Instant! Frequently asked questions |
|
|
Internet providers,
cellular communication providers, public utilities, participants in electronic commerce
market, software developers are enabled to arrange fully automated sale of products
(goods, services) through Internet - easily, instantly, and securely. Using standard and
advanced technology offered by the Payment System, service providers can build an
automated interface between the Payment System and billing system of providers, by
automatic identification of client payments and record in the billing system. For cellular
communication companies, the Payment System provides software interface, which enables the
cellular company clients to pay bills through Internet and cellular telephone. |
|
Banks, financial companies,
participants in securities market are enabled to provide new kinds of services for their
clients (individuals and corporations), to invite numerous new clients and provide
operative service in automatic mode, to increase amounts of paid services provided for
clients, including secure payments with credit cards through Internet. Opportunity of
clients paying goods and services with their Bank accounts through Internet will enable to
cancel such expensive and ineffective method of inviting clients as extension of network
of expensive offices and divisions of the Bank. Use of Internet makes profitable service
of numerous small payments, for example, for public utilities. |
|
Individual credit card
holders and customer account owners with Banks are enabled to pay easily, instantly, and
securely for goods and services through Internet as well as to transfer money from
their customer virtual accounts to their credit card Bank account and to spend this money
for usual shopping or receive cash through ATMs. This is a good opportunity to credit card
accounts at any time from anywhere (home, office, abroad) rather than to keep large
amounts on low protected credit card accounts. |
The Payment System is
created with the most advanced achievements of Microsoft, the leader of instrumental
software production. This enables to serve more than one hundred thousand clients in the
whole and dozens (by 64 to 128 kbit/s channels) or hundreds (by 512 to 1024 kbit/s
channels) of clients at the same time. |
The Payment System
enables the customer to pay by two methods: from existing cusomer credit
card or customer virtual cash account. |
The Payment System enables
to make secure payments with credit cards. Upon registration, a card is visually verified
and authorized to provide further secure acceptance of payments with this card through
Internet. Once having registered his card by producing to a Bank or merchant, a client
will repeatedly and securely use it for payments to this merchant and all other merchants
recognizing this merchant or Bank as a registrar. This enables larger merchants of goods
and services (cellular communication companies, Internet providers, etc.), independently
of Banks or other merchants, to create their own client base for secure acceptance of
payments with credit cards through Internet, while smaller merchants are enabled to
securely use the client base of confirmed credit cards created by larger merchants.
Acquirer Banks can register credit card holders, including their own clients and holders
of credit cards issued by other Banks. This will enable them to increase the amount of
retail operations, to provide their merchant clients (corporate merchants of goods and
services) and credit card holders with a new promising kind of service - secure operations
with credit cards through Internet  A merchant does not take care to provide secure channels
with customers, because these channels are provided by the Payment System. In order to generate a payment transaction, it is not
necessary to transmit card numbers through Internet, because these numbers are
securely kept in the Payment System database, which is inaccessible from Internet. Generated payment transactions are also kept in the Payment System
database and are accessible only for the addressee, who receives them in secured mode. Cards, which are discredited for any reasons (forged,
lost, stolen), can be blocked by the merchant, who is
responsible for these actions to the Payment System. Each new customer should register himself with the Payment System,
and, if a card with this number is discredited or card number is not valid, registration
will be rejected. Merchants, who are discredited for any reasons, will be excluded
from the Payment System. |
The security subsystem of Instant! Payment System is based on use of several components, which provide multilevel security against unauthorized access. Data exchange between the client browser and Web-server is cryptographically secured with 128-bit SSL (strong cryptography used by financial institutions). Operative monitoring of client work is provided. Database of virtual accounts and transactions and database server thereof is physically located in a separate computer, which is not accessible through Internet. Hot reserving of database is provided. The local network of the Payment System is secured with software and hardware firewall against unauthorized access from outside. The Payment System has its own internal security subsystem designed to provide secure access of clients to their accounts and to prevent IDs and passwords from attempts of multiple computer guesses. Functioning of the internal security subsystem in the Payment System is based on the following conditions. Each
virtual account is accessible only upon providing the account ID and password. Account
