Chapter10 Electronic Payment Systems 10.1 Traditional Electronic Payment Systems for Electronic Commerce In electronic commerce, the challenges of payment transactions were initially underestimated. Business via the internet and mobile telephony has so far been dominated by the methods of payment customary in traditional business. However, in light of technological progress and stricter legislation, traditional business models are coming up against their limits more and more often. Secure, user-friendly and low-priced innovative payment solutions are urgently required to boost internationally oriented e-commerce. Value-creating market players – from payment system providers, service providers, network operators and producers of terminals to financial institutions – pin great hopes on the rapid progress with new payment systems. Security is a key criterion for electronic payment systems. Critical issues are authorisation, authentication, privacy, integrity, theft and the corruption of data. Unauthorised access by third parties, misuse and manipulation must be ruled out. It has to be ensured that information on the volume, execution date and purpose of a transaction is consistent. Sellers are reluctant to invest in the infrastructure of payment systems which are so far used by only a small number of buyers. Only a few buyers choose solutions used by just a small number of sellers. Only a system which far exceeds the critical mass and spreads rapidly in the short run has a chance of succeeding in the market in the long term. On a short-term horizon, micro-payments offer good opportunities for innovative payment schemes. Mobile payment systems can be regarded as the most promising solutions; starting virtually from scratch, their market share will probably rise to 5% in Western Europe in the next five years. In view of the expansion of already established applications, however, the new schemes will decline in importance over the long term. Fewer than three of the currently over 100 innovative systems will be able to survive. Electronic payment systems are becoming more attractive for large financial institutions. The systems already used in traditional offline business and which have been adapted to meet the new demands of e-business (credit cards and, especially in Germany debit cards, and smart cards) have very good prospects of convincing online customers. In the medium term mobile phone-based payment systems will be an even more valuable channel for e-business than internet-based systems. Nevertheless, the innovative systems will be pushed aside by expanded traditional solutions in the longer term. 10.1.1 Cash E-cash: the digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items Micropayments: small payments, usually under $10 Wireless payments: Vodafone “m-pay bill” system that enables wireless subscribers to use their mobile phones to make micropayments Qpass (qpass.com): Charges to qpass account, are charged to a specified credit card on a monthly basis 10.1.2 Note Items in some categories (e.g., Tickets) might lose their value if they are not sold by a particular date. For time-sensitive (or perishable) items, eBay gives sellers the ability to specify that if the buyer pays the Buy It Now price or Fixed Price for the item, the payment must be made immediately through PayPal. Normally, eBay ends an item and creates a transaction when a buyer agrees to purchase the item. If the seller chooses to require immediate payment, eBay ends the item (or decrements the quantity in a multi-item listing) and creates a transaction after the payment has been processed. When testing this feature in the Sandbox, do not complete testing of PayPal payments. The Sandbox is not integrated with any PayPal test environment and therefore does not support end-to-end testing for PayPal payment processing. "Test" payments you make via PayPal in the Sandbox may go to the production PayPal site, which may result in real payments being made. A seller can choose to require immediate payment for Fixed Price and Buy It Now items, including eBay Stores Inventory items, in categories that support immediate payment. (If an item is listed in two categories, both categories must support immediate payment.) If a Buy It Now item ends as an auction, the immediate payment requirement does not apply. 10.1.3Credit Card Look out for credit card companies spreading holiday cheer. Their ''gifts" of higher credit limits and deferred payments look good, but only for the short term. A five-minute phone call to your credit card issuer could save you hundreds, even thousands, of dollars in interest charges. "There's no incentive for them to lower your rate unless you call. The squeaky wheel gets the oil," says Brad Dakake, a consumer advocate with Massachusetts Public Interest Research Group. Not convinced that a credit card company will give you a lower interest rate just because you call and ask nicely? Check out the results of a national survey conducted by the U.S. Public Interest Research Group in March 2002. Fifty consumers of all credit backgrounds called credit card issuers and asked for lower rates. More than half, 56 percent, scored lower rates. How low did the rates go? The 28 consumers who landed lower rates saw the APRs on their cards drop from an average of 16 percent to 10.47 percent. Slicing interest rates by more than one-third by making a quick phone call is pretty impressive. A handful of consumers did exceptionally well. One cardholder from Colorado saw his 14.99 percent rate reduced to zero for six months. That's quite a deal. Another cardholder from New Mexico saw the APR on her credit card drop from 31.12 percent to 14.65 percent. Until she called, she had no idea she'd been paying a penalty interest rate. "She didn't realize that for six months she was paying this outrageous 31 percent interest rate," says Dakake, the principal author of the rate reduction survey and study. 