Transcript Internet Commerce: Understanding Payments, Security and
1
Internet Commerce: Understanding Payments, Security and Storefronts presented by: Stephanie Denny, [email protected], www.denny.dc3.com
David Strom, [email protected], www.strom.com
(c) Stephanie Denny and David Strom, 1998
2
Day 1: Internet Commerce presented by: Stephanie Denny, [email protected]
(c) Stephanie Denny and David Strom, 1998
3
Why This Tutorial
A successful web storefront must accommodate the common forms of electronic payment in use today
Customer payment choices = increased sales
Not all payment systems look or act the same
The right payment options protect you as well as your customer
(c) Stephanie Denny and David Strom, 1998
What This Course is Not About
4
Mathematics of Public Key Cryptography
In-depth discussion of Visa ® and MasterCard ® operating regulations for e-commerce
Legal advice for e-commerce issues related to operating a web storefront
Writing your own storefront systems from scratch
In-depth on security issues
(c) Stephanie Denny and David Strom, 1998
5
Course Topics-- Day 1 (Denny)
The essential ingredient to web storefronts: providing for payment of goods and services
What is a secure transaction, and why all the fuss about it?
Overview and demonstration of payment systems that are working on the Internet today
The future of payments on the Internet
(c) Stephanie Denny and David Strom, 1998
Course Topics-- Day 2 (Strom)
What Becomes eCommerce Success
Choosing the Right eCommerce Path
Installing and Operating Your Own Storefront
6 (c) Stephanie Denny and David Strom, 1998
Course Approach
7
Overview of major payment systems and storefront products
Give real-life examples and online demos
Help relate information to your own situation
Provide insight into different approaches, technologies
Discuss pros and cons of each
Multiple Q&A sessions
(c) Stephanie Denny and David Strom, 1998
8
Some $5.00 Words I Will Not Use in Today’s Presentation $5.00 Word
Nascent
Ubiquitous
Efficacious
Paradigm 5-cent Synonym
New
Everywhere
Effective
Standard
(c) Stephanie Denny and David Strom, 1998
9
Denny’s Background
I’ve been involved with payment systems for a long time
26 years in credit cards / banking (both the acquiring and issuing sides of the credit card business)
Managed the development of an on-line banking service for a major US Bank Credit Card Mostly non-technical, with major experience in Marketing and Communications
(c) Stephanie Denny and David Strom, 1998
Strom’s Background
I’ve been involved in the Internet for some time
Have used most of the products we demonstrate
Have consulted to a few of the vendors, but still have strong opinions
10 (c) Stephanie Denny and David Strom, 1998
11
Our Beliefs
Our perspective is from the Consumer’s viewpoint, as well as from the Merchant’s
We believe that e-commerce is the next evolutionary step in payment systems
There will be other iterations of eCommerce payment forms yet to come
(c) Stephanie Denny and David Strom, 1998
Our Perspective on the Internet
12
Historically, it will have as profound an effect on humanity as did the invention of the printing press
It is a mass communication medium, but different because it is two-way and feedback is instantaneous
Commercially, it is another channel for sales and distribution
(c) Stephanie Denny and David Strom, 1998
13
Some Disclaimers
I am not a mathematician, engineer or cryptography expert
However:
I was in the credit card business before Visa and MasterCard were around I’ve been around the Internet since the early days of the World Wide Web
(c) Stephanie Denny and David Strom, 1998
14
Benefits of the Internet
Free exchange of information; expansion of personal knowledge
Instant distribution of information, worldwide
At the same time, we all share the responsibility for accurate publishing
(c) Stephanie Denny and David Strom, 1998
15
Marketing on the Internet
Direct, one-to-one marketing opportunity
Allows you to learn useful information to build a relationship with your customer
Relatively inexpensive medium compared to advertising, direct mail or telemarketing
Results are measurable
(c) Stephanie Denny and David Strom, 1998
Marketing on the Internet
Some say that eCommerce has slowed down, and some say it’s taking off
How do we convince the general public that they will really like eCommerce?
16 (c) Stephanie Denny and David Strom, 1998
17
Marketing on the Internet
The Internet has the capacity to be a major distribution channel
Business-to-business use will grow faster due to efficiencies realized online
However...
(c) Stephanie Denny and David Strom, 1998
18
Marketing on the Internet
The Wide use of eCommerce by Consumers Will Depend on Several Things:
Easy forms of payment
Trust in the system Perceived benefits outweigh the risk (What’s in it for me?)
(c) Stephanie Denny and David Strom, 1998
Marketing on the Internet
19
This is a fundamental change in the concept of money
Like the introduction of the credit card and the ATM, it will take some time (but the adoption curve will be faster)
However, if you tried to buy on the Internet during the past Holiday season, you know it’s growing
(c) Stephanie Denny and David Strom, 1998
Today’s Topics
20
I. The Essential Ingredient to Web Storefronts: Accepting Payments for Goods and Services
II. What is a Secure Transaction, and Why all the Fuss About it?
III. Payment Systems Today
Overview of those that work today on the Internet
Live demonstration of how they work
IV. The Future of eCommerce Payments
(c) Stephanie Denny and David Strom, 1998
21
I.
The Essential Ingredient to Web Storefronts: Accepting Payments
Payment basics
Which options are the right ones for you?
Objectives in providing payment choices
Virtual money is the currency of the future
Q & A
(c) Stephanie Denny and David Strom, 1998
Payment Basics
22
Consumer Access Point Issuer Acquirer BANK • deposit & withdrawal • transaction status inquiry • authentication • problem resolution Consumer • purchase & refund • transaction status inquiry • authentication • problem resolution
(c) Stephanie Denny and David Strom, 1998
Merchant Access Point Merchant
23
What Makes a Good Payment System?
Universal (worldwide) acceptance
Universal value
Reliability
Ease of use for your customer
Capacity for quick settlement (collection of payment for you)
(c) Stephanie Denny and David Strom, 1998
24
What are the Requirements?
Payment options must appeal to the masses
They must allow easy payment for the customer, at an acceptable level of risk for you and your bank
They must accommodate order changes, cancellations and returns
(c) Stephanie Denny and David Strom, 1998
25
Objectives in Offering Payment Choices
Your customer’s objective is to make a purchase
Your objective is to facilitate the sale with a convenient and “safe” method that ensures collection of the payment
“Safe” means safe for you, your customer and your bank
(c) Stephanie Denny and David Strom, 1998
Objectives in Offering Payment Choices
Consider how easy it is for your customer to use, not just how easy it is for you to manage
Payments in a virtual world should imitate those in the real world
26 (c) Stephanie Denny and David Strom, 1998
27
Virtual Money is the Currency of the Future
That future is already here
This idea is scary to many people
Consumers (they can’t “see” it) Banks (many bankers don’t understand it) Acquirers (they want to know the difference) The Government (they can’t control it)
It is not unlike MO/TO transactions today
(c) Stephanie Denny and David Strom, 1998
28
The Way Things are on the Web Today
Some payments are authorized off-line, through traditional POS terminals
E-mail message to customer later (hopefully), confirming order and shipping information
Many merchant servers connect with payment authorization systems
Authorization is real-time during the web session, and the sale is completed with secure server and browser software
(c) Stephanie Denny and David Strom, 1998
29
The Way Things are on the Web Today: Secure and Un-Secure
Secure transactions via secure browsers and servers with SSL
Un-secure transactions with lack of proper encryption (account numbers sent “in the clear”) via e-mail messages
Un-secure transactions due to “export” versions of browser and/or server software
(c) Stephanie Denny and David Strom, 1998
30
The Way Things are on the Web Today
Secure transactions do not guarantee the validity of the customer account information
A high percentage of credit charge-backs for MO/TO transactions are for “merchandise not received”
Address verification services can help protect you, and in some cases are required
(c) Stephanie Denny and David Strom, 1998
Questions and Answers
31 (c) Stephanie Denny and David Strom, 1998
32
II. What is a secure transaction, and why all the fuss about it?
You want to identify your customer as an authorized account holder
Your customer wants to identify you as a legitimate merchant
You both want to make sure that valid payment is received for the purchase
(c) Stephanie Denny and David Strom, 1998
33
Enter Secure Electronic Commerce
SEC allows for secure processing of customer and payment information
Based on cryptographic technology
Privacy of message contents Authentication of parties involved Integrity of data transmitted Non-repudiation of transactions
(c) Stephanie Denny and David Strom, 1998
Privacy
Privacy means that the message contents cannot be seen by anyone but the intended parties
Accomplished through the use of encryption
34 (c) Stephanie Denny and David Strom, 1998
35
Authentication
Authentication means that each party involved in the transaction is identified as legitimate
Accomplished through the use of certificates
A certificate is a notarized public key (like a passport or a driver’s license)
Issued by a trusted third party called a Certificate Authority Binds the certificate owner to the public key within the certificate
(c) Stephanie Denny and David Strom, 1998
36
Integrity
Integrity of data means that it cannot be altered by anyone during transmission, to avoid a “man in the middle” attack
Encryption allows only the intended recipient to open the digital envelope
A digital envelope (or ”hash”) = contents of an encrypted message + digital signature
(c) Stephanie Denny and David Strom, 1998
37
Non-repudiation
Non-repudiation means both parties to the transaction are ensured that the message is genuine and cannot be disputed
Parties are identified with certificates that have been notarized by a trusted Certificate Authority
It will be much harder for customers to claim they never placed the order
(c) Stephanie Denny and David Strom, 1998
Why Should You Get a Certificate?
