Written By: Ashok Misra of Alina Consultants
Introduction
Bitcoin as a Solution to E-Commerce Pain
Bitcoin is a decentralized virtual currency whose valuation and use has grown dramatically since its inception in January 2009.
Some thinkers view bitcoin as a viable alternative to sovereign currencies; however, e-commerce was the original use case for bitcoin in Satoshi Nakamoto’s epic paper in 2009 on the proposed “Peer to Peer” cash system.
Unfortunately, a lack of authoritative articles exist on the precise benefits of bitcoin vis-a-vis payment methods involving credit cards for purchase of goods and services on the Internet.
In this paper, we address in practical terms the precise advantages of using bitcoin as a payment method for Customer Not Present (CNP) transactions made over the Internet.
E-commerce Payments (“e-payments”)
E-payments are digital payments for goods and services that are made over the Internet on online merchant websites. E-commerce serves multiple vertical lines of business for physical and digital goods. Dominant verticals in shipped physical goods purchased over e-commerce channels by retailers are books, apparel, and electronics. Examples of digital goods purchased over the Internet are music, streaming media, and e-books.
Some key drivers for e-commerce are: residential broadband penetration; access to consumer payment instruments suitable for online commerce; and distribution and delivery channels for physical goods.
The worldwide e-commerce market has grown by 20 percent year after year for the last several years. Global B2C Ecommerce Sales are projected to hit USD1.5 Trillion in 2014, driven by growth in emerging markets.
The more mature e-commerce markets such as the United States, the UK, and Germany, where citizens enjoy a strong purchasing power and widespread access to broadband Internet, see about 10 to 15 percent of online share to total retail trade, whereas less mature e-commerce markets such as Poland see only about 3.8 percent of online retail volume to total volume. However, many regions such as Poland are witnessing a tremendous rate of growth in e-commerce. Poland, for example, has a population of 38.5 million, out of which 26.2 million are Internet users and 12.6 million are online shoppers.
Payment Methods
Payment methods used by consumers for online purchases vary considerably by region, depending upon their availability and consumer attitudes. They expose a unique set of advantages and risks for online commerce. They can be broken down as follows:
Credit and Debit Cards
Credit and debit cards were originally intended for “card present” merchants. The cards were designed for physical use at the point of sale, where the magnetic stripe card is “swiped” and read by a terminal. The cardholder is authenticated by methods such as a wet ink signature on a printed receipt, a signature captured on a touch sensitive POS screen, a secret PIN number, etc.
Such cards have been adapted since the birth of e-commerce by merchants and processors for use on the Internet. The number on the card is entered by the consumer on a web form during the order process. Authentication is carried out using information such as billing zip code, expiration date, etc.
Fraud with credit cards is a serious concern on account of the weak authentication and inherently insecure mechanics. However, it must be noted that consumers are typically protected against fraudulent purchases on their credit cards. For transactions made in a “Card Present” manner, the consumer’s bank bears the fraud loss, whereas in the e-commerce CNP use mode, the online merchant bears the fraud loss.
Security for credit cards in a “Card Present” environment has improved progressively. That notwithstanding, there have been recent cases of large breaches involving retail stores. The United States lost 5.33 billion USD to fraud in 2013. This was up 14.5% from the previous year. Of the 5.33 Billion, issuing banks in the United States lost 3.41 billion USD. The United States accounted for 47.3 % of global card fraud losses on only 23.5% of total volume.
All industrialized countries outside of the United States have migrated magnetic stripe credit cards to EMV1 technology. EMV cards have a microprocessor chip embedded in the plastic that communicates with the POS device. It is possible to embed the EMV chips form factor on mobile phones to communicate with proximity readers. EMV cards are virtually invulnerable to tampering, duplication, etc. Banks and card brands in the United States have announced their intent to move to EMV technology, and rollout is currently underway in a phased manner. It is expected that fraud on e-commerce channels will increase after the EMV rollout in the United States as fraudsters typically attempt to exploit the weakest attack surfaces.
