Online Payment Basics
Four ways to pay for purchases: Cash, checks, credit cards, and debit cards account for more than 90% of all consumer payments in the US. A small but growing percentage of consumer payments are made by electronic transfer. The most popular consumer electronic transfers are automated payments of auto loans, insurance payments, and mortgage payments made from consumers’ checking accounts. Scrip is digital cash minted by a company instead of by a government. Most scrip cannot be exchanged for cash; it must be exchanged for goods or services by the company that issued the scrip. Scrip is like a gift certificate.
Payment card -all types of plastic cards that consumers (and some businesses) use to make purchases. The main categories of payment cards are credit cards, debit cards, and charge cards. A credit card, such as a Visa or a MasterCard, has a spending limit based on the user’s credit history; a user can pay off the entire credit card balance or pay a minimum amount each billing period. Credit card issuers charge interest on any unpaid balance. A charge card, offered by companies such as American Express, carries no spending limit, and the entire amount charged to the card is due at the end of the billing period. Charge cards do not involve lines of credit and do not accumulate interest charges. Several payment card companies now offer cards with disposable numbers- single use cards
Advantages and disadvantages of payment cards
For merchants, payment cards provide fraud protection. When a merchant accepts payment cards for online payment or for orders placed over the telephone, the merchant can authenticate and authorize purchases using a payment card processing network. The greatest advantage of using payment cards is their worldwide acceptance. However, payment card service companies charge merchants per transaction fees and monthly processing fees. The consumer pays no direct transaction based fees for using payment cards, but the prices of goods and services are slightly higher.
-MasterCard International-Europay-have implemented a single standard for the handling of payment card transactions called the EMV standard (Europay, Mastercard, and Visa). In a brick and mortar store, customers walk out of the store with purchases in their possession, so charging and shipment occur nearly simultaneously. Online stores must ship merchandise within 30 days of charging a payment card. Because the penalties for violating this law can be significant, most online and mail order merchants don’t charge payment card accounts until they ship merchandise.
Open and closed loop systems: in some payment card systems, the card issuers pays the merchants that accept the card directly and doesn’t use an intermediary, such as a bank or clearinghouse system- closed loop systems-Ex: American Express. Open loop systems involve three or more parties. Open loop system-Visa or MasterCard-neither Visa nor MasterCard issues cards directly to consumers. Visa and MasterCard are credit card associations that are operated by the banks who are members in the associations. Member banks-customer issuing banks-responsible for establishing customer credit limits.
Merchant Accounts: A merchant bank or acquiring bank is a bank that does business with sellers that want to accept payment cards. To process payment cards for Internet transactions, an online merchant must set up a merchant account. When the merchant’s bank collects credit card receipts on behalf of the merchant from the payment card issuer, it credits their value to the merchant’s account. When a cardholder successfully contests a charge, the merchant bank must retrieve the money it placed in the merchant account is a process called a chargeback. To ensure that sufficient funds are available to cover chargebacks, a merchant bank might require a company to maintain funds on deposit in the merchant account.
Processing Payment Cards online: software packaged with e-commerce software can handle payment card processing automatically, or merchants can contract with a third party to handle payment card processing- payment processing service providers. Banks connect to an Automatic Clearing House through highly secure, private leased telephone lines. The merchant sends the card info to a payment card authorization company, which reviews the customer account and, if it approves the transaction, sends the credit authorization to the issuing bank. Then the issuing bank deposits the money in the merchant’s web site receives confirmation of the acceptance of the consumer transaction. The merchant website confirms the sale to the customer over the internet.
Electronic cash
Electronic cash (e-cash or digital cash) describes any value storage and exchange system created by a private (nongovernmental) entity that doesn’t use paper documents or coins and that can serve as a substitute for government-issued physical currency. Because e-cash is issued by private entities, there is a need for common standards among all e-cash issuers so that one issuer’s e-cash can be accepted by another issuer. E-cash shows particular promise in two applications: the sale of goods and services priced less than $10 – the loser threshold for credit card payments-and the sale of all goods and services to those without credit cards.
-Internet payments for items costing from a few cents to approximately a dollar are called micropayments.
Privacy and security of e-cash
Concerns about electronic payment methods include privacy and security, independence, portability, and convenience. Electronic cash has unique security problems. First, it must be possible to spend electronic cash only once, just as with traditional currency. Second, e-cash ought to be anonymous, just as hard currency is. That is, security procedures should be in place to guarantee that the entire e-cash transaction occurs only between two parties, and that the recipient knows that the electronic currency being received is not counterfeit or being used in two different transactions. Electronic cash has the advantages of being independent and portable. Advantage-E-cash portability means that it must be freely transferable between any two parties.
Holding e-cash: online and offline cash
Two widely accepted approaches to holding cash exist today: online storage and offline storage. Online cash storage means that the consumer doesn’t personally possess electronic cash. Instead, a trusted third party-an online bank-is involved in all transfers of electronic cash and holds the consumers’ cash accounts-helps prevent fraud by confirming that the consumer’s cash is valid. Offline cash storage is the virtual equivalent of money kept in a wallet. The customer holds it-software safeguards must be used to prevent fraudulent or double spending. Double spending is spending a particular piece of electronic cash twice by submitting the same e=currency to two different vendors.
