1 (c) David Strom and Stephanie Denny, 1998 Internet Commerce: Understanding Payments, Security and...
-
Upload
curtis-armstrong -
Category
Documents
-
view
218 -
download
2
Transcript of 1 (c) David Strom and Stephanie Denny, 1998 Internet Commerce: Understanding Payments, Security and...
(c) David Strom and Stephanie Denny, 1998
1
Internet Commerce:Understanding Payments, Security and Storefronts
presented by:
David StromPort Washington NY USA
[email protected], +1 (516) 944-3407
(c) David Strom and Stephanie Denny, 1998
2
Why This Tutorial
A successful web storefront must accommodate the common forms of electronic payment in use today
Good storefront design and tactics will increase sales
Tough to evaluate various payment systems, standards and products
(c) David Strom and Stephanie Denny, 1998
3
What This Course is Not About
Mathematics of Public Key Cryptography In-depth discussion of Visa® and
MasterCard® operating regulations for eCommerce
Legal advice for eCommerce issues related to operating a web storefront
Writing your own storefront systems from scratch
In-depth on security issues
(c) David Strom and Stephanie Denny, 1998
4
For future reference
Copy of this presentation (Powerpoint) and resources: www.strom.com/pubwork/ecommerce
(c) David Strom and Stephanie Denny, 1998
5
Course Topics
Good and bad web storefront design, defining successful eCommerce ventures
What are relevant eCommerce standards and why should I care?
Overview and demonstration of payment systems that are working on the Internet today
Choosing service providers or suites Installing and operating your own
storefront
(c) David Strom and Stephanie Denny, 1998
6
Course Approach
Overview of major payment systems and storefront products
Give real-life examples and online demos Help relate information to your own
situation Provide insight into different
approaches, technologies Discuss pros and cons of each Multiple Q&A sessions
(c) David Strom and Stephanie Denny, 1998
7
My Background
I’ve been involved in the Internet for some time
Have used most of the products we demonstrate
Have consulted to a few of the vendors, but still have strong opinions
(c) David Strom and Stephanie Denny, 1998
8
My Beliefs
My perspective is from the consumer’s viewpoint, as well as from the merchant’s
I believe that eCommerce is the next evolutionary step in the web
Most eCommerce has had accidental success to date
(c) David Strom and Stephanie Denny, 1998
9
Topic 1: Introduction to Internet Marketing
Advantages and disadvantages Speed of adoption is immense! Different kinds of approaches
(c) David Strom and Stephanie Denny, 1998
10
Internet Marketing
Look good to the public, be on the cutting edge
Supplement traditional channels, be real-time
Focus on global niches, be high-content
Avoid the trailing edge, the competition is already doing it
(c) David Strom and Stephanie Denny, 1998
11
Advantages
Direct, one-to-one marketing opportunity Allows you to learn useful information
and build customer relationships Relatively inexpensive medium compared
to advertising, direct mail or telemarketing
Capacity to be a major distribution channel
Results are measurable, sometimes
(c) David Strom and Stephanie Denny, 1998
12
Challenges
Most say that eCommerce is taking off, just differ on the rate!
How do we convince the general public that they will really like eCommerce?
Focus initially has been on business-to-business uses
(c) David Strom and Stephanie Denny, 1998
13
Obstacles to Wide Deployment
Easy forms of payment Trust in the system Perceived benefits outweigh the risk
(What’s in it for me?) Technology and infrastructure still
primitive
(c) David Strom and Stephanie Denny, 1998
14
One Example: Domain Names!
Typo.net AmericaOffline.com Sell ad space on things like:
amazom.com www.eartlink.net
Is the Internet a great place or what?
(c) David Strom and Stephanie Denny, 1998
15
Time To Reach a Mass Market
VCRs: 30 years TV: 25 years Cell phones: 15 years Credit cards, ATMs: 10 years Internet usage: <10 years!!
(c) David Strom and Stephanie Denny, 1998
16
Some Conclusions
Consumer control of privacy is essential most folks simply want the choice of opting
out The granularity of control must be fine,
e.g., over number and frequency; over categories of interests; and/or over (indirect) dissemination to third-parties
Regardless, there are likely legal issues, when maintaining/using a consumer database
(c) David Strom and Stephanie Denny, 1998
17
Topic 2: What Becomes Success?
Overview of eCommerce market Review physical storefront success
factors Propose some definitions Define success for the web Draw up five eCommerce principles
(c) David Strom and Stephanie Denny, 1998
18
Overview of eCommerce Market
Predictions Success factors Five principles
(c) David Strom and Stephanie Denny, 1998
19
eCommerce Revenue Predictions are Wide-Ranging
Source 1996 (B$US) 2000 est. (B$ US)
IDC $2.2 94
Forrester 1.4 117
Jupiter .7 15.6
Dataquest 6.4 56
(c) David Strom and Stephanie Denny, 1998
20
Not to mention all the PC sales
Gateway sells $4MM /day Dell sells $5MM/day Compaq sells $6MM/day (including
resellers) That’s $4 Billion/yr right there!
(c) David Strom and Stephanie Denny, 1998
21
Let’s Keep Our Perspective
Size of US movie industry -- $6B! Size of adult video rentals - $6B! Total US music sales -- $6B!
(Forrester says $288M in 1998 online music+books)
(c) David Strom and Stephanie Denny, 1998
22
Ticketmaster
US$5 million/month via the web in sales
Started 11/96 Generating lots of new buyers, who
wouldn’t ordinarily use their service
(c) David Strom and Stephanie Denny, 1998
23
Then there is Disney.com
Web site Daily Blast signing up 15k members/month
Sales via web are equal to 3x-5x of physical Disney store!
(c) David Strom and Stephanie Denny, 1998
24
And of Course, There is the Porn Industry
“However, extensive interviews with adult site owners yield a picture of a highly charged market of approximately 10,000 sites generating about $1 billion in revenue per year, most through electronic credit card transactions.”
From Interactive Week
(c) David Strom and Stephanie Denny, 1998
25
Sad State of Today’s eCommerce Marketplace
Poor quality tools Hard-to-find stores Limited payment methods Credit card snooping perceptions Older browser versions can’t view
latest sites
(c) David Strom and Stephanie Denny, 1998
26
Case in Point: Buying a Bike Rack
Item not carried: outdated catalog Telesales not familiar with web No cross-sell or substitutions online Needed three phone calls to complete
purchase
(c) David Strom and Stephanie Denny, 1998
27
Let’s Learn From the “Real World”
Compare what works for physical stores
Try to extend to the web
(c) David Strom and Stephanie Denny, 1998
28
Critical Success Factors for Physical Storefronts
Location Branding Good service Good product selection Proper pricing and margins Traffic
(c) David Strom and Stephanie Denny, 1998
29
First Problem:
None of these translate on the ‘net!
(c) David Strom and Stephanie Denny, 1998
30
Now Try to Agree on Definitions for Web Stores
What determines a good location? Position on a search page Nearness to popular destination Ad on a popular server
What determines branding? Memorable domain name Popular search category destination
(c) David Strom and Stephanie Denny, 1998
31
An Example of bad location: Montana Meats
www.imt.net/~lingerie/buffalo/buffalo.html Can’t they afford their own domain
name? www.company.com/~anything is BAD
NEWS!
(c) David Strom and Stephanie Denny, 1998
32
Another Case: Buying Toner and Batteries
www.cartridgesusa.com, www.batterybarn.com Catalog shows pictures of parts Easy to find relevant item But payment acknowledgement
incomplete
(c) David Strom and Stephanie Denny, 1998
33
Determining Traffic
Hard to do -- is it hits, page views, registered users?
