Chapter 2 : Electronic Data Interchange

2.1 Electronic Data Interchange

EDI can be defined as "the exchange of business data from one organisation's computer
application to the computer application of a trading partner".

The electronic data interchange process is the computer-to-computer exchange of business

documents between companies. Electronic data interchange (EDI) has dramatically changed the
manner in which inter organizational transactions are conducted. It replaces the faxing and
mailing of paper documents. The electronic exchange of transaction documents has had a
significant impact on business practices, particularly in the sales and purchase/ merchandising
functions of organizations.

EDI documents use specific computer record formats that are based on widely accepted
standards. However, each company will use the flexibility allowed by the standards in a unique
way that fits their business needs.

Electronic Data Interchange (EDI) is a system which allows document information to be

communicated between businesses, government’s structures and other entities. It is a set of
standards which creates a cohesive system within which all parties are able to electronically
exchange data information within a set of protocols.

Although it can be considered that EDI consists of only the actual conveyance of the document,
it is also seen as the implementation of the operating systems whereby EDI can be put into
practice. EDI is the data format of most electronic commerce transitions in the world. There are
other competing conveyance portals such as XML services, Internet and World Wide Web;
however, EDI remains the dominant data format.

The EDI standards describe structures that represent documents such as an invoice or shipping
order for a company. EDI sets up a system whereby businesses and other entities with non
compatible operating systems are able to communicate on the same “page”, so to speak. EDI
provides applications whereby a more efficient and environmentally friendly network is created
between communication partners. It allows a homogenous viewing of all documents put through
the system.

However, its potential is not just in creating automated system networks - as in for automatic re-
ordering. It enables companies to exchange information at a speedier rate, and ensure greater
security of delivery. Moreover, it creates a greater ability for businesses to become more efficient
and streamlined.

As EDI is a non-internet based information exchange system, it was assumed that it would
disappear when the Internet became more entrenched in society and business. However, EDI has
survived, and is used by many industries. EDI establishes a firm connection between businesses
that does not necessarily rely on Internet options. However, it can be used over the open Internet,
as is increasingly occurring. Electronic transmission began in the 1960s within the transport
industries. This change also required a parallel standardization of documentation. A committee
was formed to coordinate the development of translation rules among four existing sets of
industry-specific standards.

At about the same time, the United Kingdom was also developing its own standards for
documents called Tradacoms. These were later extended by the United Nations Economic
Commission for Europe, and were eventually accepted by about 2000 export organizations.
Problems arose when these two differing organizations of information attempted to exchange
information during trade. These information sets were largely incompatible, and required a
working party to begin to create a range of documents that were able to be internationally
understood and transmittable. Currently, EDI is used by thousands of companies throughout the
world, including companies in USA, UK, Australia, New Zealand and Singapore. It is because of
the advantages of reduced human interference and increased speed of processing that the EDI
system is favored by many corporations.

Adjuncts

EDI creates a system whereby companies, governments, and entities that work on different
computer systems to exchange information efficiently. EDI is a standardized format of relevant
data which can be transmitted from one computer system to another with minimal human
intervention. It is widely used and industry to transmit what would have formerly been sent as a
document, through the post. By utilizing EDI, the communication partners are able to send a
range of documents electronically, which provides and increased efficiency rate as well as
reduced paper expenditure. There are currently hundreds of “documents” that can be exchanged
electronically between multiple trading partners.

The Internet has allowed for an increased flow of these exchanges, rather than those allowed
through closed computer systems. EDI is a popular and efficient way to send and receive
documents that would otherwise be spending wasted days on the road in the back of a delivery
van. However, there is Value Added Network (VAN) used in this situation, and it is similar to a
post office. It is a middle man ‘warehouse’ where EDI documents can be storage until the
receiver is ready for them. This ensures that important documents do not bounce back to the
sender, or get lost in the tray.

Although VAN is used by many companies, and in particular the healthcare industry, many
EDI’s are being sent over the internet. However, as VAN’s provide a myriad of other services
such as retransmission of the document, provision of third party audit information, and acting as
a gateway for different transmission methods, handling telecommunications support etc., they are
quite popular within vicarious industries. Increasingly, EDI documents are being embedded into
other transmission vehicles such as XML, which is being seen as one way to reduce costs.
Although EDI originated in its current form in the United States, its’ origins can be seen
throughout international co-operative operations which require standardized manifests and
instructions.

2.2 Why adopt EDI?

EDI comes into its own when repetitive manual tasks are required to support a business
relationship; Electronic Data Interchange simply eradicates them by automating the
process and removing the paperwork element.

It increases accuracy by eliminating the re-keying of data. The quality of data is enhanced
by agreeing product codes, prices and location codes in advance.
 EDI also helps to cement customer/supplier partnerships by reducing the supply chain
costs associated with manual processing.

Adopting EDI makes your trading relationships more cost effective and easier to deal
with.

2.3 EDI benefits and drawbacks

EDI brings in many benefits to the organization such as reduced costs, faster turnaround, better
customer service, and in some firms strategic advantage over their competitors.

Benefit One: Remove document re-keying

By removing the manual keying of key business documents such as Orders, Invoices,
Acknowledgments and Dispatch Notes your company can benefit significantly from:

reduced labour costs

elimination of human keying errors

faster document processing

instant document retrieval

removal of reliance on the postal service.

Benefit Two: Eliminate paper

Paper-based trading relationships have some inherent disadvantages when compared with their
electronic trading equivalents:

stationery and printer consumable costs

document storage costs

 lost documents

postage costs.

Benefit Three: Reduce lead times and stockholding

Electronic trading documents can be delivered far more quickly than their paper
counterparts, thus the turnaround time from order to delivery can be reduced.

By using EDI for forecasting and planning, companies are able to get forward warning of
likely orders and plan their production and stock levels accordingly.

Companies receiving Advanced Shipping Notes or Acknowledgments know in advance

what is actually going to be delivered and are made aware of shortages so alternate
supplies can be sourced.

Integrating electronic documents means they can be processed much faster, again
reducing lead times and speeding up payments.
Benefit Four: Increase the quality of the trading relationship

Electronic trading documents, when printed, are much easier to read than copies faxed or
generated on multi-part stationery by impact printers.

Accurate documents help to ensure accurate supplies.

