| The credit card is an evolutionary approach as they | | | | section of a site. |
| have been in use for a long time. The credit card | | | | Keep your personal information private. Don't disclose |
| protection on electronic network is improved by using | | | | your personal information - your address, telephone |
| PIN number during the transaction. The scheme is also | | | | number, Social Security number, bank account number |
| easy to implement as most users and merchants are | | | | or e-mail address - unless you know who's collecting |
| familiar with the procedures. The transaction is given | | | | the information, why they're collecting it and how they'll |
| below: | | | | use it.oGive payment information only to businesses |
| * Customer orders an item, web store and the | | | | you know and trust, and only when and where it is |
| merchant provide an invoice/bill. | | | | appropriate - like an order form. Never give your |
| * Customer offers to pay through credit card and the | | | | password to anyone online, even your Internet service |
| credit card number is passed on to the bank. The | | | | provider. Do not download files sent to you by |
| merchant does not access to the credit card number. | | | | strangers or click on hyperlinks from people you don't |
| * The bank verifies the availability often from the credit | | | | know. Opening a file could expose your system to a |
| card issuer and informs the merchant. | | | | computer virus or a program that could hijack your |
| * The merchant conforms the transaction, ships the | | | | modem. |
| goods, and informs the customer about the shipping | | | | Keep records of your online transactions and read |
| information. | | | | your e-mail. Merchants may send you important |
| The customer collects the goods and the information | | | | information about your purchases.oReview your |
| on the delivery goes to the merchant. | | | | monthly credit card and bank statements for any |
| * Merchant informs the bank to collect the money and | | | | errors or unauthorized purchases promptly and |
| provide the credit card receipt. | | | | thoroughly. Notify your credit or debit card issuer |
| * Bank collects the money from credit card issuer. | | | | immediately if your credit or debit card or checkbook is |
| * Credit card issuer bills the customer. | | | | lost or stolen, or if you suspect someone is using your |
| Benefits | | | | accounts without your permission. |
| * E-credit card is more secure than the conventional | | | | Report Problems Immediately |
| card as the credit card data of the customer is not | | | | The Fair Credit Billing Act (FCBA) and Electronic Fund |
| available to t he merchant unlike the conventional | | | | Transfer Act (EFTA) establish procedures for |
| system. | | | | resolving errors on credit and bank account |
| * The credit card payment to the merchant can be | | | | statements, respectively, including:o credit charges or |
| almost instantaneous as the merchant to the bank can | | | | electronic fund transfers that you - or anyone you've |
| provide the credit card receipts immediately. | | | | authorized to use your account - have not made.o |
| Concerns | | | | credit charges or electronic fund transfers that are |
| * Lost of credit card information on the network. | | | | incorrectly identified or show the wrong amount or |
| * Non-repudiation not available. | | | | date.o computation or similar errors.o a failure to |
| Secure Electronic Transaction (SET) Protocol:The | | | | properly reflect payments or credits, or electronic fund |
| Secure Electronic Transaction protocol defined in 1996 | | | | transfers;o not mailing or delivering credit billing |
| and which is still undergoing changes, provides a | | | | statements to your current address, as long as that |
| secure environment for use of credit card on internet. | | | | address was received by the creditor in writing at |
| The SET addresses the following requirements of | | | | least 20 days before the billing period ended; ando |
| e-commerce | | | | credit charges or electronic fund transfers for which |
| * It verifies the merchant's and gateway certificates by | | | | you request an explanation or documentation, because |
| traversing the trust chain. | | | | of a possible error. |
| * It verifies the merchant's signature by decrypting it | | | | For credit: The FCBA generally applies to "open end" |
| using the public key of the merchant. It verifies the | | | | credit accounts - that is, credit cards and revolving |
| message digest. | | | | charge accounts, like department store accounts. It |
| * It creates the order information and the payment | | | | does not apply to loans or credit sales that are paid |
| instructions and transmits it to the merchant. | | | | according to a fixed schedule until the entire amount is |
| * It includes the purchaser's signature certificate with | | | | paid back, like an automobile loan. |
