TISC ecommerce workshop.ppt
Document Sample
Building Web Storefronts
presented by:
David Strom
Port Washington NY USA
david@strom.com, +1 (516) 944-3407
eBiz Strom 6/99 1
What This Course is Not About
Mathematics of Public Key Cryptography
In-depth discussion of Visa® and MasterCard®
operating regulations for eCommerce
Legal advice for eCommerce issues related to
operating a web storefront
Writing your own storefront systems from
scratch
eBiz Strom 6/99 2
Why This Tutorial
A successful web storefront must accommodate
the common forms of electronic payment in use
today
Good storefront design and tactics will increase
sales
Tough to evaluate various payment systems,
standards and products
eBiz Strom 6/99 3
For Future Reference
Copy of this presentation (Powerpoint) and
resources:
www.strom.com/pubwork/ecommerce
eBiz Strom 6/99 4
Course Topics
Good and bad web storefront design, defining
successful and secure eCommerce ventures
What are relevant eCommerce standards and
why should I care?
Overview and demonstration of payment
systems that are working on the Internet today
Choosing service providers or suites
Installing and operating your own storefront
eBiz Strom 6/99 5
Course Approach
Overview of major payment systems and
storefront products
Give real-life examples and online demos
Help relate information to your own situation
Provide insight into different approaches,
technologies
Discuss pros and cons of each
Multiple Q&A sessions
eBiz Strom 6/99 6
Recommended Books
Magdalena Yesil's Creating the Virtual Store :
Taking Your Web Site from Browsing to Buying
(1997)
Dan and Emma Minoli's Web Commerce
Technology Handbook (1998)
Phil Greenspun's Database Backed Web Sites
eBiz Strom 6/99 7
Thanks
Marshall Rose
Stephanie Denny
… for their help in preparing this presentation
eBiz Strom 6/99 8
My Background
I‟vebeen involved in the Internet for some time
Have used most of the products we demonstrate
Have consulted to a few of the vendors, but still
have strong opinions
eBiz Strom 6/99 9
My Beliefs
My perspective is from the consumer‟s
viewpoint, as well as from the merchant‟s
I believe that eCommerce is the next
evolutionary step in the web
Most eCommerce has had accidental success to
date
eBiz Strom 6/99 10
Topic 1: Introduction to Internet Marketing
Advantages and disadvantages
Speed of adoption is immense!
Different kinds of approaches
eBiz Strom 6/99 11
Internet Marketing
Look good to the public,
be on the cutting edge
Supplement traditional channels,
be real-time
Focus on global niches,
be high-content
Avoid the trailing edge,
the competition is already doing it
eBiz Strom 6/99 12
Advantages
Direct,one-to-one marketing opportunity
Allows you to learn useful information and
build customer relationships
Relatively inexpensive medium compared to
advertising, direct mail or telemarketing
Capacity to be a major distribution channel
Results are measurable, sometimes
eBiz Strom 6/99 13
Internet is Cheapest Cost Per Contact
Internet:$.98
Direct mail: $1.68
Telemarketing: $31.16
Tradeshows: $162.00
Penton Research, www.penton.com, 11/97
eBiz Strom 6/99 14
Challenges
Most say that eCommerce is taking off, just
differ on the rate!
How do we convince the general public that
they will really like eCommerce?
Should we focus on business-to-business uses
or general consumers?
eBiz Strom 6/99 15
Obstacles to Wide Deployment
Easy forms of payment
Trust in the system
Perceived benefits and profits
Technology and infrastructure still primitive
eBiz Strom 6/99 16
One Example: Domain Names!
Typo.net
AmericaOffline.com
Sell ad space on things like:
amazom.com
www.eartlink.net
acivilaction.com vs civil-action.com
whitehouse.gov vs. whitehouse.com
Is the Internet a great place or what?
eBiz Strom 6/99 17
Dealing With Rogue Domains
bestbuys.com vs bestbuy.com
united.com vs untied.com
Use same colors, try to go after same audience
Lawyers are standing by to take your call…
Use various tools to track down offenders:
companysleuth.com
dejanews.com
rs.internic.net
bannerstake.com
eBiz Strom 6/99 18
Number of years after introduction to
attract 50 million users
Radio: 38 years
TV: 13 years
Internet: 4 years!!
eBiz Strom 6/99 19
Some Conclusions
Consumer control of privacy is essential
most folks simply want the choice of opting out
The granularity of control must be fine, e.g.,
over number and frequency;
over categories of interests; and/or
over (indirect) dissemination to third-parties
Regardless, there are likely legal issues,
when maintaining/using a consumer database
eBiz Strom 6/99 20
Topic 2: What Becomes Success?
Overview of eCommerce market
Review physical storefront success factors
Propose some definitions
Define success for the web
Draw up eCommerce principles
eBiz Strom 6/99 21
1998 eCommerce Revenue Predictions
Source 1998 (B$US) 1998 rev. (B$ US)
CyberDialogue 11 7.4
IDC 12.4 9.3
Forrester 7.8 4.8
Jupiter 7.1 5.8
Yankee Group 11.5 7.2
eBiz Strom 6/99 22
Not to mention all the PC sales
Gateway sells $10MM /day
Dell sells $15MM/day
Compaq sells $6MM/day (including resellers)
That‟s $11 Billion/yr right there!
eBiz Strom 6/99 23
Let‟s Keep Our Perspective
Size of US movie industry -- $6B!
Size of adult video rentals - $6B!
Total US music sales -- $6B!
(Forrester says $288M in 1998 online music+books)
eBiz Strom 6/99 24
Ticketmaster
Started11/96
US$20 million/month via the web in sales
Ten percent of total sales via the web
Generating lots of new single ticket buyers,
people who don‟t like to order via the phone
eBiz Strom 6/99 25
Then there is Disney.com
Web site Daily Blast signing up 15k
members/month
Sales via web are equal to 3x-5x of physical
Disney store!
eBiz Strom 6/99 26
Sad State of Today‟s eCommerce
Marketplace
Poor quality tools
Hard-to-find stores
Limited payment methods
Credit card snooping perceptions
Older browser versions can‟t view latest sites
eBiz Strom 6/99 27
Case in Point: Buying a Bike Rack
Item not carried: outdated catalog
Telesales not familiar with web
No cross-sell or substitutions online
Needed three phone calls to complete purchase
eBiz Strom 6/99 28
Let‟s Learn From the “Real World”
Compare what works for physical stores
Try to extend to the web
eBiz Strom 6/99 29
Critical Success Factors for Physical
Storefronts
Location
Branding
Good service
Good product selection
Proper pricing and margins
Traffic
eBiz Strom 6/99 30
First Problem:
None of these translate on the „net!
eBiz Strom 6/99 31
Now Try to Agree on Definitions for Web
Stores
What determines a good location?
Position on a search page
Nearness to popular destination
Ad on a popular server
What determines branding?
Memorable domain name
Popular search category destination
eBiz Strom 6/99 32
An Example of bad location: Montana
Meats
www.imt.net/~lingerie/buffalo/buffalo.html
they afford their own domain name?
Can‟t
www.company.com/~anything is BAD NEWS!
eBiz Strom 6/99 33
Another Case: Buying Laser Printer Toner
www.cartridgesusa.com
Catalog shows pictures of parts
Easy to find relevant item
But payment acknowledgement incomplete
eBiz Strom 6/99 34
Email Receipts Should Contain the
Following Items
Totalprice, including shipping
Your address and the store‟s
Items ordered
Whether they are in stock or not
When they shipped
Bonus: order number and URL to view this info
online
eBiz Strom 6/99 35
When to Send a Customer Email?
To acknowledge the order was placed
To say items shipped (or not ) and money
changes hands
eBiz Strom 6/99 36
Determining Traffic
Hard to do -- is it hits, page views, registered
users?
[HITS = How Idiots Track Success]
Hard to measure -- do you count gifs? Use log
files?