You want those who visit your web site to know you are a legitimate business
A certificate is required to operate a secure server (SSL)
38 (c) Stephanie Denny and David Strom, 1998
Certificate Authorities (CAs)
39
Trusted third parties, similar to notaries
Can be external or internal (managed within your own company) — we will discuss external
Choice of a CA may depend on your merchant server software
If you want to choose an unsupported CA, you will be on your own to determine interoperability with your software
(c) Stephanie Denny and David Strom, 1998
Steps in Certificate Creation
40
Refer to you server software documentation for selection of a CA and instructions
Generally, you will do the following:
Generate a key pair of public and private keys Send the public key and other information to CA CA verifies information provided Upon verification, CA creates a certificate containing public key and expiration date The Certificate is sent back to applicant and may be posted publicly, if appropriate
(c) Stephanie Denny and David Strom, 1998
41
Examples of Certificate Authorities
VeriSign
http://www.Verisign.com
GTE CyberTrust Solutions, Inc.
http://www.cybertrust.gte.com
Thawte Consulting
http://www.thawte.com
(c) Stephanie Denny and David Strom, 1998
Certificate Creation
Demo of key generation and certificate request
42 (c) Stephanie Denny and David Strom, 1998
43
Certificate Management
Once public key certificates are issued, they must be managed to maintain integrity
They contain expiration dates They may be revoked for various reasons Upon expiration, certificates must be renewed or reissued
This is a consideration for using an external CA, as opposed to managing an internal CA
(c) Stephanie Denny and David Strom, 1998
44
How is this accomplished?
Secure servers and browsers
Capable of strong encryption (up to 128 bit) 40 bit encryption is no longer considered adequate for financial transactions
Digital certificates
Ensure the identity of the certificate holder
Also called digital IDs
The common protocol in use today is Secure Sockets Layer (SSL)
(c) Stephanie Denny and David Strom, 1998
45
Secure Sockets Layer Protocol (SSL)
Authenticates the merchant server
Merchant Certificate obtained from trusted Certificate Authority
Provides privacy through encryption of the message for both the sender and receiver
Secure “pipe” negotiates maximum encryption compatible at browser and server for each message transmitted
Ensures integrity of data transmitted
Message authenticity check (algorithm)
(c) Stephanie Denny and David Strom, 1998
Secure Sockets Layer Protocol (SSL) Merchant’s Certificate (Digital ID) can be viewed by any secure browser
https:// in the URL = a secure connection
SSL allows customers to verify who the merchant is
The merchant’s digital ID does not certify the integrity of the merchant
46 (c) Stephanie Denny and David Strom, 1998
Secure Sockets Layer Protocol (SSL) Customer Order with Payment Information Encrypted order sent Customer order decrypted at merchant server
47
SSL encrypts the customer order, which includes the payment information
This data is sent from the customer to the merchant via a secure “pipe”
(c) Stephanie Denny and David Strom, 1998
48
SSL: How do you get a certificate for your merchant server?
Apply to Certificate Authority
Instructions built into merchant server software
You will be asked to provide valid business license and other ID
Cost is dependent upon level of certification
(c) Stephanie Denny and David Strom, 1998
49
Encryption Strength
It is illegal to export products containing encryption that is stronger than 40 bits
It is not illegal to use encryption stronger than 40 bits internationally
Financial institutions do not consider 40-bit encryption adequate for Internet transactions
(c) Stephanie Denny and David Strom, 1998
Encryption Strength
Newer browser and server software are capable of 128-bit encryption
128-bit encryption is exponentially stronger than 40-bit encryption
50 (c) Stephanie Denny and David Strom, 1998
Encryption Strength
We’ve all heard about the case where 40-bit encryption was broken in eight days
Estimated cost of effort was $10,000
51 (c) Stephanie Denny and David Strom, 1998
Encryption Strength
According to Netscape, it would cost $5,600,000,000,000,000,000,000,000,000,000 US (approximately) to crack a single session in eight days with 128-bit encryption
52 (c) Stephanie Denny and David Strom, 1998
53
Some New Credit Card Operating Regs You Should Know About
For both Visa and MasterCard:
Effective April 1, 1998 electronic commerce transactions using unsecured protocol are subject to higher interchange rates for the acquirer, which translates into higher discount rates for the merchant Secure protocols are defined in the regs as “channel encrypted” (SSL) or SET
(c) Stephanie Denny and David Strom, 1998
54
How Things Will Be in the Future
Non-repudiation of transactions through digital certificates for both merchant and customer
The SET Protocol (SET) is the industry standard for payments, but yet to be implemented
It will be far more difficult for a customer to claim no knowledge of a transaction
(c) Stephanie Denny and David Strom, 1998
55
What is SET protocol?
Secure Electronic Transaction protocol is a common standard that was developed jointly by Visa, MasterCard and other partners to ensure the processing of secure transactions.
Based on RSA encryption
Uses public and private key pairs that have a mathematical relationship
(c) Stephanie Denny and David Strom, 1998
56
Public and Private Key Pairs
A public key is disclosed and widely distributed with no adverse affects
Used to encrypt or decrypt information
Works only in conjunction with its paired private key
(c) Stephanie Denny and David Strom, 1998
57
Public and Private Key Pairs
A private key is held and used only by its owner
If a private key is compromised, it must be replaced immediately
Today’s real-world example: lost or stolen credit cards must be blocked and replaced
(c) Stephanie Denny and David Strom, 1998
Public and Private Key Pairs
58
Real-world example: Dual control of keys for your safe deposit box — it can only be opened with two keys — yours as well as the bank’s
(c) Stephanie Denny and David Strom, 1998
59
A Digital Certificate (or Digital ID) is a Notarized Public Key
The Certificate Authority is the Notary
You can create a key pair through server, browser or wallet software
You send the public key to the Certificate Authority
(c) Stephanie Denny and David Strom, 1998
A Digital Certificate (or Digital ID) is a Notarized Public Key
Your public key is digitally signed and returned as the certificate
Your private key remains embedded in your software
60 (c) Stephanie Denny and David Strom, 1998
Public Key Cryptography
61
Customer’s Private Key Customer’s Public Key Merchant’s Public Key Merchant’s Private Key
Public keys are shared and widely distributed Private keys are kept secret by the holder of the key Both pairs of keys are required to complete a SET transaction
(c) Stephanie Denny and David Strom, 1998
How is SET Different from SSL?
Digital certificates for SET will be payment specific
Merchants will be certified as legitimate to accept branded payment card transactions Cardholders will be certified as valid account holders Merchants will not see customer’s account number (it will only be passed to the acquirer)
62 (c) Stephanie Denny and David Strom, 1998
With SET: How is SET Different from SSL?
Merchant Server gets Customer’s Digital ID minus the account number + Customer Order Customer’s Digital ID related to a specific account + Customer Order info
63
Acquirer gets order receipt + Customer’s Digital ID with account number
(c) Stephanie Denny and David Strom, 1998
64
How Will Certificates (Digital IDs) be Issued for eCommerce?
Hierarchy of trust for certificate issuance
Visa and MasterCard will designate a Certificate Authority to hold the Trusted Root Merchants will obtain certificates from banks’ or acquirers’ Certificate Authority, then store on SET server software Cardholders will obtain certificates (digital IDs) from their banks’ Certificate Authority, then store in electronic wallet
(c) Stephanie Denny and David Strom, 1998
MasterCard ® Example of a SET Transaction http://www.mastercard.com/set/screen1.html
65 (c) Stephanie Denny and David Strom, 1998
MasterCard ® Example of a SET Transaction http://www.mastercard.com/set/screen2.html
66 (c) Stephanie Denny and David Strom, 1998
MasterCard ® Example of a SET Transaction http://www.mastercard.com/set/screen3.html
67 (c) Stephanie Denny and David Strom, 1998
MasterCard ® Example of a SET Transaction http://www.mastercard.com/set/screen4.html
68 (c) Stephanie Denny and David Strom, 1998
MasterCard ® Example of a SET Transaction http://www.mastercard.com/set/screen5.html
69 (c) Stephanie Denny and David Strom, 1998
SSL vs. SET
70
SSL Server authentication
Merchant certificate as legitimate business Possible for client authentication
Not tied to payment method Privacy
Encrypted message to merchant includes account number Integrity
Message authenticity check (MAC)
SET Server authentication
Merchant certificate tied to accept payment brands Customer authentication
Digital certificate tied to certain payment method Privacy
Encrypted message does not pass account number to merchant Integrity
Hash/message envelope
(c) Stephanie Denny and David Strom, 1998
71
SET — the Answer to eCommerce
SET has been proposed as the answer to secure and interoperable eCommerce
It is not currently mandated by Visa and MasterCard
There are big implementation issues for all concerned
The SET protocol is definitely more secure than SSL
However...
