It seems natural that online commerce would be done with credit cards. No physical paper needs to be passed unlike cash or checks. We simply type our credit card number into the merchant's World Wide Web (WWW) page payment form and wait for our purchase to be shipped to us. The only thing that needs to pass between the merchant and the buyer is the credit card number. The problem is, it's not that simple.
People have some legitimate fears about giving their credit card number out over the Internet. It is an open network without any basic security provisions built in. Unless a secure server is involved, one that uses SSL or S-HTTP for transporting data, data passes between the browser and the server unencrypted. Because of these fears, methods are being developed to make purchasing products online more secure.
The first attempt at making online credit card transactions secure was to take the transaction off-line. Many sites will allow you to call in your credit card number to a customer support person. This solves the problem of passing the credit card number over the Internet, but eliminates the merchant's ability to automate the purchasing process. An employee needs to be available 24 hours a day to take phone calls from buyers. Also, many potential customers that visit the net only have one phone line. This means they need to log off the Internet in order to actually make a purchase.
The next method that was developed, which is currently used by many sites, is hosting the WWW site on a secure server. A secure server is one that uses a protocol such as SSL or S-HTTP to transmit data between the browser and the server. These protocols encrypt the data being transmitted, so when you submit your credit card number through their WWW form it travels to the server encrypted. This method does help ease people's fear, but it still does not go far enough for many people to feel comfortable using their credit card online.
It was apparent that for online commerce to flourish a truly secure means of making payment needed to be developed. This report describes three systems for secure credit card transactions online which should meet this need. Two of these fully operational, First Virtual's and CyberCash's payment systems, and one, the SET protocol, is currently being developed by MasterCard and Visa. I examine how credit card transactions are handled by each system, and discuss their advantages and disadvantages from both a buyer's and a merchant's viewpoint.
