Whatever happened to smart cards and electronic cash? Malcolm Hutchinson finds they are just part of the dizzying decision companies face when choosing an electronic payment system for their online commerce plans.
So you want to set up an online store. You have your ISP sorted out, your web design down pat, and now you need a way for your customers to pay for the goods they buy from you.
It’s certainly an appealing plan. According to International Data (IDC) New Zealand analyst Mark Cribbens, $1.15 billion was spent in New Zealand in 2000 on B2B e-commerce, while $583.7 million changed hands in business to consumer e-commerce; a total of $1.73 billion. IDC forecasts this to rise in 2004 to a staggering $20.9 billion.
Choosing a system
As with any aspect of the IT industry, there is a bewildering array of choices presented to the online merchant and a raft of issues to be dealt with before setting up shop — and a key issue is how to choose your payment system
Convenience, simplicity and flexibility are the key attributes when choosing a payment system. Keep in mind that as your business grows, so should your electronic systems. There may be changes in business processes down the track, which are impossible to predict now, but you don’t want to be locked into old methods by inflexible software solutions.
Taranaki-based web hosting service Webfarm partners with UK company WorldPay. Shearer says the WorldPay service offers flexibility in payment methods, and a number of options for the merchant to choose from.
“We can do full authorised transactions in real-time, or pre-authorised so that the merchant can accept or decline the transaction as they wish,” says Webfarm general manager Richard Shearer. WorldPay can handle repeat billing with an option that allows for an initial payment and repeat payments to be taken automatically weekly or monthly, for example.
The most common method of payment for online transactions is still the credit card. The benefit to a merchant in this, of course, is the ability to accept payments from anywhere in the world. Couple this with an online currency translator and you can offer your American customers pricing in US dollars, for example, while Kiwi customers see only New Zealand prices.
Debit card transaction systems for the internet are still very new. New Zealand leads the world in the uptake of Eftpos, but this is increasing in Australia and the US, and we can expect growth in the number of systems available and the popularity of this means of payment.
The best online debit card transactions simply mimic an Eftpos transaction. There are issues with encryption key technology to be resolved before this method can really move ahead, however. Eftpos terminals currently carry a shared secret key, and the terminal itself has anti-tampering devices set into it. It is difficult to ensure the encryption key has not been copied or tampered with when the system is based on a server.
Security is often quoted as the key concern of electronic payment operators. From a technical standpoint, most security issues have now been covered — 128-bit encryption and SSL technology are now included standard with major web browsers, so the merchant and the customer can rest slightly more assured that private transaction details will not be intercepted in transit.
“Customers these days seem to take security as read,” says Richard Duffy, a Sydney-based solutions consultant with Microsoft-owned accounting software firm Great Plains. “But merchants should be asking the right questions of their providers. What are they doing to lock-down customer information, for instance.” Keeping a database of customer details can be dangerous, especially if your customer records are stored on an insecure server, vulnerable to hacking.
It is much safer, although slightly less convenient for the customer, for the merchant to require credit card details for each transaction. Ideally, the customer’s credit card details should be known only to the customer and the payment supplier; there is no need for the merchant to store this information. The only real justification a merchant has for keeping details from one transaction to the next is the case of repetitive billing. Power companies are an example of this, where each month the customer’s account is billed for a varying amount.
Merchants also have to protect themselves from fraud. Unlike “real world” transactions, where the customer shows up in the store and signs the receipt in front of a staff member, thus verifying to some extent their identity, electronic transactions are “card-not-present”. Because the only indication of a customer’s identity is the fact that they present their credit card details, the merchant is required by the credit card company to carry a heavier risk. If a customer presents a fraudulent card — details they have stolen or bought from a number generation service on the web — it is the merchant who has to carry the cost, not the real cardholder or the bank.
This is complicated by the fact that authorisation for payment is instantaneous. The merchant often cannot check the buyer’s credentials before sending out the goods. So risk management strategies become important.
WestpacTrust Bank spokesperson Peter Thornbury says New Zealand merchants selling overseas have often been too trusting and have been burned particularly by foreign fraudsters.
“You should build a set of guidelines,” says Thornbury. “Are you [only] going to accept transactions from certain countries, for instance? If what you are selling is commonly available in foreign markets, you have to ask why someone over there would be buying from you instead of sourcing the product locally.”
There is now a well-established industry involvement with electronic payment systems. Unless you are a large corporate organisation with your own IT expertise, it makes more sense to outsource your e-payment and e-procurement to a supplier who has a proven track record in the development and delivery of such systems.
Great Plains’ Duffy stresses the need to establish a trusted relationship with your suppliers. “Whatever you do, the key to success is to go with somebody with demonstrable capability,” he says. “Go with someone who has done it before.” He says Great Plains only partners with best-of-breed operators. By going with your existing partners you may have access to greater bargaining power based on your value as a customer to your supplier.
He says Great Plains’ inventory, billing, procurement and stock control systems plug into many existing back-end integrated payment services and the banks’ systems.
Companies don’t have to go to a technology developer for an e-payments solution, although there are a number of well-regarded packaged options on the market. According to Duffy, we are starting to see banks and other financial institutions recognise potential for new revenue streams in online transactions. Many banks already offer e-payment options to their business customers, taking care of security and technology issues for the merchant.
The Bank of New Zealand has been offering such a service since 1997. Buy-Line is an online credit card authorisation and payment processing system that allows customers to buy in New Zealand or worldwide by phone, fax, mail or web.
“One of the biggest benefits to the merchant is automation,” says Russell Briant, electronic payments product manager for BNZ. “Because the response is in data, it can trigger upstream activities, like packaging, ordering a courier, updating stock control systems.” According to Briant, Buy-Line is unique among electronic services offered by banks in New Zealand in offering a multi-currency payment capability.
Thornbury of WestpacTrust says offering bundled banking services to merchants is a new approach in response to customers wanting simplicity and a single point of contact. Bundles typically include an eftpos terminal, credit and debit card processing, bank accounts and consolidated billing.
“The next step is to start offering bundles to internet retailers,” says Thornbury. If you’re selling within New Zealand, there is no reason why you can’t have billing by registration, where the customer supplies contact details and the merchant sends a bill to the given address. This is a low-tech or no-tech solution, which can be just as effective for small businesses as the latest Unix-based mainframe system.
There are non-technology considerations in online business as well. Your customers have to be able to trust the services you offer. Providing clear policy directions is one way of achieving this.
“Just as important is for the merchant to have defined terms and conditions, returns, refunds and privacy statements,” says Shearer. “There is really no excuse for merchants not to have these things in place as you can build such statements online for free.”