Internet Payment Systems

This talk by Peter Billam of P J B Computing was presented to the summer conferences of the Canberra and Tasmanian branches of AUUG in February 1998. A later, revised, version of this talk is also available.


This talk surveys some of the Digital Payment systems most adapted to life on the Internet. At their best they can benefit organisations large and small, offering them payment systems with the advantages of the Internet itself - global reach, high speed, low transaction cost and high automatability. Some of the privacy and security risks are mentioned. Particular emphasis is placed on the Australian context. The technologies discussed here could revolutionise the commercial and financial systems of the world.


Physical Payment Systems

Back to the Top . . .


The most sophisticated and efficient payment system, offered by governments to avoid circulating gold. Transfer is instant and 100 per cent efficient. No transaction record is created. Cash is such a tempting target for theft that it is unsafe to keep large sums in cash, or to send cash by post.


Banks offer safekeeping for your cash, protecting you from theft; they grant you access to your money on your signature. A cheque, a signed instruction to pay, can be sent by post, offering global range. The payee can be anybody, not just a business. The bank retains a record of the amount of the transaction, but not of what item was purchased.

For the payer, cheques are slow to write. For the payee, they can bounce or be cancelled, and take several days to clear.

Back to Physical Payment Systems . . .

Credit Card

The payee must be a business. The card carries a raised, embossed number. As originally introduced, the merchant puts the card through a roller which reads the number onto a slip of carbon paper, and the customer authorises the payment by signature. The payment cannot bounce or be cancelled, with the bank assuming the risk, and charging the merchant several per cent accordingly.

Mail-order merchants may ask their bank to be trusted to receive payments without any signed authorisation; the merchant just quotes a card number and an amount and the bank just believes them. The customer is responsible for checking their monthly account and complaining to their bank about payments they don't remember.

Back to Physical Payment Systems . . .

Digital Payment Systems

Back to the Top . . .

Credit Cards on the Internet

The Merchant gets to see thousands of live credit card numbers, and is under suspicion every time there is fraud on any of them. The Consumer's money is spent without any say-so from the consumer. The Bank guarantees the transaction and thus incurrs significant risks; and charges accordingly.

Back to Digital Payment Systems . . .

First Virtual's PIN System

This is a very elegant, well conceived, low-tech system, built on top of the Credit Card infrastructure. It avoids card numbers ever being sent over the Internet or disclosed to merchants, and it allows the purchaser to confirm the payment. The purchaser must be reachable by e-mail. Amazingly, it uses no encryption, so it has no problems with the U.S. munition export laws, and can be used by customers in countries such as France and Iraq.

The customer gives their card number to the First Virtual Bank by phoning up a particular number and typing it into a touch phone. In return they are assigned a PIN password. The merchant must be registered with First Virtual, and must have a bank account able to accept payments by the ACH (Automated Clearing House) system; that is to say, U.S. bank account.

When the customer makes an order, they give the merchant their PIN password. The merchant then contacts First Virtual, quotes them the PIN and asks for the money. First Virtual send the customer an e-mail asking for their OK. The customer replies either "Yes", "No" or "Fraud", and if the reply is "Yes" the transaction goes through.

Back to Digital Payment Systems . . .


Merchants and consumers in the U.S. may gain direct access to the Automated Clearing House system used to transfer money between banks. CheckFree of Ohio interfaces with PC financial packages such as Quicken to allow consumers to make payments, and CheckFree's Gateway system allows U.S. merchants direct access to the ACH, over the Internet using PGP, for 27 cents per payment.

Back to Digital Payment Systems . . .


Developed by Dr David Chaum, sold by DigiCash BV in Amsterdam. The consumer downloads the DigiCash software to run a digital wallet, opens an account with the local mint. The mint could be run by a government or a bank; DigiCash BV is in the process of signing up numerous banks to run mints (this is reminiscent of the situation in Australia last century where banks issued their own banknotes).

The user creates some "coins" and gets them signed by the mint. The wallet can exchange coins with other wallets using a custom IP protocol; coins can also be sent in text form by e-mail or other means. When desired, they can be cashed in again at the mint.

The payer knows the identity of the payee, but the payee does not find out the identity of the payer (unless the payer attempts to double-spend a coin).