(c) Stephanie Denny and David Strom, 1998
72
SET — the Answer to eCommerce
Implementation of SET has some big drawbacks:
Lack of interoperability among systems
Management of public key infrastructure Distribution of digital certificates requires action on the part of the consumer
And who will pay for all this?
Meanwhile, eCommerce goes on
(c) Stephanie Denny and David Strom, 1998
Questions & Answers
73 (c) Stephanie Denny and David Strom, 1998
74
III. Payment Systems on the Internet Today
Overview of those that work today on the Internet
Live demonstration and discussion of how they work
Q & A
(c) Stephanie Denny and David Strom, 1998
Payment Systems on the Internet Today
75
Separate payment systems from payment gateways and payment devices:
A payment system provides the processing and settlement of transactions A payment gateway provides software or services that support eCommerce transactions between the merchant and acquirer A payment device initiates the transaction (such as a credit card or debit card)
(c) Stephanie Denny and David Strom, 1998
Hierarchy
Payment System (clearing house)
Clearing house between acquirers and issuers
Acquirer (third-party processor)
Authorizes, processes and settles for merchant bank
Merchant Bank
Accepts merchant deposit
Merchant
Accepts authorized cardholder transaction
76 (c) Stephanie Denny and David Strom, 1998
Examples of Payment Systems (Clearing Houses)
Federal Reserve System for clearing checks
Visa and MasterCard transaction networks
American Express
Novus (Discover)
77 (c) Stephanie Denny and David Strom, 1998
78
Examples of Acquirers (Processors)
First Data Corp.
Paymentech
National Data Corp.
Bank of America Merchant Services
Many processors (acquirers) process multiple brands as part of their service
(c) Stephanie Denny and David Strom, 1998
Internet Payment Devices
Credit cards, debit cards
Off-line accounts
Electronic cash
Electronic checks
79 (c) Stephanie Denny and David Strom, 1998
Credit cards, debit cards
Visa
MasterCard
Discover, American Express, JCB
80 (c) Stephanie Denny and David Strom, 1998
How Credit Cards Work
81
Transactions authorized against customer’s line of credit at issuer (promise to pay)
At point of settlement, cardholder’s account is charged and merchant’s account is credited
Transactions subject to chargeback to merchant under certain conditions
Lack of proper authorization
Lack of proper identification / address verification
(c) Stephanie Denny and David Strom, 1998
82
“Off-line” Accounts
Electronic wallets
CyberCash ® Wallet Microsoft ® Wallet Verifone ® vWALLET SM
First Virtual ®
All these may provide access to credit, debit, e-cash or electronic check accounts
(c) Stephanie Denny and David Strom, 1998
“Off-line” Account Services
83
Credit card and other account numbers are stored by the service provider in a database, and are not transmitted to the merchant
Instead, a “PIN” is used by the customer at the point of purchase (cross-reference for actual account number)
Consumer must initiate account set-up in advance of making any purchases
(c) Stephanie Denny and David Strom, 1998
84
How Electronic Wallets Work Today
Consumer must initiate request for electronic “wallet” software Credit card or other account numbers are given to provider one time before any purchases are made Account numbers, stored by provider in a database, are not transmitted; instead, a “PIN” is used to pay Closed system: only available to participating merchants and cardholders who have signed up in advance
(c) Stephanie Denny and David Strom, 1998
85
How Electronic Wallets Will Work in the Future
With SET protocol, will contain digital IDs with encrypted account information
Since digital IDs will be tied to specific accounts, wallets will keep track of all that information
At that point, wallets will be widely distributed and universally accepted
(c) Stephanie Denny and David Strom, 1998
86
Interoperability is the Key
Wallets will become widely used when the following events occur:
Mass distribution of wallets to consumers is easily made
Will be accepted by all merchants, regardless of wallet brand or payment brand
(c) Stephanie Denny and David Strom, 1998
87
Some Problems with Wallets
Not transferable to other wallets
Not available for use at all web storefronts
For eCash products, money must be moved into wallet from another account prior to use:
There may be a hold of up to seven days before the funds can be used If your hard disk crashes, you lose the money in that account (remember to back up wallet files) Storage of cash in your wallet = use of float on those funds for your wallet provider
(c) Stephanie Denny and David Strom, 1998
Visa ® Wallet Example of Electronic http://www.visa.com/cgi-bin/vee/nt/sec/no_shock/virt_wallet_L.html?2+0
88 (c) Stephanie Denny and David Strom, 1998
Visa ® Example of Wallet Registration (Digital ID) http://www.visa.com/cgi-bin/vee/nt/sec/no_shock/registering_L.html
89 (c) Stephanie Denny and David Strom, 1998
90
What’s in a CyberCash Wallet?
Credit card accounts
Debit card accounts
PayNow ™ check service (for electronic payments from checking account; like debit cards)
CyberCoin account (for “micro-payments”)
(c) Stephanie Denny and David Strom, 1998
CyberCash Secure Internet Credit Card Payment http://a.dn.cybercash.com/cybercash/info/sixsteps.html
91 (c) Stephanie Denny and David Strom, 1998
92
CyberCash as a Merchant Service Provider
CyberCash provides the merchant with CashRegister software to authorize and process payments
CyberCash is neither an acquirer nor a bank, but is a provider of payment software for eCommerce (a gateway)
CyberCash provides an advanced level of encryption for financial information passed from their database to acquirers (not SSL)
(c) Stephanie Denny and David Strom, 1998
93
CyberCash Merchant Services
Interactive Billing and Payment
Enables presentment, payment and posting of bills on the Internet (single or recurring transactions) Works with PayNow (e-check), credit card or CyberCoin ® services Can be used for business-to-business as well as consumer payments
(c) Stephanie Denny and David Strom, 1998
94
CyberCash CashRegister® Software
Makes all their payment services work
Integrates with a variety of operating systems and merchant storefront software
Can be used with or without consumer wallets
Non-wallet transactions are SSL-encrypted, and do not require consumer action in advance
(c) Stephanie Denny and David Strom, 1998
95
CyberCash CashRegister® Software
However, you must still arrange for a merchant deposit account with your bank or independent service provider
If you are having trouble setting up a merchant account with a bank, contact CyberCash for assistance
(c) Stephanie Denny and David Strom, 1998
Credit Card Payment Demo
Credit card transaction with CyberCash — No Wallet
CyberCash Wallet transaction
96 (c) Stephanie Denny and David Strom, 1998
97
Credit Card Settlement with CyberCash Transactions
Card data is captured for transmission in one of three ways:
Online Capture — simultaneous with authorization
Post-Authorization Capture Batch Capture
Method of capture is determined by your merchant bank and their acquirer
(c) Stephanie Denny and David Strom, 1998
Online Capture
Happens simultaneously with authorization of transaction
Fastest method of capture for online merchants who can guarantee same-day shipment of goods
98 (c) Stephanie Denny and David Strom, 1998
99
Post-Authorization Capture
Capture is a separate step from authorization of transaction; post-auth message instructs bank to capture transaction
Example of use is for delayed shipping of merchandise
(c) Stephanie Denny and David Strom, 1998
Batch Capture
Transactions are captured in a batch mode after authorization (like post-auth capture)
Multiple authorizations are submitted at one time for capture
The batch is transmitted through CyberCash to the bank for funds transfer and merchant account reconciliation
100 (c) Stephanie Denny and David Strom, 1998
CyberCash Benefits
CashRegister Software is free to merchant
Supports wallet and non-wallet payments
No additional charges to merchant — fees to CyberCash are paid by acquirers
CyberCash is presently the largest gateway service provider for Internet merchants
Their products will evolve
101 (c) Stephanie Denny and David Strom, 1998
First Virtual
Another example of a “closed system” — only available to merchants and cardholders who have signed up in advance
Similar to the electronic wallet idea
102 (c) Stephanie Denny and David Strom, 1998
First Virtual Services
First Virtual services revolve around an integrated network called the Interactive Messaging Platform SM , or IMP (secure e-mail):
VirtualRECEIPT SM , — electronic receipts for physical and virtual credit and debit card activity VirtualALERT SM — interactive alert messages advising customers of shipments or billing VirtualMAIL SM — customized direct mail tailored to individual profiles (slicing and dicing with customer’s permission)
103 (c) Stephanie Denny and David Strom, 1998
First Virtual Services
Today we will focus only on First Virtual’s payment service, which uses the VirtualPIN SM
VirtualPIN is an alias for a MasterCard or Visa credit card (or debit card)
Account number is not transmitted on the Web, but store credit card information off-line (PIN is a cross reference number) Also requires a personal Internet e-mail address
104 (c) Stephanie Denny and David Strom, 1998
FV Merchant Account Options
Pioneer Account
Minimal start-up cost allows for anyone to start a business and sell on the Internet Does not require that you already have a merchant credit card account Drawback: There is a holding period of 90 days for each transaction before merchant receives payment (to cover risk of chargebacks)
105 (c) Stephanie Denny and David Strom, 1998
FV Merchant Account Options
Express Account
For merchants who already accept credit cards Requires solid financial history and excellent credit record Existing merchant account must have low chargeback rate Payout period is four days after transaction is processed Application Fee: $350 non-refundable
106 (c) Stephanie Denny and David Strom, 1998
How Does a First Virtual Payment Work?
