Over the last couple of years, with the World Wide Web booming leaps and bounds beyond accountability, our lives have kind of been molded by it. From what used to be a happy stroll for window shopping in the nearest mall/shopping center over the weekends, has become a regular affair on a 15’’ screen. At times I really feel that world is not that big a place after all, and if I can shop for anything just sitting at home why shouldn’t I be a couch potato!! Jokes apart, this blog entry is dedicated to all the online shoppers to provide them an education on how the magic plastic card pays our expenses in a matter of split seconds.
Know Your Card:
It is very important that we be aware of the type of Credit Card is the bank offering us. Essentially, there are mainly three types of Credit Cards that are issued by banks all across the globe namely: Master Card, VISA and MAESTRO, of this MAESTRO cards are generally not accepted by most online shopping programs. So be cautious while getting that glittery card from your bank. Next, a Credit Card, be it issued by any place in the world, will always have a unique 16 – digit number. This is you’re a/c number as registered in your bank. And third and most important aspect which acts as an identifier to a card is the ‘CVV’ number, which is a 3 – digit number present just below the magnetic strip of the card. With these facts cleared let’s begin with the explanation of how exactly your plastic plays your bills online.
The Life Cycle:
The other day my father asked me this question “How exactly does a website consider a successful payment from our Credit Card?” A very good question and this is how I explained it.
Once we choose our product of purchase (say on eBay.com) we proceed to the payment screen where under the section called as Credit Card, we are required to fill in a few details, namely Full Name (As given on card), Card Expiry Date, Registered Telephone Number and Registered Email address (all information are related to the Credit card). Now this is where the fun begins. In an online shopping scenario ebay.com is considered to be the ‘Merchant’, who, after recording your Credit Card details, sends two sets of queries to verify the validity of the card. The first set of query goes to your card’s issuer i.e. your bank, and the second set of query goes to your card type owner, i.e. either Master Card or VISA, depending on what type of card you posses. Since the details that you filled earlier classify as your personal information, the Merchant does not keep a copy of your details and instead passes it on to a third party, who is a verified partner of both Merchant and your Bank. These third parties are called ‘Aggregators’.
The Aggregator’s work is a fairly simple one. It basically relays the replies from one end to the other, thus keeping a complete transaction history which can be passed on to law authorities (Federal Bank, Reserve Banks etc) for reference and economic calculations. As I mentioned earlier, the two sets of queries that were sent by the Merchant return with replies about the validity of the card to the Aggregator. If found valid by both parties, i.e. your Bank and your MasterCard/VISA, the next phase of the transaction gets initiated. This is when we see the page getting redirected to our bank’s payment page with a warning message on the browser that “Do not refresh the page or press the Backspace button”. This is done because if the page is refreshed, or any key is pressed the authenticated message with the Aggregator gets lost and the transaction fails automatically.
Once on our bank’s page, we find that our card number is present (first four numbers –XXXX-XXXX- last four numbers), our name, and the amount we are to be billed for, with additional information required as the CVV number, expiry date on the card and finally the password that we setup for our online transaction. Do note that this information that we fill on the bank’s page is NOT captured by the Aggregator. It’s the sole property of the bank. If the information entered by you is correct the bank goes ahead and shows you a flash message that the transaction is successful.
Post this we are redirected back to our Merchant page i.e., Ebay.com, which then shows us a confirmation that the product we paid for is now a prized possession of ours. Note: During the redirect the message “Do not refresh the page or press the Backspace button” is displayed again. This is shown as the Aggregator again records the transaction history of the payment made and any untoward input from our end can still cause the transaction to fail. So ideally, wait till you receive an acknowledgement from the Merchant website saying that the purchase is confirmed.
Finally, the Aggregator records all data of the purchase and individually sends a copy of it to the Merchant, Master Card/ VISA, and your bank. The data for the Merchant contains your account details as setup on ebay.com, and the bank from where the payment was received. The type of purchase and any loyalty points etc are sent to Master Card/VISA. And unfortunately, your Bank gets the data which allows it to prepare the bill to be sent to you.
Hope this has been fairly informative and enlightening on how the magic plastic card helps us pay our bills online. The Part – II of this blog will deal with the security threats that you should be cautious about while performing an online transaction via your Credit Card.