| the order. | | | | Under the FCBA, your liability for lost or stolen credit |
| * It computes a duel message digest. The message | | | | cards is limited to $50. Notify your card issuer promptly |
| digests are computed independently for order | | | | upon discovering the loss. Many companies have |
| information and the payment instructions. These | | | | toll-free numbers and 24-hour service to deal with |
| message digests are concatenated and a new | | | | such emergencies. Follow up with a letter. Write to the |
| message digest is computed. The new message | | | | creditor at the address given for "billing inquiries," not |
| digest and the order information and the payment | | | | the address for sending your payments, and include |
| instructions are encrypted with the private key of the | | | | your name, address, account number and a description |
| purchaser. | | | | of the billing error. Send your letter so that it reaches |
| * It generates a random symmetric encryption key. | | | | the creditor within 60 days after the first bill containing |
| * It encrypts the duel signed payment instructions with | | | | the error was mailed to you. And if you send your |
| random symmetric encryption key. | | | | letter by certified mail, return receipt requested, you'll |
| * The symmetric random encryption key and the | | | | have proof that the creditor received it. Include copies |
| credit card number are encrypted together using the | | | | (not originals) of sales slips or other documents that |
| gateway's key. This will ensure that the payment | | | | support your position. Keep a copy of your dispute |
| gateway alone can decrypt the payment information. | | | | letter. |
| * The merchant server program verifies the | | | | The creditor must acknowledge your dispute in writing |
| cardholder's certificate, message digest. | | | | within 30 days after it is received, unless the problem is |
| * The merchant server forwards the payment | | | | resolved within that period. The creditor must conduct |
| instructions to payment gateway for authorization. | | | | an investigation and either correct the mistake or |
| * Generates the conformation of the purchase order | | | | explain why the bill is believed to be correct, within two |
| enclosed merchant certificate, generates message | | | | billing cycles (but not more than 90 days), unless the |
| digest, and encrypts with merchant's private key and al | | | | creditor provides a permanent credit instead. You may |
| this is sent to the purchaser | | | | withhold payment of the amount in dispute and any |
| Future of Electronic Commerce (Some Concerns) | | | | related finance charges and the creditor may not take |
| Electronic Commerce is expected to evolve into some | | | | any action to collect that amount during the dispute. |
| shape with in the next two years and the response | | | | For debit: The EFTA applies to electronic fund |
| from the society will be known over the next five | | | | transfers - transactions involving automated teller |
| years. The uncertainty in its evolution is because of a | | | | machines (ATMs), debit cards and other point-of-sale |
| number of questions that come to our mind. Probably | | | | debit transactions, and other electronic banking |
| we may neither be able to answer the questions nor | | | | transactions that can result in the withdrawal of cash |
| influence the system. So we have to wait and see | | | | from your bank account. |
| how the e-commerce emerges. The concerns are put | | | | Under the EFTA, if there is a mistake or unauthorized |
| in the form of questions in brief and are as follows: | | | | withdrawal from your bank account through the use of |
| * Would some banks issue e-cash for all the countries | | | | a debit card, or other electronic fund transfers, you |
| currencies | | | | must notify your financial institution of the problem or |
| * The creation of money by a number of originations | | | | error not later than 60 days after the statement |
| outside the purview of the governments is envisaged. | | | | containing the problem or error was sent. Although |
| Does it create a parallel economy and be treat to the | | | | most financial institutions have a toll-free number to |
| controlled economy. | | | | report the problem, you should follow up in writing. For |
| * How do we protect the common people when such | | | | retail purchases, your financial institution has up to 10 |
| banks collapse? Whose responsibility is the protection? | | | | business days to investigate after receiving your notice |
| * Can we trade freely with national restrictions? | | | | of the error. The financial institution must tell you the |
| Restrictions are in terms of materials that can be | | | | results of its investigation within three business days of |
| imported and exported and the foreign exchange | | | | completing its investigation. The error must be |
| availability. | | | | corrected within one business day after determining |