Advantages and disadvantages of e-cash
E-cash transactions are more efficient (and therefore less costly) than other methods, and that efficiency should foster more business, which eventually means lower prices for consumers. E-cash transfers occur on an existing infrastructure – the internet-and through existing computer systems. Thus, the additional costs that users of e-cash must incur are nearly zero. E-cash doesn’t require that one party obtain an authorization, as is required with credit card transactions. Disadvantages-no audit trail, e-cash is just like real cash in that it cannot be easily traced. Another problem arises: money laundering. Money laundering is a technique used by criminals to convert money that they have obtained illegally into cash that they can spend without having it identified as the proceeds of an illegal activity.
How e-cash works
To begin using e-cash, a consumer opens an account with an e-cash issuer (such as a bank that issues e-cash or a private cendor of e-cash such as paypal) and presents proof of identity. The consumer can then withdraw e-cash. After the issuer verifies the consumer’s identity, it gives the consumer a specific amount of e-cash and deducts the same amount from the consumer’s account
Providing security for e-cash
Cryptographic algorithms are the key to creating tamperproof e-cash that can be traced back to its origins. A two part lock provides anonymous security that also signals when someone is attempting to double spend cahs. When a second transaction occurs for the same e-cash, a complicated process comes into play the reveals the attempted second use and the identity of the original e-cash holder. Double spending can neither be detected nor prevented with truly anonymous e-cash. Anonymous e-cash is e-cash that, like bills and coins, can not be traced back to the person who spent it. One way to be able to trace e-cash is to attach a serial number to each e-cash transaction. -The absence of e-cash standards means that consumers are faced with choosing form an array of proprietary e-cash alternatives – none of which are interoperable. Interoperable software runs transparently on a variety of hardware configurations and on different software systems.
Electronic wallet (sometimes called an e-wallet), serving a function similar to a physical wallet, holds credit card numbers, electronic cash,, owner identification, and owner contact info and provides that info at an electronic commerce site’s checkout counter-give consumers the benefit of entering their info just once. When consumers select items to purchase, they can then click their e-wallet to order the items quickly. E-wallets fall into two categories based on where they are stored. A server side electronic wallet stores a customer’s info on a remote server belonging to a particular merchant or wallet publisher. The main weakness – a security breach could reveal thousands of users’ personal info. A client side e-wallet stores a consumer’s info on his or her own computer. A disadvantage of client side wallets is that they aren’t portable-not available when a purchase is made for a computer other than the computer on which the wallet resides. This removes the risk that an attack on a client side e-wallet vendor’s server could reveal the sensitive info. However, an attack on the user’s computer could yield that info.
Stored value Cards
One solution that could reduce all those cards to a single plastic card is called a stored value card. A stored value card can be an elaborate smart card with a microchip or a plastic card with a magnetic strip that records the currency balance. The main different is that a smart card can store larger amounts of info and includes a processor chip on the card. The card readers needed for smart cards are different, too. Common stored value cards include prepaid phone, copy, subway, and bus cards. Many people use the terms “stored-value card” and smart card interchangeably.
-Most magnetic strip cards hold value that can be recharged by inserting them into the appropriate machines, inserting currency into the machine, and withdrawing the card; the card’s strip stores the increased cash value.
A smart card is a stored value card that is a plastic card with an embedded microchip that can store info. A smart card can store about 100 times the amount of info that a magnetic strip plastic card can store. A smart card can hold private user data, such as financial facts, encryption keys, account info, credit card numbers, health insurance info, medical records. Smart cards are safer than conventional credit cards because the info stored on a smart card is encrypted.
Internet technologies and the banking industry
Check processing
In the past, checks were processed physically by banks and clearinghouses. The retailer’s bank would then send the paper check to a clearing house which would manage the transfer of funds from the consumer’s bank to the retailer’s account. Banks have been working for years to develop technologies that will help them reduce the float. In 2004, a US law went into effect that many bankers believe will eventually eliminate the float.
Phishing attacks
The basic structure of a phishing attack is fairly simple. The attacker sends email messages to a large number of recipients who might have an account at the targeted web site. The email message tells the recipient that his or her account has been compromised and it is necessary for the recipient that his or her account has been compromised and it is necessary for the recipient to log in to the account to correct the matter. The email message includes a link that appears to be a link to the login page of the web site. The link actually leads the recipient to the phishing attack perpetrator’s website, which is disguised to look like the targeted website. The unsuspecting recipient enters his or her login name and password, which the perpetrator captures and then uses to access the recipient’s account.
Organized Crime, Identity theft, and phishing attacks
US laws define organized crime, also called racketeering, as unlawful activities conducted by a highly organized, disciplined association for profit. The associations that engage in organized crime are often differentiated from less organized groups such as gangs and from organized groups that conduct unlawful activities for political purposes such as terrorist organizations-traditionally engaged in criminal activities such as drug trafficking, gambling, money laundering, prostitution, pornography production and distribution, extortion, truck hijacking, fraud, theft, and insider trading. Identity theft is a criminal act in which the perpetrator gathers personal info about a victim and then uses that information to obtain credit. There are two elements in phishing, the collection of the info (done by collectors) and the use of the info (done by cashers).
Phishing attack countermeasures
Since spam is a key elements of phishing attacks, any protocol change that improves email recipients’ ability to identify the source of an email message will also help to reduce the threat of phishing attacks. The most important step that companies can take today-is to educate their web site users. Another anti-phishing technique is to monitor online chat rooms that are used by criminals.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment