1 (c) stephanie denny and david strom, 1998 internet commerce: understanding payments, security and...
TRANSCRIPT
(c) Stephanie Denny and David Strom, 1998
1
Internet Commerce:Understanding Payments, Security and Storefronts
presented by:
Stephanie Denny, [email protected], www.denny.dc3.com
David Strom, [email protected], www.strom.com
(c) Stephanie Denny and David Strom, 1998
2
Day 1: Internet Commerce
presented by:
Stephanie Denny, [email protected]
(c) Stephanie Denny and David Strom, 1998
3
Why This Tutorial
A successful web storefront must accommodate the common forms of electronic payment in use today
Customer payment choices = increased sales
Not all payment systems look or act the same
The right payment options protect you as well as your customer
(c) Stephanie Denny and David Strom, 1998
4
What This Course is Not About
Mathematics of Public Key Cryptography In-depth discussion of Visa® and
MasterCard® operating regulations for e-commerce
Legal advice for e-commerce issues related to operating a web storefront
Writing your own storefront systems from scratch
In-depth on security issues
(c) Stephanie Denny and David Strom, 1998
5
Course Topics-- Day 1 (Denny)
The essential ingredient to web storefronts: providing for payment of goods and services
What is a secure transaction, and why all the fuss about it?
Overview and demonstration of payment systems that are working on the Internet today
The future of payments on the Internet
(c) Stephanie Denny and David Strom, 1998
6
Course Topics-- Day 2 (Strom)
What Becomes eCommerce Success Choosing the Right eCommerce Path Installing and Operating Your Own
Storefront
(c) Stephanie Denny and David Strom, 1998
7
Course Approach
Overview of major payment systems and storefront products
Give real-life examples and online demos Help relate information to your own
situation Provide insight into different
approaches, technologies Discuss pros and cons of each Multiple Q&A sessions
(c) Stephanie Denny and David Strom, 1998
8
Some $5.00 Words I Will Not Use in Today’s Presentation
$5.00 Word
NascentUbiquitousEfficaciousParadigm
5-cent Synonym
NewEverywhereEffectiveStandard
(c) Stephanie Denny and David Strom, 1998
9
Denny’s Background
I’ve been involved with payment systems for a long time 26 years in credit cards / banking (both the
acquiring and issuing sides of the credit card business)
Managed the development of an on-line banking service for a major US Bank Credit Card
Mostly non-technical, with major experience in Marketing and Communications
(c) Stephanie Denny and David Strom, 1998
10
Strom’s Background
I’ve been involved in the Internet for some time
Have used most of the products we demonstrate
Have consulted to a few of the vendors, but still have strong opinions
(c) Stephanie Denny and David Strom, 1998
11
Our Beliefs
Our perspective is from the Consumer’s viewpoint, as well as from the Merchant’s
We believe that e-commerce is the next evolutionary step in payment systems
There will be other iterations of eCommerce payment forms yet to come
(c) Stephanie Denny and David Strom, 1998
12
Our Perspective on the Internet
Historically, it will have as profound an effect on humanity as did the invention of the printing press
It is a mass communication medium, but different because it is two-way and feedback is instantaneous
Commercially, it is another channel for sales and distribution
(c) Stephanie Denny and David Strom, 1998
13
Some Disclaimers
I am not a mathematician, engineer or cryptography expert
However: I was in the credit card business before
Visa and MasterCard were around I’ve been around the Internet since the
early days of the World Wide Web
(c) Stephanie Denny and David Strom, 1998
14
Benefits of the Internet
Free exchange of information; expansion of personal knowledge
Instant distribution of information, worldwide
At the same time, we all share the responsibility for accurate publishing
(c) Stephanie Denny and David Strom, 1998
15
Marketing on the Internet
Direct, one-to-one marketing opportunity
Allows you to learn useful information to build a relationship with your customer
Relatively inexpensive medium compared to advertising, direct mail or telemarketing
Results are measurable
(c) Stephanie Denny and David Strom, 1998
16
Marketing on the Internet
Some say that eCommerce has slowed down, and some say it’s taking off
How do we convince the general public that they will really like eCommerce?
(c) Stephanie Denny and David Strom, 1998
17
Marketing on the Internet
The Internet has the capacity to be a major distribution channel
Business-to-business use will grow faster due to efficiencies realized online
However...
(c) Stephanie Denny and David Strom, 1998
18
Marketing on the Internet
The Wide use of eCommerce by Consumers Will Depend on Several Things: Easy forms of payment Trust in the system Perceived benefits outweigh the risk
(What’s in it for me?)
(c) Stephanie Denny and David Strom, 1998
19
Marketing on the Internet
This is a fundamental change in the concept of money
Like the introduction of the credit card and the ATM, it will take some time (but the adoption curve will be faster)
However, if you tried to buy on the Internet during the past Holiday season, you know it’s growing
(c) Stephanie Denny and David Strom, 1998
20
Today’s Topics
I. The Essential Ingredient to Web Storefronts: Accepting
Payments for Goods and Services II. What is a Secure Transaction, and
Why all the Fuss About it? III. Payment Systems Today
Overview of those that work today on the Internet
Live demonstration of how they work IV. The Future of eCommerce Payments
(c) Stephanie Denny and David Strom, 1998
21
I. The Essential Ingredient to Web Storefronts: Accepting Payments
Payment basics Which options are the right ones for
you? Objectives in providing payment
choices Virtual money is the currency of the
future Q & A
(c) Stephanie Denny and David Strom, 1998
22
Payment Basics
Issuer Acquirer
ConsumerAccess Point
MerchantAccess Point
BANK
Consumer Merchant
• deposit & withdrawal• transaction status inquiry• authentication• problem resolution
• purchase & refund• transaction status inquiry• authentication• problem resolution
(c) Stephanie Denny and David Strom, 1998
23
What Makes a Good Payment System?
Universal (worldwide) acceptance Universal value Reliability Ease of use for your customer Capacity for quick settlement
(collection of payment for you)
(c) Stephanie Denny and David Strom, 1998
24
What are the Requirements?
Payment options must appeal to the masses
They must allow easy payment for the customer, at an acceptable level of risk for you and your bank
They must accommodate order changes, cancellations and returns
(c) Stephanie Denny and David Strom, 1998
25
Objectives in Offering Payment Choices
Your customer’s objective is to make a purchase
Your objective is to facilitate the sale with a convenient and “safe” method that ensures collection of the payment
“Safe” means safe for you, your customer and your bank
(c) Stephanie Denny and David Strom, 1998
26
Objectives in Offering Payment Choices
Consider how easy it is for your customer to use, not just how easy it is for you to manage
Payments in a virtual world should imitate those in the real world
(c) Stephanie Denny and David Strom, 1998
27
Virtual Money is the Currency of the Future
That future is already here This idea is scary to many people
Consumers (they can’t “see” it) Banks (many bankers don’t understand it) Acquirers (they want to know the
difference) The Government (they can’t control it)
It is not unlike MO/TO transactions today
(c) Stephanie Denny and David Strom, 1998
28
The Way Things are on the Web Today
Some payments are authorized off-line, through traditional POS terminals E-mail message to customer later
(hopefully), confirming order and shipping information
Many merchant servers connect with payment authorization systems Authorization is real-time during the web
session, and the sale is completed with secure server and browser software
(c) Stephanie Denny and David Strom, 1998
29
The Way Things are on the Web Today: Secure and Un-Secure
Secure transactions via secure browsers and servers with SSL
Un-secure transactions with lack of proper encryption (account numbers sent “in the clear”) via e-mail messages
Un-secure transactions due to “export” versions of browser and/or server software
(c) Stephanie Denny and David Strom, 1998
30
The Way Things are on the Web Today
Secure transactions do not guarantee the validity of the customer account information A high percentage of credit charge-backs
for MO/TO transactions are for “merchandise not received”
Address verification services can help protect you, and in some cases are required
(c) Stephanie Denny and David Strom, 1998
31
Questions and Answers
(c) Stephanie Denny and David Strom, 1998
32
II. What is a secure transaction, and why all the fuss about it?
You want to identify your customer as an authorized account holder
Your customer wants to identify you as a legitimate merchant
You both want to make sure that valid payment is received for the purchase
(c) Stephanie Denny and David Strom, 1998
33
Enter Secure Electronic Commerce
SEC allows for secure processing of customer and payment information
Based on cryptographic technology Privacy of message contents Authentication of parties involved Integrity of data transmitted Non-repudiation of transactions
(c) Stephanie Denny and David Strom, 1998
34
Privacy
Privacy means that the message contents cannot be seen by anyone but the intended parties
Accomplished through the use of encryption
(c) Stephanie Denny and David Strom, 1998
35
Authentication
Authentication means that each party involved in the transaction is identified as legitimate
Accomplished through the use of certificates A certificate is a notarized public key (like
a passport or a driver’s license) Issued by a trusted third party called a
Certificate Authority Binds the certificate owner to the public
key within the certificate
(c) Stephanie Denny and David Strom, 1998
36
Integrity
Integrity of data means that it cannot be altered by anyone during transmission, to avoid a “man in the middle” attack
Encryption allows only the intended recipient to open the digital envelope
A digital envelope (or ”hash”) = contents of an encrypted message + digital signature
(c) Stephanie Denny and David Strom, 1998
37
Non-repudiation
Non-repudiation means both parties to the transaction are ensured that the message is genuine and cannot be disputed
Parties are identified with certificates that have been notarized by a trusted Certificate Authority
It will be much harder for customers to claim they never placed the order
(c) Stephanie Denny and David Strom, 1998
38
Why Should You Get a Certificate?
