TYPES OF CREDIT CARD PAYMENTS
Types of Credit Card Payments
Credit card-based payments can be divided into three categories:
Payments Using Plain Credit Card Details
The easiest method of credit card payment is the exchange of unencrypted credit cards over a public network such as telephone lines or the Internet. The low level of security
inherent in the design of the Internet makes this method problematic (any hacker can read a credit card number, and there are programs that scan the Internet traffic for credit card
numbers and send the numbers to their programmers).
Authentication is also a significant problem, and the vendor is usually responsible for ensuring that the person using the credit card is its owner.
Payments Using Encrypted Credit Card Details
Even if credit card details are encrypted before they are sent over the Internet, there are still certain factors to consider before sending them out. One such factor is the cost of a credit card transaction itself, which might prohibit low-value payments (micro payments ).
Payments Using Third-Party Verification
One solution to security and verification problems is the introduction of a third party to collect and approve payments from one client to another.
Payments Using Encrypted Credit Card Details
Encryption is initiated when credit card information is entered into a browser or other electronic commerce device and sent securely over the network from buyer to seller as an encrypted message. This practice, however, does not meet important requirements for an adequate financial system, such as nonrefutability, speed, safety, privacy, and security.
To make a credit card transaction truly secure and nonrefutable, the fol-lowing sequence of steps must occur before actual goods, services, or funds flow:
1. A customer presents his or her credit card information (along with an authentic signature or other information such as mother’s maiden name) securely to the merchant.
2. The merchant validates the customer’s identity as the owner of the credit card account.
3. The merchant relays the credit card charge information and digital signature to his or her bank or online credit card processor.
4. The bank or processing party relays the information to the customer’s bank for authorization approval.
5. The customer’s bank returns the credit card data, charge authentica-tion, and authorization to the merchant.
One company that has implemented the preceding process is CyberCash (www.cybercash.com). CyberCash transactions move between three separate software programs: one program that resides on the con-sumer’s PC (called a wallet), one that operates as part of the merchant server, and one that operates within the CyberCash servers. The process works in the following manner: The consumer selects items for purchase and fills out the merchant’s order form, complete with necessary shipping information. The merchant server presents an invoice to the consumer and requests payment. The consumer is given the option to launch the Cyber Cash Wallet, a software program that does the encryption, if they al-ready have it. When the consumer clicks on the “PAY” button, the Cyber Cash software on the merchant server sends a special message to the consumer’s PC that awakens the Cyber Cash Wallet. The consumer simply chooses which credit card to pay with and clicks on it. The rest of the process is a series of encrypted automatic messages that travel between the three parties on the
Internet and the conventional credit card networks that are connected directly to the Cyber Cash servers. Since the Cyber Cash Wallet is a separate piece of software, the consumer can use virtually any browser to shop at a merchant on the Web.
Cyber Cash can also be used for micro payments, that is, people pay small change-usually a nickel or a dime-as they click on icons, which could be information or files. The process is an offshoot of CyberCash’s Wallet technology. Currently, users download
free Wallet software to their PC and load it up electronically with a credit card cash advance. The plan for micro payments is to create a “small change” version, which would dip from a checking account as well as a credit card. After selecting a game to play or item to buy, an invoice comes on screen. The consumer clicks on a Pay button, and a transaction is encrypted that transfers money out of a coin purse icon and into the vendor’s account, which is-set up on a CyberCash server. CyberCash will make its money by selling the technol-ogy as well as by offering payment authentication and aggregation services. The company believes it can process payments as low as ten cents.
Secure Electronic Transactions (SET)
Secure electronic transactions is a protocol for encrypted credit card payment transfers. Announced in February, 1996, by VISA and MasterCard, SET estab-lishes a single technical standard for protecting payment card purchases made over the Internet and
other open networks. Participants in the SET con-sortium include Microsoft, Netscape, GTE, IBM, SAlC, Terisa Systems, and Verisign. SET is based on public-key encryption and authentication technol-ogy from RSA Data Security. The objectives of payment security are to: pro-vide authentication of cardholders, merchants, and acquirers; provide confidentiality of payment data; preserve the integrity of payment data; and define the algorithms and protocols necessary for these security services.
Why Do We Need SET?
One of the benefits of the Internet is that it enables users to tap into information around the clock, from just about anywhere in the world. However, it does pose some practical
drawbacks. The potential for fraud and deception is far greater online. When the other “person” is merely a blip on a computer screen, it is difficult to determine whether or not they hold a valid account. And how can a “real” merchant feel comfortable accept-ing a credit card account number without some form of identification? It is also difficult to trust a merchant you have never actually seen. After all, the merchant’s “store” may exist
only on a remote hard drive. In order to combat fraud there has been increasing focus on authentication on the Web. Web a11thentication requires the user to prove his or her identity for each requested service. Various vendors in the e-commerce market are attempting to provide an authentication method that is easy to use, secure, reliable, and scalable.
