Electronic Payment Systems
Payment gateway: a service provider that provides software to conduct online transactions between customers and
merchants, as well as their banks.
Customers can make payments using gateways from merchants stores if merchants have a secure socket layer
certificate and gateway credentials. These factors enable merchants’ to be authorised to provide payment processing
transactions from their online stores. As these payment gateways are implemented, they help to easily facilitate
payment processing between customers and merchants.
3 types: Redirect, Hosted, Self-hosted
Redirect: The payment gateway simply takes a customer to a payment processor, like PayPal to process the
transaction. Payment processed by a third party.
Hosted (off-site payment): The customer makes a purchase on the website and the payment info goes to the payment
provider’s servers (merchant) for processing.
Self-hosted (on-site payment): The entire transaction happens on the website’s server(s).
Merchants can choose any type of gateway but if they choose self-hosted (integrated into their website) they need to
create and integrate an API that allows customers to make payments directly from their website.
Payment gateway features
PayPal: Inventory tracking (tracking your product); Shopping cart (PayPal already integrated, just need to sign into your
account); Express checkout (payment processing service for online merchants, that allows customers to purchase items
or services without having to provide their shipping and billing information, ensuring that the merchant receives the
customer's personal and payment information in a secure manner).
Amazon Pay: Automatic payments (by their account); merchant website integration (easy to pay on the site); customer
identity (can ask for proof of identity).
Stripe: Mobile customer interface (prebuilt UI components for checkout); embeddable checkout (feature on their site to
help you redesign your payment page); multi-currency payouts (get paid in your preferred currency).
Types of payment systems
Internet banking: online service that allows a user to move funds from one bank account to another.
E-wallet: an online service that allows a person to exchange money. It can either have money deposited into the wallet
beforehand or, when a transaction occurs, the user's bank account is automatically debited or credited.
QR code payments: stands for Quick Response Code, which is a code that consists of a pixel pattern of barcodes or
squares that are placed in a square grid.
Credit/debit card: an electronic payment gadget that accepts and initiates an online monetary transfer that will be
cleared by the bank.
Contactless payments: payment technique that uses RFID technology and NFC to make payments, by tapping
cards/phones.
🈯
Advantages
Faster transactions: Payments are processed much faster – no physical labour required, as all transactions are
🈯
automated
Safer transactions: Provides customers with the assurance that their payments are processed
🈯
safely and securely.
Fraud detection: Gateways use integrated fraud detectors such as AVS to detect any fraudulent or suspicious activity
online. Thus, reducing the risk of fraud. Provides consistent fraud protection by being PCI (Payment Card Industry)
🈯
Compliant.
Allows for multiple payment options: users can choose to pay with a credit card or by a transfer depending on their
🈯
preference (if the gateway allows).
Low set up cost: Some gateways do not charge for set-up costs; merchants are only charged transaction fees per
transaction
,🈹
Disadvantages
Relatively expensive: Merchants are charged high transaction costs, with some gateways charging amounts
🈹
dependent on how much was spent on the transaction at a fixed percentage.
🈹
Extra fees: Merchants are charged an extra fee for allowing credit purchases.
International payment constraints: International customers may experience higher transaction costs or sometimes
🈹
these customers do not have payment options suitable for their demographic and currency.
Security: Online transactions so, risk of security vulnerabilities imposed when using a network, once the data is on
🈹
the server, sensitive data can be accessed.
International payments: sometimes international customers don’t have payment options
suitable for their demographic and currency.
M-PESA in Kenya
⭕ ⭕
A mobile electronic payment system or e-wallet. Commonly used there now.
⭕
Impact: Helped Kenyans get greater access to financial services Increased the Circulation of money. Transactions
⭕
processed by all ewallet platforms now account for half of Kenya’s GDP Created a safer environment on the streets
⭕ ⭕
and empowered women Encouraged Saving.
Limitations: Reliance on telecom and internet Fraudulent activity
COVID impacts: With strict lockdown, there was a decrease in transactions but when lockdowns calmed down, mobile
banking agents increased and the number of mobile banking accounts increased. Caused by the ease of use, not
wanting to travel to shops/malls, limited access to physical banks (especially rural areas) and less hand-to-hand
transactions to try to reduce the spread of covid.
Conclusion: Payments are critical to allow payment to be made anywhere on earth. Payment gateways have allowed
retailers to accept orders from a larger audience online. Electronic gateways are critical not just for electronic payments
but also as a beneficial tech for eCom.
eCommerce Security and Privacy
Privacy - the ability to control one's personal data and how it is used.
