December 5th, 2003, 07:55 AM
The credit card is an evolutionary approach as they have been in use for long time. The credit card protection on electronic network is improved by using PIN number during the transaction. The scheme is also easy to implement as most users and merchants are familiar with the procedures. the transaction is given below:
Ø Customer order an item, web store and the merchant provide an invoice/bill.
Ø Customer offers to pay through credit card and the credit card number is passed on to the bank. The merchant does not access to the credit card number.
Ø The bank verifies the availably often from the credit card issuer and informs the merchant.
Ø The merchant conforms the transaction, ships the goods, and informs the customer about the shipping information.
The customer collects the goods and the information on the delivery goes to the merchant
Ø Merchant informs the bank to collect the money and provide the credit card receipt.
Ø Bank collects the money from credit card issuer.
Ø Credit card issuer bills the customer.
Ø E-credit card is more secure than the conventional card as the credit card data of the customer is not available to t he merchant unlike the conventional system.
Ø The credit card payment to the merchant can be almost instantaneous as the merchant to the bank can provide the credit card receipts immediately.
Ø Lost of credit card information on the network.
Ø Non-repudiation not available.
Secure Electronic Transaction (SET) Protocol:
The Secure Electronic Transaction protocol defined in 1996 and which is still undergoing changes, provides a secure environment for use of credit card on internet. The SET addresses the following requirements of e-commerce
Ø It verifies the merchant’s and gateway certificates by traversing the trust chain.
Ø It verifies the merchant’s signature by decrypting it using the public key of the merchant. It verifies the message digest.
Ø It creates the order information and the payment instructions and transmits it to the merchant.
Ø It includes the purchaser’s signature certificate with the order.
Ø It computes a duel message digest. The message digests are computed independently for order information and the payment instructions. These message digests are concatenated and a new message digest is computed. The new message digest and the order information and the payment instructions are encrypted with the private key of the purchaser.
Ø It generates a random symmetric encryption key.
Ø It encrypts the duel signed payment instructions with random symmetric encryption key.
Ø The symmetric random encryption key and the credit card number are encrypted together using the gateway’s key. This will ensure that the payment gateway alone can decrypt the payment information.
Ø The merchant server program verifies the cardholder’s certificate, message digest.
Ø The merchant server forwards the payment instructions to payment gateway for authorization.
Ø Generates the conformation of the purchase order enclosed merchant certificate, generates message digest, and encrypts with merchant’s private key and al this is sent to the purchaser
Future of Electronic Commerce (Some Concerns)
Electronic Commerce is expected to evolve into some shape with in the next two years and the response from the society will be known over the next five years. The uncertainty in its evolution is because of a number of questions that come to our mind. Probably we may neither be able to answer the questions nor influence the system. So we have to wait and see how the e-commerce emerges. The concerns are put in the form of questions in brief and are as follows:
Ø Would some banks issue e-cash for all the countries/currencies
Ø The creation of money by a number of originations outside the purview of the governments is envisaged. Does it create a parallel economy and be treat to the controlled economy.
Ø How do we protect the common people when such banks collapse? Whose responsibility is the protection?
Ø Can we trade freely with national restrictions? Restrictions are in terms of materials that can be imported and exported and the foreign exchange availability.
Ø Can money be siphoned out of the countries through this unrestricted e-commerce?
Ø Would the trade balance shift heavily in favor of industrialized countries?
Ø Can governments collect taxes with any certainty the ease of e-commerce transactions?
Ø How do we resolve the dichotomy between security, anonymity?
Ø Do majority of people have the basic expertise to understand and handle e-commerce transactions?
Ø Are there not too many players in every transaction>
Ø Who will decide the future scenario?
Ø Do we have the laws in place to handle the e-commerce based disputes?
Some Tips for saving yourself from “e-fraud”:-
The FTC encourages you to make sure your transactions are secure and your personal information is protected. Although you can't control fraud or deception on the Internet, you can take steps to recognize it, avoid it and report it. Here's how.
· Use a secure browser - software that encrypts or scrambles the purchase information you send over the Internet - to guard the security of your online transactions. Be sure your browser has the most up-to-date encryption capabilities by using the latest version available from the manufacturer. You also can download some browsers for free over the Internet. When submitting your purchase information, look for the "lock" icon on the browser's status bar to be sure your information is secure during transmission.
· Keep your personal information private. Don't disclose your personal information - your address, telephone number, Social Security number, bank account number or e-mail address - unless you know who's collecting the information, why they're collecting it and how they'll use it.