10.2 Electronic Check systems 10.2.1 Define and Characterics of Electriconic Payment The e-check system is basically an electronic implementation of the paper check system. Leverage check payment systems Fit within current business practices, eliminate need for process reengineering Work like paper check with fewer manual steps Designed to meet needs of businesses and consumers (state of the art security systems) Used by all bank customers with checking accounts Enhance existing bank accounts with new EC features Benefits of e-checking for industry-wide savings Online check collection process Online notices of check returns Truncating paper checks at bank of first deposit Creating new cash management product opportunitie. 10.2.2 Tools of Electronic Payment 1. Payment Cards 1)Payment cards electronic cards that contain information that can be used for payment purposes. There are three common types of payment cards: Credit cards: provides holder with credit to make purchases up to a limit fixed by the card issuer. Charge cards: balance on a charge card is supposed to be paid in full upon receipt of monthly statement. Debit card: cost of a purchase drawn directly from holder’s checking account (demand-deposit account). 2)The Players in the credit card system The cardholder: a consumer or a corporate purchaser who uses credit cards to pay merchants. The merchant: the entity that accepts credit cards and offers goods or services in exchange for payments. The cared issuer: a financial institution (usually a bank) that establishes accounts for cardholders and issues credit cards. The acquirer: a financial institution (usually a bank) that establishes an account for merchants and acquires the vouchers of authorized sales slips. The card brand: bank card associations of issuers and acquirers (like Visa and MasterCard), which are created to protect and advertise the card brand, establish and enforce rules for use and acceptance of their bank cards, and provide networks to connect the involved financial institutions. The brand authorizes the credit-based transaction and guarantees the payment to merchants. Sometimes, the issuing bank performs the business of the brand. 3)The process of using credit cards  Figure 10-1 The process of using credit cards Credit card gateway: an online connection that ties a merchant’s systems to the back-end processing systems of the credit card issuer. Virtual credit card: an e-payment system in which a credit card issuer gives a special transaction number that can be used online in place of regular credit card numbers. Electronic wallets (e-wallets): a software component in which a user stores credit card numbers and other personal information; when shopping online; the user simply clicks the e-wallet to automatically fill in information needed to make a purchase. 4)Security risks with credit cards Stolen cards. Reneging by the customer—authorizes a payment and later denies it. Theft of card details stored on merchant’s computer—isolate computer storing information so it cannot be accessed directly from the Web. 2. Purchasing Cards Purchasing cards: special-purpose payment cards issued to a company’s employees to be used solely for purchasing nonstrategic materials and services up to a preset dollar limit. 1)Benefits of using purchasing cards Productivity gains. Bill consolidation. Payment reconciliation. Preferred pricing. Management reports. Control. 2)Participants & Process of Using a Purchasing Card  Figure 10-2 The participants and the process of using a purchasing card 3.Smart Cards Smart card: an electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card.  Figure 10-3 Smart card 4.Securing smart cards Theoretically, it is possible to “hack” into a smart card Most cards can now store the information in encrypted form Same cards can also encrypt and decrypt data that is downloaded or read from the card Cost to the attacker of doing so far exceeds the benefits Important applications of smart cards use: Loyalty Financial Information technology Health and social welfare Transportation Identification 5.Stored-Value Cards Stores cash downloaded from bank or credit card account Visa cash—a stored-value card designed to handle small purchases or micropayments; sponsored by Visa. Mondex—a stored-value card designed to handle small purchases or micropayments; sponsored by Mondex, a subsidiary of MasterCard. 10.2.3 E-Check Mode  Figure 10-4 E-Check Mode 10.3. International Security Schemes in Electronic Payment Systems 10.3.1 Secure Sockets Layer (SSL) Protocol Digital certificates encrypt data using Secure Sockets Layer (SSL) technology, the industry-standard method for protecting web communications developed by Netscape Communications Corporation. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. Because SSL is built into all major browsers and web servers, simply installing a digital certificate turns on their SSL capabilities. SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Most browsers support 40-bit SSL sessions, and the latest browsers, including Netscape Communicator 4.0, enable users to encrypt transactions in 128-bit sessions - trillions of times stronger than 40-bit sessions. Global companies that require international transactions over the web can use global server certificates program to offer strong encryption to their customers. Security Center by VeriSign gives you access to a wealth of security resources, products, technologies, and news. Visit often for the latest information – because when it comes to protecting yourself on the Web, you can't be too careful. 