MODULE – 4
ELECTRONIC PAYMENT SYSTEMS
Learning Objectives:
- Understand the payment system in E Commerce.
- Discuss the type of payment system.
- Discuss the requirement metrics of a payment system.
- Discuss credit based payment system
- Discuss the risks involved in Ecommerce
- Discuss the security issues involved in Ecommerce.
3.1: INTRODUCTION TO PAYMENT SYSTEMS
Electronic payment systems are central to on-line business process as companies look for
ways to serve customers faster and at lower cost. Emerging innovations in the payment for goods
and services in electronic commerce promise to offer a wide range of new business
opportunities.
Electronic payment systems and e-commerce are highly linked given that on-line
consumers must pay for products and services. Clearly, payment is an integral part of the
mercantile process and prompt payment is crucial. If the claims and debits of the various
participants (consumers, companies and banks) are not balanced because of payment delay, then
the entire business chain is disrupted. Hence an important aspect of e-commerce is prompt and
secure payment, clearing, and settlement of credit or debit claims.
Electronic payment systems are becoming central to on-line business transactions
nowadays as companies look for various methods to serve customers faster and more cost
effectively. Electronic commerce brings a wide range of new worldwide business opportunities.
There is no doubt that electronic payment systems are becoming more and more common and
will play an important role in the business world. Electronic payment always involves a payer
and a payee who exchange money for goods or services. At least one financial institution like a
bank will act as the issuer (used by the payer) and the acquirer (used by the payee).
3.11 THE INTERNET PAYMENT PROCESSING SYSTEM
The participants in an online electronic payment transaction include the following:‐
1. The Customer:‐ Customer in an e‐ commerce may be the holder of a payment card such as
credit card or debit card from an issuer
2. The issuer:‐ The issuer means a financial institution such as bank that provides the customer
with a payment card .The issuer is responsible for the card holder’s debt payment.
3. The Merchant – The person or organizations that sells goods or services to the cardholder via
a website is the merchant. The merchant that accepts payment cards must have an Internet
Merchant account with the acquirer
4. The acquirer – is a financial institution that establishes an account with the merchant and
processes payment card authorizations and payments. The acquirer provides authorization to the
merchant that given card account is active and that the proposed purchase doesn’t exceed the
customer’s credit limit. The acquirer also provides electronic transfer of payments to the
merchant’s account, and is then reimbursed by the issuer via the transfer of electronic funds over
a payment network.
5. The Processor – The Processor is a large data centre that processes credit card transactions
and settles funds to merchants, connected to the merchant on behalf of an acquirer via a payment
gateway. The processor and the acquirer task are assigned to payment gateways.
What is a payment gateway and what is its role in ecommerce?
A payment gateway is an ecommerce service that processes credit card payments for
online and traditional brick and mortar stores. Payment gateways facilitate these transactions by
transferring key information between payment portals such as web-enabled mobile
devices/websites and the front end processor/bank. Payment gateways authorizes the transfer of
funds between buyers and sellers.
Payment gateways fulfill a vital role in the ecommerce transaction process, authorizing
the payment
between merchant
and customer. Popular payment
gateways include
PayPal/Braintree, Stripe, and Square.
When a customer places an order from an online store, the payment gateway performs
several tasks to finalize the transaction:
Encryption: The web browser encrypts the data to be sent between it and the vendor's
web server. The gateway then sends the transaction data to the payment processor utilized
by the vendor's acquiring bank.
Authorization Request: The payment processor sends the transaction data to a card
association. The credit card's issuing bank views the authorization request and
“approves” or “denies.”
Filling the Order: The processor then forwards an authorization pertaining to the
merchant and consumer to the payment gateway. Once the gateway obtains this response,
it transmits it to the website/interface to process the payment. Here, it is interpreted and
an appropriate response is generated. This seemingly complicated and lengthy process
typically takes only a few seconds at most. At this point, the merchant fills the order.
Payment gateways also screen orders with a myriad of helpful tools. This screening process
filters out as much fraud as possible. Payment gateways even calculate tax amounts to authorize
requests transmitted to the processor.
3.12 BASIC STEPS OF AN ONLINE PAYMENT
The basic steps of an online payment transaction include the following:‐
1. The customer places an order online by selecting items from the merchant’s Website and
sending the merchant a list. The merchant often replies with an order summary of the items,
their price, a total, and an order number
2. The customer places an order along with their credit card information and sends it to the
business. The payment information is usually encrypted by an SSL pipeline set up between
the customer’s web browser and the merchant’s web server SSL certificate.
3. The merchant confirms the order and supplies the goods or services to the customer. The
business sends the consumer an invoice, their certificate and their bank’s certificate.
4. The business then generates an authorization request for customer’s credit card and sends it
to their bank
5. The business’s bank then sends the authorization request to the acquirer
6. The acquirer sends an acknowledgement back to the business’s bank after receiving an
acknowledgement from the customer’s Bank.
7. Once the consumer’s bank authorizes payment, the business’s bank sends an
acknowledgement back to the business with an authorization number.
3.2: TYPES OF ELECTRONIC PAYMENT SYSTEM
Electronic Payment system is a financial exchange that takes place online between buyers
and sellers. The content of this exchange is usually some form of digital financial instrument
{such as encrypted credit card numbers, electronic cheques or digital cash) that is backed by a
bank or an intermediary, or by a legal tender.
Electronic payment systems are proliferating in banking, retail, health care, on-line
markets, and even government—in fact, anywhere money needs to change hands. Organizations
are motivated by the need to deliver products and services more cost effectively and to provide a
higher quality of service to customers.
The emerging electronic payment technology labeled electronic funds transfer (EFT). EFT is
defined as ―any transfer of funds initiated through an electronic terminal telephonic instrument,
or computer or magnetic tape so as to order, instruct, or authorize a financial institution. EFT can
be segmented into three broad categories:
1. Banking and financial payments
Payment System lies at the heart of all market economies because all economic
transaction requires the use of payment instruction. Total resource cost of making
payments typically absorbs at least 3 percent of GDP in most of the economies. There are
two type of Payment system:
Large-scale or wholesale payments (e.g., bank-to-bank transfer): Bank to bank
transfer allows the account holder to transfer funds to or from one account to the
other account you have at other financial institutions within the country. You must
be an owner of each of the accounts in order to make a transfer.Eg: The National
Electronic Fund Transfer, or NEFT, is one of the most commonly-used ways of
transferring money online from one bank account to another. There is no cap on
the amount of money that can be transferred. However, individual banks may set a
limit. State Bank of India, for example, has capped the NEFT transfer amount
under retail banking at Rs 10 lakh.
Small-scale or retail payments (e.g., automated teller machines)
Retail payments usually involve transactions between two consumers, between
consumers and businesses, or between two businesses. The important trend is the
shift from paper to electronic payments. Recent research has found that
consumer use of electronic payments has grown significantly in recent years, and
the trend will accelerate. These retail payments may involve the use of various
retail payment instruments or access devices (e.g., checks, ACH, card, phones,
etc.). Retail payment may be grouped into payment instruments in various
categories, including: checks, card-based electronic payments, and other
electronic payments, such as person-to-person (P2P), electronic benefits transfer
(EBT), and Automated clearing house (ACH).
Home banking (e.g., bill payment): a system of banking whereby transactions are
performed directly by telephone or over the Internet. Hoem banking
a system of banking using a personal computer in your own home to carry out
various financial transactions such as paying invoices or checking your bank