Back to Digital Payment Systems . . .

CyberCash / CyberCoin

CyberCash is a system which uses public-key cryptography to leverage credit cards onto the Internet, and CyberCoin is an extension of CyberCash to allow small-value transactions.

The consumer downloads the CyberCash digital wallet software, and enrols their credit card with the wallet, and with CyberCash; they may also open a CyberCoin account and move some money into it. The wallet registers itself as a helper application for Netscape or Internet Explorer.

When the consumer approves a transaction, an encrypted payment order is sent to the merchant, who adds some payment information, signs the order, and forwards it to the CyberCash gateway. The merchant never sees the consumer's credit card number.

Back to Digital Payment Systems . . .


The Secure Electronic Transaction protocol is being developed by MasterCard, Visa and various computer companies, in order to transmit payment information over the Internet. It can not be used to encrypt other messages, and so the U.S. State Department has deigned to grant export permission to some SET implementations. It is hoped that SET will eventually be built into many "commercial products". Merchants (and in Mastercard's implementation also consumers) must have digital certificates signed by their banks.

Functionally, SET works in a similar way to CyberCash, except that the acquiring bank can, at its option, inform the merchant of the card number when it sends. Thus SET does not necessarily improve the customer's security much, as compared with sending the card number in plain text.

Back to Digital Payment Systems . . .

Smart Cards

A smart card is like a credit card equipped with a CPU. It can store lots of information, can be password-protected, and can even run an RSA encryption engine.

Smart cards have been used for years in European telephones, Mondex uses a smart card, and Visa introduced their Visa Cash Card for the Atlanta Olympics.

Back to Digital Payment Systems . . .


Modex is not an Internet payment system, but it is quite widespread; it is a closed proprietary system involving smart cards which communicate using a secret protocol.

The consumer "refills" their card at a specially equipped ATM machine, and purchases can be made by inserting the card into a "Mondex wallet" or by using a proprietary telephone.

Mondex is used in a pilot project in Swindon, England, and campus-wide at the universities of Exeter and York. There have been trials in Hong Kong, Canada, and San Francisco. In November 1996, MasterCard International purchased 51 per cent of Mondex.

Back to Digital Payment Systems . . .

Telstra's SureLink

In the Australian context, Telstra's SureLink, has been operational since October. It is not a minimal system; it has a lot of added value, and is aimed only at Internet Commerce.

Telstra have bundled a link to the EFTPOS payment infrastructure, which is well established in Australia and has low cost per transaction, together with a shopping cart application, into a package which is very convenient for the merchant. There is built-in support for hardgoods, softgoods, and subscriptions to softgoods. Customers can be anywhere, but the merchant must bank in Australia.

The merchant has to run a web site in which they make "Digital Offers" which are URL's and look like

Unlock Professional features in Shareware version:
<a href=
<img src="Key.gif" border=0 width=38 height=34></a>

The bit in bold is crucial; it's a checksum which hashes the rest of the URL together with a secret key particular to that merchant. Digital Offers are binding offers, and the checksum is what prevents a customer from changing some details of the offer, such as the price, prior to accepting it. The secret key is changed every month by a Keymaster, who needs superuser access to the web server.

The Digital Offer URLs are generated by Open Market Secure Link Executive, a commercial package, which must run on the web server; for example as a Server-Side Include. The Server-Side Includes are put together for the merchant by a SureLink Business Partner.

Back to Digital Payment Systems . . .

Australian Business Access (now eSec)

Australian merchants wishing to run their own shopping cart scripts, or selling more expensive goods, might prefer ABA's Epayment, which uses strong encryption to keep the card number away from the merchant. The merchant is charged a connection fee of $2500, and thereafter pays just a flat charge of 90 cents per transaction. ABA (now eSec) connect directly to the Australian clearing house system. The customer needs a Java-capable browser, preferably Java 1.1. (now now longer)

Back to Digital Payment Systems . . .

What it Costs You

This uses SureLink as an example . . .

