Internet Commerce: Understanding Payments, Security and
Download
Report
Transcript Internet Commerce: Understanding Payments, Security and
Internet Commerce:
Understanding Payments, Security and
Storefronts
presented by:
David Strom
Port Washington NY USA
[email protected], +1 (516) 944-3407
(c) David Strom and Stephanie Denny, 1998
1
Why This Tutorial
A
successful web storefront must accommodate
the common forms of electronic payment in use
today
Good storefront design and tactics will increase
sales
Tough to evaluate various payment systems,
standards and products
(c) David Strom and Stephanie Denny, 1998
2
What This Course is Not About
Mathematics
of Public Key Cryptography
In-depth discussion of Visa® and MasterCard®
operating regulations for eCommerce
Legal advice for eCommerce issues related to
operating a web storefront
Writing your own storefront systems from
scratch
In-depth on security issues
(c) David Strom and Stephanie Denny, 1998
3
For future reference
Copy
of this presentation (Powerpoint) and
resources:
www.strom.com/pubwork/ecommerce
(c) David Strom and Stephanie Denny, 1998
4
Course Topics
Good
and bad web storefront design, defining
successful eCommerce ventures
What are relevant eCommerce standards and
why should I care?
Overview and demonstration of payment
systems that are working on the Internet today
Choosing service providers or suites
Installing and operating your own storefront
(c) David Strom and Stephanie Denny, 1998
5
Course Approach
Overview
of major payment systems and
storefront products
Give real-life examples and online demos
Help relate information to your own situation
Provide insight into different approaches,
technologies
Discuss pros and cons of each
Multiple Q&A sessions
(c) David Strom and Stephanie Denny, 1998
6
My Background
I’ve
been involved in the Internet for some time
Have used most of the products we demonstrate
Have consulted to a few of the vendors, but still
have strong opinions
(c) David Strom and Stephanie Denny, 1998
7
My Beliefs
My
perspective is from the consumer’s
viewpoint, as well as from the merchant’s
I believe that eCommerce is the next
evolutionary step in the web
Most eCommerce has had accidental success to
date
(c) David Strom and Stephanie Denny, 1998
8
Topic 1: Introduction to Internet
Marketing
Advantages
and disadvantages
Speed of adoption is immense!
Different kinds of approaches
(c) David Strom and Stephanie Denny, 1998
9
Internet Marketing
Look
good to the public,
be on the cutting edge
Supplement
be real-time
Focus
on global niches,
be high-content
Avoid
traditional channels,
the trailing edge,
the competition is already doing it
(c) David Strom and Stephanie Denny, 1998
10
Advantages
Direct,
one-to-one marketing opportunity
Allows you to learn useful information and
build customer relationships
Relatively inexpensive medium compared to
advertising, direct mail or telemarketing
Capacity to be a major distribution channel
Results are measurable, sometimes
(c) David Strom and Stephanie Denny, 1998
11
Challenges
Most
say that eCommerce is taking off, just
differ on the rate!
How do we convince the general public that
they will really like eCommerce?
Focus initially has been on business-to-business
uses
(c) David Strom and Stephanie Denny, 1998
12
Obstacles to Wide Deployment
Easy
forms of payment
Trust in the system
Perceived benefits outweigh the risk (What’s in
it for me?)
Technology and infrastructure still primitive
(c) David Strom and Stephanie Denny, 1998
13
One Example: Domain Names!
Typo.net
AmericaOffline.com
Sell
ad space on things like:
amazom.com
www.eartlink.net
Is
the Internet a great place or what?
(c) David Strom and Stephanie Denny, 1998
14
Time To Reach a Mass Market
VCRs:
30 years
TV: 25 years
Cell phones: 15 years
Credit cards, ATMs: 10 years
Internet usage: <10 years!!
(c) David Strom and Stephanie Denny, 1998
15
Some Conclusions
Consumer
control of privacy is essential
most folks simply want the choice of opting out
The
granularity of control must be fine, e.g.,
over number and frequency;
over categories of interests; and/or
over (indirect) dissemination to third-parties
Regardless,
there are likely legal issues,
when maintaining/using a consumer database
(c) David Strom and Stephanie Denny, 1998
16
Topic 2: What Becomes Success?
Overview
of eCommerce market
Review physical storefront success factors
Propose some definitions
Define success for the web
Draw up five eCommerce principles
(c) David Strom and Stephanie Denny, 1998
17
Overview of eCommerce Market
Predictions
Success
factors
Five principles
(c) David Strom and Stephanie Denny, 1998
18
eCommerce Revenue Predictions
are Wide-Ranging
Source
1996 (B$US)
2000 est. (B$ US)
IDC
$2.2
94
Forrester
1.4
117
Jupiter
.7
15.6
Dataquest
6.4
56
(c) David Strom and Stephanie Denny, 1998
19
Not to mention all the PC sales
Gateway
sells $4MM /day
Dell sells $5MM/day
Compaq sells $6MM/day (including resellers)
That’s $4 Billion/yr right there!
(c) David Strom and Stephanie Denny, 1998
20
Let’s Keep Our Perspective
Size
of US movie industry -- $6B!
Size of adult video rentals - $6B!
Total US music sales -- $6B!
(Forrester says $288M in 1998 online music+books)
(c) David Strom and Stephanie Denny, 1998
21
Ticketmaster
US$5
million/month via the web in sales
Started 11/96
Generating lots of new buyers, who wouldn’t
ordinarily use their service
(c) David Strom and Stephanie Denny, 1998
22
Then there is Disney.com
Web
site Daily Blast signing up 15k
members/month
Sales via web are equal to 3x-5x of physical
Disney store!
(c) David Strom and Stephanie Denny, 1998
23
And of Course, There is the Porn
Industry
“However,
extensive interviews with adult site
owners yield a picture of a highly charged
market of approximately 10,000 sites generating
about $1 billion in revenue per year, most
through electronic credit card transactions.”
From Interactive Week
(c) David Strom and Stephanie Denny, 1998
24
Sad State of Today’s eCommerce
Marketplace
Poor
quality tools
Hard-to-find stores
Limited payment methods
Credit card snooping perceptions
Older browser versions can’t view latest sites
(c) David Strom and Stephanie Denny, 1998
25
Case in Point: Buying a Bike Rack
Item
not carried: outdated catalog
Telesales not familiar with web
No cross-sell or substitutions online
Needed three phone calls to complete purchase
(c) David Strom and Stephanie Denny, 1998
26
Let’s Learn From the “Real
World”
Compare
what works for physical stores
Try to extend to the web
(c) David Strom and Stephanie Denny, 1998
27
Critical Success Factors for
Physical Storefronts
Location
Branding
Good
service
Good product selection
Proper pricing and margins
Traffic
(c) David Strom and Stephanie Denny, 1998
28
First Problem:
None
of these translate on the ‘net!
(c) David Strom and Stephanie Denny, 1998
29
Now Try to Agree on Definitions
for Web Stores
What
determines a good location?
Position on a search page
Nearness to popular destination
Ad on a popular server
What
determines branding?
Memorable domain name
Popular search category destination
(c) David Strom and Stephanie Denny, 1998
30
An Example of bad location:
Montana Meats
www.imt.net/~lingerie/buffalo/buffalo.html
Can’t
they afford their own domain name?
www.company.com/~anything is BAD NEWS!
(c) David Strom and Stephanie Denny, 1998
31
Another Case: Buying Toner and
Batteries
www.cartridgesusa.com, www.batterybarn.com
Catalog
shows pictures of parts
Easy to find relevant item
But payment acknowledgement incomplete
(c) David Strom and Stephanie Denny, 1998
32
Determining Traffic
Hard
to do -- is it hits, page views, registered
users?
[HITS = How Idiots Track Success]
Hard to measure -- do you count gifs? Use log
files?
No general agreement on any metrics!