ID and password include, respectively, ten and eight alphanumeric symbols, which cannot be
determined by scanning combinations. Virtual
account holder is able at any moment to replace his/her password. Repeated
attempts to enter the Payment System with incorrect account ID result in prohibited access
the Payment System for this remote computer for the period of one week. Repeated
attempts to enter the Payment System with correct account ID and incorrect password result
in blockade of this virtual account for one day. The
internal security system in the Payment System enables to prevent attempts of repeated
production of IDs and passwords (computer guesses) by software facilities. |
The Payment System does not
reduce the existing level of credit card use security and in some cases makes credit card
use more secure than traditional applications. If payments are made through Instant!, card can not be lost
or stolen and its number can not be discovered. If a small point of sale uses a computer with access to Internet,
for payment through Instant!, instead of traditional electronic POS terminal or voice
authorization, the point of sale cashier needs not to verify the true card (for small
points of sale, such verification may be problematic due to insufficient cashier skills
and experience). For such points of sale, acceptance of credit cards becomes more secure
if they start using Instant!. In addition, the price of a cheap computer (which can be also used
for other purposes) connected to Internet through public telephone line is far less
expensive than installation of an electronic terminal. An acquirer Bank, which uses the Payment System, can transmit the
payment transactions collected for merchants directly to the processing center. Thus, no
numbers of credit cards in the transactions made are accessible for such merchants that
significantly increases security of payment operations. Customers, who have their virtual accounts with the Payment System,
can increase security in using their credit cards. As we know, use of credit cards is
associated with the risk of unauthorized writing money off the card account due to
possible forgery. Use of customer virtual cash account with the Payment System, which is
more reliable, to keep money and to transfer money to the real Bank card account, if
necessary, enables to increase credit card use security. |
The International Version
of OS Microsoft Windows NT and Web-server Microsoft Internet Information Server uses low
cryptography (40-bit SSL). In order to provide the possibility for using strong
cryptography (128-bit SSL), a client should either install domestic USA version of browser
or upgrade browser with free software. These programs are designed specially for non-US
use; therefore, they are not subjected to any restrictions for use beyond the USA. These
programs are accessible for free downloading from Internet: Payment System Web-server
contains information, which enables clients to upgrade their browsers independently. In
order to provide legal purity of such operation, clients should independently upgrade
their software; this simplest operation should be carried out by single run of the program
downloaded from Internet. |
The great efforts undertaken by the world payment systems to provide secure use of credit cards in Internet on the basis of SET protocol will likely give a positive result in the future; however, in this connection, we should note the following. The problems in SET introduction and application are not able to forecast its soonest use everywhere. Reasonable use of SSL protocol, in addition to the credit card registration subsystem used in Instant! Payment System, provides sufficient security of card payment transactions, being at the same time far less expensive and simpler solution for secure use. |
|
Operation system -
Microsoft Windows NT 4.0 |
|
Merchants receive payments
from customers from their virtual cash accounts or credit cards. |
|
Only a browser supporting SSL, preferably, from Microsoft or Netscape. If your browser supports only low cryptography (40-bit SSL), it can be upgraded for supporting strong cryptography (128-bit SSL) by downloading from Internet and single running the freely distributed software |
The customer virtual
account records the customer account balance and operations made therein as well as the
information of the customer Bank account, where the account holder can transfer the
balance amount from the customer virtual account. Access to the virtual account, which
enables to receive information and make payments, is provided only upon production of the
account ID and password. |
The credit card virtual
account contains the information of the customer credit card used to generate the payment
transaction and operations made with the card. The credit card virtual account is not
connected in any way with the real credit card Bank account. Access to the virtual
account, which enables to receive information and make payments, is provided only upon
production of the account ID and password. The card may be issued by any Bank. |
|
The merchant virtual
account contains the merchant account balance and operations made therein as well as the
information of the merchant Bank account, where the merchant transfers money, collected
from customers. Access to the virtual account, which enables to receive information and
make payments to predefined merchant Bank account, is provided only upon production of the
account ID and password. |
|
The credit card number is