account. It also a service provided by banks that allows people to pay money from
one account into another, pay bills etc by email or telephone. Many people use
their computers for home banking and home shopping.
2. Retailing payments
Credit Cards (e.g., VISA or MasterCard):
With a credit card, you can pay your charges in full or finance them up to the
credit limit that the card issuer has offered you. You still get the same basic loan as
with a charge card, but you can extend the term of the loan almost indefinitely so long
as you make a minimum payment each month. The most widely used is the Citibank
Visa card.
The figure illustrates the payment and information flows for a typical credit card
transaction. In this example, the consumer pays a merchant with a credit card (step 1).
The merchant electronically transmits the data, at the POS, through the bankcard
association’s electronic network to the card issuer for authorization (steps 2 and 3). If
approved, the merchant receives the authorization to capture funds, and the cardholder
accepts liability by signing the credit voucher (steps 4, 5, and 6). The merchant
receives payment, net of fees, by submitting captured credit card transactions to its
financial institution in batches or at the end of the day (steps 7 and 8). The merchant
acquirer forwards the sales draft data to the bankcard association, who in turn forwards
the data to the card issuer (steps 9 and 10). The bankcard association determines each
financial institution’s net debit position. The association’s settlement financial
institution coordinates issuing and acquiring settlement positions. Members with net
debit positions (generally issuers) send owed funds to the association’s settlement
financial institution, which transmits owed funds to merchant acquirers. The
settlement process takes place using a separate payment network such as Fedwire (step
11). The card issuer will then present the transaction on the cardholder’s next monthly
statement (step 12). The cardholder makes a payment for the charges incurred in
accordance with the cardholder agreement.
Private label credit/debit cards (e.g., J.C. Penney Card)
Debit cards are associated with an existing transaction account at a financial
institution. With a debit card, the payment comes right out of your checking account.
Card is issued by the entity that holds your money on deposit, probably a bank, but
possibly a money market fund. When you present your card, money is transferred
from your account to the merchants account that day.
The card enables consumers to access the account for a variety of transactions.
Debit cards are either on-line (e.g., PIN-based) or off-line (e.g. signature-based). Online debit cards have been available for several decades and have seen tremendous
growth since the early 1990’s. Off-line debit cards are a more recent innovation and
consumers are increasingly using them at merchant locations that accept bankcards.
Charge Cards (e.g., American Express)
Charge Cards have a short-term, fixed-period, credit arrangement. With Charge
cards, Consumer must fully pay the outstanding balance at the end of the one-month
charge or billing period. This arrangement exposes the issuing institution to less
credit risk than open-ended accounts. Nevertheless you do receive a loan up to the
date of the payment. Most people write a cheque to pay off their card bill. The
American Express Green Card is the predominant charge card.
Various other Online Payment Systems
1. Electronic Tokens:
An Electronic token is a digital analog of various forms of payment backed by a bank or
financial institution. There are two types of tokens:‐
Real Time (or Pre‐paid tokens) – These are exchanged between buyer and
seller, their users pre‐pay for tokens that serve as currency. Transactions are
settled with the exchange of these tokens. Eg. Digicash , Debit Cards, Electronic
Purse etc.
Post Paid Tokens – are used with fund transfer instructions between the buyer
and seller. Eg. Electronic Cheques, Credit card data etc.
PREPAID AND POST PAID PAYMENT SYSTEMS
Electronic payment systems are broadly classified in to prepaid and post paid payment systems:
A] Prepaid payment systems
It provides a service that is paid prior to usage. Here the customer is allowed to spend
only up to the amount that have pre‐determined into the account. This type of payment system is
highly useful to those customers who would like to control overspending. E.g. Prepaid debit
cards or prepaid credit cards. Prepaid payment system is taken by the customer by depositing
money with the credit given company. It can be deposited in the savings account or the current
account. Once the money is deposited, the card is used as a regular credit card. It is very
effective card as it doesn’t put in to debt.
Once the money is exhausted in the account, the credit card cannot be used. There is no
interest charges related to this card.
Benefits of the pre‐paid payment system
1. It is accepted at the entire merchant establishment worldwide according to the affiliation
of the credit given company.
2. It can be used to withdraw cash from the ATMs
3. Reloadable anytime anywhere
4. It can be used to withdraw cash in any international currency
5. It is usually backed up by personal accident insurance cover
6. Customer has the facility to get online and track spending , check balance, change pin
Postpaid Payment System
This system is like a credit card used to make incremental purchases through the web site.
As purchases are made, the accumulated debt on the post paid credit instrument increase until a
credit limit is reached, or until an arrangement has made to settle the debt such as monthly
payment.
Normally all credit cards are post paid cards. The customer gets the eligibility of
spending through the income statement and credit history produced before the credit card
company. The customer gets a credit limit and a credit period by which the customer is supposed
to pay back the money to the credit card company.
Features of Postpaid payment system
i. Global acceptance – accepted by all the merchant establishments according to the
network set by the credit card company.
ii. Balance transfer option – It is possible to transfer outstanding funds from one card to
other cards with low interest rates.
iii. Revolver facility – Customer can pay only a small amount of the total outstanding and
revolve the rest for the payment o the next month.
iv.
Cash advance facility – Customer can withdraw around 30% of the credit limit at any
ATM connected to the credit card company
v.
Teledraft – These facilities are available at the door steps of the customer
vi. Other services – Credit card can be used for railway tickets and airline ticket purchase
vii. Convenience – as the customer is not required to carry cash for any purchase
viii. Easy availability – holder can load prepaid credit cards at anytime they need.
Electronic Purse
Electronic Purse is a card with a microchip that can be used instead of cash and
coins for everything from vending machines to public transportation. The Electronic
Purse would consist of micro‐ chip embedded in a credit card, debit card, or stand alone
card to store value electronically. The card would replace cash and coins for small ticket
purchases such as gasoline stations, pay phones, road/bridge tolls, video games, school
cafeterias, fast food restaurants, convenience stores, and cash lanes at supermarkets.
Cardholders can “reload” the microchip and control the amount of value stored in the
card’s memory.
The Electronic Purse provides cardholders with the security and convenience of
carrying less cash and coins, eliminating the need for exact change.
Electronic purse is a term applied to a number of formats, each with different
applications. At the moment, smart card based systems are used as a direct replacement
for money that the user would have in his pocket and software based systems are used for
online purchases. The e‐ purse is an electronic / cash less payment option for making
small purchases within the campus.
To load an electronic purse, the user must be able to operate an ATM or card
loading machine. Usually this requires the user to be able to read a visual display, but
methods for alleviating this problem have been developed. To use the electronic purse,
the user hands the card to the shop assistant who inserts the card in a terminal and keys in
the amount of the transaction. This is displayed visually to the customer. Once again, the
person must be able to read a display screen. The customer confirms that the amount is
correct, and the money is transferred from the card to the terminal. In some systems the
customer need to key in their PIN [Personal Identification Number] before the transaction
can be completed.
TYPES E- COMMERCE PAYMENTS
1. Debit Cards
Debit cards are the second largest e-commerce payment medium in India.
Customers who want to spend online within their financial limits prefer to pay with their
Debit cards. With the debit card, the customer can only pay for purchased goods with the
money that is already there in his/her bank account as opposed to the credit card where
the amounts that the buyer spends are billed to him/her and payments are made at the end
of the billing period.
Banks issue debit cards to their customers who have maintained an account in the
balance with sufficient credit balance. Each time the customer makes a purchase, an
