Internet Payment Systems

 

This level of security, while it protects credit card numbers very well, does not guarantee that the credit card holder isn't using a stolen card. For this reason the same public-key cryptography is used to encrypt additional information: authentication certificates and digital signatures. The certificates carry information about the parties and the digital signatures, which can be combined with digital date stamps, add yet another layer of authentication to a transaction.

The highest form of security, developed by Visa and MasterCard—with the contributions of Microsoft, IBM, GTE, Netscape, and others—is known as Secure Electronic Transport (SET). Under this protocol, the identities and rights of three parties are simultaneously established during a transaction: the card holder, the merchant, and the card issuing institution, each using certificates, signatures, and date stamps under the protective cloak of cryptography.

SET has not yet established itself widely in the mid-2000s because of its complexity. SSL transactions are still the dominant method of passing credit card information. Visa and MasterCard have introduced another less sophisticated authentication method—primarily to offer credit card holders added security. Card holders can register with the issuer of the card and provide additional authentication data (mother's maiden name, pet's name, and so on) maintained by the issuer. Once the card is thus registered, merchants are notified of this registration and can query card holders for additional authentication data before closing a sale.

GETTING PAID ONLINE

A small business intending to sell its products online must establish a merchant account at a bank and engage the services of a payment processing firm. The business may wish to begin by looking at processing firms which frequently represent banks. Conversely, many banks work with processing firms and will recommend those that they prefer. If the company already accepts credit cards in a store, its natural route is by way of the service bureau it uses for off-line sales. A set-up fee (around $50), monthly services fees (ranging from $40 to $300 based on volume), and transaction fees levied on the volume itself (ranging from 1.5 to 0.75 percent, depending on volume) should be anticipated. The numbers cited come from Yahoo's Small Business Merchants Solutions and, while representative, will vary from vendor to vendor. Three basic types of transactions are available: credit card, online check payment, and small-transaction payment systems (where transactions are a few dollars each), A merchant can sign up for one or two or three of these—each having a different cost. A very wide array of such services has developed—and thus a fair amount of homework is implied. Entering the phrase "payment processing firms" into a search engine like Google or Yahoo will produce an extensive listing of links and ads that will get the business started. Another way of testing the waters, of course, is to ask other merchants about the services they use.

Qualifying for a merchant account may require administrative efforts similar to getting a loan—because the bank will wish to satisfy itself about the business's qualifications. Working with the processing firm will involve the business in installation and testing of card authorization software that will communicate with the processing firm. The processing firm normally handles checking the validity of the credit card number, expiration date, and purchase amount, then provides the merchant with an authorization number. The preferred method for handling online sales is to pass the transaction information along to the payment processing firm for authorization while the customer is still online. An e-mail confirmation completes the transaction.

Internet payment systems, while already highly developed, are still evolving—becoming more secure, more straightforward, and, from the small business point of vantage, more competitive in price. In the mid-2000s many services are available. As electronic retailing continues its rapid growth, it is likely that a handful of major services will begin to emerge and dominate the market until, for the small business, getting online and getting paid online, will become ever more simple.

BIBLIOGRAPHY

Beaudoin, Maria. "Web Checks." Newsweek. 11 August 2003.

Beaumier, Carol M. "Multifactor Authentication: A blow to identity theft?" Bank Accounting & Finance. February-March 2006.

Bick, Jonathan. "Authenticating and Enforcing E-signatures." New Jersey Law Journal. 7 June 2004.

Paret, Dominique. RFID and Contactless Smart Card Applications. John Wiley & Sons, 2005.

Lim, Chae Hoom, and Moti Yung, eds. Information Security Applications. Springer, 2005.

Loshin, Peter, John Vacca, and Paul Murphy. Electronic Commerce. Charles River Media, 2004.

O'Mahony, Donal, Michael A. Pierce, and Hitesh Tewari. Electronic Payment Systems for E-Commerce. Artech House, 2001.

Punch Linda. "Authentication's Tentative Gins: Visa and MasterCard have developed authentication systems that will make Internet transactions less vulnerable to fraud." Credit Card Management. May 2002.

"What is Public-Key Cryptography?" RSA Laboratories. Available from http://www.rsasecurity.com/rsalabs/node.asp?id=2165. Retrieved on 4 June 2006.

"With PayPal Backing, Will Micropayments Work This Time?" CioInsight. 12 September 2005.

Wolf, Daniel. "When Dial-Up Link Blocks the Extra Verification Call." American Banker. 9 May 2006.

 PREV  1 | 2