[HITS = How Idiots Track Success] Hard to measure -- do you count gifs?
Use log files? No general agreement on any metrics!
(c) David Strom and Stephanie Denny, 1998
34
Traditional Advertising Doesn’t Apply Anymore
Can’t measure anything Every site has its own banner sizes The Web is not TV
(c) David Strom and Stephanie Denny, 1998
35
One Working Definition of Success:
SURVIVAL! If a site is still running after 12
months, and getting more traffic, it is a success.
(c) David Strom and Stephanie Denny, 1998
36
Does a site actually have to sell something?
Many actual eCommerce sites don’t do the complete transaction (Cisco)
Require faxes or telephone calls! Some merely have catalogs A good example: Singapore Power
Authority www.spower.com.sg/readmeter.cgi?cmd=form
(c) David Strom and Stephanie Denny, 1998
37
Good eCommerce Examples
Easy to find merchandize Good service Individual customization is key Simple navigation Make payments easy
(c) David Strom and Stephanie Denny, 1998
38
AMP Connect
Have customers in 100 countries Speak many languages Produce 400 catalogs covering
135,000 items Mailings cost US$7MM/yr Fax back cost US$800,000/yr But you can’t buy anything directly!
(c) David Strom and Stephanie Denny, 1998
39
Solution: “Step Searching”
Saqqara.com software to enhance Oracle database
Provide user feedback as they type in the query
Show how many matches in the database Different mechanisms for searching:
by part number by alphabetical names by part family by picture even
(c) David Strom and Stephanie Denny, 1998
40
AMP connect.ampincorporated.com
(c) David Strom and Stephanie Denny, 1998
41
AMP Connect (con’t)
And can set to list parts that are available in specific countries!
Updated daily with over 200 item changes
Detailed drawings saves time for customers to pick the right item
Saved AMP over US$5MM in production costs
Saved US$1MM in translation costs
(c) David Strom and Stephanie Denny, 1998
42
First Principle of eCommerce:
Make it easy to buy!
(c) David Strom and Stephanie Denny, 1998
43
Amazon.com
Services frequent readers with a variety of programs Editorial comments If you liked this book, you’ll like... Notification of new books by author, topic Simplified “1 Click” ordering
Uses simple pages and email Associates program for commission kickbacks Gift certificates via email And ... lots of books to choose from
(c) David Strom and Stephanie Denny, 1998
44
Amazon
(c) David Strom and Stephanie Denny, 1998
45
Update your directories!
This one is almost a year old www.asiapage.com/alist.html#jewellery
(c) David Strom and Stephanie Denny, 1998
46
Second Principle of eCommerce:
Deliver solid service!
(c) David Strom and Stephanie Denny, 1998
47
Dell
Most notable site for computer buyers Customize the features you want via a
web form Simplifies and personalizes the
shopping experience WYSIWYB (buy) >US$5MM/day in sales!
(c) David Strom and Stephanie Denny, 1998
48
Dell
(c) David Strom and Stephanie Denny, 1998
49
Canadiantire.com
eFlyer uses email notification along with web forms
Customize exactly what coupons and deals are sent to you
(c) David Strom and Stephanie Denny, 1998
50
Third Principle of eCommerce:
Individual customization is key
(c) David Strom and Stephanie Denny, 1998
51
BMW Motors
Example of what not to do Use gratuitous graphics Cheesy low-res videos Toys, not tools
(c) David Strom and Stephanie Denny, 1998
52
BMW
(c) David Strom and Stephanie Denny, 1998
53
Compare with Subaru
Find specific information about each car
Can price options to your particular needs
(c) David Strom and Stephanie Denny, 1998
54
A better example: fishing licenses
Simple, quick, and does the job with a minimum of clutter
www.permit.com
(c) David Strom and Stephanie Denny, 1998
55
Fourth Principle of eCommerce:
Make navigation simple! Use small graphics, site maps, indexes Avoid graphics just to display text Avoid plug-ins to complete purchase
process Avoid link and button clutter, frames
(c) David Strom and Stephanie Denny, 1998
56
How NOT to Design a Payment Screen
www.netmar.com/new/norderform.shtml
(c) David Strom and Stephanie Denny, 1998
57
Common mistakes with payments
Provide too few or too many order confirmation pages
Confusing methods and misplaced buttons on order page
Make it hard for customers to buy things
Don’t make your customers read error screens
(c) David Strom and Stephanie Denny, 1998
58
Fifth Principle of eCommerce:
Make payments easy!
(c) David Strom and Stephanie Denny, 1998
59
Topic 3: eCommerce Standards
SSL (encrypted transactions) SET (authenticate buyers) OFX (bill presentment) OBI (exchange purchase orders)
(c) David Strom and Stephanie Denny, 1998
60
Some Disclaimers
Standards are still in motion Multiple approaches means they don’t
always work as intended May be eclipsed by events (eg, SET)
and consumer behavior Moral: lots of programming still
required!
(c) David Strom and Stephanie Denny, 1998
61
SSL: Encrypt Transactions
Why encrypt? Principles of cryptosystems Understand certificate management
(c) David Strom and Stephanie Denny, 1998
62
Why Encrypt? TRUST!
Ensure your customer is authorized to use his account
Customer wants to make sure you are the legit seller
Ensure payment is received Ensure goods are received
(c) David Strom and Stephanie Denny, 1998
63
Four Principles of Cryptosystems
Privacy of message contents Authentication of parties involved Integrity of data transmitted Non-repudiation of transactions
(c) David Strom and Stephanie Denny, 1998
64
Privacy
Privacy means that the message contents cannot be seen by anyone but the intended parties
Accomplished through the use of encryption
(c) David Strom and Stephanie Denny, 1998
65
Authentication
Authentication means that each party involved in the transaction is identified as legitimate
Accomplished through the use of certificates A certificate is a notarized public key (like
a passport or a driver’s license) Issued by a trusted third party called a
Certificate Authority Binds the certificate owner to the public
key within the certificate
(c) David Strom and Stephanie Denny, 1998
66
Integrity
Integrity of data means that it cannot be altered by anyone during transmission, to avoid a “man in the middle” attack
Encryption allows only the intended recipient to open the digital envelope
A digital envelope (or ”hash”) = contents of an encrypted message + digital signature
(c) David Strom and Stephanie Denny, 1998
67
Non-repudiation
Non-repudiation means both parties to the transaction are ensured that the message is genuine and cannot be disputed
Parties are identified with certificates that have been notarized by a trusted Certificate Authority
It will be much harder for customers to claim they never placed the order
(c) David Strom and Stephanie Denny, 1998
68
Why Should You Get a Certificate?