No general agreement on any metrics!
eBiz Strom 6/99 37
Traditional Advertising Doesn‟t Apply
Anymore
Can‟tmeasure anything
Every site has its own banner sizes
The Web is not TV
eBiz Strom 6/99 38
One Working Definition of Success:
SURVIVAL!
Ifa site is still running after 12 months, and
getting more traffic, it is a success.
eBiz Strom 6/99 39
Does a site actually have to sell something?
Many actual eCommerce sites don‟t do the
complete transaction
Require faxes or telephone calls!
Some merely have catalogs
Examples: Singapore Power Authority
www.spower.com.sg/readmeter.cgi?cmd=form
Cisco Connection Online
eBiz Strom 6/99 40
Principles of Good eCommerce
Easy to find merchandize
Good service
Individual customization is key
Simple navigation
Make payments easy
Make buyer feel transaction is secure
eBiz Strom 6/99 41
AMP Connect
Have customers in 100 countries
Speak many languages
Produce 400 catalogs covering 135,000 items
Mailings cost US$7MM/yr
Fax back cost US$800,000/yr
But you can‟t buy anything directly!
eBiz Strom 6/99 42
Solution: “Step Searching”
Saqqara.com software to enhance Oracle
database
Provide user feedback as they type in the query
Show how many matches in the database
Different mechanisms for searching:
by part number
by alphabetical names
by part family
by picture even
eBiz Strom 6/99 43
AMP
eBiz Strom 6/99 44
AMP Connect (con‟t)
And can set to list parts that are available in
specific countries!
Updated daily with over 200 item changes
Detailed drawings saves time for customers to
pick the right item
Saved AMP over US$5MM in production costs
Saved US$1MM in translation costs
eBiz Strom 6/99 45
Danish eShopper Survey (2/99)
Why people shop on the web:
http://www.useit.com/alertbox/990207.html
Convenience and ease of use are the main
reasons people buy
After you have deliberately looked for
information about a product or service, how
often do you buy it? Almost always, only 2%!
Only 5% of their visits to eCommerce sites are
to buy!
eBiz Strom 6/99 46
First Principle of eCommerce:
Make it easy to buy!
eBiz Strom 6/99 47
Amazon.com
Services frequent readers with a variety of programs
Editorial comments
If you liked this book, you‟ll like...
Notification of new books by author, topic
Simplified “1 Click” ordering
Uses simple pages and email
Associates program for commission kickbacks
Gift certificates via email
And ... lots of books to choose from
eBiz Strom 6/99 48
Use Affiliates Programs Wisely
They bring traffic to your doorstep
Nice revenue sharing model
Lots of them to choose from to model your own
on:
AssociatePrograms.com
Refer-it.com
Shopnow.com (payment processing)
eBiz Strom 6/99 49
A Different Take on Affiliates:
ClickRewards
Pays you in airline miles for your patronage
Accrue miles on many sites
You redeem benefits on their site
eBiz Strom 6/99 50
Amazon vs Borders
Cookies vs logins
www.borders.com/msprotect/ncommerce/;order/list?status=C
Who makes it easier to buy books?
eBiz Strom 6/99 51
Now Look at Hatfactory.com
Easyto pay and track your purchases
Clean and effective use of graphics
Innovative use of cookies
eBiz Strom 6/99 52
Update your directories!
one is almost a year old
This
www.asiapage.com/alist.html#jewellery
eBiz Strom 6/99 53
Another Side of Service: Repeat Business
Make the shopper feel part of the family
Shopping as entertainment (online auctions)
“Do what I mean” search function (Amazon
again looks at common misspellings made in
the previous 24 hours for book searches)
Periodic targeted email updates and reminders
eBiz Strom 6/99 54
Second Principle of eCommerce:
Deliver solid service!
eBiz Strom 6/99 55
Dell positives
Most notable site for computer buyers
Customize the features you want via a web form
Simplifies and personalizes the shopping
experience
WYSIWYB (buy)
eBiz Strom 6/99 56
Dell problems
Siteis now very complex
Print ads contain “eValue” codes
Too many pages to get to actual PC
configuration
eBiz Strom 6/99 57
Canadiantire.com
eFlyer uses email notification along with web
forms
Customize exactly what coupons and deals are
sent to you
eBiz Strom 6/99 58
Third Principle of eCommerce:
Individual customization is key
eBiz Strom 6/99 59
BMW Motors
Example of what not to do
Use gratuitous graphics
Cheesy low-res videos
Toys, not tools
eBiz Strom 6/99 60
BMW
eBiz Strom 6/99 61
Compare with Subaru
Findspecific information about each car
Can price options to your particular needs
eBiz Strom 6/99 62
A better example: fishing licenses
Simple, quick, and does the job with a
minimum of clutter
www.permit.com
eBiz Strom 6/99 63
Fourth Principle of eCommerce:
Make navigation simple!
Use small graphics, site maps, indexes
Avoid graphics just to display text
Avoid plug-ins, Jscripts to complete purchase
process
Avoid link and button clutter, frames
eBiz Strom 6/99 64
How NOT to Design a Payment Screen
www.netmar.com/new/norderform.shtml
eBiz Strom 6/99 65
Common mistakes with payments
Provide too few or too many order confirmation
pages
Confusing methods and misplaced buttons on
order page
Make it hard for customers to buy things
Don‟t make your customers read error screens
eBiz Strom 6/99 66
Fifth Principle of eCommerce:
Make payments easy!
eBiz Strom 6/99 67
Making the Buyer Feel Secure: the Six
Components of eCommerce Trust
Seals of approval, logos of credit card co‟s
Identifiable brand name
Ease of navigation
Order fulfillment easy to understand
Clear purpose and site presentation
Fast and simple technology
(Cheskin Research)
eBiz Strom 6/99 68
Perceptions of Credit Card Snooping Still
Exist
But are largely popularized by media, not
consumers!
Internet fraud stories are still common from
both buyer and seller sides
Just starting to see authentication services (such
as Cybersource) ramp up
Trust will take a long time
eBiz Strom 6/99 69
Sixth Principle of eCommerce:
Make the buyer feel secure!
eBiz Strom 6/99 70
Topic 3: eCommerce Standards
SSL (encrypted transactions)
SET (authenticate buyers)
OFX (bill presentment)
OBI (exchange purchase orders)
eBiz Strom 6/99 71
Some Disclaimers
Standards are still in motion
Multiple approaches means they don‟t always
work as intended
May be eclipsed by events (eg, SET) and
consumer behavior
Moral: lots of programming still required!
eBiz Strom 6/99 72
SSL: Encrypt Transactions
Why encrypt?
Principles of cryptosystems
Understand certificate management
eBiz Strom 6/99 73
Why Encrypt? TRUST!
Ensure your customer is authorized to use his
account
Customer wants to make sure you are the legit
seller
Ensure payment is received
Ensure goods are received
eBiz Strom 6/99 74
Five Principles of Cryptosystems
Privacy (only the intended recipient can read
your messages)
Authentication(you are who you say you are)
Authorization (who can do what)
Integrity (you and the recipient both know
nothing got changed)
Non repudiation (no one can falsely deny a
transaction)
eBiz Strom 6/99 75
Privacy
Privacy means that the message contents cannot
be seen by anyone but the intended parties
Accomplished through the use of encryption
eBiz Strom 6/99 76
Authentication
Authentication means that each party involved
in the transaction is identified as legitimate
Accomplished through the use of certificates
A certificate is a notarized public key (like a passport
or a driver‟s license)
Issued by a trusted third party called a Certificate
Authority
Binds the certificate owner to the public key within
the certificate
eBiz Strom 6/99 77
Authorization
Listsof users who have different rights to do
various tasks on a web site
Being able to track individuals throughout your
computing systems and multiple logins
eBiz Strom 6/99 78
Integrity
Integrityof data means that it cannot be altered
by anyone during transmission, to avoid a
“man in the middle” attack
Encryption allows only the intended recipient
to open the digital envelope
A digital envelope (or ”hash”) = contents of an
encrypted message + digital signature
eBiz Strom 6/99 79
Non-repudiation
Non-repudiation means both parties to the
transaction are ensured that the message is
genuine and cannot be disputed
Parties are identified with certificates that have
been notarized by a trusted Certificate
Authority
It will be much harder for customers to claim
they never placed the order
eBiz Strom 6/99 80
Why Should You Get a Server Certificate?