It must be noted that EMV technology does not impact the mechanics of the e-commerce use case. Credit card numbers will still have to be entered on websites in the same manner as they are for magnetic stripe transactions.
Alternative Payment Methods
Credit card penetration in some regions (like the European Union, for example) has been limited due to negative sentiments on the part of consumers with the use of credit payment instruments.
That notwithstanding, e-commerce growth in several of these regions has progressed, as non-card payment tenders have been adopted. Examples of alternative payment methods are
Direct Debit (Germany), Ideal (Netherlands), and Boleto (Brazil). Alternate payment systems generally have more friction in purchase paths than credit cards. This friction usually stems from more robust authentication.
Main Players in Credit Card E-commerce Payments
Consumers are issued payment instruments by their card issuers. These instruments are credit or debit cards.
Issuers are banks that provide credit or debit instruments to consumers.
Merchants are businesses that sell goods or services to consumers.
Acquirers are banks that underwrite merchants.
Brands are the associations, such as Visa, MasterCard and Discover, that maintain the network of Issuers and Acquirers. Visa and MasterCard are now public companies.
Payment Service Providers (PSPs) are entities who provide transaction and settlement services for merchants.
Costs of E-commerce Payments with Credit Cards
The costs of e-commerce payments are borne primarily by merchants. Whereas there has been regulation that precludes merchants from directly passing on credit card processing costs to consumers, one can conjecture that costs for payment processing are reflected in SKU prices.
Costs for credit card processing are broadly divided into two categories:
Non-negotiable costs
Negotiable costs
Non-negotiable costs are pass-through costs levied by the brands and collected by acquirers. These costs make up more that 85 percent of total payment acceptance costs. The largest component of the non-negotiable cost is credit card interchange. Credit card interchange varies depending upon the type of card product. For example, an airline mileage card may attract 50 basis points of additional interchange fees over a non-rewards card. Other non-negotiable fees are assessments, cross-border fees, etc.
Negotiable fees are service fees paid by merchants to gateway service providers. Merchants with smaller processing volumes may be set up by their processor to pay a single-blended fee that includes interchange and gateway service fees.
Typical Process Flow for CNP Commerce
Consumer visits merchant website and loads a shopping basket.
Checkout flow captures payment information and shipping address.
Merchant sends authorisation to credit card gateway for final amount with shipping and handling.
Credit card gateway routes transaction to consumer’s credit card issuer and obtains authorisation.
Merchant indicates to consumer that the process is completed, and goods will be shipped or available for download.
Merchant sends a settlement instruction to credit card gateway, which, in turn, routes it to the issuing bank.
Merchant gets paid by acquirer.
Transaction shows up on customer’s billing statement.
Bitcoin Basics
Bitcoin is a software-based online payment system described by Satoshi Nakamoto in 2008 and introduced as open-source software in 2009. Bitcoin payments are recorded in a public ledger using its own unit of account which is also called bitcoin. Payments work in a peer-to-peer manner without a central repository or single administrator, which has led the US Treasury to call bitcoin a decentralized virtual currency. Although its status as a currency is disputed, media reports often refer to bitcoin as a cryptocurrency or digital currency.
Bitcoin is created as a reward for payment processing work in which users offer their computing power to verify and record payments into the public ledger. Called mining, individuals or companies engage in this activity in exchange for transaction fees and newly created bitcoin. Besides mining, bitcoin can be obtained in exchange for fiat money, products, and services. Users can send and receive bitcoin electronically for an optional transaction fee using wallet software on a personal computer, mobile device, or a web application.
