The development of the Bulgarian system for online, non-cash payments has been completed, and is set to let holders of credit cards issued by banks in the country order goods online.
The system, called ePay.bg, is a joint project by the national operator of bank payments in Bulgaria, Borika, and the operator of the payment server, the private company Datamax.ePay.bg is designed for online payments, and allows the owners of debit cards and credit cards (Europay/MasterCard, Visa, American Express) issued by Bulgarian banks to transfer money to merchants' accounts. ePay.bg separates the internet and the national payment system for bank cards. In this way the security of the whole system is guaranteed, and the opportunity for unauthorized access to Borika is eliminated. The Payment Server (PS) resides between the 'Net and Borika. It is operated by Datamax, which assumes the role of a broker for the transaction orders.
All transactions are authorised and registered by the PS before they are sent to the subsystem for authorisation of payments via the internet.
To get access to the system the merchant should have a contract with a bank for accepting payments with bank cards, and open a special account. Unlike the payments conducted outside the Internet, merchants must register for a so-called virtual POS (point of sale) terminal account.
Merchants must also register to use the PS via a Web application. The application requires merchants to fill out the necessary data for conducting payments. The communication between the PS and the trader is done through the SSL protocol, which uses asymmetrical encrypting with a double key for protection of the transferred data, and is supported by most browsers. After registering, merchants are given a trading identification number (TIN), which gives them accreditation to use the system.
Users (card holders) must also register to use the PS. After a user has registered, the PS generates a client identification number, which the client uses to enter the system.
Payments are conducted in several steps. After the client selects goods on the Web server of a merchant, the order is sent to the PS, encrypted with the merchant's personal key, including data about the deal. At this stage there is still only a payment order - not a real payment.
The PS then generates the order, which the client either accepts or declines. In the case of a confirmation, the form is checked in the PS for accuracy of the data, and then the form is sent to Borika for payment authorization. The ensuing procedure is analogous to the standard one for payment with debit and credit cards through standard POS terminals. The authorised payment results in Borika sending the order for payment to the card owner's bank the next working day.