You want those who visit your web site to know
you are a legitimate business
A certificate is required to operate a secure
server (SSL)
eBiz Strom 6/99 81
Certificate Authorities (CAs)
Trusted third parties, similar to notaries
Can be external or internal (server is managed
within your own company)
Choice of a CA may depend on your merchant
server software
eBiz Strom 6/99 82
Public Key Cryptography
Customer’s Customer’s Merchant’s Merchant’s
Private Key Public Key Public Key Private Key
Public keys are shared and widely distributed
Private keys are kept secret by the holder of the key
Both pairs of keys are required to complete secure
transaction
eBiz Strom 6/99 83
Public and Private Key Pairs
A public key is disclosed and widely
distributed with no adverse affects
Used to encrypt or decrypt information
Works only in conjunction with its paired
private key
eBiz Strom 6/99 84
Public and Private Key Pairs
A private key is held and used only by its
owner
If a private key is compromised, it must be
replaced immediately
Today‟s real-world example: lost or stolen credit
cards must be blocked and replaced
eBiz Strom 6/99 85
Public and Private Key Pairs
Real-world example: Dual control of keys for
your safe deposit box — it can only be opened
with two keys — yours as well as the bank‟s
eBiz Strom 6/99 86
Steps in Certificate Creation
Refer to you server software documentation for
selection of a CA and instructions
Generally, you will do the following:
Generate a key pair of public and private keys
Send the public key and other information to CA
CA verifies information provided
Upon verification, CA creates a certificate containing
public key and expiration date
The Certificate is sent back to applicant and may be
posted publicly, if appropriate
eBiz Strom 6/99 87
Examples of Certificate Authorities
VeriSign
www.Verisign.com
GTE CyberTrust Solutions, Inc.
www.cybertrust.gte.com
Thawte Consulting
www.thawte.com
eBiz Strom 6/99 88
Certificate Creation
Demo of key generation and certificate request
eBiz Strom 6/99 89
Verisign Server Certs
www.verisign.com/server/prod
Different features, ranging in price from $349 to
$1295/year
Offer different warranties, encyrption levels
eBiz Strom 6/99 90
Certificate Management
Once public key certificates are issued, they
must be managed to maintain integrity
They contain expiration dates
They may be revoked for various reasons
Upon expiration, certificates must be renewed or
reissued
This is a consideration for using an external CA,
as opposed to managing an internal CA
eBiz Strom 6/99 91
How is this accomplished?
Secure servers and browsers
Capable of strong encryption (up to 128 bit)
40 bit encryption is no longer considered adequate
for financial transactions
Digital certificates
Ensure the identity of the certificate holder
Also called digital IDs
The common protocol in use today is Secure
Sockets Layer (SSL)
eBiz Strom 6/99 92
Secure Sockets Layer Protocol (SSL)
Authenticates the merchant server
Merchant Certificate obtained from trusted
Certificate Authority
Providesprivacy through encryption of the
message for both the sender and receiver
Secure “pipe” negotiates maximum encryption
compatible at browser and server for each message
transmitted
Ensures integrity of data transmitted
Message authenticity check (algorithm)
eBiz Strom 6/99 93
Secure Sockets Layer Protocol (SSL)
Merchant’s Certificate (Digital ID) can be viewed by any secure browser
https://in the URL = a secure connection
SSL allows customers to verify who the
merchant is
The merchant‟s digital ID does not certify the
integrity of the merchant
eBiz Strom 6/99 94
Secure Sockets Layer Protocol (SSL)
Customer Order with Encrypted Customer order decrypted
Payment Information order sent at merchant server
SSL encrypts the customer order, which
includes the payment information
This data is sent from the customer to the
merchant via a secure “pipe”
eBiz Strom 6/99 95
What SSL Doesn’t Encrypt
Once the data arrives on the secure server, it
could be stored in an insecure location!
Or if someone has physical access to your
desktop or server
eBiz Strom 6/99 96
SSL: How do you get a certificate for your
merchant server?
Apply to Certificate Authority
Instructions built into merchant server software
You will be asked to provide valid business
license and other ID
Cost is dependent upon level of certification
eBiz Strom 6/99 97
Encryption Strength
It is illegal to export outside the US products
containing encryption that is stronger than 40
bits
It is not illegal to use encryption stronger than
40 bits internationally
Financial institutions do not consider 40-bit
encryption adequate for Internet transactions
eBiz Strom 6/99 98
Encryption Strength
Newer browser and server software are capable
of 128-bit encryption
128-bit encryption is exponentially stronger
than 40-bit encryption
eBiz Strom 6/99 99
SET: Authenticate Buyers
What is the protocol
How it works
Advantages and disadvantages
eBiz Strom 6/99 100
What is SET protocol?
Secure Electronic Transaction protocol is a
common standard that was developed jointly by
Visa, MasterCard and other partners to ensure
the processing of secure transactions.
Based on RSA encryption
Uses public and private key pairs that have a
mathematical relationship
eBiz Strom 6/99 101
How is SET Different from SSL?
Digital certificates for SET will be payment-
specific
Merchants will be certified as legitimate to accept
branded payment card transactions
Cardholders will be certified as valid account holders
Merchants will not see customer‟s account number (it
will only be passed to the acquirer)
eBiz Strom 6/99 102
How is SET Different from SSL?
With SET:
Merchant Server gets Customer’s Digital ID
minus the account number + Customer Order
Customer’s Digital ID
related to a specific account
+ Customer Order info
Acquirer gets order receipt +
Customer’s Digital ID with account number
eBiz Strom 6/99 103
The Mechanics of SET
(1) Payment info sent from user to merchant
(2) Merchant confirms, fees charged
(3) Transaction to bank, funds debited/credited
(4) Merchant sends item to user (from
Computerworld)
eBiz Strom 6/99 104
How Will Certificates (Digital IDs) be
Issued for eCommerce?
Hierarchy of trust for certificate issuance
Visa and MasterCard will designate a Certificate
Authority to hold the Trusted Root
Merchants will obtain certificates from banks‟ or
acquirers‟ Certificate Authority, then store on SET
server software
Cardholders will obtain certificates (digital IDs)
from their banks‟ Certificate Authority, then store in
electronic wallet
eBiz Strom 6/99 105
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen1.html
eBiz Strom 6/99 106
MasterCard® Example
http://www.mastercard.com/set/screen2.html
eBiz Strom 6/99 107
MasterCard® Example
http://www.mastercard.com/set/screen3.html
eBiz Strom 6/99 108
MasterCard® Example
http://www.mastercard.com/set/screen4.html
eBiz Strom 6/99 109
MasterCard® Example
http://www.mastercard.com/set/screen5.html
eBiz Strom 6/99 110
SSL vs. SET
SSL SET
Server authentication Server authentication
Merchant certificate as Merchant certificate tied to
legitimate business accept payment brands
Possible for client Customer authentication
authentication Digital certificate tied to
Not tied to payment method certain payment method
Privacy Privacy
Encrypted message to Encrypted message does not
merchant includes account pass account number to
number merchant
Integrity Integrity
Message authenticity check Hash/message envelope
(MAC)
eBiz Strom 6/99 111
Is SET the Answer to eCommerce?
SET has been proposed as the answer to secure
and interoperable eCommerce
It is not currently mandated by Visa and MasterCard
There are big implementation issues for all
concerned
The SET protocol is definitely more secure than
SSL
However...
eBiz Strom 6/99 112
SET Issues
Implementation of SET has some big
drawbacks:
Lack of interoperability among systems
Management of public key infrastructure
Distribution of digital certificates requires action on
the part of the consumer
Will banks want to become cert authorities?
Andwho will pay for all this?
Meanwhile, eCommerce goes on
eBiz Strom 6/99 113
The Future of SET
Non-repudiation of transactions through digital
certificates for both merchant and customer
SET may be the industry standard for payments,
but yet to be implemented
It will be far more difficult for a customer to
claim no knowledge of a transaction
Demonstrations continue
eBiz Strom 6/99 114
Another View of SET (Lincoln Stein)
“An over-engineered, committee-designed
solution to a nonproblem, a boondoggle
invented by hidebound credit-card companies
panic-stricken over the prospect of not getting
their piece of the Internet pie.”
WebTechniques, 8/98
eBiz Strom 6/99 115
Other Alternatives
Simple password databases for users to keep
track
But still passwords are sent in clear text
Use cookies
Only works with authentication
Not good for public PCs and kiosks
Use PKI and certs
eBiz Strom 6/99 116
Electronic Bill Presentment
Saves on paper (typical bill cost $1 in postage
and processing, EBP saves half) but requires
lots of coordinated systems
Can show bills with nice fonts, interactive
applications
Is separate process from the actual payment
system
eBiz Strom 6/99 117
Typical Costs
Print and send a paper bill: $.60
Print and send a paper invoice: $1- $50
EBP: $.05 - $.35
eBiz Strom 6/99 118
ConEd EBP Experiment
Claim they need 100,000 customers to break
even
https://m020-www5.coned.com/cus/main1.htm
Note: lack of security, anyone with valid
account number can see your bill!
eBiz Strom 6/99 119
Electronic Bill Presentment Issues
Does the processor use EBP with merchant
bank?
How does customer get notified about the bill?
Can users browsers support applications
Java applets
Active X controls etc.
Reconciliation requires access to both dispute
and payout information
eBiz Strom 6/99 120
Microsoft‟s MSFDC
A means to standardize on presentment
All customer data maintained by MSFDC
Have both web-based access and special
consumer-based software
Requires NT, SQL Server, IIS, etc.
TransPoint Internet Bill Delivery
eBiz Strom 6/99 121
Bill Presentment Products
Bluegill Technologies One-to-One Server
Electronic Funds and Data BillSite
International Billing Services EBill Anywhere
Netscape BillerExpert
Princeton Telecom 800-Paybill
eBiz Strom 6/99 122
Other EBP efforts
Open Financial Exchange (www.ofx.net)
www.Integrion.Net
CheckFree‟s E-Bill (getbills.checkfree.com)
eBiz Strom 6/99 123
eBill
Most popular and in widest practice
Schwab and Intuit/Quicken are supporters
Most threatened by MSFDC
eBiz Strom 6/99 124
OFX
Started with Intuit
Trying to standarize on too much at once:
data transfers
account inquiries
financial applications and transactions
Verisign Financial Server (US$1200)
digitalid.verisign.com/ofxIntro.htm
eBiz Strom 6/99 125
Integrion
Banking-intensive plus IBM
No other software supporter, BUT…
Trying to establish their “Gold Standard” vs.
OFX
Leave choice of how much customer data is
maintained up to the merchant
eBiz Strom 6/99 126
Integrion developments
Banks still want control over their own destiny
Some banks, such as Citibank, are hedging their
bets with MSFDC/Transpoint
eBiz Strom 6/99 127
What about OBI?
Open Buying on the Internet
A bunch of standards: SSL, X12 EDI, X.509 PKI
Proposed 3/97, revised 6/98
Emphasis is with OPEN and not point-to-point
EDI
Products from Netscape, Commerce One, IBM,
Epic Systems
eBiz Strom 6/99 128
OBI Components
Buyer (could be software or a person)
Buyer‟s server
Seller‟s server
Payment authority/clearinghouse
eBiz Strom 6/99 129
Typical OBI Process
Buyer connects to web site with https
Seller verifies buyer, then displays catalog
Buyer fills out forms, submits order
Seller checks transaction using certs
Servers talk to each other and approve order
Buyer server sends order up his chain for
approval
Seller determines how to get paid
eBiz Strom 6/99 130
Unresolved OBI Issues
Who owns the catalog (buyer or seller)?
How much infrastructure is really needed to
connect them?
Does it compete with existing EDI solutions?
Knitting together a solid solution is more than
enumerating standards!
eBiz Strom 6/99 131
One Example: Secure Digital Music
Initiative
Open series of protocols called SDMI
Various encryption approaches, technologies,
trials underway
Competes with popular MP3 and underground
distribution via FTP
But way too complex for most consumers
eBiz Strom 6/99 132
IBM‟s Electronic Music Management
System
Music studio master, encrypt and compress,
watermarks, controls license
Web site to store content
eMusic store to promote songs and sell them
Clearinghouse to handle payments and
transactions
Client software to encrypt and play and store
music
Trial underway in San Diego cable this year
eBiz Strom 6/99 133
Existing MP3 Distribution System
Consumer rips music into MP3 format, uploads
to FTP server
Others download it freely and play on their PCs
and Rios
No money changes hands, but lots of music
available!
eBiz Strom 6/99 134
Topic 4: Introduction to Payment Systems
Structure,properties and roles
Different devices
Credit Cards
Electronic Wallets
CyberCash
Setting up a merchant account
Privacy and security issues
eBiz Strom 6/99 135
Payment Basics
Issuer Acquirer
Consumer Merchant
Access Point Access Point
BANK
• deposit & withdrawal
• transaction status inquiry
• authentication
• problem resolution
Consumer Merchant
• purchase & refund
• transaction status inquiry
• authentication
• problem resolution
eBiz Strom 6/99 136
Hierarchy
Payment System (clearing house)
Clearing house between acquirers and issuers
Acquirer (third-party processor)
Authorizes, processes and settles for merchant bank
Merchant Bank
Accepts merchant deposit
Merchant
Accepts authorized cardholder transaction
eBiz Strom 6/99 137
Difference Payment Pieces
System: provides processing and settlement of
transactions
Gateway: software/services to support
eCommerce merchants, acquirers
Device: initiates transaction from credit/debit
card
eBiz Strom 6/99 138
Attributes of Superior Payment Systems
Universal, world-wide acceptance
Recognized value
Reliability of transactions
Ease of use to customer
Capacity for quick settlement and collection
eBiz Strom 6/99 139
Requirements
Mass appeal
Easy payment by the customer
Have acceptable risk to bank and merchant
Accommodate changes, cancellations and
returns
eBiz Strom 6/99 140
Let‟s Consider the Customer
Changes the order
Doesn‟t fill out all fields even when asked
Mistype credit card and other data
Cancels order entirely or never finishes order
process
eBiz Strom 6/99 141
Objectives in Offering Payment Choices
Customers like choices, but remember: they are
here to buy stuff!
Make it safe for everyone involved: customer,
merchant, and banks
Consider how easy it is for your customer to
use, not just how easy it is for you to manage
Payments in a virtual world should imitate
those in the real world
eBiz Strom 6/99 142
Comparing Three Payment Systems
Transac Transact Real-time System Privacy
tion ion auth/valid Scalabi
Cost Direction ation lity
Cash very low two-way no extreme yes
Check low one-way maybe high no
Card moderate one-way yes high no
eBiz Strom 6/99 143
Other Properties
How much software does the buyer need to
install?
Does it come with the desktop operating system?
Does it come with the browser or other software?
What third-party clearinghouse is used?
Provide trusted relationships
Reduce risk, complexity in processing
eBiz Strom 6/99 144
The Way Things are on the Web Today
Some payments are authorized off-line, through
traditional POS terminals
E-mail message to customer later (hopefully),
confirming order and shipping information
Many merchant servers connect with payment
authorization systems
Authorization is real-time during the web session,
and the sale is completed with secure server and
browser software
eBiz Strom 6/99 145
The Way Things are on the Web Today:
Secure and Un-Secure
Secure transactions via secure browsers and
servers with SSL
Un-secure transactions with lack of proper
encryption (account numbers sent “in the
clear”) via e-mail messages
Un-secure transactions due to “export” versions
of browser and/or server software
eBiz Strom 6/99 146
The Way Things are on the Web Today
Secure transactions do not guarantee the
validity of the customer account information
A high percentage of credit charge-backs for MO/TO
transactions are for “merchandise not received”
Address verification services can help protect you,
and in some cases are required
eBiz Strom 6/99 147
Examples of Payment Systems
(Clearing Houses)
FederalReserve System for clearing checks
Visa and MasterCard transaction networks
American Express
Novus (Discover)
eBiz Strom 6/99 148
Examples of Acquirers (Processors)
FirstData Corp.
Paymentech
National Data Corp.
Bank of America Merchant Services
Many processors (acquirers) process multiple
brands as part of their service
eBiz Strom 6/99 149
Internet Payment Devices
Credit cards, debit cards
Off-line accounts
Electronic cash
Electronic checks
eBiz Strom 6/99 150
Different Ways to Capture Customer
Online
Post-authorization
Batch
eBiz Strom 6/99 151
Online Capture
Happens simultaneously with authorization of
transaction
Fastest method of capture for online merchants
who can guarantee same-day shipment of goods
eBiz Strom 6/99 152
Post-Authorization Capture
Capture is a separate step from authorization of
transaction; post-auth message instructs bank to
capture transaction
Example of use is for delayed shipping of
merchandise
eBiz Strom 6/99 153
Batch Capture
Transactions are captured in a batch mode after
authorization (like post-auth capture)
Multiple authorizations are submitted at one
time for capture
The batch is transmitted through gateway
(CyberCash) to the bank for funds transfer and
merchant account reconciliation
eBiz Strom 6/99 154
A Taxonomy of Bygone Web Payment
Approaches
transmit “16+4” over the Internet?
yes no
buyer encrypts? buyer confirms?
yes no yes no
merchant decrypts? plaintext synchronous? eCash
yes no yes no
buyer signs? CyberCash GlobeID VirtualPIN
yes no SET
S-HTTP SSL
PGP
eBiz Strom 6/99 155
Why Didn‟t They Work?
Too complex to implement
Too much infrastructure
Not too many stores took their kind of money
Too many other technical challenges
eBiz Strom 6/99 156
So What Payment Instrument to Use
Today?
SSL Credit cards
eWallets/SET
Cybercash and other payment gateways
1-Click service providers
eBiz Strom 6/99 157
Credit cards, debit cards
JCB,Visa, MasterCard, Discover, American
Express
Buyer gets card from issuing bank
Merchant is sponsored by acquiring bank
Merchant knows buyer and authorizes payment
eBiz Strom 6/99 158
How Credit Cards Work
Transactions authorized against customer‟s line
of credit at issuer (promise to pay)
At point of settlement, cardholder‟s account is
charged and merchant‟s account is credited
Transactions subject to chargeback to merchant
under certain conditions
Lack of proper authorization
Lack of proper identification / address verification
eBiz Strom 6/99 159
S-HTTP/SSL Features
Supply 16+4 in encrypted form
Require merchant to have a cert signed by a
trusted third-party
Requirement of client-side cert is a trade-off:
yes: buyer must “register” before making purchase
(S-HTTP, SSLv3); or,
no: no assurance as to buyer‟s identity (SSL)
Merchant site becomes a credit card repository
eBiz Strom 6/99 160
Plaintext Transaction Process
trans
buyer merchant
16+4 16+4
eBiz Strom 6/99 161
SSL Transaction Process
trans
buyer merchant
E(16+4) 16+4
eBiz Strom 6/99 162
Electronic Wallets
Microsoft® Wallet
Verifone® vWALLET
SM
GlobeSET Wallet
Tranactor/Citibank Wallet
eBiz Strom 6/99 163
What‟s in an eWallet?
Credit card accounts
Debit card accounts
Checking accounts
eBiz Strom 6/99 164
All of These Have in Common
Access to your accounts
Credit card and other account numbers are
stored by the service provider in a database, or
on your hard disk
These numbers are not transmitted to the
merchant
Consumer must initiate account set-up in
advance of making any purchases
eBiz Strom 6/99 165
How Electronic Wallets Work Today
Consumer must initiate request for electronic
“wallet” software
Credit card or other account numbers are given
to provider one time before any purchases are
made
Closed system: only available to participating
merchants and cardholders who have signed up
in advance
eBiz Strom 6/99 166
How Electronic Wallets Will Work in the
Future
With SET protocol, will contain digital IDs with
encrypted account information
Since digital IDs will be tied to specific
accounts, wallets will keep track of all that
information
At that point, wallets will be widely distributed
and universally accepted
eBiz Strom 6/99 167
Interoperability is the Key
Wallets will become widely used when the
following events occur:
Mass distribution of wallets to consumers is easily
made
Will be accepted by all merchants, regardless of
wallet brand or payment brand
eBiz Strom 6/99 168
eWallet Demonstrations
GlobeSET (SET now, server-side non-SET later)
Transactor/Citibank Wallet (Jscript bookmark)
eWallet.com (only SSL)
Microsoft Wallet (in Win98, IE 4.01) (both SSL
and SET)
eBiz Strom 6/99 169
Some Problems with eWallets
Not transferable to other wallets
Tied to a single PC
Not available for use at many web storefronts
Just solve a small part of the overall payment
process
eBiz Strom 6/99 170
CyberCash System
CyberCash operates a gateway between acquirer
and the Internet
Merchants given the choice of capture via:
SSL; or
the CyberCash InstaBuy service
Merchant doesn‟t see 16+4
eBiz Strom 6/99 171
How It Works
Buyer‟s wallet receives invoice from merchant‟s
server
Buyer‟s wallet sends sales order to merchant‟s
server:
signed with buyer‟s public key; and,
includes 16+4 encrypted with gateway‟s public key
eBiz Strom 6/99 172
How It Works (cont.)
Merchant sends transaction to gateway:
signed with merchant‟s public key; and,
includes buyer‟s sales order
Gateway verifies signature, and:
decrypts 16+4 using its private key;
submits transaction into credit card network; and,
returns results to merchant who tells buyer
eBiz Strom 6/99 173
CyberCash Secure Internet Credit Card
Payment
http://a.dn.cybercash.com/cybercash/info/sixsteps.html
eBiz Strom 6/99 174
CyberCash as a Merchant Service Provider
CyberCash provides the merchant with
CashRegister software to authorize and process
payments
CyberCash is neither an acquirer nor a bank,
but is a provider of payment software for
eCommerce (a gateway)
CyberCash provides an advanced level of
encryption for financial information passed
from their database to acquirers (not SSL)
eBiz Strom 6/99 175
CyberCash CashRegister® Software
Integrateswith a variety of operating systems
and merchant storefront software
Can be used with or without consumer wallets
Non-wallet transactions use SSL
Some programming required perl (Unix) or
VBScript (NT)
eBiz Strom 6/99 176
CyberCash CashRegister® Software
However, you must still arrange for a merchant
deposit account with your bank or independent
service provider
If you are having trouble setting up a merchant
account with a bank, contact CyberCash for
assistance
eBiz Strom 6/99 177
Credit Card Payment Demo
Creditcard transaction with CyberCash —
No Wallet
CyberCash InstaBuy transaction
eBiz Strom 6/99 178
CyberCash Benefits
CashRegister Software is free to merchant
CyberCash is presently the largest gateway
service provider for Internet merchants
Their products will evolve
eBiz Strom 6/99 179
Leading SSL/POS Payment Software
Vendors
ICVerify,www.icverify.com
PCAuthorize, www.tellan.com
Verifone vPos, www.verifone.com
PC-Charge, www.gosoftware.com
eBiz Strom 6/99 180
Online Payment Service Providers
Worldpay/PSI, www.psi.net/worldpay
AuthorizeNet.com + Cardservice.com ($45/mo + 2%
+ 20 cents/trans.)