| * Can money be siphoned out of the countries through | | | | the error has occurred. If the institution needs more |
| this unrestricted e-commerce? | | | | time, it may take up to 90 days to complete the |
| * Would the trade balance shift heavily in favor of | | | | investigation - but only if it returns the money in dispute |
| industrialized countries? | | | | to your account within 10 business days after receiving |
| * Can governments collect taxes with any certainty | | | | notice of the error, while it reviews your concerns. |
| the ease of e-commerce transactions? | | | | If someone uses your debit card, or makes other |
| * How do we resolve the dichotomy between | | | | electronic fund transfers, without your permission, you |
| security, anonymity? | | | | can lose from $50 to $500 or more, depending on |
| * Do majority of people have the basic expertise to | | | | when you report the loss or theft. If you report the loss |
| understand and handle e-commerce transactions? | | | | within two business days after you discover the |
| * Are there not too many players in every transaction | | | | problem, you will not be responsible for more than $50 |
| * Who will decide the future scenario? | | | | for unauthorized use. However, if you do not report |
| * Do we have the laws in place to handle the | | | | the loss within two business days after you realize the |
| e-commerce based disputes? | | | | card is missing, but you do report its loss within 60 |
| Some Tips for saving yourself from "e-fraud" | | | | days after your statement is mailed to you, you could |
| The FTC encourages you to make sure your | | | | lose as much as $500 because of an unauthorized |
| transactions are secure and your personal information | | | | withdrawal. And, if you do not report an unauthorized |
| is protected. Although you can't control fraud or | | | | transfer or withdrawal within 60 days after your |
| deception on the Internet, you can take steps to | | | | statement is mailed to you, you risk unlimited loss. That |
| recognize it, avoid it and report it. | | | | means you could lose all the money in your account |
| Here's how Use a secure browser - software that | | | | and the unused portion of your maximum line of credit |
| encrypts or scrambles the purchase information you | | | | established for overdrafts.Some financial institutions |
| send over the Internet - to guard the security of your | | | | may voluntarily cap your liability at $50 for certain |
| online transactions. Be sure your browser has the | | | | types of transactions, regardless of when you report |
| most up-to-date encryption capabilities by using the | | | | the loss or theft; because this is voluntary, their policies |
| latest version available from the manufacturer. You | | | | could change at any time. Ask your financial institution |
| also can download some browsers for free over the | | | | about its liability limits. |
| Internet. When submitting your purchase information, | | | | For stored-value: The FCBA and the EFTA may not |
| look for the "lock" icon on the browser's status bar to | | | | cover stored-value cards or transactions involving |
| be sure your information is secure during transmission.o | | | | them, so you may not be covered for loss or misuse |
| Before you provide any personal financial information | | | | of the card. However, stored-value cards still might be |
| to a website, check the site's privacy policy. In | | | | useful for micropayments and other small purchases |
| particular, determine how the information will be used | | | | online because they can be convenient and - in some |
| or shared with others and what security features are | | | | cases - offer anonymity. Before you buy a |
| in place so the information cannot be obtained | | | | stored-value card or other form of e-money, ask the |
| fraudulently. If you're not comfortable with the policy, | | | | issuer for written information about the product's |
| consider doing business elsewhere.o Read and | | | | features. Find out the card's dollar limit, whether it is |
| understand the privacy, refund and shipping policies of | | | | reloadable or disposable, if there's an expiration date, |
| the websites you visit, before you make your | | | | and any fees to use, reload or redeem (return it for a |
| purchase. Look closely at the disclosures about a | | | | refund) the product. At the same time, ask about your |
| website's security, its refund and shipping policies and | | | | rights and responsibilities. For example, does the issuer |
| its privacy policy on collecting and using your personal | | | | offer any protection in the case of a lost, stolen, |
| information. Some websites' disclosures are easier to | | | | misused, or malfunctioning card, and who do you call if |
| find than others - look at the bottom of the home | | | | you have a question or problem with the card? |
| page, on order forms or in the "About" or "FAQs" | | | | |