(c) David Strom and Stephanie Denny, 1998
33
Traditional Advertising Doesn’t
Apply Anymore
Can’t
measure anything
Every site has its own banner sizes
The Web is not TV
(c) David Strom and Stephanie Denny, 1998
34
One Working Definition of
Success:
SURVIVAL!
If
a site is still running after 12 months, and
getting more traffic, it is a success.
(c) David Strom and Stephanie Denny, 1998
35
Does a site actually have to sell
something?
Many
actual eCommerce sites don’t do the
complete transaction (Cisco)
Require faxes or telephone calls!
Some merely have catalogs
A good example: Singapore Power Authority
www.spower.com.sg/readmeter.cgi?cmd=form
(c) David Strom and Stephanie Denny, 1998
36
Good eCommerce Examples
Easy
to find merchandize
Good service
Individual customization is key
Simple navigation
Make payments easy
(c) David Strom and Stephanie Denny, 1998
37
AMP Connect
Have
customers in 100 countries
Speak many languages
Produce 400 catalogs covering 135,000 items
Mailings cost US$7MM/yr
Fax back cost US$800,000/yr
But you can’t buy anything directly!
(c) David Strom and Stephanie Denny, 1998
38
Solution: “Step Searching”
Saqqara.com
software to enhance Oracle
database
Provide user feedback as they type in the query
Show how many matches in the database
Different mechanisms for searching:
by part number
by alphabetical names
by part family
by picture even
(c) David Strom and Stephanie Denny, 1998
39
AMP
connect.ampincorporated.com
(c) David Strom and Stephanie Denny, 1998
40
AMP Connect (con’t)
And
can set to list parts that are available in
specific countries!
Updated daily with over 200 item changes
Detailed drawings saves time for customers to
pick the right item
Saved AMP over US$5MM in production costs
Saved US$1MM in translation costs
(c) David Strom and Stephanie Denny, 1998
41
First Principle of eCommerce:
Make
it easy to buy!
(c) David Strom and Stephanie Denny, 1998
42
Amazon.com
Services frequent readers with a variety of programs
Editorial comments
If you liked this book, you’ll like...
Notification of new books by author, topic
Simplified “1 Click” ordering
Uses simple pages and email
Associates program for commission kickbacks
Gift certificates via email
And ... lots of books to choose from
(c) David Strom and Stephanie Denny, 1998
43
Amazon
(c) David Strom and Stephanie Denny, 1998
44
Update your directories!
This
one is almost a year old
www.asiapage.com/alist.html#jewellery
(c) David Strom and Stephanie Denny, 1998
45
Second Principle of eCommerce:
Deliver
solid service!
(c) David Strom and Stephanie Denny, 1998
46
Dell
Most
notable site for computer buyers
Customize the features you want via a web form
Simplifies and personalizes the shopping
experience
WYSIWYB (buy)
>US$5MM/day in sales!
(c) David Strom and Stephanie Denny, 1998
47
Dell
(c) David Strom and Stephanie Denny, 1998
48
Canadiantire.com
eFlyer
uses email notification along with web
forms
Customize exactly what coupons and deals are
sent to you
(c) David Strom and Stephanie Denny, 1998
49
Third Principle of eCommerce:
Individual
customization is key
(c) David Strom and Stephanie Denny, 1998
50
BMW Motors
Example
of what not to do
Use gratuitous graphics
Cheesy low-res videos
Toys, not tools
(c) David Strom and Stephanie Denny, 1998
51
BMW
(c) David Strom and Stephanie Denny, 1998
52
Compare with Subaru
Find
specific information about each car
Can price options to your particular needs
(c) David Strom and Stephanie Denny, 1998
53
A better example: fishing licenses
Simple,
quick, and does the job with a
minimum of clutter
www.permit.com
(c) David Strom and Stephanie Denny, 1998
54
Fourth Principle of eCommerce:
Make
navigation simple!
Use small graphics, site maps, indexes
Avoid graphics just to display text
Avoid plug-ins to complete purchase process
Avoid link and button clutter, frames
(c) David Strom and Stephanie Denny, 1998
55
How NOT to Design a Payment
Screen
www.netmar.com/new/norderform.shtml
(c) David Strom and Stephanie Denny, 1998
56
Common mistakes with payments
Provide
too few or too many order confirmation
pages
Confusing methods and misplaced buttons on
order page
Make it hard for customers to buy things
Don’t make your customers read error screens
(c) David Strom and Stephanie Denny, 1998
57
Fifth Principle of eCommerce:
Make
payments easy!
(c) David Strom and Stephanie Denny, 1998
58
Topic 3: eCommerce Standards
SSL
(encrypted transactions)
SET (authenticate buyers)
OFX (bill presentment)
OBI (exchange purchase orders)
(c) David Strom and Stephanie Denny, 1998
59
Some Disclaimers
Standards
are still in motion
Multiple approaches means they don’t always
work as intended
May be eclipsed by events (eg, SET) and
consumer behavior
Moral: lots of programming still required!
(c) David Strom and Stephanie Denny, 1998
60
SSL: Encrypt Transactions
Why
encrypt?
Principles of cryptosystems
Understand certificate management
(c) David Strom and Stephanie Denny, 1998
61
Why Encrypt? TRUST!
Ensure
your customer is authorized to use his
account
Customer wants to make sure you are the legit
seller
Ensure payment is received
Ensure goods are received
(c) David Strom and Stephanie Denny, 1998
62
Four Principles of Cryptosystems
Privacy
of message contents
Authentication of parties involved
Integrity of data transmitted
Non-repudiation of transactions
(c) David Strom and Stephanie Denny, 1998
63
Privacy
Privacy means that the message contents cannot
be seen by anyone but the intended parties
Accomplished through the use of encryption
(c) David Strom and Stephanie Denny, 1998
64
Authentication
Authentication means that each party involved
in the transaction is identified as legitimate
Accomplished through the use of certificates
A certificate is a notarized public key (like a passport
or a driver’s license)
Issued by a trusted third party called a Certificate
Authority
Binds the certificate owner to the public key within
the certificate
(c) David Strom and Stephanie Denny, 1998
65
Integrity
Integrity of data means that it cannot be altered
by anyone during transmission, to avoid a
“man in the middle” attack
Encryption allows only the intended recipient
to open the digital envelope
A digital envelope (or ”hash”) = contents of an
encrypted message + digital signature
(c) David Strom and Stephanie Denny, 1998
66
Non-repudiation
Non-repudiation means both parties to the
transaction are ensured that the message is
genuine and cannot be disputed
Parties are identified with certificates that have
been notarized by a trusted Certificate
Authority
It will be much harder for customers to claim
they never placed the order
(c) David Strom and Stephanie Denny, 1998
67
Why Should You Get a
Certificate?
You want those who visit your web site to know
you are a legitimate business
A certificate is required to operate a secure
server (SSL)
(c) David Strom and Stephanie Denny, 1998
68
Certificate Authorities (CAs)
Trusted third parties, similar to notaries
Can be external or internal (server is managed
within your own company)
Choice of a CA may depend on your merchant
server software
(c) David Strom and Stephanie Denny, 1998
69
Public Key Cryptography
Customer’s
Private Key
Customer’s
Public Key
Merchant’s
Public Key
Merchant’s
Private Key
Public keys are shared and widely distributed
Private keys are kept secret by the holder of the key
Both pairs of keys are required to complete secure
transaction
(c) David Strom and Stephanie Denny, 1998
70
Public and Private Key Pairs
A
public key is disclosed and widely
distributed with no adverse affects
Used to encrypt or decrypt information
Works only in conjunction with its paired
private key
(c) David Strom and Stephanie Denny, 1998
71
Public and Private Key Pairs
A
private key is held and used only by its
owner
If a private key is compromised, it must be
replaced immediately
Today’s real-world example: lost or stolen credit
cards must be blocked and replaced
(c) David Strom and Stephanie Denny, 1998
72
Public and Private Key Pairs
Real-world
example: Dual control of keys for
your safe deposit box — it can only be opened
with two keys — yours as well as the bank’s
(c) David Strom and Stephanie Denny, 1998
73
Steps in Certificate Creation
Refer to you server software documentation for
selection of a CA and instructions
Generally, you will do the following:
Generate a key pair of public and private keys
Send the public key and other information to CA
CA verifies information provided
Upon verification, CA creates a certificate containing
public key and expiration date
The Certificate is sent back to applicant and may be
posted publicly, if appropriate
(c) David Strom and Stephanie Denny, 1998
74
Examples of Certificate
Authorities
VeriSign
www.Verisign.com
GTE
CyberTrust Solutions, Inc.