First Virtual Acts as clearing service for Visa and MasterCard payments (debit or credit) Requires account set-up with First Virtual in advance, for customer identification and account verification All transactions are confirmed by e-mail before a credit card is charged FV sends electronic deposit to merchant’s bank account through the US ACH
107 (c) Stephanie Denny and David Strom, 1998
First Virtual Demo
108 (c) Stephanie Denny and David Strom, 1998
Electronic Checks
Examples:
CyberCash PayNow SM Service
Currently only available as a service to merchants with recurring payments
There is a heavy demand for use with a variety of consumer purchases; will soon be available with wallet software Check Free ®
Similar service being tested, not yet in use
109 (c) Stephanie Denny and David Strom, 1998
Electronic Checks: How They Work
Service provider or gateway captures Federal Reserve Routing and Account Number information from bottom of physical check (MICR line) When authorized by customer, payment is automatically deducted from checking account Requires advance set-up with service provider Automated clearing only — not a check guarantee service
110 (c) Stephanie Denny and David Strom, 1998
Token-based systems
Stored value accounts (virtual money) for micro payments, generally under $10
Real world example: currency, coin
Internet example: e-cash, where money in a checking or credit card account in exchanged for scrip
Business case has not been proven
111 (c) Stephanie Denny and David Strom, 1998
Electronic Cash (e-cash)
CyberCoin ®
Service of CyberCash, part of Wallet Currently available with Microsoft Wallet
Digicash ®
ecash SM service Licensed in US by Mark Twain Bank
Mondex ®
Licensed by MasterCard International, Inc.
Smart card-based system
112 (c) Stephanie Denny and David Strom, 1998
Mark Twain Bank is Worth Looking At: http://www.marktwain.com/digifaq.html#Help
113
Look at their customer support disclaimer —they get an “A” for honesty!
(c) Stephanie Denny and David Strom, 1998
Digicash ecash Payment Demo
114 (c) Stephanie Denny and David Strom, 1998
Other Merchant Providers to Consider
Online Financial Services (OFS)
http://ofs.web-charge.com/signup1.html
Internet Secure
http://www.internetsecure.com/
Redi Check / Redi Charge
http://www.redi-check.com
Merchant Account Services
Provo, Utah 1-801-765-1111
115 (c) Stephanie Denny and David Strom, 1998
All Merchant Providers Are Not the Same
Compare services
Which cards do they authorize?
Do they provide electronic check services?
Do they provide check guarantee services?
Compare prices
Start-up fees Monthly discount fees Other service fees (per transaction) Statement generation fees
116 (c) Stephanie Denny and David Strom, 1998
Four Choices for Setting Up a Merchant Account
Join an eMall and process through them
Contract with an independent service provider (ISP)
Buy a software suite that includes merchant account set-up
Go to your local bank and set up your own merchant account
If they’ll take you, this may give you the best discount rate
117 (c) Stephanie Denny and David Strom, 1998
Range of Credit Card Fees Your Bank eMall or ISP Provider Discount Rate: 1.5% - 5.0%
118
Application Fee: $100 - $300 Discount Rate: 1.5% - 5.0% Per Transaction: .20 - .30
Monthly Fee: $10 - $25 (service / statement fee) Chargeback Fee: Up to $25 Chargeback Reserves: Up to 10% of sales, for up to six months
(c) Stephanie Denny and David Strom, 1998
Regulations governing electronic commerce transactions
Visa / MasterCard Operating Regs
Credit Card Rules for acquirers and merchants
Fair Credit Billing Act Debit Card Rules
Regulation E
Consumer Telephone Protection Act
Can Internet Protection Act be far behind?
Privacy Principles
Yet to be mandated, but inevitable; and generally a good idea
119 (c) Stephanie Denny and David Strom, 1998
Privacy Issues for the Consumer
Most people just want to be asked for their permission
Your customers don’t object so much if you use their information to sell them other products you may offer
But many object if you sell or rent their names to someone else
120 (c) Stephanie Denny and David Strom, 1998
Privacy Issues for the Consumer
Anonymity
Confidentiality
Disclosure
Name and address info Disclosure of transaction to a third party Merchant’s identity
121 (c) Stephanie Denny and David Strom, 1998
“Data Mining”: How much is enough?
You have the opportunity to build a customer database for future sales
To what degree do you slice and dice?
If you slice too fine, are you missing opportunities?
This leads to more privacy issues
122 (c) Stephanie Denny and David Strom, 1998
IV. The Future of Payments on the Internet
Transaction security
New forms of payment systems
Access devices
Virtual currency
123 (c) Stephanie Denny and David Strom, 1998
Transaction Security
Many more iterations of SET and similar protocols
Digital IDs held off-line in smart cards
New payment systems (beyond Visa, MasterCard)
124 (c) Stephanie Denny and David Strom, 1998
Access devices
Will we really need plastic cards?
Who says a chip has to be on a card?
Mobil Oil’s clever idea for POS device
Eliminates need for credit card
Biometrics as identification
Fingerprint scanning
Iris scanning Voice recognition
125 (c) Stephanie Denny and David Strom, 1998
Virtual Currency
The move to a single, blended account for consumer-oriented transactions
Multi-functional chip (smart) cards
Universal, worldwide currency?
126 (c) Stephanie Denny and David Strom, 1998
Summary
If all this information seems overwhelming...
New environments are always scary
Awareness and curiosity are the keys to taking advantage of new opportunities
You don’t have to know everything about it — you just need to know where to get the answers.
127
“Everyone is ignorant, only on different subjects.” -- Will Rogers
(c) Stephanie Denny and David Strom, 1998
Questions & Answers
128 (c) Stephanie Denny and David Strom, 1998
Useful References
SET (Secure Electronic Transaction protocol)
http://www.dc.net/gtill/set1.htm
Gregory J. Till, US Treasury Dept. attorney
Document details the implications of SET for merchants http://www.visa.com/ http://www.mastercard.com/ http://www.setco.org/
129 (c) Stephanie Denny and David Strom, 1998
Useful References — Cryptography
Cryptography/cryptosystems
http://www.rsa.com/ http://www.counterpane.com/ http://www.pipeline.com/
Richard Field, Esq. (US attorney specializing in payment systems and electronic commerce)
130 (c) Stephanie Denny and David Strom, 1998
Useful References — Merchant Payment Options
http://www.cybercash.com/
http://www.firstdatacorp.com/
http://www.firstvirtual.com/
131 (c) Stephanie Denny and David Strom, 1998
Useful References
History of money
http://www.frbsf.org/ http://www.firstdatacorp.com/ http://www.mastercard.com/
132 (c) Stephanie Denny and David Strom, 1998
Relevant acronyms
ACH CA ISP MAC MICR MO/TO NACHA PIN PKC POS RSA
133
Automated Clearing House Certificate Authority Independent Service Provider Message Authenticity Check Magnetic Ink Character Recognition Mail Order/Telephone Order National Automated Clearing House Association Personal Identification Number Public Key Cryptography Point of Sale Rivest, Shamir and Adleman
(c) Stephanie Denny and David Strom, 1998
Copy of This Presentation
www.strom.com/pubwork/vegas98t275.ppt
And URLs are at www.strom.com/pubwork/vegas98.html
134 (c) Stephanie Denny and David Strom, 1998
135
Internet Commerce: Understanding Payments, Security and Storefronts presented by: Stephanie Denny, [email protected] www.denny.dc3.com
David Strom, [email protected] www.strom.com
(c) Stephanie Denny and David Strom, 1998
136
Day 2: Internet Storefronts presented by: David Strom, [email protected] www.strom.com +1 516 944 3407
(c) Stephanie Denny and David Strom, 1998
Today’s Topics
V: What Becomes Success
VI: Choosing the Right eCommerce Path
VII: Installing and Operating Your Own Storefront
137 (c) Stephanie Denny and David Strom, 1998
Topic V: What Becomes Success?
