January 1999 Issue

THE CPA & THE COMPUTER

PAYMENT PROCESSING IN ELECTRONIC COMMERCE

By Linda Lee Larson

One of the thorniest issues in the realm of e-commerce is how to provide secure channels for the processing of payments. The explosive growth that had been predicted has been somewhat dampened by the technical problems of paying for goods purchased on the Internet. However, once these issues have been satisfactorily resolved, experts are predicting a massive growth in the dollar volume of Internet-based sales. Various approaches have been taken to solve this problem. They range from e-mail messages to electronic checks to secured credit card transactions to electronic cash systems. Each type will be presented briefly.

Early Efforts

First Virtual (FV) developed an early, e-mail based payment scheme to assist Internet customers. FV serves as an intermediary between the customer and merchant, essentially allowing the customer to use a credit card without giving the merchant the card number directly. Once the customer is set up with FV, he or she is issued a PIN to give to the merchant at the time the customer wishes to purchase goods or services over the Internet. The merchant is paid by FV, which receives payment by charging the consumer's credit card for the purchase.

A number of electronic check products were introduced in the mid-1990s. The idea of an electronic check is similar to the use of conventional checks, but uses public key cryptography. The check includes the typical information on a paper check, including the names of the payer and payee, the name of the bank, the account number, and the amount. Then the check is digitally signed by the payer. Early products included NetCheque, NetBill, and others. None of these approaches have gained widespread acceptance.

Credit Cards

The easiest way for a consumer to pay for goods purchased online is to give the online merchant a major credit card number. Consumers typically do not hesitate to give out their credit card number when they order an item from a mail-order catalog. However, many consumers are unwilling to give that number online because they fear the number could be intercepted and used by an unauthorized party. For that reason many online businesses give their customers the option of placing their order via an 800 number. However, this has been argued as defeating the whole purpose of having the website in the first place.

Various software companies have developed credit card transaction-processing software for Internet-based sales. These packages all promote one or more protocols (involving encryption) for securing credit card transactions. Each works by establishing a secure channel between the consumer and the online business. The most common protocols include the older and more established Secure Socket Layer (SSL) protocol and the newer Secure Electronic Transactions (SET) protocol.

Netscape's Secure Socket Layer protocol continues to be the most widely used protocol. SSL works by adding another protocol stack on top of the TCP/IP Internet stack. Specifically, SSL provides secure communications by providing end-to-end encryption of the data that is sent between the customer and merchant. It also provides authentication of the server and provides for data integrity of the message packet.

Secure Electronic Transaction protocol, which is more secure, may become the standard in the future. SET works with what may be called an electronic wallet that resides on the consumer's personal computer. The consumer must first obtain a cardholder certificate from a financial institution regarding that credit card. This certificate, which does not contain the account number or expiration date, is digitally signed by the financial institution. Merchants also must be set up with digital certificates because they need to be able to digitally sign electronic documents. Once all parties are set up properly, when the consumer decides to make a purchase while shopping on the Internet, the consumer's browser-based electronic wallet will respond to the SET messages from the merchant's computer. The merchant's server will receive and verify the consumer's SET certificate. If approved electronically, the cardholder's credit account will subsequently be debited and the merchant paid.

Electronic Cash

Electronic cash is a form of electronic banknote that may be spent by a consumer for online purchases. If it comes into widespread use, electronic cash would enable customers to make purchases over the Internet and then pay by transferring electronic cash to the merchant. Potentially electronic cash payments could be made very cheaply, conveniently, and quickly. If adopted by consumers and the business community, it could eliminate the need for a person to have a major credit card number before he or she could go shopping on the Web.

For electronic cash transactions to work, both the consumer and the merchant have to be set up for the same type of electronic cash transactions and be using compatible software. The consumer would be able to transfer electronic cash to his or her personal computer through the use of a credit card or other type of currency transfer. Then, the individual could purchase a product or service and make payment by transferring electronic cash from his or her personal computer's digital purse or cyber wallet to the online seller's account.

