9781423903055 ppt ch11

Electronic CommerceEighth Edition

Chapter 11Payment Systems For Electronic

Commerce

Electronic Commerce, Eighth Edition 2Electronic Commerce, Eighth Edition 2

Learning Objectives

In this chapter, you will learn about:

• The basic functions of online payment systems

• The use of payment cards in electronic commerce

• The history and future of electronic cash

• How electronic wallets work

• The use of stored-value cards in electronic commerce

• Internet technologies and the banking industry

Electronic Commerce, Eighth Edition 3

Online Payment Basics

• E-commerce– Exchange money for goods or services– Important function: handling Internet payments– B2B payment transactions

• Electronic funds transfers (EFTs)

• B2C payment transactions– Evolving and competing for dominance– Customer convenience, saves companies money

• Bill mailed by mail costs $1.00 to $1.50

• Internet billing cost: 50 cents


Online Payment Basics (cont’d.)

• Four basic means to purchase items in B2C (traditional and electronic)– Cash, checks, credit cards, debit cards

• 90% of all United States consumer payments

• Electronic transfer: small but growing

• Most popular: automated payments

• Credit cards– Worldwide: 90% of online payments– United States: 97% of online payments



Online Payment Basics (cont’d.)

• Scrip – Digital cash minted by a company

• Cannot be exchanged for cash• Exchanged for goods or services by company issuing

scrip– Like a gift certificate: good at more than one store– Current scrip offerings (eScrip)

• Focus: not-for-profit fundraising market

• Merchant should offer customers payment options– Safe, convenient, widely accepted– Companies sell payment processing package service



Payment Cards

• General term describing all types of plastic cards consumers (businesses) use to make purchases– Categories: credit cards, debit cards, charge cards

• Credit card (Visa, MasterCard)– Spending limit based on user’s credit history

• Charge purchases against credit line– Options for user billing cycle payments

• Pay off entire credit card balance; pay minimum amount

• Card issuers charge unpaid balance interest– Accepted worldwide, 30-day dispute period


Payment Cards (cont’d.)

• Credit card (cont’d.)– Card not present transactions

• Cardholder not present during transaction

• Requires extra security

• Debit card – Removes sales amount from cardholder’s bank

account – Transfers sales amount to seller’s bank account– Issued by cardholder’s bank

• Carries major credit card issuer name



• Charge card (American Express)– No spending limit– Entire balance due at end of billing period– No line of credit or interest charges– Examples: department store, oil company cards

• “Payment card”– Refers to credit cards, debit cards, and charge cards



• Single-use cards– Cards with disposable numbers

• Addresses concern of giving online vendors payment card numbers

– Not used much anymore• Problem: required consumers to behave differently


Advantages and Disadvantages of Payment Cards

• Advantage for merchants– Fraud protection (built-in security)

• Charge paid through issuer of payment card

• Advantage for U.S. consumers– Liability of fraudulent card use: $50

• Card issuer frequently waives $50 charge if card stolen

• Good for merchants and consumers– Worldwide acceptance

• Currency conversion handled by card issuer


Advantages and Disadvantages of Payment Cards (cont’d.)

• Disadvantage for merchants– Per-transaction fees, monthly processing fees

• Cost of doing business

– Goods and services prices are slightly higher• As opposed to environment free of payments cards

– For payment:• Merchant must first set up merchant account

• Disadvantage for consumers– Annual fee

Payment Acceptance and Processing

• Internet payment card process easier than physical store process

• EMV standard– Single standard handling payment card transactions– Visa, MasterCard, MasterCard International

• United States online stores, mail order stores– Must ship merchandise within 30 days of charging

payment• Violation penalties are significant

• Most do not charge payment card accounts until merchandise shipped


Payment Acceptance and Processing (cont’d.)