equal amount of the purchase is debited in his account.
The transaction works much like a credit card transaction. For Eg. A customer gives
an ATM card to the seller for the purchase. The merchant read the card through a
transaction terminal and the customer enters his personal identification number. Then the
terminal route the transaction through the ATM networks back to the customer’s bank for
authorization against customer’s deposit account. The funds, are approved, are
transferred from the customer’s bank to the sellers bank.
Smart cards or debit cards (e.g., Mondex Electronic Currency Card)
A smart card is a plastic card about the size of a credit card, with an embedded
microchip that can be loaded with data, used for telephone calling, electronic cash payments,
and other applications and then periodically refreshed for additional use. A smart card, chip
card, or integrated circuit card [ICC] is any pocket sized card with embedded integrated
circuits which can process data. The card connects to a reader with direct physical contact or
with a remote contactless radio frequency interface. Smart card technology conforms to
international standards and is available in a variety of form factors, including plastic cards,
fobs, subscriber identification modules [SIMs] used in GSM Mobile phones and USB based
tokens.
These cards can be used to purchase goods and services. Smart cards are very useful
to merchants and consumers to settle the transaction between them. Smart card provides a lot
of benefits to consumers. It helps to manage expenditures more effectively, reduce the paper
work and ability to access multiple services and the Internet. A multiple application card can
support services like health care, travel and financial data access.
The benefits of smart cards for the consumer are the following:‐
Security – unauthorized access is prevented by a lock function
Convenience
Flexibility
Control
International use
Interest free loan
2.
Credit card-based payments systems
The most popular form of payment for e-commerce transactions is through credit cards. It is
simple to use; the customer has to just enter their credit card number and date of expiry in the
appropriate area on the seller’s web page. To improve the security system, increased security
measures, such as the use of a card verification number (CVN), have been introduced to on-line
credit card payments. The CVN system helps detect fraud by comparing the CVN number with
the cardholder's information.
Encrypted Credit Cards (e.g., World Wide Web form-based encryption):
Credit card encryption is a security measure used to reduce the likelihood of a credit or
debit card information being stolen. Credit card encryption involves both the security of
the card, the security of the terminal where a card is scanned, and the security of the
transmission of the card’s information between the terminal and a back-end computer
system. To accept a credit card for payment, we have to open a merchant account with
our bank. A merchant account allows sellers to accept and process credit card
transactions. In these transactions, the card number and transaction details are processed
with no identification of the buyer. To implement the payments over the internet, the
web merchant needs some form of secure and encrypted line using the Secure sockets
Layer [SSL] that is standard on Netscape and Microsoft browsers. The merchant server
needs an encryption key for the purpose.
3.
Smart Card
It is a plastic card embedded with a microprocessor that has the customer’s personal
information stored in it and can be loaded with funds to make online transactions and instant
payment of bills. The money that is loaded in the smart card reduces as per the usage by the
customer and has to be reloaded from his/her bank account.
3.
E-Wallet
E-Wallet is a prepaid account that allows the customer to store multiple credit cards, debit card
and bank account numbers in a secure environment. This eliminates the need to key in account
information every time while making payments. Once the customer has registered and created
E-Wallet profile, he/she can make payments faster. Example :Amazon pay,paytm etc
4.
Netbanking
This is another popular way of making e-commerce payments. It is a simple way of paying for
online purchases directly from the customer’s bank. It uses a similar method to the debit card of
paying money that is already there in the customer’s bank. Net banking does not require the
user to have a card for payment purposes but the user needs to register with his/her bank for the
net banking facility. While completing the purchase the customer just needs to put in their net
banking id and pin.
5.
Mobile Payment
One of the latest ways of making online payments are through mobile phones. Instead of using a
credit card or cash, all the customer has to do is send a payment request to his/her service
provider via text message; the customer’s mobile account or credit card is charged for the
purchase. To set up the mobile payment system, the customer just has to download a software
from his/her service provider’s website and then link the credit card or mobile billing
information to the software.
Other Options for E-Commerce Payments
•
Bill Me Later
– Instant “loan” invoicing
– Can increase sales and average ticket
– 30-40% less expensive than credit cards
•
Signature debit cards
– Many consumers hold these cards
– Processed similar to credit cards but can have somewhat lower fees
•
PIN-less debit cards
– Low fees
– Useful only to certain industries
•
Checks (personal, money orders, cashier’s)
– Many consumers still prefer these options
– Can slow completion of sale if shipment is delayed until check clears
E-commerce Revenue Model
The e-Commerce space has never been so elastic and broader before. Addressing the recent
upsurge in global business, technological advancement and the people following online
shopping, the digital space has opened flexible ways to put up your e-commerce revenue model
in the array and reach out to your audience much more easily.
What is an eCommerce business?
In simple terms, eCommerce or electronic commerce business refers to selling, buying or making
a transaction over the internet in the digital marketplace. The products or services are showcased
through a website or mobile application through digital signage systems that are integrated with a
secured payment gateway facilitating product purchase and financial transaction.
The e-commerce revenue model is usually considered in classifying eCommerce business as
revenues denote the total amount of money that is being received by the company after trading
its products or service with its customers. There is a range of options from where revenues can
be generated including advertising, affiliate marketing, subscription and a lot more.
The industry never restricts the upcoming of any new way of generating revenue. Though we
will stick to explain the basic five eCommerce Revenue Models with possible variations to the
approach.
TYPES OF REVENUE MODEL
1. Advertising Revenue Model
Generally, there is always a commission charged to advertisers to put up their advertisements in
a well known online marketing platform. This is the classic principle that is being followed for
the business categorized for the Advertising Revenue model. They take advantage of the huge
traffic who regularly visit the chosen platform to shop around, see the ad and get redirected to the
actual site.
This can be related to a way of increasing leads to the business. The payments are made to the
hosting platform based on a fixed commission or decided upon the traffic density that is driven to
the business.
Business following the Advertising Revenue Model presents an indirect way of earning revenue
through a digital platform and the conventional ways of putting up ads generally include display
marketing that includes a super banner, wallpaper, skyscraper or rectangular ads. These are paid
according to the traffic that is driven from the platform through the ads. The general income
structure is based on the invoices raised against Cost per Click (CPC) or Cost per Action (CPA).
Apart from the regular display marketing strategies that are aimed to redirect the traffic coming
onto the eCommerce platform into the address where the ads are linked to, affiliate marketing
and search engine marketing are other famous ways.
Google Adwords and Adsense are among the most trending and reliable options that allow you
to place your ads through the Google Search engine allowing you to bring your business website
to the top of the search results when searched with the related keywords. Similar platforms are
facebook and the New York Times that allows you to display ads based on a Cost Per Mile
(CPM) basis.
2. Subscription Revenue Model
You must have heard of Netflix, Amazon Prime, YouTube Premium, etc who will let you enjoy
their unlimited services. These eCommerce business models charge their users or rathers
subscribers based on a certain interval of time (daily, monthly or annual) to avail their services.
The service offerings of these companies generally include music, videos, TV channels,
magazines, special services, etc. which is offered to the subscribers for a price to watch/listen or
get the latest edition. Now, let me guide you through some examples of basic subscription
business models.

