An Introduction To Ecommerce And Digital Payment Information Technology Essay

In the emerging global economy, e-commerce and e-business have increasingly become a prime component of business strategy and a strong catalyst for economic development. This has also increased the demand for a proper and effective law of information technology to oversee and regulate such operations.

Electronic commerce, commonly known as e-commerce or eCommerce, consists of the buying and selling of products or services over electronic systems such as the Internet and other computer networks. The amount of trade conducted electronically has grown extraordinarily since the spread of the Internet. A wide variety of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least at some point in the transaction’s lifecycle, although it can encompass a wider range of technologies as well.

A large percentage of electronic commerce is conducted entirely electronically for virtual items such as access to premium content on a website [1] , but most electronic commerce involves the transportation of physical items in some way. Online retailers are sometimes known as e-tailers and online retail is sometimes known as e-tail. Almost all big retailers have electronic commerce presence on the World Wide Web.

An e-commerce payment system facilitates the acceptance of electronic payment for online transactions. E-commerce payment systems have become increasingly popular due to the widespread use of the internet based shopping and banking. Such popularity necessitates the framing of proper laws and procedures both to protect the ongoing data exchange as well as to adequately punish any misuse or abuse of digital payment systems.

It is also important to note that building a marketplace requires trust, be it in the electronic or physical world. As more commercial activities take place through the Internet, online security is of utmost importance for businesses and consumers alike. Studies indicate that, as electronic commerce conducted over computer networks grows, it could also provide impetus for the growth of electronic money. At present, the development and use of electronic banking and electronic money are still at a nascent stage, but the existence of different projects for electronic payment systems projects indicates that a great potential exists for their future expansion.

These payment systems can only be successful if they provide the same level of security, confidence and efficiency as their physical counterparts, along with adequate laws which provide sufficient protection against any undesirable activities, as mentioned earlier. New technologies supporting the electronic storage, transfer, and use of money could have significant implications for consumers, merchants, financial institutions and governments. This paper takes a look at some relevant provisions and policies in this regard.

Overview of Existing Electronic Payment Systems [2] 

Currently, over thirty systems and technologies are being proposed and tested for electronic payments. They differ in a number of ways such as size of payment; whether the system is closed, like a specific system for a specific purpose such as a pre-paid phone card, or open, like a generic system for a wide variety of uses such as a stored value card. Other areas of differences generally might include degree of anonymity; level of security and consumer protection; and type of payment i.e., credit, debit or electronic cash.

One of the first technologies developed for conducting commerce electronically is the “Electronic Data Interchange” (EDI), which is still used today. A newer and thus far less established technology is the “Secure Electronic Transaction” (SET) Protocol. Currently, the majority of consumers that buy through the Internet use credit cards with magnetic stripes or embedded chips but there is no specific regulatory framework to protect them.

In large-scale wholesale transactions, money has been transmitted electronically over closed, wire transfer systems for a long time. Now, money in retail transactions is becoming electronic, transformed into information stored on a computer chip in a plastic card or on a personal computer so that it can be transmitted over open information systems, such as the Internet. To date, electronic money products that have been developed primarily for use over open computer networks rather than for face-to-face purchases are available in a limited manner in only a small number of developed countries.

The growing use of electronic money and electronic payments: Implications for governments

Controlling money is a crucial issue for governments. The proliferation of electronic payment systems and the growing consumer confidence in their use as the technology improves and the payment systems become more reliable will likely lead to the growth in the use of electronic money. Such a development, coupled with the growing number of anonymous transactions over the Internet could have several implications in terms of public policy.

First, governments might have to decide who will be allowed to issue electronic money, and whether this right will be restricted in the future to banks and other regulated financial institutions, or whether it will be extended to private companies. They might also have to set prudential rules to ensure the stability and financial integrity of the issuers.

Second, the prospect of having very large flows of uncontrolled money traveling electronically from one country to another poses a critical challenge to central banks. How will they be able to measure the flow and supply of money and conduct monetary policy? Governments in developed countries realizing that they need to pay renewed attention to the benefits of macroeconomic coordination, which may become increasingly important with the growth of electronic transactions.

