1. > Answer: It's a what :-)
Trustwise.com redirects to this URL
and provides a suite of encryption security solutions for ecommerce.
One of their main core areas of business is issuing server
certificates so site owners (merchants) can provide encrypted and
authenticated connections between their website and the user's browser
for secure transactions and submission of confidential data. Trustwise
has since been absorbed into the BT ignite range of services.
Excerpt from their "about us" page:
"BT Ignite is the internal name for BTs business services and
solutions division serving customers worldwide. We are an Information
& Communications Technology (ICT) service provider delivering
integrated data and value-added services to meet the European needs of
global multi-site corporates and the global needs of European
corporates. We draw upon unparalleled account management and solutions
delivery expertise utilising a portfolio spanning the entire IP value
chain - including mature e-commerce and systems integration
consultancy-to-solutions businesses, as well as broad-service
applications, content hosting and distribution, Internet connectivity
and data transport services."
Other similar companies are
2. > Answer: The function of the merchant is to sell goods. Examples
of (online) merchants are Amazon.com, Buy.com, PCmall.com.
Merchants should display and make information available on their
products, e.g. technical specification, images, stock levels, and make
clear their refund / returns policy, and other statutory duties.
Typical requirements of UK merchants is reflected by the Which? Web
The merchant needs to ensure that sensitive data is encrypted during
the transaction process using e-security services such as Trustwise.
3. > Answer: Normally in the transaction chain sits the
b. Merchant (who to all intents and purposes is the site owner),
c. Online payment provider who provide the mechanism for capturing,
d. Acquiring bank - who process the funds (store owners / merchants
need to have a merchant account with a bank for the purposes of
executing credit card transactions).
WorldPay an online payment provider explains an internet transaction
scenerio step by step, the merchant is refered to as 'Store':
"How It Works" Worldpay.com
"1. The shopper locates the customer's eCommerce site
2. The shopper browses the customer's catalogue
3. The shopper adds products to their 'basket', then decides to pay
4. The customer's WorldPay facilities issue an encrypted 'purchase
token' containing the purchase details
5. WorldPay decrypts and interprets the encrypted 'purchase token'
[with the use of a server certificate such as from Trustwise]
6. WorldPay present the payment form to the shopper
7. The shopper enters their card details and submits the form
8. The card is authorised
9. WorldAlert, our fraud detection system inspects the transaction
[re. 9. this is not a feature of all online payment providers]
10. Acceptance confirmation is sent to the customer together with any
additional information or warning about the transaction from our fraud
11. WorldPay sends the response to the shopper
12. Funds transfer takes place"
For offline merchants (bricks and mortar) the transaction chain only
comprises of a, b, and d , who process the cards manually via swipe
Google Directory > Computers > Security > Public Key Infrastructure >
PKIX > Tools and Services > Third Party Certificate Authorities
If you need any points clarified please just ask,