Contents | < Browse | Browse >

===========================================================================
                  Internet Payment Systems - An Overview
  Dan Litman                                             dlitman@abcs.com
===========================================================================

I started this Internet Payment System article some time ago, while
volunteering my time as part of the Amiga Development Fund Team.  The
purpose of the ADF is to support programmers of freeware and shareware
software in their enhancement of the Amiga Platform.  Well we want a
Internet Payment System that a Amiga User could call up and donate cash to
their favorite project/programmer.  Well as it turns out, I found lots of
places that deal with Internet funds in some form or another.  But most of
them only worked on various PC or Mac type computer systems.  There are a
couple of banking systems out there that support Unix type systems.  But
NOTHING for the Amiga !! 

So what are Internet Payment Systems?

While this idea doesn't seem complicated or unique it has created some
security issues for the customer involved.  Companies such as Digicash and
CyberCash have jumped on this issue by creating Internet Payment Systems,
or more generally, Electronic Payment Systems (EPS).  The systems that are
being developed incorporate the conventional forms of monetary
transactions: Cash, Check, and Credit Card.

-----------------------------------------------------------

What different markets exist today for internet payments?

Private purchases : These may include everything purchased for some people
who are very concerned about Big Brother, or special gift items that a
customer doesn't want his/her spouse to see.  There are a variety of
reasons and times that people may want to keep their purchases private.
Under these cases an electronic form of cash provides the required
anonymity.  Most of the proprietary systems out there right now are privacy
oriented.

Small purchases: These include pay per view articles and information,
one-time access to a commercial websites, or a download fee for a piece of
software.  These charges may be on the magnitude of a dollar or less.
These purchases are too small to warrant the costs of a credit card
transaction.   First Virtual is the real leader in micropayments.  Recent
developments in this area include the release of the Micro Payment Transfer
Protocol (MPTP) standard from the World Wide Web Consortium (W3C) on
November 22 1995. 

Medium and large purchases: These include items that customers normally
purchase with credit cards at stores.  They can range from under $10 up to
thousands of dollars.  This market will most likely be dominated by credit
cards.  The purchases are large enough to warrant the relatively high cost
per transaction of a credit card.  Security concerns are being actively
addressed by both Master Card and Visa.  In autumn of 1995 Visa and
Microsoft teamed up and released the Secure Transactions Technology (STT)
encryption standard.  At the same time Master Card, Netscape, CyberCash,
GTE, and IBM introduced Secure Electronic Payment Protocol (SEPP).  In
February of 1996 they teamed up and released a joint draft standard Secure
Electronic Transaction (SET) was projected to be completed by this summer.

----------------------------------------------------------

What's on the Web today ?

 The 2 most common payment methods on the internet today are: 

Phone in orders : Many companies are only using the Web as a billboard for
the company and its products.  If a person wants to order an item they are
given a 1-800 number to call.  An operator processes the order just as if
the customer saw an advertisement on TV or in a magazine.

Credit card orders : Customer use a web based CGI form to fill out their
order information and provide their credit card number.  Netscape 2.0
introduced Secure Sockets Layer (SLL) technology to protect the card
numbers.  Users are often advised if they are using an older browser that
does not have SLL built in, to phone in their order.  Still, many people
are very concerned about internet security and are reluctant to send their
gold card numbers with their $5000 credit limit into cyberspace. 

Major Internet based payment systems in use today are:

First Virtual confirms every purchase with an e-mail to the customer to
verify the validity of the transaction.  The only number sent over the net
is the customers First Virtual ID code.  They have the largest number of
merchants and information vendors by far. 
 
CyberCash has you download a CyberCash wallet which is similar to the money
handling software from the other firms.  They are supported by multiple
banks and merchants. 

Digicash which is handled by Mark Twain Bank and used by a variety of
merchants on the WWW.  It is based on creating a cash & quote which
consists of 64 bit numbers that are passed from the customer to the vendor,
and back to the bank for verification. 

The NetBank, Home of NetCash transfers funds through a series of
non-encoded numbers that are e-mailed to vendors.  Strings of numbers are
assigned certain values when they are issued. 

 -----------------------------------------------------------

Internet Payment Systems Challenges

The biggest challenge for Internet Payment Systems is finding customers and
vendors who are willing to risk investing in a product that is currently in
its introduction stage.  What this has created is a chicken and egg effect.
Banks and software companies can't get customers without vendors, and they
can't get vendors without customers.

Security factors are perhaps the biggest deterrent for individuals
interested in making on-line purchases.  Most people fear giving their
credit card numbers, phone numbers or addresses not knowing who will be
able to retrieve that information without their consent.  It is interesting
to note that most people don't even give it a second thought when
purchasing items with a credit card over the phone, but to ask them to do
it from their PC makes them very uncomfortable.  New developments in credit
card security Secure Electronic Transaction (SET) are taking this fear away
by adding encryption to scramble the card number so only the vendor and
customer can read it.

Privacy is a significant factor in some of the payment schemes.  
Cyberpunks feel that privacy is paramount.  However, the public has become
comfortable with credit cards and debit cards.  Private cash has a
potential market, but it may not be as large as people today are thinking.

-----------------------------------------------------

Electronic Cash and the Web 

Systems such as Digicash and NetCash allow the customer to deposit cash
into a bank account then use that cash to purchase items off the internet.
Digicash customers receive an encoded 64 bit number for each nickel they
convert to e-cash, which is then transferred to the users hard drive.  The
customer can then transfer the cash to vendors on the internet (as long as
the vendor accepts this form of payment).  The vendor then returns the
e-cash to the bank in exchange for real money.

