10.Payment Systems
Advantages of Payment Cards
Advantage for merchants Fraud protection Can authenticate and authorize purchases using a payment card processing network Advantage for consumers Extra warranties on purchases Cashback in some cases Convenience Protection against fraud Worldwide acceptance Currency conversion handled by card issuer
Debits cards
Card associated with bank account Removes sales amount from cardholder's bank account Transfers sales amount to seller's bank account Issued by cardholder's bank Often carries major credit card issuer name
Disadvantages of Payment Cards
Disadvantage for merchants Per-transaction fees, monthly processing fees Cost of doing business (vs. extra trade and less fraud) Goods and services prices: slightly higher Compared to environment free of payment cards Not fully secure (credit card fraud) Disadvantage for consumers Possible annual fee Excessive purchases due to convenience
Electronic Cash
Electronic cash (e-cash, digital cash) Describes any value storage and exchange system created by private (nongovernmental) entity Does not use paper documents or coins Can serve as substitute for government-issued physical currency Readily exchanged for physical cash on demand Problems No standard among all electronic cash issuers Not universally accepted Recall from earlier Banks make money by charging merchants a credit card processing fee on each transaction Fee ranges: one percent to four percent of the transaction value Banks often impose a minimum fee 10 pence or more per transaction Banks charge electronic commerce sites More than similar brick-and-mortar stores Stores accepting credit cards may require: Minimum purchase amount of £5 or £10 Small purchases not profitable for merchants Bank credit card fees greater than profits Factors favoring electronic cash Potentially significant electronic cash market Internet small purchases (below £5) Most of world's population does not have credit cards Idea of electronic cash refuses to die
Privacy and Security of Electronic Cash
Electronic payment method concerns Privacy and security, independence, portability, convenience Privacy and security: most important to consumers Vulnerable transactions Electronic currency: copied, reused, forged Important characteristics of electronic cash Ability to spend only once Anonymous use Convenience
Payment alternatives
Four ways to purchase items in general Cash, checks, credit cards, debit cards 90% of all United States consumer payments Electronic transfer: small but growing segment Popular example: automated payments Credit cards Worldwide: 90% of online payments United States: 97% of online payments Non-card payment alternatives (e.g. PayPal) becoming increasingly popular
Transactions
General steps in payment card transactions Merchant receives consumer's payment card information Merchant authenticates payment card to ensure validity Merchant checks with payment card issuer to ensure credit or funds available Puts a hold on credit line or funds needed to cover the charge Settlement occurs (few days after purchase) Funds travel between banks
Payment Acceptance and Processing
Internet payment card process made easier Address lack of signature problem EMV standard Single standard handling payment card transactions Visa, MasterCard, MasterCard International
Merchant accounts
Merchant bank (acquiring bank) Bank wanting to accept payment cards Merchant account required to process Internet transactions Obtaining account Merchant provides business information Bank assesses business type risk Bank assesses percentage of sales likely to be contested Chargeback process Cardholder successfully contests charge Merchant bank must retrieve money from merchant account Merchant may have to cover chargeback potential
Smart Cards
Microchip smart card or magnetic strip plastic card Records currency balance Microchip versus magnetic strip Microchip stores more information Tiny microchip computer processor Performs calculations and storage operations on card Different microchip card reader needed Examples: prepaid phone, copy, subway, bus cards Information storage About 100 times more than magnetic strip plastic card Holds private user data Financial facts, encryption keys, account information, credit card numbers, health insurance information, medical records Safer than conventional credit cards Information encrypted on smart card Popular in Europe, parts of Asia Public telephone calls, cable television programs Hong Kong Retail counters, restaurant cash registers have smart card readers Octopus: public transportation smart card can be reloaded at transportation locations, 7-Eleven stores
Micropayments
Micropayments Internet payments for items costing few pence Micropayments barriers Not implemented very well on the Web yet Human psychology People prefer to buy small value items in fixed price chunks Companies that have developed micropayment systems Millicent, DigiCash, Yaga, BitPass (defunct) No company gained broad acceptance of its system
Charge Cards
Most common American Express No spending limit Entire amount due at end of billing period No line of credit or interest charges Retailers may offer their own charge cards
Payment requirements
Online business payment requirements Safe Convenient, Widely accepted Companies package and sell payment processing services to cater for the above
Phishing and Identity Theft
Online payment systems Offer criminals and criminal enterprises an attractive arena in which to operate Average consumers: easy prey Large amounts of money provide tempting targets Phishing expedition Technique for committing fraud against online businesses customers Particular concern to financial institutions
Online Payment Basics
Online payment systems Still evolving Cheaper than mailing paper checks Convenient for customers Save companies money Costs per bill Billing by mail: between $1.00 and $1.50 Internet billing and payment costs: 50 cents Significant environmental impact of paper bills
Transaction processing
Open and closed loop systems Closed loop systems Card issuer pays merchant directly Does not use intermediary American Express, Discover Card Open loop systems (three or more parties) Third party (intermediary bank) processes transaction Visa, MasterCard: not issued directly to consumers Credit card associations: operated by association member banks Customer issuing banks: banks issuing cards
Payment Cards
Payment card Describes all types of plastic cards used to make purchases Categories: credit cards, debit cards, charge cards Credit cards Debit cards Charge cards
Online Processing
Payment processing service providers Companies offering payment card processing Example: WorldPay, SagePay Provide risk management and fraud detection Handles online merchants' transactions Uses existing bank-approved payment card processing infrastructure, secure links, firewalls Notifies merchant of all approved orders and supplies buyer authorisation codes Automated Clearing House (ACH) e.g. BACS Network of banks connecting credit card processing software vendors and card authorisation companies
Addressing online fraud
Problem facing online businesses: fraud Roughly 10% of credit card transaction online Roughly 70% of fraud due to online transactions CVN Three- or four-digit number printed on the credit card Not encoded in the card's magnetic strip
Single-use and prepaid cards
Single-use cards Cards with disposable numbers Addresses concern of giving online vendors payment card numbers Valid for one transaction only Designed to prevent unscrupulous vendor fraud • Prepaid cards • Appear like standard credit cards • Payment before hand and set spending limit
Small Payments
Small payments All payments of less than £5 Being offered through mobile telephone carrier Buyers make purchases using their mobile phones Charges appear on monthly mobile phone bill Bright future held back by mobile carriers' substantial charges
Phishing Attack Variants
Spear phishing Carefully designed phishing expedition targeting a particular person or organization Requires considerable research Increases chance of e-mail being opened Example: 2008 government stimulus checks Phishing e-mails appeared within one week of passage
Credit Cards
Two big players: Visa, MasterCard Spending limit based on user's credit history Pay off entire credit card balance May pay minimum amount Card issuers charge unpaid balance interest Widely accepted Consumer protection: 120-day dispute period Card not present transactions Cardholder not present during transaction Extra degree of risk for merchant and bank
Phishing Attacks
Basic structure Attacker sends e-mail message To accounts with potential for an account at targeted Web site E-mail message tells recipient: account compromised Recipient must log on to account to correct problem E-mail message includes link Appears to be Web site login page Actually leads to perpetrator's Web site disguised to look like the targeted Web site Recipient enters login name, password Perpetrator captures Uses to access recipient's account Perpetrator accesses personal information, makes purchases, withdraws funds 30