10.3.2 Secure Electronic Transaction (SET) Protocol SSL makes it possible to encrypt credit card numbers that are sent from a consumer’s browser to a merchant’s Web site. However, there is more to making a purchase on the Web than simply passing a credit card number to a merchant. The number must be checked for validity, the consumer’s bank must authorize the cared, and the purchase must be processed. SSL is not designed to handle any of the steps beyond the transmission of the card number. A cryptographic protocol that is designed to handle the complete transaction is the secure electronic transaction (SET) protocol. Visa and MasterCard were instrumental in developing SET. Today, they manage the specifications for SET through a joint venture----SET Secure Electronic Transaction LLC (setco.org). In a SET transaction there are three entities: the customer, the merchant, and the payment processing company. SET utilizes SET digital certificates for each of these entities to ensure mutual authentication. When a customer is ready to make a purchase, he or she uses an electronic wallet. An e-wallet is a helper application used to store information about the customer’s credit cards and the SET digital certificates for each of the cards. The e-wallet sends both the order information and the payment. The former is encrypted with the merchant’s public key and the latter with payment processing company’s public key. In this way, the payment processing company can’t see the order information and the merchant can’t see the payment information. In addition to securing orders and payments, SET also supports the following features (Stein 1998): Cardholder registration. Merchant registration. Purchase requests. Payment authorizations. Payment capture. Chargebacks. Credits Credit reversal. Debit card transactions. SET has received a lukewarm reception in the United States and , so for, has not attracted a large number of merchants and consumers. According to Art Kranzley, senior vice president of electronic commerce at Master Card, 80% of SET activities are in Asian and European nations. Part of the problem with the acceptance of SET is that apparently it is not as easy to implement nor as inexpensive as most banks and merchants had expected. The typical reaction of many banks to SET is that of the British bank Barclays, whose information technology director, Alex Stevenson, says that SET is “rather clumsy, not tried and tested, and we simply don’t need it.” The future might prove brighter for SET, though. After a few years of testing and trials, SET’s supporters believe it is ready for widespread deployment. Whether it achieves its goal will be determined in the next few years. As the volume of EC becomes larger, the role of secure and economical online payments on the Internet will, accordingly, become more important. At the moment, the credit card payment for B2C trades with SSL protocol is the most widely adopted. However, SET protocol tailored to credit card payment may become one of the next-generation standards. For micropayment, smart-card-based e-cash will become more popular and will be recharged through the Internet from the cyberbanks, which will revitalize the benefit of cyberbanks. As B2B occupies the major portion of EC, more economical payment methods like Internet-based funds transfer equipped with the benefit of check systems will become the major medium for large-amount payments. The credit card fee seems too high to transfer large amounts among credible corporations. This prospective trend should envision opportunities to payment businesses and corporate finance managers. ?10.4 Internet Banking 10.4.1 Characteristic and Main Business of Internet Banking Technology is changing the business of banking. The Internet has opened up new strategies and processes across the value chain of banking, including service delivery, customer relationship management, payment and settlement, and risk management. These innovations can significantly benefit banks and consumers by improving efficiency, and enhancing competition, price transparency, and convenience to customers. Two broad business models have emerged in Internet banking: first, Internet banking within existing banks, either as an additional channel for its traditional core services or in the form of a specialised division; second, standalone entities, such as Internet-only Banks (IOBs), owned either by existing banks or by new players entering the banking industry. MAS has completed the review of its current framework for licensing, and for prudential regulation and supervision of banks, to ensure its relevance in the light of developments in Internet banking. MAS' existing policy already allows all banks licensed in Singapore to use the Internet to provide their banking services. Going forward, MAS will maintain a broad and flexible prudential framework to allow for continued innovation in technology and new business models, as well as the licensing of new players. The risk considerations inherent in Internet banking are not new or fundamentally different from those posed in other forms of banking. MAS will therefore subject Internet banking, including IOBs, to the same prudential standards as traditional banking. MAS' admission criteria