You want those who visit your web site to know you are a legitimate business
A certificate is required to operate a secure server (SSL)
(c) David Strom and Stephanie Denny, 1998
69
Certificate Authorities (CAs)
Trusted third parties, similar to notaries
Can be external or internal (server is managed within your own company)
Choice of a CA may depend on your merchant server software
(c) David Strom and Stephanie Denny, 1998
70
Public Key Cryptography
Public keys are shared and widely distributed Private keys are kept secret by the holder of the
key Both pairs of keys are required to complete
secure transaction
Customer’sPrivate Key
Customer’sPublic Key
Merchant’sPublic Key
Merchant’sPrivate Key
(c) David Strom and Stephanie Denny, 1998
71
Public and Private Key Pairs
A public key is disclosed and widely distributed with no adverse affects
Used to encrypt or decrypt information Works only in conjunction with its
paired private key
(c) David Strom and Stephanie Denny, 1998
72
Public and Private Key Pairs
A private key is held and used only by its owner
If a private key is compromised, it must be replaced immediately Today’s real-world example: lost or stolen
credit cards must be blocked and replaced
(c) David Strom and Stephanie Denny, 1998
73
Public and Private Key Pairs
Real-world example: Dual control of keys for your safe deposit box — it can only be opened with two keys — yours as well as the bank’s
(c) David Strom and Stephanie Denny, 1998
74
Steps in Certificate Creation
Refer to you server software documentation for selection of a CA and instructions
Generally, you will do the following: Generate a key pair of public and private keys Send the public key and other information to CA CA verifies information provided Upon verification, CA creates a certificate
containing public key and expiration date The Certificate is sent back to applicant and may
be posted publicly, if appropriate
(c) David Strom and Stephanie Denny, 1998
75
Examples of Certificate Authorities
VeriSign www.Verisign.com
GTE CyberTrust Solutions, Inc. www.cybertrust.gte.com
Thawte Consulting www.thawte.com
(c) David Strom and Stephanie Denny, 1998
76
Certificate Creation
Demo of key generation and certificate request
(c) David Strom and Stephanie Denny, 1998
77
Different Classes of Certs
Class 1 (unambiguos name, email, PIN/encryption recommended)
Class 2 (adds address check for US/Canada, required PIN/encryption)
Class 3 (adds document check, recommends tokens)
(c) David Strom and Stephanie Denny, 1998
78
Certificate Management
Once public key certificates are issued, they must be managed to maintain integrity They contain expiration dates They may be revoked for various reasons Upon expiration, certificates must be
renewed or reissued This is a consideration for using an
external CA, as opposed to managing an internal CA
(c) David Strom and Stephanie Denny, 1998
79
How is this accomplished?
Secure servers and browsers Capable of strong encryption (up to 128 bit) 40 bit encryption is no longer considered
adequate for financial transactions Digital certificates
Ensure the identity of the certificate holder
Also called digital IDs The common protocol in use today is
Secure Sockets Layer (SSL)
(c) David Strom and Stephanie Denny, 1998
80
Secure Sockets Layer Protocol (SSL)
Authenticates the merchant server Merchant Certificate obtained from trusted
Certificate Authority Provides privacy through encryption of
the message for both the sender and receiver Secure “pipe” negotiates maximum
encryption compatible at browser and server for each message transmitted
Ensures integrity of data transmitted Message authenticity check (algorithm)
(c) David Strom and Stephanie Denny, 1998
81
Secure Sockets Layer Protocol (SSL)
https:// in the URL = a secure connection SSL allows customers to verify who the
merchant is The merchant’s digital ID does not certify
the integrity of the merchant
Merchant’s Certificate (Digital ID) can be viewed by any secure browser
(c) David Strom and Stephanie Denny, 1998
82
Secure Sockets Layer Protocol (SSL)
SSL encrypts the customer order, which includes the payment information
This data is sent from the customer to the merchant via a secure “pipe”
Customer Order withPayment Information
Encryptedorder sent
Customer order decryptedat merchant server
(c) David Strom and Stephanie Denny, 1998
83
What SSL Doesn’t Encrypt
Once the data arrives on the secure server, it could be stored in an insecure location!
Or if someone has physical access to your desktop or server
(c) David Strom and Stephanie Denny, 1998
84
SSL: How do you get a certificate for your merchant server?
Apply to Certificate Authority Instructions built into merchant server
software You will be asked to provide valid
business license and other ID Cost is dependent upon level of
certification
(c) David Strom and Stephanie Denny, 1998
85
Encryption Strength
It is illegal to export outside the US products containing encryption that is stronger than 40 bits
It is not illegal to use encryption stronger than 40 bits internationally
Financial institutions do not consider 40-bit encryption adequate for Internet transactions
(c) David Strom and Stephanie Denny, 1998
86
Encryption Strength
Newer browser and server software are capable of 128-bit encryption
128-bit encryption is exponentially stronger than 40-bit encryption
(c) David Strom and Stephanie Denny, 1998
87
SET: Authenticate Buyers
What is the protocol How it works Advantages and disadvantages
(c) David Strom and Stephanie Denny, 1998
88
What is SET protocol?
Secure Electronic Transaction protocol is a common standard that was developed jointly by Visa, MasterCard and other partners to ensure the processing of secure transactions.
Based on RSA encryption Uses public and private key pairs that
have a mathematical relationship
(c) David Strom and Stephanie Denny, 1998
89
How is SET Different from SSL?
Digital certificates for SET will be payment-specific Merchants will be certified as legitimate to accept
branded payment card transactions Cardholders will be certified as valid account holders Merchants will not see customer’s account number (it
will only be passed to the acquirer)
(c) David Strom and Stephanie Denny, 1998
90
How is SET Different from SSL?
Customer’s Digital IDrelated to a specific account
+ Customer Order info
Merchant Server gets Customer’s Digital IDminus the account number + Customer Order
Acquirer gets order receipt +Customer’s Digital ID with account number
With SET:
(c) David Strom and Stephanie Denny, 1998
91
The Mechanics of SET
(1) Payment info sent from user to merchant (2) Merchant confirms, fees charged (3) Transaction to bank, funds
debited/credited (4) Merchant sends item to user (from
Computerworld)
(c) David Strom and Stephanie Denny, 1998
92
How Will Certificates (Digital IDs) be Issued for eCommerce?
Hierarchy of trust for certificate issuance Visa and MasterCard will designate a
Certificate Authority to hold the Trusted Root Merchants will obtain certificates from banks’
or acquirers’ Certificate Authority, then store on SET server software
Cardholders will obtain certificates (digital IDs) from their banks’ Certificate Authority, then store in electronic wallet
(c) David Strom and Stephanie Denny, 1998
93
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen1.html
(c) David Strom and Stephanie Denny, 1998
94
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen2.html
(c) David Strom and Stephanie Denny, 1998
95
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen3.html
(c) David Strom and Stephanie Denny, 1998
96
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen4.html
(c) David Strom and Stephanie Denny, 1998
97
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen5.html
(c) David Strom and Stephanie Denny, 1998
98
SSL vs. SET
SSL Server authentication
Merchant certificate as legitimate business
Possible for client authentication Not tied to payment method
Privacy Encrypted message to
merchant includes account number
Integrity Message authenticity check
(MAC)
SET Server authentication
Merchant certificate tied to accept payment brands
Customer authentication Digital certificate tied to
certain payment method Privacy
Encrypted message does not pass account number to merchant
Integrity Hash/message envelope
(c) David Strom and Stephanie Denny, 1998
99
SET — the Answer to eCommerce
SET has been proposed as the answer to secure and interoperable eCommerce It is not currently mandated by Visa and
MasterCard There are big implementation issues for all
concerned The SET protocol is definitely more
secure than SSL However...
(c) David Strom and Stephanie Denny, 1998
100
SET — the Answer to eCommerce
Implementation of SET has some big drawbacks: Lack of interoperability among systems Management of public key infrastructure Distribution of digital certificates requires
action on the part of the consumer And who will pay for all this? Meanwhile, eCommerce goes on
(c) David Strom and Stephanie Denny, 1998
101
The Future of SET
Non-repudiation of transactions through digital certificates for both merchant and customer
SET may be the industry standard for payments, but yet to be implemented
It will be far more difficult for a customer to claim no knowledge of a transaction
Many demonstrations this fall and winter
(c) David Strom and Stephanie Denny, 1998
102
Electronic Bill Presentment
Saves on paper (typical bill cost $1 in postage and processing, EBP saves half) but requires lots of coordinated systems
Can show bills with nice fonts, interactive applications
Is separate process from the actual payment system
(c) David Strom and Stephanie Denny, 1998
103
Electronic Bill Presentment Issues
Does the processor use EBP with merchant bank?