You want those who visit your web site to know you are a legitimate business
A certificate is required to operate a secure server (SSL)
(c) Stephanie Denny and David Strom, 1998
39
Certificate Authorities (CAs)
Trusted third parties, similar to notaries Can be external or internal (managed
within your own company) — we will discuss external
Choice of a CA may depend on your merchant server software
If you want to choose an unsupported CA, you will be on your own to determine interoperability with your software
(c) Stephanie Denny and David Strom, 1998
40
Steps in Certificate Creation
Refer to you server software documentation for selection of a CA and instructions
Generally, you will do the following: Generate a key pair of public and private keys Send the public key and other information to CA CA verifies information provided Upon verification, CA creates a certificate
containing public key and expiration date The Certificate is sent back to applicant and may
be posted publicly, if appropriate
(c) Stephanie Denny and David Strom, 1998
41
Examples of Certificate Authorities
VeriSign http://www.Verisign.com
GTE CyberTrust Solutions, Inc. http://www.cybertrust.gte.com
Thawte Consulting http://www.thawte.com
(c) Stephanie Denny and David Strom, 1998
42
Certificate Creation
Demo of key generation and certificate request
(c) Stephanie Denny and David Strom, 1998
43
Certificate Management
Once public key certificates are issued, they must be managed to maintain integrity They contain expiration dates They may be revoked for various reasons Upon expiration, certificates must be
renewed or reissued This is a consideration for using an
external CA, as opposed to managing an internal CA
(c) Stephanie Denny and David Strom, 1998
44
How is this accomplished?
Secure servers and browsers Capable of strong encryption (up to 128 bit) 40 bit encryption is no longer considered
adequate for financial transactions Digital certificates
Ensure the identity of the certificate holder
Also called digital IDs The common protocol in use today is
Secure Sockets Layer (SSL)
(c) Stephanie Denny and David Strom, 1998
45
Secure Sockets Layer Protocol (SSL)
Authenticates the merchant server Merchant Certificate obtained from trusted
Certificate Authority Provides privacy through encryption of
the message for both the sender and receiver Secure “pipe” negotiates maximum
encryption compatible at browser and server for each message transmitted
Ensures integrity of data transmitted Message authenticity check (algorithm)
(c) Stephanie Denny and David Strom, 1998
46
Secure Sockets Layer Protocol (SSL)
https:// in the URL = a secure connection SSL allows customers to verify who the
merchant is The merchant’s digital ID does not certify
the integrity of the merchant
Merchant’s Certificate (Digital ID) can be viewed by any secure browser
(c) Stephanie Denny and David Strom, 1998
47
Secure Sockets Layer Protocol (SSL)
SSL encrypts the customer order, which includes the payment information
This data is sent from the customer to the merchant via a secure “pipe”
Customer Order withPayment Information
Encryptedorder sent
Customer order decryptedat merchant server
(c) Stephanie Denny and David Strom, 1998
48
SSL: How do you get a certificate for your merchant server?
Apply to Certificate Authority Instructions built into merchant server
software You will be asked to provide valid
business license and other ID Cost is dependent upon level of
certification
(c) Stephanie Denny and David Strom, 1998
49
Encryption Strength
It is illegal to export products containing encryption that is stronger than 40 bits
It is not illegal to use encryption stronger than 40 bits internationally
Financial institutions do not consider 40-bit encryption adequate for Internet transactions
(c) Stephanie Denny and David Strom, 1998
50
Encryption Strength
Newer browser and server software are capable of 128-bit encryption
128-bit encryption is exponentially stronger than 40-bit encryption
(c) Stephanie Denny and David Strom, 1998
51
Encryption Strength
We’ve all heard about the case where 40-bit encryption was broken in eight days
Estimated cost of effort was $10,000
(c) Stephanie Denny and David Strom, 1998
52
Encryption Strength
According to Netscape, it would cost $5,600,000,000,000,000,000,000,000,000,000 US (approximately) to crack a single session in eight days with 128-bit encryption
(c) Stephanie Denny and David Strom, 1998
53
Some New Credit Card Operating Regs You Should Know About
For both Visa and MasterCard: Effective April 1, 1998 electronic
commerce transactions using unsecured protocol are subject to higher interchange rates for the acquirer, which translates into higher discount rates for the merchant
Secure protocols are defined in the regs as “channel encrypted” (SSL) or SET
(c) Stephanie Denny and David Strom, 1998
54
How Things Will Be in the Future
Non-repudiation of transactions through digital certificates for both merchant and customer
The SET Protocol (SET) is the industry standard for payments, but yet to be implemented
It will be far more difficult for a customer to claim no knowledge of a transaction
(c) Stephanie Denny and David Strom, 1998
55
What is SET protocol?
Secure Electronic Transaction protocol is a common standard that was developed jointly by Visa, MasterCard and other partners to ensure the processing of secure transactions.
Based on RSA encryption Uses public and private key pairs that
have a mathematical relationship
(c) Stephanie Denny and David Strom, 1998
56
Public and Private Key Pairs
A public key is disclosed and widely distributed with no adverse affects
Used to encrypt or decrypt information Works only in conjunction with its
paired private key
(c) Stephanie Denny and David Strom, 1998
57
Public and Private Key Pairs
A private key is held and used only by its owner
If a private key is compromised, it must be replaced immediately Today’s real-world example: lost or stolen
credit cards must be blocked and replaced
(c) Stephanie Denny and David Strom, 1998
58
Public and Private Key Pairs
Real-world example: Dual control of keys for your safe deposit box — it can only be opened with two keys — yours as well as the bank’s
(c) Stephanie Denny and David Strom, 1998
59
A Digital Certificate (or Digital ID) is a Notarized Public Key
The Certificate Authority is the Notary You can create a key pair through
server, browser or wallet software You send the public key to the
Certificate Authority
(c) Stephanie Denny and David Strom, 1998
60
A Digital Certificate (or Digital ID) is a Notarized Public Key
Your public key is digitally signed and returned as the certificate
Your private key remains embedded in your software
(c) Stephanie Denny and David Strom, 1998
61
Public Key Cryptography
Public keys are shared and widely distributed Private keys are kept secret by the holder of the
key Both pairs of keys are required to complete a SET
transaction
Customer’sPrivate Key
Customer’sPublic Key
Merchant’sPublic Key
Merchant’sPrivate Key
(c) Stephanie Denny and David Strom, 1998
62
How is SET Different from SSL?
Digital certificates for SET will be payment-specific Merchants will be certified as legitimate to accept
branded payment card transactions Cardholders will be certified as valid account holders Merchants will not see customer’s account number (it
will only be passed to the acquirer)
(c) Stephanie Denny and David Strom, 1998
63
How is SET Different from SSL?
Customer’s Digital IDrelated to a specific account
+ Customer Order info
Merchant Server gets Customer’s Digital IDminus the account number + Customer Order
Acquirer gets order receipt +Customer’s Digital ID with account number
With SET:
(c) Stephanie Denny and David Strom, 1998
64
How Will Certificates (Digital IDs) be Issued for eCommerce?