E-commerce Purchase Paths Using Bitcoin
E-commerce purchase paths using bitcoin as a payment method can be developed using two basic methodologies, namely:
Purchase paths using a Bitcoin processor
Purchase paths made without the use of a Bitcoin processor
Bitcoin Processors
Bitcoin processors such as Coinbase and BitPay offer an abstraction layer into Bitcoin. A merchant desirous of accepting bitcoin from consumers, but at the same time desirous of being paid in fiat currency, could integrate with a service like BitPay. From the consumer’s point of view, the order flow would be exactly similar to a purchase with a credit card until the point of payment. Upon reaching the point where the payment is to be made, the website generates and displays a Bitcoin public address for the merchant. This Bitcoin address may be rendered in a QR code. Also, the order amount is converted to BTC and displayed to the consumer. The processor determines the price point to BTC conversion rate based upon industry real-time analytics. The consumer pays for the order amount using his or her Bitcoin wallet. BitPay provides the technical implementation to notify the merchant’s website when the payment has been completed as a signal to initiate delivery of the purchased goods to the consumer.
Merchants who choose to accept and hold bitcoin2 do not technically need a payment processor. In the direct integration method, the merchant creates a unique Bitcoin address for the customer’s shopping cart. The customer pays for the order total using his or her own wallet.
The merchant polls the Bitcoin network periodically to determine if the payment is completed, after which goods can be delivered.
Pain Points Solved by Bitcoin
Receipt of Funds by Merchants.
Credit Cards
With credit card payments, consumers see the funds withdrawn from their account (or credit floor reduced) immediately after the e-commerce payment has been completed. As described in the flow diagram, the merchant is paid through a settlement process that takes from one to several days. During the time that the funds are in transit, the merchant is technically forced to extend credit to her acquirer. It is likely that merchants do not enjoy the same credit on their account payable vendors.
Bitcoin
As we have seen, bitcoin payments are instantaneous3 for both parties, and there are no settlement delays involved. Thus, the funds disbursed by consumers are available immediately to the merchant.
Credit Card Chargebacks
A consumer may dispute a merchant charge within a certain window after a transaction is
completed. A dispute may arise due to non-receipt of goods or services, fraud, an incorrect amount billed, etc. The consumer’s transaction is temporarily reversed at the initiation of the dispute process. During this time, the acquiring bank “funds” the disputed amount to the consumer. Thereafter, there is a resolution process wherein the consumer and merchant present documentation to resolve the dispute. If the transaction is resolved in the consumer’s favor, the charge is reversed permanently. If resolved in the merchant’s favor, the temporary adjustment made to the consumer at the start of the dispute process is reversed.
Bitcoin
With bitcoin, there is no guarantor for transactions. No party can reverse a completed payment. From a merchant’s point of view, there is no exposure to disputes that will reverse payments.
Merchant Credit Card Acceptance Underwriting
As described earlier, a merchant desirous of accepting credit cards needs to secure a relationship with an acquiring bank. This could involve an “underwriting procedure,” as the acquiring bank guarantees payments for the merchant. Should the merchant become insolvent, it is the acquiring bank who protects the payment in the event of consumer disputes. Merchants who do not have a processing history, such as startup businesses, usually face difficulties during the underwriting process for obvious reasons.
Bitcoin
With Bitcoin there is no centralized banking institution involved. The underwriting process is eliminated completely. Also, merchants who do not have a business history can begin payment acceptance immediately.
Credit Card Security
Security with payment cards relies upon protecting the credit card payment data (16-digit credit card number) and authentication data (billing address, expiration date, cardholder verification codes, etc.).
The Payment Card Industry Data Security Standard (“PCI DSS”) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data.
Bitcoin Security
Attack surfaces for Bitcoin are primarily at the endpoints. There is no useful information for a hacker that can obtained by observing transactions in flight. The Bitcoin protocol, in fact, relies on transaction information being public.
Since the consumer does not “deposit” symmetric payment and authentication information to the merchant, there is no way for a maleficent agent who is privy to the communication channel or to the merchant’s infrastructure to use that information to exploit the consumer at some later time.