www.cybertrust.gte.com
Thawte Consulting
www.thawte.com
(c) David Strom and Stephanie Denny, 1998
75
Certificate Creation
Demo of key generation and certificate request
(c) David Strom and Stephanie Denny, 1998
76
Different Classes of Certs
Class
1 (unambiguos name, email,
PIN/encryption recommended)
Class 2 (adds address check for US/Canada,
required PIN/encryption)
Class 3 (adds document check, recommends
tokens)
(c) David Strom and Stephanie Denny, 1998
77
Certificate Management
Once public key certificates are issued, they
must be managed to maintain integrity
They contain expiration dates
They may be revoked for various reasons
Upon expiration, certificates must be renewed or
reissued
This is a consideration for using an external CA,
as opposed to managing an internal CA
(c) David Strom and Stephanie Denny, 1998
78
How is this accomplished?
Secure
servers and browsers
Capable of strong encryption (up to 128 bit)
40 bit encryption is no longer considered adequate
for financial transactions
Digital
certificates
Ensure
the identity of the certificate holder
Also called digital IDs
The
common protocol in use today is Secure
Sockets Layer (SSL)
(c) David Strom and Stephanie Denny, 1998
79
Secure Sockets Layer Protocol
(SSL)
Authenticates
the merchant server
Merchant Certificate obtained from trusted
Certificate Authority
Provides
privacy through encryption of the
message for both the sender and receiver
Secure “pipe” negotiates maximum encryption
compatible at browser and server for each message
transmitted
Ensures
integrity of data transmitted
Message authenticity check (algorithm)
(c) David Strom and Stephanie Denny, 1998
80
Secure Sockets Layer Protocol
(SSL)
Merchant’s Certificate (Digital ID) can be viewed by any secure browser
https://
in the URL = a secure connection
SSL allows customers to verify who the
merchant is
The merchant’s digital ID does not certify the
integrity of the merchant
(c) David Strom and Stephanie Denny, 1998
81
Secure Sockets Layer Protocol
(SSL)
Customer Order with
Payment Information
Encrypted
order sent
SSL
Customer order decrypted
at merchant server
encrypts the customer order, which
includes the payment information
This data is sent from the customer to the
merchant via a secure “pipe”
(c) David Strom and Stephanie Denny, 1998
82
What SSL Doesn’t Encrypt
Once
the data arrives on the secure server, it
could be stored in an insecure location!
Or if someone has physical access to your
desktop or server
(c) David Strom and Stephanie Denny, 1998
83
SSL: How do you get a certificate
for your merchant server?
Apply
to Certificate Authority
Instructions built into merchant server software
You
will be asked to provide valid business
license and other ID
Cost is dependent upon level of certification
(c) David Strom and Stephanie Denny, 1998
84
Encryption Strength
It
is illegal to export outside the US products
containing encryption that is stronger than 40
bits
It is not illegal to use encryption stronger than
40 bits internationally
Financial institutions do not consider 40-bit
encryption adequate for Internet transactions
(c) David Strom and Stephanie Denny, 1998
85
Encryption Strength
Newer
browser and server software are capable
of 128-bit encryption
128-bit encryption is exponentially stronger
than 40-bit encryption
(c) David Strom and Stephanie Denny, 1998
86
SET: Authenticate Buyers
What
is the protocol
How it works
Advantages and disadvantages
(c) David Strom and Stephanie Denny, 1998
87
What is SET protocol?
Secure
Electronic Transaction protocol is a
common standard that was developed jointly by
Visa, MasterCard and other partners to ensure
the processing of secure transactions.
Based on RSA encryption
Uses public and private key pairs that have a
mathematical relationship
(c) David Strom and Stephanie Denny, 1998
88
How is SET Different from SSL?
Digital
certificates for SET will be paymentspecific
Merchants will be certified as legitimate to accept
branded payment card transactions
Cardholders will be certified as valid account holders
Merchants will not see customer’s account number (it
will only be passed to the acquirer)
(c) David Strom and Stephanie Denny, 1998
89
How is SET Different from SSL?
With SET:
Merchant Server gets Customer’s Digital ID
minus the account number + Customer Order
Customer’s Digital ID
related to a specific account
+ Customer Order info
Acquirer gets order receipt +
Customer’s Digital ID with account number
(c) David Strom and Stephanie Denny, 1998
90
The Mechanics of SET
(1) Payment info sent from user to merchant
(2) Merchant confirms, fees charged
(3) Transaction to bank, funds debited/credited
(4) Merchant sends item to user (from
Computerworld)
(c) David Strom and Stephanie Denny, 1998
91
How Will Certificates (Digital
IDs) be Issued for eCommerce?
Hierarchy
of trust for certificate issuance
Visa and MasterCard will designate a Certificate
Authority to hold the Trusted Root
Merchants will obtain certificates from banks’ or
acquirers’ Certificate Authority, then store on SET
server software
Cardholders will obtain certificates (digital IDs)
from their banks’ Certificate Authority, then store in
electronic wallet
(c) David Strom and Stephanie Denny, 1998
92
MasterCard® Example of a
SET Transaction
http://www.mastercard.com/set/screen1.html
(c) David Strom and Stephanie Denny, 1998
93
MasterCard® Example of a
SET Transaction
http://www.mastercard.com/set/screen2.html
(c) David Strom and Stephanie Denny, 1998
94
MasterCard® Example of a
SET Transaction
http://www.mastercard.com/set/screen3.html
(c) David Strom and Stephanie Denny, 1998
95
MasterCard® Example of a
SET Transaction
http://www.mastercard.com/set/screen4.html
(c) David Strom and Stephanie Denny, 1998
96
MasterCard® Example of a
SET Transaction
http://www.mastercard.com/set/screen5.html
(c) David Strom and Stephanie Denny, 1998
97
SSL vs. SET
SSL
Server authentication
Not tied to payment method
Encrypted message to
merchant includes account
number
Message authenticity check
(MAC)
(c) David Strom and Stephanie Denny, 1998
Encrypted message does not
pass account number to
merchant
Integrity
98
Digital certificate tied to
certain payment method
Privacy
Integrity
Merchant certificate tied to
accept payment brands
Customer authentication
Privacy
Merchant certificate as
legitimate business
Possible for client
authentication
SET
Server authentication
Hash/message envelope
SET — the Answer to eCommerce
SET
has been proposed as the answer to secure
and interoperable eCommerce
It is not currently mandated by Visa and MasterCard
There are big implementation issues for all
concerned
The
SET protocol is definitely more secure than
SSL
However...
(c) David Strom and Stephanie Denny, 1998
99
SET — the Answer to eCommerce
Implementation
of SET has some big
drawbacks:
Lack of interoperability among systems
Management of public key infrastructure
Distribution of digital certificates requires action on
the part of the consumer
And
who will pay for all this?
Meanwhile, eCommerce goes on
(c) David Strom and Stephanie Denny, 1998
100
The Future of SET
Non-repudiation
of transactions through digital
certificates for both merchant and customer
SET may be the industry standard for payments,
but yet to be implemented
It will be far more difficult for a customer to
claim no knowledge of a transaction
Many demonstrations this fall and winter
(c) David Strom and Stephanie Denny, 1998
101
Electronic Bill Presentment
Saves on paper (typical bill cost $1 in postage
and processing, EBP saves half) but requires
lots of coordinated systems
Can show bills with nice fonts, interactive
applications
Is separate process from the actual payment
system
(c) David Strom and Stephanie Denny, 1998
102
Electronic Bill Presentment Issues
Does the processor use EBP with merchant
bank?