· Give payment information only to businesses you know and trust, and only when and where it is appropriate - like an order form. Never give your password to anyone online, even your Internet service provider. Do not download files sent to you by strangers or click on hyperlinks from people you don't know. Opening a file could expose your system to a computer virus or a program that could hijack your modem.
· Keep records of your online transactions and read your e-mail. Merchants may send you important information about your purchases.
· Review your monthly credit card and bank statements for any errors or unauthorized purchases promptly and thoroughly. Notify your credit or debit card issuer immediately if your credit or debit card or checkbook is lost or stolen, or if you suspect someone is using your accounts without your permission.
Report Problems Immediately:-
The Fair Credit Billing Act (FCBA) and Electronic Fund Transfer Act (EFTA) establish procedures for resolving errors on credit and bank account statements, respectively, including:
· credit charges or electronic fund transfers that you - or anyone you've authorized to use your account - have not made;
· credit charges or electronic fund transfers that are incorrectly identified or show the wrong amount or date;
· computation or similar errors;
· a failure to properly reflect payments or credits, or electronic fund transfers;
· not mailing or delivering credit billing statements to your current address, as long as that address was received by the creditor in writing at least 20 days before the billing period ended; and
· credit charges or electronic fund transfers for which you request an explanation or documentation, because of a possible error.
For credit: The FCBA generally applies to "open end" credit accounts - that is, credit cards and revolving charge accounts, like department store accounts. It does not apply to loans or credit sales that are paid according to a fixed schedule until the entire amount is paid back, like an automobile loan.
Under the FCBA, your liability for lost or stolen credit cards is limited to $50. Notify your card issuer promptly upon discovering the loss. Many companies have toll-free numbers and 24-hour service to deal with such emergencies. Follow up with a letter. Write to the creditor at the address given for "billing inquiries," not the address for sending your payments, and include your name, address, account number and a description of the billing error. Send your letter so that it reaches the creditor within 60 days after the first bill containing the error was mailed to you. And if you send your letter by certified mail, return receipt requested, you'll have proof that the creditor received it. Include copies (not originals) of sales slips or other documents that support your position. Keep a copy of your dispute letter.
The creditor must acknowledge your dispute in writing within 30 days after it is received, unless the problem is resolved within that period. The creditor must conduct an investigation and either correct the mistake or explain why the bill is believed to be correct, within two billing cycles (but not more than 90 days), unless the creditor provides a permanent credit instead. You may withhold payment of the amount in dispute and any related finance charges and the creditor may not take any action to collect that amount during the dispute.
For debit: The EFTA applies to electronic fund transfers - transactions involving automated teller machines (ATMs), debit cards and other point-of-sale debit transactions, and other electronic banking transactions that can result in the withdrawal of cash from your bank account.
Under the EFTA, if there is a mistake or unauthorized withdrawal from your bank account through the use of a debit card, or other electronic fund transfers, you must notify your financial institution of the problem or error not later than 60 days after the statement containing the problem or error was sent. Although most financial institutions have a toll-free number to report the problem, you should follow up in writing. For retail purchases, your financial institution has up to 10 business days to investigate after receiving your notice of the error. The financial institution must tell you the results of its investigation within three business days of completing its investigation. The error must be corrected within one business day after determining the error has occurred. If the institution needs more time, it may take up to 90 days to complete the investigation - but only if it returns the money in dispute to your account within 10 business days after receiving notice of the error, while it reviews your concerns.
If someone uses your debit card, or makes other electronic fund transfers, without your permission, you can lose from $50 to $500 or more, depending on when you report the loss or theft. If you report the loss within two business days after you discover the problem, you will not be responsible for more than $50 for unauthorized use. However, if you do not report the loss within two business days after you realize the card is missing, but you do report its loss within 60 days after your statement is mailed to you, you could lose as much as $500 because of an unauthorized withdrawal. And, if you do not report an unauthorized transfer or withdrawal within 60 days after your statement is mailed to you, you risk unlimited loss. That means you could lose all the money in your account and the unused portion of your maximum line of credit established for overdrafts.
Some financial institutions may voluntarily cap your liability at $50 for certain types of transactions, regardless of when you report the loss or theft; because this is voluntary, their policies could change at any time. Ask your financial institution about its liability limits.
