Abstract
As the number of purchases over the Internet has increased and the method of payment is a credit or debit card, e-commerce merchants must be able to accept on-line payment using the card data. Cyber-criminals have found ways to capture the information on credit and debit cards and use this information to make purchases and remove money from bank accounts which costs merchants lost revenue and chargebacks fees and cost consumers and banks lost funds.. The process by which credit and debit card payments are processed beginning with the e-commerce merchant's web site to a card processor or service gateway to the credit or debit card company's network to the issuing bank's network with an accept or decline response being returned to the merchant's shopping cart system via the same networks is discussed. The issue of credit and debit card fraud in terms of how cyber-criminals function and the solutions used to deter these attempts by the cyber-criminals is covered. The security standards and a list of preventive measures that should be used by e-commerce merchants are discussed.
TopIntroduction
Credit and debit cards are Americans' top choice for online shopping, with 48 percent in 2014 preferring to use credit cards, 30 percent using debit cards and 12 percent using PayPal. (Total System Services, Inc., 2014). With their Visa and MasterCard logos, debit cards look like credit cards, but they do not draw money from the same source as credit cards. Debit cards, sometimes called a check or bank card, draw funds from the user’s bank checking account, not a line of credit although prepaid debit cards do not access the user’s bank account. Many debit cards are actually dual debit/credit cards. Users can use these dual debit cards as one or the other. If it is used as a debit card, the user must enter the personal identification number (PIN) to authorize the transaction (Velocity Payment services, 2016). The use of EMV (Europay, MasterCard, and Visa) chips on cards has pushed more cyber-criminals to attacking on-line (Card Not Present) for fraudulent purposes.
The 10 largest U.S. merchant acquirers ranked by general purpose transactions tied to PIN- and signature-based debit cards and credit cards accounted for 64.61 billion transactions in 2013 (Federal Trade Commission, 2012). Accepting credit and debit cards is essential for any e-commerce Web site. Processing credit and debit cards over the Internet is one of the fastest growing segments of business transactions. This type of transaction or “card-not-present” transaction requires a special type of merchant account. Also, if someone steals a debit card number, an entire bank account is vulnerable. Although prepaid debit cards are also available (Wikipedia, 2016). Debit cards are basically processed in the same manner as credit cards (Velocity Payment services, 2016). In the early days of credit and debit card usage, to accept such cards, a merchant needed a merchant account through a bank. But today there are a number of services, generally referred to as credit/debit card processors or merchant account services, which will permit a merchant to accept credit and debit card payments online without their own merchant account. There are actually three different methods for processing credit and debit card payments using a merchant account service. These are:
- 1.
Real-Time Processing: Real-time processing allows e-commerce merchants to link their e-commerce shopping cart with a gateway merchant service which will automatically process card payments.
- 2.
Virtual Terminal (Online Interface): An e-commerce merchant can also process card transactions, manually, 24 hours a day by logging in online and submitting a secure form through a merchant account interface. A merchant can use this to process card payments while taking the customer's information over the phone if the merchant is able to access the Internet at high speed while talking to the customer.
- 3.
Automated Recurring Billing (ARB): Some e-commerce merchant services need to charge customers on a monthly or account threshold basis. Some merchant account services allow the merchant to set the time interval or account threshold level and some services allow a merchant to upload multiple subscriptions using a batch file like Microsoft Excel.
PayPal is generally accepted as the most widely used online merchant account service with more than 150 million users across the world. VeriSign operates a competing service called Payflow that is typically used by merchants with a high volume of transactions each month. Although the number of merchant account service providers continues to increase, some of the more popular one are listed below (Smith, 2016; Williams and Premchaiswadi, 2009):
- •
Flagship Merchant Services
- •
Gomerchant Merchant Accounts
- •
Merchant Accounts Express
- •
Cayan
- •
Electronic Transfer Inc.
- •
E-Commerce Exchange
- •
NorthAmerican Bancard
- •
Charge.com
- •
TSYS
- •
Free AuthNet
- •
Merchant Credit Card
- •
Payment Depot
- •
Helcim
- •
Transfirst
- •
Dharma
Key Terms in this Chapter
Acquiring Bank: The bank that represents the e-commerce merchant and processes all of the merchant’s credit card payments with the credit card associations.
Service Gateway: This is another name for a credit card processor.
Debit Card: A bank issued card used for cash transactions, but is not a credit card. In a debit card transaction, the amount of a purchase is withdrawn from the available balance in the cardholder's bank account. If the available funds are insufficient, the transaction is not completed. It is also called asset card in the US.
Issuing Bank: The bank that issues consumers their credit cards.
E-Commerce: The buying and selling of goods and services on the Internet.
Merchant Account: A legally binding contract wherein an acquiring bank extends a line of credit to a merchant who desires to accept payment using credit cards.
Credit Card Processor: A third party utilized to process credit card payments for merchants and their acquiring bank.
Skimming: This is a type of fraud wherein the numbers on a credit card are recorded and transferred to a duplicate card.
Credit Card: A card issued by banks, savings and loans, retail stores, and other businesses that can be used to borrow money or buy products and services on credit.
Cyber-Criminal: An individual who commits a crime using a computer and the internet to steal a person's identity such as credit card information.
Fraud: An act of deception for the purpose of unlawful financial gain using stolen credit card information.
SSL: SSL is an abbreviation for Secure Sockets Layer, a protocol developed for transmitting documents over the Internet using a cryptographic system that uses two keys to encrypt data; namely a public key known to everyone and a private or secret key known only to the recipient of the document.