Premium membership: Many social media and business platforms like Xing,
Linkedin, stayfriends, etc. offers subscriptions to avail of additional services that get
the subscribers to access to daily updates, newsletters, short notices, etc. These
information and quick updates are delivered to them directly to their account.

Internet service providers: We all are familiar with the monthly and annual
subscription of internet service providers or rather a broadband connection enabling
the subscribers to enjoy unlimited internet service.
Publishers and content services: You are well acquainted with Netflix, New York Times, Spiegel
Online, etc. These eCommerce business models ask for subscription fees based on monthly or
annually to get access to their content.
Special services
We all know that every eCommerce business has one thing in common and that is their payment
gateway. These are companies like Paypal, VeriSign whose subscription fee depends upon the
SSL certification and the period of service.
3. Transaction Fee Revenue Model
The eCommerce business following the transaction fee revenue model charges a fee to a seller
for every transaction made through them. They are the payment companies that provides the
payment gateway service to other eCommerce business platforms. Generally, the profit is
derived through enabling or executing transactions.
The operator provides a platform for the eCommerce marketplace through which the
transaction can be completed. Now, the necessary steps include registering of the vendor and the
operator so that the identities are kept intact that may later be required for a business. The model
has proximity to the affiliate market but is somewhat different.
To explain it in a better way, let’s take the example of PayPal. The company charges a
transaction fee to the sellers of the product once the transaction is completed. Similarly, eTrade
gains a transaction fee whenever a stock transaction is made with a customer. The amount to be
paid to the operator is either decided upon based on a percentage or a fixed amount with the
vendor. Amazon is another example of a transaction fee revenue business model.
4. Sales Revenue Model
This is the most commonly followed eCommerce business model where wholesalers and
retailers sell their product over the internet intending to reach out to a larger target audience.
Also, more importantly, this model brings inconvenience for the customer as well as save them
time. And the hassle to walk up to their physical store. There is an extra cost.
The prices are often competitive in comparison to the actual store price. The business following
the online sales model often comes with marketplaces as common entry points that allow them to
deal with various product vendors allowing them to grow the marketplace and therefore earn
more.
In certain cases, the sales are directly injected into the business where the profit is shared with
none. Based on the size of the business and the point of sales traffic, certain functionalities of the
business are transferred to third party vendors, generally done for the logistics and supply chain.
Examples can be sited in terms of all the single shop companies selling their brand products over
the internet through their online platforms. This forms a dedicated way of doing sales and
reaching out to a vast number of customers. Amazon, Otto, etc are examples of businesses
following such a model for their web catalog-based business over the internet. Also. Buy.com,
Etsy are examples of such marketplaces while iBood, woot! guut.de are examples of live
shopping marketplaces.
5. Affiliate Revenue Model
Next, on the list, we have an affiliate revenue model that deals with a business that follows the
principle of commission. Merchants and vendors partner up with well-known eCommerce
platforms to advertise and sell their product giving them a percentage of the profit as a
commission.
An affiliate marketing is a well-known way of inviting as well as driving quality leads into their
business. The process basically works as a link that is hyperlinked to the affiliate and is archived
on a host platform that gets regular traffic. Any user who clicks to the affiliate link is redirected
to their website where the product or service is cataloged. The affiliate or the merchant thus pays
an agreed commission to the host operator who’s carrying the link for every traffic driven.
Amazon and affilinet are well-known examples that let you affiliate your product links and drive
traffic. For each lead driven to your website, you need to pay a certain percentage to Amazon or
affilinet as their commission. Interestingly, this brings a win-win situation for both the merchant,
who sells his product and the affiliate who advertised or marketed their product. Such
an eCommerce business model utilizes different variations such as pay-per-click, banner
exchange and also, revenue sharing programs that aim at driving the audience from one platform
to another.
There are a lot of other business models that are being used today to gain profit from the online
marketplace. However, it’s natural that eCommerce business and digital marketing go hand in
hand while delivering the business objective. Today there is an estimated rise of 17% in
the eCommerce business since last year and has the potential to grow sky high in the coming
years.
ELECTRONIC PAYMENTS ISSUES
In common with all other electronic information processing systems, payment systems are prone
to disruption by people exploiting the systems innate vulnerabilities. Those considering
employing a payments system must decide whether to accept the consequent risks. Data in
computers are more liable to destruction, fraud, error and misuse. Since payment information is
so valuable its security is all the more important than other kinds of tangible assets in the
organizational context.
Security and privacy
Policymakers are concerned over ID theft and security breeches that facilitate online fraud.
Security refers to the policies, procedures and technical measures and to prevent unauthorized
access, alteration, theft or physical damage to information systems. The basic objective of
information security is the protection of interests of those involved in online business. All
electronic information processing systems are vulnerable to denial of service attacks where the
attacker employs any one of a variety of methods to prevent a client using a service a provider
offers. Such attacks can have the effect of closing down a business. Some of the attacks were as
follows:‐
Secure transfer across internet
High reliability: no single failure point
Atomic transactions
Anonymity of buyer
Economic and computational efficiency: allow micropayments
Flexibility: across different methods
Scalability in number of servers and users
SECURITY REQUIREMENTS IN ELECTRONIC PAYMENT SYSTEMS:
1. Integrity and authorization :
A payment system with integrity allows no money to be taken from a user without
explicit authorization by that user. It may also disallow the receipt of payment without
explicit consent, to prevent occurrences of things like unsolicited bribery. Authorization
constitutes the most important relationship in a payment system. Payment can be authorized
in three ways: via out-band authorization, passwords, and signature.
2. Out-band authorization
In this approach, the verifying party (typically a bank) notifies the authorizing party (the
payer) of a transaction. The authorizing party is required to approve or deny the payment
using a secure, out-band channel (such as via surface mail or the phone). This is the current
approach for credit cards involving mail orders and telephone orders: Anyone who knows a
user‘s credit card data can initiate transactions, and the legitimate user must check the
statement and actively complain about unauthorized transactions. If the user does not
complain within a certain time (usually 90 days), the transaction is considered ―approved by
default.
3. Password authorization