Can users browsers support these new applications Java applets Active X controls etc.
Reconciliation requires access to both dispute and payout information
(c) David Strom and Stephanie Denny, 1998
104
Microsoft’s MSFDC
A means to standardize on presentment
All customer data maintained by MSFDC
Have both web-based access and special consumer-based software
Former “Marble” server, read white paper at: www.microsoft.com/finserv/marblewp.htm
Requires NT, SQL Server, IIS, etc.
(c) David Strom and Stephanie Denny, 1998
105
Other EBP efforts
Open Financial Exchange (www.ofx.net)
www.Integrion.Net CheckFree’s E-Bill
(getbills.checkfree.com)
(c) David Strom and Stephanie Denny, 1998
106
eBill
Most popular and in widest practice Schwab and Intuit/Quicken are
supporters Most threatened by MSFDC
(c) David Strom and Stephanie Denny, 1998
107
OFX
Started with Intuit Trying to standarize on too much at
once: data transfers account inquiries financial applications and transactions
Verisign Financial Server (US$1200) digitalid.verisign.com/ofxIntro.htm
(c) David Strom and Stephanie Denny, 1998
108
Integrion
Banking-intensive plus IBM No other software supporter, BUT… Combining forces with CheckFree Trying to establish their “Gold
Standard” vs. OFX Leave choice of how much customer
data is maintained up to the merchant
(c) David Strom and Stephanie Denny, 1998
109
What about OBI?
Open Buying on the Internet A bunch of standards: SSL, X12 EDI,
X.509 PKI Exchange of purchase order info Unresolved issues:
who owns the catalog? how much infrastructure is really needed? knitting together a solid solution is more
than enumerating standards!
(c) David Strom and Stephanie Denny, 1998
110
Topic 4: Introduction to Payment Systems
Structure, properties and roles Different devices
Credit Cards Electronic Wallets CyberCash
Setting up a merchant account Privacy issues
(c) David Strom and Stephanie Denny, 1998
111
Payment Basics
Issuer Acquirer
ConsumerAccess Point
MerchantAccess Point
BANK
Consumer Merchant
• deposit & withdrawal• transaction status inquiry• authentication• problem resolution
• purchase & refund• transaction status inquiry• authentication• problem resolution
(c) David Strom and Stephanie Denny, 1998
112
Hierarchy
Payment System (clearing house) Clearing house between acquirers and issuers
Acquirer (third-party processor) Authorizes, processes and settles for
merchant bank Merchant Bank
Accepts merchant deposit Merchant
Accepts authorized cardholder transaction
(c) David Strom and Stephanie Denny, 1998
113
Difference Payment Pieces
System: provides processing and settlement of transactions
Gateway: software/services to support eCommerce merchants, acquirers
Device: initiates transaction from credit/debit card
(c) David Strom and Stephanie Denny, 1998
114
Attributes of Superior Payment Systems
Universal, world-wide acceptance Recognized value Reliability of transactions Ease of use to customer Capacity for quick settlement and
collection
(c) David Strom and Stephanie Denny, 1998
115
Requirements
Mass appeal Easy payment by the customer Have acceptable risk to bank and
merchant Accommodate changes, cancellations
and returns
(c) David Strom and Stephanie Denny, 1998
116
Let’s Consider the Customer
Changes the order Doesn’t fill out all fields even when
asked Mistype credit card and other data Cancels order entirely or never
finishes order process
(c) David Strom and Stephanie Denny, 1998
117
Objectives in Offering Payment Choices
Customers like choices, but remember: they are here to buy stuff!
Make it safe for everyone involved: customer, merchant, and banks
Consider how easy it is for your customer to use, not just how easy it is for you to manage
Payments in a virtual world should imitate those in the real world
(c) David Strom and Stephanie Denny, 1998
118
Properties of Payment Systems
Transaction cost Transaction directionality Real-time authorization/validation System scalability Privacy
(c) David Strom and Stephanie Denny, 1998
119
Three Real-World Examples
Cost Direction Validation Scale Privacy
Cash very low two-way no extreme yes
Check low one-way maybe high no
Card moderate one-way yes high no
(c) David Strom and Stephanie Denny, 1998
120
Other Properties
How much software does the buyer need to install? Does it come with the desktop operating
system? Does it come with the browser or other
software? What third-party clearinghouse is used?
Provide trusted relationships Reduce risk, complexity in processing
(c) David Strom and Stephanie Denny, 1998
121
Virtual Money is the Currency of the Future
That future is already here This idea is scary to many people
Consumers (they can’t “see” it) Banks (many bankers don’t understand it) Acquirers (they want to know the
difference) The Government (they can’t control it)
It is not unlike MO/TO transactions today
(c) David Strom and Stephanie Denny, 1998
122
The Way Things are on the Web Today
Some payments are authorized off-line, through traditional POS terminals E-mail message to customer later
(hopefully), confirming order and shipping information
Many merchant servers connect with payment authorization systems Authorization is real-time during the web
session, and the sale is completed with secure server and browser software
(c) David Strom and Stephanie Denny, 1998
123
The Way Things are on the Web Today: Secure and Un-Secure
Secure transactions via secure browsers and servers with SSL
Un-secure transactions with lack of proper encryption (account numbers sent “in the clear”) via e-mail messages
Un-secure transactions due to “export” versions of browser and/or server software
(c) David Strom and Stephanie Denny, 1998
124
The Way Things are on the Web Today
Secure transactions do not guarantee the validity of the customer account information A high percentage of credit charge-backs
for MO/TO transactions are for “merchandise not received”
Address verification services can help protect you, and in some cases are required
(c) David Strom and Stephanie Denny, 1998
125
Examples of Payment Systems (Clearing Houses)
Federal Reserve System for clearing checks
Visa and MasterCard transaction networks
American Express Novus (Discover)
(c) David Strom and Stephanie Denny, 1998
126
Examples of Acquirers (Processors)
First Data Corp. Paymentech National Data Corp. Bank of America Merchant Services Many processors (acquirers) process
multiple brands as part of their service
(c) David Strom and Stephanie Denny, 1998
127
Internet Payment Devices
Credit cards, debit cards Off-line accounts Electronic cash Electronic checks
(c) David Strom and Stephanie Denny, 1998
128
transmit “16+4” over the Internet?
buyer encrypts? buyer confirms?
synchronous? off-line aliasplaintextmerchant decrypts?
