You can't do business on the Internet if you can't pay your bills or get paid. Here's how.
Andrew Singleton
Traditional forms of payment--barter, currency, and signed checks and vouchers--simply don't work in cyberspace. Making payment possible across the Internet--and the WWW (World Wide Web) in particular--is the goal of a new breed of electronic payment systems that are just now coming into use.
This article examines six of these commercial Internet payment systems and describes their strengths and weaknesses. Each is quite different from the others, and each is appropriate for certain types of applications but ill-suited for others.
Debit and Credit
All systems for making payments--digital or otherwise--fall into one of two different classes: debit and credit. In a debit system,
you gather your money up front and then spend it. In a credit system, you spend the money first and pay the bill later. Payment systems based on gold, paper currency, traveler's checks, and instant-debit ATM (automatic teller machine) cards are debit systems. Checks, charge accounts, and credit cards are credit systems.
Just as cash and credit coexist in today's business climate, both exist in the digital world as well.
Digital cash
is the digital equivalent of a cashier's check or a bearer bond (i.e., a token or note issued and signed by a bank or other institution with its name, a random and unique identifying note number, and the amount of money represented). Users can buy these notes from a bank (which makes this a debit system) and then redeem them later for real cash. Although users can make digital copies of such notes, a bank redeems each note number only once.
Digital credit
is similar to the credit systems used in the business world. The main difference lies in the i
ncorporation of digital time stamps and signatures that build auditability and accountability into the system and replace the paper trail that's no longer there.
With such a system, the payer creates a voucher record that contains a description of the transaction, the names of the payer and the recipient, the date and time of the transaction, and the amount to be paid. The payer signs this voucher with his or her private key. Using a public key, the recipient of a voucher can read the record and verify that it was signed and obliged by the possessor of that private key. The recipient can then submit the voucher to a clearing system and have legal grounds for collecting payment.
An Infrastructure in Place
The infrastructure for electronic-payment systems already exists: the major credit-card processors (e.g., American Express, MasterCard, Visa, and Discover), ATM networks, and the ACH (Automated Clearing House). Credit-card business involves a three-part processing system
. Banks provide credit and billing to the customers. Third-party processors provide verification and collection mechanisms for merchants who accept credit cards. And international networks, such as Visa, connect the processors with the banks for collection. This system is complex, but it's already in place and extends nearly everywhere. Charges to merchants typically run 2 percent to 3 percent of the total transactions made, plus 20 cents per transaction.
Several credit-card processors intend to offer their services to merchants on the Internet. The credit-card system is truly international, able to accommodate transactions in a wide variety of currencies and reconcile them in the banking system. This gives it a big advantage on the Internet.
The ACH is a U.S. interbank mechanism in which local banks submit payments to a database and the Federal Reserve transfers the money overnight. This is the manner in which direct-deposit payroll works. ACH transactions are inexpensive (less than 15 cents ea
ch) and can be generated by a computer. They will become popular for clearing on-line payments, although ACH works only between U.S. bank accounts.
Debit-card networks allow an ATM to instantaneously deduct money from your account and transfer it to another bank as payment. The banks pay 50 cents per transaction for this. Banks require both a physical card and a password (known as a PIN) before issuing payment. When the obvious existing security issues are resolved, these same networks will have the ability to issue on-line payments.
Nothing prevents private citizens and corporations from maintaining accounts for their customers and issuing payments from those accounts. Most on-line services pay their content providers in this way, and it may evolve into a significant banking role as these institutions offer payment servers for their accounts.
The Mechanics of Payment Systems
An on-line payment transaction generally involves three parties. The customer pays, the m
erchant receives the payment, and a bank does the accounting, making sure that money from the customer ends up in the merchant's account. In a peer-to-peer system, users can act as both customers and merchants. For the purposes of this discussion, a payment service can act like a bank even if it's not legally considered to be one.
The customer runs
client software
. This might be a WWW browser, such as Mosaic; an encrypting browser, such as Netscape or Mosaic with S-HTTP (Secure Hypertext Transport Protocol); or a dedicated payment client.
The merchant runs
merchant software
on its server to request and process payments. In many cases, the merchant software is integrated with a WWW server. A
payment server
is the bank's POP (point of presence) on the network. To execute a real-time transaction, the merchant generally forwards information to the payment server, which authorizes the payment and credits the merchant's account.
