Internet Payment Systems

This talk by Peter Billam of P J B Computing was presented to the Tasmanian Ingres User Group in October 1998.

Abstract

This talk surveys some of the Digital Payment systems most adapted to life on the Internet. At their best they can benefit organisations large and small, offering them payment systems with the advantages of the Internet itself - global reach, high speed, low transaction cost and high automatability. Some of the privacy and security risks are mentioned. Particular emphasis is placed on the Australian context. The technologies discussed here could revolutionise the commercial and financial systems of the world.

Contents

Physical Payment Systems

These include Cash, Cheque and Credit Card. Or back to the Top . . .

Cash

The most sophisticated and efficient payment system, offered by governments to avoid circulating gold. Transfer is instant and 100 per cent efficient. No transaction record is created. Cash is such a tempting target for theft that it is unsafe to keep large sums in cash, or to send cash by post.

Cheque

Banks offer safekeeping for your cash, protecting you from theft; they grant you access to your money on your signature. A cheque, a signed instruction to pay, can be sent by post, offering global range. The payee can be anybody, not just a business. The bank retains a record of the amount of the transaction, but not of what item was purchased.

For the payer, cheques are slow to write. For the payee, they can bounce or be cancelled, and take several days to clear.

Back to the Top . . .

Credit Card

The payee must be a business. The card carries a raised, embossed number. As originally introduced, the merchant puts the card through a roller which reads the number onto a slip of carbon paper, and the customer authorises the payment by signature. The payment cannot bounce or be cancelled, with the bank assuming the risk, and charging the merchant several per cent accordingly.

Mail-order merchants may ask their bank to be trusted to receive payments without any signed authorisation; the merchant just quotes a card number and an amount and the bank just believes them. The customer is responsible for checking their monthly account and complaining to their bank about payments they don't remember.

Back to the Top . . .

Digital Payment Systems

These include Credit Cards on the Internet , the lean, e-mail-based First Virtual's PIN System , the U.S. Automated Clearing House ACH , David Chaum's invention DigiCash , CyberCash/CyberCoin , SET , the closed proprietary hardware and software system Mondex , and the closed proprietary software system Open Market .

Back to the Top . . .

Credit Cards on the Internet

It's a bad deal for the merchant, because the merchant gets to see thousands of live credit card numbers, and is under suspicion every time there is fraud on any of them.

It's a bad deal for the consumer, beacause their money is spent without their say-so.

The Bank guarantees the transaction and thus incurs significant risks; the insurance and policing tasks then become chargeable services, that the bank on-sells to merchants and consumers.

Most of the remaining systems are designed to add encryption to the Credit Card infrastructure to allow the consumer to initiate the transaction, and to keep the card number away from the merchant. This cuts out the risks to the merchant and consumer; but because there is no signature, the consumer can still repudiate the transaction and frequently does. The bank still bears this risk and charges for it.

First Virtual's PIN System

This is a very elegant, well conceived, low-tech system, built on top of the Credit Card infrastructure. It avoids card numbers ever being sent over the Internet or disclosed to merchants, and it allows the purchaser to confirm the payment. The purchaser must be reachable by e-mail. Amazingly, it uses no encryption, so it has no problems with the U.S. munition export laws.

The customer gives their card number to the First Virtual Bank by phoning up a particular number and typing it into a touch phone. In return they are assigned a PIN password. The merchant must be registered with First Virtual, and must have a bank account able to accept payments by the ACH (Automated Clearing House) system; that is to say, a U.S. bank account.

When the customer makes an order, they give the merchant their PIN password. The merchant then contacts First Virtual, quotes them the PIN and asks for the money. First Virtual send the customer an e-mail asking for their OK. The customer replies either "Yes", "No" or "Fraud", and if the reply is "Yes" the transaction goes through.

Back to Digital Payment Systems . . .

ACH

Merchants and consumers in the U.S. may gain direct access to the Automated Clearing House system used to transfer money between banks. CheckFree of Ohio interfaces with PC financial packages such as Quicken to allow consumers to make payments, and CheckFree's Gateway system allows U.S. merchants direct access to the ACH, over the Internet using PGP, for 27 cents per payment.

Back to Digital Payment Systems . . .

DigiCash

Developed by Dr David Chaum, sold by DigiCash BV in Amsterdam. The consumer downloads the DigiCash software to run a digital wallet, opens an account with the local mint. The mint could be run by a government or a bank; DigiCash BV is in the process of signing up numerous banks to run mints (this is reminiscent of the situation in Australia last century where banks issued their own banknotes).

The user creates some "coins" and gets them signed by the mint. The wallet can exchange coins with other wallets using a custom IP protocol; coins can also be sent in text form by e-mail or other means. When desired, they can be cashed in again at the mint.

The payer knows the identity of the payee, but the payee does not find out the identity of the payer (unless the payer attempts to double-spend a coin).

DigiCash is the basis for the St George Bank's eCash offering.

Back to Digital Payment Systems . . .

CyberCash / CyberCoin

CyberCash is a system which uses public-key cryptography to leverage credit cards onto the Internet, and CyberCoin is an extension of CyberCash to allow small-value transactions.