Personal data - information used to establish one's identity.
Security - the management of data access by unauthorised persons
Increase in internet users that shop online, as there are safer ways to pay. Internet privacy and security is still a struggle.
Privacy refers to the ability to control one's personal data and how that data is used, where personal data is any sort of
information that may be used to establish one's identity. Security, on the other hand, relates to the management of data
access by unauthorised persons, or how secure your personal information is. eCommerce makes doing business more
convenient for buyers and sellers but opens up so many more risks for buyers and sellers. According to Interpol, SA has
the 3rd-highest number of cybercrime victims worldwide as of 2021.
Current architecture used in eCommerce Privacy and Security
Strict protocol of planning, checking, implementing, and revising through iterations. First step involves creating a
dynamic document called a ‘Security Protocol’, which specifies security goals, risks (made with a risk analysis by a
security audit), authorised personnel, processes for dealing with unauthorised personnel, and the logical and physical
data protection methods on and offsite (Antón & Earp, 2000). Example: Policy Framework for Interpreting Risk in
eCommerce Security (PFIRES). This document provides a framework for managing security policy. (Reason it’s a
dynamic document is from the fact that policies should be continually revised; to adapt to technology and business
environment changes). Organisations are expected to implement such a policy to protect consumer information as well
as to consider other organisations they are in close liaisons (collaboration) with.
Technologies used for eCommerce privacy: surveillance tech, web transfer protocol contracts (used for data access
control), tech (used for labelling and trust), privacy enhancing technologies. Surveillance and data capture are primarily
used for business practices that have a byproduct of generating biometrics, data trails warehousing and data mining,
which in effect, transgress on personal privacy. Contrary to that, Privacy enhancing technologies aim to remedy this
negative through personal firewalls, cookie managers and digital cash.
,Tools used to achieve privacy objectives:
Public Key Infrastructure, like digital certificates based on asymmetric cryptographic, used to prove identity; biometrics;
strong passwords; firewalls; encryption; locks and bars; smart cards used for decentralised and untraceable
networked purchases and digital watermarking similar to NFTs (involving cryptographically tagging electronic content,
that is unforgeable and unremovable).
Safety of customer information
Unauthorised access of consumers’ data such as customer usernames, passwords, and credit card information can
place them at risk from security and privacy threats such as data theft misuse, fraud and hacking. The technologies
used include contracts or agreements about the release of private data, privacy-enhancing technologies (PETs) which
attempt to balance the surveillance or tracking technologies through personal firewalls, cookie managers, digital cash
and use of security measures such as SSL certificates which prevent attackers gaining access to customer passwords
and credit card information.
The Protection of Personal Information Act (POPI Act) is one of the main legislative measures put in place to help
protect people’s private information in the form of data. An Information Regulator must be appointed to protect people’s
private data. An Information Regulator is responsible for evaluating and enforcing people’s and organisations’
compliance with the requirements of the Personal Information Act. When a consumer's privacy is breached, they can file
a complaint to the Information Regulator and they will be able to take legal action against the vendor.
With the increase of privacy issues, the governments around the world have started to take notice of it. SA implemented
the POPI Act - aimed at controlling when and how organisations can collect, store, and use user data. Goal is to protect
customer data from theft, security breaches, and discrimination. Impacted how eCom organisations can use their
customer data. Failure to comply can result in massive fines and other legal actions.
Customer Perception on Privacy and Security
Factors: Culture, transparency (companies can create trust), actual security and privacy. People in developing nations
with internet access are more afraid to transact than first world countries (like Australia). South Africa is a playground for
scammers. Since we as South Africans fall victim to fraud, this builds a negative culture towards eCommerce privacy
and security concerns. Possible solution: Being transparent and notifying customers regarding the sharing of data has
been proven to make them more comfortable with using eCommerce websites. Providing customers with detailed
descriptions of how their personal data will be used creates trust amongst customers. The leading cause of distrust is
that payment systems are being perceived as untrustworthy and customers are afraid of sharing credit card details.
Assurances of safe payments need to be made to remedy this perception, thus reducing the perceived risk which
negatively affects trust in payment systems.
🔽
The future and way forward
🔽
With Covid, technology providers have to create a new security environment and monitor their customer’s needs.