A transaction protected by a password requires that every message from the authorizing
party include a cryptographic check value. The check value is computed using a secret
known only to the authorizing and verifying parties. This secret can be a personal
identification number, a password, or any form of shared secret. In addition, shared secrets
that are short - like a six-digit PIN - are inherently susceptible to various kinds of attacks.
They cannot by themselves provide a high degree of security. They should only be used to
control access to a physical token like a smart card (or a wallet) that performs the actual
authorization using secure cryptographic mechanisms, such as digital signatures.
8. Signature authorization
In this type of transaction, the verifying party requires a digital signature of the
authorizing party. Digital signatures provide non repudiation of origin.
9. Confidentiality
Some parties involved may wish confidentiality of transactions. Confidentiality in this
context means the restriction of the knowledge about various pieces of information related
to a transaction: the identity of payer/payee, purchase content, amount, and so on. Typically,
the confidentiality requirement dictates that this information be restricted only to the
participants involved. Where anonymity or un-traceability are desired, the requirement may
be to limit this knowledge to certain subsets of the participants only.
10. Availability and reliability
All parties require the ability to make or receive payments whenever necessary. Payment
transactions must be atomic: They occur entirely or not at all, but they never hang in an
unknown or inconsistent state. No payer would accept a loss of money (not a significant
amount, in any case) due to a network or system crash. Availability and reliability presume
that the underlying networking services and all software and hardware components are
sufficiently dependable. Recovery from crash failures requires some sort of stable storage at
all parties and specific resynchronization protocols. These fault tolerance issues are not
discussed here, because most payment systems do not address them explicitly.
SOLUTIONS TO SECURITY ISSUES:
There are numerous threats that appear on the Internet or are spread through the Internet.
Such threats include viruses, worms, Trojans, hackers, Denial of Service, sniffers and
information theft. There are also internal threats from staff and backdoors. The software
technologies that can be used to face such threats include the following.
The solution for meeting each of the goals above includes two essential components :
-
Digital certificates for Web servers, to provide authentication, privacy and data
integrity through encryption.
-
A secure online payment management system, to allow e-commerce Web sited to
securely and automatically accept, process, and manage payments online.
Along with these, a business firm can make use of technologies to build up a trusty
infrastructure to take full advantage of this Internet.
A brief discussion on various methods generally used for managing the security issues
given below.
A. Anti-Virus Programs
The first and most critical element of e-payment security system is antivirus software. If
organisation does not have up-to-date antivirus software they are asking for trouble. It is
reported that 300 new viruses appear each month and if we are not constantly protecting our
system against this threat our computer will become infected with at least one virus.
Antivirus software scans computers of signatures of a virus. A virus signature is the
unique part of that virus. It can be a file name, how the virus behaves or the size of the virus file
itself. Good antivirus software will find viruses that have not yet infected your PC and eliminate
the ones that have.
Antivirus software can only protect our computer form virus trying to infect it via email, CD-Rom, floppy disk, Word documents or other types of computer files. Antivirus
software alone will not keep our computer cent percent safe. It is also necessary to use other
methods like firewall software.
As the organization’s computer accesses the Internet then an anti-virus scanner should
be installed. There are different types of antivirus software now in use. It should be configured
to perform analysis and be able to scan zipped files as well as other types of files.
Anti-virus programms can be used on the server level itself. Such programs can scan the
files that the server receives and looks for patterns that match known malicious software. The
anti-virus scanners are set to update them automatically. If any notification is received through
such thing as radio or TV or the Internet, that there is a major problem with a virus or worm, then
the anti-virus software can be updated manually at that time.
2. Firewalls
A Network Firewall is basically a secure gate between our organizations data and the
Internet. The firewall is a combination of hardware and software. The firewall then filters traffic
based on our requirements. Firewall security is designed to detect and resists unwanted attempts
to penetrate our server security. All data traffic in bound to our server solution flows to the
firewall. There, data packets are inspected and evaluated against a security policy that we
define. All data packets are compared to our security policy before being forwarded or rejected
by the firewall.
There are certain benefits that result for the server such as the protection of vulnerable
services and restricted access to any vulnerable machines. The firewall server is to act as a
gateway. It hides the existence of any of the internal machines from any hackers on the Internet.
All access to the Internet will to through it and this means the Internet traffic will be able to
watched closely, so any misuse could be noticed quickly.
3. Secure Socket Layer (SSL)
SSL allows traffic to be scrambled (or encrypted). The standard SSL developed by
Netscape provides a high level of protection. The US government views encryption technology
as munitions, so the only version of SSL available worldwide is the relatively weak 40-bit
version. However, this version can protect against any casual attempt to decpher card details, as
it take over an hour to crack one message. Browsers that support this feature a dialogue ox, a
padlock in the bottom task bar, or a blue key (like Netscape Navigator) to indicate that a secure
session is in progress.
4. Secure Electronic Transaction (SET)
SET encrypts payment card transaction data and verifies that both parties in the
transaction are genuine. SET, originally developed by Mastercard and Visa in collaboration with
leading technology providers, has a large corporate backing and is perceived to be more secure
as a result of its validation from card companies.
5. Public Key Software Infrastructure (PKI)
PKI is similar to a bank’s night safe in that may public keys can be used to deposit items
into the safe, but only one private key, belonging to the bank can make withdrawals.
6. Other Measures:
For secure online transactions, the site that hosts the account should follow strict security
policies. If the passwords are susceptible to being hacked, it results in a serious financial loss.
Banks or financial institutes, which maintain customer’s personal information, cannot afford to
expose it to hackers. There is a potential risk of our personal and account details being stolen.
One of the most severe disadvantages of electronic payment systems is that of identify
theft. The available security measures can prevent the sensitive information from being exposed.
But it is important to use virus protection or firewalls for our computer. It is important to carry
out money transactions over a secure server.
There is a great risk involves in the theft or the loss of the smart cards. In case the cards
fall in unsafe hands, there is a danger of the expenditure of our entire bank balance. There are
