1 (c) stephanie denny and david strom, 1998 internet commerce: understanding payments, security and...

(c) Stephanie Denny and David Strom, 1998

1

Internet Commerce:Understanding Payments, Security and Storefronts

presented by:

Stephanie Denny, [email protected], www.denny.dc3.com

David Strom, [email protected], www.strom.com


2

Day 1: Internet Commerce

presented by:

Stephanie Denny, [email protected]


3

Why This Tutorial

A successful web storefront must accommodate the common forms of electronic payment in use today

Customer payment choices = increased sales

Not all payment systems look or act the same

The right payment options protect you as well as your customer


4

What This Course is Not About

Mathematics of Public Key Cryptography In-depth discussion of Visa® and

MasterCard® operating regulations for e-commerce

Legal advice for e-commerce issues related to operating a web storefront

Writing your own storefront systems from scratch

In-depth on security issues


5

Course Topics-- Day 1 (Denny)

The essential ingredient to web storefronts: providing for payment of goods and services

What is a secure transaction, and why all the fuss about it?

Overview and demonstration of payment systems that are working on the Internet today

The future of payments on the Internet


6

Course Topics-- Day 2 (Strom)

What Becomes eCommerce Success Choosing the Right eCommerce Path Installing and Operating Your Own

Storefront


7

Course Approach

Overview of major payment systems and storefront products

Give real-life examples and online demos Help relate information to your own

situation Provide insight into different

approaches, technologies Discuss pros and cons of each Multiple Q&A sessions


8

Some $5.00 Words I Will Not Use in Today’s Presentation

$5.00 Word

NascentUbiquitousEfficaciousParadigm

5-cent Synonym

NewEverywhereEffectiveStandard


9

Denny’s Background

I’ve been involved with payment systems for a long time 26 years in credit cards / banking (both the

acquiring and issuing sides of the credit card business)

Managed the development of an on-line banking service for a major US Bank Credit Card

Mostly non-technical, with major experience in Marketing and Communications


10

Strom’s Background

I’ve been involved in the Internet for some time

Have used most of the products we demonstrate

Have consulted to a few of the vendors, but still have strong opinions


11

Our Beliefs

Our perspective is from the Consumer’s viewpoint, as well as from the Merchant’s

We believe that e-commerce is the next evolutionary step in payment systems

There will be other iterations of eCommerce payment forms yet to come


12

Our Perspective on the Internet

Historically, it will have as profound an effect on humanity as did the invention of the printing press

It is a mass communication medium, but different because it is two-way and feedback is instantaneous

Commercially, it is another channel for sales and distribution


13

Some Disclaimers

I am not a mathematician, engineer or cryptography expert

However: I was in the credit card business before

Visa and MasterCard were around I’ve been around the Internet since the

early days of the World Wide Web


14

Benefits of the Internet

Free exchange of information; expansion of personal knowledge

Instant distribution of information, worldwide

At the same time, we all share the responsibility for accurate publishing


15

Marketing on the Internet

Direct, one-to-one marketing opportunity

Allows you to learn useful information to build a relationship with your customer

Relatively inexpensive medium compared to advertising, direct mail or telemarketing

Results are measurable


16


Some say that eCommerce has slowed down, and some say it’s taking off

How do we convince the general public that they will really like eCommerce?


17


The Internet has the capacity to be a major distribution channel

Business-to-business use will grow faster due to efficiencies realized online

However...


18


The Wide use of eCommerce by Consumers Will Depend on Several Things: Easy forms of payment Trust in the system Perceived benefits outweigh the risk

(What’s in it for me?)


19


This is a fundamental change in the concept of money

Like the introduction of the credit card and the ATM, it will take some time (but the adoption curve will be faster)

However, if you tried to buy on the Internet during the past Holiday season, you know it’s growing


20

Today’s Topics

I. The Essential Ingredient to Web Storefronts: Accepting

Payments for Goods and Services II. What is a Secure Transaction, and

Why all the Fuss About it? III. Payment Systems Today

Overview of those that work today on the Internet

Live demonstration of how they work IV. The Future of eCommerce Payments


21

I. The Essential Ingredient to Web Storefronts: Accepting Payments

Payment basics Which options are the right ones for

you? Objectives in providing payment

choices Virtual money is the currency of the

future Q & A


22

Payment Basics

Issuer Acquirer

ConsumerAccess Point

MerchantAccess Point

BANK

Consumer Merchant

• deposit & withdrawal• transaction status inquiry• authentication• problem resolution

• purchase & refund• transaction status inquiry• authentication• problem resolution


23

What Makes a Good Payment System?