once transmitted to the Payment System through Internet by the card holder upon
registration of this card. This operation is secured with strong cryptography (128-bit
SSL) used for such purposes by financial institutions - Banks and payment systems. Then
the credit card number is saved with the Payment System database computer, which is not
accessible from Internet and physically located in an isolated area with extremely limited
access. Upon payment, the credit card number is not transmitted - payment operation
(containing the credit card number) is initiated solely by the card holder; for this
purpose, he/she should produce his/her ID and password, and payment transaction is
generated with the Payment System computer, which is not accessible through Internet. Then
payment transactions are transmitted in secured mode either to the acquirer Bank in the
Payment System or to the merchant for production to the acquirer Bank. Therefore: The credit card number is never transmitted through Internet
in open form - only in secured mode. The credit card number is never transmitted by the card
holder through Internet for making payment operations. The credit card number is never transmitted to any merchant,
who is unknown to the Payment System - only to merchants registered with the Payment
System, which controls their reliability. For payment operations addressed to the merchants served with the
Banks in the Payment System, the credit card number is never transmitted
even to the merchants - payment transactions are transmitted directly to the card
processing system. Payment transactions with the credit cards registered with
the Payment System are initiated solely by the credit card holders. |
|
The credit card data can be
at any time deleted from the Payment System by the card holder. |
|
It is necessary to open the
virtual account of any type - customer virtual cash account, credit card holder virtual
account, or merchant virtual account. It can be done immediately. Right now. |
|
Then you should credit it
with some amount by Bank transfer from your Bank to the Payment System Bank account, and
when this amount is deposited to your virtual account, and you will be able to pay from
this account through Internet. Opening the customer account, you should specify your
already existing Bank account (for example, your credit card account), and you will be
able at any time to transfer money from your virtual account to this outside Bank account.
Thus, it is suitable to replenish your credit card from any computer connected to
Internet. |
|
Then you should specify
your account with your Bank, to which it will transfer all the money from your merchant
virtual account. If you are going to accept payments not only from customer virtual cash
accounts (and from credit card virtual accounts also), then, in accordance with the
regulations of the international payment systems, you should open your card merchant
account with the acquirer Bank, which enables you to accept credit cards. |
|
The customer virtual
account can be credited by Inter-Bank transfer from your Bank account to the Payment
System Bank account. Note: Please, provide your 6-symbol virtual account ID
in payment details! The card virtual account is not correlated to the real card Bank
account. In order to maintain solvency of your credit card, it is necessary to credit the
real credit card account with your Bank. The merchant virtual account is credited by customers. Money is
credited periodically by the merchant or automatically transferred to the real merchant
Bank account to be specified upon opening the merchant virtual account.See Credit Customer Account section. |
|
No. The merchant virtual
account is designed for receiving of payments from customers. It is the only way to debit
merchant virtual account - to transfer money to the real merchant Bank account, which is
specified upon opening the merchant virtual account. |
|
The merchant account holder
can at any time transfer money within the balance on the merchant virtual account to the
own real Bank account, which is specified upon opening the merchant virtual account. For
this purpose, it is necessary to specify SYSOUT in Payment section in the
field of account, where money is transferred. |
|
No. You can only open a new
merchant virtual account and then specify the new real merchant Bank account used to
transfer money received by the merchant from customers. This regulation enables to make
the merchant virtual account completely secure - merchant can be fully sure that no money
transferred to merchant virtual account can be transferred anywhere except his/her/their
real Bank account. Thus, operation of the merchant virtual account (receiving statements,
fund transfers to the real Bank account) is quite secure and can be assigned to one
responsible officer. |
|
The account holder can at
any moment transfer any amount within the account balance to the customer existing Bank
account, which is specified upon opening the virtual account. This can be the credit card
account, for example. In this case, the Internet account holder is entitled to credit
his/her card account from his/her virtual account and, correspondingly, to spend money for
common shopping or to obtain cash through ATMs. This is a good opportunity to
keep smaller amounts in the low secured credit card Bank account but to transfer
money to the card account at any time from anywhere (home, office, abroad). In
order to transfer money to the outside Bank account, you should specify SYSOUT
in the payment form, Payment section, in field of the account, where money is transferred.