Hierarchy of trust for certificate issuance Visa and MasterCard will designate a
Certificate Authority to hold the Trusted Root Merchants will obtain certificates from banks’
or acquirers’ Certificate Authority, then store on SET server software
Cardholders will obtain certificates (digital IDs) from their banks’ Certificate Authority, then store in electronic wallet
(c) Stephanie Denny and David Strom, 1998
65
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen1.html
(c) Stephanie Denny and David Strom, 1998
66
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen2.html
(c) Stephanie Denny and David Strom, 1998
67
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen3.html
(c) Stephanie Denny and David Strom, 1998
68
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen4.html
(c) Stephanie Denny and David Strom, 1998
69
MasterCard® Example of a SET Transaction
http://www.mastercard.com/set/screen5.html
(c) Stephanie Denny and David Strom, 1998
70
SSL vs. SET
SSL Server authentication
Merchant certificate as legitimate business
Possible for client authentication Not tied to payment method
Privacy Encrypted message to
merchant includes account number
Integrity Message authenticity check
(MAC)
SET Server authentication
Merchant certificate tied to accept payment brands
Customer authentication Digital certificate tied to
certain payment method Privacy
Encrypted message does not pass account number to merchant
Integrity Hash/message envelope
(c) Stephanie Denny and David Strom, 1998
71
SET — the Answer to eCommerce
SET has been proposed as the answer to secure and interoperable eCommerce It is not currently mandated by Visa and
MasterCard There are big implementation issues for all
concerned The SET protocol is definitely more
secure than SSL However...
(c) Stephanie Denny and David Strom, 1998
72
SET — the Answer to eCommerce
Implementation of SET has some big drawbacks: Lack of interoperability among systems Management of public key infrastructure Distribution of digital certificates requires
action on the part of the consumer And who will pay for all this? Meanwhile, eCommerce goes on
(c) Stephanie Denny and David Strom, 1998
73
Questions & Answers
(c) Stephanie Denny and David Strom, 1998
74
III. Payment Systems on the Internet Today
Overview of those that work today on the Internet
Live demonstration and discussion of how they work
Q & A
(c) Stephanie Denny and David Strom, 1998
75
Payment Systems on the Internet Today
Separate payment systems from payment gateways and payment devices: A payment system provides the processing
and settlement of transactions A payment gateway provides software or
services that support eCommerce transactions between the merchant and acquirer
A payment device initiates the transaction (such as a credit card or debit card)
(c) Stephanie Denny and David Strom, 1998
76
Hierarchy
Payment System (clearing house) Clearing house between acquirers and issuers
Acquirer (third-party processor) Authorizes, processes and settles for
merchant bank Merchant Bank
Accepts merchant deposit Merchant
Accepts authorized cardholder transaction
(c) Stephanie Denny and David Strom, 1998
77
Examples of Payment Systems (Clearing Houses)
Federal Reserve System for clearing checks
Visa and MasterCard transaction networks
American Express Novus (Discover)
(c) Stephanie Denny and David Strom, 1998
78
Examples of Acquirers (Processors)
First Data Corp. Paymentech National Data Corp. Bank of America Merchant Services Many processors (acquirers) process
multiple brands as part of their service
(c) Stephanie Denny and David Strom, 1998
79
Internet Payment Devices
Credit cards, debit cards Off-line accounts Electronic cash Electronic checks
(c) Stephanie Denny and David Strom, 1998
80
Credit cards, debit cards
Visa MasterCard Discover, American Express, JCB
(c) Stephanie Denny and David Strom, 1998
81
How Credit Cards Work
Transactions authorized against customer’s line of credit at issuer (promise to pay)
At point of settlement, cardholder’s account is charged and merchant’s account is credited
Transactions subject to chargeback to merchant under certain conditions Lack of proper authorization Lack of proper identification / address
verification
(c) Stephanie Denny and David Strom, 1998
82
“Off-line” Accounts
Electronic wallets CyberCash® Wallet Microsoft® Wallet Verifone® vWALLETSM
First Virtual®
All these may provide access to credit, debit, e-cash or electronic check accounts
(c) Stephanie Denny and David Strom, 1998
83
“Off-line” Account Services
Credit card and other account numbers are stored by the service provider in a database, and are not transmitted to the merchant
Instead, a “PIN” is used by the customer at the point of purchase (cross-reference for actual account number)
Consumer must initiate account set-up in advance of making any purchases
(c) Stephanie Denny and David Strom, 1998
84
How Electronic Wallets Work Today
Consumer must initiate request for electronic “wallet” software
Credit card or other account numbers are given to provider one time before any purchases are made
Account numbers, stored by provider in a database, are not transmitted; instead, a “PIN” is used to pay
Closed system: only available to participating merchants and cardholders who have signed up in advance
(c) Stephanie Denny and David Strom, 1998
85
How Electronic Wallets Will Work in the Future
With SET protocol, will contain digital IDs with encrypted account information
Since digital IDs will be tied to specific accounts, wallets will keep track of all that information
At that point, wallets will be widely distributed and universally accepted
(c) Stephanie Denny and David Strom, 1998
86
Interoperability is the Key
Wallets will become widely used when the following events occur: Mass distribution of wallets to consumers
is easily made Will be accepted by all merchants,
regardless of wallet brand or payment brand
(c) Stephanie Denny and David Strom, 1998
87
Some Problems with Wallets
Not transferable to other wallets Not available for use at all web storefronts For eCash products, money must be
moved into wallet from another account prior to use: There may be a hold of up to seven days before
the funds can be used If your hard disk crashes, you lose the money
in that account (remember to back up wallet files)
Storage of cash in your wallet = use of float on those funds for your wallet provider
(c) Stephanie Denny and David Strom, 1998
88
Visa® Example of Electronic Wallet
http://www.visa.com/cgi-bin/vee/nt/sec/no_shock/virt_wallet_L.html?2+0
(c) Stephanie Denny and David Strom, 1998
89
Visa® Example of Wallet Registration (Digital ID)
http://www.visa.com/cgi-bin/vee/nt/sec/no_shock/registering_L.html
(c) Stephanie Denny and David Strom, 1998
90
What’s in a CyberCash Wallet?
Credit card accounts Debit card accounts PayNow™ check service (for electronic
payments from checking account; like debit cards)
CyberCoin account (for “micro-payments”)
(c) Stephanie Denny and David Strom, 1998
91
CyberCash Secure Internet Credit Card Payment
http://a.dn.cybercash.com/cybercash/info/sixsteps.html
(c) Stephanie Denny and David Strom, 1998
92
CyberCash as a Merchant Service Provider
CyberCash provides the merchant with CashRegister software to authorize and process payments
CyberCash is neither an acquirer nor a bank, but is a provider of payment software for eCommerce (a gateway)
CyberCash provides an advanced level of encryption for financial information passed from their database to acquirers (not SSL)
(c) Stephanie Denny and David Strom, 1998
93
CyberCash Merchant Services
Interactive Billing and Payment Enables presentment, payment and
posting of bills on the Internet (single or recurring transactions)
Works with PayNow (e-check), credit card or CyberCoin® services
Can be used for business-to-business as well as consumer payments
(c) Stephanie Denny and David Strom, 1998
94
CyberCash CashRegister® Software
Makes all their payment services work Integrates with a variety of operating
systems and merchant storefront software
Can be used with or without consumer wallets
Non-wallet transactions are SSL-encrypted, and do not require consumer action in advance
(c) Stephanie Denny and David Strom, 1998
95
CyberCash CashRegister® Software
However, you must still arrange for a merchant deposit account with your bank or independent service provider
If you are having trouble setting up a merchant account with a bank, contact CyberCash for assistance
(c) Stephanie Denny and David Strom, 1998
96
Credit Card Payment Demo
Credit card transaction with CyberCash — No Wallet
CyberCash Wallet transaction
(c) Stephanie Denny and David Strom, 1998
97
Credit Card Settlement with CyberCash Transactions
Card data is captured for transmission in one of three ways: Online Capture — simultaneous with
authorization Post-Authorization Capture Batch Capture
Method of capture is determined by your merchant bank and their acquirer
(c) Stephanie Denny and David Strom, 1998
98
Online Capture
Happens simultaneously with authorization of transaction
Fastest method of capture for online merchants who can guarantee same-day shipment of goods
(c) Stephanie Denny and David Strom, 1998
99
Post-Authorization Capture
Capture is a separate step from authorization of transaction; post-auth message instructs bank to capture transaction
Example of use is for delayed shipping of merchandise
(c) Stephanie Denny and David Strom, 1998
100
Batch Capture
Transactions are captured in a batch mode after authorization (like post-auth capture)
Multiple authorizations are submitted at one time for capture
The batch is transmitted through CyberCash to the bank for funds transfer and merchant account reconciliation
(c) Stephanie Denny and David Strom, 1998
101
CyberCash Benefits
CashRegister Software is free to merchant Supports wallet and non-wallet payments No additional charges to merchant — fees
to CyberCash are paid by acquirers CyberCash is presently the largest gateway
service provider for Internet merchants Their products will evolve
(c) Stephanie Denny and David Strom, 1998
102
First Virtual
Another example of a “closed system” — only available to merchants and cardholders who have signed up in advance
Similar to the electronic wallet idea
(c) Stephanie Denny and David Strom, 1998
103
First Virtual Services
First Virtual services revolve around an integrated network called the Interactive Messaging PlatformSM, or IMP (secure e-mail): VirtualRECEIPTSM
, — electronic receipts for physical and virtual credit and debit card activity
VirtualALERTSM — interactive alert messages
advising customers of shipments or billing VirtualMAILSM
— customized direct mail tailored to
individual profiles (slicing and dicing with customer’s permission)
(c) Stephanie Denny and David Strom, 1998
104
First Virtual Services
Today we will focus only on First Virtual’s payment service, which uses the VirtualPINSM
VirtualPIN is an alias for a MasterCard or Visa credit card (or debit card)
Account number is not transmitted on the Web, but store credit card information off-line (PIN is a cross-reference number)
Also requires a personal Internet e-mail address
(c) Stephanie Denny and David Strom, 1998
105
FV Merchant Account Options
Pioneer Account Minimal start-up cost allows for anyone to
start a business and sell on the Internet Does not require that you already have a
merchant credit card account Drawback: There is a holding period of 90
days for each transaction before merchant receives payment (to cover risk of chargebacks)
(c) Stephanie Denny and David Strom, 1998
106
FV Merchant Account Options
Express Account For merchants who already accept credit
cards Requires solid financial history and
excellent credit record Existing merchant account must have low
chargeback rate Payout period is four days after
transaction is processed Application Fee: $350 non-refundable
(c) Stephanie Denny and David Strom, 1998
107
How Does a First Virtual Payment Work?
