Online Credit Card Payments Security

Introduation :

Credit cards are the primary means of payment for goods and services purchased online. “Web-based transactions are, in many cases, safer than those that take place over the phone or even with bricks-and-mortar retailers.” According to Australian Research Company, www.consult, the security of credit card transactions remains the number one concern both for Internet users who have yet to make an online purchase, and for those who have performed an online transaction.

However, many characteristics of credit cards leave merchants and banks vulnerable to fraud, inconvenience and, for merchants, loss of customers. It is very important to research on the security in online credit card payments, including its inherent advantages and disadvantages, and making a hypothesis of a future forecast for this issue.


Background Information:

By virtually any measure, electronic commerce (e-commerce) is growing rapidly: the Census Bureau estimates that “retail e-commerce sales jumped to $8.7 billion in the fourth quarter of 2000, a 67% increase over the period a year earlier”(1). Online transactions are “not amenable to many traditional payment methods”(2). Methods that require physical transfer, e.g., cash, money orders, and checks, are impractical. Electronic funds transfers require direct knowledge of the sending and receiving bank accounts, although companies like PayPal and Yahoo are creating their own direct-payment networks to remove this restriction. “Credit cards, which are not subject to these restrictions, are the most frequently used payment method, used in about 95% of online transactions. Checks, money orders, and wire transfers are not practical for e-commerce”(3). In the first two cases, the time required to transfer the money is considerable, eliminating the efficiency and convenience of online transactions.

Furthermore, “none of the three admit a simple, reliable mechanism to stop payment in the event of a dispute, such as when goods are not delivered as ordered”(4). Purchase orders are typically only available to large institutional customers. In the absence of more sophisticated mechanisms for online purchases, individuals use their credit cards. “Consumers already have a trust relationship with the banks that issue the cards; infrastructure, electronic and legal, is in place to make the system work relatively consistently. Credit card users are protected by federal legislation that limits individual liability for fraudulent purchases to $50, dramatically lowering the risk to individuals of shopping online; most issuers have a zero-liability policy” (5).

Current State :

There are a lot of advantages for shopping online by credit card payment. Both customers and sellers can benefit from lower transaction cost, reduced process time, and enhanced speed and access to product. Transaction documentation can be processed electronically, reducing document cost and preparation time. In a word, shopping online with credit card payment is more efficiently and effectively.

However, there is also a big challenge of online credit card payment: the credit card information security concern.

“Web-based transactions are, in many cases, safer than those that take place over the phone or even with bricks-and-mortar retailers.” According to Australian Research Company, www.consult, the security of credit card transactions remains the number one concern both for Internet users who have yet to make an online purchase, and for those who have performed an online transaction.

The US National Consumer’s League Internet Fraud Watch (NCL) conducted a survey cooperated with Internet research firm BizRate.com of 13,500 online consumers. The study found that, although more than 50 per cent of those surveyed expressed concern that their credit card details would be stolen during an online transaction, less than two per cent had actually experienced credit card number theft.

There are several issues associated with online credit card use. Chief among them is fraud, which is perpetrated by both merchants and individuals. Another problem is the lack of security that can lead to the compromise of credit card numbers stored in online databases. Merchant fraud takes three basic forms: non-delivery, and overcharging, and charges for unwanted goods or services. Individual fraud on the Internet is a more pervasive problem. First, it is easy for individuals to remain anonymous or to impersonate others. Worse, credit cards were designed to rely on physical signatures for authentication, a mechanism that is rendered useless in e-commerce. In practice, it is difficult for merchants to prevent fraud in the online world, where there are no security cameras or other physical mechanisms to catch criminals after the fact. The purchaser does not have to present a physical card, which may contain additional security features.

Future Forecast:

In the future, two aspects have to be improved for better protecting the user’s credit card information: one is the online shopping website holders could improve the credit card information security of their network, database, and server; the other is the online merchants could avoid credit card fraud by adding authorization steps.

For the first aspect, I am sure that all the merchants are trying their best to improve the online systems and the website performance. The fight against hackers and insecure elements of online systems has never stopped, and will not stop forever. All the relevant organizations are trying to build an online world that is more secure and efficient.

Online merchants could require some additional information to verify credit cards.
The most common is the purchaser's billing address, which can be verified against the billing address on record with the issuing bank. This is used by most of the merchants at present. However, the address information is very easy to know off line and search online. If a thief has stolen a UNC student’s credit card information, he can check the owner’s address online easily since there is a directory on UNC website that records all the students contact information. Therefore, I guess the address information is not enough for checking the purchaser’s authority. I propose there could be a password check for each credit card. For example, the credit card company can require the user to create a password when the card is first issued. Then every time the purchaser uses the credit card for an online payment, there will be a request for entering the password of the credit card. If the credit card is stolen, the thief will hardly know the password. This idea is only one of my suggestions to improve security of credit card usage, not very mature yet. I am not sure if this idea could be used in the future, but I believe the online credit card payments security will be better and better in the future, and more and more people will use credit card for their online payment with fewer and fewer concerns.

Reference:

1. "Retail E-Commerce Sales", Census Bureau of the Commerce Department.
http://www.census.gov/mrts/www/current.html

2. http://www.paypal.com

3. http://paydirect.yahoo.com

4. Enabling Retail Payments on the Internet, 14 February 2000, By Kenneth Kerr (Gartner Group).

5. Qchex is an online check payment system. A check is just an agreement to pay verified only by a signature, and a Qchex check lacks the signature. There are no additional security features and the limited liability guaranteed by credit cards companies is not extended to users of the system. The appeal of Qchex may be primarily for exchanging checks with trusted parties.