• The customer: typically, a holder of a payment card — such as a credit card or debit card — from an issuer.
• The issuer: a financial institution, such as a bank, that provides the customer with a payment card. The issuer is responsible for the cardholder's debt payment.
• The merchant: the person or organization that sells goods or services to the cardholder via a Web site. The merchant that accepts payment cards must have an Internet Merchant Account with an acquirer.
• The acquirer: a financial institution that establishes an account with a merchant and processes payment card authorizations and payments. The acquirer provides authorization to the merchant that a given card account is active and that the proposed purchase does not exceed the customer's credit limit. The acquirer also provides electronic transfer of payments to the merchant's account, and is then reimbursed by the issuer via the transfer of electronic funds over a payment network.
• The payment gateway: This function, operated by a third-party provider, processes merchant payments by providing an interface between the merchant and the acquirer's financial processing system.
• The processor: a large data center that processes credit card transactions and settles funds to merchants, connected to the merchant on behalf of an acquirer via a payment gateway.

1. The customer places an order online by selecting items from the merchant's Web site and sending the merchant a list. The merchant often replies with an order summary of the items, their price, a total, and an order number.
2. The customer sends the order to the merchant, including payment data. The payment information is usually encrypted by an SSL pipeline set up between the customer's Web browser and the merchant's Web server SSL certificate.
3. The merchant requests payment authorization from the payment gateway, which routes the request to banks and payment processors. Authorization is a request to charge a cardholder, and must be settled for the cardholder's account to be charged. This ensures that the payment is approved by the issuer, and guarantees that the merchant will be paid.
4. The merchant confirms the order and supplies the goods or services to the customer.
5. The merchant requests payment, sending the request to the payment gateway, which handles the payment processing with the processor.
6. Transactions are settled, or routed by the acquiring bank to the merchant's acquiring bank for deposit.

B. VeriSign Payflow Payment Services
VeriSign Payflow Payment Services offers the most effective way to streamline the flow of all kinds of payments through this complex system — quickly, efficiently, and above all, securely. Payflow simplifies e-commerce by providing payment connectivity over the Internet between buyers, sellers, and financial networks. VeriSign uses a client server architecture to process transactions: the client is installed on the merchant's site and integrated with the merchant's e-commerce application. The client software establishes a secure link with the VeriSign processing server using an SSL connection to transmit encrypted transaction requests. The VeriSign server transmits the request over a private network to the appropriate financial processing network. When the authorization response is received via the financial processing network, the server returns the response to the merchant's client, which then completes the transaction by sending an acknowledgment to the server. Typical transactions occur within 3 seconds.

By partnering with VeriSign, merchants gain the ability to free themselves from point-to-point and difficult-to-integrate payment solutions, reaping the benefits of an integrated payment platform designed specifically for the Internet. Payflow supports all major consumer credit card, debit card, electronic check, purchase card, and Automated ClearingHouse (ACH) transactions. (ACH is a nationwide, wholesale electronic payment and collection system that serves as a method of transferring funds between banks via the Federal Reserve System.)

Its robust and open architecture has been designed to support both business-to-consumer (B2C) and business-to-business (B2B) payment applications. It provides the industry's highest performance and reliability and is a highly scalable outsourced solution that can easily grow to hundreds of millions of transactions per month. VeriSign Payflow has proven to be considerably faster, more reliable and scalable than any other competing solution. Using VeriSign Payflow, a merchant can connect to most banks, transaction services, or forms of payment without worrying about the underlying technology. Customers can pay with a variety of financial instruments, including checking accounts, savings accounts, and credit cards, quickly and simply.

VeriSign Payflow hides the complexity of payment

Competitive design advantages of the VeriSign Payflow service include:

• Open connectivity with almost all bank processors and payment types through unified interfaces
• Pre-integration with the most popular e-commerce applications and forthcoming payment-enabled Internet appliances such as Personal Digital Assistants (PDAs)
• Continuous maintenance of a TCP/IP network connection throughout each transaction until it either successfully completes or times out. Unlike most competing solutions, VeriSign Payflow's payment connection both enables a faster response times (averaging 2.2 seconds) and — through confirmation of transaction completion — elimination of uncertainty of transaction status.
• High availability that exceeds 99.99 percent with dynamic load balancing and failover between all servers
• An XML integration layer both on the server side for ease of integration with additional services (such as fraud screening), and on the merchant side for ease of integration into back office applications
• A Software Development Kit (SDK) allowing for more advanced custom integration into e-commerce applications

• Lower connectivity cost: Connecting to the payment networks over the Internet through VeriSign costs less to set up and maintain than leased lines or modem connections.
  