Can users browsers support these new
applications
Java applets
Active X controls etc.
Reconciliation requires access to both dispute
and payout information
(c) David Strom and Stephanie Denny, 1998
103
Microsoft’s MSFDC
A means to standardize on presentment
All customer data maintained by MSFDC
Have both web-based access and special
consumer-based software
Former “Marble” server, read white paper at:
www.microsoft.com/finserv/marblewp.htm
Requires NT, SQL Server, IIS, etc.
(c) David Strom and Stephanie Denny, 1998
104
Other EBP efforts
Open Financial Exchange (www.ofx.net)
www.Integrion.Net
CheckFree’s E-Bill (getbills.checkfree.com)
(c) David Strom and Stephanie Denny, 1998
105
eBill
Most
popular and in widest practice
Schwab and Intuit/Quicken are supporters
Most threatened by MSFDC
(c) David Strom and Stephanie Denny, 1998
106
OFX
Started
with Intuit
Trying to standarize on too much at once:
data transfers
account inquiries
financial applications and transactions
Verisign
Financial Server (US$1200)
digitalid.verisign.com/ofxIntro.htm
(c) David Strom and Stephanie Denny, 1998
107
Integrion
Banking-intensive
plus IBM
No other software supporter, BUT…
Combining forces with CheckFree
Trying to establish their “Gold Standard” vs.
OFX
Leave choice of how much customer data is
maintained up to the merchant
(c) David Strom and Stephanie Denny, 1998
108
What about OBI?
Open
Buying on the Internet
A bunch of standards: SSL, X12 EDI, X.509 PKI
Exchange of purchase order info
Unresolved issues:
who owns the catalog?
how much infrastructure is really needed?
knitting together a solid solution is more than
enumerating standards!
(c) David Strom and Stephanie Denny, 1998
109
Topic 4: Introduction to Payment
Systems
Structure,
properties and roles
Different devices
Credit Cards
Electronic Wallets
CyberCash
Setting
up a merchant account
Privacy issues
(c) David Strom and Stephanie Denny, 1998
110
Payment Basics
Issuer
Consumer
Access Point
Acquirer
BANK
Merchant
Access Point
• deposit & withdrawal
• transaction status inquiry
• authentication
• problem resolution
Consumer
(c) David Strom and Stephanie Denny, 1998
• purchase & refund
• transaction status inquiry
• authentication
• problem resolution
111
Merchant
Hierarchy
Payment
Clearing house between acquirers and issuers
Acquirer
System (clearing house)
(third-party processor)
Authorizes, processes and settles for merchant bank
Merchant
Bank
Accepts merchant deposit
Merchant
Accepts authorized cardholder transaction
(c) David Strom and Stephanie Denny, 1998
112
Difference Payment Pieces
System:
provides processing and settlement of
transactions
Gateway: software/services to support
eCommerce merchants, acquirers
Device: initiates transaction from credit/debit
card
(c) David Strom and Stephanie Denny, 1998
113
Attributes of Superior Payment
Systems
Universal,
world-wide acceptance
Recognized value
Reliability of transactions
Ease of use to customer
Capacity for quick settlement and collection
(c) David Strom and Stephanie Denny, 1998
114
Requirements
Mass
appeal
Easy payment by the customer
Have acceptable risk to bank and merchant
Accommodate changes, cancellations and
returns
(c) David Strom and Stephanie Denny, 1998
115
Let’s Consider the Customer
Changes
the order
Doesn’t fill out all fields even when asked
Mistype credit card and other data
Cancels order entirely or never finishes order
process
(c) David Strom and Stephanie Denny, 1998
116
Objectives in Offering Payment
Choices
Customers
like choices, but remember: they are
here to buy stuff!
Make it safe for everyone involved: customer,
merchant, and banks
Consider how easy it is for your customer to
use, not just how easy it is for you to manage
Payments in a virtual world should imitate
those in the real world
(c) David Strom and Stephanie Denny, 1998
117
Properties of Payment Systems
Transaction
cost
Transaction directionality
Real-time authorization/validation
System scalability
Privacy
(c) David Strom and Stephanie Denny, 1998
118
Three Real-World Examples
Cost
Direction Validation
Scale
Privacy
no
extreme
yes
maybe
high
no
yes
high
no
Cash very low two-way
Check
low
one-way
Card moderate one-way
(c) David Strom and Stephanie Denny, 1998
119
Other Properties
How
much software does the buyer need to
install?
Does it come with the desktop operating system?
Does it come with the browser or other software?
What
third-party clearinghouse is used?
Provide trusted relationships
Reduce risk, complexity in processing
(c) David Strom and Stephanie Denny, 1998
120
Virtual Money is the Currency of
the Future
That
future is already here
This idea is scary to many people
Consumers (they can’t “see” it)
Banks (many bankers don’t understand it)
Acquirers (they want to know the difference)
The Government (they can’t control it)
It
is not unlike MO/TO transactions today
(c) David Strom and Stephanie Denny, 1998
121
The Way Things are on the Web
Today
Some
payments are authorized off-line, through
traditional POS terminals
E-mail message to customer later (hopefully),
confirming order and shipping information
Many
merchant servers connect with payment
authorization systems
Authorization is real-time during the web session,
and the sale is completed with secure server and
browser software
(c) David Strom and Stephanie Denny, 1998
122
The Way Things are on the Web
Today: Secure and Un-Secure
Secure
transactions via secure browsers and
servers with SSL
Un-secure transactions with lack of proper
encryption (account numbers sent “in the
clear”) via e-mail messages
Un-secure transactions due to “export” versions
of browser and/or server software
(c) David Strom and Stephanie Denny, 1998
123
The Way Things are on the Web
Today
Secure
transactions do not guarantee the
validity of the customer account information
A high percentage of credit charge-backs for MO/TO
transactions are for “merchandise not received”
Address verification services can help protect you,
and in some cases are required
(c) David Strom and Stephanie Denny, 1998
124
Examples of Payment Systems
(Clearing Houses)
Federal
Reserve System for clearing checks
Visa and MasterCard transaction networks
American Express
Novus (Discover)
(c) David Strom and Stephanie Denny, 1998
125
Examples of Acquirers
(Processors)
First
Data Corp.
Paymentech
National Data Corp.
Bank of America Merchant Services
Many processors (acquirers) process multiple
brands as part of their service
(c) David Strom and Stephanie Denny, 1998
126
Internet Payment Devices
Credit
cards, debit cards
Off-line accounts
Electronic cash
Electronic checks
(c) David Strom and Stephanie Denny, 1998
127
A Taxonomy of Approaches
transmit “16+4” over the Internet?
no
yes
yes
buyer encrypts?
buyer signs?
yes
S-HTTP
PGP
no
plaintext
no
GlobeID
SSL
128
no
synchronous?
yes
CyberCash
SET
(c) David Strom and Stephanie Denny, 1998
yes
no
merchant decrypts?
yes
buyer confirms?