Primarily to tackle the above mentioned problems, RBI released two separate Vision Statements to tackle the above mentioned points effectively, wherein some of the more important proposals concern the formation of a new payment software controlled and operated across India by the RBI, on the lines of the SWIFT system of software and payment recognized by banks internationally, that will lead to the development of a Strategic Implementation Plan that is well structured, appropriately phased, properly sequenced and convergent in perspective. India adopted this approach in the year 2001 when it came out with its “Payment Systems – Vision Document”. It detailed, in the Document, the strategies and implementation plan for the payment system arena for 2001-3. It is imperative that a country should have a strong set of information technology laws in place. In India, it is currently regulated by the Information Technology Act, 2000. That apart, it should also be mentioned that the enactment of the Payment and Settlement Systems Act, 2007 empowers RBI to regulate and supervise the payment and settlement systems in the country, give authority to permit the setting up/continuance of such systems and to call for information/data and issue directions from/to payment system providers. The Act defines a payment system and gives legal recognition to multilateral netting4 and settlement finality.

Here, it should also be mentioned that jurisdiction stands to become a very real and complex issue in this matter, and in the absence of proper domestic laws and international agreements and norms conforming to such laws, it could well lead to increased misuse and irregularities in the way that these technologies are adapted and used.

Section 70 of the Information Technology Act is important in this respect. It states that –

Network service providers not to be liable in certain cases. – For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence for contravention.

Explanation-For the purposes of this section,- (a) “network service provider” means an intermediary;

(b) “third party information” means any information dealt with by a network service provider in his capacity as an intermediary.

Potential Costs, Risks and Benefits of Electronic Payment Systems

There are risks involved in using any payment system, be it physical or electronic. But the magnitude of risks in using electronic money products is uncertain given first, the scale and speed of the transactions involved and second, the lack of a large-scale, worldwide electronic payment system. Risks may also vary across products.

Some of the risks to be taken into account by consumers, financial institutions and governments include:

money laundering: how will law enforcement agencies detect it and prevent it?

tax evasion: if electronic money is anonymous, fraud is easier;

illegal gambling and other financial crimes;

fraud and counterfeiting.

Encryption technologies have already improved protection against the interception by unauthorized third parties of financial messages sent over the Internet. Authentication of users of electronic payment systems through digital certificates, smart cards and other electronic techniques like biometric tests for example, hold the promise of reducing fraud below the level at which it occurs in conventional systems.

Competition between companies has spurred significant innovation, and a spate of new payment systems with a higher level of security for users promises to lower the costs of financial transactions. Business users and consumers will have to choose, for each transaction, which system suits their needs best, so they will need adequate information to make the right choices. In regulating this area of financial activity, governments will have to find the right balance between ensuring the reliability and security of new electronic payment systems and products, and maintaining a competitive environment where innovation can continue to foster new products and lower transactions costs for consumers and business. At this point in time, the cost of existing electronic payment systems is still high, especially for microtransactions [3] , which are defined to be transactions of a value lower than $10.

Realizing the full benefits of new electronic payment technologies may also depend on ensuring the compatibility and interoperability of the various electronic payment systems that are coming into existence worldwide. Most of online purchases are paid for by a credit card. Merchants like credit card payments because an instant authorization guarantees that the card is valid, as opposed to a check which may bounce. Customers like paying by credit cards because they can easily cancel a transaction in case when they don’t receive products or services according to the agreement in the transaction. While some of credit card payments for online services are performed by phone, most of such payments are made by filling in an online form.

Credit card information submitted by the customer is sent to the bank which has issued the credit card to verify. If the transaction is approved, the merchant notifies the customer that the order has been placed. The actual transfer of money from the credit card bank to the merchant may happen in a few hours, or even in a few days.

Merchants who accept credit card payments pay fee for each card charge. In addition, in some cases merchants pay authorization fee for each credit card authorization attempt, as well as other fees related to credit card processing. In case when a customer is not satisfied with the product or a service, or for other reasons, merchants may issue a refund or a charge-back to the customer’s account.

While the introductory section has attempted to elucidate what e-commerce and digital payment systems are all about, the main thrust of this paper is to bring about an understanding of the practices involved worldwide in this regard, with a particular focus on possible improvements that can be made to the concerned existing structures.

What are the basic features of e-commerce in the contemporary legal world, and what are the needs and requirements to be fulfilled to ensure further progress in this field of banking?

What are prevailing legal norms in various legal systems with respect to digital payment systems and what are the critical aspects contained therein?

Chapter Two: Digital Payment Systems: Viability and Drawbacks

This section will deal with the various practices that have been adopted by the banking systems around the world in the field of digital payment systems, and subsequently focus on the merits and demerits of each, along with an analysis of noted cases in this regard.

Electronic payment systems are non-credit-card online payment systems. The goal of their development is to create analogs of checks and cash on the Internet, i.e. to implement all or some of the following features:

Protecting customers from merchant’s fraud by keeping credit card numbers unknown to merchants.

Allowing people without credit cards to engage in online transactions.

Protecting confidentiality of customers.

In some cases providing anonymity of customers (“electronic cash”).