A major problem with any form of electronic cash is that of double spending. To prevent this double spending, the issuer must maintain an online database of all banknotes that have been spent and must verify that each and every electronic cash note presented for payment has not been previously spent. A number of software vendors and major banks have developed software to support this new type of online banking product. Major products include eCash by DigiCash and CyberCoin from CyberCash.

eCash from DigiCash. DigiCash is an early pioneer in the field of electronic currency. Their product is a bearer certificate system. Whoever holds the eCash owns the funds. The eCash system requires consumers to use DigiCash software to generate eCash tokens and then forward them to the bank (using a digital envelope) for certification. The bank then certifies them, deducts the dollars from the customer's bank account, and returns the eCash tokens to the consumer. The consumer then can use those certified coins to pay for purchases made on the Internet.

DigiCash's eCash software uses a public key cryptography that makes it possible to send eCash transactions safely over the Internet. The DigiCash blinding process can make the transaction as anonymous as any paper cash transaction. Therefore this electronic cash product is strongly anonymous unless all parties to the transaction collude to figure out the identity of the payer.

DigiCash's eCash consumer software is easy to use and has buttons for withdrawing, paying, or checking on the status of the account. DigiCash also offers eCash software to meet the needs of Internet retailers as well as software to set up banks for managing accounts and authenticating electronic cash.

Privacy and total anonymity of transactions are the cornerstone of the DigiCash product. Although this anonymity of transactions has been touted as an advantage of the product, this feature also has been criticized because of the lack of an easy way to trace these transactions. One concern is that their type of currency moves totally outside of the traditional banking system. As of mid-1998, the Mark Twain Bank in St. Louis was still the only eCash issuer in the United States.

CyberCoin from CyberCash. In October, 1996, CyberCash introduced its digital cash product, CyberCoin. It is similar in many ways to the DigiCash product. First the customer downloads the CyberCash-provided software on his or her personal computer. The customer then establishes an electronic money account with CyberCash and downloads the CyberCoins token on his or her personal computer. (CyberCoin tokens are identified by serial number and denomination and must be digitally signed by the issuing bank.) The customer can go shopping and conduct payment transactions on the Internet with merchants set up to accept payment in CyberCoin tokens. At the end of the day, CyberCash will clear all CyberCoin transactions and convert CyberCoin balances back to dollars.

A primary difference between this and the DigiCash product is that CyberCash converts funds directly and as such will be operating within the traditional banking system. Another difference concerns the privacy issue.

The recipient of the CyberCoin type of electronic cash is not ever anonymous, because the recipient of the electronic cash must redeem the funds at a bank. Because each electronic cash token has its own encrypted serial number, CyberCoins can be traced back to the recipient. However, a fraud risk does exist. If someone else were to access a person's personal computer, that person would be able to spend the CyberCoins currently loaded on the computer's hard drive. Although promoters have lauded the promise of electronic cash products, neither the banking community nor consumers have embraced either form of electronic cash.

Smart Cards

A smart card is a credit-card sized plastic card that contains a computer processor. Because of the chip technology, the smart card can be used to store various types of information including, but not limited to, identity information, medical records, or electronic cash. Many persons think the use of smart cards is the wave of the future. They have been widely accepted in Europe for a number of years.

The process is fairly simple and straightforward. The customer obtains a smart card from an approved vendor or issuing bank, for example, and has money loaded onto his or her smart card using a special card reader. The customer going shopping can then present the card to the merchant. If the merchant is set up to accept smart card transactions and has the special card reader, the merchant can accept payment by deducting value from the customer's smart card. All parties to a smart card transaction must have access to the special card reader before the transaction can occur.

At this time no standardized technology exists. The best known smart cards are the Mondex cards widely and successfully used in Europe. This product allows cash to be transferred between cardholders, as well as between customers and merchants, without the involvement of the banking community. Visa Cash, which made its debut at the Atlanta Olympics in 1996, is another major player. This product works within the banking community and is attractive to major banks because the issuing bank earns float on the money that resides on the Visa Cash cards they issue. Both products use cryptography to provide security.

In the fall of 1998, a number of banks announced that a test program for issuing smart cards was terminated because of the low level of usage by those in the test program. What this means to the future of smart cards as a medium of exchange is not yet evident.