off-line alias
no
VirtualPIN
Different Ways to Capture
Customer
Online
Post-authorization
Batch
(c) David Strom and Stephanie Denny, 1998
129
Online Capture
Happens
simultaneously with authorization of
transaction
Fastest method of capture for online merchants
who can guarantee same-day shipment of goods
(c) David Strom and Stephanie Denny, 1998
130
Post-Authorization Capture
Capture
is a separate step from authorization of
transaction; post-auth message instructs bank to
capture transaction
Example of use is for delayed shipping of
merchandise
(c) David Strom and Stephanie Denny, 1998
131
Batch Capture
Transactions
are captured in a batch mode after
authorization (like post-auth capture)
Multiple authorizations are submitted at one
time for capture
The batch is transmitted through gateway
(CyberCash) to the bank for funds transfer and
merchant account reconciliation
(c) David Strom and Stephanie Denny, 1998
132
Credit cards, debit cards
JCB,
Visa, MasterCard, Discover, American
Express
Buyer gets card from issuing bank
Merchant is sponsored by acquiring bank
Merchant knows buyer and authorizes payment
(c) David Strom and Stephanie Denny, 1998
133
How Credit Cards Work
Transactions
authorized against customer’s line
of credit at issuer (promise to pay)
At point of settlement, cardholder’s account is
charged and merchant’s account is credited
Transactions subject to chargeback to merchant
under certain conditions
Lack of proper authorization
Lack of proper identification / address verification
(c) David Strom and Stephanie Denny, 1998
134
Plaintext Transaction Process
buyer
(c) David Strom and Stephanie Denny, 1998
trans
merchant
16+4
135
16+4
S-HTTP/SSL Features
Supply 16+4 in encrypted form
Require merchant to have a cert signed by a
trusted third-party
Requirement of client-side cert is a trade-off:
yes: buyer must “register” before making purchase
(S-HTTP, SSLv3); or,
no: no assurance as to buyer’s identity (SSL)
Merchant site becomes a credit card repository
(c) David Strom and Stephanie Denny, 1998
136
SSL Transaction Process
buyer
(c) David Strom and Stephanie Denny, 1998
trans
E(16+4)
merchant
137
16+4
“Off-line” Accounts
Electronic
wallets
CyberCash® Wallet
Microsoft® Wallet
Verifone® vWALLET
GlobeSET Wallet
SM
All
these may provide access to credit, debit,
e-cash or electronic check accounts
(c) David Strom and Stephanie Denny, 1998
138
“Off-line” Account Services
Credit
card and other account numbers are
stored by the service provider in a database, and
are not transmitted to the merchant
Instead, a “PIN” is used by the customer at the
point of purchase (cross-reference for actual
account number)
Consumer must initiate account set-up in
advance of making any purchases
(c) David Strom and Stephanie Denny, 1998
139
How Electronic Wallets Work
Today
Consumer must initiate request for electronic “wallet”
software
Credit card or other account numbers are given to
provider one time before any purchases are made
Account numbers, stored by provider in a database, are
not transmitted; instead, a “PIN” is used to pay
Closed system: only available to participating
merchants and cardholders who have signed up in
advance
(c) David Strom and Stephanie Denny, 1998
140
How Electronic Wallets Will
Work in the Future
With
SET protocol, will contain digital IDs with
encrypted account information
Since digital IDs will be tied to specific
accounts, wallets will keep track of all that
information
At that point, wallets will be widely distributed
and universally accepted
(c) David Strom and Stephanie Denny, 1998
141
Interoperability is the Key
Wallets
will become widely used when the
following events occur:
Mass distribution of wallets to consumers is easily
made
Will be accepted by all merchants, regardless of
wallet brand or payment brand
(c) David Strom and Stephanie Denny, 1998
142
Visa® Example of Electronic
Wallet
www.visa.com/cgi-bin/vee/nt/sec/no_shock/virt_wallet_L.html?2+0
(c) David Strom and Stephanie Denny, 1998
143
Visa® Example of Wallet
Registration (Digital ID)
www.visa.com/cgi-bin/vee/nt/sec/no_shock/registering_L.html
(c) David Strom and Stephanie Denny, 1998
144
Other Wallet Examples
GlobeSET
Microsoft
Wallet (in Win98, IE 4.01) (both SSL
and SET)
(c) David Strom and Stephanie Denny, 1998
145
Some Problems with Wallets
Not transferable to other wallets or other PCs
Not available for use at many web storefronts
Just solve a small part of the overall payment
process
(c) David Strom and Stephanie Denny, 1998
146
CyberCash System
Three
systems: CyberCash, CyberCoin,
CyberCheck
CyberCash operates a gateway between acquirer
and the Internet
Merchants given the choice of capture via:
SSL; or
the CyberCash Wallet
If
wallet-based, merchant doesn’t see 16+4
(c) David Strom and Stephanie Denny, 1998
147
How It Works
Buyer’s
wallet receives invoice from merchant’s
server
Buyer’s wallet sends sales order to merchant’s
server:
signed with buyer’s public key; and,
includes 16+4 encrypted with gateway’s public key
(c) David Strom and Stephanie Denny, 1998
148
How It Works (cont.)
Merchant
sends transaction to gateway:
signed with merchant’s public key; and,
includes buyer’s sales order
Gateway
verifies signature, and:
decrypts 16+4 using its private key;
submits transaction into credit card network; and,
returns results to merchant who tells buyer
(c) David Strom and Stephanie Denny, 1998
149
CyberCash System Transaction
Process
buyer
S(trans)
merchant
E(16+4)
(c) David Strom and Stephanie Denny, 1998
S(trans)
E(16+4)
150
3rd-party
trans
16+4
CyberCash System Properties
C ost
m odest
D irection V alidation
one-w ay
(c) David Strom and Stephanie Denny, 1998
yes
151
Scale
P rivacy
m odest
no
What’s in a CyberCash Wallet?
Credit
card accounts
Debit card accounts
PayNow™ check service (for electronic payments
from checking account; like debit cards)
CyberCoin account (for “micro-payments”)
(c) David Strom and Stephanie Denny, 1998
152
CyberCash Secure Internet Credit
Card Payment
http://a.dn.cybercash.com/cybercash/info/sixsteps.html
(c) David Strom and Stephanie Denny, 1998
153
CyberCash as a Merchant Service
Provider
CyberCash
provides the merchant with
CashRegister software to authorize and process
payments
CyberCash is neither an acquirer nor a bank,
but is a provider of payment software for
eCommerce (a gateway)
CyberCash provides an advanced level of
encryption for financial information passed
from their database to acquirers (not SSL)
(c) David Strom and Stephanie Denny, 1998
154
CyberCash CashRegister®
Software
Integrates
with a variety of operating systems
and merchant storefront software
Can be used with or without consumer wallets
Non-wallet transactions use SSL
$500 initial fee, $50/month plus 10
cents/transaction
Some programming required perl (Unix) or
VBScript (NT)
(c) David Strom and Stephanie Denny, 1998
155
CyberCash CashRegister®
Software
However,
you must still arrange for a merchant
deposit account with your bank or independent
service provider
If you are having trouble setting up a merchant
account with a bank, contact CyberCash for
assistance
(c) David Strom and Stephanie Denny, 1998
156
Credit Card Payment Demo
Credit
card transaction with CyberCash —
No Wallet
CyberCash Wallet transaction
(c) David Strom and Stephanie Denny, 1998
157
CyberCash Benefits
CashRegister
Software is free to merchant
Supports wallet and non-wallet payments
No additional charges to merchant — fees to
CyberCash are paid by acquirers
CyberCash is presently the largest gateway
service provider for Internet merchants
Their products will evolve
(c) David Strom and Stephanie Denny, 1998
158
Electronic Cash (e-cash)
CyberCoin®
Service of CyberCash, part of Wallet
Currently available with Microsoft Wallet
Mondex®
Licensed by MasterCard International, Inc.
Smart card-based system
Digicash®
(c) David Strom and Stephanie Denny, 1998
159
Mark Twain Bank is Worth Looking At:
www.marktwain.com/digifaq.html#Help
Look at their customer support disclaimer —they get an “A” for honesty!
(c) David Strom and Stephanie Denny, 1998
160
SSL Payment Systems
ICVerify, www.icverify.com
PCAuthorize, www.tellan.com
Worldpay/PSI, www.psi.net/worldpay
AuthorizeNet, www.authorizenet.com
Internet Secure, www.internetsecure.com
Check
out
www.ihtmlmerchant.com/creditcard.htm
(c) David Strom and Stephanie Denny, 1998
161
Other Merchant Providers to
Consider
Online
Financial Services (OFS)
http://ofs.web-charge.com/signup1.html
Internet
www.internetsecure.com
Redi
Secure
Check / Redi Charge
www.redi-check.com
Merchant
Account Services
Provo, Utah 1-801-765-1111
(c) David Strom and Stephanie Denny, 1998
162
ICVerify Process
Customer submits 16+4 through SSL browser
connection
Merchant swre records to a file
ICVerify submits to bank
ICVerify receives response from bank, creates
answer file
Merchant swre retrieves answer, sends response to
customer
No per transaction fee!
