Trade has always been one of the main spheres of human activity acquiring new forms as it developed through time. Nowadays one of the widespread forms of trade is electronic commerce, or Ecommerce, which consists in selling and buying goods and services over the Internet. With the growth and popularization of the World Wide Web, Ecommerce has flourished due to certain advantages it offers: firstly, it saves the time and effort of customers, allowing to quickly choose and order the needed product without making one’s way to an in-real-life store; secondly, it saves customers’ money due to the fact that prices can be kept comparatively low as there is no need for the store-holder to pay the rent for the saleroom and to pay salary to salespeople; and thirdly, owing to an extensive delivery system, there is no necessity to travel to the other end of the world to get a certain product — one can easily order it from home and have it delivered safe and sound. However, one should bear in mind certain risks connected with online deals, and one of the biggest hazards concerns online payments. When an online transaction is carried out, both the seller and the buyer can become victims of fraud and illegal action, and it is the objective of the present paper to focus on the measures the leading online trading companies undertake in order to protect themselves during financial operations.
Before permitting the usage of a credit card as a payment option, companies often require certain information about the customer. This process is often called “pre-authorization”, and the data required by the sellers is often checked for validity. For instance, Amazon.com and Barnes&Noble websites perform verification of address via the postal service database. If there is a mismatch, further actions are not allowed. For the purpose of protecting customers’ private information a special Secure Transaction Technology (STT) is used on veritable websites. To find out whether the webpage is protected or not, one should take a look at the URL, the page is a protected one and all the data will be specially encoded so that it cannot be fished out easily. In addition there can be a so-called padlock graphic in the URL — that is a VeriSign Secured Seal which can be easily recognized by users. The data required by online shops in first place is displayed in the following table:
Table 1. Information required from the customer during pre-authorization
Further on this information is used for shipping and billing purposes. In case when shipping and billing addresses are different, the customer is required to state so and provide both of them.
The next stage directly concerns the transaction itself and deals with the credit card information that is entered by the customer (cf. Table 2).
Table 2. Credit card information necessary to complete the transaction
Once the credit card data is submitted, the payment processor checks the information with the cardholder’s bank, specifically paying attention to the following points: whether the credit card of a certain number has actually been issued, whether the security code (the last three italicised digits on the signature strip on the back of the card) matches and whether the expiry term still allows to use the card.
In order to make online transactions safe for themselves, the selling companies often buy a merchant account, which provides them with a protected payment gateway, and use special credit card processing programmes such as Authorize.Net (used by QualityBooks.com) which furnishes a whole variety of services, including secure (SSL) order page and protection against fraudulent transactions with the Address Verification Service (AVS). The following table illustrates the features used by the webstores under consideration for lowering various types of risks connected with online transactions:
Table 3. Features lowering online transactions risks
And finally, for securing the payment it is necessary to authenticate the cardholder’s identity. This is normally done by requiring the email and password of the user at the very beginning of the deal. However, taking into account the risks of phishing the aforementioned data, Amazon.com is starting to introduce a new way of identity authentication: via the order history. Such a system allows to maintain the needed level of security (as order information should be available to customer only) as well as stay flexible enough (as long as the customer makes new orders thus changing the order history). Moreover, such systems as Verified by Visa (VbV) and MasterCard SecureCode (MCSC) for MasterCard and Maestro allow cardholders to identify themselves to their card issuer using a password when shopping online.
Table 4. Ways of authenticating cardholder identity
Obviously, despite all its advantages, electronic commerce still bears the dangers of fraud and is characterized by insecurity both for the buyer and for the seller. Multiple steps on the way to safety have been undertaken by programmers developing special protocols, firewalls and other measures which would prevent phishing and other risks for the participants of online trade. When creating a webstore it is important to take advantage of most available security measures as it would increase the level of customers’ trust and, as a result, raise the general profit of the company.