At present smart cards are migrating toward the Internet. If personal computer-based card readers become common, a consumer may be able to transfer funds electronically from his or her bank account to a smart card and then go shopping, either in person or on the Internet. *


Linda Lee Larson, DBA, CPA, CIA, CISA, is an assistant professor of accounting at Texas A&M University­Corpus Christi.

RISKVIEW: A NO-COST FACILITATOR OF FINANCIAL PLANNING

By Phyllis V. Copeland, Philip J. Harmelink, and William M. VanDenburgh

The Dow Jones Industrial Average has experienced accelerating volatility during recent times. The increased volatility has investors contemplating portfolio changes to reduce risk and achieve their long-term objectives. They are facing confounding questions such as: How does my portfolio risk change if I buy stock X? How shall I reinvest my sale proceeds? What return do I need on reinvestment to justify selling a current position? How is my portfolio performing relative to the Dow?

While some investors rely on advice from brokers, a broker has an inherent conflict of interest. If a client does nothing, the broker goes without compensation. A true fee-based financial planner overcomes this conflict of interest. CPAs are becoming increasingly involved in rendering investment advice. Some CPAs are becoming registered investment advisors and broker/dealers. CPAs and accounting consultants maintain that they have become involved with investment advice to keep up with the large accounting firms that offer a wide range of consulting services. However, accountants may not have access to planning resources commensurate with those of a full-service brokerage house. An article in The CPA Journal (May 1998) lists portfolio analysis as one of a number of new service ideas for tax practitioners. The Journal of Accountancy (January 1998) corroborates the growing significance of the accountant as a financial planner and briefly describes a number of websites containing information useful in planning decisions. Only one site referenced performs analyses of actual or hypothetical portfolios--riskview.comTM.

The Internet site of interest (www.riskview.com) affords fee-based advisors a resource for portfolio analysis and planning. Riskview offers a sophisticated, risk-based analysis program that is comprised of eight modules. All eight sections may be utilized free of charge by any user. This software allows the user to see investment returns for specified periods, estimate portfolio risk, reach decisions regarding the portfolio's potential to improve performance while reducing risk, and more. Riskview is a venture of Infinity Financial Technology, Inc., that had previously been available to and used by professional money managers, funds, and financial institutions to assess portfolio strategies and risks. It uses over five years of data for approximately 3,000 individual securities in 29 countries, performs analyses in foreign currencies as well as dollars, considers the investor's selected tax rate, and is updated daily. Riskview employs statistical regression models and historical data. Users of the software may analyze portfolios containing up to 20 different equity securities. In addition to selecting the stocks comprising the portfolios, Riskview users can select the starting and ending dates of the period of interest and benchmark indexes for performance comparisons. Complete user instructions and explanations are also available online.

The Riskview Modules

The eight modules may be summarized as follows:

Daily Market Summary. This module presents Kiviat, or spider, diagrams showing the prior trading day's market returns by regions of the world, global industry sectors, and by U.S. industry sectors.

Select and Build. This option enables the user to select stocks to assemble an actual or hypothetical portfolio to be analyzed. Also, the user may select from regional and sector indexes against which the portfolio's performance will be compared.

Analyze Stock. This selection reports price movements and risk-return percentages for specific securities (or the entire portfolio) and compares them against the specified index(es) for the user-selected time period. Comparisons with selected benchmarks include the risk, return, and volatility of the specific securities.

Portfolio Return. This module compares the overall portfolio performance as well as that of each individual security to the selected index(es).

Risk-Return. Here Riskview compares the portfolio's risks and returns to an index over the selected time period.

Risk-Analysis. This selection forecasts risk estimates for the portfolio's stocks based upon their historical performance.

Correlations. This module calculates the price movement correlations between each pair of stocks in the portfolio and presents the results in a correlation matrix.

Value at Risk. This selection calculates the loss potential of the portfolio and of each stock comprising the portfolio over a specified period of time.

Using Riskview

Practitioners can conveniently access the Riskview site using any Internet service provider. The Riskview opening instructions recommend using Netscape Navigator 3.0 (it may be downloaded free of charge from www.netscape.com) with slight configuration changes (make sure Java and JavaScript are enabled, and set disk and memory cache to 5,000K or higher). New users must register with Riskview to obtain basic information. Thereafter, the registered user can utilize all modules of the software.