🔽
Improve the security around payment platforms can prevent large amounts of credit card information from being
🔽
stolen and lost. Businesses that deliver network access to contractors must safeguard those parties from outside
🔽
attacks. Increasing security measures = more expenses, but can be a competitive advantage, as consumers have
🔽
become more aware of fraud and the need for privacy. Online retailers can implement advanced monitoring
technologies to identify suspicious behaviour in the payment platform. Retailers should promote secure behaviours
(by providing guidance on how consumers can identify the correct website and avoid fake website).
🔽The rapid growth of eCom in South Africa can be partly attributed to the Covid-19 pandemic causing more consumers
data is being generated at an exponential rate. 🔽Companies can purchase third-party data from search-engines and
to purchase online from the safety of their home. However, this leads to concerns over privacy and security as consumer
manufacturing decisions. 🔽Studies have shown that customers care more about an eCom platform's compliance to
social media trends. This data is then utilised to establish consumer preferences, inventory management and
privacy protection measures rather than the actual performance of the adopted measures. This can lead to the problem
🔽
where customers blindly trust privacy-compliant websites that may be poorly protected whilst avoiding websites whose
🔽 🔽
privacy policies they are unfamiliar with. Gathering and utilisation of consumer data brings value to the eCom
platform. The eCom platform's protection brings value to the consumer. A conflict of interest between eCom
, enterprises wanting to use consumer data for value will remain a concerning trend in the near future. But with greater
public education around privacy by the media in recent years and privacy protection technology being increasingly
🔽
standardised legislatively, the privacy and safety of consumers continues to improve on eCom platforms in SA.
🔽
Consumers: Becoming more aware of privacy + Greater legislation around security and privacy in eCom + More
media coverage and public concern around privacy. Businesses: Gain more data around customers with scale
through searches, orders and tracking cookies + Conflict of interest between consumer and eCommerce platform + In
order to remain competitive, businesses will have to increasingly implement customer oriented privacy and security
measures + Many countries are implementing mandatory privacy and security measures underpinned with fines and
penalties for non-compliance.
🈯
Advantages
Customers feel more secure about their information and are more trusting to provide merchants with personal
🈯
information.
🈯
🈯
Customers are more open to shopping and visiting sites that have privacy and security measurements in place.
Unwanted attacks and misuses on eCommerce sites are prevented.
Having privacy and security measurements in place boosts consumer trust and brand reputation which in turn
increases the profitability of the merchant.
🈹
Disadvantages
Privacy and security implementations on an eCommerce site tends to limit the simplicity of the site (Threat:
🈹
Overcomplexity can have a negative impact on the user friendliness).
Not all websites use privacy and security systems that use high encryption software to protect users' data and do the
🈹
bare minimum when protecting users' data (Threat: Malicious attacks).
🈹 Privacy and security can become very costly when trying to create the safest online environment.
Limits the merchant as software could limit the data that is attainable from the customer, which is an opportunity loss
for the business.
⭕
COVID security threats and impact
Target inexperienced online users: The pandemic has introduced a new group of user who rarely shop online. These
⭕
people are more vulnerable to scams and fraudulent schemes.
DDOS Attacks: Used to disrupt regular traffic of sites by overwhelming them with an influx of traffic. Can cause
⭕
massive delays to services for E-commerce sites and cause data loss.
Online scams: Criminals create fake websites of popular online stores and entice victims to enter personal data or
download malicious content.
Overall: Privacy is the use and storage of personal information such as your credit card details; Privacy has always been
a concern when it comes to how businesses manage their customers' personal information; During Covid, concerns
over collection of personal data not being secure and misusing data is increasing; You shared your personal information
for every place you signed up; Privacy can face threats from outside forces, or even the business itself. Due to Covid,
security in eCom is very turbulent (unstable/conflicted). You can combat threats by using security but don’t drive away
customers with too many security walls.
During COVID: Leakage of Personal Information: The theft of personal information = biggest concern with the increase
of cyberattacks; eCom businesses require a lot of personal information and often store your credit card details, meaning
a lot of valuable information is stored on eCom websites; Those who store personal information on eCom websites
become prime targets for hackers. Selling and Sharing of Personal Information: eCom businesses can use customer
data for their own use; They can sell the data to companies such as advertisement companies, or to provide the
government with useful data on users; Example: in the US, you’re allowed to use and disclose protected health
information for public health and health oversight purposes only if permitted.
Conclusion: The adoption of eCommerce websites is largely affected by consumer trust and culture, but this is
combated by the implementation of having sufficient transparency as well as privacy and security technology systems in
place. eCom security and privacy = more important in future as more people engage with the online space.
