PAYMENT SYSTEMS FOR ELECTRONIC COMMERCE.pdf

PAYMENT SYSTEMS FOR ELECTRONIC COMMERCE
Online payments are the basis of electronic commerce (e-commerce). They enable customers to purchase
products and services online without using physical cash or cheques. E-commerce heavily depends on digital
payment systems, from the basic credit/debit cards, e-wallets, mobile banking applications, to more advanced
platforms such as blockchain cryptocurrencies. All these forms of payments are protected by various methods
to guarantee transaction accuracy and user confidentiality. The main aim of these systems is to enable secure,
quick, and easy online transactions while minimizing dependence on cash. Security of transactions involve
methods such as encryption, digital signatures, two-factor authentication (2FA), and biometric verification to
safeguard against fraud and prevent unauthorized access

Key Components of online payment systems
•Payment gateway
They collect and transmit payment information from the customer to the merchant's acquiring bank. This service
encrypts and sends payment data (such as card information) securely from a business's site to the payment processor
and the financial network. It is the online version of a checkout terminal in a physical store. When a customer inputs
their payment information on a website, the payment gateway safely gathers this sensitive data. The payment
gateway subsequently encrypts the payment data utilizing technologies such as Secure Sockets Layer (SSL) or
Transport Layer Security (TLS) to guarantee the safety of the information during transmission. The secured transaction
details are then sent to the payment processor. In Zimbabwe, options include PayNow, Visa, Mastercard supported
by 3D Secure – international and ContiPay for example EcocashFCA, Innbucks, Visa, Mastercard, ZIPIT, OneMoney,
TeleCash and direct deposit
•Payment processor - It is an external firm that oversees the technical elements of the transaction, serving as an
intermediary between banks, card networks, and the merchant. Payment processors ensure that the data is
transmitted safely and authorize the transaction. They are the conduit connecting the payment gateway, the issuing
bank, and the acquiring bank.
Major responsibilities of a payment processor are:
Transaction Authorization: The processor receives the encrypted transaction data from the payment gateway and
forwards it to the relevant card network (e.g., Visa, Mastercard). The card network then routes the request to the
issuing bank.
Communication: The processor facilitates the communication between the banks to approve or decline the
transaction. The issuing bank checks for available funds and fraud indicators before sending an authorization code (or a
denial) back to the processor.
Settlement: Once a transaction is authorized, the payment processor initiates the settlement process, which involves
the actual transfer of funds from the issuing bank to the acquiring bank.

•Merchant Account
It is a specialized bank account that allows a business to accept payments via credit and debit cards. When a
customer makes a purchase, the funds are first deposited into the merchant account before being transferred to
the business's regular bank account.
•Customer's Financial Institution (Issuing Bank)
The bank or card issuer that holds the customer's funds or credit line. They verify the customer's account and
approve or decline the transaction.
•Acquiring Bank
The merchant's bank, which processes card payments on behalf of the merchant and sends information through
card networks to the issuing bank.
•Compliance
E-commerce payment processing is subject to various regulatory requirements, such as the Payment Card Industry
Data Security Standard (PCI DSS), which sets standards for the handling of payment data. Payment processors
must ensure that they comply with these requirements to maintain the security and integrity of online payments.
•Security and fraud prevention
E-commerce payment processing involves sensitive payment data that must be protected against unauthorised
access and fraud. As the volume of e-commerce payments rises globally, the need for robust fraud detection and
prevention measures also increases. Consequently, payment processors typically implement security measures,
such as encryption and tokenisation, to protect payment data and prevent fraudulent transactions.

Key Components of online payment systems (cont..d)

Online Payment Basics

Online payment systems are digital platforms that enable secure funds transfers among buyers and sellers over the Internet.
•Credit and Debit Cards
Traditional and very common methods that link directly to a bank account or credit line, widely used for e-commerce
transactions, e.g. Visa, Mastercard, American Express
•E-Wallets/Digital Wallets
Digital platforms (e.g. Mukuru, CBZ Touch, Smile Cash (ZB), PayPal, Apple Pay, Google Pay) that store payment information and
allow users to make purchases by linking various cards or bank accounts to a central account.
•Bank Transfers via Automated Clearing House (ACH)
Direct Electronic Fund Transfers (EFTs) that move money between bank accounts, often used for bill payments or large
transactions. An ACH transaction is an electronic money transfer made between banks and credit unions across a network called
the Automated Clearing House (ACH). ACH is used for all kinds of money transfers, including direct deposit of paychecks and
monthly debits for routine payments.
•Buy Now, Pay Later (BNPL)
Buy now, pay later (BNPL) is a deferred payment method that allows customers to purchase goods immediately and pay for
them at a later date. One of its key features is that it enables customers to make instalment payments without a credit card. In
many cases, the customer does not have to pay any interest. As a result, many customers find it to be very beneficial compared
to other payment methods.
At the checkout, the customer selects the BNPL option and is presented with a range of installment payment plans by the BNPL
provider. After choosing a preferred plan, the customer completes the purchase, and the BNPL provider immediately pays the
business in full on the customer’s behalf. The business receives the payment (minus a handling fee) and fulfills the order and the
customer will repay the BNPL provider over time according to the agreed plan. Premier Credit and KumbaPay (Kumbacare) are
examples of BNPL or close BNPL providers in Zimbabwe.

Online payment process
1.Transaction initiation - a customer initiates a purchase on the merchant's website or e-commerce platform
by selecting products or services and proceeding to the checkout page.
2.Entering payment information - the customer enters their payment information, such as credit card details
or digital wallet credentials, into the online payment form provided by the merchant.
3.Encryption of payment data - the payment information is encrypted using secure encryption protocols, such
as SSL (Secure Sockets Layer), to keep the customer’s details secure.
4.Verification and authorisation - the encrypted payment data is transmitted securely from the customer's
browser via the payment gateway to the payment processor or acquiring bank. The financial institution will
then verify the customer's payment details. It also checks for availability of funds in the customer's account
or credit limit.
5.Authorisation request - once the payment details are verified, the information is transferred, again via the
payment gateway, to the customer’s bank or card issuer to request approval to process the transaction.
6.Approval or decline - the customer's bank or card issuer reviews the authorisation request and either
approves or declines the transaction based on various factors, including availability of funds, account status
and fraud risk.
7.Transaction processing - if the transaction is approved, the customer's bank or card issuer sends an
authorisation code via the payment gateway back to the payment processor, indicating that the transaction
can proceed. The transaction is then processed, deducting the purchase amount from the customer's
account and transferring it to the merchant's account.
8.Confirmation - after the transaction is successfully processed, the payment gateway sends a confirmation
message to the merchant's website, indicating that the payment has been received and the order can be
fulfilled. Alternatively, the gateway will send a declined message.

Mobile Banking
Mobile payments leverage smartphones for transactions, integrating with mobile banking apps and e-wallets by
enabling users to perform financial transactions remotely. This includes mobile money services, which are widely
utilized due to their convenience and speed, with a significant percentage of commercial transactions being
conducted via mobile phone. Mobile banking enables e-commerce by providing 24/7 self-service access to bank
accounts and financial services via a mobile device, using apps, USSD codes, or SMS, thereby allowing customers to
manage finances, transfer funds, and conduct transactions anywhere at any time.
Important features and services include account management, funds transfers, payments and security (via OTPs or
PINs).
•Mobile Payment Apps
Applications like EcoCash, OneMoney, CBZ Touch, Smile Cash, Apple Pay and Google Pay allow users to store
payment credentials and make purchases with their phones.
•Biometric Authentication
Securely verifies a user's identity through unique biological traits, such as fingerprints or facial scans, for
transactions via mobile apps.

Block chain technologies
Blockchain is a decentralized, distributed digital ledger that records transactions across many computers, enhancing
security and transparency. Its most famous application is cryptocurrencies, which are increasingly used as a payment
system. The technology improves e-commerce by creating more secure, transparent, and efficient systems through
features like decentralized ledgers, smart contracts, and cryptography. Key applications include faster, fraud-resistant
payments with fewer intermediaries, real-time supply chain tracking for product authenticity, automated processes
via smart contracts, and improved customer loyalty programs. Blockchain also enhances data security and privacy,
reduces costs, and helps combat issues like fake reviews by providing a verifiable and tamper-proof record of
transactions and product journeys.
Kuvimba Mining House is using a blockchain-based traceability system (called Comstack) to track gold from its origin
in mining sites to its final market destinations. This helps ensure legitimacy and transparency in the supply chain.

How it Works for Payments
•Transaction Initiation: A buyer initiates a payment for an e-commerce purchase.
•Transaction Broadcast: The transaction details are broadcast across the blockchain network.
•Network Validation: The network's participants (nodes) validate the transaction using complex
cryptographic algorithms.
•Block Creation: Validated transactions are grouped into a "block".
•Chain Formation: This new block is then added to the existing chain of blocks, creating a permanent and
chronological record.
•Immutability: Due to the cryptographic linking of blocks, altering any past transaction would require
changing all subsequent blocks on the entire network, making the ledger virtually tamper-proof and secure.

TRANSACTION SECURITY, purpose, types
Transaction security in online payments refers to the set of technologies, protocols, and practices designed to protect sensitive
financial data during electronic transactions. The purpose of transaction security is to protect sensitive financial information during
electronic transactions, prevent fraud, and maintain the integrity and confidentiality of digital transactions. This crucial for a myriad
of reasons:
•Fraud Prevention (Stopping unauthorized transactions and identity theft)
This is very important in today’s digital economy, where cybercriminals are constantly coming up with new ways to exploit
vulnerabilities. Unauthorized transactions, phishing attacks, and identity theft can lead to significant financial losses and
reputational damage for both businesses and consumers. According to Fintec Finance News, in November 2024, Zimswitch,
Zimbabwe’s national electronic payments switch (which handles over 75% of card‑transactions in Zimbabwe) signed up with ACI
Worldwide to implement a Fraud Management & Payments Intelligence solution. The goal was to strengthen detection of
unauthorized and anomalous transactions across banks, mobile platforms, and card payments.
Advanced fraud detection systems now use AI and machine learning to analyze transaction patterns and flag anomalies in real
time. Multi-factor authentication (MFA), biometrics, and tokenization are now essential tools in combating fraud.
•Building Trust (Giving customers confidence to shop online)
Consumers are more likely to complete purchases on websites they trust. Trust is built when customers know that their payment
information is handled securely and transparently. For example, Shopify has maintained its reputation partly due to its strong
emphasis on secure checkout processes, SSL encryption, and Payment Card Industry (PCI) compliance for all merchants.
Customers see security badges and SSL certificates, which signal a safe shopping environment.
In addition, the announcement of Zimswitch’s partnership with ACI (2024/2025) was not just a technological upgrade; it was also
a public signal. Publicizing such security enhancements helps reassure banks, merchants, and consumers that transactions will be
safer.

TRANSACTION SECURITY, purpose, types (cont..d)
•Ensuring Privacy (Keeping customer data (card numbers, personal info) confidential)
Keeping customer data, including payment card numbers, addresses, and personal identifiers, private is not just an
ethical obligation, but a legal one. In 2024, Ticketmaster suffered a major data breach in which hackers reportedly
accessed personal and payment data of over 560 million users. The breach not only triggered lawsuits and
regulatory investigations but also eroded customer trust in the platform.
“The dark side of Mobile Money Transfer” (Midlands State University, 2023) pointed out that mobile money
systems, if not well regulated or audited, can become tools for fraud, money laundering, or financial irregularities.
Some people’s personal details leak, or are misused.
•Maintaining Integrity (Guarantee that transaction data is not altered during transmission)
Ensuring that transaction data is not altered during transmission is essential to protect both parties in a
transaction. Data integrity ensures that what the customer authorizes is what gets processed. Secure protocols
such as HTTPS, TLS encryption, and end-to-end encryption (E2EE) are now standard for ensuring data integrity.
Additionally, cryptographic checksums and digital signatures help detect any unauthorized changes in data during
transmission.
For example, Stripe (a global payment processor), uses encrypted transmission protocols to verify transaction
hashes and ensure that payment instructions have not been tampered with. Any discrepancies automatically
trigger flags or block the transaction.

Types of Security Protocols & Technologies
•Encryption
This scrambles transaction data, making it undecipherable to parties without decryption keys, if intercepted.
•SSL (Secure Sockets Layer) / TLS (Transport Layer Security)
The standard technology for creating an encrypted link between a web server and a browser. This ensures all
data passed between them remains private. You can see it working when a website's URL begins
with https:// and has a padlock icon.
•End-to-End Encryption (E2EE)
It ensures data is encrypted on the sender's system and only decrypted on the recipient's system, with no
third party able to read it in transit.
•Digital Signatures
Digital signatures are cryptographic techniques that bind users’ identities to digital documents or transactions.
This is achieved through a system known as Public Key Infrastructure (PKI), which utilizes a pair of mathematically
linked keys: a private key and a public key.
They are very important in secure online payments, providing strong strategies to ensure the authenticity,
integrity, and non-repudiation of transactions. Digital signatures act as digital fingerprints to offer high levels of
security than traditional handwritten signatures and making online payments safer for both consumers and
businesses.

•Authentication Protocols
•Multi-Factor Authentication (MFA)
It requires users to provide two or more different types of credentials to verify their identity so that they can
gain access to a payment portal, e.g., a password + a code sent to their phone). Requires a user to provide
two different types of credentials to verify their identity, adding an extra layer of security beyond a
password.
•3-D Secure (e.g., Verified by Visa, Mastercard SecureCode)
An additional security layer for online credit and debit card transactions. It redirects the user to their card
issuer's site to enter a password or code, verifying their identity.
•Tokenization
It is the replacement of sensitive data, such as credit card number with a unique, non-sensitive equivalent
called a "token." This protects actual card details by never storing or transmitting them in vulnerable
systems. The original data is stored securely in a token vault, while the tokens are used for
transactions, thereby reducing fraud risk, protecting customer data, and helping banks meet
compliance standards like PCI DSS. Tokens are useless if intercepted by hackers. This is how Apple Pay and
Google Pay work.
•PCI DSS Compliance (PCI DSS)
This is a set of security standards designed to ensure that all companies that accept, process, store, or transmit
credit card information maintain a secure environment. Adhering to industry standards like the Payment Card
Industry Data Security Standard (PCI DSS) ensures that businesses meet specific security requirements in handling
payment information.


Types of Security Protocols & Technologies (cont..d)

•Fraud Detection Systems
Fraud detection in e-commerce payments is the use of tools and processes to identify and block suspicious online
transactions in real-time, protecting businesses and consumers from financial loss and damage. It relies on
techniques like Artificial Intelligence (AI) and machine learning (ML) to analyze transaction data for patterns and
anomalies, alongside other methods such as multi-factor authentication (MFA) and behavioral analytics to verify
identities and prevent fraudulent activity before it can be completed.
Fraud detection systems identify potential fraudulent transactions by monitoring for key "red flags," such as unusual
purchasing patterns like high order volumes, multiple small transactions, or sudden changes in buying behavior.
Suspicious user activity, such as account takeovers or repeated order attempts using different credit cards, is another
warning sign.
▪Address Verification Service (AVS) is a security feature used by credit card processors to help prevent
fraudulent transactions. It works by verifying the billing address provided by the customer during checkout with
the address on file with the credit card issuer. Specifically, AVS checks parts of the address—usually the
numeric portion of the street address and the ZIP or postal code. If the address information matches, the
transaction is more likely to be legitimate.
If it doesn't, the system may flag the transaction for further review, decline it, or allow the merchant to decide
whether to proceed. AVS is commonly used in card-not-present transactions, such as online or phone orders,
where the physical card isn’t presented to the merchant.
•Card Verification Value (CVV), which is a security feature for credit and debit card transactions, especially in
card-not-present situations like online or phone purchases. It is a 3- or 4-digit code printed on the card, but not
stored on the magnetic stripe or chip, making it harder for fraudsters to obtain if they only have the card
number. For example, Ecocash’s virtual card (VCN) service provides a 3‑digit CVV number, along with expiry
date, so customers can use those virtual cards for online purchases, CBZ use Verified By Visa (VbV).
Types of Security Protocols & Technologies (cont..d)

Benefits of online payments for e-commerce
•Convenience and speed - online payments offer customers a frictionless checkout experience, allowing them to complete transactions
quickly from anywhere at any time. This 24/7 availability increases the chances of a completed sale. In Zimbabwe, mobile money
services like EcoCash, OneMoney, and Telecash are widely used for various transactions due to their convenience and speed. The
dominance of electronic transactions is also driven by cash shortages.
•Expanded customer base - by accepting online payments, e-commerce businesses can serve customers far beyond their local market,
both nationally and internationally. This breaks down geographical barriers and boosts potential revenue. For example, Paynow, a
Zimbabwean payment gateway, empowers Small and Medium Enterprises (SMEs) to receive payments from both within Zimbabwe and
from international customers via platforms like Visa and Mastercard. This allows businesses to access the global market.
•Streamlined operations and record-keeping - digital transactions automate the payment process, which saves time, reduces the risk of
human error, and minimizes administrative work. All transactions are automatically recorded, simplifying bookkeeping, tracking, and
reconciliation.
•Improved cash flow - unlike cheques or other traditional methods that can take days to clear, online payments are processed much
faster. This gives the merchant quicker access to funds, improving their cash flow. The rapid processing of digital payments like those
offered by online payment platforms significantly enhances the cash flow of Zimbabwean businesses.
•Enhanced customer insights - e-commerce businesses can analyze transaction data to gain valuable insights into customer purchasing
habits. This information helps in developing more effective marketing strategies and personalized promotions. However, e-commerce
in Zimbabwe is still limited to urban centres, with much of it taking place on social media platforms.
•Improved security for merchants - while not risk-free, modern online payment systems use advanced features like encryption,
tokenization, and multi-factor authentication to protect financial data during transactions. This can be safer for merchants than
handling large amounts of physical cash. Zimbabwean commercial banks have implemented security strategies like encryption,
passwords, firewalls, and Secure Socket Layer (SSL) to secure e-banking services.
•Environmental friendliness - relying on digital payments reduces the need for paper-based transactions, such as receipts and checks,
making it a more sustainable option.

Drawbacks of online payments for e-commerce
•Security and fraud risks - online payments are vulnerable to cybercrime, including phishing, identity theft, and fraudulent
transactions. Small businesses, in particular, may lack the resources to combat these threats effectively, and a security breach can
severely damage customer trust.
•Costly processing fees – transacting parties must pay transaction fees to payment service providers, credit card networks, and
banks. These costs can range from 1.5% to 3.5% or more per transaction, which can significantly reduce profit margins, especially
for high-volume merchants. High transaction costs are a factor limiting e-commerce adoption in Zimbabwe.
•Technical issues and downtime – the reliance on technology means that server outages, software glitches, or poor internet
connectivity can disrupt transactions and prevent sales. During peak shopping seasons, this can lead to significant lost revenue. A
two-day crash in Zimbabwe's dominant EcoCash mobile money network highlights the vulnerabilities of going cashless.
•Chargebacks – this occurs when a customer disputes a transaction and requests a refund from their bank. Merchants not only lose
the sale but may also be subject to additional fees. A high volume of chargebacks can lead to penalties or account restrictions from
the payment provider.
•Regulatory compliance - businesses must comply with data protection laws and payment industry standards (like PCI DSS), which
can be complex and costly. Failure to comply can result in fines and legal penalties. Zimbabwe enacted the Data Protection Act
[Chapter 11:24] to safeguard data.
•Customer data privacy concerns – online payment platforms collect a significant amount of personal and financial data. If this data
is mishandled or breached, it can lead to privacy violations and misuse of sensitive information. There are concerns in Zimbabwe
regarding the protection of personal data handled by commercial enterprises, particularly since the country's main data protection
law primarily addresses public bodies.
•Digital literacy barriers – although increasingly rare, some consumers may still be unfamiliar with or reluctant to adopt new digital
payment technologies. Merchants must be prepared to handle these preferences and offer alternatives where needed. Informal
Micro and Small Enterprises (MSEs) in Zimbabwe face challenges like lack of education and awareness about e-commerce, as well
as cultural and trust issues, hindering adoption.

References

•Laudon, K. C., & Traver, C. G. (2022). E-commerce 2022: Business, Technology and Society (17th ed.).
Pearson.
•Turban, E., Outland, J., King, D., Lee, J. K., Liang, T. P., & Turban, D. C. (2017). Electronic Commerce 2018:
A Managerial and Social Networks Perspective (9th ed.). Springer.
•Chaffey, D. (2019). Digital Business and E-Commerce Management (7th ed.). Pearson.
•Nhamo, E., & Nhamo, S. (2014). Electronic payment systems in Zimbabwe: Customer satisfaction and
customer loyalty in the banking sector. African Journal of Business Management, 8(17), 685-696.
•Jack, W., & Suri, T. (2014). Risk sharing and transactions costs: Evidence from Kenya's mobile money
revolution. American Economic Review, 104(1), 183-223.
•Kalakota, R., & Whinston, A. B. (1997). Electronic Commerce: A Manager's Guide. Addison-Wesley
Professional.