(c) David Strom and Stephanie Denny, 1998
163
Supported Merchant Servers for
ICVerify
MS Site Server Commerce
Oracle Payment
Mercantec SoftCart
Internet Factory Merchant
InterShop Online
(c) David Strom and Stephanie Denny, 1998
164
ICVerify Demo
www.icverify.com/library/downloads/icvdemo20.
html
(c) David Strom and Stephanie Denny, 1998
165
Setting up Merchant Account
Providers
to consider
How to compare services
Choices in setting up account, fees
(c) David Strom and Stephanie Denny, 1998
166
All Merchant Providers Are Not
the Same
Compare
services
Which cards do they authorize?
Do they provide electronic check services?
Do they provide check guarantee services?
Compare
prices
Start-up fees
Monthly discount fees
Other service fees (per transaction)
Statement generation fees
(c) David Strom and Stephanie Denny, 1998
167
Choices for Setting Up a
Merchant Account
Go
to your local bank and set up your own
merchant account -- If they’ll take you, this may
give you the best discount rate
Join Costco warehouse membership store,
Executive Membership is $125, <2% plus 25
cents/transaction (www.costco.com/exec/credit.html)
Contract with CSP and process through them
Buy a software suite that includes merchant
account set-up
(c) David Strom and Stephanie Denny, 1998
168
Range of Credit Card Fees
Your Bank
CSP
Discount Rate: 1.5% - 5.0%
Application Fee: $100 - $300
Discount Rate: 1.5% - 5.0%
Per Transaction:
.20 - .30
Monthly Fee:
$10 - $25
(service / statement fee)
Chargeback Fee: Up to $25
Chargeback Reserves:
Up to 10% of sales, for up
to six months
(c) David Strom and Stephanie Denny, 1998
169
Regulations governing electronic
commerce transactions
Visa
/ MasterCard Operating Regs
Credit Card Rules for acquirers and merchants
Fair Credit Billing Act
Debit Card Rules
Regulation E
Consumer
Can Internet Protection Act be far behind?
Privacy
Telephone Protection Act
Principles
Yet to be mandated, but inevitable; and generally a
good idea
(c) David Strom and Stephanie Denny, 1998
170
What About Privacy?
Anonymity
issues
Confidentiality issues
Disclosure issues
Name and address info
Disclosure of transaction to a third party
Merchant’s identity
(c) David Strom and Stephanie Denny, 1998
171
Privacy Issues for the Consumer
Most
people just want to be asked for their
permission
Your customers don’t object so much if you use
their information to sell them other products
you may offer
But many object if you sell or rent their names
to someone else
(c) David Strom and Stephanie Denny, 1998
172
“Data Mining”: How much is
enough?
You
have the opportunity to build a customer
database for future sales
To what degree do you slice and dice?
If you slice too fine, are you missing
opportunities?
This leads to more privacy issues
(c) David Strom and Stephanie Denny, 1998
173
Topic 5: Choosing the Right
eCommerce Path
(c) David Strom and Stephanie Denny, 1998
174
Three Approaches:
Outsource
to a CSP
Buy suite of software
DIY
(c) David Strom and Stephanie Denny, 1998
175
Find an CSP
More
ISPs are offering eCommerce solutions
Have to use their software standards and
payment schemes
Could be pricey
Just catching on in USA
(c) David Strom and Stephanie Denny, 1998
176
Evaluating CSPs
Do
they offer storefront design?
Have in-house programmers?
Hosting of your own web server machine?
How many payment systems do they support?
What kinds of accounting reports do they offer?
(c) David Strom and Stephanie Denny, 1998
177
The Catch-22 of CSPs:
To
be successful, a provider has to promote his
products via the Internet and have detailed
descriptions on their own web sites!
But try to find this information isn’t easy.
(c) David Strom and Stephanie Denny, 1998
178
Some CSP Examples
www.psi.net/web/ecommerce.shtml
www.Best.com/bizcomm.html
www.Brainlink.com/html/saleslink.htm
www.Earthlink.net/company/webservices.html
IBM: mypage.ihost.com
www.Netcom.com
business.Mindspring.com/prod-svc/smbiz/
www.Mindrush.com/
www.outer.net/ONCommerce (OuterNet)
(c) David Strom and Stephanie Denny, 1998
179
Price Comparison for CSP hosting
Provider
Setup fee (US$) Monthly fee
(US$)
IBM
260
55
Earthlink
624
194
Netcom
450
300
Mindspring
175
324
(c) David Strom and Stephanie Denny, 1998
180
Plan name,
payment
options
Bronze, credit
cards
Premium Plus
Commerce Site,
credit cards
Commercial
Advantage,
credit cards,
Cybercash
Price Comparison assumptions
10
Mb disk storage
Single email account
InterNIC $100 fee included for domain name
(c) David Strom and Stephanie Denny, 1998
181
New CSP Approaches:
GeoShop
ViaWeb/Yahoo
iCat
Encanto
Tripod
(c) David Strom and Stephanie Denny, 1998
182
GeoShop
Builds
on GeoCities “communities” but for
merchants (www.geocities.com/join/geoshops)
$25/month for just commercial listings
$180/month (or more!) for actual transactions
working with Internet Commerce Services Corp. who
uses Open Market Transact servers
(c) David Strom and Stephanie Denny, 1998
183
ViaWeb/Yahoo
$100/month
(<50 items) or $300/month options
CyberCash processing $500 setup
Solid reporting and admin options
(c) David Strom and Stephanie Denny, 1998
184
iCat Commerce Online Hosting
Solution
Free
for <10 items, $99/mo. for 100 items
No per-transaction fees
Email and browser-based notifications of
purchase completion
Advanced items like upsell, featured products,
cybercash gateways
(c) David Strom and Stephanie Denny, 1998
185
Encanto
Turnkey
server/software for under $2000!
Payment gateway included ($50 initial,
$20/month)
Web storefront, shopping cart, catalog system
Secure cert required
All managed via browser, steps are clearly
documented
Demo at www.encanto.com/ego/demo
(c) David Strom and Stephanie Denny, 1998
186
One Way to Support Lots of
Payment Systems
Wired-2-Shop
www.wired-2shop.com/TestDrive/Admin/PaymentList.asp
(c) David Strom and Stephanie Denny, 1998
187
The Suite Approach
Leading
contenders
What is part of the suite and what isn’t
Prices and platforms
(c) David Strom and Stephanie Denny, 1998
188
Popular eCommerce Suites
Vendor, Product
Version
Price
Platform
ICat
Elec Comm Suite
3.0
$3500 $10,000
NT, 95,
Solaris, Irix
IBM
Net.Commerce
3.1
$5000 $20,000
Microsoft
SiteServer Commerce
3.0
$4600
NT, AIX,
Solaris,
AS/400,
S/390
NT
IBM/Lotus
Domino Merchant
2.0
$3500 $9000
(c) David Strom and Stephanie Denny, 1998
189
NT
Popular eCommerce Suites (con’t)
Vendor, Product
Version
Price
Platform
OM Transact
Open Market
4.0
$250,000
Unix
Intershop Online
Intershop
3.0
$5000
NT
Unix
WebSite Pro
O'Reilly
2.3
$800
NT, 95
(c) David Strom and Stephanie Denny, 1998
190
Four Typical Elements
Catalog
Storefront
designer
Ordering/inventory system
Shopping cart/check out system
(c) David Strom and Stephanie Denny, 1998
191
The Cold Hard Reality of Suites
Suites
are nothing more than collection of
products
Lack integration among various elements
Difficult to setup, customize, and use
Require you to live “inside” their structure
Limited payment options
Sounds like early MS Office
(c) David Strom and Stephanie Denny, 1998
192
Payment Systems Included in
Each Suite
Microsoft:
Verifone, Buy Now
IBM (Net.Commerce): Verifone, SET/eTill
Domino Merchant: CyberCash, Verifone
iCat: CyberCash, CheckFree, others
OpenMarket: Verifone
WebSite Pro: IC Verify, PC Authorize,
CyberCash, others
Intershop: CyberCash, ICVerify, others
(c) David Strom and Stephanie Denny, 1998
193
Sample Stores Included in Each
Suite
Microsoft:
4 stores
IBM: eMall, simple and advanced sample stores
Domino: 1 store
iCat: 1 hardware store
OpenMarket: none
WebSite Pro: 1 bookstore
Intershop: 3 stores
(c) David Strom and Stephanie Denny, 1998
194
Databases Supported in Each
Suite
Microsoft:
SQL Server
IBM:
DB2
Domino: Notes
iCat: 4D, Sybase SQL Anywhere
WebSite: Access
Intershop: Sybase SQL 11
(c) David Strom and Stephanie Denny, 1998
195
Dealing With ODBC
Have
to understand how to set up data sources
Intimate knowledge of your data structure
Re-install ODBC drivers at least once!