Security and Privacy
Security issues are critically important in any digital-payment mechanism. The most common way to authenticate a user is to ask for a password. Because it's easy to read messages as they traverse the Internet, most commercial services encrypt passwords before sending them, using the new generation of WWW browsers. These include Netscape (which uses SSL [Secure Sockets Layer] encrypted protocol) and Mosaic derivatives (which use S-HTTP).
Unfortunately, even encrypted passwords aren't secure if they are used more than once. Ultimately users may be forced to rely on the use of
hardware tokens
--typically, credit-card-size devices that can generate unique one-time passwords or securely maintain encryption keys.
To ensure security, financial messages--whether they're payments, credit-card numbers, or digital signatures--must remain confidential and be impossible to alter without detection. Most systems currently in use maintain some kind of paper trail that can be used to check and aud
it transactions; equivalent capabilities must be a part of any viable on-line payment system. Current cryptographic mechanisms can provide these features.
Privacy is a related but more controversial issue. In this age of mammoth databanks, many people think that it's time to draw the line. Some believe that digital financial transactions should be, in principle, just as anonymous as cash transactions and that it's nobody's business--certainly not the merchant's, the bank's, or the government's--where people spend their money. This goal can be achieved with existing digital cryptographic technologies, but only some electronic-payment systems currently make use of them.
The Internet's First Payment Systems
BYTE recently surveyed six different commercial systems from Cybercash, Digicash, First Data/Netscape, First Virtual, Open Market, and Wave Systems. This list does not include what may well become the two biggest guns on the payment-services battlefield--the joint ventur
es announced by Visa/Microsoft and MasterCard/Netscape. Neither is due to be available until late this year, and neither is well defined at present. But the six services examined here are close enough to real-world deployment that a realistic evaluation of their implementations and prospects is possible. The fundamental features of each system and details on how it works are summarized in "Digital-Cash Systems Compared".
Cybercash
Cybercash proclaims that "the bank is our customer" and anticipates that all its transactions will be passed directly to a real bank. Thus, customers will talk to the bank, not to Cybercash, for customer service. As this article was being written, Cybercash had scheduled a pilot project with Wells Fargo Bank for March, with service available to the public in May.
Cybercash software should work well as a bank interface by providing a portable ATM for home banking. The debit version could prove to be an excellent mechanism for funds transfer, bil
l paying, and peer-to-peer payments. But the initial credit-card version is less appealing. The customer must enter a credit-card slip for each transaction, and there's no mechanism for subscriptions. With Cybercash, as with credit cards, merchants are liable for fraudulent transactions. BYTE rates Cybercash as fair to good for one-time catalog sales, but only fair for information sales.
Digicash Ensures Privacy
Digicash is the most radical--and possibly the most significant--player in the payment-services game. Founder David Chaum has invented and patented a form of digital cash, called
E-cash
, that offers privacy for the buyer. Says Chaum, "When all payments are recorded electronically, the notion that an electronic payment system doesn't have to invade your privacy will be very important, almost a human right."
The E-cash software is convenient and fun to use. As a peer-to-peer payment mechanism that allows individuals to exchange payment with anyone anywhere
on the globe, without paying high fees or giving up privacy, E-cash empowers the individual. It sounds great, and BYTE believes it could work.
Because no banks have yet signed on to the E-cash system, it's difficult to evaluate its suitability. Close attention will certainly be paid to its progress. The software is currently being tested with play-money cyberbucks.
First Data/Netscape: Business as Usual
First Data, the biggest U.S. credit-card processor, and Netscape Communications, one of the hottest commercial vendors of WWW software, have teamed up to offer credit-card authorization. The mechanism is actually a minimum modification to the phone-based credit-card payment systems now in use. Instead of calling in a credit-card number to a merchant, a customer types the number onto an HTML (Hypertext Markup Language) form, and the client takes advantage of Netscape's built-in encryption to send it to the merchant server. The product is currently in use at Marketplace MC
I. Both the Netscape server and the First Data processing service are first class, but the union of these two organizations does not add much value.
Also, the product's requirement of a dedicated phone line adds significant expense. Merchants with encrypting Netscape or S-HTTP WWW servers can install inexpensive card-authorization software, such as IC-Verify, for less than $500 and work with the credit-card processor of their choice. Moreover, users already send their card numbers to merchants. And, while simple, this product's mechanism inherits all the security flaws of the current credit-card payment system. It's clearly an interim product, and thus BYTE rates its suitability as only fair.
