Payment systems for eCommerce (1999)

In 1998 and 1999, I wrote several articles about eCommerce and taught at numerous Interop conferences around the world on the subject. Back then, there were a lot of 1.0 products and things weren’t all that easy. Here is a piece I did for

These days it seems as if everyone is a “dot com” trying to sell something via the Internet. But behind the explosive rise in eCommerce is the very hard issue of how to process payments from online storefronts. This is perhaps the biggest hurdle of any web storefront owner, especially these days given the multitude of choices for hosting your store and setting it up. Let’s navigate these waters and explain which technology is the best match for your particular needs.

I assume you already have a working website and want to take the first step into eCommerce and sell products on your site.

In order to understand payment processing, you first have to talk and think like a banker. Given that most of us don’t have much experience in this department, let’s first define a few terms. Every business needs to have a merchant bank account, or an account that can accept credit card payments from customers. In the past these were harder to come by for cyber-businesses, but lately a number of service bureaus have made it easier to open up merchant accounts.

When a customer pays for something via credit card, there are two different stages in each transaction, authorization and capture. Authorization refers to checking the account number to see if it is still valid, has sufficient credit and hasn’t been reported lost or stolen. The address of the cardholder may be matched against that listed in the account, also to deter fraudulent use. Capture refers to approval and posting of the transaction (and shipment of the goods) and can happen in one of three ways: online or during the authorization with the banking network, meaning that the transaction clears both the bank that issued the customer’s credit card and your merchant bank; in a separate step after authorization occurs; and in nightly or hourly batches with a credit card processing intermediary.

There have been many missteps in the short history of payment technologies. The biggest issue has been the acceptance of a single standard that bridges both banking and Internet worlds. The trouble here is that the banks are at odds with both users and eCommerce site developers: banks want iron-clad security, even at the expense of ease of use or management.

A good example of how this battle royale has played out in the standards process has been the non-acceptance of the Secure Electronic Transactions standards. Originally proposed by a consortium of banks and IBM, SET was an answer to keeping credit card numbers away from the hard disks of Internet merchants — essentially a way for merchants to verify customer accounts without having to handle the account numbers themselves. SET went nowhere, and has transformed into a new standard called the Electronic Commerce Modeling Language (ECML). ECML tries to structure the data required from shoppers, shippers, and storefronts into a coherent single standard, adding SET security and a few other Internet standards in the process. Again, IBM and various large banks are behind it, and we’ll see where it goes.

Banks are still having trouble with the Internet. Witness in the past few months attempts by Citibank and American Express Corp. Both companies have come out with credit card products that can only be used for cyber-shopping, and both are bad ideas. By far the vast majority of web purchases are paid for with credit cards (or corporate purchase orders for business-to-business sites). While the general press continues to write stories about reluctant shoppers, afraid of getting their credit cards stolen over the Internet, web shopping continues to blossom.

The latest innovations in web payments have to do with personalized shopping portals and new ways to authenticate buyers. The portals involve companies such as, and and offer buyers a mechanism for receiving rebates for shopping at stores who are members of the portal’s network. The benefit for the storeowners is to provide visibility and drive traffic to their storefronts, and users benefit by getting discounts for frequent purchases. I am not sure if these networks will get established, however, and time will tell. Still, they are a minimal investment for any storeowner and worth trying.

There are three ways to authenticate buyers at any storefront. One is to use cookies, and tie the cookie to a particular user ID or transaction in your own database. This is relatively easy to implement but many shoppers are unfortunately wary of cookies and have set their browsers to not accept them for security or privacy issues. A second method is to use a straight database login, such as what Borders Books & Music does on its web site. This means that buyers have to remember their user ID and password before they can continue to shop. A third method is to use cryptographic certificates or one of the one-click networks.

Crypto is difficult because you first need to establish a public/private key infrastructure and send the various keys around to your customers. For that reason, a number of one-click vendors have been established over the past few years to make the process simpler for customers to buy things from web storefronts with a simple, single, click of the mouse. That is the theory, anyway.