At the merchant end, there is no need to maintain any sensitive information on front-end webservers. The infrastructure to handle the merchant’s bitcoin obtained from consumer payments can be completely delinked from the commerce website.
There have, in fact, been recent incidents where bitcoin have been stolen. It is worth emphasizing that these cases without exception involved theft at end-point infrastructure. Thus, they were not attacks on the protocol. There are various technologies (out of the scope of this article) to secure bitcoin on hardware appliances.
Caveats
Volatility
As seen in the chart above, price fluctuations in the bitcoin to USD rate on bitcoin exchanges vary considerably over even short periods in time. We have seen bitcoin highs and lows in the range of $1,200 to $100 in the last twelve-month period. The volatility is likely due to the fact that currently bitcoin purchase is driven largely by speculation and there is no robust way of evaluating an appropriate USD to BTC rate. Also the perceived value of the cryptocurrency fluctuates with news and announcements from financial regulators on the manner in which they intend to regulate bitcoin. This volatility is not conducive to e-commerce and some stability needs to set in for mass adoption.
Consumer Protection – There are several cautionary advisories from government agencies about the risks associated with virtual currencies. It is certainly true that Bitcoin offers no protection for consumers, and it is unlikely that governmental consumer agencies will protect consumers for bitcoin purchases in the same manner as they do for regular bank instruments. That notwithstanding, from the consumer risk management point of view it brings up the question if the higher reflected sku costs associated with credit card transactions are proportional to the protection offered. If the costs of protection were offered using free principles, the costs would likely be lowered. For low value transactions over the internet, consumers may choose to embrace the risks associated with bitcoin for lower SKU price points, particularly for repeat purchases from the same merchant.
It is conceivable that trusted third parties could broker bitcoin transactions and offer consumer insurance. The Bitcoin protocol supports the contract to enforce financial agreements; Bitcoin supports contracts using the same decentralized and distributed architecture used for financial transactions. These constructs can be used to reduce the risks of dealing with unknown entities in commerce.
Legal Issues – Needless to say there are serious risks on further growth of bitcoin on account of the uncertain legal status of bitcoin as a financial tender type. Some jurisdictions have deemed bitcoin to be a commodity whereas others treat it as currency. Some countries have outlawed bitcoin altogether and treat the possession of bitcoin as a criminal activity.
At the time of writing the United States treats bitcoin as a commodity. Any agency involved in the transfer of bitcoin with fiat currencies comes under the purview of banking and money laundering laws and requires licensing in every state, thus there is a high entry bar for exchange activities. For consumers, the act of purchasing a commodity in bitcoin is a taxable event. This treatment certainly hinders wider adoption.
Regulators clearly see the bitcoin features of anonymity, decentralization and lack of a central control as detrimental to control. However, it is fair to assume that a complete ban on bitcoin would continue to take place only in totalitarian jurisdictions. In western countries, it is unlikely for governments to impose a categorical ban on bitcoin. It is more likely that tax reporting, VAT, etc. would be based on some kind of honor system. There are some successful examples of parallel currencies that are recognized as legal tenders. An example is the WIR franc developed in Switzerland in 1934 and still in use at this time.
Conclusion
Bitcoin offers a unique and powerful payment mechanism for all participants in e-commerce payments. It eliminates many of the inefficiencies present in traditional web payments. Bitcoin is not purely an academic subject anymore. Some mainstream web properties such as Expedia, Overstock.com, Dell, and WordPress have been accepting bitcoin as a form of payment. Bitcoin has an extremely low entry bar and should expect its usage to grow rapidly.
Footnotes:
EMV is a joint effort initially conceived between Europay, MasterCard and Visa to ensure the security and global interoperability of chip-based payment cards.
There are likely tax implications for doing this, depending upon jurisdiction, which is beyond the scope of this article.
This is a relative term as Bitcoin payments are confirmed when the block chain is written.