1. Field of the Invention
The present invention relates to e-commerce. More particularly, it relates to apparatus, a system and methods used for making fraud-free payment for on-line Internet purchases.
2. Background Art
Electronic commerce is a means of conducting commerce via electronic devices, which speeds up information delivery and coverage. It provides the opportunity to market products and services worldwide, crossing international boundaries and reaching a mass of people. With the Internet's vast potential to reach a mass of potential customers, and its effectiveness in disseminating information relating to products and services, people are trying to capitalize on this new platform by conducting businesses through appropriate Websites. The increasing popularity of the Internet is likely to boost electronic commerce transactions.
As soon as a web merchant develops an online sales presence, he or she has the capacity to sell 24 hours a day, 7 days a week, all around the world. Clients and customers can have up-to-the-minute information about a products, services, prices, and availability. Steps to take to ensure that customers can shop 24/7 include handling invoices, billing, processing payments, and remitting money.
Internet e-commerce is mostly transacted using credit cards. No physical paper needs to be passed, as is the case with cash or checks. We simply type our credit card number into the merchant's World Wide Web (WWW) page payment form and wait for our purchase to be shipped to us. The only thing that needs to pass between the merchant and the buyer is the credit card number. The main problem here is that, it is not as simple as it seems.
One of the principal factors impeding the growth of e-commerce is that of security. People have legitimate fears about giving their credit card number out over the Internet. The crux of the matter lies in the fact that electronic mail messages are normally sent unencrypted. That is to say, anyone who intercepts the electronic mail message could read its contents without difficulty. There has been an understandable reluctance by users to send their credit card details in an electronic mail message that could be read by any user. Credit card transactions processed via an insecure connection, i.e. via a site without proper risk-elimination facilities for credit card transactions is vulnerable to security risk. The Internet, being an open network with very basic security provisions, enables unauthorized parties to intercept credit card data submitted via the Internet. Because the transaction is processed without a signature, the identity of the cardholder cannot be authenticated. In addition, the merchant may not be authorized to accept credit card payments. Furthermore, credit card data are visible to the Internet merchant. An unscrupulous merchant could use the customer's credit card data to make purchases without the customer's knowledge.
The challenge e-commerce retailers face is providing a payment mechanism that consumers perceive as sufficiently secure and convenient to induce them to complete commercial transactions online. The Internet is an open network without any basic security provisions built in. Unless a secure server is involved, i.e. one that uses SSL or S-HTTP for transporting data, data passes between the browser and the server unencrypted. Many alternative ways have been proposed or are now in use for providing secure and convenient payment for Internet transactions, but none have come anywhere close to the acceptance that paper and coin-based currency have today. For electronic commerce to grow beyond a small niche market, ordinary consumers will have to be persuaded to accept some form of digital payment mechanism as being as reliable and convenient to use as cash is today. Unless the merchant is working on a strict cash basis (which is difficult on the web) or using some other method of offline payment, taking money is not easy and requires different processes of interaction with banks or other financial institutions.
The first attempt at making online credit card transactions secure was to take the transaction off-line. Many sites will allow you to call in your credit card number to a customer support person. This solves the problem of passing the credit card number over the Internet, but eliminates the merchant's ability to automate the purchasing process. The disadvantage is that an employee needs to be available 24 hours a day to take phone calls from buyers. Furthermore, the credit card numbers of the customers making purchases at the merchant's website is susceptible to theft by the company's employee to make fraudulent purchases, at least in part because the employee employed for this function in the company may be a low level company employee who is not paid a high salary. Also, many potential customers that visit the net only have one phone line. This means they need to log off the Internet in order to actually make a purchase. This further impedes the free-flow of e-commerce over the internet. In many instances, the customer who wants to make a purchase over the internet will be put off by this inconvenience of not being able to do a direct real-time online transaction over the internet.
The next method that was developed, which is currently used by many sites, is hosting the WWW site on a secure server. Credit card transactions between the merchant web site and the consumer are encrypted using a technology called SSL, or secure sockets layer. This prevents any intrepid cyber thug from stealing the customer's account number. SSL does not secure the applications or documents on the merchant site or server, but secures only the connection. One other shortcoming of SSL is that it cannot confirm for the merchant that the person with the credit number is actually the real cardholder. Similarly, there is no way for a customer to know if the merchant web site is really authorized to accept credit cards or if it is just a fake site designed to collect credit card numbers. These protocols encrypt the data being transmitted, so that when a credit card number is submitted through their WWW form, it travels to the server encrypted. This method does help ease people's fear, but it still does not go far enough for many people to feel comfortable using their credit card online. It becomes apparent that for online commerce to flourish, a truly secure means of making payment needs to be developed.