Merchants and customers should instead look forward to Netscape's venture with MasterCard, in which MasterCard will place a payment server on the Internet. This will eliminate the merchant's need for a dedicated phone line. Also, a payment server on the Internet will increase security for customers, since s
igned credit-card slips will go directly to the payment server for authorization without revealing customer information to the merchant.
First Virtual: Try Before You Buy
First Virtual is a unique credit-card processor because of its try-before-you-buy approach. The system, already in operation, is designed primarily for vendors selling information and other "soft" goods. The
Virtual
in the name refers to a unique company organization: The principals all work in different states, and the phone-response and Internet-server maintenance are contracted out to companies in yet other states. Company principals claim that the virtual organization and its simple, voluntary payment system are well suited to the decentralized culture of the Internet.
The First Virtual service is a simple way for a merchant to process credit-card transactions. It requires no special WWW browser, infrastructure, or merchant processing account. And the merchant start-up fee is only $10.
Unfortunately, the system, with all its passwords and insistent E-mail, is also somewhat inconvenient for the customer to use. The payment schedule is uncertain, the sign-up mechanism is automated and clunky, and the "virtual" concept doesn't seem to support a real service organization. For suitability to WWW information sales, BYTE rates First Virtual as fair.
Open Market: Full Service on the Web
Open Market is a start-up company dedicated to building Internet stores and the payment services to support them. Its system is entirely WWW based and exploits the HTTP standard to its fullest. The system is currently in operation for internal use by the Open Marketplace WWW servers.
Unlike some other providers examined here, Open Market views itself as a service company that's willing to handle customer accounting and billing as well as development. Open Market's is the only payment server to provide customer service, subscription accounting, charge aggregation, scalable se
curity, and business-to-business accounting.
The implementation is clever and convenient, with the downside being that the customer must interact with the payment server on every transaction. BYTE rates this product's suitability as good.
Wave Systems: Like a Vending Machine
Wave Systems' Wave Meter, now in beta testing, represents a totally different, hardware-based approach to digital cash. It includes a chip that you install in your computer. You download money to the chip, which then meters it out as you spend it.
Wave Systems, a five-year-old public company, was founded by Peter Sprague, chairman of chip maker National Semiconductor. According to Sprague, "we follow the vending-machine model." The Wave Meter can be used to sell information, software licenses, or software time.
The Wave Meter is also good for metering and unlocking information that arrives on encrypted one-way media, such as CD-ROM and satellite or FM broadcast. But the complex Wave Met
er system is not competitive with central payment servers, and therefore BYTE rates its prospects and usefulness as poor.
Winners and Losers
These six systems take a wide variety of approaches. As mentioned earlier, each has applications where it's especially well suited, but each also has its limitations and may not work so well for other purposes.
Furthermore, these digital-cash systems are quite literally in their infancy. None has enough of a track record to guarantee its future. And we have yet to see what some of the important players, including the major credit-card organizations, plan to do. Finally, the evolving nature of commerce on the Internet also means that a system that works now may become impractical next year.
These are all serious obstacles that digital-cash systems must overcome. But we can be certain that good solutions will indeed appear. After all, the cyberspace community needs to get on with business.
WHERE TO FIND
Cybercash
Reston, VA
(703) 620-4200
fax: (703) 620-4215
E-mail:
info@cybercash.com
http://www.cybercash.com/
Digicash bv
Amsterdam,
The Netherlands
+31 20 665 2611
fax: +31 20 668 5486
E-mail:
info@digicash.nl
http://www.digicash.nl/
Digicash, Inc.
Palo Alto, CA
(415) 321-0300
fax: (415) 321-0322
First Data/Netscape
(800) 638-7483
fax: (415) 528-4140
E-mail:
sales@mcom.com
http://www.mcom.com/
First Virtual
(800) 570-0003
fax: (619) 282-6567
E-mail:
info@fv.com
http://www.fv.com/
Open Market, Inc.
Cambridge, MA
(617) 621-9500
fax: (617) 621-1703
E-mail: webmaster@
openmarket.com
http://www.openmarket.com/
Wave Systems
New York, NY
(212) 755-328
2
fax: (212) 755-3436
Andrew Singleton is president of Money.Com (Cambridge, MA), a provider of financial information services on the Internet. You can reach him on the Internet at
andy@payment.com
or on BIX c/o "editors."
Cash on the Wirehead