For stored-value: The FCBA and the EFTA may not cover stored-value cards or transactions involving them, so you may not be covered for loss or misuse of the card. However, stored-value cards still might be useful for micropayments and other small purchases online because they can be convenient and - in some cases - offer anonymity. Before you buy a stored-value card or other form of e-money, ask the issuer for written information about the product's features. Find out the card's dollar limit, whether it is reloadable or disposable, if there's an expiration date, and any fees to use, reload or redeem (return it for a refund) the product. At the same time, ask about your rights and responsibilities. For example, does the issuer offer any protection in the case of a lost, stolen, misused, or malfunctioning card, and who do you call if you have a question or problem with the card?
December 5th, 2003, 08:29 AM
this was part of my school assignments i thaught it might be useful so i posted it
December 5th, 2003, 12:15 PM
Nice article. I'm glad you're deciding to give to the community now, mate. Again, good job.
December 5th, 2003, 12:57 PM
Thanks. Good information on how the process works and how to protect yourself.
Here's some greenies
December 5th, 2003, 01:28 PM
Good tutorial but some additional references to your doc (to give credit for the appropriate sections):
- FTC's Tips on Protecting Personal Info
- FTC's Fair Credit Reporting Act
- FCBA Resolving Problems
I am curious about one thing: All of this is US references. Are there no laws in India that deal with e-commerce and consumer protection? (assuming that the location you indicate is where you are).
December 5th, 2003, 06:08 PM
International laws on e-commerse and security applies in India As well
December 5th, 2003, 06:51 PM
before this i myself wasn't sure of any indian laws on e-transactions . i did a little soul serching any got many interrseting things about indian laws on e-commerse. e-commerse is a new consept in india it started around about 2-3 years ago. there warent any laws till very recently. few things that i found about the laws i would like to share it u people did u know that India is one of the only 12 countries to to adopt an e-commerce law
The IT bill was introduced in Parliament in 1998. But because of government changes and other political problems, and protracted negotiations over the language of the statute, it took two years for the bill to become law. i mean only 12 countries in the world has lays on e-commerse
The Lok Sabha -- the Indian Parliament's lower house -- passed the measure in May. The Rajya Sabha -- the upper house -- quickly approved it thereafter. And President K.R. Narayanan signed it earlier in June.
While businesses applaud the government for making India one of 12 countries to adopt an e-commerce law, they fear the devil may be in the implementation details.
By Raju Chebium
CNN Interactive Correspondent
June 29, 2000
Web posted at: 6:02 p.m. EDT (2202 GMT)
WASHINGTON (CNN) -- Business groups says India's new e-commerce law, which blesses electronic signatures and e-transactions, will change the way Indians do business and advance the country's position as an emerging superpower in the global high-tech industry.
And some fear that provisions allowing the government to intercept private communications perceived as potential threats to national security may led to New Delhi abusing its power.
In addition to giving legal sanctity to digital signatures and Internet transactions, the law adopted in June also allows people to file taxes electronically and imposes prison terms and fines for hackers and other cyber criminals.
The government would appoint a controller to supervise "certifying authorities" who will oversee the law's implementation and use. Special tribunals will be established to resolve cases that arise out of the law.
The Parliament deleted a controversial provision that would have allowed the police to search cyber cafes without warrants to battle cyber crime.
u can read the whole article at
E-commerce in India has been a non-starter. What do we require to bridge the huge difference between the actual and potential revenues?
By Rahul Kumar
Have we, as a nation, failed to capitalise on the E-commerce revolution sweeping the world? Whatever the hype surrounding the E-commerce, it looks that online trade has not made much of a dent in the country both at the individual and at the level of the businesses and there exists a huge difference between the potential revenues and the actual transactions.
By any account, E-transactions have not yet gained acceptance amongst a majority of Indian Netizens. According to a study by Gartner Group, a leading global research organisation, only 2.2 per cent of Indian surfers have ever paid online, while another 3.6 per cent have ever placed orders over the Net. And whatever transactions that took place over the Web, it was related to entertainment. Movie bookings (50 per cent) followed by books, audiocassettes and CDs and application or game software dominate among all purchases made over the Net. Among metros, Delhi users recorded the highest proportion of E-transactions.
u can read the full report at
February 5th, 2004, 02:37 PM
We Must Avoid All Crackers And CC Hackers.
February 5th, 2004, 02:42 PM
really a nice post... thanks
Now is the moment, or NEVER!!!
February 23rd, 2004, 12:07 PM
A good post.....quite informative....
****** Any man who knows all the answers most likely misunderstood the questions *****