• General steps in payment card transactions – Merchant receives payment card information– Merchant authenticates payment – Merchant ensures funds are available and puts hold

on credit line or funds to cover charge– Settlement occurs (few days after purchase); funds

travel between banks and are placed into merchant’s account




• Open and closed loop systems– Closed loop systems

• Card issuer pays merchant directly

• Does not use intermediary

• American Express, Discover Card

– Open loop systems (three or more parties)• Third party (intermediary bank) processes transaction

• Visa, MasterCard: not issued directly to consumers

• Credit card associations: operated by association member banks

• Customer issuing banks: member banks



• Merchant accounts (acquiring bank) – Bank doing business with sellers (Internet, non-

Internet) wanting to accept payment cards– Merchant account

• Required for online merchant to process payment cards

– Acceptance by bank of merchant account • Merchant must provide business information

• Risk of business type assessed

– Bank collects credit card receipts on merchant’s behalf

• Credits value in merchant’s account



• Merchant accounts (cont’d.)– Chargeback

• Cardholder successfully contests charge

• Merchant bank must retrieve money from merchant account

• Merchant may have to cover chargeback potential

– Problem facing online businesses• Level of online transaction fraud

• Fewer than 5 percent of credit card transactions completed online; accounts for 60 percent of total credit card dollar amount fraud



• Processing payment cards online– Payment processing service providers

• Companies offering payment card processing

– Example: InternetSecure• Supports Visa and MasterCard payments for Canadian

and U.S. accounts

• Provides risk management and fraud detection

• Handles online merchants transactions

• Uses existing bank-approved payment card processing infrastructure, secure links, and firewalls


• Processing payment cards online (cont’d.)– First Data

• Provides merchant payment card processing services with ICVERIFY and WebAuthorize programs

• ICVERIFY: for small retailers using Microsoft Windows electronic cash registers, point-of-sale terminal systems

• WebAuthorize: for large enterprise-class merchant sites

– ICVERIFY, WebAuthorize connect directly to: • Network of banks: Automated Clearing House (ACH)

• Credit card authorization companies

• Connect to ACH through highly secure, private leased telephone lines





• Processing payment cards online (cont’d.)– Merchant Warehouse’s PayFlow Link system

• Online payment system developed by CyberCash

• Now operated by VeriSign

– InfoSpace’s Authorize.Net• Online, realtime payment card processing service

• Merchants link to system by inserting small HTML code block into transaction page

• Order encrypted, transferred to Authorize.Net server

• Server relays transaction to bank network

• Customers not aware of third-party supplier (usually)


Electronic Cash

• Electronic cash (e-cash, digital cash)– Describes any value storage and exchange system

created by private (nongovernmental) entity• Does not use paper documents or coins

• Can serve as substitute for government-issued physical currency

• Readily exchanged for physical cash on demand

• Problem– No standard among all electronic cash issuers– Not universally accepted


Electronic Cash (cont’d.)

• Small purchases not profitable for merchants– Bank fees greater than profits

• Factors in favor of electronic cash– Potentially significant market for electronic cash

• Market for Internet small purchases (below $10)

– Most of world’s population does not have credit cards• Electronic cash: solution to paying for online purchases

• Idea of electronic cash refuses to die– Despite failures


Micropayments and Small Payments

• Micropayments– Internet payments for items

• Costing few cents to a dollar

• Micropayments barriers– Not implemented very well on the Web yet– Human psychology

• People prefer to buy small value items in fixed price chunks

• Example: mobile phone has fixed monthly payment plans


Micropayments and Small Payments (cont’d.)

• Small payments – All payments of less than $10

• Companies that have developed micropayment systems– Millicent, DigiCash, Yaga, BitPass

• All have failed

– No company has gained broad acceptance of its system despite industry observers seeing such a need

– No company devoted solely to offering micropayment services

Privacy and Security of Electronic Cash

• Electronic payment methods concerns– Privacy and security, independence, portability,

convenience– Privacy and security: most important to consumers

• Transactions vulnerable• Electronic currency: copied, reused, forged

• Unique security problems of electronic cash– Possible to spend only once

• Not counterfeit; used in two different transactions

– Anonymous use• Prevents sellers from collecting information


Privacy and Security of Electronic Cash (cont’d.)