Another protocol developed jointly by MasterCard and Visa uses a technology called SET (secure electronic transaction). It is a protocol that uses electronic certificates to identify the various parties. These certificates are used to encrypt the information, to authenticate the identities of the parties and to place digital signatures on the information. The SET protocol is a more powerful protocol than the SSL protocol. The certificates are actually a digital copy of the original credit card, i.e. a virtual credit card. Because the protocol uses unique certificates for the various parties, all of the parties involved can be absolutely certain that they are doing business with properly authorized parties. The purchaser's software generates and individually encrypts two information packages. One of the packages contains the order information and is destined for the on-line shop. Only the on-line shop can read this package. The other package contains the payment information (credit card number, expiration date and amount). The transaction is authorized or rejected based on this package, which only the credit card company can read. The major disadvantage of this system is that it is still not fraud free as the credit cards used for the online transaction could be stolen or cloned credit cards. These stolen or cloned credit cards could be used for illegal transactions over the Internet without the customer's knowledge.
Bank merchant accounts provide credit card processing for the majority of web sites today. These are business accounts (usually) set up through regular banks. An example of a typical transaction which takes place when using a merchant account is as described below:                (a) The customer initiates a purchase from a web site, usually by “checking out” with a shopping cart.        (b) The bank that supplies the merchant account “authorizes” the purchaser's credit card, checking for fraud and verifying that the card has enough available credit to pay for the purchase. This process usually takes just a few seconds.        (c) After the purchase is authorized by the bank, the merchant ships the merchandise to the customer or supplies him with a download link in the case of a downloadable digital product (such as an e-Book or software package).        (d) After a few days the bank transfers the funds (less transaction fees) for the purchase into the merchant's bank account.        
Attaining merchant status can be hard for small businesses, especially if they are home-based or sell by mail order. Banks are afraid of extending merchant status to businesses that present too much risk, and home-based and mail order business are perceived as high risk. Banks are afraid that an “at risk” business will not be able to handle any charge-back that hit their account. If the merchant cannot handle a charge-back, the bank that processed the credit card will have to absorb the loss. In fact, VISA will penalize a bank if they have a merchant account that has more than 1 percent charge-back of their sales.
Performing a search on the web for “credit card” or “merchant status” will lead to a number of pages claiming that they can obtain merchant status for your business. Small businesses must be cautious because there are many con-artists out there who offer to help a business gain merchant status and then walk away with the processing fee never to be heard from again. If you look at the credit card processing companies that advertise online, you will see that discount rates, transaction fees, and equipment sale/lease prices can vary widely. Thus, the start-up and recurring costs involved can be quite substantial to the merchant who needs a system to ensure payment of their goods purchased over the Internet.
Disadvantages of Merchant accounts include:                (a) Can be difficult to qualify for. They have stringent personal and/or business credit requirements. They also tend to be picky about the types of businesses that they accept.        (b) It takes a while to get an account approved and set up. This can easily take anywhere from a couple of weeks to a month or more.        (c) There is usually a relatively high application fee and/or set up fee.        
Online payment services are a viable option for smaller web-based businesses and for online auction sellers. Opening an account is fast and easy, but there are a few negatives. The typical sales process when using an online payment service is:                (a) The customer clicks on a sales link or “checks out” with the shopping cart. The payment service authorizes the credit card or deducts the proper amount from the customer's online payment account if there are enough available funds in the account.        (b) The online payment service credits the transaction amount (less any applicable transaction fees) into the seller's online account.        (c) Both the customer and the seller receive emails from the payment service verifying the transaction.        (d) The seller ships the merchandise or provides a download link (if applicable) to the customer.        (e) The seller requests a transfer of funds from his online account into his bank account. This can take anywhere from a few days to a couple of weeks, depending on the particular service used. Some services will send the seller a check instead of initiating a bank transfer.        
Disadvantages of using online payment services include:                (a) They are still relatively unknown to consumers when compared to traditional merchant accounts which tend to lower the number of sales that will be made.        (b) The transaction fees charged by online payment services are typically much higher than those available from regular merchant accounts.        (c) Getting the money transferred from the online payment service into the bank account usually takes longer than with a merchant account. If a paper check must be accepted it takes even longer.        (d) Before a potential customer can purchase an item, he or she usually must first open an account with the online payment service. This is an extra (and intrusive) step that will keep some customers from buying.        