Internet Secure.com
WebOrder.com
Web800.com
Paylinx Server (SiteServer, net.Commerce)
Billpoint.com
Check out www.ihtmlmerchant.com/creditcard.htm
eBiz Strom 6/99 181
Other Merchant Providers to Consider
Online Financial Services (OFS)
http://ofs.web-charge.com/signup1.html
Redi Check / Redi Charge
www.redi-check.com
Merchant Account Services
Provo, Utah 1-801-765-1111
eBiz Strom 6/99 182
ICVerify Process
Customer submits 16+4 through SSL browser
connection
Merchant swre records to a file
ICVerify submits to bank
ICVerify receives response from bank, creates
answer file
Merchant swre retrieves answer, sends response to
customer
No per transaction fee!
eBiz Strom 6/99 183
Supported Merchant Servers for ICVerify
MS Site Server Commerce
Oracle Payment
Mercantec SoftCart
Internet Factory Merchant
InterShop Online
eBiz Strom 6/99 184
ICVerify Demo
www.icverify.com/library/downloads/icvdemo20.
html
eBiz Strom 6/99 185
One Click Service Providers
1Clickcharge.com, qPass.com, InstaBuy.com
Mainly for digital content delivery
Per day pass (WSJ)
Charge 8- 12% per transaction
Universal membership
Don‟t leave site while completing purchase
eBiz Strom 6/99 186
Setting up Merchant Account
Providers to consider
How to compare services
Choices in setting up account, fees
eBiz Strom 6/99 187
All Merchant Providers Are Not the Same
Compare services
Which cards do they authorize?
Do they provide electronic check services?
Do they provide check guarantee services?
Compare prices
Start-up fees
Monthly discount fees
Other service fees (per transaction)
Statement generation fees
eBiz Strom 6/99 188
Choices for Setting Up a Merchant Account
Go to your local bank and set up your own
merchant account -- If they‟ll take you, this may
give you the best discount rate
Join Costco warehouse membership store,
Executive Membership is $125, <2% plus 25
cents/transaction (www.costco.com/exec/credit.html)
Contract with CSP and process through them
Buy a software suite that includes merchant
account set-up
eBiz Strom 6/99 189
Range of Credit Card Fees
Your Bank CSP
Discount Rate: 1.5% - 5.0% Application Fee: $100 - $300
Discount Rate: 1.5% - 5.0%
Per Transaction: .20 - .30
Monthly Fee: $10 - $25
(service / statement fee)
Chargeback Fee: Up to $25
Chargeback Reserves:
Up to 10% of sales, for up
to six months
eBiz Strom 6/99 190
Regulations governing electronic commerce
transactions
Visa / MasterCard Operating Regs
Credit Card Rules for acquirers and merchants
Fair Credit Billing Act
Debit Card Rules
Regulation E
Consumer Telephone Protection Act
Can Internet Protection Act be far behind?
Privacy Principles
Yet to be mandated, but inevitable; and generally a
good idea
eBiz Strom 6/99 191
What About Privacy?
Anonymity issues
Confidentiality issues
Communication Monitoring
Disclosure issues
Name and address info
Disclosure of transaction to a third party
Merchant‟s identity
It‟s all about trust
eBiz Strom 6/99 192
Privacy Issues for the Consumer
Most people just want to be asked for their
permission
Your customers don‟t object so much if you use
their information to sell them other products
you may offer
But many object if you sell or rent their names
to someone else
eBiz Strom 6/99 193
“Data Mining”: How much is enough?
You have the opportunity to build a customer
database for future sales
To what degree do you slice and dice?
If you slice too fine, are you missing
opportunities?
This leads to more privacy issues
eBiz Strom 6/99 194
Topic 5: Choosing the Right eCommerce
Path
eBiz Strom 6/99 195
Rent, Buy or Build?
Delusions: “I could do that myself”
Not invented here
Justification example: corporate procurement
Forrester research survey showed 30% spent
over $500,000
eBiz Strom 6/99 196
Rent, Buy, or Build
Rent: outsource to a CSP
Buy suite of software
Build it yourself
eBiz Strom 6/99 197
Find an CSP
More ISPs are offering eCommerce solutions
Have to use their software standards and
payment schemes
Could be pricey
Just catching on in USA
eBiz Strom 6/99 198
Evaluating CSPs
Do they offer storefront design?
Have in-house programmers?
Hosting of your own web server machine?
How many payment systems do they support?
What kinds of accounting reports do they offer?
eBiz Strom 6/99 199
The Catch-22 of CSPs:
To be successful, a provider has to promote his
products via the Internet and have detailed
descriptions on their own web sites!
But try to find this information isn‟t easy.
eBiz Strom 6/99 200
Some CSP Examples
www.psi.net/web/ecommerce.shtml
www.Best.com/bizcomm.html
www.Brainlink.com/html/saleslink.htm
www.Earthlink.net
IBM: mypage.ihost.com
www.Netcom.com
business.Mindspring.com/prod-svc/smbiz/
www.Mindrush.com/
www.outer.net/ONCommerce (OuterNet)
eBiz Strom 6/99 201
Price Comparison assumptions
10 Mb disk storage
Single email account
InterNIC $75 fee included for domain name
eBiz Strom 6/99 202
Price Comparison for CSP hosting
Provider Setup fee (US$) Monthly fee Plan name,
(US$) payment
options
IBM 260 55 Bronze, credit
cards
Earthlink 295 100 Starter Site
Netcom 450 300 Commerce Site
credit cards
Mindspring 175 324 Commercial
Advantage,
credit cards,
Cybercash
eBiz Strom 6/99 203
Earthlink pricing explained
Program Monthly fee Setup fee
Starter Site 20 25
Total Access Acct. 20 (waived)
SSL cert. 20 10
Domain fee 75
Ecommerce 40 175
TOTAL 100 210
eBiz Strom 6/99 204
CSP Approaches
1Clickproviders
GeoShop/Yahoo
ViaWeb/Yahoo
iCat
Encanto
iTool
Others entering a very crowded field
eBiz Strom 6/99 205
Ad networks/Link and Banner Exchanges
Netcentives‟ ClickRewards
LinkExchange/Microsoft
SmartAge.com
Eliancecorp.com, charges % of net sales
eBiz Strom 6/99 206
GeoShop/Yahoo
Builds on GeoCities “communities” but for
merchants
(www.geocities.com/join/geoshops)
$25/month for just commercial listings
$180/month (or more!) for actual transactions
working with Internet Commerce Services Corp.
who uses Open Market Transact servers
(www.icoms.com/pp.htm)
eBiz Strom 6/99 207
ViaWeb/Yahoo
$100/month (<50 items) or $300/month options
CyberCash processing $500 setup
Solid reporting and admin options
eBiz Strom 6/99 208
iCat Commerce Online Hosting Solution
Freefor <10 items, $99/mo. for 100 items
No per-transaction fees
Email and browser-based notifications of
purchase completion
Advanced items like upsell, featured products,
cybercash gateways
eBiz Strom 6/99 209
ShopSite demo
www.reliablehost.com/cgi-
bin/bo/start.cgi
Can now handle two concurrent currencies
username: test8
password: test
eBiz Strom 6/99 210
iTool Demo
www.itool.com/admin/controlpanel.cfm
$25-$100/mo.
Username: dstrom/pwd+1
eBiz Strom 6/99 211
Shopzone Demo
www.btsw.com, $995
Real-time credit card verification through
CyberCash
Store builder and publisher functions to both
NT and Unix web servers
eBiz Strom 6/99 212
Encanto
Turnkey server/software for free!