Universal (worldwide) acceptance Universal value Reliability Ease of use for your customer Capacity for quick settlement

(collection of payment for you)


24

What are the Requirements?

Payment options must appeal to the masses

They must allow easy payment for the customer, at an acceptable level of risk for you and your bank

They must accommodate order changes, cancellations and returns


25

Objectives in Offering Payment Choices

Your customer’s objective is to make a purchase

Your objective is to facilitate the sale with a convenient and “safe” method that ensures collection of the payment

“Safe” means safe for you, your customer and your bank


26

Objectives in Offering Payment Choices

Consider how easy it is for your customer to use, not just how easy it is for you to manage

Payments in a virtual world should imitate those in the real world


27

Virtual Money is the Currency of the Future

That future is already here This idea is scary to many people

Consumers (they can’t “see” it) Banks (many bankers don’t understand it) Acquirers (they want to know the

difference) The Government (they can’t control it)

It is not unlike MO/TO transactions today


28

The Way Things are on the Web Today

Some payments are authorized off-line, through traditional POS terminals E-mail message to customer later

(hopefully), confirming order and shipping information

Many merchant servers connect with payment authorization systems Authorization is real-time during the web

session, and the sale is completed with secure server and browser software


29

The Way Things are on the Web Today: Secure and Un-Secure

Secure transactions via secure browsers and servers with SSL

Un-secure transactions with lack of proper encryption (account numbers sent “in the clear”) via e-mail messages

Un-secure transactions due to “export” versions of browser and/or server software


30

The Way Things are on the Web Today

Secure transactions do not guarantee the validity of the customer account information A high percentage of credit charge-backs

for MO/TO transactions are for “merchandise not received”

Address verification services can help protect you, and in some cases are required


31

Questions and Answers


32

II. What is a secure transaction, and why all the fuss about it?

You want to identify your customer as an authorized account holder

Your customer wants to identify you as a legitimate merchant

You both want to make sure that valid payment is received for the purchase


33

Enter Secure Electronic Commerce

SEC allows for secure processing of customer and payment information

Based on cryptographic technology Privacy of message contents Authentication of parties involved Integrity of data transmitted Non-repudiation of transactions


34

Privacy

Privacy means that the message contents cannot be seen by anyone but the intended parties

Accomplished through the use of encryption


35

Authentication

Authentication means that each party involved in the transaction is identified as legitimate

Accomplished through the use of certificates A certificate is a notarized public key (like

a passport or a driver’s license) Issued by a trusted third party called a

Certificate Authority Binds the certificate owner to the public

key within the certificate


36

Integrity

Integrity of data means that it cannot be altered by anyone during transmission, to avoid a “man in the middle” attack

Encryption allows only the intended recipient to open the digital envelope

A digital envelope (or ”hash”) = contents of an encrypted message + digital signature


37

Non-repudiation

Non-repudiation means both parties to the transaction are ensured that the message is genuine and cannot be disputed

Parties are identified with certificates that have been notarized by a trusted Certificate Authority

It will be much harder for customers to claim they never placed the order


38

Why Should You Get a Certificate?

