Two main issues need to be considered under the topic of payment security: what is required in order to make e-Commerce (EC) payments safe, and the methods that can be used to do so.
Security Requirements. Security requirements for conducting EC are the following:
The buyer, the seller, and the paying institutions must be assured of the identity of the parties with whom they are dealing.
It is necessary to ensure that data and information transmitted in EC, such as orders, reply to queries, and payment authorization, are not accidentally or maliciously altered or destroyed during transmission.
Merchants need protection against the customer’s unjustiﬁed denial of placing an order. On the other hand, customers need protection against merchants’ unjustiﬁed denial of payments made. (Such denials, of both types, are called repudiation.)
Many customers want their identity to be secured. They want to make sure others do not know what they buy. Some prefer complete anonymity, as is possible with cash payments.
Customers want to be sure that it is safe to provide a credit card number on the Internet. They also want protection against fraud by sellers or by criminals posing as sellers.
Several methods and mechanisms can be used to fulﬁll the above requirements. One of the primary mechanisms is encryption,which is often part of the most useful security schemes.
E-wallets (or digital wallets) are mechanisms that provide security measures to EC purchasing. The wallet stores the ﬁnancial information of the buyer, including credit card number, shipping information, and more. Thus, sensitive information does not need to travel on the Net, and the buyer and seller save time. E-wallets can contain digital certiﬁcates , e-loyalty information, etc. As soon as you place an order, say at Amazon.com, your e-wallet at Amazon is opened, and Amazon can process your order.
The problem is that you need an e-wallet with each merchant. One solution is to have a wallet installed on your computer (e.g., MasterCard Wallet). In that case, though, you cannot purchase from another computer, nor is it a totally secured system. Another solution is a universal e-wallet such as Microsoft’s Passport and the Liberty Alliance. Universal systems are becoming popular since they provide a digital identity as well. For a description of how Microsoft’s Passport works.
Virtual Credit Cards
Virtual credit cards are a service that allow you to shop with an ID number and a password instead of with a credit card number. They are used primarily by people who do not trust browser encryption sufﬁciently to use their credit card number on the Internet. The virtual credit card gives an extra layer of security. The bank that supports your traditional credit card, for example, can provide you with a transaction number valid for use online for a short period. For example, if you want to make a $200 purchase, you would contact your credit card company to charge that amount to your regular credit card account, and would be given transaction number that is good for charges up to $200. This transaction number is encrypted for security, but even in the worst possible case (that some unauthorized entity obtained the transaction number), your loss be limited, in this case to $200. For another example of virtual credit cards, see americanexpress.com
Payment Using Fingerprints
An increasing number of supermarkets allow their regular customers to pay by merely using their ﬁngerprint for identiﬁcation. A computer template of your ﬁngerprint is kept in the store’s computer system. Each time you shop, your ﬁngerprint i smatched with the template at the payment counter. You approve the amount which is then charged either to your credit card or bank account.