Online Payments

Transcript

1. Online  Payments   Brightsource  Academy  

2. •  Exchanging  money  electronically   •  On  a  website  like

    a  shopping  cart   •  Mobile  money  wallets   •  QR  code  tools   •  Cryptocurrencies   What  is  an  online  payment?  

3. •  Any  money  instrument  that  can  be  represented   electronically

     •  Credit/Debit  cards   •  Electronic  Fund  Transfer  (EFT  Bank  Transfer)   •  Bitcoin  and  other  digital  currencies   •  On  the  spot  loans   Instruments  of  Online  Payment  

4. •  As  with  any  currency  value  is  negoKated  rather  

   than  having  intrinsic  value  like  the  gold  standard   of  olden  days   •  Digital  currency  has  a  limited  supply  that   increases  at  a  known  rate   •  Exchanges  have  been  set  up  to  buy/sell  digital   currency  for  tradiKonal  paper  money   •  Unlike  cash  there  is  a  trail  for  every   coin  that  tracks  back  to  a  wallet   Digital  currency  

5. •  Natwest  charges  me  £30   to  send  £65  to

    SA   •  They  take  about  3-­‐5  days   to  transfer  the  money   •  It  costs  less  than  £3  using   Bitcoin  and  takes  1  day   for  the  money  to  land  in   my  account   Actual  example  of  Bitcoin  usage  

6. Our  specific  use  case  at  Signal  

7. •  We  only  facilitate  credit  card  transacKons   •  We

    are  not  a  payment  processor  ourselves   •  That  requires  cerKficaKon  that  we  comply  with   Payment  Card  Industry  Data  Security  Service  rules   •  This  cerKficaKon  is  expensive  to  get  and  the  margin   on  processing  payments  is  low  –  about  3-­‐5%  if  you’re   lucky   •  We  send  consumers  to  a  payment  processor   •  Rest  of  this  lecture  focuses  on  credit  cards  only     Online  Payments  at  Brightsource  

8. •  Woods  and  Valldata  process  campaign  data   •  Join

    up  online  and  offline  data   •  Chameleon  acts  as  a  payment  gateway   •  They  mediate  between  us  and  the  processor   •  They  also  send  data  to  Woods  on  our  behalf   Valldata  /  Chameleon  /  Woods  

9. •  Fraud  –  The  customer  denies  the  transacKon   • 

   The  card  associaKon  fines  the  processor   •  The  processor  fines  the  merchant   •  If  there  are  too  many  chargebacks  the  card   associaKon  will  disavow  the  processor   •  Avoiding  them  makes  financial  and  reputaKonal   sense  for  the  merchant   •  Fraud  detecKon  systems  like  Maxmind  exist  to   help  merchants  avoid  submiYng  fraudulent   transacKons   Chargebacks  

10. The  transacKon  flow  

11. •  Alice  is  a  consumer  who  wants  to  buy  something

      •  Bob  is  a  seller  who  is  selling  goods  or  services   Actors  involved  (1)  

12. •  Alice  is  a  consumer  who  wants  to  buy  something

      •  Alice’s  bank  is  called  the  issuing  bank     •  Bob  is  a  seller  who  is  selling  goods  or  services   •  Bob’s  bank  is  called  the  acquiring  bank   Actors  involved  (2)  

13. •  Alice  is  a  consumer  who  wants  to  buy  something

      •  Alice’s  bank  is  called  the  issuing  bank   •  A  payment  gateway  will  acquire  her  details   securely  on  behalf  of  Bob   •  Bob  is  a  seller  who  is  selling  goods  or  services   •  Bob’s  bank  is  called  the  acquiring  bank   Actors  involved  (3)  

14. •  Alice  is  a  consumer  who  wants  to  buy  something

      •  Alice’s  bank  is  called  the  issuing  bank   •  A  payment  gateway  will  acquire  her  details   securely  on  behalf  of  Bob   •  The  payment  processor  will  communicate  between   the  banks  and  actually  do  the  transacKon   •  Bob  is  a  seller  who  is  selling  goods  or  services   •  Bob’s  bank  is  called  the  acquiring  bank   Actors  involved  (4)  