You want those who visit your web site to know you are a legitimate business

A certificate is required to operate a secure server (SSL)


39

Certificate Authorities (CAs)

Trusted third parties, similar to notaries Can be external or internal (managed

within your own company) — we will discuss external

Choice of a CA may depend on your merchant server software

If you want to choose an unsupported CA, you will be on your own to determine interoperability with your software


40

Steps in Certificate Creation

Refer to you server software documentation for selection of a CA and instructions

Generally, you will do the following: Generate a key pair of public and private keys Send the public key and other information to CA CA verifies information provided Upon verification, CA creates a certificate

containing public key and expiration date The Certificate is sent back to applicant and may

be posted publicly, if appropriate


41

Examples of Certificate Authorities

VeriSign http://www.Verisign.com

GTE CyberTrust Solutions, Inc. http://www.cybertrust.gte.com

Thawte Consulting http://www.thawte.com


42

Certificate Creation

Demo of key generation and certificate request


43

Certificate Management

Once public key certificates are issued, they must be managed to maintain integrity They contain expiration dates They may be revoked for various reasons Upon expiration, certificates must be

renewed or reissued This is a consideration for using an

external CA, as opposed to managing an internal CA


44

How is this accomplished?

Secure servers and browsers Capable of strong encryption (up to 128 bit) 40 bit encryption is no longer considered

adequate for financial transactions Digital certificates

Ensure the identity of the certificate holder

Also called digital IDs The common protocol in use today is

Secure Sockets Layer (SSL)


45

Secure Sockets Layer Protocol (SSL)

Authenticates the merchant server Merchant Certificate obtained from trusted

Certificate Authority Provides privacy through encryption of

the message for both the sender and receiver Secure “pipe” negotiates maximum

encryption compatible at browser and server for each message transmitted

Ensures integrity of data transmitted Message authenticity check (algorithm)


46


https:// in the URL = a secure connection SSL allows customers to verify who the

merchant is The merchant’s digital ID does not certify

the integrity of the merchant

Merchant’s Certificate (Digital ID) can be viewed by any secure browser


47


SSL encrypts the customer order, which includes the payment information

This data is sent from the customer to the merchant via a secure “pipe”

Customer Order withPayment Information

Encryptedorder sent

Customer order decryptedat merchant server


48

SSL: How do you get a certificate for your merchant server?

Apply to Certificate Authority Instructions built into merchant server

software You will be asked to provide valid

business license and other ID Cost is dependent upon level of

certification


49

Encryption Strength

It is illegal to export products containing encryption that is stronger than 40 bits

It is not illegal to use encryption stronger than 40 bits internationally

Financial institutions do not consider 40-bit encryption adequate for Internet transactions


50

Encryption Strength

Newer browser and server software are capable of 128-bit encryption

128-bit encryption is exponentially stronger than 40-bit encryption


51

Encryption Strength

We’ve all heard about the case where 40-bit encryption was broken in eight days

Estimated cost of effort was $10,000


52

Encryption Strength

According to Netscape, it would cost $5,600,000,000,000,000,000,000,000,000,000 US (approximately) to crack a single session in eight days with 128-bit encryption


53

Some New Credit Card Operating Regs You Should Know About

For both Visa and MasterCard: Effective April 1, 1998 electronic

commerce transactions using unsecured protocol are subject to higher interchange rates for the acquirer, which translates into higher discount rates for the merchant

Secure protocols are defined in the regs as “channel encrypted” (SSL) or SET


54

How Things Will Be in the Future

Non-repudiation of transactions through digital certificates for both merchant and customer

The SET Protocol (SET) is the industry standard for payments, but yet to be implemented

It will be far more difficult for a customer to claim no knowledge of a transaction


55

What is SET protocol?

Secure Electronic Transaction protocol is a common standard that was developed jointly by Visa, MasterCard and other partners to ensure the processing of secure transactions.

Based on RSA encryption Uses public and private key pairs that

have a mathematical relationship


56

Public and Private Key Pairs

A public key is disclosed and widely distributed with no adverse affects

Used to encrypt or decrypt information Works only in conjunction with its

paired private key


57


A private key is held and used only by its owner

If a private key is compromised, it must be replaced immediately Today’s real-world example: lost or stolen

credit cards must be blocked and replaced


58


Real-world example: Dual control of keys for your safe deposit box — it can only be opened with two keys — yours as well as the bank’s


59

A Digital Certificate (or Digital ID) is a Notarized Public Key

The Certificate Authority is the Notary You can create a key pair through

server, browser or wallet software You send the public key to the

Certificate Authority


60

A Digital Certificate (or Digital ID) is a Notarized Public Key

Your public key is digitally signed and returned as the certificate

Your private key remains embedded in your software


61

Public Key Cryptography

Public keys are shared and widely distributed Private keys are kept secret by the holder of the

key Both pairs of keys are required to complete a SET

transaction

Customer’sPrivate Key

Customer’sPublic Key

Merchant’sPublic Key

Merchant’sPrivate Key


62

How is SET Different from SSL?