First Virtual Acts as clearing service for Visa and MasterCard payments (debit or credit)
Requires account set-up with First Virtual in advance, for customer identification and account verification
All transactions are confirmed by e-mail before a credit card is charged
FV sends electronic deposit to merchant’s bank account through the US ACH
(c) Stephanie Denny and David Strom, 1998
108
First Virtual Demo
(c) Stephanie Denny and David Strom, 1998
109
Electronic Checks
Examples: CyberCash PayNowSM Service
Currently only available as a service to merchants with recurring payments
There is a heavy demand for use with a variety of consumer purchases; will soon be available with wallet software
Check Free®
Similar service being tested, not yet in use
(c) Stephanie Denny and David Strom, 1998
110
Electronic Checks: How They Work
Service provider or gateway captures Federal Reserve Routing and Account Number information from bottom of physical check (MICR line)
When authorized by customer, payment is automatically deducted from checking account
Requires advance set-up with service provider Automated clearing only — not a check guarantee service
(c) Stephanie Denny and David Strom, 1998
111
Token-based systems
Stored value accounts (virtual money) for micro-payments, generally under $10
Real world example: currency, coin Internet example: e-cash, where
money in a checking or credit card account in exchanged for scrip
Business case has not been proven
(c) Stephanie Denny and David Strom, 1998
112
Electronic Cash (e-cash)
CyberCoin®
Service of CyberCash, part of Wallet Currently available with Microsoft Wallet
Digicash®
ecashSM service Licensed in US by Mark Twain Bank
Mondex®
Licensed by MasterCard International, Inc. Smart card-based system
(c) Stephanie Denny and David Strom, 1998
113
Mark Twain Bank is Worth Looking At: http://www.marktwain.com/digifaq.html#Help
Look at their customer support disclaimer —they get an “A” for honesty!
(c) Stephanie Denny and David Strom, 1998
114
Digicash ecash Payment Demo
(c) Stephanie Denny and David Strom, 1998
115
Other Merchant Providers to Consider
Online Financial Services (OFS) http://ofs.web-charge.com/signup1.html
Internet Secure http://www.internetsecure.com/
Redi Check / Redi Charge http://www.redi-check.com
Merchant Account Services Provo, Utah 1-801-765-1111
(c) Stephanie Denny and David Strom, 1998
116
All Merchant Providers Are Not the Same
Compare services Which cards do they authorize? Do they provide electronic check services? Do they provide check guarantee services?
Compare prices Start-up fees Monthly discount fees Other service fees (per transaction) Statement generation fees
(c) Stephanie Denny and David Strom, 1998
117
Four Choices for Setting Up a Merchant Account
Join an eMall and process through them Contract with an independent service
provider (ISP) Buy a software suite that includes
merchant account set-up Go to your local bank and set up your
own merchant account If they’ll take you, this may give you the
best discount rate
(c) Stephanie Denny and David Strom, 1998
118
Range of Credit Card Fees
Your Bank
Discount Rate: 1.5% - 5.0%
eMall or ISP Provider
Application Fee: $100 - $300
Discount Rate: 1.5% - 5.0%Per Transaction: .20 - .30Monthly Fee: $10 - $25(service / statement fee)Chargeback Fee: Up to $25Chargeback Reserves:
Up to 10% of sales, for up to six months
(c) Stephanie Denny and David Strom, 1998
119
Regulations governing electronic commerce transactions
Visa / MasterCard Operating Regs Credit Card Rules for acquirers and
merchants Fair Credit Billing Act
Debit Card Rules Regulation E
Consumer Telephone Protection Act Can Internet Protection Act be far behind?
Privacy Principles Yet to be mandated, but inevitable; and
generally a good idea
(c) Stephanie Denny and David Strom, 1998
120
Privacy Issues for the Consumer
Most people just want to be asked for their permission
Your customers don’t object so much if you use their information to sell them other products you may offer
But many object if you sell or rent their names to someone else
(c) Stephanie Denny and David Strom, 1998
121
Privacy Issues for the Consumer
Anonymity Confidentiality Disclosure
Name and address info Disclosure of transaction to a third party Merchant’s identity
(c) Stephanie Denny and David Strom, 1998
122
“Data Mining”: How much is enough?
You have the opportunity to build a customer database for future sales
To what degree do you slice and dice? If you slice too fine, are you missing
opportunities? This leads to more privacy issues
(c) Stephanie Denny and David Strom, 1998
123
IV. The Future of Payments on the Internet
Transaction security New forms of payment systems Access devices Virtual currency
(c) Stephanie Denny and David Strom, 1998
124
Transaction Security
Many more iterations of SET and similar protocols
Digital IDs held off-line in smart cards New payment systems (beyond Visa,
MasterCard)
(c) Stephanie Denny and David Strom, 1998
125
Access devices
Will we really need plastic cards? Who says a chip has to be on a card? Mobil Oil’s clever idea for POS device
Eliminates need for credit card Biometrics as identification
Fingerprint scanning Iris scanning Voice recognition
(c) Stephanie Denny and David Strom, 1998
126
Virtual Currency
The move to a single, blended account for consumer-oriented transactions
Multi-functional chip (smart) cards Universal, worldwide currency?
(c) Stephanie Denny and David Strom, 1998
127
Summary
If all this information seems overwhelming... New environments are always scary Awareness and curiosity are the keys to
taking advantage of new opportunities You don’t have to know everything about it
— you just need to know where to get the answers.
“Everyone is ignorant, only on different subjects.”-- Will Rogers
(c) Stephanie Denny and David Strom, 1998
128
Questions & Answers
(c) Stephanie Denny and David Strom, 1998
129
Useful References
SET (Secure Electronic Transaction protocol) http://www.dc.net/gtill/set1.htm
Gregory J. Till, US Treasury Dept. attorney
Document details the implications of SET for merchants
http://www.visa.com/ http://www.mastercard.com/ http://www.setco.org/
(c) Stephanie Denny and David Strom, 1998
130
Useful References — Cryptography
Cryptography/cryptosystems http://www.rsa.com/ http://www.counterpane.com/ http://www.pipeline.com/
Richard Field, Esq. (US attorney specializing in payment systems and electronic commerce)
(c) Stephanie Denny and David Strom, 1998
131
Useful References —Merchant Payment Options
http://www.cybercash.com/ http://www.firstdatacorp.com/ http://www.firstvirtual.com/
(c) Stephanie Denny and David Strom, 1998
132
Useful References
History of money http://www.frbsf.org/ http://www.firstdatacorp.com/ http://www.mastercard.com/
(c) Stephanie Denny and David Strom, 1998
133
Relevant acronyms
ACH Automated Clearing House CA Certificate Authority ISP Independent Service Provider MAC Message Authenticity Check MICR Magnetic Ink Character Recognition MO/TO Mail Order/Telephone Order NACHA National Automated Clearing House
Association PIN Personal Identification Number PKC Public Key Cryptography POS Point of Sale RSA Rivest, Shamir and Adleman
(c) Stephanie Denny and David Strom, 1998
134
Copy of This Presentation
www.strom.com/pubwork/vegas98t275.ppt And URLs are at
www.strom.com/pubwork/vegas98.html
(c) Stephanie Denny and David Strom, 1998
135
Internet Commerce:Understanding Payments, Security and Storefronts
presented by:
Stephanie Denny, [email protected] www.denny.dc3.com
David Strom, [email protected] www.strom.com
(c) Stephanie Denny and David Strom, 1998
136
Day 2: Internet Storefronts
presented by:
David Strom, [email protected] www.strom.com +1 516 944 3407
(c) Stephanie Denny and David Strom, 1998
137
Today’s Topics
V: What Becomes Success VI: Choosing the Right eCommerce
Path VII: Installing and Operating Your Own
Storefront
(c) Stephanie Denny and David Strom, 1998
138
Topic V: What Becomes Success?