To illustrate just what information and analyses are obtainable from Riskview, the ensuing discussion will walk the reader through usage of the eight parts of Riskview. Because of space limitations, screens for only two of the eight modules are presented here as exhibits. Readers will have to visualize the others in their minds or log on and register for Riskview themselves. For the purposes of the discussion, a hypothetical portfolio was constructed; see the Table for specifics.

A daily market summary was obtained by selecting the summary option. Since the summary was requested on April 1, 1998, the Kiviat diagrams produced by Riskview were for March 31, 1998, the most recent prior trading day. For each of the diagrams, the outer edge of the gray circle (circumference) represents a return of zero percent, the center of the diagram represents a negative return of five percent, and the outer edge of the white circle represents a positive five percent return, compared to the return of the previous day.

Next, the select-build option was chosen to create the hypothetical portfolio to be analyzed. The portfolio sub-option automatically displayed a default portfolio of technology stocks along with a U.S. technology index. These were cleared and replaced with the portfolio of interest, and the USDOW was chosen as the benchmark under the benchmark sub-option. If selected, the pick list option would show that the portfolio stocks input were automatically included in the pick list. Here, the user can add other equities to the pick list if desired, up to a maximum of 50 items, thereby supplementing the 20-stock limit of the portfolio itself.

Any of the stocks in the portfolio may be analyzed by selecting the analyze stock option. This option was selected and Coca Cola (KO) was singled out for analysis along with the previously selected USDOW as the benchmark. The time frame chosen was January 8, 1992 to April 1, 1998. The price of KO in this time frame ranged from a low of $17.90 to a high of $80.60, its closing price on April 1, 1998. The Kiviat diagram shows that KO considerably outperformed the market in the current year. The value vs. time plot of KO against the USDOW shows that KO has experienced a higher return than the USDOW since 1995. The risk-return table shows that KO has had a higher return and greater volatility than the benchmark and that its forecast volatility exceeds that of the USDOW by over 11%.

The portfolio return option was selected next. Either prices or returns may be requested; for this illustration, returns were chosen. The same time period and the same benchmark were used. The display (Exhibit 1) shows that the portfolio's returns over the period decreased to as low as 92.4% at the beginning of the period and increased to a high of 383.4% of the start value. For each stock in the portfolio, the annual total returns are given as percentages. The candle graph's left and right endpoints represent each stock's low and high, respectively, and the clear and filled-in circles, respectively, represent the returns at the start and end of the selected time period. The values over the time plot show the portfolio's returns compared to those of the USDOW. The distribution of daily returns is a histogram that shows the portfolio's returns distribution, that is, the number of days experiencing a given return over the period. If this chart is perfectly symmetrical, then the portfolio's returns are normally distributed. In this case, it approximates the normal distribution traced by the single line on the same plot.

The risk-return selection display (Exhibit 2) compares the portfolio's historical risk and returns to the USDOW benchmark for the period of interest. For each equity position, its Alpha and Beta are listed. Alpha is an indicator of a security's returns compared to the benchmark, after adjusting for differences in risk. Thus, the higher the Alpha above one, the more favorable are the returns of the security compared to the USDOW. Beta is an indicator of price movement compared to the benchmark. A Beta of one means that the security's price fluctuates as much as the USDOW; a higher Beta means greater price movement; a lower one means less movement. The scatterplot of daily returns shows the returns for the portfolio's positions (in percent) compared to the benchmark's returns. Because one dot per day per security is plotted, the central portion of the plot appears to be filled in solidly. This plot indicates that the portfolio is positively correlated with the USDOW or, in other words, approximates the benchmark's movement. The historical return vs. risk plot shows the USDOW, the portfolio as a whole, and each security in the portfolio plotted by risk (a function of the security's Beta) and return. Clicking on the dot with the relatively high risk of 30 and relatively low return of about 15 (towards the "unfavorable" quadrant of the plot) showed it to be IBM. The security with a risk of approximately 31 and a return exceeding 40 is Travelers, a desirable holding with respect to its return/risk ratio.