buyer signs? CyberCash SET
GlobeID VirtualPIN
SSLS-HTTPPGP
yes
yes
yes
yes
yes
yes
no no
no
no no
no
A Taxonomy of Approaches
(c) David Strom and Stephanie Denny, 1998
129
Different Ways to Capture Customer
Online Post-authorization Batch
(c) David Strom and Stephanie Denny, 1998
130
Online Capture
Happens simultaneously with authorization of transaction
Fastest method of capture for online merchants who can guarantee same-day shipment of goods
(c) David Strom and Stephanie Denny, 1998
131
Post-Authorization Capture
Capture is a separate step from authorization of transaction; post-auth message instructs bank to capture transaction
Example of use is for delayed shipping of merchandise
(c) David Strom and Stephanie Denny, 1998
132
Batch Capture
Transactions are captured in a batch mode after authorization (like post-auth capture)
Multiple authorizations are submitted at one time for capture
The batch is transmitted through gateway (CyberCash) to the bank for funds transfer and merchant account reconciliation
(c) David Strom and Stephanie Denny, 1998
133
Credit cards, debit cards
JCB, Visa, MasterCard, Discover, American Express
Buyer gets card from issuing bank Merchant is sponsored by acquiring
bank Merchant knows buyer and authorizes
payment
(c) David Strom and Stephanie Denny, 1998
134
How Credit Cards Work
Transactions authorized against customer’s line of credit at issuer (promise to pay)
At point of settlement, cardholder’s account is charged and merchant’s account is credited
Transactions subject to chargeback to merchant under certain conditions Lack of proper authorization Lack of proper identification / address
verification
(c) David Strom and Stephanie Denny, 1998
135
buyer merchanttrans
16+4 16+4
Plaintext Transaction Process
(c) David Strom and Stephanie Denny, 1998
136
S-HTTP/SSL Features
Supply 16+4 in encrypted form Require merchant to have a cert signed
by a trusted third-party Requirement of client-side cert is a trade-
off: yes: buyer must “register” before making
purchase (S-HTTP, SSLv3); or, no: no assurance as to buyer’s identity (SSL)
Merchant site becomes a credit card repository
(c) David Strom and Stephanie Denny, 1998
137
buyer merchanttrans
E(16+4) 16+4
SSL Transaction Process
(c) David Strom and Stephanie Denny, 1998
138
“Off-line” Accounts
Electronic wallets CyberCash® Wallet Microsoft® Wallet Verifone® vWALLETSM
GlobeSET Wallet All these may provide access to credit,
debit, e-cash or electronic check accounts
(c) David Strom and Stephanie Denny, 1998
139
“Off-line” Account Services
Credit card and other account numbers are stored by the service provider in a database, and are not transmitted to the merchant
Instead, a “PIN” is used by the customer at the point of purchase (cross-reference for actual account number)
Consumer must initiate account set-up in advance of making any purchases
(c) David Strom and Stephanie Denny, 1998
140
How Electronic Wallets Work Today
Consumer must initiate request for electronic “wallet” software
Credit card or other account numbers are given to provider one time before any purchases are made
Account numbers, stored by provider in a database, are not transmitted; instead, a “PIN” is used to pay
Closed system: only available to participating merchants and cardholders who have signed up in advance
(c) David Strom and Stephanie Denny, 1998
141
How Electronic Wallets Will Work in the Future
With SET protocol, will contain digital IDs with encrypted account information
Since digital IDs will be tied to specific accounts, wallets will keep track of all that information
At that point, wallets will be widely distributed and universally accepted
(c) David Strom and Stephanie Denny, 1998
142
Interoperability is the Key
Wallets will become widely used when the following events occur: Mass distribution of wallets to consumers
is easily made Will be accepted by all merchants,
regardless of wallet brand or payment brand
(c) David Strom and Stephanie Denny, 1998
143
Visa® Example of Electronic Wallet
www.visa.com/cgi-bin/vee/nt/sec/no_shock/virt_wallet_L.html?2+0
(c) David Strom and Stephanie Denny, 1998
144
Visa® Example of Wallet Registration (Digital ID)
www.visa.com/cgi-bin/vee/nt/sec/no_shock/registering_L.html
(c) David Strom and Stephanie Denny, 1998
145
Other Wallet Examples
GlobeSET Microsoft Wallet (in Win98, IE 4.01)
(both SSL and SET)
(c) David Strom and Stephanie Denny, 1998
146
Some Problems with Wallets
Not transferable to other wallets or other PCs
Not available for use at many web storefronts
Just solve a small part of the overall payment process
(c) David Strom and Stephanie Denny, 1998
147
CyberCash System
Three systems: CyberCash, CyberCoin, CyberCheck
CyberCash operates a gateway between acquirer and the Internet
Merchants given the choice of capture via: SSL; or the CyberCash Wallet
If wallet-based, merchant doesn’t see 16+4
(c) David Strom and Stephanie Denny, 1998
148
How It Works
Buyer’s wallet receives invoice from merchant’s server
Buyer’s wallet sends sales order to merchant’s server: signed with buyer’s public key; and, includes 16+4 encrypted with gateway’s
public key
(c) David Strom and Stephanie Denny, 1998
149
How It Works (cont.)
Merchant sends transaction to gateway: signed with merchant’s public key; and, includes buyer’s sales order
Gateway verifies signature, and: decrypts 16+4 using its private key; submits transaction into credit card
network; and, returns results to merchant who tells buyer
(c) David Strom and Stephanie Denny, 1998
150
buyer merchantE(16+4)
3rd-partyS(trans)
E(16+4)
S(trans)
16+4
trans
CyberCash System Transaction Process
(c) David Strom and Stephanie Denny, 1998
151
CyberCash System Properties
Cost Direction Validation Scale Privacy
modest one-way yes modest no
(c) David Strom and Stephanie Denny, 1998
152
What’s in a CyberCash Wallet?
Credit card accounts Debit card accounts PayNow™ check service (for electronic
payments from checking account; like debit cards)
CyberCoin account (for “micro-payments”)
(c) David Strom and Stephanie Denny, 1998
153
CyberCash Secure Internet Credit Card Payment
http://a.dn.cybercash.com/cybercash/info/sixsteps.html
(c) David Strom and Stephanie Denny, 1998
154
CyberCash as a Merchant Service Provider
CyberCash provides the merchant with CashRegister software to authorize and process payments
CyberCash is neither an acquirer nor a bank, but is a provider of payment software for eCommerce (a gateway)
CyberCash provides an advanced level of encryption for financial information passed from their database to acquirers (not SSL)
(c) David Strom and Stephanie Denny, 1998
155
CyberCash CashRegister® Software
Integrates with a variety of operating systems and merchant storefront software
Can be used with or without consumer wallets
Non-wallet transactions use SSL $500 initial fee, $50/month plus 10
cents/transaction Some programming required perl (Unix) or
VBScript (NT)
(c) David Strom and Stephanie Denny, 1998
156
CyberCash CashRegister® Software
However, you must still arrange for a merchant deposit account with your bank or independent service provider
If you are having trouble setting up a merchant account with a bank, contact CyberCash for assistance
(c) David Strom and Stephanie Denny, 1998
157
Credit Card Payment Demo
Credit card transaction with CyberCash — No Wallet
CyberCash Wallet transaction
(c) David Strom and Stephanie Denny, 1998
158
CyberCash Benefits
CashRegister Software is free to merchant Supports wallet and non-wallet payments No additional charges to merchant — fees
to CyberCash are paid by acquirers CyberCash is presently the largest gateway
service provider for Internet merchants Their products will evolve
(c) David Strom and Stephanie Denny, 1998
159
Electronic Cash (e-cash)
CyberCoin®
Service of CyberCash, part of Wallet Currently available with Microsoft Wallet
Mondex®
Licensed by MasterCard International, Inc. Smart card-based system
Digicash®
(c) David Strom and Stephanie Denny, 1998
160
Mark Twain Bank is Worth Looking At: www.marktwain.com/digifaq.html#Help
Look at their customer support disclaimer —they get an “A” for honesty!
(c) David Strom and Stephanie Denny, 1998
161
SSL Payment Systems
ICVerify, www.icverify.com PCAuthorize, www.tellan.com Worldpay/PSI, www.psi.net/worldpay AuthorizeNet, www.authorizenet.com Internet Secure, www.internetsecure.com Check out www.ihtmlmerchant.com/creditcard.htm
(c) David Strom and Stephanie Denny, 1998
162
Other Merchant Providers to Consider
Online Financial Services (OFS) http://ofs.web-charge.com/signup1.html
Internet Secure www.internetsecure.com
Redi Check / Redi Charge www.redi-check.com
Merchant Account Services Provo, Utah 1-801-765-1111
(c) David Strom and Stephanie Denny, 1998
163
ICVerify Process
Customer submits 16+4 through SSL browser connection
Merchant swre records to a file ICVerify submits to bank ICVerify receives response from bank,
creates answer file Merchant swre retrieves answer, sends
response to customer No per transaction fee!
