ITU Home Page International Telecommunication Union Français  Español 
Print Version 
ITU Home Page
About

Activities

ITU's Role

Partners

Contacts

News

Events

Links
Home : ITU-D : EC-DC
Electronic Commerce For Developing Countries (EC-DC)

ITU-Chile EC-DC Pilot Project

Alexander NTOKO, Project Coordinator, ITU Electronic Commerce

Below is a preliminary list of issues necessary for preparing the implementation is an EC-DC pilot in Chile. This document deals mostly with the requirements of the payment system.

Objectives:

Implementation of an Electronic Commerce Payment System (EC-DC Center) in Chile run and operated by an entity created (or existing). The term Commerce Service Provider (CSP) and EC-DC center are used interchangeably in this document to mean an entity that provides electronic commerce services to merchants. This includes (but is not limited to) provision of secure online credit card payment systems, mall services, merchant profile administration and store profile administration. The pilot would focus on the sales of tourism services and locally produced artifacts. To ensure sustainability, the EC-DC center would be scaleable to accept other merchants.

Merchants and Types of goods/services:

Identify possible businesses and types of goods and services that will be sold via this pilot. It is also necessary to identify the potential consumer base (location and type of consumer) and the estimated cost of the goods or services. Due to the floor limits of credit cards and the cost of shipping and handling individual goods, product selection will play an important role on the business model used.

Action 1:

Select merchants and goods for the pilot. Tourism and locally produced artifacts would be good for a start. Between 2-5 merchants representing the selected category of goods and services will be needed for a start.

  • Card Brands: Identify the card brands that will be accepted for credit card processing. Most popular card is VISA (with more than 630 million cards accepted in 247 countries and territories). Other very popular brands are Eurocard/MasterCard and American Express. For maximum coverage, VISA, EuroCard/MasterCard and American Express need to be supported. Diners could also be supported but their service is not excellent.

Action 2:

VISA, Mastercard and AMEX should be supported to cover a wider consumer based. If only one card is to be supported at the initial stage, it should be Visa.

  • Acquiring Institutions: Identify card acquiring institutions that support the selected card brands. Determine if the candidate acquiring institutions provide MOTO contracts to merchants and how payment requests from merchants are submitted. Provision of MOTO contracts does not mean that the acquiring institutions accept electronic submission of payment authorization and clearing. For a successful implementation of an EC-DC center in Chile, the acquiring institutions need to accept card authorization and card debit submissions via electronic methods using public or private networks directly from the CSP hosts also connected to this network. This network connection and the associated software and protocol(s) will form the CSP-Acquirer Link.

Action 3:

Select an acquiring institution. The selected institution must be able to provide MOTO contracts for at least Visa brand to merchants in the pilot.

  • Supported Currencies: Decide on currencies that will be supported for payments by clients. The currency is bound to the MOTO contract established between the Merchant and the Acquirer. The Acquirers usually establish contracts that are bound to the local currency in the region where they operate. The international clearinghouses take care of the currency conversion and the funds will be deposited to the local bank account in Moroccan Dirham.

Action 4:

It is recommended that the currency used on the online Web catalogue be US Dollars since the target consumer-base will be outside Chile.

  • Protocol Supported: For an acquiring institution that provides MOTO contracts and supports online payment submission from the CSP, identity the network or communication protocol used for exchanging payment data with the CSP. The network or communication protocol is a vital component used for establishing the CSP-Acquirer Link. Commonly used protocols (including security) are:

    • SSL: MD5 (128-bit), RC4 (128 bit), 3DES (168-bit), SHA (160-bit), 1024-bit RSA for key distribution. Security based on mutual authentication, encryption, and data integrity
    • IPSEC: MD5 (128-bit), DES-CBC (Cipher Chaining Block) – IETF protocol for IP level security. Might replace SSL for Channel Level security with IPv6 deployment.
    • ISDN: Security based on dedicated connection, caller ID and mutual authentication and CSP/merchant authorization.
    • X.25: Normally no encryption. Mutual authentication and merchant authorization.
    • Frame Relay: Could be used to encapsulate X.25 packets for implementation of X.25 solutions. Widely used in Latin American and US networks in place of X.25.
    • X.400: Symmetric Stream encryption (IDEA) with static key stored on merchant host. Used by EuroPay, Switzerland (for EuroCard/Mastercard transactions) and requires the installation of an X.400 gateway.
    • PSTN: Authentication based on circuit-switched (dedicated) connection, caller ID and mutual authentication and merchant authorization.