Overview of eCommerce market Review physical storefront success
factors Propose some definitions Define success for the web Draw up five eCommerce principles
(c) Stephanie Denny and David Strom, 1998
139
Overview of eCommerce Market
Predictions Success factors Five principles
(c) Stephanie Denny and David Strom, 1998
140
eCommerce Revenue Predictions are Wide-Ranging
Source 1996 (B$US) 2000 est. (B$ US)
IDC $2.2 94
Forrester 1.4 117
Jupiter .7 15.6
Dataquest 6.4 56
(c) Stephanie Denny and David Strom, 1998
141
And Not Very Believable
IDC says the web will become a mass market in the US by 12/98!
With 100 million users! Let’s not confuse web users with
eCommerce BUYERS!
(c) Stephanie Denny and David Strom, 1998
142
Ticketmaster
US$5 million/month via the web in sales
Started 11/96 Generating lots of new buyers, who
wouldn’t ordinarily use their service
(c) Stephanie Denny and David Strom, 1998
143
Then there is Disney.com
Web site Daily Blast signing up 15k members/month
Sales via web are equal to 3x-5x of physical Disney store!
(c) Stephanie Denny and David Strom, 1998
144
And of Course, There is the Porn Industry
“However, extensive interviews with adult site owners yield a picture of a highly charged market of approximately 10,000 sites generating about $1 billion in revenue per year, most through electronic credit card transactions.”
From Interactive Week
(c) Stephanie Denny and David Strom, 1998
145
Sad State of Today’s eCommerce Marketplace
Poor quality tools Hard-to-find stores Limited payment methods Credit card snooping perceptions Older browser versions can’t view
latest sites
(c) Stephanie Denny and David Strom, 1998
146
Case in Point: Buying a Bike Rack
Item not carried: outdated catalog Telesales not familiar with web No cross-sell or substitutions online Needed three phone calls to complete
purchase
(c) Stephanie Denny and David Strom, 1998
147
Let’s Learn From the “Real World”
Compare what works for physical stores
Try to extend to the web
(c) Stephanie Denny and David Strom, 1998
148
Critical Success Factors for Physical Storefronts
Location Branding Good service Good product selection Proper pricing and margins Traffic
(c) Stephanie Denny and David Strom, 1998
149
First Problem:
None of these translate on the ‘net!
(c) Stephanie Denny and David Strom, 1998
150
Now Try to Agree on Definitions for Web Stores
What determines a good location? Position on a search page Nearness to popular destination Ad on a popular server
What determines branding? Memorable domain name Popular search category destination
(c) Stephanie Denny and David Strom, 1998
151
An Example of bad location: Montana Meats
www.imt.net/~lingerie/buffalo/buffalo.html Can’t they afford their own domain
name? www.company.com/~anything is BAD
NEWS!
(c) Stephanie Denny and David Strom, 1998
152
Another Case: Buying Toner and Batteries
www.cartridgesusa.com, www.batterybarn.com Catalog shows pictures of parts Easy to find relevant item But payment acknowledgement
incomplete
(c) Stephanie Denny and David Strom, 1998
153
Determining Traffic
Hard to do -- is it hits, page views, registered users?
[HITS = How Idiots Track Success] Hard to measure -- do you count gifs?
Use log files? No general agreement on any metrics!
(c) Stephanie Denny and David Strom, 1998
154
Traditional Advertising Doesn’t Apply Anymore
Can’t measure anything Every site has its own banner sizes The Web is not TV
(c) Stephanie Denny and David Strom, 1998
155
One Working Definition of Success:
SURVIVAL! If a site is still running after 12
months, and getting more traffic, it is a success.
(c) Stephanie Denny and David Strom, 1998
156
Does a site actually have to sell something?
Many actual eCommerce sites don’t do the complete transaction (Cisco)
Require faxes or telephone calls! Some merely have catalogs A good example: Singapore Power
Authority www.spower.com.sg/readmeter.cgi?cmd=form
(c) Stephanie Denny and David Strom, 1998
157
Good eCommerce Examples
Easy to find merchandize Good service Individual customization is key Simple navigation Business-to-business focus
(c) Stephanie Denny and David Strom, 1998
158
AMP Connect
Have customers in 100 countries Speak many languages Produce 400 catalogs covering
135,000 items Mailings cost US$7MM/yr Fax back cost US$800,000/yr But you can’t buy anything directly!
(c) Stephanie Denny and David Strom, 1998
159
Solution: “Step Searching”
Saqqara.com software to enhance Oracle database
Provide user feedback as they type in the query
Show how many matches in the database Different mechanisms for searching:
by part number by alphabetical names by part family by picture even
(c) Stephanie Denny and David Strom, 1998
160
AMP connect.ampincorporated.com
(c) Stephanie Denny and David Strom, 1998
161
AMP Connect (con’t)
And can set to list parts that are available in specific countries!
Updated daily with over 200 item changes
Detailed drawings saves time for customers to pick the right item
Saved AMP over US$5MM in production costs
(c) Stephanie Denny and David Strom, 1998
162
Save in Translation Costs
AMP catalog in several languages Translation cost was US$100,000 Versus US$1.5MM to produce separate
translations of print editions
(c) Stephanie Denny and David Strom, 1998
163
Silicon Investor www.techstocks.com
Difficult to find anything Incomplete database of companies Companies are arranged poorly
(c) Stephanie Denny and David Strom, 1998
164
First Principle of eCommerce:
It is easy to find what you are selling!
(c) Stephanie Denny and David Strom, 1998
165
Amazon.com
Services frequent readers with a variety of programs Editorial comments If you liked this book, you’ll like... Notification of new books by author, topic Simplified “1 Click” ordering
Uses simple pages and email Associates program for commission kickbacks Gift certificates via email And ... lots of books to choose from
(c) Stephanie Denny and David Strom, 1998
166
Amazon
(c) Stephanie Denny and David Strom, 1998
167
Update your directories!
This one is almost a year old www.asiapage.com/alist.html#jewellery
(c) Stephanie Denny and David Strom, 1998
168
Non-secure servers
Many SG sites collect credit cards on them
www.asiapage.com/goodwood
(c) Stephanie Denny and David Strom, 1998
169
Second Principle of eCommerce:
Deliver solid service!
(c) Stephanie Denny and David Strom, 1998
170
Dell
Most notable site for computer buyers Customize the features you want via a
web form Simplifies and personalizes the
shopping experience WYSIWYB (buy) >US$1MM/day in sales!
(c) Stephanie Denny and David Strom, 1998
171
Dell
(c) Stephanie Denny and David Strom, 1998
172
Canadiantire.com
eFlyer uses email notification along with web forms
Customize exactly what coupons and deals are sent to you
(c) Stephanie Denny and David Strom, 1998
173
Third Principle of eCommerce:
Individual customization is key
(c) Stephanie Denny and David Strom, 1998
174
BMW Motors
Example of what not to do Use gratuitous graphics Cheesy low-res videos Toys, not tools
(c) Stephanie Denny and David Strom, 1998
175
BMW
(c) Stephanie Denny and David Strom, 1998
176
Compare with Subaru
Find specific information about each car
Can price options to your particular needs
(c) Stephanie Denny and David Strom, 1998
177
How NOT to Design a Payment Screen
www.netmar.com/new/norderform.shtml
(c) Stephanie Denny and David Strom, 1998
178
How NOT to take advantage of bandwidth
www.clickdiz.com Two different pages, one for SG ONE,
one for all others But SG ONE page has just heavy
graphics -- why?