measures to inform the concerned authorities about the loss of the card. But, the time between
losing the card and informing the authorities is critical. Unauthorized users may carry
transactions in our name during this period of time.
Mostly, electronic cash is based on cryptographic systems. The transactions are encoded
by means of numeric keys while the transaction details travel across the net. Though, electronic
payments are resistant to forgery, these keys are vulnerable to attack
SECURITY POLICY FOR E-COMMERCE:
The security policy may cover issues like:
What service types (e.g., web, FTP, SMTP) users may have access to?
What classes of information exist within the organization and which should be
encrypted before being transmitted?
What client data does the organization hold. How sensitive is it? How is it to be
protected?
What class of employees may have remote access to the corporate network?
Roles and responsibilities of managers and employees in implementing the security
policy.
How security breaches are to be responded to?
The security policy should also consider physical aspects of network security. For example,
Who has access to the corporate server?
Is it in a locked environment or kept in an open office?
What is the procedure for determining who should be given access? The security policy
regulates the activities of employees just as much as it defines how IT infrastructure will
be configured. The policy should include details on how it is to be enforced
How individual responsibilities are determined?
For it to be effective, the policy needs regular testing and review to judge the security measures.
The review process needs to take into account any changes in technology or business practices
which may have an influence upon security. Lastly, the policy itself needs to be regarded as a
living document which will be updated at set intervals to reflect the evolving ways in which the
business, customers and technology interact.
Security Standards:
There are various standards pertaining to the security aspects of enterprises. Some of them
are
ISO 17799 (Information technology – Code of practice for information security
management).
(ISO/IEC 2000).
SSE-CMM (Systems security engineering – Capability maturity model).
(SSE-CMM 2003).
COBIT (Control objectives for information and related technology).
(COBIT 2000).
ISO 17799 provides detailed guidelines on how a management framework for enterprise
security should be implemented. It conceives ten security domains. Under each domain there are
certain security objectives to be fulfilled. Each objective can be attained by a number of
controls. The controls may prescribe management measures like guidelines and procedures, or
some security infrastructure in the form of tools and techniques. It details various methods that
can be followed by enterprises to meet security needs for e-commerce. It talks about the need for
security policies, security infrastructure, and continuous testing in the same manner as has been
detailed above.
Operational Risks:
Risks Involve in E-Cash are:
1) The time over which given electronic money is valid
2) How much can be stored on and transferred by electronic money.
3) No. of transactions made during given period of time.
To make purchasing using E-cash:
1) Establishment of an account
2) Maintaining enough money in the a/c to make the purchase
3.4: REQUIREMENT METRICS OF A PAYMENT SYSTEM
Metrics can help an entity to better understand its business model—to understand the
customer base and thereby better target the content of the e-commerce website, to better target
promotions and discounts, product placements, up-selling and cross-selling, and to better manage
price points. Metrics provide a basis for analyzing performance. In the absence of metrics,
performance assessment would be based primarily on qualitative observations of behaviour.
Such observations could be haphazard and subjective, resulting in performance assessments that
are biased or indefensible.
An e-payment system is a way of making transactions or paying for goods and
services through an electronic medium, without the use of checks or cash. It’s also called an
electronic payment system or online payment system. The electronic payment system has
grown increasingly over the last decades due to the growing spread of internet-based banking
and shopping. As the world advances more with technology development, we can see the rise of
electronic payment systems and payment processing devices. As these increase, improve, and
provide ever more secure online payment transactions the percentage of check and cash
transactions will decrease.
Payment processing metrics
Key performance indicators (KPIs) that measure different aspects of your payment system—
payment conversions, successful transactions, fraud, and more—will give you actionable data
you can use to make targeted changes. Your conversion rate is perhaps the most critical payment
metric.
3 Key Payment Conversion KPIs
Here are three KPIs to measure payment conversions:
1. Payment Conversion Rate
This straightforward metric tells you how many transactions on the whole were declined. If 80
out of 100 transactions were successful, you have an 80% payment conversion rate. There are
many reasons why transactions are declined—incorrect card information, insufficient funds,
invalid card numbers, suspicion of fraud, etc.—so the more detail your provider can give about
the reasons behind declined transactions, the better. For example, if an unusually high number of
transactions are declined due to possible fraud, your payment provider should be working harder
behind the scenes to prevent this from happening. The issues that come to the forefront are the
ones you should focus on addressing.
2. Conversion Rate By Bank
If multiple declines are associated with a specific bank, the bank may have recently adjusted its
fraud rules, which, in turn, is impacting your sales. You can resolve this situation, but you’ll
need more information about the declined transactions in order to do so, including the bank name
and bank identification number (BIN) on the shopper’s credit card. Your provider should be able
to provide reporting that shows you your conversion rates by issuing bank and BIN so you can
easily identify problems.
3. Conversion Rate By Payment Method And Card Type
Even though it’s hard to know for sure if payment methods are the reason for declined
transactions, knowing the conversion rate by payment method and/or card type will still give you
some helpful data. It’s a good practice to track the performance of newly added payment
methods—the addition of eWallets, for instance—for comparison to your existing offerings to
stay on top of customer preferences and payment trends. It’s also useful if you’re considering
redesigning your checkout page to make your highest-performing payment types more
prominent. In that case, the data you gather can be used to maximize your conversions.
Payment Policies for E-commerce Marketplaces in India
Payment Policies for Flipkart, Snapdeal, Amazon, ShopClues, Paytm Mall, eBay
First of all, this is the age of eCommerce and you are a seller and not selling your product online,
then you are losing your business growth. While there is an option to start an online store for
your business, it is a big opportunity to sell your products before a large no. of buyers. Payment
Policies for E-commerce Marketplaces provide an established platform for sellers to sell their
products online whose Payment Policies is very friendly.
Payment Policies of Flipkart:
Determination of Price of Your Products:
You have the right to set the price for your product. It enables you to update your pricing
according to your comfort. You can also give the offers to the buyers on any occasion, it depends
on you. Here is the payment policies and payment process on Flipkart.
Fees Charged by Flipkart:
Mainly five types of deductions will be made from your order. These following charges will
deduct from your total payment sum:

