Please use this link if you are not automatically transferred.
  To PayPerNet Homepage Feedback Support Employment Help PayPerNet logo


Payment Solutions

See Also
Introduction to PayPerNet

Existing payment solutions can be divided to fall into four groups:

  1. Cheques,
  2. Bank wires, 
  3. Payment (Credit & Debit) cards, and 
  4. Electronic payment systems.

Characteristics of these payment systems differ substantially. 

To be suitable for e-commerce, a payment system should probably have certain characteristics, such as:

  1. easy to use by the end-user
  2. conceptually easy to understand
  3. does not require customers or vendors to sign up before use,
  4. highly secure for customers and vendors alike,
  5. low cost,
  6. allows micropayments,
  7. anonymous,
  8. requires no additional hardware or software on the side of the client,
  9. able to develop itself independent of partners that might see the system as a threat.

In the following sections we will see how the most important payment systems available today stack up against these e-commerce requirements.

Cheques

The main advantage of cheques is that many people are comfortable making and receiving payments using cheques. However, they have some very obvious disadvantages as well:

  • They are not secure methods of payment since cheques are easily forged
  • They may be returned by banks if there are insufficient funds in its associated bank account
  • They require physical transfer to the on-line vendor and bank processing, a lengthy process
  • High costs are associated with cashing cheques that cross international boundaries

To overcome the security problems, it is common practice to request proof of identity when a customer writes the cheque. This is not an option when paying over the Internet because the cheque is not written in the presence of the payee. Therefore, if a cheque is currently accepted by an on-line merchant, then it is usually to make advance payment for goods or services. (Exceptions exist: some vendors of services may use the delay between the writing and the receipt of the cheque to allow the user to try out the service. Unless payment is received within a predefined period, the customer is cut off from the service.)

Cheques must be physically mailed to the on-line vendor and processed by his bank, causing the process of making a payment using a cheque is to be a lengthy one that negates much of the attractiveness of the Internet.

Cheques as Internet payment method

As mentioned, an advantage of cheques is that in some countries virtually everyone is comfortable in using them to make payments. However, from the above and the realisation that cheques are not or not commonly used in many countries, it must follow that even for countries where cheques are an accepted and low-cost means of payment, they will be restricted to internal payments (i.e. within the country).

The slowness of paying by cheque detracts even more from its appeal.

Bank wires

Bank wires are faster and more secure than cheques. Unfortunately, they bring other problems with them:

Because of the inefficient inter-bank settlement system used by banks for small monetary amounts - a traditional system with medieval roots known as correspondent banking - wires are a very expensive payment option, with costs starting at a fixed € 10 for a national to a fixed € 30 for an international transaction, in addition to variable charges. That is far too costly for anything but very high-ticket items. Additional, currency-exchange related fees compound the cost problem further.

  • clients dislike prepaying through bank wires when dealing with vendors they are not familiar with since there is virtually nothing to protect him from defective products, fraud, etc.
  • a signed request (letter or fax) for the wire needs to be send to the bank before it can be executed

Bank Wires as Internet payment method

The very high cost and complexity, perhaps clumsiness- of international bank wires makes bank wires an unattractive way to pay for world-wide shopping. We expect bank wires to principally remain restricted to internal payments in those countries where they have evolved into efficient forms of payment and are regularly used, but expect them to play a minor role as e-payment method.

Payment Cards

Payment Cards are cards containing electronic or magnetic information regarding an account with a card-issuing financial institution. For the discussion we will make no difference between debit and credit-type payment cards. At this time, payment cards are by far the most popular means to pay for on-line purchases. To pay using a card, the card owner must send his card information to the Internet merchant. The merchant communicates with the card issuer (most often using private networks). The card issuer then debits the purchaser's card account and credits the vendor's bank account. While being transferred to the merchant over the Internet, the customer's card number, name and address could potentially be intercepted by third parties. The physical card itself is not used during an e-shopping transaction but only the owner's card number, name, address, and expiration date. Since no signature is necessary, such a third party can commit fraud with the intercepted data. To limit access to the information in transit, most Internet vendors provide a more or less secure Internet connection technology known as SSL, which encrypts the credit card information while it is being transferred to the Internet merchant. This reduces the risk, but due to certain restrictions on the use of encryption world-wide  it does not entirely eliminate it at this time. If the card information has not been intercepted during transmission, the danger for the card holder is not over, however. Many Internet shops (esp. sites such as on-line auctions) keep the complete credit card information of clients permanently on record in computer files. Internet site security 'holes' may cause these records to be accessible to adept computer 'hackers', and may lead to fraud. For this reason, there are vendors that operate toll-free telephone numbers especially for people who do not trust their payment card information to the Internet. This solution is far from ideal for two reasons. First, regarding the customer, tansferring his information by telephone does not enhance security much if at all, because there is no assurance that the information does not 'permanently' end up in exactly the same (insecure) place on the vendor's computers as when transferring it through SSL. Second, regarding the vendor, it requires a human telephone operator to accept payment information - and that preferably while the Internet shop is opened: 24h/day and 7days/week.

A later development to protect the card information while in transit over the Internet and provide proof of identity as well was a system called SET, which we will discuss later

Visa and MasterCard

The leaders in the on-line payment card payment arena are the companies Visa and MasterCard.

