e commerce transactions and shopping cart l.
Skip this Video
Loading SlideShow in 5 Seconds..
E- Commerce transactions And Shopping Cart PowerPoint Presentation
Download Presentation
E- Commerce transactions And Shopping Cart

Loading in 2 Seconds...

play fullscreen
1 / 19

E- Commerce transactions And Shopping Cart - PowerPoint PPT Presentation

  • Updated on

E- Commerce transactions And Shopping Cart ERDEM OZDEN INBS 510 ANNA STORY APRIL 16, 2002 Online Credit Card Fraud Stats Global online purchases will reach $310 billion in 2005. Online credit card fraud will cost $9 billion in 2001.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

E- Commerce transactions And Shopping Cart

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
e commerce transactions and shopping cart

E- Commerce transactions And Shopping Cart



APRIL 16, 2002

online credit card fraud stats
Online Credit Card Fraud Stats
  • Global online purchases will reach $310 billion in 2005.
  • Online credit card fraud will cost $9 billion in 2001.
  • Widespread use of anti-fraud technology will reduce online payment fraud to $5.7 billion by 2005, from a potential $15.5 billion.
  • Fraud was 19 times higher online, than with brick and mortar stores in 2001.

Source: Meridien Research

how consumers view authentication
How Consumers View Authentication
  • 47% are now comfortable with registering on web sites by providing personal information.
  • 80% said they would be open to additional authentication measures to make online purchases more secure.
  • 50% said they would be open to using a personal identification number (PIN).
  • 32% said they would be willing to type in a portable password created by a credit card company.
  • 42% said they are “annoyed” at having to remember different passwords for different sites.

Source: Jupiter Media Metrix

shopping cycle

Online Store: The merchant sets up an online store.

Bank Account: The merchant registers with a bank to authorize transactions.

Product Selection: Customers browse products by product category, or by text search.

Shopping Cart:Customers view and change the contents of their shopping cart.

Customer Registration: Registration is needed when customers make a purchase.

Check Out: The customer may verify or change items, and then proceed with their purchase.

Credit Card Authorization: The customer submits credit card information for authorization.

Order Processing:After credit card authorization, the merchant sends the product.

online credit card transaction

1. Customer Proceeds

to Check out.

Shopping Cart

Online Credit Card Transaction

2. Shipping, tax added

for total amount.

Calculate Totals

3. Customer’s address,

telephone information.

Get User Info

5. If the CC is Declined

Get New CC.

4. Customer’s credit card


Enter Credit Card Information


5. If the CC is Authorized

Process Order.

Enough Funds

Card Refused



Card Authorized

E-mail Customer

E-mail Customer

shopping services

One-click Buy : CC data is stored in database, and used for instant purchases.

Personalization : Some merchants offer personalized services like special offers, and

recommendations, for registered customers.

Order Tracking : The customers monitor order status by using the order ID.

Save your cart : Customers save their cart and complete the transaction at a later date.

E-mail Verification : The customers receive emails about news, special events,

recommendations, and the recent order.

shopping carts
  • Keep the process simple.
  • Include tax and shipping costs to display the exact charges.
  • Tell customers how many steps are involved.
  • Add gift option before the checkout.
  • Put policy information in pop-up windows.
  • Don’t force registration. Customers lose patience fast.
  • Offer multiple shipping options.
  • Limit the checkout process with five to six steps.





User Selects New

Or Returning User




User Selects

New User

User Selects

Returning User


User Enters

ID Password

Cookie Set

Return Homepage

User Enters

User Information

Create Personal





User Exists?


Cookie Set

Return Homepage

charge back


1. Cardholder calls Issuer

Bank for fraud.

4. Issuer Bank gives

cardholder’s credit.

2. Issuer Bank calls

Acquirer Bank.


3. Acquirer Bank debits

merchant account.

Additional penalty,

or cancels agreement.


Merchant Account

  • Lower consumer confidence.
  • Higher cost of transactions and loss of revenue for merchants.
  • Higher costs of services for financial institutions.
  • Image damage to the credit card companies and issuers.

“Charge-back fraud has slowed the growth of e-commerce…Nothing is going to happen until credit card companies can positively authenticate every consumer buying from a website.”

Theodore Lacobuizo, Senior Analyst, TowerGroup

security threat
Employee Theft: Employee steals data. This is the largest threat.

Trojan Horse: Can be used for snooping. Frequently used in a virus attack.

Hacking : Breaking into a system. Trojan horses used for returning to server.

Social Engineering: Hackers act like a network engineer.

Buffer Overflow: Cause an overflow condition. May grant root access.

Cracking: Breaking into system to steal things.

Password Fishing: Trying to log in with common passwords.

Snooping: Use of a software program to intercept data.

Application Attack: Force application to fall-over, and root access to system.

secure electronic transaction set
Secure Electronic Transaction (SET)
  • Development of Visa and MasterCard.
  • Certificate-based system.
  • Digital signatures to replace the handwritten signatures.
  • Cardholder software is required.
  • Digital certificates are installed on consumer’s PC.
  • Expensive.
  • Complex structure.
  • Because of its complexity, and cost, SET usage was limited.
secure sockets layer ssl
Secure Sockets Layer (SSL)
  • Created by Netscape.
  • Simple to implement.
  • Implemented in Transport Layer (TLS).
  • Supports most of the browsers and Web servers.
  • Widely used in Web transactions.
  • Uses digital certificates.
secure sockets layer ssl14
Secure Sockets Layer (SSL)


1. Browser sends SSL request massage.


2. Server responds by sending it’s certificate.

3. Browser verifies that the certificate is valid.

4. Browser sends one time session key.

5. Server decrypts the massage with it’s private key.

6. Source exchanges with symmetric encryption.

web server certificates
Web Server Certificates

The certificate, which contains the Web server’s public key, will be used by the browser to:

  • Authenticate the identity of a Web site.
  • Contain the Web server’s public key.
  • Encrypt information for the server using SSL.

Certification Authority (CA) Certificates

  • CA Certificates are issued by a trusted third party called a Certification Authority (CA).
  • CA validates the certificate holders’ identity.
visa payer authentication service vpas
Visa Payer Authentication Service (VPAS)
  • New payer authentication service from VISA.
  • Based on a protocol known as 3-D Secure.
  • Announced in 2001.

“3-D” refers to the three domains

  • Issuers
  • Acquirers
  • Transaction Communication
how vpas works
How VPAS Works

1. Cardholder selects ’buy’.

2. Merchant queries Visa for account data.



3. Visa checks CAD

for customer data.

Card Association





Issuer Access Control


4. Issuer ACS validates password, digitally signs response,

transmits copy to Authentication History Server

5. Merchant verifies signature,

and sends authorization request.

mastercard secure payment application spa
MasterCard Secure Payment Application (SPA)
  • MasterCard’s security solution.
  • It requires participation by the card issuer and the merchant.
  • Cardholder has to download a wallet application from the issuer.
  • Deployment of SPA will be through server-based electronic wallets.
  • Wallet will automatically fill out payment information on the online order form.
  • Includes a unique cardholder authentication value for each transaction.
  • Scheduled to the second quarter of 2002.
address verification service avs
Address Verification Service (AVS)
  • Designed for mail-order and telephone order environments.
  • Checks first 4 numeric digits of address and zip code.
  • Merchant receives response codes, detailing degree of match.
  • AVS does not guarantee charge-back protection.
  • Data used is not always current.
  • Only used in U.S., U.K., Germany, Austria and Switzerland.
  • May result in false rejection of valid orders.