for new licence applicants, and its regulatory and supervisory approach, will apply across the board. MAS is prepared to grant new licences to Singapore-incorporated banking groups to set up banking subsidiaries if they wish to pursue new business models outside their existing banking entities. This will give banks the flexibility to decide whether to engage in activities such as Internet banking through a subsidiary, or within the bank (in which case no additional licence being required). MAS is also prepared to admit branches of foreign-incorporated IOBs, within the existing framework of admission of foreign banks. The details of these licensing changes are set out in Section 2. The current framework for prudential regulation and supervision already provides flexibility for innovation in new business models. We do not require a new framework to facilitate innovations in Internet banking or to mitigate its risks. However, as certain types of risk will be accentuated in Internet banking, banks will have to emphasise different aspects of risk management, and the focus of MAS supervision will match this. ?10.4.2 Reason of Internet Banking Emerge MAS' current admission framework for branches of foreign banks allows admission of new or non-traditional players. Such banks may be owned either by existing banks or by non-bank players who have ventured into the banking business. New or non-traditional foreign banks will have to meet the same entry requirements as traditional banks as set out in paragraph 2.1. New banking players who lack a long-enough track record will still be considered, provided they have strong compensating factors in respect of the other criteria set out. However, in all cases MAS will require new players to be incorporated in jurisdictions with a strong regulatory environment, and to have a home supervisor able and willing to co-operate in MAS' supervision of the bank. MAS will continue to issue offshore banking licences to foreign banks which meet its admission standards. New players applying for full or restricted banking licences will have to compete with other foreign banks for licences awarded under the MAS' liberalisation programme for the domestic banking sector. The types of risk inherent in Internet banking, whether offered within existing banks or in standalone entities such as IOBs, do not fundamentally differ from those in traditional banking. However, some of these risks will be accentuated in Internet banking, and will require greater attention by the banks and by MAS when it supervises them. Given that there may be different models of Internet banking in play, a risk-focused supervisory approach to individual banks is more suitable than "one-size-fits-all" regulation. It is the responsibility of bank management to have in place, on an ongoing basis, clear strategies and processes to manage the risks of Internet banking operations. MAS will require public disclosure of such undertakings, as part of its requirement for all banks to enhance disclosure of their risk management systems. Methods and tools of risk management and supervision will continue to evolve, in step with innovation in technologies and business strategies. MAS will maintain a continuing dialogue with banks on best practices in risk management systems and processes. MAS will soon issue a consultative document on Internet banking security and technology risk management. MAS will also work with other major regulators to develop supervisory perspectives on emerging risk issues, and co-operate with them to ensure effective cross-border supervision of banks. 10.4.3 Payment Gateway One of the most important e-commerce decisions you'll make is your choice of a payment gateway, the bridge or gateway between your e-commerce website and your bank's credit card processor. A number of factors go into the decision, and you can't afford to make the wrong choice. In this e-book I'll share my conclusions after 60+ hours of research, feedback from my world-wide network of readers about their experiences -- both good and bad -- with the payment gateways they've tried, and sound recommendations to guide your decisions. If you just don't know where to start with a merchant account and payment gateway -- know if your really need either -- you need to read this Merchant's Guide. It includes information on 90 payment gateways -- such as VeriSign, Authorize.net, and WorldPay -- from 27 countries, with candid user comments from 72 readers in 15 countries. The report also includes a chapter entitled, "At What Point Is a Merchant ?10.4.4Supervision for Internet Banking Bank managements must pay special attention to the security, technology-related, liquidity and operational risks which may be accentuated in their Internet banking operations. With regard to security and technology-related risks, banks should: implement appropriate workflow, authentication, and process and control procedures surrounding physical and system access: develop, test, implement and maintain disaster recovery and business contingency plans;? appoint an independent third-party specialist to assess its security and operations; and? communicate clearly to customers their policies with regard to the rights and responsibilities of the bank and customer on all matters to do with online transactions, in particular issues arising from breaches and errors in security, systems and related procedures. International experience suggests that Internet banking customers tend to be more price sensitive, and hence more likely to move their deposits from one bank to another. This tendency