Their share in the Internet payments market is around 60%. The fee for MasterCard and VISA processing is computed as a percentage of the transaction. This percentage and additional transaction fees are determined based on the method in which transactions are processed. In general, for Internet merchants, these costs will come to 2,60% of sale plus €.50 per transaction. The card companies do not detail the total amount of commissions they receive on Internet purchases today, but the total volume of e-shopping for 1999 is estimated to have been upwards of €5 billion, of which 60% was paid using payment cards.

Payment Cards as Internet payment method

Payment cards are currently the single most popular way to pay for e-purchases. Their advantages over other existing payment methods are that

  • only a card number, name, address and expiration date is necessary to pay, a small amount of information that can easily and quickly be transmitted to vendors over the internet,
  • the customer gains a certain sense of protection, since card issuers have implemented consumer-protection schemes that shield buyers from unscrupulous vendors,
  • credit cards are international means of payment, allowing for 'automatic' currency conversions,
  • a vendor is paid relatively quickly after the sale,
  • payment status can be tracked by calling the card company

Amongst the disadvantages of payment cards rank:

  • payment card fraud is relatively easy and frequent -and especially so in the case of mail/Internet mediated orders since no written signature is available and no magnetic strip or chip can be read
  • International purchases often require the transmission of a separate fax with signature; expensive, time-consuming and a hassle for the consumer, and thus thoroughly eliminating all impulse buying.
  • Fairly stringent sign-up requirements exist for vendors who want to accept payment cards, in practice limiting their acceptance to established companies,
  • Sign up requirements exist for customers as well, eliminating large numbers of potential customers
  • In some developed countries such as Germany, Japan and The Netherlands credit cards have not proved to be very popular irrespective of sign-up requirements.
  • purchases are never anyonymous

Electronic Payment Systems

Companies such as DigiCash, CyberCash, I-Pay, CheckFree, and KLELine (now taken over by BNP) are examples of companies providing their own proprietary payment systems for web purchases. None of these systems have reached the critical mass required to ensure survival (indeed two of the companies mentioned are in a doubtful condition), and none is available world-wide. At the time of writing, for instance, DigiCash is not available outside the USA, I-Pay can be used exclusively within The Netherlands, and in practice KLELine's Klebox was limited to France. All of this may change, of course, but it highlights the problems the EPS vendors are having in establishing standards. What's more, the EPS solutions are often incompatible with one another. This means e.g. that a vendor signed up with CyberCash cannot receive payment from a customer who signed up with Klebox. Similarly, a customer who installed the Klebox 'wallet', can not use that software to pay to a vendor who has installed the CyberCash back-office software.

Note that although we describe the EPS vendors separate from payment cards, most EPS vendors have focussed on providing software that would deliver something that can be described as "more secure than SSL" credit card payments. That is, most of these vendors require the use of a traditional credit card in addition to their software solutions. This implies that people (e.g. teenagers) not owning a credit card cannot purchase anything unless somebody lends them the use of their card.

The SET specification will eventually allow the EPS vendors to produce co-operative EPS solutions that, however, continue work in combination with payment cards. Also important is that the transaction fee that a vendor using an EPS solution is required to pay includes an additional charge from the EPS vendor on top of the fee charged by the card company. The EPS vendors often charge installation fees, per-month service fees, and per-transaction fees.

SET Secure Electronic Transaction

Credit-card companies Visa and MasterCard jointly developed the SET Secure Electronic Transaction protocol as a method to secure payment card transactions over open networks. SET is being published as an open specification for the industry. The SET specification is available to be applied to any payment service and may be used by software vendors to develop applications. SET is an open-network payment-card protocol that provides greater confidentiality and less opportunity for fraud than standard Internet payment card payments. The process involves a series of security checks performed using digital certificates, which are issued to participating clients, merchants, banks, and payment brands.

The major advantage of SET over existing security systems is the addition of digital certificates that associate the cardholder and merchant with their financial institutions and the respective payment brands, e.g., MasterCard, Visa, etc. Digital certificates reinforce existing trusted business relationships and protect against fraud at a level that existing systems do not.

For example, SSL provides security in the transmission of sensitive data, but does not guarantee the identity of the parties involved in the transaction. The digital certificates offer an increase in security since a person signing with the certificate can, in theory, technically be identified beyond doubt.

An objection here, of course, might be that the required and supposedly unequivocal indentification excludes all thoughts of anonymous buying. The customer can be tracked world-wide for all purchases he makes.

Another issue is that a core problem of certificates is that they must normally be present as files on the owners' computer and may as such be copied. Consumer PC's running standard operating systems and connected to a hostile internet are particularly ill-equipped to protect valuable data against attacks from hackers looking for certificates. A hacker could conceivably introduce a trojan looking for certificates and, if found, intercept the keyboard to find the associated password. It should be noted that a stolen certificate would present the legitimate owner with a very big problem, much bigger indeed than a stolen credit card number. Under digital signature laws of several states within in the US a certificate issued by an officially approved company makes its owner responsible for whatever is signed with that certificate. That unfortunately includes anything signed using your stolen certificate by a certificate thief. Such a thief could thus produce virtually unlimited damage, damage that the true certificate holder would find very difficult to contest.

For this reason PayPerNet not only advices against using certificates but also against requesting (and paying for) any 'approved' certificate.

Previous next

© 1999-2005 PayPerNet. All rights reserved.
Trademarks are owned by the respective company or PayPerNet.