When making an online payment, there are a couple of entities that the payment related data flows through before the money actually gets debited from the user’s account and credits into the merchant’s. The different units that are involved in the payment process are:-
- The shopper shops for products and places an order. Against the order he is required to make a payment for which he can use his debit card, credit card or Netbanking. As soon as he fills up his card and banking information, he is taken to the next step.
- Meanwhile, the e-commerce site transfers all this sensitive information to the site’s payment gateway. The payment gateway is responsible for tokenizing this data. This means that the sensitive data is replaced by certain unique identification symbols that keep the essential information intact in a secured manner.
- This tokenized data is then sent to the merchants’ bank by the payment gateway. This bank is called an acquiring bank which is in actuality a financial institution that helps in dispensing card payments on behalf of a merchant or a trader.
- The bank either approves or rejects the payment based on information passed by the user’s bank. This response is then communicated to the payment gateway.
- The payment gateway forwards the response and the tokenized databack to the ecommerce site.
- The payment information that is received is then processed accordingly by the merchant site.
A very important role played here was by the gateway which is at the core of the processing unit. With tokenization, the sensitive data pertaining to the personal and financial information of the user is effectively secured. Benefits of tokenization are:-
- When the credit card number of the user is converted into tokens which are randomly generated values it cannot be used for any other transaction beyond that one specific unique transaction with a particular merchant. This is the reason why it makes it difficult for hackers to access the data on the credit card.
- It also is not as expensive as other security related compliances that requires ecommerce traders to install end-to-end encryption systems and hence can be easily afforded by small scale and medium sized businesses too.
- All in all it is a very secure method of minimizing the amount of data that a retailer or a merchant can store at his point of sale.
Ecommerce is very beneficial to the end user or the shopper. But to make it into a strong and hacker defiant system is a big challenge for the ecommerce merchant. With most brand websites offering B2C services to their customers enabling instant settlement of bills and payment against purchase, there are millions of transactions happening in a month that can be great target zones for potential cyber criminals. Hence it is impertinent that all websites and online portals that handle e-transactions make themselves safe and secure for their customers to have a tension-free shopping experience.