Anatomy of an Online Credit-Card Transaction

Anatomy of an Online Credit-Card Transaction
To accept credit-card payments online, a merchant must have a merchant account with a
bank. Traditional merchant accounts accept only POS (point-of-sale) transactions—those
that occur when a customer presents a credit card at a store. With the growth in e-commerce,
specialized Internet merchant accounts have been established to handle online credit-
card transactions. These include card-not-present (CNP) transactions. For example,
when a customer submits credit card information to a merchant to purchase something on
the Web, the merchant does not see the actual card in the purchase, but only the card numbers
and expiration dates provided. [***<www.online-commerce.com/
tutorial2.html>***]
When making a purchase online using a credit card (Fig. 5.1), the buyer will be
required to submit a credit-card number, expiration date and shipping and billing information.
This information is sent securely over the Internet to the merchant (Step 1 in the diagram).
Issues of authentication (people are, in fact, who they say they are), authorization
(the money is available to complete the transaction), Secure Socket Layer (SSL) and SET
technologies are discussed in Chapter 6, Internet Security. The merchant then submits the
Wirelesshtp1_05.fm Page 89 Monday, June 11, 2001 9:50 AM
90 Wireless Payment Options Chapter 5
credit-card information to the acquiring bank (i.e. the bank with which the merchant holds
an account) (Step 2). From there, the buyer’s account information is verified. This involves
the issuing bank (i.e. the bank from which the buyer obtained the credit card) and the creditcard
association (Step 3). Verification is received by the acquiring bank and is passed on to
the merchant (Step 4), who then ships the product (Step 5). Payment cannot be issued to the
merchant until the product has been shipped.