Batches of electronic documents are usually sequentially numbered, therefore missing

documents can easily be identified - saving companies the trouble of wading through
piles of paper.

Benefit Five: Competitive edge

Electronic Data Interchange (EDI) makes you attractive to deal with from your customers' point
of view, so in their eyes you are cheaper and more efficient to deal with than a competitor
trading on paper. Your costs will be lower because you will require less manpower to process
orders, deliveries or payments.

One drawback to EDI is that companies must ensure that they have the resources in place to
make an EDI program work; however, the need for buying and hiring these resources or
outsourcing them may be offset by the increased efficiency that EDI provides.

2.4 Data processing and EDI

One of the technological fields required to implement EDI is data processing. Data processing
allows the EDI operation to take information that is resident in a user application and transform
that data into a format that is recognizable to all other user applications that have an interest in
using the data. In the EDI environment, data processing will handle both outgoing and incoming
data, as depicted in figure below.
The user-defined files are the flat files that are produced by a business application. These files
may or may not be formatted by the user. These are the business files that need to be translated
into the X12 format.

The translation software is the software that maps the elements of a user-defined file into the
ANSI X12 or EDIFACT standard format. This software is available through commercial retailers
on various platforms from PCs to mainframes.

The mapping of the user-defined data elements into the translation software requires some skill
in mapping. The mapping itself requires knowledge of both the translation software and the EDI
standards being used so new mapping and processing rules can be set up for the translator. If a
new trading partner places no new requirements on the translator, the new trading partner is
simply set up under existing mapping rules. However, when the trading partner requires that
additional or different data fields be sent, a new mapping scheme needs to be identified and
associated with that trading partner.

EDI example

Here is an example of how the electronic data interchange process works.

A buyer prepares an order in his or her purchasing system and has it approved.

Next, the EDI order is translated into an EDI document format called an 850 purchase order.

The EDI 850 purchase order is then securely transmitted to the supplier either via the internet or
through a VAN (Value Added Network).
If the purchase order is sent using a VAN, then the buyer’s VAN interconnects with the
supplier’s VAN. The VANs make sure that EDI transactions are sent securely and reliably. The
supplier’s VAN ensures that the supplier receives the order.

The supplier’s computer system then processes the order.

Data security and control are maintained throughout the transmission process using passwords,
user identification and encryption. Both the buyer’s and the supplier’s EDI applications edit and
check the documents for accuracy.

The business process and EDI

Any business application that can be improved through paperless trading in a fast, efficient
environment is a good candidate for EDI. EDI is currently widely used by the airline industry,
banking industry, credit card industry, and auto industry. The current push in the EDI world
comes from companies who wish to trade with each other electronically--buyers and their
suppliers--hence the term "trading partners."

A typical small purchasing application

The business application depicted below is a simple purchasing application.

As shown above, the procurement process normally begins with the buyer being made aware of a
need within the organization to make a purchase. As soon as a need is established and precisely
described, the buyer begins the process of selecting the supplier that will be used. Routine items
may be purchased using suppliers that have already been contracted with. New items or high-
value items may require investigation by the buyer in selecting an appropriate supplier.

The buyer will select a preliminary group of suppliers and then employ the methods of
competitive bidding, negotiation, or a combination of the two to secure the final supplier. When
competitive bidding is used, the buyer issues an RFQ to the suppliers that the buyer might be
willing to do business with. Typically, the RFQ will contain the same basic information that will
be included on the purchase order.

When a supplier receives an RFQ that the supplier has an interest in bidding on, the supplier
issues a quotation to the buyer. The quotation will contain pricing information so the buyer can
do a price comparison between the suppliers. For instance, an RFQ might be issued for 200
gallons of white, latex-based paint. The supplier who is issuing a quotation may quote a price of
$????.??

Once a supplier has been selected, the purchasing department issues a serially numbered
purchase order. The purchase order itself becomes a legally binding contract. For this reason the
buyer will carefully prepare the purchase order and ensure that the wording is precise and
specific. Any drawings, diagrams, or related documentation that is necessary to precisely
describe the item being purchased will be incorporated or referenced in the purchase order.
Additionally any conditions or sampling plans will be stated precisely.

Normally a list of terms and conditions designed to give legal protection to the buyer on various
matters prescribed by law are incorporated in, or attached to, all purchase orders as boilerplate to
those orders. These boilerplate terms and conditions cover a wide range of concerns including,
contract acceptance, delivery performance and contract termination, shipment rejections,
assignment and contracting or the order, patent rights and infringements, warranties, compliance
with regulations, and invoicing and payment procedures.

Change orders are required when a company makes a change in the contract after a purchase
order has been issued. The buyer will issue the change order and, when accepted by the supplier,
the change order either supplements or replaces the original purchase order.
The original copy of the purchase order constitutes a legal offer to buy. The purchase contract
then comes into existence when the contract is performed or when formal acknowledgment of
acceptance of the offer is made.

Normal business methods suggest that the supplier may not bother to acknowledge the offer if
the items are immediately shipped to the buyer. When the items are not immediately shipped,
then the supplier should send the acknowledgment back to the buyer.

The supplier may acknowledge the buyer's order accepting the buyer's terms and conditions, or
may acknowledge and incorporate the supplier's own terms and conditions in the
acknowledgment. If the seller's terms are different than the buyer's, the law allows them to be
incorporated into the contract as long as they do not alter the buyer's intent or unless the buyer
files a written objection to the inclusion of new terms and conditions. In general, terms and
conditions that are in conflict between buyer and seller are excluded from the contract, leaving
the settlement to negotiation or suit. For this reason it is imperative that the buyer beware of the
terms and conditions in the order acceptance.

2.5 EDI Standards

Although communications and document standards are both critical, document standards are the
heart of EDI. Standards are a necessary part of EDI. Every business has application files that are
used to manipulate their data in ways that are familiar to the business. The problem is that most
businesses, though using the same types of data, do not use the same application programs or
hardware and software platforms. If businesses are to be able to communicate their data to one
another, they must have a common ground to meet on to allow the exchange of the information.
Standards are the solutions to this problem. All business that conforms to specific standards can
share data in the formats delineated by those standards.

