Payment systems for e-commerce

Processing payments from online storefronts is no easy task. Here's what you need to know for successful transactions.
Posted December 10, 1999

David Strom

David Strom

(Page 1 of 4)

New Web technologies to improve your site, Part 3:

These days it seems as if everyone is a dot-com company trying to sell something via the Internet. But behind the explosive rise in e-commerce is the very hard issue of how to process payments from online storefronts. This is perhaps the biggest hurdle of any Web storefront owner, especially these days, given the multitude of choices for hosting stores and setting them up. Let's navigate these waters and explain which technology is the best match for a storefront's particular needs.

This is the third installment in a series on new Web technologies. We began with a look at various " Network management tools " and techniques. Last time we described " The caching universe ". In this article let's assume you already have a working Web site and want to take the first step into e-commerce and sell products on your site. Next time we'll examine a variety of outsourcing services and products as well as what kinds of services can be used to augment Web storefronts hosted elsewhere.

Walk like a banker

In order to understand payment processing, you first have to talk and think like a banker. Given that most of us don't have much experience in this department, let's first define a few terms. Every business needs to have a merchant bank account, or an account that can accept credit card payments from customers. In the past, these were harder to come by for cyber-businesses because most banks required at least two years of business history tied to a particular street address. Lately, however, a number of service bureaus, such as First Data Merchant Services, have made it easier to open merchant accounts. And leading provider Authorize.Net today lists dozens of service bureaus that will open merchant accounts for Internet store operators (see

When a customer pays for something via credit card, there are two different stages in each transaction, authorization and capture. Authorization refers to checking the account number to see if it is still valid, has sufficient credit, and hasn't been reported lost or stolen. The address of the cardholder may be matched against that listed in the account, also to deter fraudulent use. Capture refers to approval and posting of the transaction, and shipment of the goods. It can happen in one of three ways: online or during the authorization with the banking network, meaning that the transaction clears both the bank that issued the customer's credit card and the storefront's merchant bank; in a separate step after authorization occurs; and in nightly or hourly batches with a credit card processing intermediary.

There have been many missteps in the short history of Internet payment technologies. The biggest issue has been the acceptance of a single standard that bridges both the banking and the Internet worlds. The trouble here is that the banks are at odds with both users and e-commerce site developers: Banks want iron-clad security, even at the expense of ease of use and/or management.

A good example of how this battle royale has played out in the standards process has been the nonacceptance by Internet storefront operators of the secure electronic transaction (SET) standards. Originally proposed by a consortium of banks and IBM Corp., SET was an answer to keeping credit card numbers away from the hard disks of Internet merchants--essentially a way for merchants to verify customer accounts without having to handle the account numbers themselves. SET went nowhere, however, and has since transformed into a new standard called the electronic commerce modeling language (ECML). ECML is brand new, with its first specification released in the summer of 1999. It tries to structure the data required from shoppers, shippers, and storefronts into a coherent single standard, adding SET credit card account security and a few other Internet standards such as eXtensible Markup Language (XML) for data structure and X.509 cryptographic standards in the process. Again, IBM and various large banks are behind ECML, and we'll see where it goes. If it is going to take hold, it needs to do so in the next 12 to 18 months.

Despite such efforts, financial institutions are still having trouble with the Internet. Witness over the past few months attempts by Citibank and American Express Co. Both firms have come out with credit card products that can only be used for cyber-shopping--and not as regular credit cards. Both are bad ideas because consumers by now are used to using ordinary credit cards for making Internet purchases: By far the vast majority of Web purchases are paid for with credit cards (or corporate purchase orders for business-to-business sites). While the general press continues to write stories about reluctant shoppers who are afraid of getting their credit card numbers stolen over the Internet, Web shopping continues to blossom.

Page 1 of 4

1 2 3 4
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.