Research study on the integration of e-payments into the online transaction process

The research study is based on a combination of desk research and interviews. Representatives from different communities (banking sector, retailers, payment server providers, standardisation and specification community, academics) were interviewed to obtain a diverse perspective on the subject. The main goal of the study was to provide a qualitative overview; a separate effort would be required to determine the extent to which the findings are representative.

Integration of e-payments in practice
A variety of products and solutions is currently being used to integrate e-payments into the on-line transaction process. In terms of pricing and complexity, the solutions in the B2C segment cover the low-end and the high-end of the market. Simple webhosting and internet cash registers are available, as well as complete e-commerce software suites. The products and solutions in the B2B segment appear to be primarily focused on the larger companies. 

There is a significant difference between the characteristics and problems in the B2B and B2C domain. In the B2C segment the main barrier to e-commerce is still trust and security. In principle, there is also the problem that a wide variety of payment mechanisms exists, but this can be solved with solutions such as an Internet cash register or the use of a payment service provider. In the B2B domain the main issue is how to optimise procurement practices and especially catalogue management, given the framework of the existing organisational policies. 

Three specific issues with respect to payment integration in the B2C segment are: 
- a payment service provider may honour a charge-back too easily and leave the remaining operational problems to the merchant, 
- the different electronic banking output formats of banks may stand in the way of fully automating the matching between orders and payments, 
- the level of ICT-expertise can be a problem for smaller companies. 

Standards, models and architectures
Essential to this study is that series of enabling standards and specifications allow and facilitate the flexible sending, formatting and translation of data over open networks. This increases the possibility to define and build bridging services and protocols between different systems. More specifically the availability of the XML and XML translation specifications are instrumental in enabling a flexible integration of the payment process into the whole transaction process.

No standardisation of shopping protocols has occurred, except for the data elements and formats needed in shopping carts (ECML). The user thus faces as problem of going through different shopping and payment procedures at different websites. The de facto solution to this problem is a wallet, which can be provided by banks or any other organisation (Microsoft, SUN Liberty Alliance).

A number of protocols for payment over the web (SET, SPA, 3D-secure) have been developed by the financial industry. So far, none of those have gained market acceptance. Both the ease of the current procedures as well as the different legal and liability rules may have been the cause. The result is a fragmented range of payment protocols.

The Internet Open Trading Protocol (IOTP) tries to solve both the issue of fragmented payment protocols and the user experience, by serving as an umbrella protocol, which encompasses all kinds of shopping sequences and payment instruments. It is unclear however, if IOTP will be supported enough by players in the market to become a real standard. Its direct competitor seems to be the de facto consumer wallet solution, which can be the Passport solution or an integrated home-banking/internet banking solution of the customer’s bank.

The application of XML-based standards is often industry specific and dependent on the power structure between organisations in the industry. In the B2B procurement segment some successful usage of specifications (Rosettanet, CIDX, OBI) occurs but these remain industry specific. Yet, given that organisations start to optimise and further automate the message and document flows with other organisations, the importance of modelling and architectural design is increasing.

A wide number of models and architectures exist, each with their own focus. Some models remain conceptual, whereas other frameworks (such as the .Net approach of Microsoft) span the architectural, business, protocol and technical domain. Although this may lead to some kind of incompatibility between information systems, enabling technologies (such as XML and XSLT specifications) and architectural efforts (E-Commerce Integration Meta-Framework) may mitigate this problem.

Policy implications and possible future standardisation
Observing the available solutions and future developments, most experts concluded that additional policy initiatives to standardize e-payments in order to further promote e-commerce were not necessary. The experts' suggestions aimed at stimulating the market, providing a harmonised legal basis and further research and education. A first comparison of these suggestions with the eEurope action plan and the current institutional framework showed that most suggestions were already being addressed.

Current ICT-practices and developments will reduce the need for all-inclusive standardisation efforts and will require a reconsideration of ‘standardisation’ as a primary policy tool. A policy approach that considers this trend focuses primarily towards dissemination of available information on standards and specifications, rather than proactive formulation of proposals for standards.

Three issues were identified for which standardisation might be useful in order to improve the e-payments process and promote e-commerce: 
- the specification of minimum output requirements to be adopted by banks; this would facilitate the aggregation of payment information and the automated matching of orders and payments, 
- the specification of requirements for a lightweight authentication method to be used for payments; the ‘digital signature approach’ with a combination of legislation and technical requirements could be followed to establish common liability rules for payments made using method that fulfil the requirements, 
- the specification of minimum security requirements for identity service providers. These requirements should become part of the institutional data protection framework and safeguard a minimum protection of personal data. 

Back to the page on the ePSO-study