is reinforced by the convenience of conducting Internet transactions. Technology failures that disrupt or impair services may also trigger abnormal transactions by customers. This potential for more volatile transactions could increase liquidity risk. Banks, especially IOBs, should therefore establish robust liquidity contingency plans, and appropriate asset-liability management systems. Banks may also face greater operational risk if they extensively outsource processing operations in Internet banking. Banks should carefully manage such outsourcing of operations. They should maintain comprehensive audit trails of all such operations, and provide MAS with unrestricted access to such information, as in traditional banking. IOBs, in addition, may face higher business risk arising from their new business models. To manage business risk, IOBs must maintain and continually update a detailed system of performance measurement. Efforts to build market share through pricing strategies and advertising must be tested against robust market assumptions. Unlike other Internet ventures, banks can ill-afford to incur losses for long start-up periods. 10.4.5 Construction and Development of Internet Banking As in traditional banking, arisk-focused supervisory approach, tailored to individual banks' circumstances and strategies, will be more appropriate than "one-size-fits-all" regulation. Depending on the overall risk profile of the individual bank, MAS may in specific cases require the bank to take additional prudential measures to mitigate these risks. The key risk management issues to be addressed through MAS supervision are dealt with in Section 3. MAS will continue to stay abreast of developments in the financial industry and continue its dialogue with market participants so as to keep its licensing, regulatory and supervisory approaches effective and up-to-date. We will maintain a sound but flexible prudential framework, which seeks to preserve public confidence in the financial system, and encourage banks to uphold high standards of risk management. It will also seek to enable institutions to take full advantage of new technologies to innovate, compete and improve efficiency. Banks are responsible for assessing and managing the risks associated with their operations, including the adoption of new technologies and business models. Financial institutions should inform consumers of both the benefits and risks of the financial products and services they offer. MAS encourages financial institutions and industry associations such as the Association of Banks in Singapore (ABS) to play a proactive role in educating consumers on these benefits and risks. MAS is also requiring financial institutions to disclose more information about themselves, so that the market and consumers can assess them more easily and accurately. Internet banking has the potential to improve services for the public. However, consumers must still not neglect to assess for themselves the institution that they bank with, and the services they use, whether over the Internet or in traditional banking. 10.5 Problems of Electronic Payment Systems 10.5.1Security Problems There are four essential security requirements for safe electronic payments: The key security schemes adopAuthentication: a method to verify the buyer’s identity before payment is authorized. Encryption: a process of making messages indecipherable except by those who have an authorized decryption key. Integrity: ensuring that information will not be accidentally or maliciously altered or destroyed during transmission. Nonrepudiation: protection against customers’ denial of orders placed and against merchants’ denited for electronic payment systems are encryption, digital signature, message digest, and use of certificates and certifying authorities. There are two types of encryption: private key and public key encryption. 1. Private Key Cryptography  Figure 10-5 Private Key Cryptography 2. Public Key Cryptography Also known as asymmetric encryption, uses two different keys: a public key and a private key. The public key is known to all authorized users, but private key is known only to one person----its owner. The private key is generated at the owner’s computer and is not sent to anyone. To send a message safely using public key cryptography, the sender encrypts the message with the receiver’s public key. This requires that receiver’s public key be delivered in advance. The message encrypted in this manner can only be decrypted with the receiver’s private key. 3. Digital Signature Digital signature is used for the authentication of senders by applying public key cryptography in reverse. To make a digital signature, a sender encrypts a message with her private key. In this case, any receivers with her public key can read it, but the receiver can be sure that the sender is really the author of the message. A digital signature is usually attached to the sent message, just like the handwritten signature.  Figure 10-6 Digital Signature 4. Message Digest To make a digital signature, the base message needs to be normalized to a predetermined length of 160 bits, regardless of the length of the original message. This normalization process can be achieved by hashing the original message. This hashed message is called a message digest. 5. Certificates A certificate usually implies an identifying certificate that is issued by a trusted third-party certificate authority (CA). A certificate includes records such as a serial number, name of owner, owner’s public keys (one for secret key exchange as receiver and one for digital signature as sender) an algorithm that uses these key, certificate type (cardholder, merchant, or payment gateway), name of CA, and CA’s digital signature.  Figure 10-7 Certificates 7. Certificate Authority A certificate authority is a body, either public or private, that seeks to fill the need for trusted third-party services in EC. A CA accomplishes this by issuing digital certificates that attest to certain facts about the subject of the certificate. 8. Digital Envelope Digital enveloping is the process of encrypting a secret key with the receiver’s public key. 10.5.2 Integrity Problem of Payment Recall that a billing approach to the financial settlement of economic transactions creates the problem of late payment (Section 3.1), mainly because of the attitude of companies (‘supplier credit is easy and cheap…’), but also because of administrative errors and disputes over the bill. The central problem is that billing moves the initiative for payment initiation to the payer instead of the biller. The payer waits till he finds it convenient to pay. The payer makes mistakes in the payment information that is attached to the payment order, or the payer waits with payment until the dispute has been settled. Thus late payment may be reduced by using a payment instrument for bill payment that leaves the initiative with the biller: direct debit. Changing from acceptgiro to using direct debit also creates a cost reduction for large volume, recurring billers. In fact, printing acceptgiros is subject to precise conditions (set and verified by Interpay and Postbank) in order to establish efficient automated processing. Specialist knowledge and high quality equipment is needed. Therefore it is more costly than normal printing. When using direct debit a statement is still sent. Therefore it is then only a small step to perform electronic presentment of this statement. The number of administrative errors can also be reduced by means of direct debit. Currently banks are also looking at the possibility of using digital signatures for signing electronic mandates for direct debit (cf. [HiSt01]), on-line. In that way direct debit becomes more convenient for on-line payment of bills as well. 10.5.3 Currency Exchange Problem of Multinational Transaction The following are examples of the way various corporations have dealt with foreign currency transaction risk. They are gleaned from the works of Gregory Millman who interviewed the executives in the companies and put the information together with information from published studies to give those of us interested in finance and economics an inside look at risk strategies and some empirical facts to compare with theory. Currency or transactions risk, the economic consequences of the fluctuation of exchange rates, strongly affects many businesses in a variety of ways. In the early 1980's the tight monetary policy of the Fed resulted in high real interest rates in the U.S. compared to other countries. This in turn resulted in a high value of the dollar compared to other currencies. As a consequence of the high value of the dollar in the early 1980's, Caterpillar, historically a world leader in construction equipment, found itself at a distinct disadvantage in competition with Komatsu, a Japanese manufacturer of hydraulic excavators. Later in the 1980's U.S. monetary policy eased after the decline in inflation and U.S. interest rates fell. The value of the dollar also fell as foreign investors were no longer so interested in trading their currencies for dollars to invest in U.S. financial markets. In 1986 Caterpillar had a $100 million profit on foreign exchange that turned its $24 million operating loss into a $76 million profit for the year. As a result of its experiences Caterpillar established a special company group to manage currency risk. Other companies did not fare so well. FMC in 1988 had 88 facilities in 15 different countries and derived one third of its $3.3 billion sales revenue in international markets. Its Irish subsidiary produced an ingredient for aspirin tablets that it sold to European aspirin manufacturers. A strengthing dollar would make it difficult to maintain its market share. FMC used forward contracts and currency options to hedge against a strengthening dollar and used the profits to enable the Irish subsidiary to cut prices and maintain its competititve position even in face of an strengthening dollar. FMC's hedging extended out three years and this made the forward contracts a risky strategy, particularly since it anticipated sales revenue that might not materialize. FMC's strategy was an example of a financial hedge. There are also operating adjustments and natural hedges. For example, if the dollar weakens then Japanese car companies may supply more of their American market sales from U.S. sources, either manufacturing cars in the U.S. or buying components from dollar sources (or from sources such as Korea or Taiwan whose currencies are tied to the dollar). If the dollar strengthens compared to the yen then their U.S. sales will be more heavily supplied from Japanese sources. This strategy is basically a matter of matching the currency of costs with the currency of revenues. There are various considerations in quantifing the foreign exchange risks of a company. One approach is to tabulate the costs and revenues versus currencies. This assumes that prices in the countries of the origins of transactions will remain fixed in the face of foreign exchange shifts. In other words, this ignores the adjustments that might occur as a result of the new currency values. The adjustments described above are legitimate actions on the part of multinational businesses. There are other adjustments of questionable validity. For example, a study by Richard Marston of the Wharton School of Business of the University of Pennsylvania concluded that "Japanese firms vary their export prices relative to their domestic prices in response to changes in real exchange rates." As Millman puts it, "when the yen becomes strong (expensive), Japanese manufacturers raise their domestic prices while keeping their export prices constant." This can happen only if the Japanese domestic market is shielded from effective foreign competition. 10.5.4 Law Problems Much time can be spent debating the question of what is e-commerce law and where the boundaries are between e-commerce law, Internet law, computer law, cyberspace law and the like. The focus here will instead be on identifying resources that cover the whole landscape of these areas of law and that also do a good job of pointing to a variety of relevant resources. An Internet tool kit for e-commerce law will be like the Internet and e-commerce law ?expect it to evolve, grow and change on a regular basis. Are you sure you own your domain name? ?Chances are that neither you nor anybody in your company has ever checked to see who actually owns your domain name.? It is very common for domain names to be owed by a company employee, a web site designer or an internet service provider.? The initial owner (technically called the "licensee") of a domain name is the person or entity that is listed as the "registrant" on the application for the domain name submitted to the domain name registrar Using the internet, it is very easy to determine who actually owns a domain name. ?A domain name is "owned" by or licensed to the person or entity shown as the "registrant" on the "whois" database of the registrar. ?The registrar is the name given to an entity that is authorized by ICANN to issue domain names to the public. ?The first and most well known registrar is Network Solutions, Inc. ?A "whois" database is a database maintained by all registrars that lists pertinent information about all domain names issued by the registrar. ?Each registrar's Whois database may be searched online. To check the ownership of a domain name, go to the Whois database of either Network Solutions or Better-Whois.com. ?Simply type in the name of the domain name and the top level domain name such as .com, .net, .org, .biz, .info or .name and click the search button. ?If the domain name is in the Whois database, the search results will display the following pertinent information about the domain name: Registrant: ?The person or entity listed here is the "owner" of the domain name. Administrative Contact: ?The person designated to receive communications from the registrar related to administration of the domain name. Billing Contact: ?The person designated to receive notices from the registrar concerning renewing the domain name by paying the registration fee. Technical Contact: ?The person designated to receive communications related to technical matters associated with the domain name. Record Expiration Date: ?The date the domain name will terminate and be revoked unless the renewal fee has been paid Record Creation Date:? The date the domain name was first issued to the registrant or the registrant’s predecessor. Important Note:? Any person or entity named as a contact on the Whois database has the power to adversely affect the domain name.? Make sure the people who are named as administrative, billing and technical contacts are correct. ?These people should be trusted individuals or companies that will not use their power as designated contacts to adversely affect the domain name. ?The billing person should be somebody who can be trusted to make sure the domain name renewal fee is paid before the expiration date. ? Verify that the names, addresses, email addresses and phone numbers for the registrant and all contacts are correct. ?If any information is not correct or if you want to change any or all of the contacts, you should initiate the changes on your registrar's web site. ?The fact that a domain name owner has incorrect information in the Whois database can be used against the registrant in disputes involving ownership of the domain name.. Sometimes when you do a Whois search, you may not get much information other than the name of the registrar.? Many of the registrars do not share domain name information or have access to other registrars' Whois databases.? If you cannot get the information you need when you do a Whois search, make a note of the name of the registrar and then go to the web site of the registrar to do the search for the domain name information. ?ICANN maintains a list of all accredited registrars with their contact information. Domain names are valuable assets.? By taking the time now to check the ownership record of your domain name, you may prevent the loss of your domain name in the future. References http://www.creditcardmenu.com/ http://www.cash.ch/ http://www.business.com/directory/financial_services/banking/electronic_transactions/payment_systems/ http://dir.yahoo.com/Computers_and_Internet/Internet/World_Wide_Web/Security_and_Encryption/Secure_Sockets_Layer__SSL__Protocol/ http://www.arraydev.com/ http://www.fdic.gov/bank/individual/online/safe.html http://www.jrc.es/pages/projects/docs/Final-EPS-Vol.1.pdf http://elj.warwick.ac.uk/jilt/98-3/swindells.html http://www.iccwbo.org/home/statements_rules/statements/2001/jurisdiction_and_applicable_law.asp