• Electronic cash companies– eCharge, InternetCash, Valista

• Advantages of electronic cash– Independent

• Unrelated to any network or storage device

• Ideally pass transparently across international borders; converted automatically to recipient country’s currency

– Portable• Freely transferable between any two parties

• Credit and debit cards: not portable or transferable

• Important characteristic of cash: convenienceElectronic Commerce, Eighth Edition 28


Holding Electronic Cash: Online and Offline Cash

• Online cash storage– Consumer has no personal possession of electronic

cash• Trusted third party (online bank) involved in all

transfers, holds consumers’ cash accounts

• Online system payment– Merchants contact consumer’s bank

• Helps prevent fraud (confirm valid cash)

• Resembles process of checking with consumer’s bank to ensure valid credit card and matching name

Holding Electronic Cash: Online and Offline Cash (cont’d.)

• Offline cash storage– Virtual equivalent of money kept in wallet– Customer holds it

• No third party involved in transaction

– Protection against fraud concern• Hardware or software safeguards needed

– Double-spending• Spending electronic cash twice

• Too late to prevent fraudulent act by time same electronic currency clears bank for second time

• Prevent double-spending: use encryption techniquesElectronic Commerce, Eighth Edition 30


Advantages and Disadvantages of Electronic Cash

• Traditional brick-and-mortar billing methods– Costly

• Generate invoices, stuff envelopes, buy and affix postage to envelopes, send invoices to customers

– Accounts payable department• Keeps track of incoming payments, posts accounts in

database, ensures current customer data

• Online stores have the same payment collection inefficiencies– Online customers use credit cards to pay for

purchases


Advantages and Disadvantages of Electronic Cash (cont’d.)

• Online auction customers use conventional payment methods– Checks, money orders

• Electronic cash system– Less popular than other payment methods– Provides unique advantages and disadvantages

• Advantages of electronic cash transactions– More efficient (less costly)

• Efficiency fosters more business (lower prices)

– Occurs on existing infrastructure (Internet)


• Advantages of electronic cash transactions (cont’d.)– Internet spans globe

• Distance transaction travels does not affect cost

– Does not require one party to obtain authorization

• Disadvantages of electronic cash transactions– No audit trail– Money laundering

• Technique criminals use to convert money illegally obtained into spendable cash

• Purchase goods, services with ill-gotten electronic cash

• Goods sold for physical cash on open marketElectronic Commerce, Eighth Edition 33



• Disadvantages of electronic cash transactions (cont’d.)– Susceptible to forgery– Other potentially damaging digital economic factors

• Expansion of money supply when banks loan electronic cash on consumer and merchant traditional bank accounts

• Electronic cash has not yet become a global success– Will require wide acceptance and solution to problem

of multiple electronic cash standards


How Electronic Cash Works

• Consumer opens account with electronic cash issuer– Presents proof of identity

• Consumer withdraws electronic cash using issuer’s Web site– Presents proof of identity

• Digital certificate issued by certification authority

• Combination of credit card number and verifiable bank account


How Electronic Cash Works (cont’d.)

• After consumer identity is verified:– Electronic cash amount is issued

• Amount deducted from consumer’s account• Issuer may charge small processing fee

• Consumer stores electronic cash– In electronic wallet – On his or her computer– On stored-value card

• Consumer can authorize issuer to make third-party payments– From electronic cash account


Providing Security for Electronic Cash

• Significant electronic cash problem– Potential for double-spending

• Main deterrent– Threat of detection and prosecution

• Keys to creating tamperproof electronic cash that can be traced back to origins– Cryptographic algorithms– Two-part lock

• Provides anonymous security

• Signals someone is attempting to double-spend cash


Providing Security for Electronic Cash (cont’d.)

• When second transaction occurs– Complicated process reveals:

• Attempted second use

• Identity of original electronic cash holder

• Electronic cash used correctly– Maintains user’s anonymity

• Double-lock procedure– Protects anonymity of electronic cash users– Simultaneously provides built-in safeguards to

prevent double-spending




• Double-spending– Neither detected nor prevented with truly anonymous

electronic cash

• Anonymous electronic cash– Cannot be traced back to person who spent it

• Tracing electronic cash– Attach serial number to each electronic cash

transaction• Cash positively associated with particular consumer

• Does not solve double-spending problem



• Single issuing bank can detect when two deposits of same electronic cash are about to occur– Impossible to ascertain fault (consumer or merchant)

• Electronic cash contains serial numbers– No longer anonymous

• One reason to acquire electronic cash

– Raises privacy issues• The use of serial numbers to track consumers’

spending habits



• Creating truly anonymous electronic cash– Bank issues electronic cash with embedded serial

numbers• Bank digitally signs electronic cash while removing

association of cash with particular customer


Electronic Cash Systems

• Electronic cash– More successful in Europe and Japan

• Consumers prefer to use cash (does not work well for online transactions)

• Electronic cash fills important need– Not successful in United States

• Consumers have payment cards and checking accounts

• KDD Communications (KCOM)– Internet subsidiary: Japan’s largest phone company– Offers electronic cash through NetCoin Center


Electronic Cash Systems (cont’d.)