Payment gateway included ($50 initial,
$70/month)
Web storefront, shopping cart, catalog system
Also need secure cert, merchant bank account
All managed via browser, steps are clearly
documented
Demo at www.encanto.com/ego/demo
eBiz Strom 6/99 213
One Way to Support Lots of Payment
Systems
Wired-2-Shop
www.wired-2-
shop.com/TestDrive/Admin/PaymentList.asp
eBiz Strom 6/99 214
Storefront service providers
www.sitematic.com, flat rate for
$40/mo
www.stumpworld.com/Alpha Software,
$99, connects to Cybercash and OM
Payment systems
eBiz Strom 6/99 215
The Suite Approach
Leading contenders
What is part of the suite and what isn‟t
Prices and platforms
eBiz Strom 6/99 216
Popular eCommerce Suites
Vendor, Product Version Price Platform
Inex 3.2 $ 995 NT
Commerce Court
IBM 3.1 $5000 - NT, AIX,
Net.Commerce $20,000 Solaris,
AS/400,
S/390
Microsoft 3.0 $4600 NT
SiteServer Commerce
IBM/Lotus 2.0 $3500 - NT
Domino Merchant $9000
eBiz Strom 6/99 217
Popular eCommerce Suites (con‟t)
Vendor, Product Version Price Platform
OM Transact 4.0 $250,000 Unix
Open Market
Intershop Online 3.0 $5000 NT
Intershop Unix
WebSite Pro 2.3 $800 NT, 95
O'Reilly
eBiz Strom 6/99 218
Four Typical Elements
Catalog
Storefrontdesigner
Ordering/inventory system
Shopping cart/check out system
eBiz Strom 6/99 219
The Cold Hard Reality of Suites
Suites are nothing more than collection of
products
Lack integration among various elements
Difficult to setup, customize, and use
Require you to live “inside” their structure
Limited payment options
Sounds like early MS Office
eBiz Strom 6/99 220
Payment Systems Included in Each Suite
Microsoft: Verifone, Buy Now
IBM (Net.Commerce): Verifone, SET/eTill
Domino Merchant: CyberCash, Verifone
OpenMarket: Verifone
WebSite Pro: IC Verify, PC Authorize,
CyberCash, others
Intershop: CyberCash, ICVerify, others
eBiz Strom 6/99 221
Sample Stores Included in Each Suite
Microsoft: 4 stores
IBM: eMall, simple and advanced sample stores
Domino: 1 store
OpenMarket: none
WebSite Pro: 1 bookstore
Intershop: 3 stores
eBiz Strom 6/99 222
Database Support
Product Databases Supported
Site Server MS SQL, Oracle
Net.Commerce DB2, Oracle
Inex Commerce MS SQL, MS Access
iCat 4D, Sybase SQL Anywh
WebSite MS Access
Intershop Sybase SQL
eBiz Strom 6/99 223
Dealing With ODBC
Have to understand how to set up data sources
Intimate knowledge of your data structure
Re-install ODBC drivers at least once!
Best to start with built-in database
eBiz Strom 6/99 224
Store Wizards Included in Each Suite
Net.Commerce (the best)
WebSite Pro (but doesn‟t do much)
Intershop (various wizards)
MS Commerce (although you‟ll really need to
know COM!)
eBiz Strom 6/99 225
Tips
Don‟t install anything before making sure you
have everything!
Downloads for free, but they expire
Can you export existing files to these systems?
eBiz Strom 6/99 226
WebSite Professional website.ora.com
Version 2, shipping since 9/97
US$799!
NT (or 95)
Supports seven different payment processors:
SSL, CyberCash
One sample store (bookstore)
eBiz Strom 6/99 227
Sample storefront
http://merchant.inline.net/admin/
eBiz Strom 6/99 228
WebSite Configuration Sheet
eBiz Strom 6/99 229
Store Properties
Only can operate a single payment system
Run on a series of Access databases
Built-in tax table, but for N.Americans!
Well documented data structures in typical
O‟Reilly fashion
eBiz Strom 6/99 230
Recommendations
Lowest priced suite by far!
iHTML is robust, but will take some learning
Nice store setup and organization of catalog
Good low-end solution
Other alternatives: ShopZone (www.btsw.com),
Alpha Merchant (www.alphasoftware.com)
eBiz Strom 6/99 231
Intershop
demo at demo.intershop.com (admin/admin for
store)
Includes Sybase SQL 11
US$5000, includes 3 mos. support
eBiz Strom 6/99 232
Seven Different Managers
Catalog
Products
Store
Purchases
Inventory
Customers
Admin
eBiz Strom 6/99 233
Characteristics
Everything managed via browser, which can get
tedious
But you already have a database behind it
eBiz Strom 6/99 234
Payment Options galore
eBiz Strom 6/99 235
Recommendations
Most flexible payment options of any suite
Better at processing orders than site creation
Not good for large catalogs
eBiz Strom 6/99 236
Microsoft SiteServer Commerce
evolving
Still
More of a development platform than a suite
Closely tied to IIS, SQL Server et al.
eBiz Strom 6/99 237
Shopping with MS Commerce
eBiz Strom 6/99 238
Recommendations
If you are going to use any other MS apps
If you don‟t mind doing lots of integration on
your own
If you must stay on the cutting edge of MS
products
Look at www.siteserver101.com for more tips
You‟ll need at least one other piece ...
eBiz Strom 6/99 239
ClearCommerce.com Merchant Engine
Complements Site Server for payments
Handles real-time credit card processing, fraud
detection (via email)
Works with MS Order Pipeline, DCOM and
ASP components
eBiz Strom 6/99 240
Commerce Server Specifics
NT,fast Pentium with 256 M RAM essential
US$5000
www.microsoft.com/commerce
eBiz Strom 6/99 241
Inex Commerce Court
Two different versions: Lite ($595) and Pro
($995)
Runs on top of NT/IIS
Comes with catalog, publishing functions
Includes accounting links
eBiz Strom 6/99 242
IBM Net.Commerce
eBiz Strom 6/99 243
Included
IBM‟s Go Web Server
DB2 database
Shopping trolley system
Credit card verifier, eTill software
eBiz Strom 6/99 244
Several ways to setup your store
Use nine-step wizard with populated catalog
Use wizard with empty catalog
Start from scratch
Import existing databases
eBiz Strom 6/99 245
Recommendations
Great if you already use DB2 for inventories
Most security-conscious suite
More depth than iCat
Start with all IBM defaults to save time
eBiz Strom 6/99 246
Net.Commerce Specifics
NT, fast Pentium with 256 M of RAM
AIX, 390, OS/400, Solaris
US$5000 Start, $20,000 Pro
www.internet.ibm.com/net.commerce
eBiz Strom 6/99 247
Latest features
“IntelligentCatalog”
Java-based wizards to setup and manage store
Recognizes shopping preferences and upsells
Improved SET payment server, ad tracking
partnerships
Integration with Domino Merchant
Screencam demo
eBiz Strom 6/99 248
Domino Merchant v2.0
Uses Notes server, but not Notes clients
Payments, catalogs, wizards galore
Easiest to setup, difficult to add products
A good entry-level product for now
Screencam demo
eBiz Strom 6/99 249
OpenMarket
High end solution
Worldnet offers hosting of OM servers
Still needs customization!
eBiz Strom 6/99 250
Recommendations
Ifyou can afford it ....
Really the price covers lots of consulting time
High transactions and throughput needs
Use with Icoms.com front end service ($1000 +
$100/month)
eBiz Strom 6/99 251
OpenMarket Specifics
VariousUnix
US$250,000 and up!
www.openmarket.com
eBiz Strom 6/99 252
Isn‟t somebody missing from the suite
party?
Netscape
Oracle
eBiz Strom 6/99 253
Topic 6: Installing and Operating Your
Own Storefront
What you need to know
What you need to buy
eBiz Strom 6/99 254
One DIY solution
IIS
PerlShop shopping cart
ClearCommerce CSP
First American Payment Systems
Verisign certificates
Fees: $800 setup, $500/yr, $50/month
What took longest to work: perl scripts to make
credit card payments!
eBiz Strom 6/99 255
The 90s Help Wanted
Wanted: Webmaster
Required skills: High proficiency in various
web based programming, development tools,
CGI, cookies, DNS, eCommerce, FTP, HTML 2.0
through 3.02, IIS Server admin, Javascript, Java,
MS SQL, Netscape server admin, NT Server
admin, perl, Unix admin, web security
eBiz Strom 6/99 256
You Need to be a Superhero:
Part web designer
Internet technologist
SQL database admin
Payment system maven
eBiz Strom 6/99 257
Things You‟ll Need to Discover
Are your sales and marketing staff web-savvy?
