The Internet has become the pervasive background of a new world of electronic commerce.
People want to buy and sell over the Internet and companies want to automate their back office purchasing, invoicing and payments to run seamlessly over the same infrastructure.
The figures are mind-boggling. Deloitte consulting predicts global Internet revenues will be over $1.1 trillion in 2002. For business-to-business (B2B) Forrester Research has estimated $1.3 trillion by 2003. Core to all these requirements is the need to securely, quickly and efficiently effect electronic payments.
Before delving into electronic payments it is necessary to look at how the basic payment instruments operate. It is instructive to start with cash, which is probably the best payment instrument ever invented.
Consumers obtain their cash from the bank which they then use to buy goods or services from a merchant. The merchant lodges this cash with his bank to the advantage of his account. The cash itself is provided by the central bank which underwrites the value of the coins and notes.
The debit card operates like an electronic cheque. It is a payment instruction from the holder to the bank holding his account to transfer funds of the relevant amount to the defined account at the same or some other bank. The source account is reduced immediately but the receiver will receive the value several days later.
A credit card allows the holder to make payments against an account that is settled at the end of an agreed period. It is not necessary to pay the whole amount so a form of revolving credit (with high interest) can be established. The charge card functions in a similar way but the total balance outstanding must be cleared at the end of the agreed period.
Electronic funds transfer (EFT) has a long history, with the banks adopting the emerging technology at an early stage.
Electronic funds transfer at the point of sale was the next major development. The main requirement here was to replace the paper vouchers generated by credit and later debit cards in the merchant environment. Security was an overriding factor not only in protecting the account information held on the card but also in authenticating the card holder by means of a PIN (Personal Identification Number).
Also in the early nineties we saw the emergence of the electronic purse designed again for use at the point of sale. There were three different approaches:
All of these schemes were initially based on the use of smart cards. The basic idea behind the scheme is that the banks generate an electronic coin which is effectively an electronic number representing the value of the coin that is digitally signed (using the RSA cryptographic algorithm) by the issuing bank. Digicash was the first to move their payment scheme onto the Internet in a pilot trial with the Mark Twain Bank in 1994 but the scheme never achieved an adequate merchant uptake. It was really too early in the e-commerce cycle.
In terms of electronic payments on the Internet it was SSL (Secure Sockets Layer), developed by Netscape that really started the ball rolling. This allowed the cryptographically protected communication path to be established with the merchant using the World Wide Web (other Internet protocols are equally possible). In terms of B2C (business-to-consumer) this is probably still the predominant mechanism being used today.
The SSL approach allows the account information to be enciphered but suffers from a number of drawbacks. The transaction is classified as a Cardholder Not Present (CNP) transaction because there is no proof that the card, let alone the card holder, was responsible for the transaction. This has resulted in a high level of card holder repudiation (denying the transaction). Although only two per cent of credit card transactions are currently conducted on the Internet they have generated nearly half of the repudiated transactions.
The other major problem with SSL concerns the overall security of the scheme. Export regulations used to prohibit the use of strong cryptography limiting SSL to 40 bit keys in the exported version. This has been shown to be vulnerable to brute force attack by personal computers.
Visa and Mastercard also produced a standard for credit card payments over the Internet in 1996. SET (Secure Electronic Transactions) was designed to protect the consumer's account information so that there was no exposure at the merchant site. But to date its acceptance in the e-commerce world is minimal.
The payments approach on the Internet is now starting to take shape in three different sectors: B2C (business-to-consumer), P2P (person-to-person) and B2B (business- to-business).
Activity in this area is enormous. Since the Internet represents the largest shopping mall in the world, e-payments have almost unlimited scope.
As of today the majority of these online stores are selling conventional goods such as books and CDs. These are the sorts of purchase that attract standard payment techniques such as credit and debit cards. Not surprisingly most of the activity is in finding ways of simplifying and securely using these payment instruments. A small number of companies such as Cybercash, Worldpay and NetBanx set up as PSPs (Payment Service Providers). The online store effectively delegates the payment process to the PSP by linking from his Web site shopping cart at the appropriate point of the transaction. The PSP captures the credit card details from the consumer and then undertakes an online authorisation from the card issuer.
Larger merchants can deal with the acquiring bank directly. Amazon.com has been one of the leaders in this area with its invention of "one-click" shopping, and gained a European patent for "A method and system for placing an order to purchase an item on the Internet" in September 1999. This Amazon patent has created a lot of support and interest and a legal battle with one of their competitors Barnes & Noble for its "express lane" payment protocol.