Disadvantage of the Web and Electronic Cash ;

Digital dollars are uninsured : For example, if you hard drive were to
crash, your e-bank goes under, or hackers were to decode your numbers,
there would be no way retrieve your lost cash (just as if you dropped a $20
bill on the street and lost it).  Since the bank does not link the money to
your name they would have no way to reimburse you.  However, Digicash's
e-cash is recoverable if your hard disk crashes.  In that case the customer
would have to give up his/her anonymity to get the e-cash replaced by the
bank. 

Advantages of the Web and Electronic Cash ;

Privacy : Electronic cash is untraceable.  The bank does not link the
numbers to a particular person, therefore it is impossible to link payment
to payer.  The customer does not have to worry about being added to dozens
of mailing lists.  Unless of course, the customer has ordered actual
merchandise that needs to be sent to their home, instead of information
that can be sent over the internet. 

Limited liability : A customer can only loose as much money as they are
carrying.  People may be more willing to deal with electronic cash and only
risk the $20 in their electronic wallet than to send their $5,000 goldcard
number across the net.

 --------------------------------------------------

Credit Cards and the Web 

Credit card systems will operate much in the same way as they currently do.
The customer will be able to use their current credit card, if desired, to
purchase items directly from the vendor.  The main difference is that the
major credit card companies have developed an encryption standard called
Secure Electronic Transaction (SET).

With SET the merchant does not receive your credit card number.  Rather,
they receive a token, which is passed on to the bank who then uses the
token to get the actual number, authorizes or declines the transaction,
then sends the merchant an authorization number.  The merchant is assured
that the card is good, and completes the transactions.  All of this is done
with public-key encryption to assure authenticity of the parties.  Also,
with SET the consumer receives a certified digital receipt for the
transaction.  In essence, SET transactions will not just be AS secure as
traditional transaction, they will actually be more SECURE. 

Disadvantages of Credit Cards and the Web ;

Lack of privacy : Unlike cash transactions that are anonymous, credit card
transactions link your name to the account.  Therefore, the customer will
not be able to maintain the anonymity of a cash transaction.  They also run
the risk of having their name added to a bunch of mailing lists.

Advantages of Credit Cards and the Web ;

Your money is securely in the bank : If you would happen to loose the card,
the account is still linked to your name.  Therefore, unlike cash systems
there is a way the bank can verify your account balance and the money
itself is not lost. 

There is no need to open a new account : Unlike cash systems which require
the user to open a new account with a bank that is currently set up to
handle this type of transaction, with the credit card system the customer
would be able to keep the bank account and credit card they currently have.
This is a very important factor in the early stages of web commerce. 

-----------------------------------------------

Checks and the Web 

Schemes to transfer electronic checks across the web are not as well
developed as the other forms of fund transfers.  Checks could be something
as simple as e-mailing a message to a merchant authorizing them to draw
funds from your account, with digital signatures and certificates attached.
In many ways a check system is a compromise between a credit card system
and a cash system.  CheckFree, NetCheque, and NetChex are the major players
in the check market. 

Disadvantages of Checks and the Web ;

Privacy : Although not near as bad as credit cards, checks would still
reveal data about the customer. 

Advantages of Checks and the Web ;

Processing: Electronic checks can be processed the same as current checks
are processed, through the Automated Clearing House.  They would look
different, but they are still just checks. 

Making Change : Electronic cash can not be written for just any amount.  
If you get a $25 number string from NetCash and want to buy something for
$5 you have to send your number string back to NetBank and ask for change.
They then send you a $5 string and a $20 string.  A check system would
allow the user to specify the exact amount of the transaction. 

Your money is securely in the bank : Customers don't need to worry about
losing anything as they would in a cash system. 

 -------------------------------------------------

Visions of the future 

The Internet payment market belongs to the companies that can get a
convenient and secure method to everyones computer the fastest.  Once an
initial lead is clearly demonstrated, the standard will attract more
vendors which will attract more customers, which will attract more vendors,
and so on.

The Secure Electronic Transaction (SET) standard from Mastercard and Visa
appears to have the lead.  Although it is extremely new, it has the backing
of Microsoft, Netscape, CyberCash, GTE, and IBM.  The public already
possesses and understands credit cards.  It's not a new account, or a new
bank to deal with.  It's just a new way of sending the card number.  Once
the public believes the encryption is safe or receives a guarantee that
they will not be held responsible for fraudulent hacker purchases, then
there will be no stopping the standard.  The initial lead will cause
vendors to scramble to get on board and will create a more competitive
market for customers.

An encrypted credit card system is great for medium and large purchases,
but will not satisfy the needs for small and private purchases.  This
leaves a niche market open for one of the proprietary software companies
who are now fighting for a lead.  Who will that company be is impossible to
say.  But it is a reasonable guess that it will be one of the firms listed
above. 

 ------------------------------------------------------

Advice for you while on the Internet

Allow payments thorough as many channels as possible.  They can not afford
to turn away any customer who does not have the specific type of electronic 
cash  system software platform.  The more systems they hear of the more 
systems that will be supported. 

Open a merchant account with each of the leading payment system companies,
most offer good deals to attract new business.

Keep a close eye on the market and watch them scramble against their
competitors. 

 ----------------------------------------------------------

What I would like to see Happen ;

I would like to see Amiga system users join the Amiga Development Fund
team.  There they could donate time an funds supporting programmers that
could port PC/Mac software to the Amiga.  Check out the ADF web page at
http://afrodite.hibu.no:8001/paulken4/adf/index.html

Also the Free Software Union has a mailing list where they just began an
Amiga porting issue area.  This is new so they need programmers and users
with ideas.  To subscribe, your e-mail should goto
majordomo@fsu.clsp.jhu.edu and have a blank subject line and a body
containing only subscribe fsu-amiga.  You can check out the FSU via the web
at http://www.jagunet.com/~braddock/fslu/org all at once.