II ePayments - The Enabler for eCommerce

Assuming identity can be guaranteed, deciding which payment system to make available on the Internet is the next most important issue holding back the growth of eCommerce. Obviously, paper notes and coins will not work. The system must be electronic. Most people are already aware of electronic payment systems such as American Express, Diners, JCB, MasterCard, and Visa, and can rightly ask, "Why should we use anything else?" Security is an essential attribute of these networks. They have been introduced and accepted by buyers and sellers worldwide. Rather than inventing something completely new, these existing systems offer an obvious starting point for an ePayment system[1].


EFTPOS - The Virtual Private Network

The bank payment associations such as Visa, MasterCard and Europay have built a secure global network designed to carry authorization, clearing and settlement data. These are all Virtual Private Networks. Core to their design is an assurance of security necessary to protect sensitive payment details while guaranteeing that no transactions are lost. Other networks, such as those managed by S.W.I.F.T. and the ACH operators have a similarly construction. All have well-defined messaging standards, comprehensive operating procedures, and certification processes to assure security and reliability.


The Internet - A Public Utility

In contrast to the VPNs, the Internet has evolved as a public utility with no inherent security or guarantee that transactions are complete.  Its power is to allow any buyer to find a seller anywhere on the globe. Organizations see the Internet as an extremely powerful distribution channel without the cost of building and managing a physical storefront or the expense of running a global mail order and telephone order operation.

Consumer Fear - The Brake to Exponential Growth

Media publicity about the ever-present reality of fraud over the Internet has created suspicion and distrust in the minds of buyers about entering their personal or their company credit card details onto the Internet. The fear of fraud is real; particularly when one considers the open architecture of the Internet and the ease this offers hackers and criminals to intercept credit card data transiting the Internet. Fear has been fueled by stories of hackers breaking into merchant web sites, collecting details for a large number of credit cards and using this information to defraud card payment systems. Stories also abound of people receiving erroneous bank statements, or of fake ATMs being installed on high streets and in shopping malls to capture PIN and the debit card details. The fact that no viable and ready-to-market bank solutions are in sight only stimulates this decline in the confidence of buyers.

In a recent informal meeting, it was pointed out that based on a leading credit card organization’s transactions, 90+% of mail order and telephone order fraud in Europe is Internet based. 15% of Internet clearing volume is charged back while 50% of digital goods purchased over the Internet are charged back. The solution, and the challenge, is to devise a way to use this insecure environment while retaining all the advantages of the proven and secure EFTPOS network.

The Internet Identification Requirements

To give organizations the confidence to reveal corporate secrets, divulge privileged client information or grant access to powerful transaction processing capabilities means it is essential to be able to trust that people on the Internet are indeed who they claim to be. Furthermore, the growth of one-to-one marketing has focused marketing strategies on segmenting the client based down to one. To be confident that access has been granted to the proper authorized party demands a solution that can:

*   Assure the authenticity of the employee or client

*   Assure the confidentiality of privileged information

*   Assure the integrity of data

*   Assure the irrefutability of the transaction 

Internet Payment Security Requirements

The Internet is a user-friendly and open environment. For a payment solution to be successful, it must maintain this ease and openness without putting the current EFTPOS network at risk. This means finding a payment transaction solution that can establish trust between buyer and seller by addressing the following security issues:

*   Authenticity of the buyer and the seller

*   Veracity through the use of PIN of the identity of the card user

*   Confidentiality and privacy of information relating to content of the Transaction

*   Integrity of transmission data

*   Irrefutability of the transaction.

Nevertheless, to be completely successful, the Internet payment system must also be capable of dealing with the following additional issues:

*   Guaranteed payment upon fulfilled terms of delivery

*   Mobility that allows the buyer to conduct business on the Internet from any point of interaction, regardless of the device type or location

*   Support for an array of existing payment products

*   Incorporation of an effective (i.e. economical) micro-payment system


horizontal rule

[1] Small value purchases is the one exception. Today only notes and coins are effective. The Internet will need something to take on this low value payment function.