Abstract
As the volume of purchases for products and services on the Internet has increased and the chosen method of payment is a credit or debit card, e-commerce merchants must be capable of accepting such payment methods. Unfortunately, cyber-criminals have found ways to steal personal information found on credit cards and debit cards and fraudulently use this information to purchase products and services which costs merchants lost revenue and fees for chargebacks. This article discusses the process by which credit card payments are processed beginning with the e-commerce merchant’s web site to a credit card processor or service gateway to the credit card company’s network to the issuing bank’s network with an accept or decline response being returned to the merchant’s shopping cart system via the same networks. The article addresses the issue of credit card fraud in terms of how the cyber-criminals function and the potential solutions used to deter these attempts by the cybercriminals. A list of preventive measures that should be used by e-commerce merchants is provided.
TopIntroduction
Consumers in the United States spend nearly 1 trillion dollars each year using a credit card over the internet (Woolsey and Schulz, 2009). Accepting credit cards is essential for any e-commerce Web site. Processing credit cards over the Internet is one of the fastest growing segments of business transactions today. This type of transaction or “card-not-present” transaction requires a special type of merchant account. In the early days of credit card usage, to accept credit cards, a merchant needed a merchant account through a bank. But today there are a number of services, generally referred to as credit card processors or merchant account services, which will permit a merchant to accept credit card payments online without their own merchant account. There are actually three different methods for processing credit card payments using a merchant account service. These are:
- 1.
Real-Time Processing: Real-time processing allows e-commerce merchants to link their e-commerce shopping cart with a gateway merchant service which will automatically process credit card payments.
- 2.
Virtual Terminal (Online Interface): An e-commerce merchant can also process credit card transactions, manually, 24 hours a day by logging in online and submitting a secure form through a merchant account interface. A merchant can use this to process credit card payments while taking the customer's information over the phone if the merchant is able to access the Internet at high speed while talking to the customer.
- 3.
Automated Recurring Billing (ARB): Some e-commerce merchant services need to charge customers on a monthly or account threshold basis. Some merchant account services allow the merchant to set the time interval or account threshold level and some services allow a merchant to upload multiple subscriptions using a batch file like Microsoft Excel.
PayPal is generally accepted as the most widely used online merchant account service with more than 150 million users across the world. VeriSign operates a competing service called Payflow that is typically used by merchants with a high volume of transactions each month. Although the number of merchant account service providers continues to increase, some of the more popular one are listed below (TopTenReviews, 2009):
Flagship Merchant Services
Gomerchant Merchant Accounts
Merchant Accounts Express
MerchantWarehouse
Electronic Transfer Inc.
E-Commerce Exchange
NorthAmericanBancard
Total Merchant Services
Charge
Merchant Credit Card
Free AuthNet
Merchant Credit Card
Companies that sell merchandise and services over the Internet are referred to as e-tailers or e-commerce merchants. These credit card processing services make it easy for e-tailers to start accepting credit cards for purchases of their products and services.
Key Terms in this Chapter
Service Gateway: This is another name for a credit card processor.
Cyber-Criminal: An individual who commits a crime using a computer and the internet to steal a person’s identity such as credit card information.
Merchant Account: A legally binding contract wherein an acquiring bank extends a line of credit to a merchant who desires to accept payment using credit cards.
Fraud: An act of deception for the purpose of unlawful financial gain using stolen credit card information.
Issuing Bank: The bank that issues consumers their credit cards.
Credit Card: A card issued by banks, savings and loans, retail stores, and other businesses that can be used to borrow money or buy products and services on credit.
SSL: SSL is an abbreviation for Secure Sockets Layer, a protocol developed for transmitting documents over the Internet using a cryptographic system that uses two keys to encrypt data; namely a public key known to everyone and a private or secret key known only to the recipient of the document.
Skimming: This is a type of fraud wherein the numbers on a credit card are recorded and transferred to a duplicate card.
Credit Card Processor: A third party utilized to process credit card payments for merchants and their acquiring bank
E-Commerce: The buying and selling of goods and services on the Internet.
Acquiring Bank: The bank that represents the e-commerce merchant and processes all of the merchant’s credit card payments with the credit card associations