15. •  Alice  is  a  consumer  who  wants  to  buy  something

      •  Alice’s  bank  is  called  the  issuing  bank   •  A  payment  gateway  will  acquire  her  details   securely  on  behalf  of  Bob   •  The  payment  processor  will  communicate  between   the  banks  and  actually  do  the  transacKon   •  A  card  associaEon  (like  Mastercard  or  Visa)  defines   rules  of  transacKons  and  helps  the  processor  find   which  banks  are  involved   •  Bob  is  a  seller  who  is  selling  goods  or  services   •  Bob’s  bank  is  called  the  acquiring  bank   Actors  involved  (5)  

16. •  The  consumer  who  is  purchasing  something   •  The

     merchant  who  is  selling  something   •  The  issuing  bank  who  gave  the  consumer  a  card   •  The  acquiring  bank  who  will  eventually  receive  the   fund   •  A  merchant  account  which  will  store  the  funds  unKl   they’re  withdrawn  to  the  acquiring  bank   •  The  payment  processor  and  payment  gateway   •  A  card  associaKon  like  Visa  or  Mastercard  that   defines  the  rules  of  transacKons   Recapping  who’s  who  in  the  zoo  

17. •  But  first  take  a  breather.   We’ll  add  some

     details  to  these  concepts  

18. •  A  payment  gateway  controls  the  flow  of  data  

    between  the  merchant  and  the  payment   processor   •  A  payment  processor  sits  between  the  issuing   and  acquiring  bank  and  transacts  the  payment   •  This  disKncKon  does  not  have  to  exist   •  Paypal  and  Stripe  for  example  perform  both  funcKons   Payment  Gateways  and  Processors  

19. •  Store  the  funds  unKl  they  are  withdrawn   • 

    The  bank  offering  them  underwrites  the  liability   •  Excessive  chargebacks  or  refunds   •  Anybody  wanKng  to  accept  funds  must  have  a   merchant  account   •  Payment  Processors  will  have  their  own  account   and  can  hold  funds  on  behalf  of  their  clients   •  They  must  negoKate  liability  with  their  own  bank   •  They  must  saKsfy  financial  intelligence  laws  for  every   jurisdicKon  they  operate  in   Merchant  Accounts  

20. 1.  Alice  enters  her  card  details  on  a  page  that

     is  hosted  by   the  payment  gateway  away  from  Bob’s  site   2.  The  payment  gateway  passes  the  details  to  the  payment   processor   3.  The  payment  processor  uses  the  card  associaKon   network  to  find  the  issuing  bank  for  the  card   4.  The  payment  processor  queries  the  issuing  bank  to  find   out  if  the  card  is  valid   5.  If  it  is  valid  the  payment  processor  either:   1.  puts  an  authorizaKon  hold  on  the  funds,  or   2.  Captures  the  funds  and  transfers  them  to  the  acquiring  bank   where  they  will  be  placed  in  the  merchant  account   Lets  recap  slowly  

21. •  The  payment  processor  redirects  the  user  to  a  

    page  on  the  merchant  site  that  indicates  the   transacKon  status   •  This  page  does  not  trigger  any  processing,  it  is  for   display  only   •  The  payment  processor  also  securely  contacts   the  merchant  site  directly   •  This  message  can  be  verified  by  the  merchant   •  This  message  tells  the  merchant  to  process  the   transacKon   Lets  recap  slowly  (2)  

22. Flow  diagram  

23. •  We  are  using  the  simplest  (cheapest)  method   • 

    There  are  variaKons  of  this  pafern   •  We  could  accept  the  credit  card  details  ourselves  and  then  pass   them  to  the  processor  without  storing  them  ourselves  (PCI  DSS   C)   •  We  could  create  a  form  to  capture  the  credit  card  details  that   submits  them  to  the  processor  directly  (PCI  DSS  A-­‐EP)   •  Instead  of  being  noKfied  separately  by  the  gateway  we  could  use  the   success  page  to  complete  the  transacKon   •  It’s  technically  simpler   •  It’s  significantly  more  open  to  abuse  to  the  point  that  most   payment  gateways  will  not  offer  it  as  an  opKon   VariaKons  to  the  pafern