Best to start with built-in database
(c) David Strom and Stephanie Denny, 1998
196
Store Wizards Included in Each
Suite
Net.Commerce
(the best)
WebSite Pro (but doesn’t do much)
Intershop (various wizards)
MS Commerce (although you’ll really need to
know COM!)
(c) David Strom and Stephanie Denny, 1998
197
Tips
Don’t
install anything before making sure you
have everything!
Downloads for free, but they expire
Can you export existing files to these systems?
(c) David Strom and Stephanie Denny, 1998
198
WebSite Professional
website.ora.com
Version
2, shipping since 9/97
US$799!
NT
(or 95)
Supports seven different payment processors:
SSL, CyberCash
One sample store (bookstore)
(c) David Strom and Stephanie Denny, 1998
199
Sample storefront
http://merchant.inline.net/admin/
(c) David Strom and Stephanie Denny, 1998
200
WebSite Configuration Sheet
(c) David Strom and Stephanie Denny, 1998
201
Store Properties
Only
can operate a single payment system
Run on a series of Access databases
Built-in tax table, but for N.Americans!
Well documented data structures in typical
O’Reilly fashion
(c) David Strom and Stephanie Denny, 1998
202
Recommendations
Lowest
priced suite by far!
iHTML is robust, but will take some learning
Nice store setup and organization of catalog
Good low-end solution
(c) David Strom and Stephanie Denny, 1998
203
Intershop
demo
at 207.90.184.82 (admin/admin for store)
Includes Sybase SQL 11
US$5000, includes 3 mos. support
(c) David Strom and Stephanie Denny, 1998
204
Seven Different Managers
Catalog
Products
Store
Purchases
Inventory
Customers
Admin
(c) David Strom and Stephanie Denny, 1998
205
Characteristics
Everything
managed via browser, which can get
tedious
But you already have a database behind it
(c) David Strom and Stephanie Denny, 1998
206
Payment Options galore
(c) David Strom and Stephanie Denny, 1998
207
Recommendations
Most
flexible payment options of any suite
Better at processing orders than site creation
Not good for large catalogs
(c) David Strom and Stephanie Denny, 1998
208
Microsoft SiteServer Commerce
Still
evolving
More of a development platform than a suite
Closely tied to IIS, SQL Server et al.
(c) David Strom and Stephanie Denny, 1998
209
Shopping with MS Commerce
(c) David Strom and Stephanie Denny, 1998
210
Recommendations
If
you are going to use any other MS apps
If you believe developers will follow
If you must stay on the cutting edge of MS
products
Use with ClearCommerce.com front end if
possible
(c) David Strom and Stephanie Denny, 1998
211
Commerce Server Specifics
NT,
fast Pentium with 128 M RAM essential
US$5000
www.microsoft.com/commerce
(c) David Strom and Stephanie Denny, 1998
212
iCat Electronic Commerce Suite
Two
different versions: Standard and Pro
Pro (also runs on Solaris, Irix) and multi-user
database, performance enhancements, wider
payment options
(c) David Strom and Stephanie Denny, 1998
213
iCat Process
Use
four-step process
Make changes to staging db
Use designer and built-in catalog
Then post changes to production db
(c) David Strom and Stephanie Denny, 1998
214
Recommendations
No
wizards, all browser-based forms
Tedious but straightforward
Lots of third-party add-on tools
Best for people new to db or the ‘net
Best if you don’t have computer-based
accounting system yet
Used in their own hosting service
(c) David Strom and Stephanie Denny, 1998
215
iCat Specifics
NT,
fast Pentium with 128 M of RAM
US$9000 for professional version
www.icat.com
(c) David Strom and Stephanie Denny, 1998
216
IBM Net.Commerce
(c) David Strom and Stephanie Denny, 1998
217
Included
IBM’s
Go Web Server
DB2 database
Shopping trolley system
Credit card verifier, eTill software
(c) David Strom and Stephanie Denny, 1998
218
Several ways to setup your store
Use
nine-step wizard with populated catalog
Use wizard with empty catalog
Start from scratch
Import existing databases
(c) David Strom and Stephanie Denny, 1998
219
Recommendations
Great
if you already use DB2 for inventories
Most security-conscious suite
More depth than iCat
Start with all IBM defaults to save time
(c) David Strom and Stephanie Denny, 1998
220
Net.Commerce Specifics
NT,
fast Pentium with 64 M of RAM
AIX, 390, OS/400, Solaris
US$5000 Basic, $20,000 Pro
www.internet.ibm.com/net.commerce
(c) David Strom and Stephanie Denny, 1998
221
Latest features
“Intelligent
Catalog”
Java-based wizards to setup and manage store
Recognizes shopping preferences and upsells
Improved SET payment server, ad tracking
partnerships
Integration with Domino Merchant
Screencam demo
(c) David Strom and Stephanie Denny, 1998
222
Domino Merchant v2.0
Uses
Notes server, but not Notes clients
Payments, catalogs, wizards galore
Easiest to setup, difficult to add products
A good entry-level product for now
Screencam demo
(c) David Strom and Stephanie Denny, 1998
223
OpenMarket
High
end solution
Worldnet offers hosting of OM servers
Still needs customization!
(c) David Strom and Stephanie Denny, 1998
224
Recommendations
If
you can afford it ....
Really the price covers lots of consulting time
High transactions and throughput needs
Use with Icoms.com front end service ($1000 +
$100/month)
(c) David Strom and Stephanie Denny, 1998
225
OpenMarket Specifics
Various
Unix
US$250,000 and up!
www.openmarket.com
(c) David Strom and Stephanie Denny, 1998
226
Isn’t somebody missing from the
suite party?
Netscape
Oracle
(c) David Strom and Stephanie Denny, 1998
227
Topic 6: Installing and Operating
Your Own Storefront
What
you need to know
What you need to buy
(c) David Strom and Stephanie Denny, 1998
228
One DIY solution
IIS
PerlShop
shopping cart
ClearCommerce CSP
First American Payment Systems
Verisign certificates
Fees: $800 setup, $500/yr, $50/month
What took longest to work: perl scripts to make
credit card payments!
(c) David Strom and Stephanie Denny, 1998
229
The 90s Help Wanted
Wanted:
Webmaster
Required skills: High proficiency in various
web based programming, development tools,
CGI, cookies, DNS, eCommerce, FTP, HTML 2.0
through 3.02, IIS Server admin, Javascript, Java,
MS SQL, Netscape server admin, NT Server
admin, perl, Unix admin, web security
(c) David Strom and Stephanie Denny, 1998
230
You Need to be a Superhero:
Part
web designer
Internet technologist
SQL database admin
Payment system maven
(c) David Strom and Stephanie Denny, 1998
231
Things You’ll Need to Discover
Are
your sales and marketing staff web-savvy?