Overview of eCommerce market
Review physical storefront success factors
Propose some definitions
Define success for the web
Draw up five eCommerce principles
138 (c) Stephanie Denny and David Strom, 1998
Overview of eCommerce Market
Predictions
Success factors
Five principles
139 (c) Stephanie Denny and David Strom, 1998
140
Source IDC Forrester Jupiter Dataquest eCommerce Revenue Predictions are Wide-Ranging 1996 (B$US) $2.2
1.4
.7
6.4
2000 est. (B$ US) 94 117 15.6
56
(c) Stephanie Denny and David Strom, 1998
And Not Very Believable
IDC says the web will become a mass market in the US by 12/98!
With 100 million users!
Let’s not confuse web users with eCommerce BUYERS!
141 (c) Stephanie Denny and David Strom, 1998
Ticketmaster
US$5 million/month via the web in sales
Started 11/96
Generating lots of new buyers, who wouldn’t ordinarily use their service
142 (c) Stephanie Denny and David Strom, 1998
Then there is Disney.com
Web site Daily Blast signing up 15k members/month
Sales via web are equal to 3x-5x of physical Disney store!
143 (c) Stephanie Denny and David Strom, 1998
And of Course, There is the Porn Industry
“However, extensive interviews with adult site owners yield a picture of a highly charged market of approximately 10,000 sites generating about $1 billion in revenue per year, most through electronic credit card transactions.”
From Interactive Week 144 (c) Stephanie Denny and David Strom, 1998
Sad State of Today’s eCommerce Marketplace
Poor quality tools
Hard-to-find stores
Limited payment methods
Credit card snooping perceptions
Older browser versions can’t view latest sites
145 (c) Stephanie Denny and David Strom, 1998
Case in Point: Buying a Bike Rack
Item not carried: outdated catalog
Telesales not familiar with web
No cross-sell or substitutions online
Needed three phone calls to complete purchase
146 (c) Stephanie Denny and David Strom, 1998
Let’s Learn From the “Real World”
Compare what works for physical stores
Try to extend to the web
147 (c) Stephanie Denny and David Strom, 1998
Critical Success Factors for Physical Storefronts
Location
Branding
Good service
Good product selection
Proper pricing and margins
Traffic
148 (c) Stephanie Denny and David Strom, 1998
First Problem:
None of these translate on the ‘net!
149 (c) Stephanie Denny and David Strom, 1998
Now Try to Agree on Definitions for Web Stores
What determines a good location?
Position on a search page Nearness to popular destination Ad on a popular server
What determines branding?
Memorable domain name Popular search category destination
150 (c) Stephanie Denny and David Strom, 1998
An Example of bad location: Montana Meats
www.imt.net/~lingerie/buffalo/buffalo.html
Can’t they afford their own domain name?
www.company.com/~anything is BAD NEWS!
151 (c) Stephanie Denny and David Strom, 1998
Another Case: Buying Toner and Batteries
www.cartridgesusa.com, www.batterybarn.com
Catalog shows pictures of parts
Easy to find relevant item
But payment acknowledgement incomplete
152 (c) Stephanie Denny and David Strom, 1998
Determining Traffic
Hard to do -- is it hits, page views, registered users?
[HITS = How Idiots Track Success]
Hard to measure -- do you count gifs? Use log files?
No general agreement on any metrics!
153 (c) Stephanie Denny and David Strom, 1998
Traditional Advertising Doesn’t Apply Anymore
Can’t measure anything
Every site has its own banner sizes
The Web is not TV
154 (c) Stephanie Denny and David Strom, 1998
One Working Definition of Success:
SURVIVAL!
If a site is still running after 12 months, and getting more traffic, it is a success.
155 (c) Stephanie Denny and David Strom, 1998
Does a site actually have to sell something?
Many actual eCommerce sites don’t do the complete transaction (Cisco)
Require faxes or telephone calls!
Some merely have catalogs
A good example: Singapore Power Authority www.spower.com.sg/readmeter.cgi?cmd=form
156 (c) Stephanie Denny and David Strom, 1998
Good eCommerce Examples
Easy to find merchandize
Good service
Individual customization is key
Simple navigation
Business-to-business focus
157 (c) Stephanie Denny and David Strom, 1998
AMP Connect
Have customers in 100 countries
Speak many languages
Produce 400 catalogs covering 135,000 items
Mailings cost US$7MM/yr
Fax back cost US$800,000/yr
But you can’t buy anything directly!
158 (c) Stephanie Denny and David Strom, 1998
Solution: “Step Searching”
Saqqara.com software to enhance Oracle database
Provide user feedback as they type in the query
Show how many matches in the database
Different mechanisms for searching:
by part number by alphabetical names by part family by picture even
159 (c) Stephanie Denny and David Strom, 1998
AMP
connect.ampincorporated.com
160 (c) Stephanie Denny and David Strom, 1998
AMP Connect (con’t)
And can set to list parts that are available in specific countries!
Updated daily with over 200 item changes
Detailed drawings saves time for customers to pick the right item
Saved AMP over US$5MM in production costs
161 (c) Stephanie Denny and David Strom, 1998
Save in Translation Costs
AMP catalog in several languages
Translation cost was US$100,000
Versus US$1.5MM to produce separate translations of print editions
162 (c) Stephanie Denny and David Strom, 1998
Silicon Investor
www.techstocks.com
Difficult to find anything
Incomplete database of companies
Companies are arranged poorly
163 (c) Stephanie Denny and David Strom, 1998
First Principle of eCommerce:
It is easy to find what you are selling!
164 (c) Stephanie Denny and David Strom, 1998
Amazon.com
Services frequent readers with a variety of programs
Editorial comments
If you liked this book, you’ll like...
Notification of new books by author, topic Simplified “1 Click” ordering Uses simple pages and email Associates program for commission kickbacks Gift certificates via email And ... lots of books to choose from
165 (c) Stephanie Denny and David Strom, 1998
Amazon
166 (c) Stephanie Denny and David Strom, 1998
Update your directories!
This one is almost a year old
www.asiapage.com/alist.html#jewellery 167 (c) Stephanie Denny and David Strom, 1998
Non-secure servers
Many SG sites collect credit cards on them
www.asiapage.com/goodwood 168 (c) Stephanie Denny and David Strom, 1998
Second Principle of eCommerce:
Deliver solid service!
169 (c) Stephanie Denny and David Strom, 1998
Dell
Most notable site for computer buyers
Customize the features you want via a web form
Simplifies and personalizes the shopping experience
WYSIWYB (buy)
>US$1MM/day in sales!
170 (c) Stephanie Denny and David Strom, 1998
Dell
171 (c) Stephanie Denny and David Strom, 1998
Canadiantire.com
eFlyer uses email notification along with web forms
Customize exactly what coupons and deals are sent to you
172 (c) Stephanie Denny and David Strom, 1998
Third Principle of eCommerce:
Individual customization is key
173 (c) Stephanie Denny and David Strom, 1998
BMW Motors
Example of what not to do
Use gratuitous graphics
Cheesy low-res videos
Toys, not tools
174 (c) Stephanie Denny and David Strom, 1998
BMW
175 (c) Stephanie Denny and David Strom, 1998
Compare with Subaru
Find specific information about each car
Can price options to your particular needs
176 (c) Stephanie Denny and David Strom, 1998
How NOT to Design a Payment Screen
www.netmar.com/new/norderform.shtml
177 (c) Stephanie Denny and David Strom, 1998
How NOT to take advantage of bandwidth
www.clickdiz.com
Two different pages, one for SG ONE, one for all others
But SG ONE page has just heavy graphics - why?
178 (c) Stephanie Denny and David Strom, 1998
A better example: fishing licenses
Simple, quick, and does the job with a minimum of clutter
www.permit.com
179 (c) Stephanie Denny and David Strom, 1998
Fourth Principle of eCommerce:
Make navigation simple!