The outside Bank account cannot be changed, you can only open a new customer virtual
account and specify in this case the real Bank account, where money will be transferred. |
Yes, at any moment. See Change password section. |
The full account ID
contains 10 symbols. The full account ID is necessary only for operation of payment from
your account. You should not tell anybody your full 10-symbol account ID. In order to
transfer money onto your account or to obtain the statement, it is sufficient to enter
6-symbol prefix (first 6 symbols of your account ID). |
The full password contains
8 symbols. The full password is used only for the operation of payment from your account.
You should not tell anybody your full 8t-symbol password. In order to receive an
statement, it is sufficient to enter the 4-symbol prefix (first 4 symbols) of your
password. |
Then this registration
should be confirmed - in the event that the merchants, whose services and goods you are
going to acquire, accept only confirmed cards. You need not to confirm this registration -
in the event that the merchants, whose services and goods you are going to acquire, accept
also unconfirmed cards. |
In the event that you make
payments from an “alien” computer, which you can not rely upon, or use the
telephone interface to the Payment System, there is a probability that your password can
be discovered. In these cases, you can use dynamic (one-time) passwords, each of them is
valid for one payment operation only. These passwords can be reviewed by means of function
Receive Dynamic Passwords. There are 16 4-digit dynamic passwords. They are used in turn,
one by another. After use, the first password is canceled, the second password takes the
first position, the third password becomes the second, etc. Thus, the last (16th) is
generated every time after use. These passwords can be saved and used in the cases
aforementioned. |
Registration is confirmed
by the registrar, for example, merchant or Bank. Before confirmation, you should
independently register your card with the Payment System. For confirmation, you will tell
the officer of the merchant company or Bank the 6-symbol virtual credit card account ID,
the officer will call your card data on display, verify your true card and registered
data, and press the confirmation key. Then your card data are confirmed, and you can carry
out the payment operations addressed to those merchants, who rely upon the registrar
confirming your card data. |
The registrar company
officer, who provides administration with the Payment System (who knows the merchant
account access password), sets the registrar password and expire date thereof in the
registration settings. Then he/she sends this password to the officer, who provides
confirmation of registered credit cards. Normally, this officer is operationist accepting
credit cards. This officer has authorized access to the computer connected to Internet;
then, in addition to his/her general function of accepting cards to payment, he can also
execute the function of confirming registered cards. For this purpose, he specifies in the
relevant Payment System form the 6-symbol card account ID, which the card holder tells
him, his own 6-symbol merchant account ID, and his registrar password received from
his/her Company officer, who provides administration of work with the Payment System. In
response, the Payment System provides the registered card information. Having compared
this data with the data in the card, verifiing the authenticity of the card, and
authorizing it, the operationist confirms the card data. If the registrar password is
incorrect or expired, the confirming operation will be inaccessible. The registrar Company
administrator can at any moment change the password and expire date thereof. The Payment
System is also able to fix the computer addresses, which can confirm card registration. |
|
The registrar can at any
moment: |
|
The merchant can accept
cards: Unconfirmed, if upon opening the merchant virtual account (or in
further registrar settings), he/she/their specifies this condition, and the Payment System
is set to enable these actions; Confirmed by himself - the merchant should accept these cards; Confirmed by the trusted other registrars, whom this merchant relies
upon - 6-symbol account IDs of such registrars should be specified by this merchant in
registrar settings. See Set Registrar's parameters section. |
|
Sale through Instant! CyberMall (electronic shop)In the electronic shop, you can place description of the product for sale and link (URL) to this product in the merchant site. This link will be provided for the customer after payment for the product only. The electronic shop enables to sell information goods (documents, software, images, sound files etc.) or services (user access to databases, etc.) even by merchants, who have not their own Web-server. In the simplest case, it is sufficient to have two simple Web-pages in any Web-site. The first page (readable from Internet for everybody) may contain description and examples of the product sold, the second page (whose link will be provided for customers after payment only) should contain the product or links to the real products, or access password to the service or database for the current period (for example, week or month). Sale through merchant Web-site In order to sell through their own Web-sites, merchants should provide the payment function for customers and the function of automatic verification of payments received from customers to provide them access to the goods and services. In order to provide the payment function, it is necessary to insert into the merchant Web-site