(c) Stephanie Denny and David Strom, 1998
179
A better example: fishing licenses
Simple, quick, and does the job with a minimum of clutter
www.permit.com
(c) Stephanie Denny and David Strom, 1998
180
Fourth Principle of eCommerce:
Make navigation simple! Use small graphics, site maps, indexes Avoid clutter, frames
(c) Stephanie Denny and David Strom, 1998
181
Int’l Commerce Exchange System
Matches overstocked sellers with buyers
B2B exclusively Uses faxes to notify potential
customers
(c) Stephanie Denny and David Strom, 1998
182
ICES www.icesinc.com
(c) Stephanie Denny and David Strom, 1998
183
Fifth Principle of eCommerce:
Business-to-business focus
(c) Stephanie Denny and David Strom, 1998
184
Topic VI: Choosing the Right eCommerce Path
(c) Stephanie Denny and David Strom, 1998
185
Four Approaches:
Join an eMall Outsource to an ISP Buy suite of software DIY
(c) Stephanie Denny and David Strom, 1998
186
Joining an eMall
Only if you don’t have any in-house programming staff
Don’t want or can’t trust consultants to do it for you
Want someone else to handle payment processing
Don’t care whether your store is tied into your own financial system
(c) Stephanie Denny and David Strom, 1998
187
The Mall of eMalls
malls.com, of course!
(c) Stephanie Denny and David Strom, 1998
188
Different Kinds of eMalls
Collection of independent links elsewhere
Landlord/hosting provider Become a sales representative for an
eMall and Make Money Fast!
(c) Stephanie Denny and David Strom, 1998
189
Evaluating eMalls
Do they offer storefront design? Have in-house programmers? Hosting of your own web? How many payment systems do they
support? What kinds of accounting reports do
they offer? Who are the other tenants and do you
like them?
(c) Stephanie Denny and David Strom, 1998
190
The Truth about Internet Malls
Read your contract Check your site for errors Evaluate your content Measure your results Promote your site (from www.netrageous.com/reports/thetruth.html)
(c) Stephanie Denny and David Strom, 1998
191
Reasons Not to Join an eMall:
You know and like perl Don’t have to take payment via the
web Want complete control over your site
(c) Stephanie Denny and David Strom, 1998
192
The Results So Far Haven’t Been Encouraging
Many store owners haven’t sold anything from the mall!
Over 90% dissatisfied with mall operator
Basic HTML errors and unresponsive staff to fix problems
(c) Stephanie Denny and David Strom, 1998
193
The Catch-22 of eCommerce:
To be successful, a software vendor has to promote his products via the Internet.
But this means eating one’s own dog food!
(c) Stephanie Denny and David Strom, 1998
194
Leading USA eMalls
Vendor, location Number of stores
ViaWebwww.viaweb.com
$100/month, all done witha browser
Internet Mallwww.internetmall.com
$150 + $15/mo, % of eachtransaction
Blue Moneywww.bluemoney.com
Outsourced payments andcatalogs
(c) Stephanie Denny and David Strom, 1998
195
Find an ISP
More ISPs are offering eCommerce solutions
Have to use their software standards and payment schemes
Could be pricey Just catching on in USA
(c) Stephanie Denny and David Strom, 1998
196
Some Examples
www.psi.net/web/ecommerce.shtml www.Best.com/bizcomm.html www.Brainlink.com/html/saleslink.htm www.Earthlink.net/company/webservices.html IBM: mypage.ihost.com www.Netcom.com business.Mindspring.com/prod-svc/smbiz/ www.Mindrush.com/ www.outer.net/ONCommerce (OuterNet)
(c) Stephanie Denny and David Strom, 1998
197
Price Comparison for ISP hosting
Provider Setup fee (US$) Monthly fee(US$)
Plan name,paymentoptions
IBM 260 55 Bronze, creditcards
Earthlink 624 194 Premium Plus
Netcom 450 300 Commerce Site,credit cards
Mindspring 175 324 CommercialAdvantage,credit cards,Cybercash
(c) Stephanie Denny and David Strom, 1998
198
Price Comparison assumptions
10 Mb disk storage Single email account InterNIC $100 fee included for domain
name
(c) Stephanie Denny and David Strom, 1998
199
New Approaches: GeoShop, Tripod
Builds on GeoCities “communities” but for merchants (www.geocities.com/join/geoshops)
$25/month for just commercial listings $180/month (or more!) for actual
transactions working with Internet Commerce Services
Corp. who uses Open Market Transact servers Tripod will offer something similar this
summer
(c) Stephanie Denny and David Strom, 1998
200
One Way to Support Lots of Payment Systems
Wired-2-Shop www.wired-2-shop.com/TestDrive/Admin/PaymentList.asp
(c) Stephanie Denny and David Strom, 1998
201
The Suite Approach
Leading contenders What is part of the suite and what
isn’t Prices and platforms
(c) Stephanie Denny and David Strom, 1998
202
Popular eCommerce Suites
Vendor, Product Version Price Platform
ICatElec Comm Suite
3.0 $9000 NT, 95
IBMNet.Commerce
3.0 $5000 NT, AIX
MicrosoftCommerce
2.0 $5000 NT
(c) Stephanie Denny and David Strom, 1998
203
Popular eCommerce Suites (con’t)
Vendor, Product Version Price Platform
OM TransactOpen Market
2.3 $250,000 Unix
Intershop OnlineIntershop
3.0 $5000 NTUnix
WebSite ProO'Reilly
2.0 $800 NT, 95
(c) Stephanie Denny and David Strom, 1998
204
Four Typical Elements
Catalog Storefront designer Ordering/inventory system Shopping cart/check out system
(c) Stephanie Denny and David Strom, 1998
205
The Cold Hard Reality of Suites
Suites are nothing more than collection of products
Lack integration among various elements
Difficult to setup, customize, and use Require you to live “inside” their
structure Limited payment options Sounds like early MS Office
(c) Stephanie Denny and David Strom, 1998
206
Payment Systems Included in Each Suite
Microsoft: Verifone, Buy Now IBM: Verifone, SET, eTill iCat: None (but many third parties) OpenMarket: Verifone WebSite Pro: InternetSecure,
CyberCash Intershop: CyberCash, ICVerify, others
(c) Stephanie Denny and David Strom, 1998
207
Sample Stores Included in Each Suite
Microsoft: 4 stores IBM: eMall, simple and advanced
sample stores iCat: 1 hardware store OpenMarket: none WebSite Pro: 1 bookstore Intershop:3 stores
(c) Stephanie Denny and David Strom, 1998
208
Databases Supported in Each Suite
Microsoft: SQL Server IBM: DB2 iCat: 4D, Sybase SQL Anywhere WebSite: Access Intershop: Sybase SQL 11
(c) Stephanie Denny and David Strom, 1998
209
Dealing With ODBC
Have to understand how to set up data sources
Intimate knowledge of your data structure
Re-install ODBC drivers at least once! Best to start with built-in database
(c) Stephanie Denny and David Strom, 1998
210
Store Wizards Included in Each Suite
WebSite Pro (but doesn’t do much) Intershop (various wizards) net.Commerce v3 MS Commerce
create appearance navigation registration, check out flows payment methods
(c) Stephanie Denny and David Strom, 1998
211
Tips
Don’t install anything before making sure you have everything!
Downloads for free, but they expire Can you export existing files to these
systems?
Don’t install anything before making sure you have everything!
Downloads for free, but they expire Can you export existing files to these
systems?
(c) Stephanie Denny and David Strom, 1998
212
WebSite Professional website.ora.com
Version 2, shipping since 9/97 US$799! NT (or 95) Supports Cybercash OR Internet
Secure (Visa, MC) One sample store (bookstore)
(c) Stephanie Denny and David Strom, 1998
213
Sample storefront
http://merchant.inline.net/admin/
(c) Stephanie Denny and David Strom, 1998
214
WebSite Configuration Sheet
(c) Stephanie Denny and David Strom, 1998
215
Store Properties
Only can operate a single payment system
Run on a series of Access databases Built-in tax table, but for N.Americans! Well documented data structures in
typical O’Reilly fashion
(c) Stephanie Denny and David Strom, 1998
216
Recommendations
Lowest priced suite by far! iHTML is robust, but will take some
learning Nice store setup and organization of
catalog Good low-end solution See Infoworld review
(c) Stephanie Denny and David Strom, 1998
217
Intershop
demo at presentation.intershop.com (admin/admin for store)
Includes Sybase SQL 11 US$5000, includes 3 mos. support
(c) Stephanie Denny and David Strom, 1998
218
Seven Different Managers
Catalog Products Store Purchases Inventory Customers Admin
(c) Stephanie Denny and David Strom, 1998
219
Characteristics
Everything managed via browser, which can get tedious
But you already have a database behind it
(c) Stephanie Denny and David Strom, 1998
220
Payment Options galore
(c) Stephanie Denny and David Strom, 1998
221
Recommendations
Most flexible payment options of any suite
Better at processing orders than site creation
Not good for large catalogs
(c) Stephanie Denny and David Strom, 1998
222
Microsoft Commerce (nee Merchant)
Still evolving More of a development platform than
a suite Closely tied to IIS, SQL Server et al.