Is your accounting system adaptable to web
purchases?
How do you reconcile these accounts?
Does your business owner understand Internet
culture?
Can anyone find you
(c) David Strom and Stephanie Denny, 1998
232
The Most Under-rated Skill:
PATIENCE!
(c) David Strom and Stephanie Denny, 1998
233
Do it Yourself Path
Traditional merchant banking approach
More risk, especially when your payment
system is on the ‘net
(c) David Strom and Stephanie Denny, 1998
234
Steps Involved for DIY’ers
Get a web server
Get merchant software
Integrate with your back end systems
catalogs
inventory
customer accounts
Be prepared to do lots of coding
(c) David Strom and Stephanie Denny, 1998
235
Components Needed to Operate a
Web Storefront
Database
of items to sell and current inventories
Secure web server
Searchable catalog server
Connections to backend payments and financial
servers
Shopping cart system
Checkout/payment system
Don’t forget about security!
(c) David Strom and Stephanie Denny, 1998
236
Which Database Server?
Pick
before anything else
Core of your store revolves around the database:
inventory system
accounting system
catalog system
(c) David Strom and Stephanie Denny, 1998
237
Database Server
Recommendations
Use
existing client/server db if possible
SQL Server: best with MS tools
Oracle: if you know pSQL already
Informix: all other situations
(c) David Strom and Stephanie Denny, 1998
238
Database/web Tools
Develop
your own forms
Query your database
Develop your own catalog
(c) David Strom and Stephanie Denny, 1998
239
Why is a Catalog Important?
Your
customers view of your store
Current with your own inventory and offerings
Don’t want to sell what you don’t have
See catalog resources page
(c) David Strom and Stephanie Denny, 1998
240
Another choice: outsourced
catalog!
ShopSite/Open
Market
IBM Home Page Creator mypage-products.ihost.com
(N. America only)
Mindspring with Mercantec
(c) David Strom and Stephanie Denny, 1998
241
ShopSite demo
www.reliablehost.com/cgi-bin/bo/start.cgi
username:
test8
password: test
(c) David Strom and Stephanie Denny, 1998
242
Tool Recommendations
Cold
Fusion, www.allaire.com
Sapphire/Web, www.bluestone.com
(c) David Strom and Stephanie Denny, 1998
243
Which Web Server?
Hundreds
to choose from
Must support SSL and/or SHTTP
Platform isn’t important, really
(c) David Strom and Stephanie Denny, 1998
244
Get Your Certificates in Order
Bring
up form inside web server
Send to CA on letterhead with credit card (!)
Receive cert from CA
Install on your web server
(c) David Strom and Stephanie Denny, 1998
245
What can a Shopping cart do?
Simplify
ordering process
Track multiple purchases for a single visitor
Display items purchased
Calculate total prices, tax, shipping charges
Track item attributes (colors, styles, sizes)
(c) David Strom and Stephanie Denny, 1998
246
Different Shopping cart Methods
Account-based
Cookie-based;
Encoded
see www.cookiecentral.com
URLs
(c) David Strom and Stephanie Denny, 1998
247
Shopping cart Programs
S-Mart:
www.rcinet.com/~brobison/scripts
Minishop: www.egrafx.com/minishop
mvend: www.iac.net/~mikeh/mvend.html
PerlShop: www.arpanet.com/perlshop
(c) David Strom and Stephanie Denny, 1998
248
Commercial Programs
Internet Shopping Cart Server:
www.webisland.com/cart
Rent-A-Cart: www.rent-a-cart.com
CyberCart: www.lobo.net/~rtweb
AutoCart: www.autocart.com/Autocart
WebCart: www.staff.net/webcart.html
SoftCart: www.mercantec.com
WWWOrder:
www.virtualcenter.com/scripts2/WWWOrder.html
(c) David Strom and Stephanie Denny, 1998
249
Shopping cart Example
www.asizip.com (SoftCart)
Shopping basket
Cookies to track purchases
Simple navigation
(c) David Strom and Stephanie Denny, 1998
250
Payment Choices
Use
gateway (CyberCash, ICVerify) or service
provider?
Do you need support for multiple currencies?
Do you have to host your store elsewhere?
Do you understand the fee structure?
(c) David Strom and Stephanie Denny, 1998
251
Again, Merchant Providers Differ
Compare
services
Which cards do they authorize?
Do they provide electronic check services?
Do they provide check guarantee services?
Compare
prices
Start-up fees
Monthly discount fees
Other service fees (per transaction)
Statement generation fees
(c) David Strom and Stephanie Denny, 1998
252
WorldPay and PSI
Multicurrency payments
>100 for product prices
16 different ones for settlement
Have to host your web at PSI
Includes SoftCart and iCat software as well
US$1000 + US$1400/yr
(c) David Strom and Stephanie Denny, 1998
253
WorldPay Demo
www.worldpay.com/demo/store.html
(c) David Strom and Stephanie Denny, 1998
254
Prices of Typical Products
Product
Inex
SoftCart
MallManager
WebCatalog
Saqqara
VPOS
WebMate
Type
Accounting
Shopping Cart
Catalog
Catalog
Search tool
Payment server
Development tool
(c) David Strom and Stephanie Denny, 1998
255
Price
US$6000
900
2000
1600
700
2500
750
Inex Demo
Financial
backend strength
Store front and some aspects of suite
www.inex.com
(c) David Strom and Stephanie Denny, 1998
256
Don’t forget about sales tax and
VAT!
Make
use of software from Taxware.com
Some of the catalogs and suites have databases
to deal with this
But you have to create them from scratch
(c) David Strom and Stephanie Denny, 1998
257
Dealing with search engines
Some
use <META>, some use <TITLE>
Keep descriptions at top of your home page
short and sweet
Review information on
SearchEngineWatch.com
Web Review article:
webreview.com/97/10/17/webmaster
(c) David Strom and Stephanie Denny, 1998
258
Don’t Forget About Security
Make
sure you protect your web site!
See “Ten ways” article from Winn Schwartau
See “Eight Steps to Minimize Fraud” article
Limit access, isolate servers, lock down scripts,
so forth
See
www.nwfusion.com/netresources/0202hack1.html
and www.scambusters.org/Scambuster23.html
(c) David Strom and Stephanie Denny, 1998
259
Putting Together Your Own
Solution
SQL
Server database
CyberCash payment system
WebCatalog 3.0 (supports CCash)
IIS web server
Total price: <US$10,000
(c) David Strom and Stephanie Denny, 1998
260
Conclusions
eCommerce
crosses many different skill sets
Software is still too dicey in many areas
Standards aren’t much use right now
Suites don’t offer much in the way of
integration
DIY may be the best solution
(c) David Strom and Stephanie Denny, 1998
261
Acronyms
B2B
Business to business
CSP Commerce Service Provider
DIY Do It Yourself
EBP Electronic Bill Presentment
URLs Universal Resource Locator
SSL Secure Sockets Layer
OFX Open Financial Exchange
SHTTP Secure web protocol HTTP
(c) David Strom and Stephanie Denny, 1998
262
More Acronyms
ACH
CA
ISP
MAC
MICR
MO/TO
NACHA
PIN
PKC
POS
RSA
Automated Clearing House
Certificate Authority
Independent Service Provider
Message Authenticity Check
Magnetic Ink Character Recognition
Mail Order/Telephone Order
National Automated Clearing House Association
Personal Identification Number
Public Key Cryptography
Point of Sale
Rivest, Shamir and Adleman
(c) David Strom and Stephanie Denny, 1998
263
Thanks!
Review,
Q&A
David
Strom
+1 516 944 3407
[email protected]
(c) David Strom and Stephanie Denny, 1998
264