The problems in implementing electronic payment systems, especially anonymous electronic money, are:

Preventing double-spending: copying the “money” and spending it several times. This is especially hard to do with anonymous money.

Making sure that neither the customer nor the merchant can make an unauthorized transaction.

Preserving customer’s confidentiality without allowing customer’s fraud.

While electronic payment systems have not gained a very wide popularity, except for PayPal system used on online auctions, such as eBay, they may become more popular in the future if more businesses start using them. Electronic payment systems may be more convenient for international online business due to differences in credit card customer protection laws in different countries.

Below we look at examples of online payment systems [4] . Most of these products are no longer used, but the ideas developed by their authors are used in other products.

Virtual PIN

Virtual PIN, started in 1994 by a company called First Virtual Holding, was a system for making credit card payments over the Internet without exposing the credit card number to the merchant. It required no special software for a customer to make a purchase. Virtual PIN relied on difficulty of intercepting and forging e-mail.

To enroll, a customer gives their credit card information and their e-mail address to the First Virtual (this was done by phone). After the credit card information has been verified, the customer receives their PIN by e-mail.

The procedure for purchasing an item using Virtual PIN is as follows:

The customer gives the merchant their Virtual PIN.

The merchant sends the Virtual PIN and the amount of transaction to First Virtual.

First Virtual sends an e-mail to the customer asking to confirm the purchase.

The customer answered “Yes”, “No”, or “Fraud”.

If the answer is “Yes”, the merchant is informed that the charge has been accepted. If “No”, the charge is declined. If the answer is “Fraud”, the charge is investigated.

Even though no encryption was involved, an eavesdropper could not use a virtual PIN without being able to intercept and answer the e-mail message to confirm the purchase.

Unlike credit cards which carry the customer’s name, Virtual PIN provided a customer’s anonymity from the merchant. The e-mail confirmation of the transaction served as a protection against merchant’s fraud.

Unfortunately, while the system has been created for all kinds of online business, the main use of Virtual PIN at the time was for buying and selling pornography. Virtual PIN tried to disassociate itself from this market. Eventually the company abandoned the Virtual PIN and became specialized in sending promotional e-mail.

DigiCash (or E-cash)

DigiCash [5] (also known as E-cash) is an electronic payment system developed by Dr. David Chaum, who is widely regarded as an inventor of digital cash. The system was based on digital tokens called digital coins. DigiCash operated as follows:

A customer establishes an account with the bank or other organization that could mint and receive digital coins. The customer’s account was backed by real money in some form, for instance it could be linked to the customer’s checking account. The customer also needs to download and install a software called electronic wallet.

To obtain DigiCash, the customer uses the electronic wallet to create digital coins. The coins are sent to the bank to sign. When the coins are signed, the equivalent amount of money is withdrawn from the customer’s account.

In the proposed protocol the customer also had an option of “blinding” the coins. To blind a coin, the customer multiplies it by a random number r before sending it to the bank to sign. The bank signs the data. After the data and its digital signature are sent to the customer, the customer computes the digital signature of the original (non-multiplied) coin by dividing the bank’s signature by r. This way the bank doesn’t know the coin, but the customer, who knows r, can trace his/her payments. Blind signatures have not been implemented.

When the customer wants to make a purchase, he/she sends signed digital coins to the merchant. The merchant verifies the bank’s signature and deposits the coins to the bank, where they are credited to the merchant’s account.

The DigiCash (or E-cash), produced by the company DigiCash BV based in Amsterdam, has never created a market. The company eventually declared bankruptcy. However, the algorithms used in DigiCash are considered fundamental in development of digital money.

CyberCash/CyberCoin

CyberCash [6] is a system that allows customers to pay by a credit card without revealing the credit card number to the merchant. To achieve this, a credit card number is sent to the merchant in an encrypted form.

To enroll, a customer installs a software called CyberCash wallet on their computer. At the time of the installment the wallet generated a pair of a public and a private key. The wallet was protected by a passphrase, and a backup key was stored encrypted on a floppy disk. A CyberCash account was linked to the customer’s credit card. A variation of this scheme called CyberCoin was linked to the customer’s checking account.

A purchase was conducted the following way:

When the purchase was initiated, the CyberCash wallet displayed the amount, the merchant’s name, and other information. After the customer approved the transaction, an encrypted payment order was sent to the merchant.

The merchant could decrypt some of the information in the order, such as the product list, the address, etc., but not the other (such as the credit card information). The merchant’s software would add its own payment information to the order, digitally sign it, and then send it to the CyberCash gateway.