  
• Better connection quality: VeriSign manages high-bandwidth, fault-tolerant network connections to the processing networks.
  
  
• More payment options: Merchants can add new payment types without having to install new software.
  
  
• Increased flexibility: Merchants can switch banking relationships and continue to use the same installed software to process payments with the new bank.

• Payflow-enabled e-commerce applications: Many off-the-shelf e-commerce applications are pre-enabled to use VeriSign's Payflow payment processing, giving merchants a complete solution that can be used out-of-the-box. VeriSign's broad third-party support and superior payment connectivity enables merchants to independently choose the best e-commerce application and the best payment processor for their business needs.
• Payflow Link: A hosted order form service that makes payment processing as simple as adding Web links to a merchant's Web site. See "VI. VeriSign E-Commerce Trust Infrastructure Solutions" below for more on Payflow Link.
• Payflow Pro SDK: A software development kit that gives merchants direct access to VeriSign's Payflow payment processing API via a "thin client" network service. See "VI. VeriSign E-Commerce Trust Infrastructure Solutions" below for more on Payflow Pro and the Payflow Pro SDK.

Through VeriSign's acquiring bank partners, merchants are also able to apply for merchant bank accounts during the registration process. In all cases, online registration and account management enables merchants to be up and running in minutes.


A look inside the VeriSign Payflow payment processing operations center

C. Payment Processing Backbone
The VeriSign payment client is a Secure Sockets Layer (SSL)-enabled communications agent that uses routing parameter inputs to locate and establish communications with a VeriSign transaction server. After a secure communication channel has been established, transaction data is passed to the VeriSign payment infrastructure for processing. VeriSign transaction communications have been designed to minimize message-handling errors by ensuring an uninterrupted, TCP-level communication stream between the client and the server. The VeriSign architecture has the highest performance in the industry. The average transaction response time is 2.2 seconds.

The following sequence of messages illustrates the communication stream during a typical transaction from a VeriSign-enabled client to the VeriSign Payment Services operations center.

• The client opens an SSL connection to a server and sends all transaction data.
• The server processes the transaction, sends a response back to the client.
• The client sends an acknowledgment to the server indicating that the response was successfully received.
• The connection is closed.

• Internal Resources: VeriSign server software incorporates a sophisticated threading model designed specifically to deliver maximum throughput for payment transactions. Signal and timer logic for handling payment transaction exceptions and errors is built into the server's kernel. File system access and logging are optimized for payment transactions.
• Database Resources: VeriSign uses state-of-the-art DBMS technology to store and log the transaction activity. It has kernel-level control of database logins and resources, which provides a level of performance tuning and error recovery that is not available to payment systems that are based on Web servers.
• Network Resources: Because the VeriSign server is "payment-aware" at its core, it can manage the complex dynamics of communicating with card processing networks. Effective load balancing is achieved both in the local processes and in coordination with peer servers to implement an array-wide throughput optimization strategy — in other words, VeriSign servers perform load balancing both internally and in relation to other transaction servers in their cluster. As transaction loads grow for a cluster, this advantage becomes increasingly important.

• Payment Server Cluster: These machines run the VeriSign Payment Server and manage the processing of inbound transaction requests to the processing networks.
• Web Server Cluster: These servers provide Web application functionality associated with the payment services. VeriSign's merchant reporting and virtual terminal systems are provided here.
• Replicated Database Cluster: These machines host the database servers. This cluster is broken up into write-biased, read-biased, and replicator machines. Write-biased servers are configured for maximum throughput for new transactions and are used by default by the transaction servers. Read-biased servers are configured for maximum speed on queries and reports and are used by default by the Web servers. Replication machines manage the synchronization of the data between all of the local database machines in the cluster as well as other cluster and backup/archive services.

• Extensibility: XML enables easy update and extension of existing services to quickly add altogether new services to existing applications.
• Automation: Currently, merchants can download a set of preset reports from the VeriSign Payflow Manager Web site, but have limited flexibility in what can be queried, or how the results are returned. XMLReport provides an automation language for merchant reporting. Complex queries and result formatting instructions can be communicated to the VeriSign service in a straightforward manner.
• Interoperability: XML is quickly gaining momentum as the lingua franca of system interchange. Via its three XML specifications, VeriSign Payment Services will publish an XML-based vocabulary for its services. By collaborating with partners, this vocabulary will be consistent with emerging industry-standard vocabularies, as well as those of the partners.