Commission Fee: Some percentage of the order item value will be made which will be
different from product to product.

Collection Fee: This fee will vary according to customers payment mode i.e, Prepaid or
Cash on Delivery.

Fixed Fee: Some fixed fees will be deducted from Flipkart on different order values.

Shipping Fee: This fee will be charged according to Delivery location and weight of the
product.

GST Charge: It is mandatory to be charged on all the items, it may be varied according
to item types.
Your Payment Method and Time:
You will get your payment through Online Mode (NEFT transactions). Your payment will make
directly to your Bank account within 7-15 business days from the date of order shipped. These
payments will be varied according to which type of seller you are.

Gold Seller: 7 working days

Silver Seller: 12 working days

Bronze Seller: 15 working days
Payment Policies of SnapDeal:
Your payment will be credited directly to your Current Account through Net Banking (NEFT:
National Electronic Funds Transfer). The Initial Payment will be initiated on (7+10) delivery
basis. There are 4 Payment Cycles within a month. The Payment Cycle can be further lowered
down for the consecutive months on the basis of seller’s performance in terms of Revenue
generated.
Payment Policies of Amazon:
After delivery of the product, Amazon Pay can withhold a minimum balance in your
account to secure payment disputes raised by the customers. This is a Reserve Balance.
Reviews of A to Z guarantee claims, customers complaints, and returns can take 90 days
or more.
Amazon first settles your account balance 14 days after you sell your first product. Its
meaning is that Amazon will either initiate a Payment to your Bank Account or will charge your
Credit Card on your settlement date. The Observation Period will begin when your first
transaction will be successfully processed.
You can withdraw funds from your Amazon Payments Account at any time. Payment
will be credited to a Bank Account linked to your Amazon Payments Account.
Important consideration for Designing Electronic Payment Systems
Privacy. A user expects to trust in a secure system; just as the telephone is a safe and
private medium free of wiretaps and hackers, electronic communication must merit equal trust.
Security. A secure system verifies the identity of two-party transactions through “user
authentication” and reserves flexibility to restrict information/services through access control.
Tomorrow’s bank robbers will need no getaway cars just a computer terminal, the price of a
telephone call, and a little ingenuity. Millions of dollars have been embezzled by computer fraud.
No systems are yet fool-proof, although designers are concentrating closely on security.
Intuitive interfaces. The payment interface must be as easy to use as a telephone. Generally
speaking, users value convenience more than anything.
Database integration. With home banking, for example, a customer wants to play with all
his accounts. To date, separate accounts have been stored on separate databases. The challenge
before banks is to tie these databases together and to allow customers access to any of them
while keeping the data up-to-date and error free.
Brokers. A “network banker”-someone to broker goods and services, settle conflicts, and
facilitate financial transactions electronically-must be in place.
Online payment fraud on e-commerce
Payment fraud is an old issue. For quite some time, fraudsters’ preferred method has been
stealing physical payment cards and making purchases with them. This still happens, however, eCommerce fraud is becoming more common.
E-Commerce fraud is an illegal or false transaction made in a webshop. The big difference
between physical and online payment fraud is, that, the card does not need to be present when
making an online transaction. The fraudster simply needs the card information. Hackers can steal
this information as it is often stored and transferred digitally.
Hackers either:

Use the data themselves

Sell it to cyberthieves, to make fraudulent transactions.
According to a Nilson Report from 2015 and another from 2016, worldwide card fraud:

Has increased every year since 1993

Has increased especially since 2010

Will keep increasing until 2019
The fact that the major increases in card fraud have taken place since 2010 is assumed to be
linked to the growth in e-Commerce in the same period.
Why does fraud take place?
With a large amount of card information stored and transferred online, it has been
become easier for hackers to get access to this information.
Every time new measures are taken to prevent fraud, hackers step up their game and find new
ways to avoid the newly set barriers.
There are two main reasons that online fraud occurs as often as it does:
It is fairly easy for hackers to steal the needed data. For fraudsters, it is easy to buy this
information on the black market.

