Principles

The e-commerce model being developed in this document is founded on a number of important assumptions:

1. Merchants and their Commerce Service Providers (CSPs) should be able to implement the system using any technology or implementation language of their own choosing. Such choices must be independent of the infrastructure selected by the acquirer. To facilitate this flexibility, transactions will be conducted using documents conforming to specified XML Document Type Definitions (DTD) over HTTP or SSL-encoded HTTP (HTTPS). Apart from these requirements, all other aspects of the acquiring or merchant systems can  be independent of choices made by the other.
2. When encryption of the transaction is required, the SSL certificate of the acquirer will provide such encryption. The merchant should not be required to purchase or implement a Key Management System (KMS) or purchase keys or certificates to encrypt transactions with the acquirer. This is a service provided to the merchant by the acquirer.
3. The time to market for a merchant to bring their e-commerce site on line should be as short, economical and simple as possible. Very few requirements for additional software or hardware should be placed upon their Internet hosting provider.

For these reasons, the merchant has three possible options for using this system:

1. The Buy Button option: The merchant can insert a URL containing the entire XML encoded document in a static page. The XML encoded document would contain at a minimum, the purchase description, merchant identification, and order amount. The consumer clicks on the link to the URL, be redirected to the acquirer’s SSL secured web-site, and enter their purchase card and order fulfillment information. The status of the order would normally be e-mailed back to the merchant. Optionally, the merchant can be informed of the status of an order by other means as well: an HTTP transaction, or a secure web site.
2. The Shopping Cart Order option: The merchant can create a dynamic URL based on some shopping cart application. This URL would include at a minimum, the purchase description, merchant identification, order number and order amount. The consumer clicks on the link to the URL, be redirected to the acquirer’s SSL secured web-site, and enter their purchase card and order fulfillment information. Again, the status of the order would normally be e-mailed back to the merchant. Optionally, the merchant can be informed of the status of an order by other means as well: an HTTP transaction, or a secure web site.
3. The Cardholder Order option: The merchant can create a dynamic web page based on some shopping cart application and then ask the consumer for purchase card and order information. The merchant web site would necessarily provide SSL encryption for the user to supply this information. The merchant can then open a connection to an SSL-encrypted URL of the acquiring system and transmit all information for purchase authorization. In this case, the status of the order would normally be sent back to the merchant in an HTTP response over the SSL encrypted session.