Selection of the risk analysis section of Riskview produces a screen that estimates risk for each equity position in the portfolio. The forecasted estimates of risk (volatility) are based on annualized, exponentially moving averages so as to give greater weight to more recent data. The presentation shows that Travelers and IBM are the most volatile, consistent with their relatively high risk depicted in the previous plot.

The correlations option produces forecast volatilities and correlations for pairs of positions in the portfolio. The analysis is designed to measure the diversity in the portfolio on the theory that a properly diversified portfolio would not be filled with stocks that are highly correlated. In the hypothetical portfolio, IBM and AHP have the largest negative correlation, -.216, indicating that these two securities experience offsetting price changes, i.e., when one moves up, the other drops in value. On the other hand, SBC and XON have a high positive correlation of .682, indicating that these stocks move in the same direction at the same time.

Finally, the value at risk option was selected. Based on the variability of each security in the portfolio, this selection predicts the probability of the portfolio losing a specific dollar amount within a specified future period and estimates the portfolio's dollar departure from benchmark movement. This module may be a useful tool in estimating worst-case scenario performance of various portfolios.

Riskview's Role in Investment Decisions

Riskview's analyses may facilitate a number of investment buying, selling, and replacement decisions. For example, the investor may wish to know the effect that the addition of a specific security would have on the portfolio. It may be entered in Riskview as part of the portfolio and the effect (risk-return wise) will be shown. Similarly, the effect of disposing of one or more holdings may be seen. Riskview may even suggest which stocks to hold and which to sell based on each stock's return compared to its risk and the benchmark indexes. Riskview factors into its computations whatever income tax rate the user inputs, so after-tax returns are those shown. It is relatively simple to factor in the effects of capital gains tax (Riskview does not consider it). The return needed on the replacement investment to cover the capital gains tax depends upon the time over which the investor wishes to recoup taxes while obtaining the desired rate of return.

Riskview may assist in portfolio diversification. The investor should be sure that the portfolio contains an assortment of stocks that do not all move together. Riskview's correlations can assist in this process. Furthermore, since Riskview can compute foreign currency, the investor can see the effects an international investment would have upon the portfolio's performance.

Of course, the greatest concern to investors is future performance. Based on a portfolio's past performance, Riskview's analyses can provide some insight. It must be remembered, however, that historical performance is not guaranteed to continue into the future.

Last, but not least, Riskview enables the investor to assess the portfolio's past performance and compare its performance to any of numerous benchmarks. Investors who have targeted returns can see whether their objectives are being met. Repeated analyses over time may be useful to the investor who holds a portfolio and watches its performance to see that it continues to perform at a desired level. Riskview "snapshots" will show whether the portfolio continues to experience the desired returns and whether it continues to keep pace with the desired benchmarks. If an unfavorable departure is noted, then the investor may test out the effect of replacement securities.

Limitations of Riskview

The use of Riskview to predict market performance must be approached with caution. Even with this sophisticated aid, future performance is always uncertain. Another limitation is the 20-stock maximum that may comprise a portfolio. Recall, however, that this limitation may be at least partially circumvented by adding additional securities to the pick list. Finally, in the course of experimentation with Riskview, it was noted that certain stocks are not fully incorporated into the database. These include some big capitalization stocks and those with merger and spin-off activity. Riskview's analysis ends at the spin-off date if that date occurred prior to the selected period end. The stock must be removed from the portfolio to obtain the analysis for the entire period. Such database deficiencies are being resolved when discovered. *


Phyllis V. Copeland, PhD, CPA, is an assistant professor of accounting at the University of New Orleans. Philip J. Harmelink, PhD, CPA, is the Ernst & Young Professor of Accounting at the University of New Orleans. William M. VanDenburgh, CPA, is a self-employed accountant.


Editors:
Paul D. Warner, PhD, CPA
Hofstra University

L. Murphy Smith, DBA, CPA
Texas A&M University


This Month | About Us | Archives | Advertise| NYSSCPA
The CPA Journal is broadly recognized as an outstanding, technical-referred publication aimed at public practitioners, management, educators, and otheraccounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments. 


©2006 The CPA Journal.  Legal Notices

Visit the new cpajournal.com.