Is your accounting system adaptable to web
purchases?
How do you reconcile these accounts?
Does your business owner understand Internet
culture?
Can anyone find you
eBiz Strom 6/99 258
The Most Under-rated Skill:
PATIENCE!
eBiz Strom 6/99 259
Do it Yourself Path
Traditional merchant banking approach
More risk, especially when your payment
system is on the „net
eBiz Strom 6/99 260
Steps Involved for DIY‟ers
Get a web server
Get merchant software
Integrate with your back end systems
catalogs
inventory
customer accounts
Be prepared to do lots of coding
eBiz Strom 6/99 261
Components Needed to Operate a Web
Storefront
Database of items to sell and current inventories
Secure web server
Searchable catalog server
Connections to backend payments and financial
servers
Shopping cart system
Checkout/payment system
Don‟t forget about security!
eBiz Strom 6/99 262
Maybe You Should Outsource Part of the
Action
Payment processing / fraud detection
Catalog server / shopping cart
Order fulfillment or processing
Email notifications
eBiz Strom 6/99 263
Which Database Server?
Pickbefore anything else
Core of your store revolves around the database:
inventory system
accounting system
catalog system
eBiz Strom 6/99 264
Database Server Recommendations
Use existing client/server db if possible
SQL Server: best with MS tools
Oracle: if you know pSQL already
Informix: all other situations
eBiz Strom 6/99 265
Database/web Tools
Develop your own forms
Query your database
Develop your own catalog
eBiz Strom 6/99 266
Why is a Catalog Important?
Your customers view of your store
Current with your own inventory and offerings
Don‟t want to sell what you don‟t have
See catalog resources page
eBiz Strom 6/99 267
Outsourced catalog solutions
ShopSite/Open Market
IBM Home Page Creator mypage-products.ihost.com
(N. America only)
Mindspring with Mercantec
eBiz Strom 6/99 268
Good small business solution: Mercantec
SoftCart
Supportfor link to QuickBooks accounts
GlobeSET, Cybercash payment servers
eBiz Strom 6/99 269
Tool Recommendations
ColdFusion, www.allaire.com
Sapphire/Web, www.bluestone.com
eBiz Strom 6/99 270
Which Web Server?
Hundreds to choose from
Must support SSL and/or SHTTP
Platform isn‟t important, really
Choose:
NT/IIS
Solaris/Netscape Enterprise
Linux/Apache
eBiz Strom 6/99 271
Get Your Certificates in Order
Bring up form inside web server
Send to CA on letterhead with credit card (!)
Receive cert from CA
Install on your web server
eBiz Strom 6/99 272
What can a Shopping cart do?
Simplify ordering process
Track multiple purchases for a single visitor
Display items purchased
Calculate total prices, tax, shipping charges
Track item attributes (colors, styles, sizes)
eBiz Strom 6/99 273
Different Shopping cart Methods
Account-based
Cookie-based; see www.cookiecentral.com
Encoded URLs
eBiz Strom 6/99 274
Shopping cart Programs
S-Mart:
www.rcinet.com/~brobison/scripts
Minishop: www.egrafx.com/minishop
mvend: www.iac.net/~mikeh/mvend.html
PerlShop: www.arpanet.com/perlshop
eBiz Strom 6/99 275
Commercial Programs
Internet Shopping Cart Server:
www.webisland.com/cart
Rent-A-Cart: www.rent-a-cart.com
CyberCart: www.lobo.net/~rtweb
AutoCart: www.autocart.com/Autocart
WebCart: www.staff.net/webcart.html
SoftCart: www.mercantec.com
WWWOrder:
www.virtualcenter.com/scripts2/WWWOrder.html
eBiz Strom 6/99 276
Payment Choices
Use gateway (CyberCash, ICVerify) or service
provider?
Do you need support for multiple currencies?
Do you have to host your store elsewhere?
Do you understand the fee structure?
eBiz Strom 6/99 277
Steps Towards Coding Your Own Payment
Service
Present user with a CGI form with shopping
items info
Connect this to the service provider site
Provider displays his form to collect credit card
info
After approval, you record info to your site
See WebTechniques article by Lincoln Stein,
8/98
eBiz Strom 6/99 278
Again, Service Providers Differ
Compare services
Which cards do they authorize?
Do they provide electronic check services?
Do they provide check guarantee services?
Compare prices
Start-up fees
Monthly discount fees
Other service fees (per transaction)
Statement generation fees
eBiz Strom 6/99 279
WorldPay and PSI
Multicurrency payments
>100 for product prices
16 different ones for settlement
Have to host your web at PSI
Includes SoftCart and iCat software as well
US$1000 + US$1400/yr
eBiz Strom 6/99 280
WorldPay Demo
www.worldpay.com/demo/store.html
eBiz Strom 6/99 281
Prices of Typical Products
Product Type Price
Inex Accounting US$6000
SoftCart Shopping Cart 900
MallManager Catalog 2000
WebCatalog Catalog 1600
Saqqara Search tool 700
VPOS Payment server 2500
WebMate Development tool 750
eBiz Strom 6/99 282
Don‟t forget about sales tax and VAT!
Make use of software from Taxware.com
Some of the catalogs and suites have databases
to deal with this
But you have to create them from scratch
eBiz Strom 6/99 283
Dealing with search engines
Some use <META>, some use <TITLE>
Keep descriptions at top of your home page
short and sweet
Review information on
SearchEngineWatch.com
Web Review article:
webreview.com/97/10/17/webmaster
eBiz Strom 6/99 284
Don‟t Forget About Security
Make sure you protect your web site!
See “Ten ways” article from Winn Schwartau
Limit access, isolate servers, lock down scripts,
so forth
See
www.nwfusion.com/netresources/0202hack1.html
and www.scambusters.org/Scambusters23.html
eBiz Strom 6/99 285
Preventing Credit Card Fraud
Don't accept orders unless full address and phone
number present
Be wary of different "bill to" and "ship to" addresses
Be careful with orders from free email services
Be wary of orders that are larger than typical amount
Pay extra attention to international orders
When in doubt, call the customer to confirm the order
Use software or services to fight fraud
When you‟ve found fraud, contact your merchant bank
immediately
eBiz Strom 6/99 286
Putting Together Your Own Solution
SQL Server database
CyberCash payment system
WebCatalog 3.0 (supports CCash)
IIS web server
Total price: <US$10,000
eBiz Strom 6/99 287
Conclusions
eCommerce crosses many different skill sets
Software is still too dicey in many areas
Standards aren‟t much use right now
Suites don‟t offer much in the way of
integration
DIY may be the best solution
eBiz Strom 6/99 288
Acronyms
B2B Business to business
CSP Commerce Service Provider
DIY Do It Yourself
EBP Electronic Bill Presentment
URLs Universal Resource Locator
SSL Secure Sockets Layer
OFX Open Financial Exchange
SHTTP Secure web protocol HTTP
eBiz Strom 6/99 289
More Acronyms
ACH Automated Clearing House
CA Certificate Authority
ISP Independent Service Provider
MAC Message Authenticity Check
MICR Magnetic Ink Character Recognition
MO/TO Mail Order/Telephone Order
NACHA National Automated Clearing House Association
PIN Personal Identification Number
PKC Public Key Cryptography
POS Point of Sale
RSA Rivest, Shamir and Adleman
eBiz Strom 6/99 290
Thanks!
Review, Q&A
David Strom
+1 516 944 3407
david@strom.com
eBiz Strom 6/99 291
