Electronic Payment Systems : under the watchful eye of the consumer
Publié le 10/05/2001 par Cristina Coteanu
Confidence in B2C e-commerce is closely linked to an inexpensive and secure payment system. In this sense, digital cash solutions will have an obvious impact on the commercial dimension of the electronic market. Due to the large areas it covers, digital cash seems to be an attractive option for both consumers and e-tailers. We will…
Confidence in B2C e-commerce is closely linked to an inexpensive and secure payment system. In this sense, digital cash solutions will have an obvious impact on the commercial dimension of the electronic market. Due to the large areas it covers, digital cash seems to be an attractive option for both consumers and e-tailers. We will examine two types of the emerging digital cash systems: smart cards and digital coins.
Smart cards
Smart cards contain a microprocessor chip, which is embedded into bankcards to make smart cards. The capacity of chips to store information will provide the smart card with multiple functions. These range from electronic wallets to transport tickets or access cards. For instance, Bus Eireann, in Ireland, has developed the « Dash » project where they have created a smart card which has four multi-functions : a- transport ticket , payment for small purchases in shops, telephone cards and a car parking pass. These smart cards can be programmed to function as an « electronic purse ». The programming for an authorised transaction is made by an electronic terminal, giving the consumer the possibility to process data and to control registered data. The functioning of smart cards in electronic transactions is based on the principle of connecting the consumer to a central database via two encryption keys, one of which is detained by the consumer card holder, with the other linked to the bank’s computer.
Mondex, Proton and VisaCash are some of examples of micro-payment systems which allow consumers to download electronic money from a personal computer via online banking. Mondex, Proton or VisaCash have a variety of functions which can be used in the payment of goods and services starting with the financial transfer between consumer and e-tailer and include customer loyalty schemes.
The benefits of smart cards for the consumer are security, as unauthorised access is prevented by a lock function; convenience, as it is an easy method of payment; flexibility, as smart cards can be used for all kind of purchases although certain limits are set within each country; control on spending within the limits of an existing amount on the card; and international use the possibility to allow cardholders to use the card when travelling or transferring money abroad. Finally, in comparison with a credit card, a smart card allows consumers an interest free loan.
With regard to e-tailers, the smart cards present certain advantages such as efficiency, as smart cards negate the need for customer identification; adaptability, as the smart cards are suitable for the e-tailers of all sizes. For instance, in order to use the Mondex cards, e-tailers will need a Mondex compatible terminal, either integrated with existing equipment or an inexpensive stand alone version. The pocket sized Mondex ‘wallet’ can itself be used as a hand held point-of-sale terminal, suitable for use in a taxi or on a market stall. Further advantages of smart cards include the capacity to solve compatibility problems, which means that e-tailers can use a single electronic terminal for all types of cards. In addition, there are lower costs as the use of smart cards does not involve a large investment for e-tailers, apart from staff training and the purchase of an electronic terminal.
At the European level, there are a certain number of initiatives aimed at promoting smart cards as a mechanism for enhancing consumers’ confidence in the use of e-commerce. For example, the « e-Action Plan-Secure Network and Smarts Cards » prefigure the new strategy of the EU in the field of electronic commerce. This strategy will be oriented towards the promotion of privacy enhancing technologies and proper codes of conduct. It will also include the promotion and the development of open source software, security platforms for effective « plug and play », as well as a common core of specifications for using smart cards and for ensuring their security.
Digital coins
In the absence of appropriate equipment for smart card on the consumer’s computers, digital coins can be an appropriate method of payment for electronic transactions. The digital coin is based on the following principal: the bank provides consumers with the serial number of a coin encrypted with the bank’s private key. If the consumer wants to spend the coin, the bank checks the serial number on the list of spent coins and, if the coin has not already been spent, the bank either credits the e-tailer’s bank account or provides the e-tailer with a new coin. There are also other opinions considering that digital coins do not imply lower costs and that a new form of « script » needs to be arranged for micro- transactions. There are two main concerns for using digital coins: anonymity of the consumer and online verification.