Use small graphics, site maps, indexes
Avoid clutter, frames
180 (c) Stephanie Denny and David Strom, 1998
Int’l Commerce Exchange System
Matches overstocked sellers with buyers
B2B exclusively
Uses faxes to notify potential customers
181 (c) Stephanie Denny and David Strom, 1998
ICES
www.icesinc.com
182 (c) Stephanie Denny and David Strom, 1998
Fifth Principle of eCommerce:
Business-to-business focus
183 (c) Stephanie Denny and David Strom, 1998
Topic VI: Choosing the Right eCommerce Path
184 (c) Stephanie Denny and David Strom, 1998
Four Approaches:
Join an eMall
Outsource to an ISP
Buy suite of software
DIY
185 (c) Stephanie Denny and David Strom, 1998
Joining an eMall
Only if you don’t have any in-house programming staff
Don’t want or can’t trust consultants to do it for you
Want someone else to handle payment processing
Don’t care whether your store is tied into your own financial system
186 (c) Stephanie Denny and David Strom, 1998
The Mall of eMalls
malls.com, of course!
187 (c) Stephanie Denny and David Strom, 1998
Different Kinds of eMalls
Collection of independent links elsewhere
Landlord/hosting provider
Become a sales representative for an eMall and Make Money Fast!
188 (c) Stephanie Denny and David Strom, 1998
Evaluating eMalls
Do they offer storefront design?
Have in-house programmers?
Hosting of your own web?
How many payment systems do they support?
What kinds of accounting reports do they offer?
Who are the other tenants and do you like them?
189 (c) Stephanie Denny and David Strom, 1998
The Truth about Internet Malls
Read your contract
Check your site for errors
Evaluate your content
Measure your results
Promote your site
(from
www.netrageous.com/reports/thetruth.html
)
190 (c) Stephanie Denny and David Strom, 1998
Reasons Not to Join an eMall:
You know and like perl
Don’t have to take payment via the web
Want complete control over your site
191 (c) Stephanie Denny and David Strom, 1998
The Results So Far Haven’t Been Encouraging
Many store owners haven’t sold anything from the mall!
Over 90% dissatisfied with mall operator
Basic HTML errors and unresponsive staff to fix problems
192 (c) Stephanie Denny and David Strom, 1998
The Catch-22 of eCommerce:
To be successful, a software vendor has to promote his products via the Internet.
But this means eating one’s own dog food!
193 (c) Stephanie Denny and David Strom, 1998
Leading USA eMalls Vendor, location ViaWeb www.viaweb.com
Internet Mall www.internetmall.com
Blue Money www.bluemoney.com
Number of stores $100/month, all done with a browser $150 + $15/mo, % of each transaction Outsourced payments and catalogs
194 (c) Stephanie Denny and David Strom, 1998
Find an ISP
More ISPs are offering eCommerce solutions
Have to use their software standards and payment schemes
Could be pricey
Just catching on in USA
195 (c) Stephanie Denny and David Strom, 1998
Some Examples
www.
psi
.net/web/ecommerce.shtml
www.
Best
.com/bizcomm.html
www.
Brainlink
.com/html/saleslink.htm
www.
Earthlink
.net/company/webservices.html
IBM
: mypage.ihost.com
www.
Netcom
.com
business.
Mindspring
.com/prod-svc/smbiz/ www.
Mindrush
.com/ www.outer.net/ONCommerce (
OuterNet
) 196 (c) Stephanie Denny and David Strom, 1998
Provider IBM Earthlink Netcom Mindspring
197
Price Comparison for ISP hosting Setup fee (US$) Monthly fee (US$) 260 624 55 194 Plan name, payment options Bronze, credit cards Premium Plus 450 175 300 324 Commerce Site, credit cards Commercial Advantage, credit cards, Cybercash
(c) Stephanie Denny and David Strom, 1998
Price Comparison assumptions
10 Mb disk storage
Single email account
InterNIC $100 fee included for domain name
198 (c) Stephanie Denny and David Strom, 1998
New Approaches: GeoShop, Tripod
Builds on GeoCities “communities” but for merchants (
www.geocities.com/join/geoshops
)
$25/month for just commercial listings
$180/month (or more!) for actual transactions
working with Internet Commerce Services Corp. who uses Open Market Transact servers
Tripod will offer something similar this summer
199 (c) Stephanie Denny and David Strom, 1998
One Way to Support Lots of Payment Systems
Wired-2-Shop
www.wired-2 shop.com/TestDrive/Admin/PaymentList.asp
200 (c) Stephanie Denny and David Strom, 1998
The Suite Approach
Leading contenders
What is part of the suite and what isn’t
Prices and platforms
201 (c) Stephanie Denny and David Strom, 1998
Vendor, Product
Popular eCommerce Suites
Version Price Platform ICat Elec Comm Suite IBM Net.Commerce
Microsoft Commerce 3.0
3.0
2.0
$9000 $5000 $5000 NT, 95 NT, AIX NT 202 (c) Stephanie Denny and David Strom, 1998
Vendor, Product
Popular eCommerce Suites (con’t)
Version Price Platform OM Transact Open Market Intershop Online Intershop WebSite Pro O'Reilly 2.3
3.0
2.0
$250,000 Unix $5000 $800 NT Unix NT, 95 203 (c) Stephanie Denny and David Strom, 1998
Four Typical Elements
Catalog
Storefront designer
Ordering/inventory system
Shopping cart/check out system
204 (c) Stephanie Denny and David Strom, 1998
The Cold Hard Reality of Suites
Suites are nothing more than collection of products
Lack integration among various elements
Difficult to setup, customize, and use
Require you to live “inside” their structure
Limited payment options
Sounds like early MS Office
205 (c) Stephanie Denny and David Strom, 1998
Payment Systems Included in Each Suite
Microsoft: Verifone, Buy Now
IBM: Verifone, SET, eTill
iCat: None (but many third parties)
OpenMarket: Verifone
WebSite Pro: InternetSecure, CyberCash
Intershop: CyberCash, ICVerify, others
206 (c) Stephanie Denny and David Strom, 1998
Sample Stores Included in Each Suite
Microsoft: 4 stores
IBM: eMall, simple and advanced sample stores
iCat: 1 hardware store
OpenMarket: none
WebSite Pro: 1 bookstore
Intershop:3 stores
207 (c) Stephanie Denny and David Strom, 1998
Databases Supported in Each Suite
Microsoft: SQL Server
IBM: DB2
iCat: 4D, Sybase SQL Anywhere
WebSite: Access
Intershop: Sybase SQL 11
208 (c) Stephanie Denny and David Strom, 1998
Dealing With ODBC
Have to understand how to set up data sources
Intimate knowledge of your data structure
Re-install ODBC drivers at least once!
Best to start with built-in database
209 (c) Stephanie Denny and David Strom, 1998
Store Wizards Included in Each Suite
WebSite Pro (but doesn’t do much)
Intershop (various wizards)
net.Commerce v3
MS Commerce
create appearance navigation registration, check out flows payment methods
210 (c) Stephanie Denny and David Strom, 1998
Tips Don’t install anything before making sure you have everything!
211 (c) Stephanie Denny and David Strom, 1998
WebSite Professional website.ora.com
Version 2, shipping since 9/97
US$799!
NT (or 95)
Supports Cybercash OR Internet Secure (Visa, MC)
One sample store (bookstore)
212 (c) Stephanie Denny and David Strom, 1998
Sample storefront
http://merchant.inline.net/admin
/
213 (c) Stephanie Denny and David Strom, 1998
WebSite Configuration Sheet
214 (c) Stephanie Denny and David Strom, 1998
Store Properties
Only can operate a single payment system
Run on a series of Access databases
Built-in tax table, but for N.Americans!
Well documented data structures in typical O’Reilly fashion
215 (c) Stephanie Denny and David Strom, 1998
Recommendations
Lowest priced suite by far!
iHTML is robust, but will take some learning
Nice store setup and organization of catalog
Good low-end solution
See Infoworld review
216 (c) Stephanie Denny and David Strom, 1998
Intershop
demo at presentation.intershop.com (admin/admin for store)
Includes Sybase SQL 11
US$5000, includes 3 mos. support
217 (c) Stephanie Denny and David Strom, 1998
Seven Different Managers
Catalog
Products
Store
Purchases
Inventory
Customers
Admin
218 (c) Stephanie Denny and David Strom, 1998
Characteristics
Everything managed via browser, which can get tedious
But you already have a database behind it
219 (c) Stephanie Denny and David Strom, 1998
Payment Options galore
220 (c) Stephanie Denny and David Strom, 1998
Recommendations
Most flexible payment options of any suite
Better at processing orders than site creation
Not good for large catalogs
221 (c) Stephanie Denny and David Strom, 1998
Microsoft Commerce (nee Merchant)
Still evolving
More of a development platform than a suite
Closely tied to IIS, SQL Server et al.
