As the number of purchases over the internet has increased and the method of payment is a credit or debit card, e-commerce merchants must be able to accept online payment using the card data. Cyber-criminals have found ways to capture the information on credit and debit cards and use this information to make purchases and remove money from bank accounts which costs merchants lost revenue and chargebacks fees and costs consumers and banks lost funds. The process by which credit and debit card payments are processed beginning with the e-commerce merchant's website to a card processor or service gateway to the credit or debit card company's network to the issuing bank's network with an accept or decline response being returned to the merchant's shopping cart system via the same networks is discussed. The issue of credit and debit card fraud in terms of how cyber-criminals function and the solutions used to deter these attempts by the cyber-criminals is covered. The security standards and a list of preventive measures that should be used by e-commerce merchants are discussed.
TopIntroduction
Credit and debit cards are Americans' top choice for online shopping, with 48 percent in 2014 preferring to use credit cards, 30 percent using debit cards and 12 percent using PayPal. (Total System Services, Inc., 2014). With their Visa and MasterCard logos, debit cards look like credit cards, but they do not draw money from the same source as credit cards. Debit cards, sometimes called a check or bank card, draw funds from the user’s bank checking account, not a line of credit although prepaid debit cards do not access the user’s bank account. Many debit cards are actually dual debit/credit cards. Users can use these dual debit cards as one or the other. If it is used as a debit card, the user must enter the personal identification number (PIN) to authorize the transaction (Velocity Payment services, 2016). The use of EMV (Europay, MasterCard, and Visa) chips on cards has pushed more cyber-criminals to attacking on-line (Card Not Present) for fraudulent purposes.
The 10 largest U.S. merchant acquirers ranked by general purpose transactions tied to PIN- and signature-based debit cards and credit cards accounted for 64.61 billion transactions in 2013 (Federal Trade Commission, 2012). Accepting credit and debit cards is essential for any e-commerce Web site. Processing credit and debit cards over the Internet is one of the fastest growing segments of business transactions. This type of transaction or “card-not-present” transaction requires a special type of merchant account. Also, if someone steals a debit card number, an entire bank account is vulnerable. Although prepaid debit cards are also available (Wikipedia, 2016). Debit cards are basically processed in the same manner as credit cards (Velocity Payment services, 2016). In the early days of credit and debit card usage, to accept such cards, a merchant needed a merchant account through a bank. But today there are a number of services, generally referred to as credit/debit card processors or merchant account services, which will permit a merchant to accept credit and debit card payments online without their own merchant account. There are actually three different methods for processing credit and debit card payments using a merchant account service. These are:
- 1.
Real-Time Processing: Real-time processing allows e-commerce merchants to link their e-commerce shopping cart with a gateway merchant service which will automatically process card payments.
- 2.
Virtual Terminal (Online Interface): An e-commerce merchant can also process card transactions, manually, 24 hours a day by logging in online and submitting a secure form through a merchant account interface. A merchant can use this to process card payments while taking the customer's information over the phone if the merchant is able to access the Internet at high speed while talking to the customer.
- 3.
Automated Recurring Billing (ARB): Some e-commerce merchant services need to charge customers on a monthly or account threshold basis. Some merchant account services allow the merchant to set the time interval or account threshold level and some services allow a merchant to upload multiple subscriptions using a batch file like Microsoft Excel.
PayPal is generally accepted as the most widely used online merchant account service with more than 150 million users across the world. VeriSign operates a competing service called Payflow that is typically used by merchants with a high volume of transactions each month. Although the number of merchant account service providers continues to increase, some of the more popular one are listed below (Smith, 2016; Williams and Premchaiswadi, 2009):
- •
Flagship Merchant Services
- •
Gomerchant Merchant Accounts
- •
Merchant Accounts Express
- •
Cayan
- •
Electronic Transfer Inc.
- •
E-Commerce Exchange
- •
NorthAmerican Bancard
- •
Charge.com
- •
TSYS
- •
Free AuthNet
- •
Merchant Credit Card
- •
Payment Depot
- •
Helcim
- •
Transfirst
- •
Dharma