(c) David Strom and Stephanie Denny, 1998
164
Supported Merchant Servers for ICVerify
MS Site Server Commerce Oracle Payment Mercantec SoftCart Internet Factory Merchant InterShop Online
(c) David Strom and Stephanie Denny, 1998
165
ICVerify Demo
www.icverify.com/library/downloads/icvdemo20.html
(c) David Strom and Stephanie Denny, 1998
166
Setting up Merchant Account
Providers to consider How to compare services Choices in setting up account, fees
(c) David Strom and Stephanie Denny, 1998
167
All Merchant Providers Are Not the Same
Compare services Which cards do they authorize? Do they provide electronic check services? Do they provide check guarantee services?
Compare prices Start-up fees Monthly discount fees Other service fees (per transaction) Statement generation fees
(c) David Strom and Stephanie Denny, 1998
168
Choices for Setting Up a Merchant Account
Go to your local bank and set up your own merchant account -- If they’ll take you, this may give you the best discount rate
Join Costco warehouse membership store, Executive Membership is $125, <2% plus 25 cents/transaction (www.costco.com/exec/credit.html)
Contract with CSP and process through them Buy a software suite that includes merchant
account set-up
(c) David Strom and Stephanie Denny, 1998
169
Range of Credit Card Fees
Your Bank
Discount Rate: 1.5% - 5.0%
CSP
Application Fee: $100 - $300
Discount Rate: 1.5% - 5.0%Per Transaction: .20 - .30Monthly Fee: $10 - $25(service / statement fee)Chargeback Fee: Up to $25Chargeback Reserves:
Up to 10% of sales, for up to six months
(c) David Strom and Stephanie Denny, 1998
170
Regulations governing electronic commerce transactions
Visa / MasterCard Operating Regs Credit Card Rules for acquirers and
merchants Fair Credit Billing Act
Debit Card Rules Regulation E
Consumer Telephone Protection Act Can Internet Protection Act be far behind?
Privacy Principles Yet to be mandated, but inevitable; and
generally a good idea
(c) David Strom and Stephanie Denny, 1998
171
What About Privacy?
Anonymity issues Confidentiality issues Disclosure issues
Name and address info Disclosure of transaction to a third party
Merchant’s identity
(c) David Strom and Stephanie Denny, 1998
172
Privacy Issues for the Consumer
Most people just want to be asked for their permission
Your customers don’t object so much if you use their information to sell them other products you may offer
But many object if you sell or rent their names to someone else
(c) David Strom and Stephanie Denny, 1998
173
“Data Mining”: How much is enough?
You have the opportunity to build a customer database for future sales
To what degree do you slice and dice? If you slice too fine, are you missing
opportunities? This leads to more privacy issues
(c) David Strom and Stephanie Denny, 1998
174
Topic 5: Choosing the Right eCommerce Path
(c) David Strom and Stephanie Denny, 1998
175
Three Approaches:
Outsource to a CSP Buy suite of software DIY
(c) David Strom and Stephanie Denny, 1998
176
Find an CSP
More ISPs are offering eCommerce solutions
Have to use their software standards and payment schemes
Could be pricey Just catching on in USA
(c) David Strom and Stephanie Denny, 1998
177
Evaluating CSPs
Do they offer storefront design? Have in-house programmers? Hosting of your own web server
machine? How many payment systems do they
support? What kinds of accounting reports do
they offer?
(c) David Strom and Stephanie Denny, 1998
178
The Catch-22 of CSPs:
To be successful, a provider has to promote his products via the Internet and have detailed descriptions on their own web sites!
But try to find this information isn’t easy.
(c) David Strom and Stephanie Denny, 1998
179
Some CSP Examples
www.psi.net/web/ecommerce.shtml www.Best.com/bizcomm.html www.Brainlink.com/html/saleslink.htm www.Earthlink.net/company/webservices.html IBM: mypage.ihost.com www.Netcom.com business.Mindspring.com/prod-svc/smbiz/ www.Mindrush.com/ www.outer.net/ONCommerce (OuterNet)
(c) David Strom and Stephanie Denny, 1998
180
Price Comparison for CSP hosting
Provider Setup fee (US$) Monthly fee(US$)
Plan name,paymentoptions
IBM 260 55 Bronze, creditcards
Earthlink 624 194 Premium Plus
Netcom 450 300 Commerce Site,credit cards
Mindspring 175 324 CommercialAdvantage,credit cards,Cybercash
(c) David Strom and Stephanie Denny, 1998
181
Price Comparison assumptions
10 Mb disk storage Single email account InterNIC $100 fee included for domain
name
(c) David Strom and Stephanie Denny, 1998
182
New CSP Approaches:
GeoShop ViaWeb/Yahoo iCat Encanto Tripod
(c) David Strom and Stephanie Denny, 1998
183
GeoShop
Builds on GeoCities “communities” but for merchants (www.geocities.com/join/geoshops)
$25/month for just commercial listings $180/month (or more!) for actual
transactions working with Internet Commerce Services
Corp. who uses Open Market Transact servers
(c) David Strom and Stephanie Denny, 1998
184
ViaWeb/Yahoo
$100/month (<50 items) or $300/month options
CyberCash processing $500 setup Solid reporting and admin options
(c) David Strom and Stephanie Denny, 1998
185
iCat Commerce Online Hosting Solution
Free for <10 items, $99/mo. for 100 items
No per-transaction fees Email and browser-based notifications
of purchase completion Advanced items like upsell, featured
products, cybercash gateways
(c) David Strom and Stephanie Denny, 1998
186
Encanto
Turnkey server/software for under $2000! Payment gateway included ($50 initial,
$20/month) Web storefront, shopping cart, catalog
system Secure cert required All managed via browser, steps are
clearly documented Demo at www.encanto.com/ego/demo
(c) David Strom and Stephanie Denny, 1998
187
One Way to Support Lots of Payment Systems
Wired-2-Shop www.wired-2-shop.com/TestDrive/Admin/PaymentList.asp
(c) David Strom and Stephanie Denny, 1998
188
The Suite Approach
Leading contenders What is part of the suite and what
isn’t Prices and platforms
(c) David Strom and Stephanie Denny, 1998
189
Popular eCommerce SuitesVendor, Product Version Price Platform
ICatElec Comm Suite
3.0 $3500 -$10,000
NT, 95,Solaris, Irix
IBMNet.Commerce
3.1 $5000 -$20,000
NT, AIX,Solaris,AS/ 400,S/ 390
MicrosoftSiteServer Commerce
3.0 $4600 NT
IBM/ LotusDomino Merchant
2.0 $3500 -$9000
NT
(c) David Strom and Stephanie Denny, 1998
190
Popular eCommerce Suites (con’t)
Vendor, Product Version Price Platform
OM TransactOpen Market
4.0 $250,000 Unix
Intershop OnlineIntershop
3.0 $5000 NTUnix
WebSite ProO'Reilly
2.3 $800 NT, 95
(c) David Strom and Stephanie Denny, 1998
191
Four Typical Elements
Catalog Storefront designer Ordering/inventory system Shopping cart/check out system
(c) David Strom and Stephanie Denny, 1998
192
The Cold Hard Reality of Suites
Suites are nothing more than collection of products
Lack integration among various elements
Difficult to setup, customize, and use Require you to live “inside” their
structure Limited payment options Sounds like early MS Office
(c) David Strom and Stephanie Denny, 1998
193
Payment Systems Included in Each Suite
Microsoft: Verifone, Buy Now IBM (Net.Commerce): Verifone, SET/eTill Domino Merchant: CyberCash, Verifone iCat: CyberCash, CheckFree, others OpenMarket: Verifone WebSite Pro: IC Verify, PC Authorize,
CyberCash, others Intershop: CyberCash, ICVerify, others
(c) David Strom and Stephanie Denny, 1998
194
Sample Stores Included in Each Suite
Microsoft: 4 stores IBM: eMall, simple and advanced
sample stores Domino: 1 store iCat: 1 hardware store OpenMarket: none WebSite Pro: 1 bookstore Intershop: 3 stores
(c) David Strom and Stephanie Denny, 1998
195
Databases Supported in Each Suite
Microsoft: SQL Server IBM: DB2 Domino: Notes iCat: 4D, Sybase SQL Anywhere WebSite: Access Intershop: Sybase SQL 11
(c) David Strom and Stephanie Denny, 1998
196
Dealing With ODBC
Have to understand how to set up data sources
Intimate knowledge of your data structure
Re-install ODBC drivers at least once! Best to start with built-in database
(c) David Strom and Stephanie Denny, 1998
197
Store Wizards Included in Each Suite
Net.Commerce (the best) WebSite Pro (but doesn’t do much) Intershop (various wizards) MS Commerce (although you’ll really
need to know COM!)