222 (c) Stephanie Denny and David Strom, 1998
The many Microsoft servers
223 (c) Stephanie Denny and David Strom, 1998
Shopping with MS Commerce
224 (c) Stephanie Denny and David Strom, 1998
MS Commerce
225 (c) Stephanie Denny and David Strom, 1998
Microsoft Upsells
226 (c) Stephanie Denny and David Strom, 1998
Recommendations
If you are going to use any other MS apps
If you believe developers will follow
If you must stay on the cutting edge of MS products
227 (c) Stephanie Denny and David Strom, 1998
Commerce Server Specifics
NT, fast Pentium with 128 M RAM essential
US$5000
www.microsoft.com/commerce
228 (c) Stephanie Denny and David Strom, 1998
iCat Electronic Commerce Suite
229 (c) Stephanie Denny and David Strom, 1998
iCat Process
Use four-step process
Make changes to staging db
Use designer and built-in catalog
Then post changes to production db
230 (c) Stephanie Denny and David Strom, 1998
Create Your Database
Can use bundled Sybase SQL Anywhere
Enter upsells, promotions, and discounts
231 (c) Stephanie Denny and David Strom, 1998
Design Your Templates
Look and feel of storefront
Design views of catalog
232 (c) Stephanie Denny and David Strom, 1998
Setup Your Hard Disk
Locate your files
Setup your web server
233 (c) Stephanie Denny and David Strom, 1998
Set Misc. Options
Matching sales tax rates to zip codes
Use registration and indexing tools
234 (c) Stephanie Denny and David Strom, 1998
iCat Demo Catalogs
www.icat.com/catalogs/democats.htm
Demonstrate variety of options
Several different stores to view
235 (c) Stephanie Denny and David Strom, 1998
Recommendations
No wizards, all browser-based forms
Tedious but straightforward
Lots of third-party add-on tools
Best for people new to db or the ‘net
Best if you don’t have computer-based accounting system yet
236 (c) Stephanie Denny and David Strom, 1998
iCat Specifics
NT, fast Pentium with 128 M of RAM
US$9000 for professional version
www.icat.com
237 (c) Stephanie Denny and David Strom, 1998
IBM Net.Commerce
238 (c) Stephanie Denny and David Strom, 1998
Included
IBM’s Go Web Server
DB2 database
Shopping trolley system
Credit card verifier, eTill software
239 (c) Stephanie Denny and David Strom, 1998
Several ways to setup your store
Use nine-step wizard with populated catalog
Use wizard with empty catalog
Start from scratch
Import existing databases
240 (c) Stephanie Denny and David Strom, 1998
Recommendations
Great if you already use DB2 for inventories
Most security-conscious suite
More depth than iCat
Start with all IBM defaults to save time
241 (c) Stephanie Denny and David Strom, 1998
Net.Commerce Specifics
NT, fast Pentium with 64 M of RAM
AIX, 390, OS/400, Solaris
US$5000 Basic, $20,000 Pro
www.internet.ibm.com/net.commerce
242 (c) Stephanie Denny and David Strom, 1998
New in version 3.1
“Intelligent Catalog”
Java-based wizards to setup and manage store
Recognizes shopping preferences and upsells
New SET payment server but not worth using
Integration with Domino Merchant
See Infoworld review
243 (c) Stephanie Denny and David Strom, 1998
OpenMarket
High end solution
Worldnet offers hosting of OM servers
Still needs customization!
244 (c) Stephanie Denny and David Strom, 1998
Recommendations
If you can afford it ....
Really the price covers lots of consulting time
High transactions and throughput needs
245 (c) Stephanie Denny and David Strom, 1998
OpenMarket Specifics
Various Unix
US$250,000 and up!
www.openmarket.com
246 (c) Stephanie Denny and David Strom, 1998
Do it Yourself Path
Traditional merchant banking approach
More risk, especially when your payment system is on the ‘net
247 (c) Stephanie Denny and David Strom, 1998
Steps Involved for DIY’ers
Get a web server
Get merchant software
Integrate with your back end systems
catalogs inventory customer accounts
Be prepared to do lots of coding
248 (c) Stephanie Denny and David Strom, 1998
The 90s Help Wanted
Wanted: Webmaster
Required skills: High proficiency in various web based programming, development tools, CGI, cookies, DNS, eCommerce, FTP, HTML 2.0 through 3.02, IIS Server admin, Javascript, Java, MS SQL, Netscape server admin, NT Server admin, perl, Unix admin, web security
249 (c) Stephanie Denny and David Strom, 1998
One DIY solution
IIS
PerlShop shopping cart
OuterNet Commerce ISP hosting site
First American Payment Systems
Verisign certificates
Fees: $800 setup, $500/yr, $50/month
What isn’t working: perl scripts to make credit card payments!
250 (c) Stephanie Denny and David Strom, 1998
But First: Consider the Customer
251 (c) Stephanie Denny and David Strom, 1998
How Customers Buy Stuff
Sometimes have partial orders
Sometimes cancel orders
Sometimes inventory systems lie
Sometimes shipments are returned
252 (c) Stephanie Denny and David Strom, 1998
Purchasing Stages
One product has a 14-stage process!
Need to gather so many items:
Shipping info Item inventory, pricing Order pricing “Last chance” (upsells, cancel out)
All this means: get thee to a database!
253 (c) Stephanie Denny and David Strom, 1998
What is Needed
A way to track orders
Provide shipping status
Provide payment status
254 (c) Stephanie Denny and David Strom, 1998
Our Recommendation: email!
Capture that email address
Use it for status reports
Outcalls and future upsells
Reminders
But how do you validate the address these days?
255 (c) Stephanie Denny and David Strom, 1998
Payment System Considerations
Do customers need accounts and profiles?
yes: reduces the amount a visitor has to type
no: less of a privacy concern Should shopping be persistent across the session?
yes: use accounts or cookies Should all communications be via SSL?
yes: then you’ll need the appropriate browsers and servers Do I want to have multiple stores on a single server?
256 (c) Stephanie Denny and David Strom, 1998
Merchant Back-end Integration
Financial interactions
Clerical interactions
257 (c) Stephanie Denny and David Strom, 1998
Credit Card Issues
Separate authorization from settlement
authorize when order received, but ship within 24 hrs of settlement, and beware of stale backorder data
Consumers can chargeback
either need a physical signature or evidence of verified shipping address
Opening a merchant account (see
www.shopsite.com/help/payment.merchant.html) 258 (c) Stephanie Denny and David Strom, 1998
Electronic Bill Presentment
Saves on paper but requires lots of coordinated systems
Can show bills with nice fonts, interactive applications
Is separate process from the actual payment system
259 (c) Stephanie Denny and David Strom, 1998
Electronic Bill Presentment Issues
Does the processor use EBP with merchant bank?
Can users browsers support these new applications
Java applets
Active X controls etc.
Reconciliation requires access to both dispute and payout information
260 (c) Stephanie Denny and David Strom, 1998
Microsoft’s MSFDC
A means to standardize on presentment
Have both web-based access and special consumer-based software
Former “Marble” server, read white paper at:
www.microsoft.com/finserv/marblewp.htm
Requires NT, SQL Server, IIS, etc.
261 (c) Stephanie Denny and David Strom, 1998
Other EBP efforts
Open Financial Exchange (www.ofx.net)
www.Integrion.Net
CheckFree’s E-Bill (getbills.checkfree.com)
262 (c) Stephanie Denny and David Strom, 1998
eBill
Most popular and in widest practice
Schwab and Intuit/Quicken are supporters
Most threatened by MSFDC
263 (c) Stephanie Denny and David Strom, 1998
OFX
Started with Intuit
Trying to standarize on too much at once: data transfers account inquiries financial applications and transactions
Verisign Financial Server (US$1200)
digitalid.verisign.com/ofxIntro.htm
264 (c) Stephanie Denny and David Strom, 1998
Integrion
Banking-intensive plus IBM
No other software supporter, BUT…
Combining forces with CheckFree
Trying to establish their “Gold Standard” vs. OFX
265 (c) Stephanie Denny and David Strom, 1998
What about SET?
IBM, Verifone having second thoughts
Specs still at 1.0 (barely)
Just handles the buyer authentication piece
Trial with Citibank/SG
www.visa.com for more info 266 (c) Stephanie Denny and David Strom, 1998
What about OBI?
Open Buying on the Internet
A bunch of standards: SSL, X12 EDI, X.509 PKI
Exchange of purchase order info
Unresolved issues:
who owns the catalog? how much infrastructure is really needed?
knitting together a solid solution is more than enumerating standards!