Digital certificates for SET will be payment-specific Merchants will be certified as legitimate to accept

branded payment card transactions Cardholders will be certified as valid account holders Merchants will not see customer’s account number (it

will only be passed to the acquirer)


63

How is SET Different from SSL?

Customer’s Digital IDrelated to a specific account

+ Customer Order info

Merchant Server gets Customer’s Digital IDminus the account number + Customer Order

Acquirer gets order receipt +Customer’s Digital ID with account number

With SET:


64

How Will Certificates (Digital IDs) be Issued for eCommerce?

Hierarchy of trust for certificate issuance Visa and MasterCard will designate a

Certificate Authority to hold the Trusted Root Merchants will obtain certificates from banks’

or acquirers’ Certificate Authority, then store on SET server software

Cardholders will obtain certificates (digital IDs) from their banks’ Certificate Authority, then store in electronic wallet


65

MasterCard® Example of a SET Transaction

http://www.mastercard.com/set/screen1.html


66




67




68




69




70

SSL vs. SET

SSL Server authentication

Merchant certificate as legitimate business

Possible for client authentication Not tied to payment method

Privacy Encrypted message to

merchant includes account number

Integrity Message authenticity check

(MAC)

SET Server authentication

Merchant certificate tied to accept payment brands

Customer authentication Digital certificate tied to

certain payment method Privacy

Encrypted message does not pass account number to merchant

Integrity Hash/message envelope


71

SET — the Answer to eCommerce

SET has been proposed as the answer to secure and interoperable eCommerce It is not currently mandated by Visa and

MasterCard There are big implementation issues for all

concerned The SET protocol is definitely more

secure than SSL However...


72

SET — the Answer to eCommerce

Implementation of SET has some big drawbacks: Lack of interoperability among systems Management of public key infrastructure Distribution of digital certificates requires

action on the part of the consumer And who will pay for all this? Meanwhile, eCommerce goes on


73

Questions & Answers


74

III. Payment Systems on the Internet Today

Overview of those that work today on the Internet

Live demonstration and discussion of how they work

Q & A


75

Payment Systems on the Internet Today

Separate payment systems from payment gateways and payment devices: A payment system provides the processing

and settlement of transactions A payment gateway provides software or

services that support eCommerce transactions between the merchant and acquirer

A payment device initiates the transaction (such as a credit card or debit card)


76

Hierarchy

Payment System (clearing house) Clearing house between acquirers and issuers

Acquirer (third-party processor) Authorizes, processes and settles for

merchant bank Merchant Bank

Accepts merchant deposit Merchant

Accepts authorized cardholder transaction


77

Examples of Payment Systems (Clearing Houses)

Federal Reserve System for clearing checks

Visa and MasterCard transaction networks

American Express Novus (Discover)


78

Examples of Acquirers (Processors)

First Data Corp. Paymentech National Data Corp. Bank of America Merchant Services Many processors (acquirers) process

multiple brands as part of their service


79

Internet Payment Devices

Credit cards, debit cards Off-line accounts Electronic cash Electronic checks


80

Credit cards, debit cards

Visa MasterCard Discover, American Express, JCB


81

How Credit Cards Work

Transactions authorized against customer’s line of credit at issuer (promise to pay)

At point of settlement, cardholder’s account is charged and merchant’s account is credited

Transactions subject to chargeback to merchant under certain conditions Lack of proper authorization Lack of proper identification / address

verification


82

“Off-line” Accounts

Electronic wallets CyberCash® Wallet Microsoft® Wallet Verifone® vWALLETSM

First Virtual®

All these may provide access to credit, debit, e-cash or electronic check accounts


83

“Off-line” Account Services

Credit card and other account numbers are stored by the service provider in a database, and are not transmitted to the merchant