Trintech has also pioneered an alternative approach with its virtual credit card, ezCard. This approach stores the credit card details on the client's machine. When making a payment the consumer only has to drag the credit card icon onto the merchant's checkout page and the card details are used to automatically fill in the payment form.
The virtual credit card approach has already been adopted by Visa, Mastercard, Discover and Deutsche Bank using the Trintech technology whilst Citibank has released a similar product called Clickcredit.
Electronic Bill Presentment and Payment (EBPP) is a rapidly-growing Internet application. The average consumer receives 12 recurring bills each month for expenses such as mortgages, credit card charges, domestic utilities and insurance. This means that the consumer pays several pounds in postage alone. CheckFree (now merged with TransPoint) is the US market leader in the provision of an integrated electronic billing and payments system.
EBPP is operating through two models, the bill-direct model and the consolidator model. The bill-direct model relies on the billing company to build its own web site to host customer bills. Customers then log into its web site and choose how they would like to make their payments, by credit or debit card or direct bank payment. To the consumer the biggest advantage comes with the consolidation model where a third party collects electronic bills from a number of billers.
Electronic purses such as Mondex and Proton use a smart card to store the electronic value whilst an electronic wallet stores the value representation in the Consumers' client machine. The main advantage of the electronic purse is the ability to make small payments or even micro payments of just a few cents. In fact only the Mondex approach really offers this ability because there is no subsequent settlement and clearing charge, which is inherent in other electronic purse schemes. Why haven't they taken off? Probably because commerce on the Internet is not yet developed to the point at which there is a critical mass of services that requires small payments.
Person-to-person payment has been the subject of much debate over recent years. P2P is another major growth area on the Internet. Paypal is probably the leading player in this field. Since its launch last year it already has 190,000 registered users and more than 9,000 new users are signing up every day.
Paypal is based on existing technologies, e-mail and the credit card payment networks. Registered users can send a payment to anybody with an e-mail address just by filling in a form to Paypal. When the e-mail is sent the payment is charged to the sender's credit card account (or bank account). Some of the bigger names are also moving into the P2P world. Yahoo recently acquired Arthas.com another leading provider of Web-based person-to-person payments under the dotBank.com brand name. EBay has released its credit card payments service Billpoint by partnering with Visa while Wells Fargo Bank has a 35 per cent equity stake. As opposed to Paypal and X.com, another P2P provider, Billpoint, intends to charge users straight away. PayMe.com is the newest entrant into the P2P gamealso backed by Idealab which lets consumers and small businesses send bills to other customers.
Much of what has been discussed previously regarding credit card purchases also applies in the B2B world and all the major credit card companies support the use of their cards for such transactions. What is particularly different about the B2B area, apart from its sheer size, is the development of integrated back office management systems covering the complete procurement, billing and payment operations. The three major technology providers in this area are Ariba, Commerce One and i2 Technologies. From a payment point of view the major role of their products is to provide gateways into the major payment networks.
In the UK, BACS (Bankers Automated Clearing Services) is the low value electronic payment service that can be used to transfer funds between accounts held at member banks. CHAPS (Clearing House Automated Payment System) is a UK same-day settlement system that operates between the clearing banks. Last year it handled 18 million transactions with a total value of £41,500bn. In the USA, CHIPS (Clearing House Interbank Payments System) offers similar payment facilities as CHAPS. CHIPS has 92 member banks and facilitates the movement of over US $1.3 trillion daily by over 235,000 payments.
In the B2B area we are also seeing the major PKI (Public Key Infrastructure) companies moving into various partnerships to support e-commerce and electronic payments. Verisign has recently announced a partnership with Amex and Ariba to secure B2B payments whilst Visa has selected Baltimore as its digital payments security partner. Entrust, another major PKI player has announced the formation of a new integrated secure payments company with First Data Corporation for B2B payments.
The B2B market is probably the most fluid with new companies appearing by the day. The winners are going to be those companies who can best put together an integrated system to replace the complete back office by automating the complete procurement, billing and payments process whilst allowing the corporate treasurer total flexibility on his payment options.
Dr David B Everett is technical director of Smart Card News
Who's Who in E-Payments?
Person-to-person and business-to-consumer
Fast Facts about Fast Money