• Reasons for failure of United States electronic cash systems – Electronic cash systems implementation

• Required to download and install complicated client-side software that ran in conjunction with browser

– Number of competing technologies• No standards developed

• Array of proprietary electronic cash alternatives

– No interoperable software• That runs transparently on variety of hardware

configurations and different software systems



• CheckFree– Largest online bill processor (in the world)– Payment processing services since 1981 to:

• Large corporations, individual Internet users

– 2007 Fiserv bought CheckFree ($4.4 billion)• Offers online bill processing under CheckFree brand



• Clickshare– Electronic cash system for magazines and newspaper

publishers– Uses technology called micropayment-only system– An ISP supporting Clickshare automatically registers

users – When users click links leading to Clickshare sites

• They can make purchases without registering again

• Clickshare keeps track of transactions and bills user’s ISP



• Clickshare (cont’d.)– Tracks user on the Internet

• Significant value to advertisers, marketers

• Defeats anonymity

– Micropayment capability• By-product of core functionality of tracking identified

users

• Tracks users with standard HTTP Web protocol

• Does not require cookies or software wallets



• PayPal– Payment processing services to businesses,

individuals– Earns profit from float

• Money deposited, not used immediately– Charges transaction fee

• Businesses using service to collect payments– Peer-to-peer (P2P) payment system

• Free payment clearing service for individuals• Payments from one type of entity to another of the

same type



• PayPal (cont’d.)– Eliminates writing and mailing checks or payment

cards– Send money instantly and securely to anyone with an

e-mail address– Convenient for auction bidders to pay for purchases– Convenient for auction sellers

• Eliminates risks posed by other online payment types– Transactions clear instantly– Redemption

• PayPal check• Direct deposit to checking accounts




• PayPal (cont’d.)– Merchants and consumers first register for PayPal

account• No minimum amount account balance

• Add money by authorizing checking accounts transfer, using credit card

• Merchants need PayPal accounts to accept PayPal payments



• PayPal (cont’d.)– Competition from Billpoint

• Joint venture between eBay, Wells Fargo

• PayPal maintained first-mover advantage– Remained most widely used eBay payment processing

system

• eBay purchased PayPal

– Other peer-to-peer payment business companies• First Data Corporation offered electronic money orders

through BidPay site (closed in 2007)

• Citibank’s c2it payments service (closed in 2003)


Electronic Wallets

• Concerns of consumers when shopping online– Entering detailed shipping and payment information

for each online purchase– Filling out forms

• Solution– Electronic commerce sites allows customer to store

name, address, credit card information on the site– Problem

• Consumers must enter information at each site


Electronic Wallets (cont’d.)

• Electronic wallet (e-wallet)– Holds credit card numbers, electronic cash, owner

identification, owner contact information– Provides information at electronic commerce site

checkout counter– Benefit: consumer enters information once

• More efficient shopping

• Server-side electronic wallet– Stores customer’s information on remote server of

merchant or wallet publisher– No download time or installation on user’s computer



• Server-side electronic wallet (cont’d.)– Main weakness

• Security breach can reveal thousands of users’ personal information (credit card numbers)

• Servers must employ strong security measures to minimize possibility of unauthorized disclosure

• Client-side electronic wallet– Stores information on consumer’s computer– Disadvantages

• Must download wallet software onto every computer• Not portable



• Client-side electronic wallet (cont’d.)– Advantage

• Sensitive information stored on user’s computer

– Sensitive information safer on client machine• Attackers must launch many attacks on user computers

(more difficult to identify)