Instead, a “PIN” is used by the customer at the point of purchase (cross-reference for actual account number)

Consumer must initiate account set-up in advance of making any purchases


84

How Electronic Wallets Work Today

Consumer must initiate request for electronic “wallet” software

Credit card or other account numbers are given to provider one time before any purchases are made

Account numbers, stored by provider in a database, are not transmitted; instead, a “PIN” is used to pay

Closed system: only available to participating merchants and cardholders who have signed up in advance


85

How Electronic Wallets Will Work in the Future

With SET protocol, will contain digital IDs with encrypted account information

Since digital IDs will be tied to specific accounts, wallets will keep track of all that information

At that point, wallets will be widely distributed and universally accepted


86

Interoperability is the Key

Wallets will become widely used when the following events occur: Mass distribution of wallets to consumers

is easily made Will be accepted by all merchants,

regardless of wallet brand or payment brand


87

Some Problems with Wallets

Not transferable to other wallets Not available for use at all web storefronts For eCash products, money must be

moved into wallet from another account prior to use: There may be a hold of up to seven days before

the funds can be used If your hard disk crashes, you lose the money

in that account (remember to back up wallet files)

Storage of cash in your wallet = use of float on those funds for your wallet provider


88

Visa® Example of Electronic Wallet

http://www.visa.com/cgi-bin/vee/nt/sec/no_shock/virt_wallet_L.html?2+0


89

Visa® Example of Wallet Registration (Digital ID)

http://www.visa.com/cgi-bin/vee/nt/sec/no_shock/registering_L.html


90

What’s in a CyberCash Wallet?

Credit card accounts Debit card accounts PayNow™ check service (for electronic

payments from checking account; like debit cards)

CyberCoin account (for “micro-payments”)


91

CyberCash Secure Internet Credit Card Payment

http://a.dn.cybercash.com/cybercash/info/sixsteps.html


92

CyberCash as a Merchant Service Provider

CyberCash provides the merchant with CashRegister software to authorize and process payments

CyberCash is neither an acquirer nor a bank, but is a provider of payment software for eCommerce (a gateway)

CyberCash provides an advanced level of encryption for financial information passed from their database to acquirers (not SSL)


93

CyberCash Merchant Services

Interactive Billing and Payment Enables presentment, payment and

posting of bills on the Internet (single or recurring transactions)

Works with PayNow (e-check), credit card or CyberCoin® services

Can be used for business-to-business as well as consumer payments


94

CyberCash CashRegister® Software

Makes all their payment services work Integrates with a variety of operating

systems and merchant storefront software

Can be used with or without consumer wallets

Non-wallet transactions are SSL-encrypted, and do not require consumer action in advance


95

CyberCash CashRegister® Software

However, you must still arrange for a merchant deposit account with your bank or independent service provider

If you are having trouble setting up a merchant account with a bank, contact CyberCash for assistance


96

Credit Card Payment Demo

Credit card transaction with CyberCash — No Wallet

CyberCash Wallet transaction


97

Credit Card Settlement with CyberCash Transactions

Card data is captured for transmission in one of three ways: Online Capture — simultaneous with

authorization Post-Authorization Capture Batch Capture

Method of capture is determined by your merchant bank and their acquirer


98

Online Capture

Happens simultaneously with authorization of transaction

Fastest method of capture for online merchants who can guarantee same-day shipment of goods


99

Post-Authorization Capture

Capture is a separate step from authorization of transaction; post-auth message instructs bank to capture transaction

Example of use is for delayed shipping of merchandise


100

Batch Capture

Transactions are captured in a batch mode after authorization (like post-auth capture)

Multiple authorizations are submitted at one time for capture

The batch is transmitted through CyberCash to the bank for funds transfer and merchant account reconciliation


101

CyberCash Benefits

CashRegister Software is free to merchant Supports wallet and non-wallet payments No additional charges to merchant — fees

to CyberCash are paid by acquirers CyberCash is presently the largest gateway

service provider for Internet merchants Their products will evolve


102

First Virtual

Another example of a “closed system” — only available to merchants and cardholders who have signed up in advance

