Electronic commerce, that is, buying and selling of products and services (hereinafter simply called as “products”) in cybershops or cybermalls, which is one use of cyberspace constructed on a communication network such as the Internet, has become active.
Current electronic-commerce transactions are dominated by credit sales wherein payment is settled after a predetermined period of time has elapsed from when the product was purchased. When purchasing a product in a cybershop or a cybermall, a person desiring to purchase a product completes a product purchase procedure by inputting credit card information using a browser displayed on a display device provided in a communication terminal such as a personal computer (hereinafter referred to as a “PC”).
The inputting of credit card information in electronic commerce is usually performed in such a manner that the person desiring to purchase a product inputs data of only the credit card number or both the credit card number and the card expiration date using the browser, and then transmits the data to the cybershop.
The cybershop transmits the received data of the credit card number, or the credit card number and the card expiration date to the credit card company via a dedicated line, etc. Based on the data, the credit card company confirms the validity of the credit card and the credit limit, and transmits the results to the cybershop. Based on the received confirmation results, the cybershop determines whether or not the product should be transferred. As a result, in electronic commerce, credit risk to the cybershop can be avoided.
Since the electronic commerce is conducted in cyberspace, and, unlike an actual shop, the person desiring to purchase a product and the shop are not face to face, forgery cannot be detected by actually confirming the credit card, and the signature written on the credit card cannot be verified. For this reason, it is very difficult for the cybershop to determine whether or not the credit card user in electronic commerce is a true user, and there is no effective means for preventing an illegal product purchase by someone illegally obtaining a credit card number of another person and posing as the card user (hereinafter referred to as “posing”).
In this manner, there is no means for preventing fraud including illegally obtaining a credit card number by “posing”. However, on the other hand, since the determining right for selling the product is on the shop side, the risk of charge back (refund) for making up money lost by a true credit card owner and a credit card company due to the payment settlement for illegally purchased products is imposed on the shop.
The charge-back risk on the cybershop in electronic commerce is higher than that in actual transactions. In particular, in online shopping in which products such as marketable commodities are handled, a very high charge-back risk is imposed on the shop.
The cybershop constructs and manages a membership information database in which the credit card numbers of the members are stored in such a manner as to be associated with membership IDs and passwords. A strict security system needs to be organized so that credit card numbers of members cannot be illegally disclosed to a malicious hacker (cracker), and the cost of maintaining and controlling the security system is high enough not to be ignored.
On the other hand, the true credit card owner has a risk in that, if the credit card number of the owner is illegally obtained and abused, the owner becomes involved in trouble caused through no fault of his/her own and unnecessary dispute.
The presence of such a risk becomes a large factor for preventing the widespread use of electronic commerce. Therefore, in order that the credit card number is not illegally obtained by another person on the Internet, for example, a technology for encrypting and transmitting credit card numbers (for example, SSL (Secure Socket Layer)) has been put into practical use. However, since the transmission data usually passes through a large number of unspecified nodes on the Internet until the data reaches its destination, simply by encrypting the data, it cannot be said that sufficient countermeasures against the risk of theft and falsification of data have been taken.
With respect to this, an NSP in which the following electronic-commerce assisting system is adopted has appeared. In this system, the membership IDs and the passwords of the registered members of the NSP are stored in the membership database in such a manner as to be associated with the credit card numbers.
When a member purchases a product in a cybershop which is affiliated with the corresponding NSP, the purchase procedure is completed by merely inputting the membership ID and the password. Based on the input membership ID and password, the NSP, instead of the cybershop, searches the membership database in order to specify the credit card number, requests the credit card company which handles the credit card to confirm the credit, and charges the credit card company on the basis of the credit card number. Since this system obviates the need for the cybershop to record and hold the credit card numbers of the members, the cybershop is released from the risk of the card numbers being disclosed due to access by a cracker.
However, in this system, in order that the membership IDs and passwords are associated with the credit card numbers, it is necessary to transmit the data of the credit card number to the corresponding NSP over the Internet when the card number is registered at the first time, when the credit card is changed, or when the card number is changed. Therefore, at that time, there is a risk of the credit card number being stolen and used on the Internet. In place of this data transmission, notification of the credit card number using a telephone or a facsimile is possible. However, this is not practical because the procedure is complex and time-consuming, and security problems are likely to occur because the data is updated through human intervention.
According to this system, although the leakage of credit card numbers from the cybershop can be prevented, a strict security system needs to be provided in the membership information database at the NSP so that credit card numbers of members cannot be illegally obtained by a malicious hacker (cracker), and the cost of maintaining and controlling the security system is so high that it cannot be ignored.
On the other hand, for the point of view of the credit card owner, even though the above-described system makes it possible to avoid the risk that the card number is disclosed on the network in individual electronic-commerce transactions, when the card number is registered in a plurality of NSPs, the credit card number of the owner exists in a distributed manner in a plurality of membership databases on the network in a manner similar to the conventional case in which the card owner may worry that there is an increased chance of the card number being stolen and used. In the case where the membership ID also serves as the electronic mail address, if only the password is disclosed, it is possible for a recipient receiving electronic mail from that member to take “posing”. Consequently, a security problem occurs, and also a situation occurs in which the recipient becomes unnecessarily suspected and is given trouble.
In addition to the above-described system, the following Internet settlement system has been proposed. In this system, when a person desiring to purchase a product connects to the Internet via a predetermined NSP and purchases a product from a cybershop, the transaction is concluded after an authentication assisting server queries the NSP on the basis of the IP address of the person desiring to purchase a product in order to identify that person (U.S. Pat. No. 5,899,980 is a related invention). In this system, since a payment settlement using a credit card is not used, as long as this system is used, the credit card number data will not be disclosed and will not be stored anywhere on the Internet. However, since in this system, electronic commerce using credit cards is not presupposed from the beginning, the leakage of credit card numbers does not become a problem, and does not solve problems arising from electronic commerce on the presumption of the use of credit cards on a communication network.
An object of the present invention is to provide an electronic-commerce assisting method capable of smoothly and securely conducting electronic commerce on a communication network, and an electronic-commerce assisting server for realizing the electronic-commerce assisting method.
Another object of the present invention is to provide an electronic-commerce assisting method in which a person desiring to purchase a product can pay using a credit card without letting the credit card number become known to another person, and an electronic-commerce assisting server for realizing the electronic-commerce assisting method.
Another object of the present invention is to provide an electronic-commerce assisting method capable of reducing the risk of charge back in a cybershop in credit sales in electronic commerce, and an electronic-commerce assisting server for realizing the electronic-commerce assisting method.
Another object of the present invention is to provide an electronic-commerce assisting method capable of reducing costs required for countermeasures against leakage of card information in a cybershop and an NSP having a membership server in which card information of members is stored, and an electronic-commerce assisting server for realizing the electronic-commerce assisting method.