payments more robust and error free, there are various protocols that are being utilized to encrypt the information being sent over the internet and these protocols differ in the encryption techniques. (“Electronic Commerce,” n. ) E-commerce is based on an ever advancing technology that gives birth to high end safety measures that could be applied while making the financial payments over the internet however internet Frauds, thefts still take place and need to be addressed since E-commerce is growing and would keep on growing at a fast pace as companies look to expand and make technology their platform for success in the retail market particularly. Introduction E -commerce is not limited only to buying and selling it also is an effective way of facilitating the inter and intra organizational flow of information and providing the customer service.There could be more than one way to define the E-commerce depending upon the prospective of the business and application of the technology, from a business prospective E-commerce is application of technology to make business more automated when it comes to day to day transactions and work flow, similarly if applied to the service industry E-commerce would mean a tool to address the service costs at the same time increasing the quality and speed of the service.
The essay touches the various modes of electronic payment systems that are being used today as part of E-commerce today however it particularly concentrates upon online credit card payment systems, the terms related to the credit cards, their transactional process over the network, protocols that make credit card transaction secure over the internet . Some evolving electronic payment methods are simply electronic version of existing payment systems such as paper checks and credit cards and some other are based on the digital currency technology.Essay also focus upon the various protocols which exist to encrypt the information that is being sent over the internet to make the transaction exact and secure, the encryption technology that is being used along with the algorithms implanted in the cryptography techniques, the advantages and disadvantages of the various mode of payments that could make a difference when customers are concerned about the privacy and the security while making a transaction online keeping in view the amount of transactions that would take place in day to day business have been discussed since with increase in number of transactions number of thefts, frauds will also increase.Concept and Size of Electronic Payment Since payment systems use the electronic and computer networks, the nature of these payments is more complex than payment systems used in the conventional commerce so companies dealing in E-commerce should constitute frequent practice in banking. Most common form of the payments in E-commerce are payments made in Business to Business since they make more than 95 percent of total E-commerce payments today and these are executed through a proper network of electronic communication that would include digital telephony , IP telephony and use of internet to complete the transaction. (Turban et al, 2004 ) The amount of payment made in the electronic payment system varies from one type to another of the E-commerce; the payments that are made in the Business to Business E-commerce are quite higher than what are made in Business to Consumer or Consumer to Business types of the E-commerce.There are transactions that may range from $1 to $ 10 which generally take place in Business to Consumer form only and by their nature are known as the micro payments.
Payments up to $ 500 are still mostly done under Business to Consumer form of E- commerce however are not considered micro payments, example of this could be buying a customized laptop from the Dell website which could cost around $500. (Danial, 2002) Payments higher than $1000 would generally fall under Business to Business E-commerce since individual customers who have to make a purchase bigger than this amount would preferably like to buy the products physically. “B2B transactions account about 95% of e-commerce transactions, while others account about 5%”. Turban et al, 2004 ) Modes of Payment in Electronic Payment system in E- commerce. There have been dozens of modes of payment in electronic payment system some of them are widely accepted and common however some of them are not. Some of them are just the electronic versions of the conventional methods that are there in regular form of commerce. Following are some common forms that are used in daily forms of E-commerce.
1. Electronic Fund Transfer. 2. Credit Cards. 3 E –cash. 4. Smart cards.
5. E –checks. 6. Electronic Debit Cards. Online Credit Card Payment System. “It seeks to extend the functionality of existing credit cards for use as online shopping payment tools.This payment system has been widely accepted by consumers and merchants throughout the world, and by far the most popular methods of payments especially in the retail markets”.
(Laudon and Traver, 2002) A credit card is generally issued by the banks or other financial institution. It comes with a fixed amount of spending limit depending upon the type of the credit card and payment is to be made to the issuing institution within a stipulated time period it could be 30-40 days after which customer has to pay interest on the amount due. Following are the few terms that are related to the use of credit cards. 1. Card holder: – a card holder is the authorized person who is entitled to do purchases online using the card. 2.Card issuer: – Card issuer could be financial institution or a bank that has issued the credit card to card holder after a certain amount of verification about the card holder.
3. The merchant:- Merchant is the one who accepts payment via credit card used online in exchange of goods or services offered by him. 4. The acquirer: – a financial institution that establishes an account for merchants and acquires the vouchers of authorized sales slips. 5. Card brand/card type :- there are types of credit cards that are accepted worldwide and different institution take care of different types of credit cards such as Visa and Master Card. (Turban ,Lee, King, chung , n.
d)Process of using Credit Card While making a purchase online using a credit card, the transaction goes through a series of steps and following are few terms that need to be understood before understanding the transactional process, all these terms are kind of processes that could take place while processing a transaction. * Sale: A sale is when the card holder purchases a product or service from a merchant and the money is transferred to the merchant’s account. * Preauth: A preauth is not a sale transaction however it is a transaction to make sure that the credit card is valid and it typically charge around $1. 00(Techrepublic ,n. d) · * Postauth: “A postauth involves purchasing something before it is shipped. The customer can preorder something, and the amount is deducted from the customer’s credit limit. No money is transferred, but the card hold is maintained on the customer’s card.