the form, which example is given in Merchant’s section. This form re-addresses the customer to the Payment System site and displays Payment section for payment, where the merchant payment fields are already filled. The merchant can verify receiving payments either manually (by receiving the statement) or automatically, by giving URL-request (on-line merchant request) from merchant site to the Payment System site, which format is given in Merchants section. In the course of payment by the customer, the payment transaction gets its unique 6-symbol ID. The transaction data is immediately sent to the Payment System database. After payment, the customer asks the merchant to deliver the product with transaction ID (as an analog of receipt). The merchant gives the on-line request to the Payment System and specify the transaction ID given by the customer. In response, the Payment System gives its confirmation that the payment with this ID has already been transferred to the merchant or informs of no such transaction. Respectively, the merchant will either provide or cancel access to the product. All these actions are automatically made by the merchant software. This standard Payment System interface for Internet applications can be incorporated into any electronic shop software used by the merchant. See About Merchants, CyberMall sections. |
|
URL-request given by the merchant software to the Payment System for automatic verification of the fact of payment received from certain customer for certain product (order). It is used in the merchant electronic shop, when the customer asks to deliver him/her the paid goods. The format is described in About Merchants section. |
|
Select the goods in
CyberMall. |
|
Select the goods in
CyberMall. |
|
The link to the product as
given after payment is accessible until the payment transaction is saved with the Payment
System (at least, one month) or until the merchant renews this position in CyberMall.
Therefore, if you have any problems with communications or other reasons, which prevent
you from receiving the goods immediately after payment, you can receive the goods later,
the number of attempts is not restricted by any way. In order to get the product
reference, it is necessary to produce the ID of payment transaction made for this product.
The list of all the payments made by the customer and IDs thereof can be received by the
customer upon requesting the statement from the Payment System. |
|
Each merchant can fill the
form describing his/her/their goods and insert this description into CyberMall. The form
is given in Feedback section. At any time, the merchant can update or delete this
description from CyberMall. The merchant can have several descriptions, which number is
regulated by the Payment System settings. |
|
If the provider serves clients and takes user service fee (for example, monthly fee), they can use Instant! as a simple billing system. The simplest method is to sell through CyberMall the reference to the merchant site section, which contains the current month (week) access password for the service or information provided by the merchant. You can have, for example, for passwords, each of them will provide access for month with a week shift (first password from the first to the thirty-first day in the current month, second password from the seventh day in the current month to the sixth day in the next month, etc.). The advantage of this method is simplicity - no programming is necessary in the merchant site. The disadvantage is that unfair customers can publish the password, which is common for all the customers. This disadvantage can be eliminated by requesting from the customer, who paid access, the unique transaction ID assigned to his/her payment with the Payment System. For this purpose, the merchant site should give automatic URL-request to the Payment System site, which format is given in Merchants section. In response, merchant site will receive the confirmation (simple HTML-page) of payment. Then the merchant site provides the customer with access to the paid service and save the transaction ID in the list of these IDs in order to verify next time the transaction ID specified by the customer without sending URL-request to the Payment System. This feature will enable to control the number of customers producing correct password (transaction ID), because the password becomes individual for each customer rather than common for all the customers, as in the simplest case aforementioned. |
|
| Information of the account type (customer virtual account, credit
card holder virtual account, merchant virtual account). Information of the outside Bank account, where money can be
transferred by the virtual account holder. Account balance (current balance for customer virtual account,
current month transaction balance for credit card holder virtual account, current month
card transaction balance for merchant virtual account, current non-card operation balance
for merchant virtual account). List of operations (for merchant virtual account - separately card
and non-card operations), with specification of the corresponding account, operation date,
time, amount, details, and card information. This list can include the text messages from
the Payment System. See Statement section to receive statement. |
|
The Payment System can
place the information, which should be given for all the clients, in the headline of each
page referred to by the client. If it is necessary to send an individual message to a
certain client, such message can be given in the statement to be received by this client.
Electronic mail is used for client requests and answers thereto. |