• Prevents easily identifiable wallet vendor’s servers from attack



• Characteristics of useful wallets– Wallet accessibility

• Populate data fields in any merchant’s forms for any site consumer visits

– Electronic wallet manufacturer and merchants from many sites must coordinate efforts

• Wallet recognizes consumer information going into each field of given merchant’s forms



• Electronic wallets – Store shipping and billing information

• Consumer’s first and last names, street address, city, state, country, postal code

– Hold credit card names, numbers• Offers consumer choice of credit cards at online

checkout

– Hold electronic cash from various providers



• Electronic wallet used by business companies – Example: MasterCard– Most abandoned efforts

• Current major browsers include feature to remember names, addresses, other commonly requested information

• Browsers provides one-click Web form field completion

– Two e-wallet arena survivors • Microsoft Windows Live ID

• Yahoo! Wallet


Microsoft Windows Live ID

• Formerly called Passport, Microsoft .NET Passport

• Single sign-in service– Includes server-side electronic wallet

• Operated by Microsoft

• All personal data entered into Windows Live ID wallet– Encrypted and password protected


Microsoft Windows Live ID (cont’d.)

• Four integrated services– Single sign-in service (SSI)

• Allows user to sign in at participating Web site using username and password

– Wallet service• Provides electronic wallet functions (secure storage,

form completion of credit card, address information)– Kids service

• Helps parents protect, control children’s online privacy– Public profiles

• Allows consumers to create public page of information about themselves


Yahoo! Wallet

• Server-side electronic wallet offered by Yahoo!• Completes order forms automatically

– Identifying information, credit card payment information

• Stores information– Several major credit, charge cards, Visa and

MasterCard debit cards• Accepted by:

– Thousands of Yahoo! Store merchants, Yahoo! Travel– Yahoo! Services

• Premium e-mail storage, Web hosting fees


Yahoo! Wallet (cont’d.)

• Yahoo! Advantage– Number of services and shops accommodate own

wallet• Large number of merchants accept wallet

• Privacy concern– Company issuing wallet has access to great deal of

information about individual using wallet


Stored-Value Cards

• Microchip smart card or magnetic strip plastic card– Records currency balance

• Microchip versus magnetic strip– Microchip stores more information– Tiny microchip computer processor

• Performs calculations and storage operations on card

– Different microchip card reader needed

• Examples: prepaid phone, copy, subway, bus cards

• “Stored-value card” and “smart card” used interchangeably


Magnetic Strip Cards

• Holds rechargeable value

• Passive magnetic strip cards cannot:– Send or receive information– Increment or decrement cash value stored

• Processing done on device into which card inserted

• Magnetic strip cards and smart cards store electronic cash– Smart card better suited for Internet payment

transactions• Has processing capability


Smart Cards

• Stored-value card – Plastic card with embedded microchip

• Credit, debit, charge cards store limited information on magnetic strip

• Store information– About 100 times more than magnetic strip plastic card

• Hold private user data– Financial facts, encryption keys, account information,

credit card numbers, health insurance information, medical records


Smart Cards (cont’d.)

• Safer than conventional credit cards– Information encrypted on smart card

• Popular in Europe, parts of Asia– Public telephone calls, cable television programs– Hong Kong

• Retail counters, restaurant cash registers have smart card readers

• Octopus is the public transportation smart card: can be reloaded at transportation locations, 7-Eleven stores



Smart Cards (cont’d.)

• Beginning to appear in United States– San Francisco TransLink integrated ticketing system

for public transportation– Smart Visa card (2000)– Target Visa smart card (2002)

• Smart Card Alliance– Advances smart card benefits– Promotes widespread acceptance of multiple-

application smart card technology– Promotes compatibility among smart cards, card

reader devices, applications


Internet Technologies and the Banking Industry

• Paper checks– Largest dollar volume of payments– Processed through world’s banking system

• Other major payment forms– Involve banks one way or another

• Banking industry Internet technologies– Providing new tools– Creating new threats

Check Processing

• Physical check processing (banks, clearinghouses)– Person wrote check; retailer deposited check in bank

account– Retailer’s bank sent paper check to clearinghouse

• Clearinghouse managed fund transfer (consumer’s bank to retailer’s account)

– Paper check transported to consumer’s bank– Send cancelled check to consumer

• Many banks stopped sending cancelled checks to consumer – Provide PDF images of processed checks



Check Processing (cont’d.)

