||Smart cards are replacing traditional magnetic cards payment transaction. This is because of enhanced security capabilities that can be built in a smart card. With the high popularity of web technology, there is a trend towards smart cards are used as an electronic wallet for micro-payment transaction on Internet. Most of the related work of smart card payment transaction on web concentrates only on the security aspects of hardware/firmware, encryption method and key management, or they only propose the online shopping protocol by uni-directional payment transaction based on the scenery of exact payment from the customer to merchant during business activity. Furthermore, the shopping protocols proposed so far do not support negotiation, bargaining or privacy issues between the parties during transaction. The main focus of this paper is to raise some important security and privacy issues for bi-directional payment transaction with change among more than two parties involved business activity.