(c) David Strom and Stephanie Denny, 1998
198
Tips
Don’t install anything before making sure you have everything!
Downloads for free, but they expire Can you export existing files to these
systems?
Don’t install anything before making sure you have everything!
Downloads for free, but they expire Can you export existing files to these
systems?
(c) David Strom and Stephanie Denny, 1998
199
WebSite Professional website.ora.com
Version 2, shipping since 9/97 US$799! NT (or 95) Supports seven different payment
processors: SSL, CyberCash One sample store (bookstore)
(c) David Strom and Stephanie Denny, 1998
200
Sample storefront
http://merchant.inline.net/admin/
(c) David Strom and Stephanie Denny, 1998
201
WebSite Configuration Sheet
(c) David Strom and Stephanie Denny, 1998
202
Store Properties
Only can operate a single payment system
Run on a series of Access databases Built-in tax table, but for N.Americans! Well documented data structures in
typical O’Reilly fashion
(c) David Strom and Stephanie Denny, 1998
203
Recommendations
Lowest priced suite by far! iHTML is robust, but will take some
learning Nice store setup and organization of
catalog Good low-end solution
(c) David Strom and Stephanie Denny, 1998
204
Intershop
demo at 207.90.184.82 (admin/admin for store)
Includes Sybase SQL 11 US$5000, includes 3 mos. support
(c) David Strom and Stephanie Denny, 1998
205
Seven Different Managers
Catalog Products Store Purchases Inventory Customers Admin
(c) David Strom and Stephanie Denny, 1998
206
Characteristics
Everything managed via browser, which can get tedious
But you already have a database behind it
(c) David Strom and Stephanie Denny, 1998
207
Payment Options galore
(c) David Strom and Stephanie Denny, 1998
208
Recommendations
Most flexible payment options of any suite
Better at processing orders than site creation
Not good for large catalogs
(c) David Strom and Stephanie Denny, 1998
209
Microsoft SiteServer Commerce
Still evolving More of a development platform than
a suite Closely tied to IIS, SQL Server et al.
(c) David Strom and Stephanie Denny, 1998
210
Shopping with MS Commerce
(c) David Strom and Stephanie Denny, 1998
211
Recommendations
If you are going to use any other MS apps
If you believe developers will follow If you must stay on the cutting edge of
MS products Use with ClearCommerce.com front
end if possible
(c) David Strom and Stephanie Denny, 1998
212
Commerce Server Specifics
NT, fast Pentium with 128 M RAM essential
US$5000 www.microsoft.com/commerce
(c) David Strom and Stephanie Denny, 1998
213
iCat Electronic Commerce Suite
Two different versions: Standard and Pro
Pro (also runs on Solaris, Irix) and multi-user database, performance enhancements, wider payment options
(c) David Strom and Stephanie Denny, 1998
214
iCat Process
Use four-step process Make changes to staging db Use designer and built-in catalog Then post changes to production db
(c) David Strom and Stephanie Denny, 1998
215
Recommendations
No wizards, all browser-based forms Tedious but straightforward Lots of third-party add-on tools Best for people new to db or the ‘net Best if you don’t have computer-based
accounting system yet Used in their own hosting service
(c) David Strom and Stephanie Denny, 1998
216
iCat Specifics
NT, fast Pentium with 128 M of RAM US$9000 for professional version www.icat.com
(c) David Strom and Stephanie Denny, 1998
217
IBM Net.Commerce
(c) David Strom and Stephanie Denny, 1998
218
Included
IBM’s Go Web Server DB2 database Shopping trolley system Credit card verifier, eTill software
(c) David Strom and Stephanie Denny, 1998
219
Several ways to setup your store
Use nine-step wizard with populated catalog
Use wizard with empty catalog Start from scratch Import existing databases
(c) David Strom and Stephanie Denny, 1998
220
Recommendations
Great if you already use DB2 for inventories
Most security-conscious suite More depth than iCat Start with all IBM defaults to save
time
(c) David Strom and Stephanie Denny, 1998
221
Net.Commerce Specifics
NT, fast Pentium with 64 M of RAM AIX, 390, OS/400, Solaris US$5000 Basic, $20,000 Pro www.internet.ibm.com/net.commerce
(c) David Strom and Stephanie Denny, 1998
222
Latest features
“Intelligent Catalog” Java-based wizards to setup and
manage store Recognizes shopping preferences and
upsells Improved SET payment server, ad
tracking partnerships Integration with Domino Merchant Screencam demo
(c) David Strom and Stephanie Denny, 1998
223
Domino Merchant v2.0
Uses Notes server, but not Notes clients
Payments, catalogs, wizards galore Easiest to setup, difficult to add
products A good entry-level product for now Screencam demo
(c) David Strom and Stephanie Denny, 1998
224
OpenMarket
High end solution Worldnet offers hosting of OM servers Still needs customization!
(c) David Strom and Stephanie Denny, 1998
225
Recommendations
If you can afford it .... Really the price covers lots of
consulting time High transactions and throughput
needs Use with Icoms.com front end service
($1000 + $100/month)
(c) David Strom and Stephanie Denny, 1998
226
OpenMarket Specifics
Various Unix US$250,000 and up! www.openmarket.com
(c) David Strom and Stephanie Denny, 1998
227
Isn’t somebody missing from the suite party?
Netscape Oracle
(c) David Strom and Stephanie Denny, 1998
228
Topic 6: Installing and Operating Your Own Storefront
What you need to know What you need to buy
(c) David Strom and Stephanie Denny, 1998
229
One DIY solution
IIS PerlShop shopping cart ClearCommerce CSP First American Payment Systems Verisign certificates Fees: $800 setup, $500/yr, $50/month What took longest to work: perl
scripts to make credit card payments!