ANSI ASC X12

The American National Standards Institute's Accredited Standards Committee X12 (ANSI ASC
X12) is the accepted standard for EDI transactions in the United States. The ANSI ASC X12
committee has the mandate to develop variable-length data formats for standard business
transactions. The committee was accredited in 1980, and the X12 standard has been evolving
ever since. One of the requirements placed on the committee was and is to keep the standard
open to interindustry applications. This requirement makes the standard more complex than an
industry-specific standard, but the advantages easily overcome the disadvantage of complexity.

With a single standard, a business has multiple functionality and only has to use one standard for
each business function.

EDIFACT

The International Standards Organization (ISO), an organization within the United Nations, has
developed the EDI standard that is used in Europe. The Electronic Document Interchange for
Administration, Commerce, and Transportation (EDIFACT) is the UN standard that the whole
world has agreed to eventually adopt. The actual implementation of EDIFACT within the U.S.
has been moving at a snail's pace. The standard appears to currently be taking the same route that
metric standards have taken. Everyone agrees that EDIFACT is the international standard, but
tried and true X12 standards are not abandoned in favor of EDIFACT.

2.6 Security
One of the major roles that are provided by the data communications technology is the ability to
apply security to EDI transactions so that the transactions will not be tampered with or observed,
depending on the level of security needed. The security modules that are discussed in this section
are depicted in below figure.

Confidentiality

Confidentiality requires that all communications between parties are restricted to the parties
involved in the transaction. This confidentiality is an essential component in user privacy, as well
as in protection of proprietary information and as a deterrent to theft of information services.
Confidentiality is concerned with the unauthorized viewing of confidential or proprietary data
that one or both of the trading partners does not want known by others. Confidentiality is
provided by encryption.

Encryption is the scrambling of data so that it indecipherable to anyone except the intended
recipient. Encryption prevents snoopers, hackers, and other prying eyes from viewing data that is
transmitted over telecommunications channels. There are two basic encryption schemes, private-
key and public-key encryption. Encryption, in general, is cumbersome and expensive.

Private-key encryption requires that both sending and receiving parties have the same private-
encryption keys. The sender encrypts the data using his key. The receiver then decrypts the
message using his identical key. There are several disadvantages to private-key encryption. In
order to remain secure, the keys must be changed periodically and the users must be in synch as
to the actual keys being used.

Public-key encryption is gaining wide spread acceptance as the preferred encryption technology.
With public-key encryption, a message recipient generates a matched set of keys, one public key
and one private key. The recipient broadcasts the public key to all senders or to a public location
where the key can be easily retrieved. Any sender who needs to send the receiver an encrypted
message uses the recipient's public key to encrypt the message. The private key, which is held in
private by the recipient is the only key that can decipher messages encrypted with the matched
public key. This schema requires that the private key cannot be generated from the public key.

Authentication

Both parties should feel comfortable that they are communicating with the party with whom they
think they are doing business. A normal means of providing authentication is through the use of
passwords.

The latest technology to provide authentication is through the use of digital certificates that
function much like ID cards. The digital certificate has multiple functions, including browser
authentication.
Data Integrity

Data sent as part of a transaction should not be modifiable in transit. Similarly, it should not be
possible to modify data in storage. Data integrity is a guarantee that what was sent by the sender
is actually what is received by the receiver. This is necessary if there is a need to ensure that the
data has not been changed either inadvertently or maliciously. However, authentication schemes
do not hide data from prying eyes.

Providing data integrity is generally cumbersome and not used unless one of the trading partners
requires it. The normal mechanism for acquiring data integrity is for the sender to run an
algorithm against the data that is being transmitted and to transmit the result of the algorithm
separately from the transmission. Upon receipt of the transmission, the receiver runs the identical
algorithm and then compares the results. If the results are identical, then data has not been
modified.

No repudiation

Neither party should be able to deny having participated in a transaction after the fact. The
current technology ensures this through the use of digital signatures.

Electronic signatures are the computerized version of the signature function. Signatures are
needed in some business applications for authorization purposes. For example, a contracting
officer may have a specified spending limit, say $25,000. If that contracting officer decides to
place an order for $30,000, the seller may not have the authority to fill the order because the
signature of the contracting officer's supervisor is needed on all orders over $25,000. The
authorization limits normally will have been agreed upon through a trading partner agreement.

A digital signature algorithm can be used to generate digital signatures. The digital signature
itself is used to detect unauthorized modification to data and to authenticate the identity of the
signature. The digital signature is also useful to the recipient as a nonrepudiation device whereby
the recipient can prove to a third party that the signature was in fact generated by the signatory.
Thus the signatory cannot repudiate the signature at a later date.
2.7 Future of EDI
EDI is well established as effective technology got reducing costs and increasing efficiency. EDI
technologies are approximately the same age as Internet technologies. In the past, the
technologies have been mutually exclusive, but this is rapidly changing. As the two
technological communities begin to merge and as the business community sees the advantages of
this merger, EDI and the Internet will eventually become ubiquitous.

EDI users are already seeing dramatic cost savings by moving their traffic from the traditional
VAN services to the Internet. As EDI working groups within the Internet Engineering Task
Force create interoperability standards for the use of EDI over the Internet and as security issues
are addressed, EDI over the Internet will be part of normal business. The EDI working group
already has a charter for an interoperability standard for process-to-process EDI. Once that
standard is in place, real-time EDI over the Internet will replace normal time-delayed, batch-style
interactions.
End Chapter Quiz

Q1. EDI stands for ____________________________.

a. Electronic Data Interface

b. E-Commerce Data Interface
c. Electronic Data Interchange
d. Electronic Document Interaction

Q2. The Electronic _______ is the UN standard that the whole world has
agreed to eventually adopt.

Q3. __________________ is the only main drawback of EDI.

Q4. _____________ is a system which allows document information to be

communicated between businesses, government’s structures and other
entities.

Q5 What is a digital signature?

a. An electronic signature based on public-key encryption

b. A password-protected email

c. Handwriting recognition technology

d. The way you sign your emails

 Chapter 4: Electronic Payment System

4.1 Introduction
The internet has played a vital and important part to encourage selling products and services
online which makes life convenient for the audiences, which in an inter-connected world, is well,
the whole world.

