1. Technical Field
The present disclosure relates generally to electronic commerce, and more particularly to secure online transaction processing.
2. Related Art
E-commerce, and specifically online shopping, is long established as viable sales outlet, due in part to its convenience, ready availability of information for purchase decision-making, lower prices, and greater variety in the selection of available goods and services. Generally, customers visit merchants' websites using a personal computer having a connection to the Internet as well as a web browser application. The merchant websites have visual representations of the products and/or services being sold, along with descriptions therefor. The visual appearance and interactive features are designed to mimic, as closely as possible, the experience of shopping in a physical store. After selecting the desired goods and storing them in a “shopping cart,” the customer exchanges payment information with the merchant website. Various electronic payment modalities are known in the art, including credit cards, debit cards, gift cards, postal money orders, and personal checks, as well as those involving third party processors such as PayPal®. Upon successfully rendering payment to the merchant with these modalities, the merchant ships the ordered product(s) or performs the requested service(s).
As is the case with any marketplace, there are numerous types of online stores that vary significantly in size. The largest retailers with the widest product offerings sell many different items from books, music, and movies to sporting goods, to home furnishings, and so forth. These online stores typically process payments internally because transaction volumes are large enough to justify the significant expenses of purchasing and maintaining the necessary information technology (IT) infrastructure including secured servers, server-side encryption technologies, connections to credit card processing networks, and the like. However, for smaller online stores, such as those of one manufacturer, those dealing in a limited number of small market segment, and the like, these additional costs associated with internal payment processing may be prohibitively expensive, especially when transaction volumes are much lower. Furthermore, to the extent that personal account number (PAN) data such as bank account numbers, credit card numbers, expiration dates, and security codes from customers are handled, there must be systems and procedures in place for compliance with the Payment Card Industry (PCI) standards. Non-compliance can subject the merchant to fines, legal action, and exclusion from credit card processing networks.
To avoid difficulties associated with infrastructure setup and continual PCI compliance, such smaller online stores typically outsource payment processing to third parties. In a basic implementation, online stores maintain the shopping cart functionality, and upon the customer selecting the “checkout” function, the browser application is redirected to the third party payment processor, with the total remittance amount being passed during the redirect. The customer enters his/her PAN into a form generated by the third party processor, and securely transmitted thereto. In this way, the merchant can remain detached from any potential security concerns associated with the handling PAN data. After successful payment, the customer is redirected back to the merchant site, usually just to a simple, generic information page that the transaction was completed and the delivery of the ordered good and/or services was forthcoming.
Despite its convenience for the merchant, there are several disadvantages associated with utilizing third party payment processors. Because the merchant site and the third party payment processor site are, by definition, maintained by separate entities, the overall user experience, including the “look and feel” of the interface, can be inconsistent. In particular, the branding of the merchant is lost during the payment processing stage. Furthermore, integration with the other e-commerce components of the merchant such as inventory management, customer relationship management, and accounting was cumbersome at best and difficult to implement. Although some further efforts in the field led to variations of redirecting the customer to the third party payment processors, such redirect functions are known to be inefficient. Accordingly, there is a need in the art for improved secure online transaction processing.