The consumer downloads the CyberCash digital wallet software, and enrols their credit card with the wallet, and with CyberCash; they may also open a CyberCoin account and move some money into it. The wallet registers itself as a helper application for Netscape or Internet Explorer.

When the consumer approves a transaction, an encrypted payment order is sent to the merchant, who adds some payment information, signs the order, and forwards it to the CyberCash gateway. The merchant never sees the consumer's credit card number.

Back to Digital Payment Systems . . .

SET

The Secure Electronic Transaction protocol is being developed by MasterCard, Visa and various computer companies, in order to transmit payment information over the Internet. It can not be used to encrypt other messages, and provides no privacy to the transaction details, so the U.S. State Department has deigned to grant export permission to some SET implementations. It is hoped that SET will eventually be built into many "commercial products". Merchants (and in Mastercard's implementation also consumers) must have digital certificates signed by their banks.

Functionally, SET works in a similar way to CyberCash, except that the acquiring bank can, at its option, also inform the merchant of the card number. Thus SET does not necessarily improve the customer's security much, as compared with sending the card number in plain text.

If the consumer does have a digital certificate, they cannot then repudiate the transaction. Banks are very keen to see non-repudiation implemented, because it cuts out their major overhead in the credit card system.

See www.setco.org

Mondex

Modex is not an Internet payment system, but it is quite widespread; it is a closed proprietary system involving smart cards which communicate using a secret protocol.

The consumer "refills" their card at a specially equipped ATM machine, and purchases can be made by inserting the card into a "Mondex wallet" or by using a proprietary Mondex telephone.

Mondex is used in a pilot project in Swindon, England, and campus-wide at the universities of Exeter and York. There have been trials in Hong Kong, Canada, and San Francisco. In November 1996, MasterCard International purchased 51 per cent of Mondex.

Back to Digital Payment Systems . . .

Open Market

Open Market has been granted U.S. patent number 5,724,424 which is a complex patent incorprating 58 separate claims, including :

Their principal products are aimed only at Internet Commerce :

Transact
Transact is run by CSP's (Commerce Service Providers) such as Telstra and Jadco to provide the interface to the financial system.
SecureLink
SecureLink is high-added-value system which bundles an uplink to the CSP together with a shopping cart application, into a package which is very convenient for the small merchant. There is built-in support for hardgoods, softgoods, and subscriptions to softgoods.

SecureLink runs on a "fulfillment server" and signs "Digital Offers" which are URL's looking like 

Unlock Professional features in Shareware version:
<a href=http://payment.eps.com.au:80/bin/payment.cgi
?beef3e92e313ef8ed2e4dabcc9776cd4:
kid=100086.100168&valid=8104227285&domain=mikey
&desc=Management%20Info%20Pro%20Key&expire=2592000
&ss=env&cc=AU&goodstype=i&amt=15.95&fmt=int
&url=http%3A%2F%2Fwww.swanhill.com.au%2Fstore100086%Fmikey>
<img src="Key.gif" border=0 width=38 height=34></a>
The bit in bold is crucial; it's a checksum which hashes the rest of the URL together with a secret key particular to that merchant. Digital Offers are binding offers, and the checksum is what prevents a customer from changing some details of the offer, such as the price, prior to accepting it. The secret key is changed every month by a Keymaster, who needs superuser access to the web server.

Payment Systems Compared

TechnologyAuthenticationReachSpeed InefficiencyProvider
CashPossession1 metreInstant 0 per cent !National Governments
ChequeSignatureCurrency zone DaysBank FeesRetail Bank
Credit CardNoneGlobalMinutes 4 per centMerchant Acquirer
ACHPGP or None !U.S.A.Minutes 27 centsCheckFree
Virtual PINE-MailGlobalMinutes 4 per centMerchant Acquirer
DigiCashPrivate KeyCurrency zoneMinutes ?Goverment or Bank
SecureLinkNoneGlobalMinutes 8 per centMerchant Acquirer, CSP

Back to the Top . . .

Authentication

At basis, purchasers are known to the Financial System by their signatures, on paper, and by being able to show certain documents that no-one else is supposed to have. This means you need a shopfront to witness the purchaser sign, and to view the documents; the banks provide this shopfront. The purchaser can then choose from various schemes that allow them to leverage their signature into some other more convenient authentication mechanism, such as swipe card and pin number.

Hypothetically, purchasers could be permitted to identify themselves to the financial system by some electronic means, involving strong cryptography. In this case, purchasers, indeed residents in all situations, might just as well plug strait into the Clearing House mechanism, and be able to make payments to whom they wanted, with very low overheads, perhaps even as low as cash.

It's worth noting that having an efficient digital payment system would bring us back to the situation we have with cash, where you can lose all your life savings in a simple breaking and entry job. The intruders just have to persuade you to give them your PIN number or PGP pass phrase, and a lot of ugly scenes could be caused that way.

Banks would then revert to their core business, that of keeping money safe, and undertaking to give it back to you on corporal authentification, such as iris scan, DNA, fingerprint scan, or even the old signature on paper.