Third-party authentication services must exist within a distributed network environment in which a sender cannot be trusted to identify him- or herself correctly to a receiver. In short, authentication plays an important role in the implementation of business transaction security.
What Features does SET Specify?
The following objectives are ad-dressed by SET specifications: confidentiality of information, integrity of data, consumer account authentication, merchant authentication, and interoperability.
Confidentiality of Information
To facilitate and encourage financial transac-tions, it will be necessary for merchants and banks to assure consumers that their payment information is safe and accessible only by the intended recip-ient. Therefore, credit card account and payment information must be se-cured as it travels across the network, preventing interception of account numbers and expiration dates by unauthorized individuals. SET provides confidentiality by the use of message encryption.
Integrity of Information
SET ensures that message content is not altered during the transmission between originator and recipient. Payment information sent from consumers to merchants includes order information, per-sonal data, and payment instructions. If any component is altered in transit, the transaction will not be processed accurately. In order to eliminate this potential source of fraud and/or error, SET provides the means to ensure that the contents of all order and payment messages received match the contents of messages sent. Information integrity is ensured by the use of digital signatures.
Consumer Account Authentication
Merchants need a way to verify that a consumer is a legitimate user of a valid account number. Digital signatures and digital certificates ensure consumer account authentication by providing a mechanism that links a consumer to a specific account
number. SET designates a third party called a certificate authority to authenticate the sender and receiver.
Merchant Authentication
The SET specifications provide a way for con-sumers to confirm that a merchant has a relationship with a financial institution that allows that merchant to accept bank card payments. Merchant authentication is ensured by the use of digital signatures and merchant cer-tificates.
Interoperability
The SET specifications must be applicable on a variety of hardware and software platforms, and must not prefer one over another. Any consumer with compliant software must be able to communicate with any merchant software that also meets the defined standard. Interoperability . by the use of standard protocols and message formats.
For the technical underpinnings of the SET standard, please see the lat-est information published on VISA’s Web site, http:// www.visa.com/.
Types of Credit Card Payments
Credit card-based payments can be divided into three categories:
Payments Using Plain Credit Card Details
The easiest method of credit card payment is the exchange of unencrypted credit cards over a public network such as telephone lines or the Internet. The low level of security
inherent in the design of the Internet makes this method problematic (any hacker can read a credit card number, and there are programs that scan the Internet traffic for credit card
numbers and send the numbers to their programmers).
Authentication is also a significant problem, and the vendor is usually responsible for ensuring that the person using the credit card is its owner.
Payments Using Encrypted Credit Card Details
Even if credit card details are encrypted before they are sent over the Internet, there are still certain factors to consider before sending them out. One such factor is the cost of a credit card transaction itself, which might prohibit low-value payments (micro payments ).
Payments Using Third-Party Verification
One solution to security and verification problems is the introduction of a third party to collect and approve payments from one client to another.
Payments Using Encrypted Credit Card Details
Encryption is initiated when credit card information is entered into a browser or other electronic commerce device and sent securely over the network from buyer to seller as an encrypted message. This practice, however, does not meet important requirements for an adequate financial system, such as nonrefutability, speed, safety, privacy, and security.
To make a credit card transaction truly secure and nonrefutable, the fol-lowing sequence of steps must occur before actual goods, services, or funds flow:
1. A customer presents his or her credit card information (along with an authentic signature or other information such as mother’s maiden name) securely to the merchant.
2. The merchant validates the customer’s identity as the owner of the credit card account.
3. The merchant relays the credit card charge information and digital signature to his or her bank or online credit card processor.
4. The bank or processing party relays the information to the customer’s bank for authorization approval.
5. The customer’s bank returns the credit card data, charge authentica-tion, and authorization to the merchant.
One company that has implemented the preceding process is CyberCash (www.cybercash.com). CyberCash transactions move between three separate software programs: one program that resides on the con-sumer’s PC (called a wallet), one that operates as part of the merchant server, and one that operates within the CyberCash servers. The process works in the following manner: The consumer selects items for purchase and fills out the merchant’s order form, complete with necessary shipping information. The merchant server presents an invoice to the consumer and requests payment. The consumer is given the option to launch the Cyber Cash Wallet, a software program that does the encryption, if they al-ready have it. When the consumer clicks on the “PAY” button, the Cyber Cash software on the merchant server sends a special message to the consumer’s PC that awakens the Cyber Cash Wallet. The consumer simply chooses which credit card to pay with and clicks on it. The rest of the process is a series of encrypted automatic messages that travel between the three parties on the
Internet and the conventional credit card networks that are connected directly to the Cyber Cash servers. Since the Cyber Cash Wallet is a separate piece of software, the consumer can use virtually any browser to shop at a merchant on the Web.