Action5:

Identify the network protocol used to connect the CSP host to that of the acquiring institutions. The protocol identified here should be for the acquirer selected in Action 3 and for the card brands selected in Action 2.

  • Payment and Gateway Software: Authorization and payment instructions from the CSPs must conform to the payment protocol and software used by the acquiring institutions. This is the protocol and software used in the CSP-Acquirer Link. Only applications that support multi-merchant capability will be considered for an EC-DC center. Commonly used software applications for establishing the CSP-Acquirer link are:

ICVerify’s NetVERIFY – Multi-merchant capability, supports dialup and leased lines with planned support for SSL and SET. Can be integrated with many leading storefront packages (Microsoft Site Server, Enterprise Edition, Oracle Internet Payment Server, Mercantec SoftCart, Internshop Online and Intershop Mall and Allaire Cold Fusion). Runs on Windows95/NT.

OpenMarket’s Transact 4 - Comprehensive solution for electronic commerce including merchant FrontOffice and BackOffice applications. Uses Internet with Strong SSL and runs on Unix. In the US, it connects to gateways (CyberCash) and has also been used with an ISO8583 interface designed to connect to non-US acquirers.

CyberCash’s CashRegister3 - Uses Internet with Strong SSL and supports SET-enabled merchants. Runs on most UNIX flavors and acts as gateway between Merchants and US Acquiring institutions. Supports credit card, electronic checks and cybercoins. Announced relationship with Microsoft for providing complete Electronic Commerce hosting solutions.

Vitress CCH32 - Uses X.25 network with support for up to 256 simultaneous transactions. Also works on ISDN and encrypted X.400 for Eurocard transactions. Runs on NT workstation/server. Directly connects to Swiss, German and Austrian Acquirers.

Determine if the selected application/protocol supports single or multiple currency and if a single application can support several merchants with automated crediting of various merchant bank accounts. Merchants participating in the pilot will sign MOTO contracts with the selected acquiring institution. The merchant profile (including bank account No. MOTO contract number, card brands and other relevant data) will be stored on the CSP software that will provide services to those merchants.

Action 6:

An ISO8583-based multi-merchant capable Commerce Service Provider (CSP) software for the CSP-acquirer link should be identified. The selected acquiring bank(s) and the CSP will use the protocol supported by this software for communication. It is recommended that the banking protocol for accepting and processing payment be standardized nationwide. Due to the advanced stage of e-commerce activities in Chile, it might be easier to talk to a big acquiring institution that already provides this service.

The items below will be discussed in detail prior to the implementation phase.

  • Commerce Service Provider: Creation of an entity or cooperative to run and operate the EC-DC center. This entity will provide credit card payment services to the merchants participating in the pilot.
  • Security Policy: Establishment of application and system security policies and procedures for credit card data after receipt at merchant site. Evaluate the implementation of secure connection between communicating systems in the payment infrastructure. For cooperating sites in an Extranet, identify protocols and applications for establishing Virtual Private Networks or PKI for secure communication. If payment infrastructure is located in an Intranet, evaluate solutions for firewalls or VPN. Establish data security policies and procedures (such as encrypting credit card data after processing) and establishing strong authentication and authorization for accessing sensitive data.
  • Data Privacy Issues: Establish a privacy policy for how client data is treated. Who has access to it and the types of client data is requested and stored. This could be communicated to merchants to enable the establishment of common format (data types and values) for requesting client data.

 

Top - Feedback - Contact Us - Copyright © ITU 2002 All Rights Reserved
Contact for this page : E-Strategy Unit
Updated : 2001-08-09