With Wap and mobile devices coming on stream, what are
possibilities for cashless payment in the pervasive computing
environment, asks Dr David B Everett
The Internet has become the pervasive background of a new world
of electronic commerce.
People want to buy and sell over the Internet and companies want
to automate their back office purchasing, invoicing and payments to
run seamlessly over the same infrastructure.
The figures are mind-boggling. Deloitte consulting predicts
global Internet revenues will be over $1.1 trillion in 2002. For
business-to-business (B2B) Forrester Research has estimated $1.3
trillion by 2003. Core to all these requirements is the need to
securely, quickly and efficiently effect electronic payments.
Before delving into electronic payments it is necessary to look
at how the basic payment instruments operate. It is instructive to
start with cash, which is probably the best payment instrument ever
invented.
Consumers obtain their cash from the bank which they then use to
buy goods or services from a merchant. The merchant lodges this
cash with his bank to the advantage of his account. The cash itself
is provided by the central bank which underwrites the value of the
coins and notes.
The debit card operates like an electronic cheque. It is a
payment instruction from the holder to the bank holding his account
to transfer funds of the relevant amount to the defined account at
the same or some other bank. The source account is reduced
immediately but the receiver will receive the value several days
later.
A credit card allows the holder to make payments against an
account that is settled at the end of an agreed period. It is not
necessary to pay the whole amount so a form of revolving credit
(with high interest) can be established. The charge card functions
in a similar way but the total balance outstanding must be cleared
at the end of the agreed period.
Electronic funds transfer (EFT) has a long history, with the
banks adopting the emerging technology at an early stage.
Electronic funds transfer at the point of sale was the next
major development. The main requirement here was to replace the
paper vouchers generated by credit and later debit cards in the
merchant environment. Security was an overriding factor not only in
protecting the account information held on the card but also in
authenticating the card holder by means of a PIN (Personal
Identification Number).
Also in the early nineties we saw the emergence of the
electronic purse designed again for use at the point of sale. There
were three different approaches:
- Digicash - an electronic equivalent of the banker's
draft
- Dancoin, Proton - effectively a pre-authorised debit
transaction
- Mondex - an electronic cash equivalent
All of these schemes were initially based on the use of smart
cards. The basic idea behind the scheme is that the banks generate
an electronic coin which is effectively an electronic number
representing the value of the coin that is digitally signed (using
the RSA cryptographic algorithm) by the issuing bank. Digicash was
the first to move their payment scheme onto the Internet in a pilot
trial with the Mark Twain Bank in 1994 but the scheme never
achieved an adequate merchant uptake. It was really too early in
the e-commerce cycle.
In terms of electronic payments on the Internet it was SSL
(Secure Sockets Layer), developed by Netscape that really started
the ball rolling. This allowed the cryptographically protected
communication path to be established with the merchant using the
World Wide Web (other Internet protocols are equally possible). In
terms of B2C (business-to-consumer) this is probably still the
predominant mechanism being used today.
The SSL approach allows the account information to be enciphered
but suffers from a number of drawbacks. The transaction is
classified as a Cardholder Not Present (CNP) transaction because
there is no proof that the card, let alone the card holder, was
responsible for the transaction. This has resulted in a high level
of card holder repudiation (denying the transaction). Although only
two per cent of credit card transactions are currently conducted on
the Internet they have generated nearly half of the repudiated
transactions.
The other major problem with SSL concerns the overall security
of the scheme. Export regulations used to prohibit the use of
strong cryptography limiting SSL to 40 bit keys in the exported
version. This has been shown to be vulnerable to brute force attack
by personal computers.
Visa and Mastercard also produced a standard for credit card
payments over the Internet in 1996. SET (Secure Electronic
Transactions) was designed to protect the consumer's account
information so that there was no exposure at the merchant site. But
to date its acceptance in the e-commerce world is minimal.
The payments approach on the Internet is now starting to take
shape in three different sectors: B2C (business-to-consumer), P2P
(person-to-person) and B2B (business- to-business).
Activity in this area is enormous. Since the Internet represents
the largest shopping mall in the world, e-payments have almost
unlimited scope.
B2C
As of today the majority of these online stores are selling
conventional goods such as books and CDs. These are the sorts of
purchase that attract standard payment techniques such as credit
and debit cards. Not surprisingly most of the activity is in
finding ways of simplifying and securely using these payment
instruments. A small number of companies such as Cybercash,
Worldpay and NetBanx set up as PSPs (Payment Service Providers).
The online store effectively delegates the payment process to the
PSP by linking from his Web site shopping cart at the appropriate
point of the transaction. The PSP captures the credit card details
from the consumer and then undertakes an online authorisation from
the card issuer.
Larger merchants can deal with the acquiring bank directly.
Amazon.com has been one of the leaders in this
area with its invention of "one-click" shopping, and gained a
European patent for "A method and system for placing an order to
purchase an item on the Internet" in September 1999. This Amazon
patent has created a lot of support and interest and a legal battle
with one of their competitors Barnes & Noble for its "express
lane" payment protocol.