With respect to anonymity, it is clear that each transaction using a digital coin allows the processing of personal data. However, anonymity could be preserved by blinded coins, which protects the details of the payer but not that of the payee.
The second concern of the consumer is related to online verification. In e-transaction between e-tailers and consumers, the e-tailer should verify if the coin offered to him has not previously been spent. It is possible to check the coin’s digital signature via the public key corresponding to the coin. However, this verification seems to entail delay and expense. Obviously, the use of digital cash would enable the growth of e-commerce only if banks implementing this electronic system could ensure consumer privacy protection.
The existing regulatory framework for electronic payment
A reliable legal framework for these new payment systems will constitute an important factor in the development of e-commerce. While there is not yet specific EU legislation to regulate electronic payment, there are some Directives which contain provisions regarding these payment systems.
The Distance Selling Directive provides that consumers be allowed to pay by card. In this way, Member States shall ensure that appropriate measures exist to allow a consumer to request cancellation of a payment where fraudulent use has been made of his payment card and, in the event of fraudulent use, to be re-credited with the amount paid.
The secure use of payment instruments constitutes a supplementary concern for the consumer when they purchase over the Internet. The Commission Recommendation 97/489/EC of 30 July 1997 concerning transactions by electronic payment instruments and, in particular, the relationship between issuer and holder responds to a number of major issues related to the contractual relationship between the issuer and the holder of the payment instrument. The EC Recommendation establishes obligations on information concerning the terms and conditions of payments and the use of electronic payment instruments, as well as on the liabilities of parties involved in a contractual relationship. With respect to the loss or theft of electronic payment instruments, the consumer’s liability should be limited. The “price » of his/her liability should not exceed 150 Euro, except where s/he has acted with extreme negligence or has acted fraudulently. After notification, the consumer should no longer be liable for any loss except where s/he has acted fraudulently. It is also recommended that where payment has taken place without the physical presentation or electronic identification of the instrument itself, the consumer should not be liable for any loss.
With respect to the standardisation of payment card systems in order to guarantee access for all electronic cardholders, it would be useful to consider the Commission Recommendation 87/598/EEC of 8 December 1987 on a European Code of Conduct relating to electronic payments. The aim of this Code is to promote security and ease of use for consumers and to enhance greater security and efficiency for both traders and issuers. The Recommendation set out a series of general principles relating to the contract between issuers (banks) and traders or consumers. These principles concern the respect of privacy of information given by consumers and the right of fair access to the system for traders, irrespective of their size. Obligations related to the relations between issuers and traders include a ban on any exclusive trading clause which requires the trader to operate only one system as well as an obligation on cardholders to take all reasonable measures in order to make a secure payment.
In addition, the terms of the Commission Recommendation 88/590/EEC of 17 November 1988 concerning payment systems and, in particular, the relationship between cardholder and card-issuer are relevant for consumer protection. Its aim is to provide consumers with adequate information concerning the terms of the contract, particularly with regard to fees. The Recommendation stipulates the rights and contractual obligations of consumers and specifies that consumers would be better protected if contracts were made in writing. In this sense, indications should be made on the period of time within which operations will normally be credited, debited or invoiced. Regarding the treatment of contracts, important indications are stipulated regarding the fact that operations authorised by issuing bodies must be recorded in order to allow the possibility of correcting errors.
Conclusions
As a by-product of its « cyberspace » status, electronic commerce is global, encompassing a whole range of B2C relationships which need to be approached with solutions provided at a local level while remaining viable when applied to global issues. Today, the European Union seems to be endowed with a reliable legal framework for consumer protection. A question which remains, however, is enforcement of this protection. This is probably a matter of time and awareness from both parties in the B2C relationship. Business should realise that enhancing trust in the minds of consumers is more than a question of technology, it is a question of best practice. Best practice starts with the online service of high street banks as well as with the existence of a secure, user-friendly and cost-effective payment system. It also includes the respect of privacy and the use of smart cards as well as enhancing privacy technologies and fair information practice. In sum, only by offering this guarantee of privacy and security will the consumer be assured that, in cyberspace, his/her interests will be protected in the same manner as in a traditional commercial environment.