AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
Introduction to e-Commerce Payments
1. AMLAS E R V I C E S
Introduction to e-
Commerce Payments
Ari Viljakainen
AMLA Services
fi.linkedin.com/in/ariviljakainen/
@Ari_Viljakainen
AMLAS E R V I C E S
2. AMLAS E R V I C E S
Agenda
1. Consumer needs
2. Payment methods for e-commerce
3. Introduction to card payments
4. Security
5. Card transaction processing
6. Key players
AMLAS E R V I C E S
3. AMLAS E R V I C E S
Consumer needs
AMLAS E R V I C E S
4. AMLAS E R V I C E S
The usage is different for each
country and even different for
merchant segments and consumer
types.
In Finland direct bank payments
(pankkinappi = bank button) leads
with a bit more than 1/3
Payment cards are second
Invoicing is becoming more
common
Preferred payment method when paying online
E-commerce payment methods used in Nordics
Source: Postnord & Nets 2014
5. AMLAS E R V I C E S
40% in the Nordic countries cancel purchases because the website is not mobile
optimized. (DIBS 2013)
33% state that they have cancelled a purchase because the right payment option
was missing. (DIBS 2013)
In order to succeed in e-commerce checkout process needs to be easy but secure in
all devices. (The Jumio Consumer Mobile Insights Study 2013)
Lack of payment options and difficult to use are very clear reason for abandoning the shopping cart
Abandoning shopping carts , but why?
6. AMLAS E R V I C E S
Payment methods for e-commerce
AMLAS E R V I C E S
7. AMLAS E R V I C E S
There are lots of different payment options available, some are listed here.
E-Commerce payments, this is what it looks like for
consumers
Payment cards Direct bank payments
Invoicing
8. AMLAS E R V I C E S
Online-stores are quite often built on commercial or open source platforms were payments are already
integrated. Internet Payment Service Providers combine several payment methods into one service.
This is how it is built
Merchant online store
Web store
platform
Payments
Direct PSP
Collecting PSP
iPSP Provider(s)
9. Difference between Direct PSP and
Colection PSP
Direct PSP
Merchant
Bank 1
Bank 2
Acquirer
Invoicing,
PayPal
• Transaction
• Financial
• Contract
Collecting PSP
Merchant
Bank 1
Bank 2
Acquirer
Invoicing,
PayPal
11. AMLAS E R V I C E S
The main roles are illustrated below. There are two types of payments:
1. in-store payments (card present). 2. on-line payments (card not present)
4-corner Model of Card Payments
Issuing & Acquiring Service Provider
Card scheme networks
1
2
Issuer Acquirer
Payment Service
Provider
(PSP)
12. AMLAS E R V I C E S
Roles in 4-corner Model
•Issues payment cards to consumers
•Manages issuing processesIssuer
•Provides merchants with card payment capabilities
•Manages acquiring processesAcquirer
•Accepts card payments
•Physical and e-commerceMerchant
•Provides merchant with payment terminals and online
check-out service
•Handles the transaction routing to acquirer
Payment servide
provider
•Provides IT services and business process outsourcing to
issuing and acquiring banks
Issuing & Acquiring
Service Provider
13. AMLAS E R V I C E S
Each scheme has different business model and role in the ecosystem. The main funtions for schemes
are listed below.
Card Scheme Networks
Products
Brand
Processing of transactions
Operating regulations
Security requirements
Protection for fraud
Global acceptance (Visa, MasterCard)
14. AMLAS E R V I C E S
Security
AMLAS E R V I C E S
15. AMLAS E R V I C E S
Can be
stored?
Protection
needed?
Cardholder data Card number
1
Yes Yes
Cardholder name Yes Yes
2
Expiration date Yes Yes
2
Sensitive
authorization data
All data in the magstripe No -
Security code No -
PIN No -
1 More details how to handle card number is decribed in PCI-DSS
2 These details need to be protected if stored together with card number
PCI Security Standards Council has defined an information security standard (PCI DSS) for organizations that
handle cardholder information. Following table can be used as a guideline to find out if PCI DSS should be
taken into use.
Managing payment card details in IT systems and
related processes
16. AMLAS E R V I C E S
Card transaction processing
AMLAS E R V I C E S
17. AMLAS E R V I C E S
3-D Secure authentication is used by Visa, MasterCard, American Express, and JCB. It provides an
added protection towards online fraud.
eCommerce Authentication
1. Insert card
details
2. Authorization reguest
to acquirer
6. Authorization
response
4. Authorization
reguest to issuer
5. Authorization
response from
issuer 3. Authorization reguest
to acquirer
10. Authorization
response
Issuer Acquirer
Payment Service
Provider
(PSP)
Online store
Access
Control Server
(ACS)
8. Insert 3-D
Secure credentials
9. Authorization
response
7. Authenticate
18. AMLAS E R V I C E S
Issuer Acquirer
Payment Service
Provider
(PSP)
Online store
Transaction message will be created after succesfull authorizatio. Online store can also choose to
create the transactions later for example at the end of the day.
Transaction when paying in-store
1. Transaction message
4. OK
5. Transactions
are sent to each
issuer
6. OK 3. At the end of the day
all transactions are sent
to acquirer
2. OK
19. AMLAS E R V I C E S
Key players
AMLAS E R V I C E S
20. AMLAS E R V I C E S
Atos
Paytrail
Checkout
Nets
Maksuturva
DIBS
Sofort
Wirecard
Ogone
Gestpay
Klarna
Servired
Worldpay
Realex
PayU.pl
Webmoney
Yandex
Robokassa
Nets
Nets
Nets
IfMB
http://premium.wpmudev.org/blog/the-big-list-of-
payment-gateways-for-the-global-merchant/
AMLAS E R V I C E S
21. AMLAS E R V I C E S
Global PSP providers
AMLAS E R V I C E S
22. AMLAS E R V I C E S
Contactless payments and in-app payments using Apple Pay
Apple Pay
Card tokenization
Secure
element
NFC
In-app
24. AMLAS E R V I C E S
Images by Nets, 2015
Thank you
Ari Viljakainen
AMLA Services
fi.linkedin.com/in/ariviljakainen/
@Ari_Viljakainen
AMLAS E R V I C E S