Lack of prosecution for this type of crime.

The lack of prosecution in fraud is due to the following three reasons:
It is hard to detect online fraud and catch the correct fraudster. The fraudster frequently creates a
fake email account and opens a post box under an alias revealing no information about himself.
The police do not prioritize online fraud nearly as highly due to the fact that the average amount
of each case is low.
Online fraud repeatedly crosses borders, which makes it harder to find a legal punishment.
Types of fraud
Fraud comes in many forms. Here are some of the fraud types most often seen.
Friendly fraud
When a customer (the fraudster) complains and claims a refund for a purchase.
The customer keeps the purchased item, but gets a refund, because they falsely claim that the
product does not live up to expectations or because they claim payment was made with a stolen
card.
Clean fraud
When a fraudster uses a stolen credit card to make a purchase.
It is more complicated than friendly fraud, as a third person (the fraudster) is involved and this is
more complicated than friendly fraud, as a third person (the fraudster) is involved and this person
has to obtain a large amount of information on the cardholder. In this way, the fraudster can
“cheat” the fraud detection systems.
Identity theft
When a fraudster obtains and uses another person’s identifying personal information to commit
fraudulent actions, for instance, an online purchase.
An example in the payment industry is account theft.
Phishing
Phishing takes place when a hacker pretends to be a known contact and requests personal data, or
tries to get you to install malware, which can then retrieve the data itself.
An example is emails sent by people pretending to be a known and trusted company that asks
you to update your personal information. Card testing
It occurs when the fraudster makes low-value test-purchases to validate stolen card information
or randomly generated card numbers.
Re-shipping
The fraudster “hires” an unknowing third-party to re-ship products purchased with stolen card
information. The fraudster never pays the third-party as promised and the third-party ends up
being an accomplice in the crime.
Triangulation fraud
Triangulation refers to the case in which the fraudster creates a fake online storefront, selling
goods at cheap prices.
This storefront has the sole purpose of gathering credit card data. The fraudster then orders the
goods at a real merchant and have them sent to the original customer. The fraudster gains the
payment for the product, but the customer pays twice:

Cheaper price in the storefront

Actual price to the real merchant

Sometimes the fraudster also uses the card information to make purchases for himself.
How to spot fraud?
Hackers and fraudsters are good at making themselves unnoticed. However, there are a few
things you can keep an eye out for if you want to detect fraud in your webshop:

First-time customers

Bigger than average orders

Fast shipping

Unusual location

Large quantity of the same product

Multiple shipping addresses

Shipping and billing address is not the same

Several cards used from the same IP address

Payment information typed with capital letters

Many transactions in a short amount of time
Implications of fraud
Fraud often leads to chargebacks. A chargeback is a sum that must be returned by the
merchant to the cardholder after a fraudulent transaction.
Processing a chargeback includes operational costs such as transaction fees, legal fees,
currency conversions etc.
Another loss is the product sold to the fraudster - the merchant will not get the “sold”
product back.
If the merchant incurs a large number of chargebacks the result can, at worst, be that he
can’t find an acquirer to process his payments, as he is considered a high-risk customer.
Fortunately, due to the many cases of fraud, several techniques and tools have been
created in order to combat fraud. Read more about them in our article How you can prevent fraud
in your webshop.
CASE STUDY
Paytm's story now a case study at Harvard
The journey of digital wallet Paytm from being a recharge platform to a payments bank
is the topic of a case study published by India Research Centre of Harvard Business School
The journey of digital wallet Paytm from being a recharge platform to a payments bank is
the topic of a case study published by India Research Centre (IRC) of Harvard Business School
(HBS).
The study titled ‘Paytm: Building a Payments Network’ will be available for teaching
purposes within and outside Harvard.
Esablished in 2006, Mumbai-based IRC supports its faculty with research in emerging
trends in the region. IRC has supported most of the case studies and HBS research projects
focused on business in South Asian region.
“Paytm is revolutionizing payments in India and it is a shining example of India’s digital
future,” said Professor Sunil Gupta, one of the authors of the study and Edward W. Carter
Professor of Business Administration and Chair of the General Management Program at HBS.
Professor Gupta and Professor Das Narayandas had also published a study on Flipkart’s decision
to hive off its logistics unit Ekart as a separate company and the e-tailer’s move to a marketplace
model in April 2016.
“We are on a mission to bring half a billion Indians to the mainstream economy and in turn build
a business that India would be proud of. For us, the journey to enable fellow countrymen with
digital payments and become a part of financial inclusion has only started right now. It is truly a
privilege to have it become a part of the curriculum offered by the prestigious institute,” said
Vijay Shekhar Sharma, CEO of Paytm.
Articles
-
https://www.youtube.com/watch?v=40Itn_d0MfE
-
https://www.youtube.com/watch?v=Dw3UVWpCMmE
Question 2 Marks
1. What do you understand by Payment System in Ecommerce?
2. What do you mean by EFT?
3. What is meant by charge cards?
4. Give 2 examples for Electronic Cheques.
5. What is meant by P2P?
6. What is meant by Electronic money?
7. What is meant by Encrypted Credit Card?
8. What is meant by Electronic purse?
9. What is meant by Firewalls?
10. Mention any 2 security Standards.
Question
4 Marks
1. Who are the participants in an online Electronic payment transaction?
2. What are the risks involved in Electronic payment?
3. Explain Token based payment system and how is it classified?
4. Write a short note on –Electronic Cash, Electronic Cheque. With examples.
5. Discuss any four security solutions in Electronic payments.
6. What are the operational risks involved in Electronic payment system?
Question
10 Marks
1. Discuss the types of payment systems.
2. What are the security issues in Electronic payment? Explain.
3. What is meant by pre-payment and post- payment system? State 2 advantages each.
4. Explain the security requirement in Electronic payment system.
5. Discuss the solution in security issues in Electronic payment.