Electronic Transactions on the Internet are becoming common place. Books, software and even groceries can be bought and sold with the click of a button (and a credit card). The biggest problem with doing business over the Internet is the lack of common standards around security. There are dozens of different standards involving hundreds of different methods.
The Internet, by it's nature, is an open system which means that information can flow freely from one computer to the next. Information transmitted through the Internet can be intercepted and copied as any point along the path. For this reason it is not a good idea to send confidential information like credit card numbers through the Internet the same way you might send an email to a friend. In order to send confidential information you must be sure that your private information can not be intercepted along the way.
The most common method is Secure Sockets Layer (SSL). A transaction computer with an order form for the product that you wish to purchase creates a secure connection which ensures that all the information that you send to it is not accessible to anyone else. If information from a secure connection is intercepted it will be encrypted making it useless to persons with malicious intent.
Most small businesses will not find it economical to setup their own secure server and can purchase a service from a third party which offers a transaction service. These services vary but all require a setup fee and some form of payment for transactions performed on their secure server. This payment can involve a monthly fee, a transaction fee, a percentage of the transaction, a credit card company fee, a combination of these or all of these fees.
When considering hiring a transaction service a company should decide whether they want to setup their own merchant agreement with the credit card companies or pay the transaction service to use theirs. Some transaction companies retain at percentage of receipts for security deposit until a proven transaction record is established anywhere from 30 to 90 days. Some allow limited outside development of the forms used on the secure server and other insist that the forms be developed in-house.
Another model is the Secure Electronic Transaction (SET). This model requires that the customer download and install a wallet into which they enter their password protected credit card information. The SET system development was promoted by the major credit card companies to provide a safe and secure environment for online transactions.
The SET "wallet" model requires that the customer obtain a Digital Certificate from a Certified Authority (CA) which they then use to perform the transaction. The Certified Authority, usually the bank or financial institution that the customer deals with, verifies the validity of the Certificate to the merchant. The customer enters their personalized password to verify that they have the authority to use the Certificate and the transaction is made. This model allows customers use their credit cards to purchase items from merchants without transmitting their actual credit card details to the merchant.
The merchant uses their merchant agreement with the credit card company to complete transactions, process refunds and verify the validity of the customers credit card information.
Though still in its infancy, many billing companies have begun Internet transaction projects using the SET model to allow their customers to pay their bills, check their account status and much more. Online businesses use other forms transaction tracking to pay companies that display their advertising on their web sites.