Trintech has also pioneered an alternative approach with its
virtual credit card, ezCard. This approach stores the credit card
details on the client's machine. When making a payment the consumer
only has to drag the credit card icon onto the merchant's checkout
page and the card details are used to automatically fill in the
payment form.
The virtual credit card approach has already been adopted by
Visa, Mastercard, Discover and Deutsche Bank using the Trintech
technology whilst Citibank has released a similar product called
Clickcredit.
Electronic Bill Presentment and Payment (EBPP) is a
rapidly-growing Internet application. The average consumer receives
12 recurring bills each month for expenses such as mortgages,
credit card charges, domestic utilities and insurance. This means
that the consumer pays several pounds in postage alone. CheckFree
(now merged with TransPoint) is the US market leader in the
provision of an integrated electronic billing and payments
system.
EBPP is operating through two models, the bill-direct model and
the consolidator model. The bill-direct model relies on the billing
company to build its own web site to host customer bills. Customers
then log into its web site and choose how they would like to make
their payments, by credit or debit card or direct bank payment. To
the consumer the biggest advantage comes with the consolidation
model where a third party collects electronic bills from a number
of billers.
Electronic purses such as Mondex and Proton use a smart card to
store the electronic value whilst an electronic wallet stores the
value representation in the Consumers' client machine. The main
advantage of the electronic purse is the ability to make small
payments or even micro payments of just a few cents. In fact only
the Mondex approach really offers this ability because there is no
subsequent settlement and clearing charge, which is inherent in
other electronic purse schemes. Why haven't they taken off?
Probably because commerce on the Internet is not yet developed to
the point at which there is a critical mass of services that
requires small payments.
P2P (person-to-person)
Person-to-person payment has been the subject of much debate
over recent years. P2P is another major growth area on the
Internet. Paypal is probably the leading player in this field.
Since its launch last year it already has 190,000 registered users
and more than 9,000 new users are signing up every day.
Paypal is based on existing technologies, e-mail and the credit
card payment networks. Registered users can send a payment to
anybody with an e-mail address just by filling in a form to Paypal.
When the e-mail is sent the payment is charged to the sender's
credit card account (or bank account). Some of the bigger names are
also moving into the P2P world. Yahoo recently acquired Arthas.com
another leading provider of Web-based person-to-person payments
under the dotBank.com brand name. EBay has released its credit card
payments service Billpoint by partnering with Visa while Wells
Fargo Bank has a 35 per cent equity stake. As opposed to Paypal and
X.com, another P2P provider, Billpoint, intends to charge users
straight away. PayMe.com is the newest entrant into the P2P
gamealso backed by Idealab which lets consumers and small
businesses send bills to other customers.
B2B
Much of what has been discussed previously regarding credit card
purchases also applies in the B2B world and all the major credit
card companies support the use of their cards for such
transactions. What is particularly different about the B2B area,
apart from its sheer size, is the development of integrated back
office management systems covering the complete procurement,
billing and payment operations. The three major technology
providers in this area are Ariba, Commerce One and i2 Technologies.
From a payment point of view the major role of their products is to
provide gateways into the major payment networks.
In the UK, BACS (Bankers Automated Clearing Services) is the low
value electronic payment service that can be used to transfer funds
between accounts held at member banks. CHAPS (Clearing House
Automated Payment System) is a UK same-day settlement system that
operates between the clearing banks. Last year it handled 18
million transactions with a total value of £41,500bn. In the USA,
CHIPS (Clearing House Interbank Payments System) offers similar
payment facilities as CHAPS. CHIPS has 92 member banks and
facilitates the movement of over US $1.3 trillion daily by over
235,000 payments.
In the B2B area we are also seeing the major PKI (Public Key
Infrastructure) companies moving into various partnerships to
support e-commerce and electronic payments. Verisign has recently
announced a partnership with Amex and Ariba to secure B2B payments
whilst Visa has selected Baltimore as its digital payments security
partner. Entrust, another major PKI player has announced the
formation of a new integrated secure payments company with First
Data Corporation for B2B payments.
The B2B market is probably the most fluid with new companies
appearing by the day. The winners are going to be those companies
who can best put together an integrated system to replace the
complete back office by automating the complete procurement,
billing and payments process whilst allowing the corporate
treasurer total flexibility on his payment options.
Dr David B Everett is technical director of Smart Card
News
Who's Who in E-Payments?
Person-to-person and business-to-consumer
Business-to-business
Fast Facts about Fast Money
- If the electronic purse accounted for just 4% of transactions,
by 2008 there would be 700m payments. If chip-card use increases,
it could be 1.9m payments
- By 2008, there will be over 2bn personal credit card
transactions - and 340m business card payments
- In 1998, cheques accounted for 1 in 4 UK payments. By 2008, it
will be 1 in 10