267 (c) Stephanie Denny and David Strom, 1998
Topic VII: Installing and Operating Your Own Storefront
What you need to know
What you need to buy
268 (c) Stephanie Denny and David Strom, 1998
You Need to be a Superhero:
Part web designer
Internet technologist
SQL database admin
Payment system maven
269 (c) Stephanie Denny and David Strom, 1998
Things You’ll Need to Discover
Are your sales and marketing staff web-savvy?
Is your accounting system adaptable to web purchases?
How do you reconcile these accounts?
Does your business owner understand Internet culture?
Can anyone find you
270 (c) Stephanie Denny and David Strom, 1998
Dealing with search engines
Some use , some use
Keep descriptions at top of your home page short and sweet
Web Review article: webreview.com/97/10/17/webmaster
271 (c) Stephanie Denny and David Strom, 1998
The Most Under-rated Skill:
PATIENCE!
272 (c) Stephanie Denny and David Strom, 1998
Components Needed to Operate a Web Storefront
Database of items to sell and current inventories
Secure web server
Searchable catalog server
Connections to backend payments and financial servers
Shopping cart system
Checkout/payment system
Don’t forget about security!
273 (c) Stephanie Denny and David Strom, 1998
Which Database Server?
Pick before anything else
Core of your store revolves around the database:
inventory system accounting system catalog system
274 (c) Stephanie Denny and David Strom, 1998
Database Server Recommendations
Use existing client/server db if possible
SQL Server: best with MS tools
Oracle: if you know pSQL already
Informix: all other situations
275 (c) Stephanie Denny and David Strom, 1998
Database/web Tools
Develop your own forms
Query your database
Develop your own catalog
276 (c) Stephanie Denny and David Strom, 1998
Why is a Catalog Important?
Your customers view of your store
Current with your own inventory and offerings
Don’t want to sell what you don’t have
277 (c) Stephanie Denny and David Strom, 1998
Catalog Software
Cadis.com, US$1500
Centor.com, US$50,000
Dataware.com, US$1800
Elekom.com, US$25,000
Isadra.com, US$10,000
278 (c) Stephanie Denny and David Strom, 1998
279
Other catalogs Product Icat (www.icat.com) Intershop (www.intershop.com) CatSmart WebCatalog (www.pacific coast.com) Cat@log (www.thevisionfactory.com) Impulse (www.inetrep.com) Price range US$3-10,000 3-8,000 10,000 2500 3-4000 <$1000
(c) Stephanie Denny and David Strom, 1998
Another choice: outsourced catalog!
ShopSite
IBM Home Page Creator
mypage-products.ihost.com
(N. America only)
Mindspring with Mercantec
280 (c) Stephanie Denny and David Strom, 1998
ShopSite demo
www.reliablehost.com/cgi-bin/bo/start.cgi
username: test8
password: test
281 (c) Stephanie Denny and David Strom, 1998
Tool Recommendations
Cold Fusion, www.allaire.com
Sapphire/Web, www.bluestone.com
282 (c) Stephanie Denny and David Strom, 1998
Which Web Server?
Hundreds to choose from
Must support SSL and/or SHTTP
Platform isn’t important, really
283 (c) Stephanie Denny and David Strom, 1998
Get Your Certificates in Order
Bring up form inside web server
Send to Verisign on letterhead with credit card (!)
Receive cert from Verisign
Install on your web server
284 (c) Stephanie Denny and David Strom, 1998
What can a Shopping cart do?
Simplify ordering process
Track multiple purchases for a single visitor
Display items purchased
Calculate total prices, tax, shipping charges
Track item attributes (colors, styles, sizes)
285 (c) Stephanie Denny and David Strom, 1998
Different Shopping cart Methods
Account-based Cookie-based; see
www.cookiecentral.com
Encoded URLs
286 (c) Stephanie Denny and David Strom, 1998
Shopping cart Programs
S-Mart:
www.rcinet.com/~brobison/scripts
Minishop:
www.egrafx.com/minishop
mvend:
www.iac.net/~mikeh/mvend.html
PerlShop:
www.arpanet.com/perlshop 287 (c) Stephanie Denny and David Strom, 1998
Commercial Programs
Internet Shopping Cart Server:
www.webisland.com/cart
Rent-A-Cart:
www.rent-a-cart.com
CyberCart:
www.lobo.net/~rtweb
AutoCart:
www.autocart.com/Autocart
WebCart:
www.staff.net/webcart.html
SoftCart:
www.mercantec.com
WWWOrder:
www.virtualcenter.com/scripts2/WWWOrder.htm
l 288 (c) Stephanie Denny and David Strom, 1998
Shopping cart Example www.asizip.com (SoftCart)
Shopping basket Cookies to track purchases Simple navigation
289 (c) Stephanie Denny and David Strom, 1998
Payment Systems for SSL
ICVerify, www.icverify.com
Worldpay/PSI www.psi.net/worldpay
290 (c) Stephanie Denny and David Strom, 1998
ICVerify Process
Customer submits 16+4 through SSL browser connection Merchant swre records to a file ICVerify submits to bank ICVerify receives response from bank, creates answer file Merchant swre retrieves answer, sends response to customer No per transaction fee!
291 (c) Stephanie Denny and David Strom, 1998
Supported Merchant Servers for ICVerify
MS Merchant, Commerce Oracle Payment Mercantec SoftCart Internet Factory Merchant InterShop Online
292 (c) Stephanie Denny and David Strom, 1998
ICVerify Demo Download
www.icverify.com/library/ downloads/icvdemo20.
html 293 (c) Stephanie Denny and David Strom, 1998
WorldPay and PSI
Multicurrency payments
>100 for product prices 16 different ones for settlement Have to host your web at PSI Includes SoftCart and iCat software as well US$1000 + US$1400/yr
294 (c) Stephanie Denny and David Strom, 1998
WorldPay Demo
www.worldpay.com/demo/store.html
295 (c) Stephanie Denny and David Strom, 1998
Prices of Typical Products Product Inex SoftCart MallManager WebCatalog Saqqara VPOS WebMate
296
Type Accounting Shopping Cart Catalog Catalog Search tool Payment server Development tool
(c) Stephanie Denny and David Strom, 1998
Price US$6000 900 2000 1600 700 2500 750
Inex Demo
Financial backend strength
Store front and some aspects of suite
www.inex-corp.com
297 (c) Stephanie Denny and David Strom, 1998
Don’t Forget About Security
Make sure you protect your web site!
See “Ten ways” article from Winn Schwartau
Limit access, isolate servers, lock down scripts, so forth
See
www.nwfusion.com/netresources/0202hack1.htm
l 298 (c) Stephanie Denny and David Strom, 1998
What About Web Server Load Balancing?
Resonate, HydraWeb, Cisco
IBM Interactive Network Dispatcher, www.ics.raleigh.ibm.com/netdispatch
Packeteer PacketShaper, www.packeteer.com
Others at www.techweb.com/se/directlink.cgi?NWC199708
01S0026
299 (c) Stephanie Denny and David Strom, 1998
Putting Together Your Own Solution
Mercantec shopping cart
SQL Server database
ICVerify payment system
WebCatalog
IIS web server
Total price:
300 (c) Stephanie Denny and David Strom, 1998
Don’t Forget the Process and People
Put together policies and procedures book that describe what you did
Gather forms for your business partners to sign up for ISPs if needed
Document how to make changes to your product catalog via the web
Approach your trading partners with solutions, not problems!
301 (c) Stephanie Denny and David Strom, 1998
Conclusions
eCommerce crosses many different skill sets
Software is still too dicey in many areas
Standards aren’t much use right now
Suites don’t offer much in the way of integration
DIY may be the best solution
302 (c) Stephanie Denny and David Strom, 1998
Some eCommerce Resources
Web Review article on NT, Mac Suites:
webreview.com/98/01/23/feature/
Windows Sources reviews of 3 eCommerce suites:
web1.zdnet.com/wsources/content/0697/ntadmin.html
My Infoworld reviews
www.strom.com/pubwork/iworld.html
www.webcompare.com, all the web servers you could
ask for PC Magazine review of various products
www5.zdnet.com/products/content/pcmg/1620/pcmg0 024.html
303 (c) Stephanie Denny and David Strom, 1998
For future reference
Copy of this presentation (Powerpoint):
www.strom.com/pubwork/vegas98t275.ppt
And list of all the relevant links mentioned:
www.strom.com/pubwork/vegas98.html
304 (c) Stephanie Denny and David Strom, 1998
Acronyms
B2B Business to business DIY Do It Yourself EBP Electronic Bill Presentment URLs Universal Resource Locator SSL Secure Sockets Layer OFX Open Financial Exchange SHTTP Secure web protocol HTTP 305 (c) Stephanie Denny and David Strom, 1998
Conclusion
Review
Q&A
David Strom +1 516 944 3407 david@strom.com
306 (c) Stephanie Denny and David Strom, 1998