An architecture and system uses a smart card for payment of goods and/or services purchased on-line over the Internet. A client server on a client terminal controls the interaction with a consumer and interfaces to a card reader which accepts the consumer's smart card. A payment server on the Internet includes a computer and terminals that contain security cards to handle the transaction, data store and collection. Also connected over the Internet is a merchant server advertising the goods and/or services offered by a merchant for sale on a web site. The merchant contracts with an acquirer to accept smart card payments for goods and/or services purchased over the Internet. A consumer uses his smart card at the client terminal in order to purchase goods and/or services from the remote merchant server. The Internet provides the routing functionality between the client terminal, merchant server and payment server. The client terminal emulates a security card in interacting with the smart card, and the responses received are grouped together and sent as a draw request message to the payment server. The payment server then emulates the smart card in an interaction with the security card. The security card delivers the expected smart card signature to the payment server and/or on to the client terminal or merchant server to reduce message traffic between the entities on the network. The comparison of the smart card signature to an expected value can occur at any location. Encryption is used for security.