1.Is It A merchat or what.
2.What is the function of  merchant?
3.Tell me the process of transaction on internet (site owner, merchat and bank).
4.

Hello surabayacuk-ga 

1. > Answer: It's a what :-) 
Trustwise.com redirects to this URL
http://www.btignite.com/uk/products/trustservices
and provides a suite of encryption security solutions for ecommerce.
One of their main core areas of business is issuing server
certificates so site owners (merchants) can provide encrypted and
authenticated connections between their website and the user's browser
for secure transactions and submission of confidential data. Trustwise
has since been absorbed into the BT ignite range of services.
Excerpt from their "about us" page:
"BT Ignite is the internal name for BT’s business services and
solutions division serving customers worldwide. We are an Information
& Communications Technology (ICT) service provider delivering
integrated data and value-added services to meet the European needs of
global multi-site corporates and the global needs of European
corporates. We draw upon unparalleled account management and solutions
delivery expertise utilising a portfolio spanning the entire IP value
chain - including mature e-commerce and systems integration
consultancy-to-solutions businesses, as well as broad-service
applications, content hosting and distribution, Internet connectivity
and data transport services."
BT Ignite
http://www.btignite.com/uk/aboutus/who_we_are.html

Other similar companies are
Thawte
http://www.thawte.com
Equifaxsecure
http://www.equifaxsecure.com
Global Sign
http://www.globalsign.net

2. > Answer: The function of the merchant is to sell goods. Examples
of (online) merchants are Amazon.com, Buy.com, PCmall.com.
Merchants should display and make information available on their
products, e.g. technical specification, images, stock levels, and make
clear their refund / returns policy, and other statutory duties.
Typical requirements of UK merchants is reflected by the Which? Web
Trader scheme:
http://whichwebtrader.which.net/webtrader/code_of_practice.html
The merchant needs to ensure that sensitive data is encrypted during
the transaction process using e-security services such as Trustwise.

3. > Answer: Normally in the transaction chain sits the
a. Shopper
b. Merchant (who  to all intents and purposes is the site owner),
c. Online payment provider who provide the mechanism for capturing,
authenticating cards
d. Acquiring bank - who process the funds (store owners / merchants
need to have a merchant account with a bank for the purposes of
executing credit card transactions).

WorldPay an online payment provider explains an internet transaction
scenerio step by step, the merchant is refered to as 'Store':
"How It Works" Worldpay.com 
http://www.worldpay.com/uk/products_services/how_it_works.shtml
"1. The shopper locates the customer's eCommerce site 
2.	The shopper browses the customer's catalogue 
3.	The shopper adds products to their 'basket', then decides to pay 
4.	The customer's WorldPay facilities issue an encrypted 'purchase
token' containing the purchase details
5.	WorldPay decrypts and interprets the encrypted 'purchase token' 
[with the use of a server certificate such as from Trustwise]
6.	WorldPay present the payment form to the shopper 
7.	The shopper enters their card details and submits the form 
8.	The card is authorised 
9.	WorldAlert, our fraud detection system inspects the transaction
details
[re. 9. this is not a feature of all online payment providers] 
10.	Acceptance confirmation is sent to the customer together with any
additional information or warning about the transaction from our fraud
detection system
11.	WorldPay sends the response to the shopper 
12.	Funds transfer takes place"

For offline merchants (bricks and mortar) the transaction chain only
comprises of a, b, and d , who process the cards manually via swipe
terminals.

Search Strategy:
Google Directory >  Computers > Security > Public Key Infrastructure >
PKIX > Tools and Services > Third Party Certificate Authorities
http://directory.google.com/Top/Computers/Security/Public_Key_Infrastructure/PKIX/Tools_and_Services/Third_Party_Certificate_Authorities/?tc=1/

If you need any points clarified please just ask,
kind regards
lot-ga

---

Clarification of Answer by lot-ga on 25 Oct 2002 19:51 PDT

Here is a URL with Trustwise information focusing on the
authentication aspects.
https://www.trustwise.com/siteseal-kit/
Although a website may offer encryption, the shopper needs to be sure
that their information is being submitted to the correct site, and the
website (merchant) is who they say they are.
regards lot-ga

---

Request for Answer Clarification by surabayacuk-ga on 27 Oct 2002 06:32 PST

What kind of merchant that for for www.bh.com , www.namesbeyond.com ,
www.betaller.com??

---

Clarification of Answer by lot-ga on 30 Oct 2002 08:14 PST

Hello  surabayacuk-ga

if I understand you correctly, you are asking what type of merchant
accounts (for credit card processing) do bh.com, namesbeyond.com
and betaller.com use.

namesbeyond.com for the highest levels of security don't keep
customers credit card details on file and use the merchant services of
Surefire Commerce ( http://www.surefirecommerce.com )

bh.com did not disclose their company they use for their merchant
account and the information is not visible on their website. (Some
companies may view it as suspicious and potential security risk if
somebody asks for their merchant account credit card processing
mechanism).

betaller.com responded by simply stating "Purchase your Growth
Enhancement system online via our confidential-safe-and-secure payment
gateway that utilizing the latest technology in security.  We work
with Verisign and two other reliable procesees."

If you need further clarification please ask,
kind regards
lot-ga