Cyber Cash can also be used for micro payments, that is, people pay small change-usually a nickel or a dime-as they click on icons, which could be information or files. The process is an offshoot of CyberCash’s Wallet technology. Currently, users download
free Wallet software to their PC and load it up electronically with a credit card cash advance. The plan for micro payments is to create a “small change” version, which would dip from a checking account as well as a credit card. After selecting a game to play or item to buy, an invoice comes on screen. The consumer clicks on a Pay button, and a transaction is encrypted that transfers money out of a coin purse icon and into the vendor’s account, which is-set up on a CyberCash server. CyberCash will make its money by selling the technol-ogy as well as by offering payment authentication and aggregation services. The company believes it can process payments as low as ten cents.
Secure Electronic Transactions (SET)
Secure electronic transactions is a protocol for encrypted credit card payment transfers. Announced in February, 1996, by VISA and MasterCard, SET estab-lishes a single technical standard for protecting payment card purchases made over the Internet and
other open networks. Participants in the SET con-sortium include Microsoft, Netscape, GTE, IBM, SAlC, Terisa Systems, and Verisign. SET is based on public-key encryption and authentication technol-ogy from RSA Data Security. The objectives of payment security are to: pro-vide authentication of cardholders, merchants, and acquirers; provide confidentiality of payment data; preserve the integrity of payment data; and define the algorithms and protocols necessary for these security services.
Why Do We Need SET?
One of the benefits of the Internet is that it enables users to tap into information around the clock, from just about anywhere in the world. However, it does pose some practical
drawbacks. The potential for fraud and deception is far greater online. When the other “person” is merely a blip on a computer screen, it is difficult to determine whether or not they hold a valid account. And how can a “real” merchant feel comfortable accept-ing a credit card account number without some form of identification? It is also difficult to trust a merchant you have never actually seen. After all, the merchant’s “store” may exist
only on a remote hard drive. In order to combat fraud there has been increasing focus on authentication on the Web. Web a11thentication requires the user to prove his or her identity for each requested service. Various vendors in the e-commerce market are attempting to provide an authentication method that is easy to use, secure, reliable, and scalable.
Third-party authentication services must exist within a distributed network environment in which a sender cannot be trusted to identify him- or herself correctly to a receiver. In short, authentication plays an important role in the implementation of business transaction security.
What Features does SET Specify?
The following objectives are ad-dressed by SET specifications: confidentiality of information, integrity of data, consumer account authentication, merchant authentication, and interoperability.
Confidentiality of Information
To facilitate and encourage financial transac-tions, it will be necessary for merchants and banks to assure consumers that their payment information is safe and accessible only by the intended recip-ient. Therefore, credit card account and payment information must be se-cured as it travels across the network, preventing interception of account numbers and expiration dates by unauthorized individuals. SET provides confidentiality by the use of message encryption.
Integrity of Information
SET ensures that message content is not altered during the transmission between originator and recipient. Payment information sent from consumers to merchants includes order information, per-sonal data, and payment instructions. If any component is altered in transit, the transaction will not be processed accurately. In order to eliminate this potential source of fraud and/or error, SET provides the means to ensure that the contents of all order and payment messages received match the contents of messages sent. Information integrity is ensured by the use of digital signatures.
Consumer Account Authentication
Merchants need a way to verify that a consumer is a legitimate user of a valid account number. Digital signatures and digital certificates ensure consumer account authentication by providing a mechanism that links a consumer to a specific account
number. SET designates a third party called a certificate authority to authenticate the sender and receiver.
Merchant Authentication
The SET specifications provide a way for con-sumers to confirm that a merchant has a relationship with a financial institution that allows that merchant to accept bank card payments. Merchant authentication is ensured by the use of digital signatures and merchant cer-tificates.
Interoperability
The SET specifications must be applicable on a variety of hardware and software platforms, and must not prefer one over another. Any consumer with compliant software must be able to communicate with any merchant software that also meets the defined standard. Interoperability . by the use of standard protocols and message formats.
For the technical underpinnings of the SET standard, please see the lat-est information published on VISA’s Web site, http:// www.visa.com/.
Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that "The content of your post is awesome" Great work.
ReplyDeletetravel agency merchant account
I would like to say that this blog really convinced me to do it! Thanks, very good post. Maquininha UOL Pag Seguro
ReplyDeleteAwesome work! That is quite appreciated. I hope you’ll get more success. payday loans from Loans Geeks
ReplyDelete