When the merchant fulfills (typically, ships the product), the merchant can perform a postauth to transfer the money and remove the card hold from the customer’s card”. (Techrepublic, n. d) * Credit: This transaction is used while returning the good according to the procedure under the agreement and merchant puts the money back into the account. * Chargeback: A chargeback transaction is used in case of dispute settlement. In case of a dispute customer files a case and the financial institution involved temproraly withdraws money from the merchant`s account and transfers it to customer`s account. Each party have a certain number of days to prove the right billing and depending upon that amount goes in the account of right party. (“Techrepublic” ,n.
) Steps involved in the online transaction While making a transaction customer fills in the credit card information on the HTML page and the information is sent over the server. 1. Server receives the information and sends it to the code that validates the information added by the user and if found valid this information is formatted into data that gateway could understand and is sent to gateway. (“Techrepublic” ,n. d) 2. “The gateway receives the formatted data from the HostRAD code, validates the card, and checks to see whether the amount for the transaction is available in the user’s account”. (“ Techrepublic” n.
) Upon validation if the card is found invalid or if there is not enough amount on the card a disapproval goes to the code and gateway charges the merchant money at this point of transaction even if it goes bad and if everything is found right the transaction is approved and an approval message is sent to the code. 3. Depending upon the type of the type of the card(Visa, Master card) gateway is batched upto the appropriate clearing house transactions arrive at the gateway, they’re batched through to the appropriate clearinghouse. The clearinghouse that is used is determined by the credit card type and the bank that issued the card. As the clearinghouses receive transactions from all the gateways, the clearinghouses batch the transactions for all the banks involved, transferring monies from bank to bank.For providing this service, the clearinghouse takes between two percent and five percent of the total sale. (“Techrepublic”, n.
d) 4. As the clearinghouses batch the transactions they receive, they transfer money from the customer’s bank to the merchant’s bank. 5. The merchant’s bank receives the transactions from a clearinghouse and then transfers the appropriate amount of money for the customer transaction (started in box 1) into the Merchant’s Card Not Present merchant account (“Techrepublic”,n. d) Credit Card Transaction Security “More than 100 million personally-identifiable customer records have been breached in the US over the past two years. Many of these breaches involved credit card information. Continued credit card use requires confidence by consumers that their transaction and credit card information are secure”.
(“Texas department of information resource” ,2009)The Payment Card Industry (PCI) Security Standards Council is the authoritarian agency that issues the standards and policies that help reduce the internet crimes in use of credit cards and all vendors that accept credit cards in their transactions have to abide by these laws . PCI council includes all the major Card brands like American Express, Discover Financial Services, JCB International, MasterCard , and Visa International. “Texas department of information resource” ,2009) “The Council created an industry-wide, global framework that details how companies handle credit card data – specifically, banks, merchants and payment processors. The result is the PCI Data Security Standard (DSS) – a set of best practice requirements for protecting credit card data throughout the information lifecycle”. (“Texas department of information resource” ,2009) “The PCI compliance security standards outline technical and operational requirements created to help organizations prevent credit card fraud, hacking, and various other security vulnerabilities and threats. The PCI DSS requirements are applicable if a credit card number is stored, processed, or transmitted.The major credit card companies require compliance with PCI DSS rules via contracts with merchants and their vendors that accept and process credit cards.
Banks, merchants, and payment processors must approach PCI DSS compliance as an ongoing effort. Compliance must be validated annually, and companies must be prepared to address new aspects of the standard as it evolves based on emerging technologies and threats”. (“Texas department of information resource” ,2009) Following are some terms related to online Credit card frauds “Phishing – This technique refers to randomly distributed emails that attempt to trick recipients into disclosing account passwords, banking information or credit card information. This one scam has played a major factor in the crisis we face today.Since phishing emails typically appear to be legitimate, this type of crime has become very effective. Well designed, readily available software utilities make it nearly impossible to trace those guilty of phishing. Phishtank, an anti-phishing organization, recently revealed that nearly 75,000 attempts of this nature are made each month” Pharming – This new technique is one of the most dangerous of them all.
Pharming involves a malicious perpetrator tampering with the domain name resolution process on the internet. By corrupting a DNS, (Domain Name System), a user can type in the URL for a legitimate financial institution and then be redirected to a compromised site without knowledge of the changes.Unaware of the background predators, the consumer types in their bank account details or credit card number, making them the latest victim of fraud. Skimming – refers to a process in which a special device is used to copy encoding data from the magnetic strip of a credit or debit card. This device is usually secretly mounted to an ATM machine as a card reader. Dumpster Diving – this act refers to a process in which an individual vigorously shift’s through someone else’s trash in search of personal and financial information. With a mere credit card approval that contains a name and address, a criminal can easily open up a credit card in your name and accumulate substantial debt in no time.
Security measures in online credit card payment systems. Four necessary and important measures that must to be followed for safe electronic system are as following. 1. Authentication Authentication is a method to verify buyer`s identity before payment is authorized. 2. Encryption Encryption is a process to making data that has to be sent over the internet indecipherable so that it could not be read by unauthorized persons and read only by the persons in authority to do so. 3.
Integrity It has to be made sure that information that is sent over the internet is not modified, altered in an intentional or unintentional way. 4. Nonrepudiation This is the quality of a secure system that prevents anyone from denying that they have sent certain data. Here the communication system should be fault tolerant. Server where the transaction has been sent should keep a record log of every transaction and the user can’t deny that he or she has not accessed the server. Security Schemes Key security schemes that make sure that information sent over the network while engaging in a transaction is secure include encryption, digital signature, certificates and certifying authorities. Encryption:-Encryption is a technology that deciphers any kind of information before being sent over the network so that it could not be retrieved and misused by an unauthorized person.
Two common encryption technologies that are used to encrypt and decrypt the data are Secret key and public key encryption as explained below. Secret Key encryption In this cryptography technique one key that is known as secret key is used to both encrypt and decrypt the data at sender`s as well as receiver end . Secret key encryption is easy to implement when number of users are less. The algorithm that is used for secret key cryptography is Data Encryption standard (DES) (Schneier ,n. d). The only problem with this encryption method is that the key has to be sent over to the counterpart. (“Dret”, n.
d) Public key cryptography/Assymetric encryption.In this kind of encryption there are two keys that form the part of encryption technology they are the public key and the privaret key . the public key is known to allthe users however the private key is only known to one user the owner. there are two methods the kep pair could be used eithet the data could be encrypted by the receiver`s public key and it will be decrypted by his private key but there is a problem with this method since the encrypting key is public key no body will know who sent the message the other way is encrypting the data with receiver`s private key and decrypting it by public key however this method also has an issue every public key holder will be able to decrypt the message so it has to be combination of keys.The data is encrypted using the receiver`s public key and reencrypted using the receiver`s private key the reciver has to use combination of keys to decrypt the data fully which means that the first the reciver`s private key and then the sender`s public key. The algorithm that is used in this technique is RSA. (“turban, 2004) (“Dret”, n.
d) Electronic Protocols. SET (Secure Electronic Transaction) protocol is an e-commerce protocol designed by Visa and MasterCard. Customers can purchase online and their personal information would be protected and also their buying habits would be recorded along with the information they provided. “SET developed by Visa and MasterCard is an open standard for encryption and security specification for credit card transactions on the Internet.The SET is a set of security protocols and formats that main section are application protocol and payment protocol”. (“Itig” , n. d) SET has many merits: SET has provided merchant protective method, cost-cutting and enough security for the electronic payment.
It helps making the online E-commerce free from online fraud to quite an extent. SET keeps more secrets for the consumer to improve the satisfaction of their on-line shopping experience. SET helps the bank and the credit card company to expand the service to more broad space –Internet. And it lowers the probability of credit card on-line fraud. Therefore SET seems more competitive than other online payment method.SET has defined interface for all quarters of online transaction so that a system can be built on the products made by the different manufacturers. SET protocol based E-commerce model Although SET has been widely used in the electronic payment area and has gained more attention from the electronic commerce promoter, the SET transaction mode model only.
Even for B2C model, its application is also limited. (“Itig”, n. d) DES algorithm and the RSA algorithm are used in SET protocol to carry on the encryption and the decryption process. SET protocol use DES as symmetrical encryption algorithm. However, DES was no longer a safe algorithm right now. Therefore, DES should be replaced by more intensive and safer algorithm.Moreover, along with the development of processing speed and storage efficiency enhancement of the computer, the algorithm will be cracked successively.
It is necessary to improve the extendibility of encryption service. SET protocol is huge and complex in the application process. In a typical SET transaction process, the digital certificates need to be confirmed 9 times, transmitted 7 times; the digital signature need be confirmed 6 times, and 5 times signature, 4 symmetrical encryptions and 4 asymmetrical encryptions are carried out. (“cs. ucf”,n. d) SET protocol involves many entities such as customers, merchants and banks. All of them need to modify their systems to embed interoperability.
As the SET requests installment software in the network of bank, on the business server and PC of the customer and it also need to provide certificates to all quarters, so running cost of the SET is rather high. The protocol cannot prove transactions which are done by the user who signs the certificate. The protocol is unable to protect cardholder and business since the signature received finally in the protocol is not to confirm the content of the transaction but an authentication code. If cardholders and trade companies have the dispute, they cannot provide alone the evidence to prove its transaction between themselves and the banks. Although there are some drawbacks in the SET protocol, it is still the most standard and the safest in the present electronic commerce security protocol and the international standard of the security electron payment.In order to overcome the defect that SET protocol only supports credit payment style, PIN(Personal Identify Number) digital items are modified in this paper; with regard to the other deficiencies such as complexity, slow speed, poor safety and adaptation of SET protocol, this paper also makes a model of architecture security control mechanism, introduces electron transaction authentication center and strengthens the security of transaction process of SET protocol. (“cs.
ucf”,n. d) Transmission control Protocol (TCP) which is the main protocol used to send data over internet was not designed back then keeping in view the security issues that could arise in today`s World where E commerce plays an important role. The data transmitted through TCP could be read, intercepted and altered.Security breach still happens while an email is being sent or files are being transferred over the internet. Customer is always concerned over security when processing a transaction and sending information over the internet. Credit card information like name, number and date of expiration. Presently most of the companies use SSL (Secure Socket Layer) protocol to provide security and privacy this protocol encrypts the order at PC before sending it over the network however this protocol may not provide all the security needed.
There is another more secure protocol Secure Electronic transaction (SET) however SET is is a slow protocol and may take long time to respond and also it requires that the digital wallet is installed on the customer pc.Electronic Fund Transfer “Electronic funds transfer” means any transfer of funds, other than a transaction originated by check, draft, or similar paper instrument, that is initiated through an electronic terminal, telephonic instrument, or computer or magnetic tape, so as to order, instruct, or authorize a financial institution to debit or credit an account. Electronic funds transfers shall be accomplished by an automated clearinghouse debit, an automated clearinghouse credit, or by Federal Reserve Wire Transfer”. ” (Turban ,Lee, King;amp; chung ,n. d) Electronic Checks. E check is the electronic version of the traditional paper based checks , Paper check has been one of the most important way of payments that has been in use for a long time keeping in view the same concept E check has been designed to serve the same purpose. E-check contains the same information like account number, issuing bank, address of the issuing bank and the amount of check.
To validate the authenticity of the person, instead of signatures it has a digital code which is generated while filling in a check and is cross verified with the database while encashing it. Electronic Check offers many advantages over the traditional paper check since all the information is filled in electronically over the computer and it is not revealed as it passes through very few people who are in authority. E checks are cheaper by many folds because of ease of processing, also E-checks are lot faster in procession since the data is sent electronically and the chances of getting a check bounced are almost negligible. Electronic Wallets Electronic wallets or the e wallets also referred to digital wallets.An e wallet is a software program that contains user`s payment information in encrypted form to ensure its security, for example an individual`s e wallet could contain credit card number , bank account number ,contact information and shipping location . This information can then be automatically and securely transferred to an online order form. ”.
(Turban ,Lee, King;amp; chung ,n. d) Virtual Credit Cards “Closely allied to e wallets is concept of virtual credit card. A virtual credit card is an image of a credit card placed on the computer desktop. With one click of the credit card image the card holder access the account information and pays for the online purchases.Customer can even drag and drop the virtual card from desktop onto an online checkout page . The credit card number and contact information is automatically entered into the checkout form and the customer just needs a pin to enter or other form of identification to authorize the transaction”. (Turban ,Lee, King;amp; chung ,n.
d) Concluding Remarks Although there are many online payment systems available to choose from while making a purchase under E-commerce however the credit card is still the dominant and the most popular way not only because of the convenience it has but also because of its worldwide acceptability.Despite of the several security measures in place, credit card frauds do take place and protection of the information provided over the internet while making a purchase is of utmost importance. Encryption using the DES and RSA algorithms make the data indecipherable while being transmitted over the network and these encryption technologies are hard to break into however there are other ways credit card information could be disclosed. Phishing and Pharming as mentioned above in the essay are recent threats that are becoming common and are needed to be addressed as soon as possible since the users who are not really aware of these threats could unintentionally disclose information they are not supposed to.Credit card has wider acceptability because of its long established network thanks to the credit card brands like the Master card, Visa international and American express and because of its friendly characteristics like ease of carriage, fast processing, 24 hour purchasing facility and the convenience of making purchase sitting anywhere. With the advancement of technology new protective measures like thumb imprint, retina scan are gaining popularity however it will take time for them to become common and implemented everywhere while making an online transaction since there are the cost and awareness issues related to these high end technology gadgets.