The one-click vendors, including Cha! Technologies Services Inc.’s 1ClickCharge,,, Trivnet Inc.and others, don’t use their own form of cyber-money but provide you with their own ID tied to your credit card account number. When you shop at a merchant who is a member of their network, you don’t have to do anything more than provide your ID and password, and the transaction will be billed directly to your credit card. The idea behind the one-clicks came from, who was one of the first online merchants to store customer information in a cookie, so that returning shoppers didn’t have to fill out order forms again. Newer innovations include tying IDs with ISP accounts, and consolidating the billing of items purchased with your ID to your monthly service account bill.

These one-click providers are useful for sites selling digital goods or for users who want to aggregate a series of small transactions in a single bill, such as a daily “pass” to a newspaper web site or for purchasing inexpensive software upgrades. The problem with the one-clicks is a critical mass issue: in order for them to succeed, they have to be accepted at a wide array of online merchants and have thousands of users already setup.

The first wave of web payments began around 1995-6 with companies who minted their own cyber-money and tried to convince consumers to use it in place of credit cards or real cash for Internet purchases. These companies, such as Digicash Inc., First Virtual Holdings Inc., and others failed because people had credit cards and were comfortable using them, and didn’t trust the Internet bongo bucks developed by these and other companies. It didn’t help matters that these products were difficult to implement, requiring custom programming around poorly documented interfaces among other technical challenges. As a historical side note, the biggest initial markets were the porn merchants, looking to guarantee their buyers’ anonymity!

But we still need easy means of making payments, and in the past few years a number of electronic wallets have been created. These eWallets store frequently used information such as credit card numbers, shipping address, and so forth in a piece of software that resides on your hard disk and is invoked when you go to a checkout screen on a web storefront. eWallets are trouble, however: the software is very hard to setup, very particular about the store and screen layouts, and often don’t work as intended. Many eWallets are on their second and third version and hope springs eternal for companies such as IBM’s Consumer Wallet,, Citigroup’s CitiWallet, and Entrypoint Inc. to get them right. A new company called Yodlee is taking the wallet concept a step further and using its service to store other information, such as frequent flyer accounts, email IDs and passwords and other frequently misplaced information. However, look to lots of smoke and little heat in this department for years to come.

A good example of the trouble with eWallets is Microsoft’s foray into this genre. Microsoft had included an eWallet in every copy of Windows 98: unfortunately, it wasn’t enabled by default and buried several screens deep in the Internet Options control panels. Then earlier this fall it came out with its Passport technology. Completely web-based, there is no software to install on any desktop. However, Passport users were required to sign up for its Hotmail email service, and couldn’t initially enter payment information until they are about to make their initial purchase at a Passport-enabled merchant site. All of this is far too confusing for the average Internet shopper.

Web payment transactions can happen in any one of a number of ways: manually entered by a human via a point of sale (POS) terminal in a physical storefront, manually or electronically via a PC acting like a POS terminal, electronically from shopping cart software on a web site, or via an electronic Internet gateway into the banking network. I’ll discuss each in turn.

The POS technologies, both manual and automated systems, were the first attempts to connect the computer and banking worlds without having to alter either one significantly. Basically, these products, including two companies purchased by Cybercash Inc. (Tellan and ICVerify), sell software that runs on a Mac or Windows PC and mimics the standard physical POS terminal found in just about every retail bricks and mortar establishment. They communicate via a dial-up modem or via the Internet to send credit card information to the banking network, much the same way the physical POS terminal does.

If you want to start receiving payments quickly, take a closer look at these technologies and begin with at least manual processing. These methods will work for up to several dozen daily transactions.

The next step up is to install shopping cart software that has a link to the payment processing network. Mercantec Inc.’s SoftCart is one of the more popular and comes with modules to work with various Cybercash technologies as well as other systems. This is adequate for smaller catalogs (less than 200 items) but with storefronts with some programming expertise. The most complex and capable solution is to run your own copy of the Cybercash Cash Register software on your web site: this is for more complex sites with more expertise only.

As you can see, Cybercash Inc. has cornered the market for payment processing, offering a variety of technologies. Began in 1994 with Cybercoin, its own cyber-money, the company has constantly reinvented itself on almost a yearly basis. Earlier this year the company released its InstaBuy one-click network, which has several hundred merchants signed up but has been a limited success to date.

Given this shifting landscape, what should a web storefront operator do when it comes to accepting payments? If you sell digital content, then look into joining one or more of the one-click networks. And if you have shopping cart software already working on your storefront, first test out particular payment gateway technologies supported by the shopping cart software.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.