Enhancing E-Commerce Processes with Alerts for Credit Card Payment

Introduction

Recent advances in Internet technologies have created a global platform for e-commerce activities and provide value-added services. With keen competition and continuous quest for service improvement, e-commerce processes are continuously being enhanced and becoming increasingly complex (Zhao & Cheng, 2005). Despite a customer is interacting with one website, multiple parties are actually involved at the backend such as logistics, services, and payment.

To enable such interactions and integration among and inside organizations, the Service-Oriented Architecture (SOA) has been gradually adopted (Weerawarana et al., 2005). Under the SOA, Web Services provide loosely-coupled standard interfaces among autonomous systems within and among organizations in the form of a set of well-defined functions for both programming and human user interfaces. Web Services further support event-driven information integration for timely service provision and interactions.

With the increase of customers who make use of the Internet to purchase goods and services, merchants need to enhance the payment process with a secure and user-friendly environment. Major banks now offer payment gateway services to provide more online security, such as using the Secure Socket Layer (SSL) industry standard to encrypt the payment information (Loeb, 1988). However, this is inadequate. If a credit card’s information has been leaked (e.g., intercepted by virus), an unauthorized person can still perform payment with the card illegally.

To address this problem, double confirmation can be used. This paper studies the requirement and design of the Notified Credit Card Payment System (NCCPS) to help enhance the security of the credit card payment process. In Hong Kong, the number of mobile service subscribers reached 8.3 millions in 2005, i.e., almost every person uses at least one mobile service. The numbers of Short Message Service (SMS) messages sent and received a month were over 73 million and 140 million respectively in 2004 (Wong, 2004). So, it is reasonable to say that virtually every credit card holder can be reached by mobile phone (Chiu et al., 2003, 2009), especially through SMS, which is robust and therefore ideal for double confirmation of credit card payments. When one receives such an alert message but actually has not been requesting for payment, one can realize the security threat to the credit card information and can then report this through the customer service call center. As such, loss can be prevented with this additional service and additional exception handling (Hung & Chiu, 2004) processes (such as crime report and card cancellation) can be carried out (Chiu et al., 2010).

Further with the increasing support of program-to-program interactions through SOA, the NCCPS can make use of the advantages of this platform and act as an agent to communicate among all business partners involved. The NCCPS can provide Application Programming Interface (API) to enhance the credit card payment process through Web services, shielding the communication and process complexity of the banks and mobile service providers. Thus, the SOA provides a more suitable platform than traditional ways, such as Electronic Data Interchange (EDI) (Nevalainen, 2003).

The rest of this paper is organized as follows. We first introduce the background and the related work and discuss an overview of the requirements for the NCCPS. Next, we present the conceptual model for the alert and the payment process. Then we describe the design of the system and security based on Web services, illustrating how the main payment notification process is automated. Finally, we summarize the paper highlighting the advantage of our approach and giving directions of our future work.