E-commerce has given rise to the concept of completely online shops selling products and
services, efficiently catalogued and available for the shopper’s convenience. There are several
websites that stock everything from lifestyle items, collectibles, books, electronic appliances etc.

One of the most important aspects of any online business is the ecommerce processing of
payment. Payment methods in the infancy stages of e-commerce weren’t much, and were limited
to online wire transfers or direct deposit.

Within the past decade, e-commerce has matured and grown exponentially. The result: now there
are many types of ecommerce payment methods available online. If your credit is bad and you
cannot afford a merchant account, there are alternative methods of payments on e-commerce
websites which can help you.

An e-commerce payment system facilitates the acceptance of electronic payment for online
transactions. Also known as Electronic Data Interchange (EDI), e-commerce payment systems
have become increasingly popular due to the widespread use of the internet-based shopping and
banking. In the early years of B2C transactions, many consumers were apprehensive of using
their credit and debit cards over the internet because of the perceived increased risk of fraud.
There are numerous different payments systems available for online merchants. These include
the traditional credit, debit and charge card but also new technologies such as digital wallets, e-
cash, mobile payment and e-checks. Another form of payment system is allowing a 3rd party to
complete the online transaction for you. These companies are called Payment Service Providers
(PSP), a good example is PayPal or WorldPay.

4.2 Conventional vs. Electronic Payment System

To get into the depth of electronic payment process, it is better to understand the processing of
conventional or traditional payment system. A conventional process of payment and settlement
involves a buyer-to-seller transfer of cash or payment information (i.e., cheque and credit cards).
The actual settlement of payment takes place in the financial processing network. A cash
payment requires a buyers withdrawals form his/her bank account, a transfer of cash to the seller,
and the sellers deposit of payment to his/her account. Non-cash payment mechanisms are settled
by adjusting i.e. crediting and debiting the appropriate accounts between banks based on
payment information conveyed via cheque or credit cards.

Above diagram is simplified diagram for both cash and non-cash transactions. Cash moves from
the buyers bank to sellers bank through face-to-face exchange in the market. If a buyer uses a
non-cash method of payment, payment information instead of cash flows from the buyer to the
seller, and ultimate payments are settled between affected banks, who notationally adjust
accounts based on payment information.

These methods have several shortcomings:

Checks and cash cannot be exchanged in real time

Credit and debit card info exchanged over the phone or by email entails security risks

Credit/debit cards do not support individual-to individual payment transactions

Some individuals do not have access to credit cards or checking accounts because of
credit history

The overhead of all but cash do not support low value transactions (micropayments)

4.3 Process of Electronic Payment System

Electronic payment systems have been in operations since 1960s and have been expanding
rapidly as well as growing in complexity. After the development of conventional payment
system, EFT (Electronic Fund Transfer) based payment system came into existence. It was first
electronic based payment system, which does not depend on a central processing intermediary.
An electronic fund transfer is a financial application of EDI (Electronic Data Interchange), which
sends credit card numbers or electronic cheques via secured private networks between banks and
major corporations. To use EFT to clear payments and settle accounts, an online payment service
will need to add capabilities to process orders, accounts and receipts. But a landmark came in
this direction with the development of digital currency. The nature of digital currency or
electronic money mirrors that of paper money as a means of payment. As such, digital currency
payment systems have the same advantages as paper currency payment, namely anonymity and
convenience. As in other electronic payment systems (i.e. EFT based and intermediary based)
here too security during the transaction and storage is a concern, although from the different
perspective, for digital currency systems double spending, counterfeiting, and storage become
critical issues whereas eavesdropping and the issue of liability (when charges are made without
authorizations) is important for the notational funds transfer. Figure below shows digital
currency based payment system.

In this figure, it is shown that intermediary acts as an electronic bank, which converts outside
money (e.g. Rupees or US $), into inside money (e.g. tokens or e-cash), which is circulated
within online markets. However, as a private monetary system, digital currency has wide ranging
impact on money and monetary system with implications extending far beyond more
transactional efficiency.

The main drawbacks to electronic payments are concerns over privacy and the possibility of
identity theft.
4.4 Types of Electronic Payment Systems
With the growing complexities in the e-commerce transactions, different electronic payment
systems have appeared in the last few years. At least dozens of electronic payment systems
proposed or already in practice are found. Electronic payment system can be broadly divided
into four general Types:

Online Credit Card Payment System

Electronic Cheque System

Electronic Cash System and

Smart Card based Electronic Payment System

4.4.1 Online Credit Card Payment System

It seeks to extend the functionality of existing credit cards for use as online shopping payment
tools. This payment system has been widely accepted by consumers and merchants throughout
the world, and by far the most popular methods of payments especially in the retail markets. This
form of payment system has several advantages, which were never available through the
traditional modes of payment. Some of the most important are: privacy, integrity, compatibility,
good transaction efficiency, acceptability, convenience, mobility, low financial risk and
anonymity. Added to all these, to avoid the complexity associated with the digital cash or
electronic-cheques, consumers and vendors are also looking at credit card payments on the
internet as one of possible time-tested alternative. But, this payment system has raised several
problems before the consumers and merchants. Online credit card payment seeks to address
several limitations of online credit card payments for merchant including lack of authentication,
repudiation of charges and credit card frauds. It also seeks to address consumer fears about using
credit card such as having to reveal credit information at multiple sites and repeatedly having to
communicate sensitive information over the Internet. Basic process of Online Credit Card
Payment System is very simple. If consumers want to purchase a product or service, they simply
send their credit card details to the service provider involved and the credit card organization will
handle this payment like any other.
4.4.2 Electronic Cheque Payment System
Electronic cheques address the electronic needs of millions of businesses, which today exchange
traditional paper cheques with the other vendors, consumers and government. The e-cheque
method was deliberately created to work in much the same way as conventional paper cheque.
An account holder will issue an electronic document that contains the name of the financial
institution, the payer‟s account number, the name of payee and amount of cheque. Most of the
information is in uncoded form. Like a paper cheques e-cheques also bear the digital equivalent
of signature: a computed number that authenticates the cheque from the owner of the account.
Digital chequing payment system seeks to extend the functionality of existing chequing accounts
for use as online shopping payment tools.