The CyberCash gateway would decrypt the information. The order would be checked for duplicate requests. The gateway would verify that the customer’s and the merchant’s order information match (i.e. no fraud was committed on either side). Then it would perform the money transfer and send the approval message to the merchant.

The main point of this scheme was to prevent merchant’s fraud, and thus allow customers to do business with more merchants without fear of scam. However, CyberCash and CyberCoin were not able to find the market. The main reasons for the failure were the large size of customer’s software and the fact that very few merchants would accept CyberCash payment. The company was eventually bought by VeriSign.

SET (Secure Electronic Transactions)

SET is the Secure Electronic Transaction protocol for sending money over Internet. It has been developed jointly by MasterCard, Visa, and several computer companies.

SET uses mechanisms similar to CyberCash. However, being a standard protocol, it is built into a wide variety of commercial products.

In SET the order information consists of two parts: the part which is private between the customer and the merchant (such as the items being ordered) and information which is private between the customer and the bank (such as the customer’s account number). SET allows both kinds of information to be included in a single signed transaction: the part private between the customer and the merchant is encrypted using the merchant’s private key, and the part private between the customer and the bank is encrypted using the bank’s public key.

To prrevent changing the order information, the customer computes message digests of each part of the message separately, then takes the message digest of the two message digests, and then signs the resulting message digest. This mechanism, called a dual signature, allows either the merchant or the bank to read and validate the signature on its half of the purchase request without having to decrypt the other half.

The reason why SET never became popular was pretty much the same as for CyberCash: the trouble of getting a digital wallet software and setting it up for each credit card was not worth it for a customer, because very few merchants would accept SET payments.

PayPal

PayPal is an electronic payment system which can transfer money between its accounts. [7] In order to use PayPal, one has to obtain a PayPal account, which is associated either with the customer’s credit card or with their regular bank account. The validity of a credit card is checked by the usual ways. The validity of a checking account is checked as follows: the customer gives PayPal their account number, PayPal makes two small-amount (less than $1) deposits to the account. If the customer is able to tell PayPal the value of these deposits, then the customer is assumed to be a legitimate user of the account.

PayPal provides easy interface to send money to anyone by giving the person’s e-mail account. In order for the person to retrieve the money, they must have a PayPal account. To avoid fraud, PayPal sends an e-mail message to both the initiator and the recipient of the transaction. PayPal is used to settle online auctions, such as eBay auctions. The ease of use and the fact that no credit card is required to use it makes PayPal increasingly popular.

Smart cards

Smart cards are cards that look like credit cards, but store information on a microprocessor chip instead of magnetic strips. A microchip can hold significantly more information than a magnetic strip. Because of this capacity, a single smart card can be used for many different purposes.

Unlike magnetic strip cards which can be read by any magnetic reader, and are therefore vulnerable to loss or theft, a smart card can be password-protected to guarantee that it’s only used by the owner.

Smart cards can run RSA encryption and can be programmed to generate a pair of public/private keys. The public key is made publicly readable, but the private key is be stored on the card without anyone being able to copy it. Therefore, to use the private key, the user must physically possess the card. Smart cards are used in European telephones, and are gaining popularity for other purposes both in Europe and in the US.

Conclusion

A reliable legal framework for these new payment systems will constitute an important factor in the development of e-commerce.

In the EU, the Distance Selling Directive provides that consumers be allowed to pay by card. In this way, Member States shall ensure that appropriate measures exist to allow a consumer to request cancellation of a payment where fraudulent use has been made of his payment card and, in the event of fraudulent use, to be re-credited with the amount paid.

These principles concern the respect of privacy of information given by consumers and the right of fair access to the system for traders, irrespective of their size. Obligations related to the relations between issuers and traders include a ban on any exclusive trading clause which requires the trader to operate only one system as well as an obligation on cardholders to take all reasonable measures in order to make a secure payment.

As a by-product of its “cyberspace” status, electronic commerce is global, encompassing a whole range of relationships which need to be approached with solutions provided at a local level while remaining viable when applied to global issues. Business should realise that enhancing trust in the minds of consumers is more than a question of technology, it is a question of best practice. Best practice starts with the online service of high street banks as well as with the existence of a secure, user-friendly and cost-effective payment system. It also includes the respect of privacy and the use of smart cards as well as enhancing privacy technologies and fair information practice. In sum, only by offering this guarantee of privacy and security will the consumer be assured that, in cyberspace, his/her interests will be protected in the same manner as in a traditional commercial environment. In India, while it is true that some steps have been taken to ensure proper systemization of laws, necessary steps need to be taken to ensure that the system provider is not unnecessarily penalized, while proper security is provided to financial transactions.