(c) Stephanie Denny and David Strom, 1998
223
The many Microsoft servers
(c) Stephanie Denny and David Strom, 1998
224
Shopping with MS Commerce
(c) Stephanie Denny and David Strom, 1998
225
MS Commerce
(c) Stephanie Denny and David Strom, 1998
226
Microsoft Upsells
(c) Stephanie Denny and David Strom, 1998
227
Recommendations
If you are going to use any other MS apps
If you believe developers will follow If you must stay on the cutting edge of
MS products
(c) Stephanie Denny and David Strom, 1998
228
Commerce Server Specifics
NT, fast Pentium with 128 M RAM essential
US$5000 www.microsoft.com/commerce
(c) Stephanie Denny and David Strom, 1998
229
iCat Electronic Commerce Suite
(c) Stephanie Denny and David Strom, 1998
230
iCat Process
Use four-step process Make changes to staging db Use designer and built-in catalog Then post changes to production db
(c) Stephanie Denny and David Strom, 1998
231
Create Your Database
Can use bundled Sybase SQL Anywhere
Enter upsells, promotions, and discounts
(c) Stephanie Denny and David Strom, 1998
232
Design Your Templates
Look and feel of storefront Design views of catalog
(c) Stephanie Denny and David Strom, 1998
233
Setup Your Hard Disk
Locate your files Setup your web server
(c) Stephanie Denny and David Strom, 1998
234
Set Misc. Options
Matching sales tax rates to zip codes Use registration and indexing tools
(c) Stephanie Denny and David Strom, 1998
235
iCat Demo Catalogs
www.icat.com/catalogs/democats.htm Demonstrate variety of options Several different stores to view
(c) Stephanie Denny and David Strom, 1998
236
Recommendations
No wizards, all browser-based forms Tedious but straightforward Lots of third-party add-on tools Best for people new to db or the ‘net Best if you don’t have computer-based
accounting system yet
(c) Stephanie Denny and David Strom, 1998
237
iCat Specifics
NT, fast Pentium with 128 M of RAM US$9000 for professional version www.icat.com
(c) Stephanie Denny and David Strom, 1998
238
IBM Net.Commerce
(c) Stephanie Denny and David Strom, 1998
239
Included
IBM’s Go Web Server DB2 database Shopping trolley system Credit card verifier, eTill software
(c) Stephanie Denny and David Strom, 1998
240
Several ways to setup your store
Use nine-step wizard with populated catalog
Use wizard with empty catalog Start from scratch Import existing databases
(c) Stephanie Denny and David Strom, 1998
241
Recommendations
Great if you already use DB2 for inventories
Most security-conscious suite More depth than iCat Start with all IBM defaults to save
time
(c) Stephanie Denny and David Strom, 1998
242
Net.Commerce Specifics
NT, fast Pentium with 64 M of RAM AIX, 390, OS/400, Solaris US$5000 Basic, $20,000 Pro www.internet.ibm.com/net.commerce
(c) Stephanie Denny and David Strom, 1998
243
New in version 3.1
“Intelligent Catalog” Java-based wizards to setup and
manage store Recognizes shopping preferences and
upsells New SET payment server but not worth
using Integration with Domino Merchant See Infoworld review
(c) Stephanie Denny and David Strom, 1998
244
OpenMarket
High end solution Worldnet offers hosting of OM servers Still needs customization!
(c) Stephanie Denny and David Strom, 1998
245
Recommendations
If you can afford it .... Really the price covers lots of
consulting time High transactions and throughput
needs
(c) Stephanie Denny and David Strom, 1998
246
OpenMarket Specifics
Various Unix US$250,000 and up! www.openmarket.com
(c) Stephanie Denny and David Strom, 1998
247
Do it Yourself Path
Traditional merchant banking approach
More risk, especially when your payment system is on the ‘net
(c) Stephanie Denny and David Strom, 1998
248
Steps Involved for DIY’ers
Get a web server Get merchant software Integrate with your back end systems
catalogs inventory customer accounts
Be prepared to do lots of coding
(c) Stephanie Denny and David Strom, 1998
249
The 90s Help Wanted
Wanted: Webmaster Required skills: High proficiency in
various web based programming, development tools, CGI, cookies, DNS, eCommerce, FTP, HTML 2.0 through 3.02, IIS Server admin, Javascript, Java, MS SQL, Netscape server admin, NT Server admin, perl, Unix admin, web security
(c) Stephanie Denny and David Strom, 1998
250
One DIY solution
IIS PerlShop shopping cart OuterNet Commerce ISP hosting site First American Payment Systems Verisign certificates Fees: $800 setup, $500/yr, $50/month What isn’t working: perl scripts to
make credit card payments!
(c) Stephanie Denny and David Strom, 1998
251
But First: Consider the Customer
(c) Stephanie Denny and David Strom, 1998
252
How Customers Buy Stuff
Sometimes have partial orders Sometimes cancel orders Sometimes inventory systems lie Sometimes shipments are returned
(c) Stephanie Denny and David Strom, 1998
253
Purchasing Stages
One product has a 14-stage process! Need to gather so many items:
Shipping info Item inventory, pricing Order pricing “Last chance” (upsells, cancel out)
All this means: get thee to a database!
(c) Stephanie Denny and David Strom, 1998
254
What is Needed
A way to track orders Provide shipping status Provide payment status
(c) Stephanie Denny and David Strom, 1998
255
Our Recommendation: email!
Capture that email address Use it for status reports Outcalls and future upsells Reminders But how do you validate the address
these days?
(c) Stephanie Denny and David Strom, 1998
256
Payment System Considerations
Do customers need accounts and profiles? yes: reduces the amount a visitor has to type no: less of a privacy concern
Should shopping be persistent across the session? yes: use accounts or cookies
Should all communications be via SSL? yes: then you’ll need the appropriate browsers
and servers Do I want to have multiple stores on a single
server?
(c) Stephanie Denny and David Strom, 1998
257
Merchant Back-end Integration
Financial interactions Clerical interactions
(c) Stephanie Denny and David Strom, 1998
258
Credit Card Issues
Separate authorization from settlement authorize when order received, but ship within 24 hrs of settlement, and beware of stale backorder data
Consumers can chargeback either need a physical signature or evidence of verified shipping address
Opening a merchant account (see www.shopsite.com/help/payment.merchant.html)
(c) Stephanie Denny and David Strom, 1998
259
Electronic Bill Presentment
Saves on paper but requires lots of coordinated systems
Can show bills with nice fonts, interactive applications
Is separate process from the actual payment system
(c) Stephanie Denny and David Strom, 1998
260
Electronic Bill Presentment Issues
Does the processor use EBP with merchant bank?
Can users browsers support these new applications Java applets Active X controls etc.
Reconciliation requires access to both dispute and payout information
(c) Stephanie Denny and David Strom, 1998
261
Microsoft’s MSFDC
A means to standardize on presentment
Have both web-based access and special consumer-based software
Former “Marble” server, read white paper at: www.microsoft.com/finserv/marblewp.htm
Requires NT, SQL Server, IIS, etc.
(c) Stephanie Denny and David Strom, 1998
262
Other EBP efforts
Open Financial Exchange (www.ofx.net)
www.Integrion.Net CheckFree’s E-Bill
(getbills.checkfree.com)
(c) Stephanie Denny and David Strom, 1998
263
eBill
Most popular and in widest practice Schwab and Intuit/Quicken are
supporters Most threatened by MSFDC
(c) Stephanie Denny and David Strom, 1998
264
OFX
Started with Intuit Trying to standarize on too much at
once: data transfers account inquiries financial applications and transactions
Verisign Financial Server (US$1200) digitalid.verisign.com/ofxIntro.htm
(c) Stephanie Denny and David Strom, 1998
265
Integrion
Banking-intensive plus IBM No other software supporter, BUT… Combining forces with CheckFree Trying to establish their “Gold
Standard” vs. OFX
(c) Stephanie Denny and David Strom, 1998
266
What about SET?
IBM, Verifone having second thoughts Specs still at 1.0 (barely) Just handles the buyer authentication
piece Trial with Citibank/SG www.visa.com for more info
(c) Stephanie Denny and David Strom, 1998
267
What about OBI?
Open Buying on the Internet A bunch of standards: SSL, X12 EDI,
X.509 PKI Exchange of purchase order info Unresolved issues:
who owns the catalog? how much infrastructure is really needed? knitting together a solid solution is more
than enumerating standards!