Electronic cheque system has many advantages:

they do not require consumers to reveal account information to other individuals when
setting an auction

they do not require consumers to continually send sensitive financial information over the
web

they are less expensive than credit cards and

they are much faster than paper based traditional cheque.

But, this system of payment also has several disadvantages. The disadvantage of electronic
cheque system includes :

their relatively high fixed costs,

their limited use only in virtual world and the fact that they can protect the users’
anonymity. Therefore, it is not very suitable for the retail transactions by consumers,
although useful for the government and B2B operations because the latter transactions do
not require anonymity, and the amount of transactions is generally large enough to cover
fixed processing cost.
The process of electronic chequing system can be described using this figure:

The steps are:

Step 1: a purchaser fills a purchase order form, attaches a payment advice (electronic cheque),
signs it with his private key (using his signature hardware), attaches his public key certificate,
encrypts it using his private key and sends it to the vendor.

Step 2: the vendor decrypts the information using his private key, checks the purchaser‟s
certificates, signature and cheque, attaches his deposit slip, and endorses the deposit attaching his
public key certificates. This is encrypted and sent to his bank.

Step 3: the vendors bank checks the signatures and certificates and sends the cheque for
clearance. The banks and clearing houses normally have a private secure data network.
Step 4: when the cheque is cleared, the amount is credited to the vendors account and a credit
advice is sent to him.

Step 5: the purchaser gets a consolidated debit advice periodically.

4.4.3 Electronic Cash Payment System

Electronic cash (e-cash) is a relatively new concept in online payment system because it
combines computerized convenience with security and privacy that improve on paper cash. Its
versatility opens up a host of new markets and applications. E-cash is an electronic or digital
form of value storage and value exchange that have limited convertibility into other forms of
value and require intermediaries to convert. E-cash presents some characteristics like monetary
value, storability and irretrievability, interoperability and security. All these characteristics make
it more attractive payment system over the Internet. Added to these, this payment system offers
numerous advantages like authority, privacy, good acceptability, low transactions cost,
convenience and good anonymity. But, this system of payment also has many limitations like
poor mobility, poor transaction efficiency and high financial risk, as people are solely
responsible for the lost or stolen. Just like real world currency counterpart, electronic cash is
susceptible to forgery. It is possible, though increasingly difficult, to create and spend forged e-
cash.

4.4.4 Smart Cards based Electronic Payment System

Smart cards are receiving renewed attention as a mode of online payment. They are essentially
credit card sized plastic cards with the memory chips and in some cases, with microprocessors
embedded in them so as to serve as storage devices for much greater information than credit
cards with inbuilt transaction processing capability.

This card also contains some kinds of an encrypted key that is compared to a secret key
contained on the users processor. Some smart cards have provision to allow users to enter a
personal identification number (PIN) code. Smart cards have been in use for well over the two
decades now and have been widespread mostly in Europe and Asian Countries. Owing to their
considerable flexibility, they have been used for a wide range of functions like highway toll
payment, as prepaid telephone cards and as stored value debit cards. However, with the recent
emergence of e-commerce, these devices are increasingly being viewed as a particularly
appropriate method to execute online payment system with considerably greater level of security
than credit cards.

Compared with traditional electronic cash system, smart cards based electronic payment systems
do not need to maintain a large real time database. They also have advantages, such as
anonymity, transfer payment between individual parties, and low transactional handling cost of
files. Smart cards are also better protected from misuse than, say conventional credit cards,
because the smart card information is encrypted.

4.5 eCommerce Processing

In order to accept credit cards and online payments, you need a processing system that can help
your site handle payment transactions without you being present. It is a good way to truly ensure
that you are automating your ecommerce web site, and provide for the convenience of your
customers.

eCommerce processing makes it possible for “card not present” transactions to take place over
the Internet. Since you are not actually taking a physical card and swiping it during the sale, you
need special tools to help you accomplish the sale. This is where ecommerce processing comes
in.

4.6 Payment Gateway

A payment gateway is an e-commerce application service provider service that authorizes
payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. It is
the equivalent of a physical point of sale terminal located in most retail outlets. Payment
gateways protect credit card details by encrypting sensitive information, such as credit card
numbers, to ensure that information is passed securely between the customer and the merchant
and also between merchant and the payment processor.

It is a service that automates the payment transaction between the shopper and merchant. It is
usually a third-party service that is actually a system of computer processes that process, verify,
and accept or decline credit card transactions on behalf of the merchant through secure Internet
connections. The payment gateway is the infrastructure that allows a merchant to accept credit
card and other forms of electronic payment. When referring to payment gateways used for
Internet transactions, it may also be called an IP payment gateway.

Some of the main features of a payment gateway include:

Software application designed especially for ecommerce, although it can be used to

authorize payments in traditional brick and mortar businesses.

Encryption of payment and personal data.

Communication between the financial institutions involved and the business and the
customer.

Authorization of payments.

Some payment gateways feature tools that can help your customers figure out shipping and
handling costs, as well as sales tax. There are also fraud detection tools and other features that
can be used with a payment gateway. Many ecommerce Web hosts offer payment gateways as
part of their hosting packages.

4.6.1 Working of Payment Gateways

A payment gateway facilitates the transfer of information between a payment portal (such as a
website, mobile phone) and the Front End Processor or acquiring bank. When a customer orders
a product from a payment gateway-enabled merchant, the payment gateway performs a variety of
tasks to process the transaction:
A customer places order on website by pressing the 'Submit Order' or equivalent button,
or perhaps enters their card details using an automatic phone answering service.

If the order is via a website, the customer's web browser encrypts the information to be
sent between the browser and the merchant's webserver. This is done via SSL (Secure
Socket Layer) encryption.

The merchant then forwards the transaction details to their payment gateway. This is
another SSL encrypted connection to the payment server hosted by the payment gateway.

The payment gateway forwards the transaction information to the payment processor
used by the merchant's acquiring bank.

The payment processor forwards the transaction information to the card association (i.e.,
Visa/MasterCard)

If an American Express or Discover Card was used, then the processor acts as the issuing
bank and directly provides a response of approved or declined to the payment gateway.

Otherwise, the card association routes the transaction to the correct card issuing bank.