$ 100 for 3 yearsBusiness Name State Government
$ 100Setup FeeMerchant Acquirer
$ 20 per monthRunning FeeMerchant Acquirer
5 per cent ($4/month min)Transaction Fee Merchant Acquirer
3 per cent ($85/month min)Transaction Fee Telstra

There will always be places in every country where you can't run a business without having to pay some of your takings to some effective and established local organisation. The Internet in Australia is one of those places; I'm not sure how 8% of every transaction measures up, on a world scale . . .

There's a sense in which every country is such an organisation; their governments raise taxes and, in return, provide currencies, payment mechanisms, infrastrucure, services and so on; so having to pay someone a percentage of your takings in order to operate is not inherently unacceptable. But governments tax only a narrow range of transaction types, (such as salary payments from employer to employee), transactions for which they can force accurate reporting. Also, governments tax profits, not takings, and they provide more services for the money than banks do.

A machine with an 8% loss, in comparison with a machine with 0% loss, is, quite objectively, bad engineering.

Back to the Top . . .

Payment Systems Compared

TechnologyAuthenticationReachSpeed InefficiencyProvider
CashPersonal1 metreInstant 0 per cent !National Governments
ChequeSignatureNational/Global Several DaysBank FeesRetail Bank
Credit CardPersonalGlobalMinutes 4 per centMerchant Acquirer
ACH?U.S.A.Minutes 27 centsACH
Virtual PINPersonalGlobalMinutes 4 per centMerchant Acquirer, Telstra
DigiCashPrivate KeyGlobalMinutes ?Goverment or Bank
SureLinkPersonalGlobalMinutes 8 per centMerchant Acquirer, Telstra

Back to the Top . . .


In most contexts, the Internet offers particularly efficient mechanism. If you ftp a file of 3 Mb, you'll be dissapointed if even a single byte does not arrive. It's saddening that Internet Payment Systems are much less efficient, down to 92 per cent, than their low-tech conterparts.

There is no technical reason why a 100% efficient Internet Payment System could not be provided at the national level, and one day, some government, perhaps under pressure from its own merchants, may do this. It could take the form of a giro-like system with a publicly accessible IP interface, using PGP or ssh to sign instructions. This would benefit local population and businesses.

The Europe of the future, with its large single currency, and strong national giro tradition, would be well placed to introduce efficient payment mechanisms and develop a more vigorous internal Internet trade.

Depending on the system's policy on privacy, it could also offer government very complete reporting of of a much larger class of financial transactions, information which is currently given to private interests who use it for market research. Governments could use it to widen their choice of tax base, a choice which they could then use as a lever to put policy into effect by differential taxing, rather than just by forbidding things or making them compulsory.

Internet commerces from other currency zones would find it in their interests to open local subsiduaries, on local web servers, so as to gain efficient payment which they could then repatriate later at a time of their own choosing, in larger amounts with lower overheads.

Back to the Top . . .


At basis, purchasers are known to the Financial System by their signatures, on paper, and by being able to show certain documents that no-one else is supposed to have. This means you need a shopfront to witness the purchaser sign, and to view the documents. The banks provide this shopfront, and the purchaser can choose from various schemes that allow them to leverage their signature into some other more convenient authentication mechanism, such as swipe card and pin number.

Hypothetically, purchasers could permitted to identify themselves to the financial system by some electronic means, involving strong cryptography. In this case, purchasers, indeed residents in all situations, might just as well plug strait into the Clearing House mechanism, and be able to make payments to whom they wanted, with very low overheads, perhaps even as low as cash.

It's worth noting that having an efficient digital payment system would bring us back to the situation we have with cash, where you can lose all your life savings in a simple breaking and entry job. The intruders just have to persuade you to give them your PIN number or PGP pass phrase, and a lot of ugly scenes could be caused that way.

Banks would then revert to their core business, that of keeping money safe, and undertaking to give it back to you on corporal authentification, such as iris scan, DNA, fingerprint scan, or even the old signature on paper.

Back to the Top . . .

Currently . . .

At current prices, Internet Payment Systems do not offer a general-purpose method of transferring money. In many cases, including Telstra's SureLink, the recipient of the payment can only be a merchant, person-to-person payments are not supported; only Internet Commerce is supported.

Currently, Internet Commerce applies primarily to niche markets:

Back to the Top . . .


Back to the Top . . .