(c) Stephanie Denny and David Strom, 1998
268
Topic VII: Installing and Operating Your Own Storefront
What you need to know What you need to buy
(c) Stephanie Denny and David Strom, 1998
269
You Need to be a Superhero:
Part web designer Internet technologist SQL database admin Payment system maven
(c) Stephanie Denny and David Strom, 1998
270
Things You’ll Need to Discover
Are your sales and marketing staff web-savvy?
Is your accounting system adaptable to web purchases?
How do you reconcile these accounts? Does your business owner understand
Internet culture? Can anyone find you
(c) Stephanie Denny and David Strom, 1998
271
Dealing with search engines
Some use <META>, some use <TITLE> Keep descriptions at top of your home
page short and sweet Web Review article: webreview.com/97/10/17/webmaster
(c) Stephanie Denny and David Strom, 1998
272
The Most Under-rated Skill:
PATIENCE!
(c) Stephanie Denny and David Strom, 1998
273
Components Needed to Operate a Web Storefront
Database of items to sell and current inventories
Secure web server Searchable catalog server Connections to backend payments and
financial servers Shopping cart system Checkout/payment system Don’t forget about security!
(c) Stephanie Denny and David Strom, 1998
274
Which Database Server?
Pick before anything else Core of your store revolves around the
database: inventory system accounting system catalog system
(c) Stephanie Denny and David Strom, 1998
275
Database Server Recommendations
Use existing client/server db if possible
SQL Server: best with MS tools Oracle: if you know pSQL already Informix: all other situations
(c) Stephanie Denny and David Strom, 1998
276
Database/web Tools
Develop your own forms Query your database Develop your own catalog
(c) Stephanie Denny and David Strom, 1998
277
Why is a Catalog Important?
Your customers view of your store Current with your own inventory and
offerings Don’t want to sell what you don’t have
(c) Stephanie Denny and David Strom, 1998
278
Catalog Software
Cadis.com, US$1500 Centor.com, US$50,000 Dataware.com, US$1800 Elekom.com, US$25,000 Isadra.com, US$10,000
(c) Stephanie Denny and David Strom, 1998
279
Other catalogs
Product Price range
Icat (www.icat.com) US$3-10,000
Intershop(www.intershop.com)
3-8,000
CatSmart 10,000
WebCatalog (www.pacific-coast.com)
2500
Cat@log(www.thevisionfactory.com)
3-4000
Impulse (www.inetrep.com) <$1000
(c) Stephanie Denny and David Strom, 1998
280
Another choice: outsourced catalog!
ShopSite IBM Home Page Creator mypage-
products.ihost.com (N. America only) Mindspring with Mercantec
(c) Stephanie Denny and David Strom, 1998
281
ShopSite demo
www.reliablehost.com/cgi-bin/bo/start.cgi username: test8 password: test
(c) Stephanie Denny and David Strom, 1998
282
Tool Recommendations
Cold Fusion, www.allaire.com Sapphire/Web, www.bluestone.com
(c) Stephanie Denny and David Strom, 1998
283
Which Web Server?
Hundreds to choose from Must support SSL and/or SHTTP Platform isn’t important, really
(c) Stephanie Denny and David Strom, 1998
284
Get Your Certificates in Order
Bring up form inside web server Send to Verisign on letterhead with
credit card (!) Receive cert from Verisign Install on your web server
(c) Stephanie Denny and David Strom, 1998
285
What can a Shopping cart do?
Simplify ordering process Track multiple purchases for a single
visitor Display items purchased Calculate total prices, tax, shipping
charges Track item attributes (colors, styles,
sizes)
(c) Stephanie Denny and David Strom, 1998
286
Different Shopping cart Methods
Account-based Cookie-based; see www.cookiecentral.com
Encoded URLs
(c) Stephanie Denny and David Strom, 1998
287
Shopping cart Programs
S-Mart: www.rcinet.com/~brobison/scripts
Minishop: www.egrafx.com/minishop mvend: www.iac.net/~mikeh/mvend.html PerlShop: www.arpanet.com/perlshop
(c) Stephanie Denny and David Strom, 1998
288
Commercial Programs
Internet Shopping Cart Server: www.webisland.com/cart
Rent-A-Cart: www.rent-a-cart.com CyberCart: www.lobo.net/~rtweb AutoCart: www.autocart.com/Autocart WebCart: www.staff.net/webcart.html SoftCart: www.mercantec.com WWWOrder: www.virtualcenter.com/scripts2/WWWOrder.html
(c) Stephanie Denny and David Strom, 1998
289
Shopping cart Example www.asizip.com (SoftCart)
Shopping basket Cookies to track purchases Simple navigation
(c) Stephanie Denny and David Strom, 1998
290
Payment Systems for SSL
ICVerify, www.icverify.com Worldpay/PSI www.psi.net/worldpay
(c) Stephanie Denny and David Strom, 1998
291
ICVerify Process
Customer submits 16+4 through SSL browser connection
Merchant swre records to a file ICVerify submits to bank ICVerify receives response from bank,
creates answer file Merchant swre retrieves answer, sends
response to customer No per transaction fee!
(c) Stephanie Denny and David Strom, 1998
292
Supported Merchant Servers for ICVerify
MS Merchant, Commerce Oracle Payment Mercantec SoftCart Internet Factory Merchant InterShop Online
(c) Stephanie Denny and David Strom, 1998
293
ICVerify Demo Download
www.icverify.com/library/downloads/icvdemo20.html
(c) Stephanie Denny and David Strom, 1998
294
WorldPay and PSI
Multicurrency payments >100 for product prices 16 different ones for settlement
Have to host your web at PSI Includes SoftCart and iCat software as
well US$1000 + US$1400/yr
(c) Stephanie Denny and David Strom, 1998
295
WorldPay Demo
www.worldpay.com/demo/store.html
(c) Stephanie Denny and David Strom, 1998
296
Prices of Typical Products
Product Type PriceInex Accounting US$6000SoftCart Shopping Cart 900MallManager Catalog 2000WebCatalog Catalog 1600Saqqara Search tool 700VPOS Payment server 2500WebMate Development tool 750
(c) Stephanie Denny and David Strom, 1998
297
Inex Demo
Financial backend strength Store front and some aspects of suite www.inex-corp.com
(c) Stephanie Denny and David Strom, 1998
298
Don’t Forget About Security
Make sure you protect your web site! See “Ten ways” article from Winn
Schwartau Limit access, isolate servers, lock
down scripts, so forth See www.nwfusion.com/netresources/0202hack1.html
(c) Stephanie Denny and David Strom, 1998
299
What About Web Server Load Balancing?
Resonate, HydraWeb, Cisco IBM Interactive Network Dispatcher,
www.ics.raleigh.ibm.com/netdispatch Packeteer PacketShaper,
www.packeteer.com Others at www.techweb.com/se/directlink.cgi?NWC19970801S0026
(c) Stephanie Denny and David Strom, 1998
300
Putting Together Your Own Solution
Mercantec shopping cart SQL Server database ICVerify payment system WebCatalog IIS web server Total price: <US$10,000
(c) Stephanie Denny and David Strom, 1998
301
Don’t Forget the Process and People
Put together policies and procedures book that describe what you did
Gather forms for your business partners to sign up for ISPs if needed
Document how to make changes to your product catalog via the web
Approach your trading partners with solutions, not problems!
(c) Stephanie Denny and David Strom, 1998
302
Conclusions
eCommerce crosses many different skill sets
Software is still too dicey in many areas
Standards aren’t much use right now Suites don’t offer much in the way of
integration DIY may be the best solution
(c) Stephanie Denny and David Strom, 1998
303
Some eCommerce Resources
Web Review article on NT, Mac Suites: webreview.com/98/01/23/feature/
Windows Sources reviews of 3 eCommerce suites: web1.zdnet.com/wsources/content/0697/ntadmin.html
My Infoworld reviews www.strom.com/pubwork/iworld.html
www.webcompare.com, all the web servers you could ask for
PC Magazine review of various products www5.zdnet.com/products/content/pcmg/1620/pcmg0024.html
(c) Stephanie Denny and David Strom, 1998
304
For future reference
Copy of this presentation (Powerpoint): www.strom.com/pubwork/vegas98t275.ppt
And list of all the relevant links mentioned: www.strom.com/pubwork/vegas98.html
(c) Stephanie Denny and David Strom, 1998
305
Acronyms
B2B Business to business DIY Do It Yourself EBP Electronic Bill Presentment URLs Universal Resource Locator SSL Secure Sockets Layer OFX Open Financial Exchange SHTTP Secure web protocol HTTP
(c) Stephanie Denny and David Strom, 1998
306
Conclusion
Review
Q&A David Strom +1 516 944 3407 [email protected]