The credit card issuing bank receives the authorization request and sends a response back
to the processor (via the same process as the request for authorization) with a response
code. In addition to determining the fate of the payment, (i.e. approved or declined) the
response code is used to define the reason why the transaction failed (such as insufficient
funds, or bank link not available)

The processor forwards the response to the payment gateway.

The payment gateway receives the response, and forwards it on to the website (or
whatever interface was used to process the payment) where it is interpreted as a relevant
response then relayed back to the cardholder and the merchant.

The entire process typically takes 2–3 seconds

The merchant submits all their approved authorizations, in a "batch", to their acquiring
bank for settlement.
 The acquiring bank deposits the total of the approved funds in to the merchant's
nominated account. This could be an account with the acquiring bank if the merchant
does their banking with the same bank, or an account with another bank.

The entire process from authorization to settlement to funding typically takes 3 days.

Many payment gateways also provide tools to automatically screen orders for fraud and calculate
tax in real time prior to the authorization request being sent to the processor.

4.6.2 Popular payment gateway providers

Third party providers all services that allow customers to pay cash, or access their bank accounts,
without sharing information. Below mentioned are some payment providers that are more
popular than others. These include:

PayPal

Google Checkout

2Checkout

Authorize.net

Cyber Source

LinkPoint

The selection of the gateway depends on one’s needs, as well as what they can afford. One might
find that simply integrating PayPal or Google Checkout does the trick, even though it may not be
customizable. In some cases, it is worth your while to choose a more expensive company and a
programmer that can help you integrate your payment gateway in a more personal manner.

PayPal

PayPal has grown in recent years to be one of the most popular methods of online payment.
Thousands of businesses accept PayPal payments – even if they are not on eBay.
PayPal has grown to accommodate so much more than eBay transactions. PayPal has a range of
payment services that can help you accept a number of payments, including credit and debit
cards, as well as accepting eCheck and PayPal payments.

Paypal allows anyone to send and receive payments for both online and offline goods. The best
thing about Paypal is its ease of use and no verification bounding of credit rating. All that one
needs to do is verify their address and personal information. Paypal account holders can simply
divert their customers to a PayPal order checkout page, or if the type of Paypal account allows it,
payment can be done directly into a PayPal account using only the email address tied to the
account like payments(at the rate)abccompany.com.

For customers, this can be rather desirable. It allows them to use PayPal as a means of payment if
they wish. Many savvy Internet shoppers know that the more places they give their personal
payment information, the more vulnerable they are. Being able to simply use PayPal for their
transactions, without having to give out a credit card or bank account number can bring peace of
mind.

PayFlow payment gateway

PayPal offers an interesting payment gateway that is almost like many traditional gateways.
Indeed, the pricing on PayFlow is much like what you would find with traditional payment
gateways:

Setup fee: Between $179 and $249.

Monthly fee: Between $19.95 and 59.95

Transaction fee: 10 cents

Indeed, the pricing is so similar to other payment gateways that the only real savings comes with
the transaction fee, which is always a flat fee, without a percentage of the sale. However, unlike
many payment gateways, PayFlow does offer a virtual terminal included in the price for orders
taken by mail, fax or phone.
Other PayPal merchant options

PayFlow payment gateway is not the only payment solution offered for PayPal. Indeed, it is
possible to enjoy less expensive options through PayPal. The other options from PayPal do not
require a setup fee, and the only other solution to charge a monthly fee is Website Payments Pro.
All of the other PayPal payment gateway service options have transactions fees of 1.9%-2.9% +
30 cents. In some cases, it may be worth it to consider one of the other solutions offered, other
than PayFlow:

1. Email payments: Allows you to accept payments online – even if you do not have a Web
site for your business. Customers are routed to PayPal to complete the purchase.

2. Website Payments Standard: Very easy way to allow customers to shop on your business
Web site and make payments. Purchase is completed on the PayPal Web site.

3. Website Payments Pro: This is a merchant account service that can help you accept debit
and credit cards, as well as other forms of payment, on your ecommerce Web site.

4. PayPal Express Checkout: Features a three click checkout process that makes things
faster and easier for your customers. Customers must complete the transaction on the
PayPal site. This is the only option that requires that your customers have a PayPal
account in order to make payments for your goods and services.

PayPal merchant services and payment gateway options all comes with a certain level of fraud
protection. Also, you will be able to accept any major credit card, and even accept eChecks and
PayPal payments. This offers your customers a number of choices and makes things more
comfortable for them.

PayPal: One of the most popular online payment options

Because customers do not have to be members of PayPal in order to complete transactions when
you use a PayPal payment gateway, it is possible to serve just about anyone. The versatility is
one of the reasons that PayPal is so popular as a payment provider. Transactions are secure, and
it is generally easy to set-up and integrate PayPal payment options.
One of the main complaints that PayPal users have has to do with the way disputes are settled.
There is generally some dissatisfaction with this. Also, with some of the PayPal payment
solutions, it is difficult to issue a refund. You would have to get of the more traditional merchant
account options in order to properly engage in needed chargebacks.

Overall, though, many businesses use PayPal because of its widespread popularity. Before you
make a decision, however, it is important to consider your business and decide what would work
best in your particular circumstance.

Google Checkout

This service is run by Google, owner of the famous search engine. Google checkout is fast
becoming a popular and favorite payment method for many e-commerce website owners. The
reasons, for starters are that the service is user friendly, easy to use and extremely reliable. When
you think from the business owner’s end, Google Checkout typically charges less merchant fees
than Paypal.

Although Google Checkout is not exactly a payment gateway it is a way for you to accept credit
card payments from online customers. In our Google Checkout review we cover the pros and
cons, and compare Google Checkout with other payment options.

As more and more people do their shopping online, businesses are finding that they need to offer
payment options that are easy and convenient to use. One of the payment options growing in
popularity is Google Checkout. Google Checkout is not exactly a payment gateway. However, it
does facilitate payment from customers. Customers can use credit or debit card in order to pay.
Indeed, Google works in such a way that customers can leave their personal payment
information with Google Checkout, and they do not have to enter in at other Web sites – as long
as that site accepts Google Checkout.