Back to the Top . . .

The Australian Options

These include Open Market - based systems Telstra's SureLink and Jadco's SecurEcomm , Java Applets ABA (now eSec)'s SecurEcommerce and Camtech's E-Commerce , and the Digicash - based system St George's E-Cash .

Back to the Top . . .

Telstra's SureLink

Telstra run Open Market Transact and are therefore a CSP. They have been operational since October 1997. Telstra have bundled a link to the EFTPOS payment infrastructure, which is well established in Australia and has low cost per transaction. Customers can be anywhere, but the merchant must bank in Australia.

They also resell Open Market SecureLink, rebadged as Telstra SureLink, to

  1. fulfillment server hosting providers such as Hotspace and TrumpNet
  2. larger E-commerces wishing to run their own fulfillment server.

The Digital Offer URLs are generated by Open Market Secure Link Executive, for example as a Server-Side Include. The necessary Server-Side Includes are put together for the merchant by a SureLink Business Partner.

Jadco's SecurEcomm

Like Telstra, Jadco run Open Market Transact and are therefore a CSP. They are less out-sourced and more vertically integrated. They offer favorable merchant banking facilities, and run their own fulfillment servers. There charge a high connection fee, and monthly service charges, but there is no transaction charge.

See www.securecomm.com.au

Australian Business Access (now eSec) SecurEcommerce

ABA's (now eSec's) Epayment uses a Java Applet to provide strong encryption which keeps the card number away from the merchant. (A SSL-based system now replaces the Java Applet). The merchant is charged a connection fee of $1250 (now $500), and thereafter pays just a flat charge of 90 cents (now 20 cents) per transaction. ABA (now eSec) connect directly to the Australian clearing house system. The customer needs a Java-capable browser, preferably Java 1.1. (or an SSL-capable browser).

This was the system chosen for www.pjb.com.au.

See www.esec.com.au

Camtech's E-Commerce

Camtech offer a system funtionally similar to ABA's, based on a Java Applet providing encryption to keep the card number away from the merchant. Pricing is very similar. See www.camtech.com.au

eCash from the St George Bank

The Advance Bank offered a DigiCash-based system, and this survived the merger with St George. The customer and the vendor both need Autralian dollar accounts with St George. The customer needs a PC running Windows. See www.stgeorge.com.au/ecash

Back to Digital Payment Systems . . .

What it Costs You

It isn't free for the merchant. This uses Telstra's SureLink as an example . . .

CostItemBeneficiary
$ 100 for 3 yearsBusiness Name State Government
$ 100Setup FeeBank
$ 20 per monthRunning FeeBank
5 per cent ($4/month min)Transaction Fee Bank
3 per cent ($85/month min)Transaction Fee Telstra

There will always be places in every country where you can't run a business without having to pay some of your takings to some effective and established local organisation. The Internet in Australia is one of those places; I'm not sure how 8% of every transaction measures up, on a world scale . . .

There's a sense in which every country is such an organisation; their governments raise taxes and, in return, provide currencies, payment mechanisms, infrastructure, services and so on; so having to pay someone a percentage of your takings in order to operate is not inherently unacceptable. But governments tax only a narrow range of transaction types, (such as salary payments from employer to employee), transactions for which they can force accurate reporting. Also, governments tax profits, not takings, and they provide more services for the money than banks do.

A machine with an 8% loss, in comparison with a machine with 0% loss, is, quite objectively, bad engineering.

Back to the Top . . .

Conclusions

In most contexts, the Internet offers particularly efficient mechanism. If you ftp a file of 3 Mb, you'll be dissapointed if even a single byte does not arrive. It's saddening that Internet Payment Systems are much less efficient, down to 92 per cent, than their low-tech conterparts.

There is no technical reason why a 100% efficient Internet Payment System could not be provided at the national level, and one day, some government, perhaps under pressure from its own merchants, may do this. It could take the form of a giro-like system with a publicly accessible IP interface, using PGP or ssh to sign instructions. This would benefit local population and businesses.

The Europe of the future, with its large single currency, and strong national giro tradition, would be well placed to introduce efficient payment mechanisms and develop a more vigorous internal Internet trade.

Depending on the system's policy on privacy, it could also offer government very complete reporting of a much larger class of financial transactions, information which is currently given to private interests who use it for market research. Governments could use it to widen their choice of tax base, a choice which they could then use as a lever to put policy into effect by differential taxing, rather than just by forbidding things or making them compulsory.

Internet commerces from other currency zones would find it in their interests to open local subsiduaries, on local web servers, so as to gain efficient payment which they could then repatriate later at a time of their own choosing, in larger amounts with lower overheads.

Back to the Top . . .

Currently . . .

At current prices, Internet Payment Systems do not offer a general-purpose method of transferring money. In many cases the recipient of the payment can only be a merchant, and person-to-person payments are not supported.

Currently, Internet Commerce applies primarily to niche markets:

Back to the Top . . .

References

Back to the Top . . .

Back to P J B Computing or to www.pjb.com.au . . .