(c) David Strom and Stephanie Denny, 1998
230
The 90s Help Wanted
Wanted: Webmaster Required skills: High proficiency in
various web based programming, development tools, CGI, cookies, DNS, eCommerce, FTP, HTML 2.0 through 3.02, IIS Server admin, Javascript, Java, MS SQL, Netscape server admin, NT Server admin, perl, Unix admin, web security
(c) David Strom and Stephanie Denny, 1998
231
You Need to be a Superhero:
Part web designer Internet technologist SQL database admin Payment system maven
(c) David Strom and Stephanie Denny, 1998
232
Things You’ll Need to Discover
Are your sales and marketing staff web-savvy?
Is your accounting system adaptable to web purchases?
How do you reconcile these accounts? Does your business owner understand
Internet culture? Can anyone find you
(c) David Strom and Stephanie Denny, 1998
233
The Most Under-rated Skill:
PATIENCE!
(c) David Strom and Stephanie Denny, 1998
234
Do it Yourself Path
Traditional merchant banking approach
More risk, especially when your payment system is on the ‘net
(c) David Strom and Stephanie Denny, 1998
235
Steps Involved for DIY’ers
Get a web server Get merchant software Integrate with your back end systems
catalogs inventory customer accounts
Be prepared to do lots of coding
(c) David Strom and Stephanie Denny, 1998
236
Components Needed to Operate a Web Storefront
Database of items to sell and current inventories
Secure web server Searchable catalog server Connections to backend payments and
financial servers Shopping cart system Checkout/payment system Don’t forget about security!
(c) David Strom and Stephanie Denny, 1998
237
Which Database Server?
Pick before anything else Core of your store revolves around the
database: inventory system accounting system catalog system
(c) David Strom and Stephanie Denny, 1998
238
Database Server Recommendations
Use existing client/server db if possible
SQL Server: best with MS tools Oracle: if you know pSQL already Informix: all other situations
(c) David Strom and Stephanie Denny, 1998
239
Database/web Tools
Develop your own forms Query your database Develop your own catalog
(c) David Strom and Stephanie Denny, 1998
240
Why is a Catalog Important?
Your customers view of your store Current with your own inventory and
offerings Don’t want to sell what you don’t have See catalog resources page
(c) David Strom and Stephanie Denny, 1998
241
Another choice: outsourced catalog!
ShopSite/Open Market IBM Home Page Creator mypage-
products.ihost.com (N. America only) Mindspring with Mercantec
(c) David Strom and Stephanie Denny, 1998
242
ShopSite demo
www.reliablehost.com/cgi-bin/bo/start.cgi username: test8 password: test
(c) David Strom and Stephanie Denny, 1998
243
Tool Recommendations
Cold Fusion, www.allaire.com Sapphire/Web, www.bluestone.com
(c) David Strom and Stephanie Denny, 1998
244
Which Web Server?
Hundreds to choose from Must support SSL and/or SHTTP Platform isn’t important, really
(c) David Strom and Stephanie Denny, 1998
245
Get Your Certificates in Order
Bring up form inside web server Send to CA on letterhead with credit
card (!) Receive cert from CA Install on your web server
(c) David Strom and Stephanie Denny, 1998
246
What can a Shopping cart do?
Simplify ordering process Track multiple purchases for a single
visitor Display items purchased Calculate total prices, tax, shipping
charges Track item attributes (colors, styles,
sizes)
(c) David Strom and Stephanie Denny, 1998
247
Different Shopping cart Methods
Account-based Cookie-based; see www.cookiecentral.com
Encoded URLs
(c) David Strom and Stephanie Denny, 1998
248
Shopping cart Programs
S-Mart: www.rcinet.com/~brobison/scripts
Minishop: www.egrafx.com/minishop mvend: www.iac.net/~mikeh/mvend.html PerlShop: www.arpanet.com/perlshop
(c) David Strom and Stephanie Denny, 1998
249
Commercial Programs
Internet Shopping Cart Server: www.webisland.com/cart
Rent-A-Cart: www.rent-a-cart.com CyberCart: www.lobo.net/~rtweb AutoCart: www.autocart.com/Autocart WebCart: www.staff.net/webcart.html SoftCart: www.mercantec.com WWWOrder: www.virtualcenter.com/scripts2/WWWOrder.html
(c) David Strom and Stephanie Denny, 1998
250
Shopping cart Example www.asizip.com (SoftCart)
Shopping basket Cookies to track purchases Simple navigation
(c) David Strom and Stephanie Denny, 1998
251
Payment Choices
Use gateway (CyberCash, ICVerify) or service provider?
Do you need support for multiple currencies?
Do you have to host your store elsewhere?
Do you understand the fee structure?
(c) David Strom and Stephanie Denny, 1998
252
Again, Merchant Providers Differ
Compare services Which cards do they authorize? Do they provide electronic check services? Do they provide check guarantee services?
Compare prices Start-up fees Monthly discount fees Other service fees (per transaction) Statement generation fees
(c) David Strom and Stephanie Denny, 1998
253
WorldPay and PSI
Multicurrency payments >100 for product prices 16 different ones for settlement
Have to host your web at PSI Includes SoftCart and iCat software as
well US$1000 + US$1400/yr
(c) David Strom and Stephanie Denny, 1998
254
WorldPay Demo
www.worldpay.com/demo/store.html
(c) David Strom and Stephanie Denny, 1998
255
Prices of Typical Products
Product Type PriceInex Accounting US$6000SoftCart Shopping Cart 900MallManager Catalog 2000WebCatalog Catalog 1600Saqqara Search tool 700VPOS Payment server 2500WebMate Development tool 750
(c) David Strom and Stephanie Denny, 1998
256
Inex Demo
Financial backend strength Store front and some aspects of suite www.inex.com
(c) David Strom and Stephanie Denny, 1998
257
Don’t forget about sales tax and VAT!
Make use of software from Taxware.com
Some of the catalogs and suites have databases to deal with this
But you have to create them from scratch
(c) David Strom and Stephanie Denny, 1998
258
Dealing with search engines
Some use <META>, some use <TITLE> Keep descriptions at top of your home
page short and sweet Review information on SearchEngineWatch.com
Web Review article: webreview.com/97/10/17/webmaster
(c) David Strom and Stephanie Denny, 1998
259
Don’t Forget About Security
Make sure you protect your web site! See “Ten ways” article from Winn
Schwartau See “Eight Steps to Minimize Fraud”
article Limit access, isolate servers, lock down
scripts, so forth See www.nwfusion.com/netresources/0202hack1.html and www.scambusters.org/Scambuster23.html
(c) David Strom and Stephanie Denny, 1998
260
Putting Together Your Own Solution
SQL Server database CyberCash payment system WebCatalog 3.0 (supports CCash) IIS web server Total price: <US$10,000
(c) David Strom and Stephanie Denny, 1998
261
Conclusions
eCommerce crosses many different skill sets
Software is still too dicey in many areas
Standards aren’t much use right now Suites don’t offer much in the way of
integration DIY may be the best solution
(c) David Strom and Stephanie Denny, 1998
262
Acronyms
B2B Business to business CSP Commerce Service Provider DIY Do It Yourself EBP Electronic Bill Presentment URLs Universal Resource Locator SSL Secure Sockets Layer OFX Open Financial Exchange SHTTP Secure web protocol HTTP
(c) David Strom and Stephanie Denny, 1998
263
More Acronyms
ACH Automated Clearing House CA Certificate Authority ISP Independent Service Provider MAC Message Authenticity Check MICR Magnetic Ink Character Recognition MO/TO Mail Order/Telephone Order NACHA National Automated Clearing House
Association PIN Personal Identification Number PKC Public Key Cryptography POS Point of Sale RSA Rivest, Shamir and Adleman
(c) David Strom and Stephanie Denny, 1998
264
Thanks!
Review, Q&A David Strom +1 516 944 3407 [email protected]