Advantages of Google Checkout

There are a number of advantages associated with accepting Google Checkout. First of all is the
ease. It is relatively easy to set up and integrate with your ecommerce Web site. But the most
pressing concern to many people is the cost. Google Checkout does not charge any gateway, set
up or monthly fees. The only fees charged are transaction fees. These are figured according to
how much money you transact in sales using Google Checkout. Here is the breakdown of fees
charged by Google Checkout:

1. Less than $3,000 per month: 2.9% of each transaction, plus $0.30.

2. $3,000 to $9,999.99 per month: 2.5% of each transaction, plus $0.30.

3. $10,000 to $99,999.99 per month: 2.2% of each transaction, plus $0.30.

4. More than $100,000 per month: 1.9% of each transaction, plus $0.30.

You can see that the price is much lower than many traditional payment gateways. However,
there may not be some features and services available with Google Checkout that you might be
able to enjoy if you paid for a more expensive gateway. However, for many small businesses,
this is an ideal option.

The other advantage of Google Checkout is its integration with AdSense. If you are an AdSense
customer, you can connect your Google Checkout account to your AdSense account. This means
that the earnings you get through AdSense and AdWords can be used to offset your fees.
Conversely, any advertising that you need to pay for on your end can be funded through your
Google Checkout. Many people find that they are essentially getting Google Checkout fee-free
because their ad program earnings defray the cost.

Another advantage to having Google Checkout is that you will have a badge that appears next to
your search results and in your Google ads. This means that people will see automatically that
you accept Google Checkout when your business comes up in search. This can be an advantage,
since some people specifically prefer to shop with merchants that accept their alternative
methods of payment.

Amazon payment gateway

Amazon offers a payment service for sellers and affiliates of Amazon, as well as services for
those on other Web sites. For those that sell on Amazon, the payment system is extremely easy
to use. It is integrated with your seller account, and it can even work with Amazon fulfillment in
the case that you rely on Amazon to ship the items that you sell. The Amazon account can also
be used in conjunction with the commissions you might get as part of an affiliate selling Amazon
products and services.

For those businesses that are not exactly affiliated with Amazon, but would still like to take
advantage of a trusted and inexpensive payment service provider, there are options as well. You
can accept payments through the Amazon Pay Now widget or through some other means. This
process brings the buyer to the Amazon site, where they can use their Amazon account to pay for
purchases at your Web site. For customers, this can bring peace of mind, since many savvy
online shoppers do not like to leave personal payment information at multiple sites.

Pricing for the Amazon payment gateway

Pricing for Amazon payment gateway services is relatively reasonable. Indeed, it is faster than
most traditional payment gateways. Basically, Amazon has this fee structure for sellers and
online businesses that use its services:

On transactions that are greater than ten dollars, Amazon charges 2.9% + 30 cents.

For transactions that are less than ten dollars, there is a 5% + 5 cents fee.

There are volume discounts for different monthly transaction amounts at the $3,000 -
$10,000 level, the $10,000 - $100,000 level and the $100,000+ level.

While some of the per-transaction fees are about the same as other payment gateway services,
the savings come in with regard to other fees – or the lack of them. Amazon payment services do
not require start-up fees or monthly charges. Additionally, you do not have to sign any long-term
contracts. There are no charges beyond the per-transaction fee. Most traditional payment
gateway services have minimums and monthly charges, as well as other fees.
4.7 Merchant Accounts
Payment gateways and merchant accounts are similar, lets discuss differences. If you want to
accept credit card payments online, you will generally need an internet merchant account. This
type of bank account is specifically designed to allow you to accept online payments.

Merchant accounts are bank accounts set up specifically for receiving credit card payments, such
as those processed through a payment gateway. Online stores need an internet merchant account.
Many banks prefer to give merchant accounts to brick-and-mortar businesses, those with a
physical store, rather than those that are solely online, so those with online-only stores may have
to shop around to find an internet merchant account. Some merchant accounts are also regular
bank accounts, while others simply accept the payment and then deposit into another business
account for you.

You will probably have to go through a third party to get a merchant account unless you are a
very large business. Merchant accounts may come as part of an eCommerce package or in
conjunction with a shopping cart or payment gateway, or merchants can establish one on their
own. If you do get a merchant account separately, make sure that it is compatible with your
payment gateway and shopping cart software.

It is important to read the details of a merchant account carefully to avoid being surprised by
unexpected fees. It is also wise to do some research about the merchant account bank to make
sure it has a good reputation and is legitimate.

Banks that offer merchant accounts make a portion on their profits through fees, some of which
may be clearer than others.

Some fees a merchant account may be charged include:

Annual fees, charged yearly to keep the account open. In some cases, these fees may be
waived if the merchant does a certain amount of business or keeps a minimum balance
above a certain amount.

Authorization fees may be charged for each transaction.

 Batch fees for processing payments. A batch is all the transactions for one day, and some
accounts charge for processing the batch. A batch must be settled each day or higher fees
will be imposed.

Minimum monthly fees may set, where the account will be charged a set minimum fee
every month unless their transaction fees total a higher amount.

Chargeback fees occur, for instance, if the merchant charges a customer incorrectly.

Early termination fees may exist if a customer has a contract with a merchant account
bank for a certain amount of time and cancels before the contract is over.

You can expect to go through an application process to get a merchant account just as you might
for setting up other kinds of bank accounts. You may need to provide proof that you are a
legitimate business as well as have a credit check.

It is often easiest to get a merchant account as part of an eCommerce package, but it is still
important to make sure that the account meets your needs and that you understand all the fees
and they seem reasonable. Don't hesitate to ask questions about anything that seems unclear to
you, and to shop around until you find an internet merchant account you feel comfortable with.

4.8 Electronic bill presentment and payment (EBPP)

Electronic bill presentment & payment (EBPP) is a form of electronic billing in which a
company presents (sends) its bills and customers pay these electronically over the Internet. It is a
fairly new technique that allows consumers to view and pay bills electronically. There are a
significant number of bills that consumers pay on a regular basis, which include: power bills,
water, oil, internet, phone service, mortgages, car payments etc. EBPP systems send bills from
service providers to individual consumers via the internet. The systems also enable payments to
be made by consumers, given that the amount that appears on the e-bill is correct.

The biggest difference between EBPP systems and the traditional method of bill payment, is that
of technology. Rather than receiving a bill through the mail, writing out and sending a check,
consumers receive their bills in an email, or are prompted to visit a website to view and pay their
bills.

