Research study on the integration of e-payments into the online transaction
process
Methodology
The research study is based on a combination of desk research and interviews.
Representatives from different communities (banking sector, retailers,
payment server providers, standardisation and specification community, academics)
were interviewed to obtain a diverse perspective on the subject. The main goal
of the study was to provide a qualitative overview; a separate effort would be
required to determine the extent to which the findings are representative.
Integration of e-payments in practice
A variety of products and solutions is
currently being used to integrate e-payments into the on-line transaction process.
In terms of pricing and complexity, the solutions in the B2C segment cover the low-end
and the high-end of the market. Simple webhosting and internet cash registers are available, as well
as complete e-commerce software suites. The products and solutions in the B2B segment appear to be primarily
focused on the larger companies.
There is a significant difference between the characteristics and problems in the B2B
and B2C domain. In the B2C segment the main barrier to e-commerce is still trust
and security. In principle, there is also the problem that a wide variety of payment
mechanisms exists, but this can be solved with solutions such as an Internet cash
register or the use of a payment service provider. In the B2B domain the main issue
is how to optimise procurement practices and especially catalogue management, given the
framework of the existing organisational policies.
Three specific issues with respect to payment integration in the B2C segment are:
- a payment service provider may honour a charge-back too easily and leave the remaining operational problems to the merchant,
- the different electronic banking output formats of banks may stand in the way of fully automating the matching between orders and payments,
- the level of ICT-expertise can be a problem for smaller companies.
Standards, models and architectures
Essential to this study is that series of enabling standards and specifications allow
and facilitate the flexible sending, formatting and translation of data over open
networks. This increases the possibility to define and build bridging services and protocols
between different systems. More specifically the availability of the XML and XML
translation specifications are instrumental in enabling a flexible integration of
the payment process into the whole transaction process.
No standardisation of shopping protocols has occurred, except for the data elements and
formats needed in shopping carts (ECML). The user thus faces as problem of going through
different shopping and payment procedures at different websites. The de facto solution
to this problem is a wallet, which can be provided by banks or any other organisation
(Microsoft, SUN Liberty Alliance).
A number of protocols for payment over the web (SET, SPA, 3D-secure) have been
developed by the financial industry. So far, none of those have gained market
acceptance. Both the ease of the current procedures as well as the different legal and
liability rules may have been the cause. The result is a fragmented range of payment
protocols.
The Internet Open Trading Protocol (IOTP) tries to solve both the issue of fragmented
payment protocols and the user experience, by serving as an umbrella protocol,
which encompasses all kinds of shopping sequences and payment instruments. It is unclear
however, if IOTP will be supported enough by players in the market to become a real
standard. Its direct competitor seems to be the de facto consumer wallet solution,
which can be the Passport solution or an integrated home-banking/internet banking solution
of the customer’s bank.
The application of XML-based standards is often industry specific and dependent on the
power structure between organisations in the industry. In the B2B procurement segment
some successful usage of specifications (Rosettanet, CIDX, OBI) occurs but these remain
industry specific. Yet, given that organisations start to optimise and further automate
the message and document flows with other organisations, the importance of modelling
and architectural design is increasing.
A wide number of models and architectures exist, each with their own focus.
Some models remain conceptual, whereas other frameworks (such as the .Net approach of Microsoft)
span the architectural, business, protocol and technical domain. Although this may lead to
some kind of incompatibility between information systems, enabling technologies (such as XML and XSLT
specifications) and architectural efforts (E-Commerce Integration Meta-Framework) may mitigate this
problem.
Policy implications and possible future standardisation
Observing the available solutions and future developments, most experts concluded that
additional policy initiatives to standardize e-payments in order to further promote e-commerce
were not necessary. The experts' suggestions aimed at stimulating the market,
providing a harmonised legal basis and further research and education. A first comparison
of these suggestions with the eEurope action plan and the current institutional framework
showed that most suggestions were already being addressed.
Current ICT-practices and developments will reduce the need for all-inclusive
standardisation efforts and will require a reconsideration of ‘standardisation’ as a
primary policy tool. A policy approach that considers this trend focuses primarily towards
dissemination of available information on standards and specifications, rather than
proactive formulation of proposals for standards.
Three issues were identified for which standardisation might be useful in order to improve
the e-payments process and promote e-commerce:
- the specification of minimum output requirements to be adopted by banks; this would
facilitate the aggregation of payment information and the automated matching of orders and
payments,
- the specification of requirements for a lightweight authentication method to be used for
payments; the ‘digital signature approach’ with a combination of legislation and technical
requirements could be followed to establish common liability rules for payments made using
method that fulfil the requirements,
- the specification of minimum security requirements for identity service providers. These requirements
should become part of the institutional data protection framework and safeguard a minimum
protection of personal data.
Back to the page on the ePSO-study
|
|