 |
|
||
  |
How does the transaction process work?The typical sequence of events occurring during an on-line credit-card transaction is as follows: 1. The customer enters the credit details onto a secure on-line form, which is usually part of the shopping-cart system provided by the website. Security is implemented through the use of SSL (Secure Socket Layer). 2. The payment details are encrypted and forwarded from the merchant's server to a transaction processor or "payment gateway" for validation. 3. The transaction is either authorized or declined. If authorized, funds are reserved to cover the transaction. The transaction result is communicated back to the merchant server. 4. Depending on the outcome of the transaction, the server will notify the user appropriately. If the transaction is good, a confirmation email is sent to the user and the order is placed in queue for delivery. Upon shipping of the order, a request for settlement is issued to the payment processor which initiates the transfer of funds from the customer's credit card account to the merchant's bank account. This latter account is of a particular type called an Internet Merchant Account.  Smaller stores, or businesses that deliver goods instantly such as online software, will usually instantiate the transfer of funds at the same time as authorization takes place.
Alternative to the payment processor schema do exist. One method, often desired by real world stores who would like to experiment with online selling, allows customer information to be encrypted using PGP and sent to the store owner's email for decryption and credit card processing using existing swipe card machines. What is a payment processor or gateway?This is a service provided by a bank or a third party to the merchant that includes credit card authorization, settlement of funds, merchant billing and account activity reporting. Popular third party organizations include Verisign, ECHO, etc... Can I use my existing merchant account?In short, no. When a transaction occurs where the credit card is not physically present, a different risk criteria is used by credit card institutions. This type of transactions is usually referred to as a "MO/TO" (mail order/telephone order) or "card not present". A special account is therefore usually required. Some processors such as ECHO, Inc., do however provide a checking account for the purpose. What is SSL?SSL (Secure Sockets Layer) is a data encryption tool created by Netscape for managing the security of transactions over the Internet. It provides a secure method to transfer information such as credit card information between the customer's browser and the ecommerce website. SSL generally involves 3 parts: 1. A server capable of accepting encrypted information: This is the hosting service that the ecommerce website resides on. If a Web site is on an SSL server, specific web pages can be identified as requiring SSL access. 2. A Browser capable of encrypting information. Generally most 4.0 version browsers such as Netscape and Internet Explorer are SSL capable. 3. An SSL certificate. An SSL certificate provides customers with assurance that the recipient of the secure information is indeed the one that it was intended for. It also prevents the information from being intercepted between the user's browser and the intended server. While not technically necessary for e-commerce implementations, the use of a properly authenticated SSL certificate and secure server provides users with the assurance that their communications are secured. Proper security implementation is indicated by the display of a small padlock icon in the status bar of most web browsers. SSL certificates can be obtained from certifying authorities such as Verisign. SSL Links What is encryption and cryptography?Encryption is the transformation of data into a format that is, for all intended purposes, impossible to read without the appropriate tool (a cryptographic key). It is designed to ensure privacy in the exchange of sensitive data by keeping information hidden from anyone except the intended party. Decryption is the process of transforming the encrypted data back into a usable format. Read more about cryptography and public and private keys and how they work at the RSA FAQ . Cryptography Links | |||||
  |