• Disadvantage of paper checks – Cost of transporting tons of paper checks– Float

• Delay between the time person writes check and the time check clears person’s bank

• Bank’s customer obtains free use of funds for few days

• Bank loses use of funds for same time period

• Can become significantly longer than a few days


Check Processing (cont’d.)

• Technologies helping banks reduce float– 2004 U.S. law: Check Clearing for the 21st Century

Act (Check 21)• Banks eliminate movement of physical checks entirely

• Check 21-compliant world– Retailer scans customer's check– Scanned image transmitted instantly

• Through clearing system

– Posts almost immediately to both accounts • Eliminates transaction float

Phishing Attacks

• Phishing expedition– Technique for committing fraud against online

businesses customers– Launched against all online business types– Particular concern to financial institutions

• Customers expect high degree of personal information security

• Basic structure– Attacker sends e-mail message

• Large number of recipients

• Account at targeted Web site


Phishing Attacks (cont’d.)

• Basic structure (cont’d.)– E-mail message tells recipient account is compromised

• Recipient must log on to account to correct problem

– E-mail message includes link• Appears to be Web site login page • Actually disguised perpetrator’s Web site

– Recipient enters login name, password• Perpetrator captures• Uses to access recipient’s account• Access personal information, make purchases, withdraw

funds





• Spear phishing – Phishing expedition that is carefully designed to target

particular person or organization– Requires considerable research– Increases chance of e-mail being opened– Example: 2008 government stimulus checks

• Phishing e-mails appeared within one week of passage



• E-mail link disguises and tricks– Example of Web server that ignores all characters

preceding “@”:https://[email protected]/fl/login.html

– Example of disguised link:https://[email protected]/fl/login.html

– Example of invisible phony site displayed due to JavaScript code:

http://leasurelandscapes.com/snow/webscr.dll

http://leasurelandscapes.com/snow/webscr.dll



• E-mail link disguises and tricks (cont’d.)– Pop-up windows

• Look exactly like browser address bar

– Including Web site graphics of financial institutions • Looks more convincing



Organized Crime, Identity Theft, and Phishing Attacks

• Organized crime (racketeering)– Unlawful activities conducted by highly organized,

disciplined association for profit– Differentiated from less organized terrorist groups– Internet providing new criminal activity opportunities

• Generates spam, phishing, identity theft– Identity theft

• Criminal act where perpetrator gathers victim’s personal information

• Uses information to obtain credit• Perpetrator runs up account charges and disappears



Organized Crime, Identity Theft, and Phishing Attacks (cont’d.)

• Large criminal organizations– Efficient perpetrators of identity theft

• Exploit large amounts of personal information quickly and efficiently

– Sell or trade information that is not of immediate use• Other worldwide organized crime entities

– Zombie farm• Large number of computers implanted with zombie

programs– Pharming attack

• Hacker sells right to use zombie farm to organized crime association


Organized Crime, Identity Theft, and Phishing Attacks (cont’d.)

• Two elements in phishing– Collectors: collect information– Cashers: use information – Require different skills

• Crime organizations facilitate transactions between collectors and cashers– Increases phishing activity efficiency, volume

• Each year– More than a million people fall victim– Financial losses exceed $500 million


Phishing Attack Countermeasures

• Change protocol– Improve e-mail recipients’ ability to identify message

source– Reduce phishing attack threat

• Educate Web site users

• Contract with consulting firms specializing in anti-phishing work

• Monitor online chat rooms used by criminals

Summary

• Online stores payment forms– Credit, debit, charge cards (payment cards)

• Ubiquitous, convenient, easy to use

– Electronic cash advantages and potential uses• Making micropayments, stored online or offline

– Convenience of electronic wallets

– Stored-value cards• Smart cards, magnetic strip cards

• Banks process most monetary transactions– Use Internet technologies to process checks

• Concerns: phishing expeditions, identity theft


Date post:	27-Jan-2015
Category:	Economy & Finance
Upload:	-
View:	117 times
Download:	0 times

9781423903055 ppt ch11

Economy & Finance