Three broad models of EBPP have emerged. These are:

1. Consolidation, where numerous bills for any one recipient are made available at one Web
site, most commonly the recipient's bank. In some countries, such as Australia, New
Zealand and Canada, the postal service also operates a consolidation service. The actual
task of consolidation is sometimes performed by a third party, and fed to the Web sites
where consumers receive the bills. The principal attraction of consolidation is that
consumers can receive and pay numerous bills at the one location, thus minimising the
number of login IDs and passwords they must remember and maintain.

2. Biller Direct, where the bills produced by an organisation are made available through that
organisation's Web site. This model works well if the recipient has reasons to visit the
biller's Web site other than to receive their bills. In the freight industry, for example,
customers will visit a carrier's Web site to track items in transit, so it is reasonably
convenient to receive and pay freight bills at the same site.

3. Direct email delivery, where the bills are emailed to the customer's In Box. This model
most closely imitates the analog postal service. It is convenient, because almost everyone
has email and the customer has to do nothing except use email in order to receive a bill.
Email delivery is proving especially popular in the B2B market in many countries.

Major providers of outsourced bill production services have developed facilities to process bills
through consolidation, biller direct and email delivery services, thus enabling major billers to
have all their bills, paper and electronic, processed through the one service. Niche service
providers in many countries provide one or two of these models, but generally do not integrate
with paper bill production.

Types of EBPP

Biller-direct - This refers to an approach in which consumers make payments directly to

one biller that issues bills that they receive at the website of the firm that issued the bill.
An example would be of a public utility company offering this payment service to its
 consumers. A market has emerged for outsourced billing providers who specialize in
electronic billing processes and technology for companies that need to send bills directly
to their customers. Examples of billing outsourcing specialists are InfoSend, Inc and
Billtrust.

Bank-aggregator - The approach under this model is to make payment at an aggregator or

consolidator site, usually from a consumer's bank’s website. This model allows the
consumer to make payments to multiple billers that are pre-registered to receive
payments. An example in the UK is OneVu and Getitkeepit in Ireland.

Parties involved

Billers, bankers, aggregators and consolidators implementing EBPP can play various roles in the
overall EBPP process. Once roles are defined, it is easier to identify which model is most
appropriate for the client's EBPP strategy. Billers may also implement more than one model in
order to best serve their clients. Because the industry is continuously changing and redefining,
the options and opportunities for EBPP will continue to expand.

Biller payment provider (BPP) - An agent of the biller that accepts remittance
information on behalf of the Biller.

Biller service provider (BSP) - An agent of the biller that provides an EBPP service for
the Biller.

Consolidator - A biller service provider that consolidates bills from multiple Billers or
other bill service providers (BSPs) and delivers them for presentment to the customer
service provider (CSP).

Customer service provider (CSP) – An agent of the customer that provides an interface
directly to customers, businesses or others for bill presentment. CSP enrolls customers,
enables presentment and provides customer care, among other functions.
4.9 VeriSign Review
Having a merchant account or payment gateway to process and protect online credit card
payments is essential to any online business. VeriSign's payment gateway was acquired by
PayPay.

When shopping online, customers want to know that they are safe. They want to know that the
transactions they make with your Web site are secure, and that they are not likely to have
information stolen by a third party. One of the most trusted names in payment gateway security
is VeriSign. VeriSign helps protect payment gateways through encryption. It is true that
VeriSign used to have its own payment gateway, but it was acquired by PayPal. But, even
though VeriSign no longer offers a payment gateway, it does help keep all sorts of Web site
payment gateways secure.

VeriSign security certificates

VeriSign uses an encryption method call Secure Socket Layer (SSL) to encode messages. When
you enter your information for a transaction, it is scrambled so that third parties who might
intercept it can’t read it. The seller’s Web site has the proper key to decode the message and get
the information. SSL encryption is also used by payment gateways to encode it when it is being
sent to banks for authorization.

You usually have to pay for your own security certificate. However, in some cases it is possible
to sign on to the certificate offered by your ecommerce Web host. This is usually cheaper, but it
means that you cannot take the certificate with you when you change Web hosts. If you want
your own validation, you will have to pay more for your own certificate. Here are some of the
offerings from VeriSign in terms of SLL certifications:

Secure Site Pro with EV: This is the most secure certificate. It comes with a warranty of
up to $250,000 and offers a minimum of 128-bit encryption and up to 56-bit. The cost for
one year is $1,499. For two years, it costs $2,695. Extended validation (EV) is included.
 Secure Site Pro: This is also a highly rated in terms of security, with the 128 – 256 bit
encryption strength. However, it is without the extended validation. It is possible to get
this validation for one, two or three years for $995, $1,790 and $2,480, respectively.

Secure Site with EV: The security level on this is less than the Secure Site Pro with EV,
but still pretty good. This product still has the extended validation. You can get a one
year validation for $995 or a two year for $1,790.

Secure Site: Offers the features of Secure Site EV, but without the EV. Available in
validations of one, two or three years. This is the least expensive options, with the prices
ranging from $399 for one year to $995 for three years. However, the security could be a
minimum 40 bit encryption. This isn’t bad, but it’s not that great, either.

In any case, it is important to have some sort of a security certificate for your business Web site.
Most online shoppers will check to see if you are adequately protected. The VeriSign name is
one that can be trusted, and customers will have peace of mind when they shop on your site if
you have validation prominently displayed. However, it is up to you to do your research and
decide what level of security and validation you want, as well as whether you want your own
certificate or whether you share with your ecommerce Web host.
End Chapter Quiz

Q1. What are plastic cards the size of a credit card that contains an embedded chip on which
digital information can be stored?

a. Customer relationship management systems cards

b. E-government identity cards

c. FEDI cards

d. Smart cards

Q2. Which of the following is used in B2B to pay for purchases?

a. e-commerce

b. financial electronic data interchange

c. electronic data exchange

d. electronic checks

Q3. An agent of the biller that accepts remittance information on behalf of the Biller is

a. Biller payment provider (BPP)

b. Biller service provider (BSP)

c. Consolidator

d. Customer service provider (CSP)

Q4. Name three popular payment gateway providers : ____, ____, ________.

Q5. _____________ is a form of electronic billing in which a company presents (sends) its
bills and customers pay these electronically over the Internet.