Similar to the electronic wallet idea


103

First Virtual Services

First Virtual services revolve around an integrated network called the Interactive Messaging PlatformSM, or IMP (secure e-mail): VirtualRECEIPTSM

, — electronic receipts for physical and virtual credit and debit card activity

VirtualALERTSM — interactive alert messages

advising customers of shipments or billing VirtualMAILSM

— customized direct mail tailored to

individual profiles (slicing and dicing with customer’s permission)


104

First Virtual Services

Today we will focus only on First Virtual’s payment service, which uses the VirtualPINSM

VirtualPIN is an alias for a MasterCard or Visa credit card (or debit card)

Account number is not transmitted on the Web, but store credit card information off-line (PIN is a cross-reference number)

Also requires a personal Internet e-mail address


105

FV Merchant Account Options

Pioneer Account Minimal start-up cost allows for anyone to

start a business and sell on the Internet Does not require that you already have a

merchant credit card account Drawback: There is a holding period of 90

days for each transaction before merchant receives payment (to cover risk of chargebacks)


106

FV Merchant Account Options

Express Account For merchants who already accept credit

cards Requires solid financial history and

excellent credit record Existing merchant account must have low

chargeback rate Payout period is four days after

transaction is processed Application Fee: $350 non-refundable


107

How Does a First Virtual Payment Work?

First Virtual Acts as clearing service for Visa and MasterCard payments (debit or credit)

Requires account set-up with First Virtual in advance, for customer identification and account verification

All transactions are confirmed by e-mail before a credit card is charged

FV sends electronic deposit to merchant’s bank account through the US ACH


108

First Virtual Demo


109

Electronic Checks

Examples: CyberCash PayNowSM Service

Currently only available as a service to merchants with recurring payments

There is a heavy demand for use with a variety of consumer purchases; will soon be available with wallet software

Check Free®

Similar service being tested, not yet in use


110

Electronic Checks: How They Work

Service provider or gateway captures Federal Reserve Routing and Account Number information from bottom of physical check (MICR line)

When authorized by customer, payment is automatically deducted from checking account

Requires advance set-up with service provider Automated clearing only — not a check guarantee service


111

Token-based systems

Stored value accounts (virtual money) for micro-payments, generally under $10

Real world example: currency, coin Internet example: e-cash, where

money in a checking or credit card account in exchanged for scrip

Business case has not been proven


112

Electronic Cash (e-cash)

CyberCoin®

Service of CyberCash, part of Wallet Currently available with Microsoft Wallet

Digicash®

ecashSM service Licensed in US by Mark Twain Bank

Mondex®

Licensed by MasterCard International, Inc. Smart card-based system


113

Mark Twain Bank is Worth Looking At: http://www.marktwain.com/digifaq.html#Help

Look at their customer support disclaimer —they get an “A” for honesty!


114

Digicash ecash Payment Demo


115

Other Merchant Providers to Consider

Online Financial Services (OFS) http://ofs.web-charge.com/signup1.html

Internet Secure http://www.internetsecure.com/

Redi Check / Redi Charge http://www.redi-check.com

Merchant Account Services Provo, Utah 1-801-765-1111


116

All Merchant Providers Are Not the Same

Compare services Which cards do they authorize? Do they provide electronic check services? Do they provide check guarantee services?

Compare prices Start-up fees Monthly discount fees Other service fees (per transaction) Statement generation fees


117

Four Choices for Setting Up a Merchant Account

Join an eMall and process through them Contract with an independent service

provider (ISP) Buy a software suite that includes

merchant account set-up Go to your local bank and set up your

own merchant account If they’ll take you, this may give you the

best discount rate


118

Range of Credit Card Fees

Your Bank

Discount Rate: 1.5% - 5.0%

eMall or ISP Provider

Application Fee: $100 - $300

Discount Rate: 1.5% - 5.0%Per Transaction: .20 - .30Monthly Fee: $10 - $25(service / statement fee)Chargeback Fee: Up to $25Chargeback Reserves:

Up to 10% of sales, for up to six months


119

Regulations governing electronic commerce transactions

Visa / MasterCard Operating Regs Credit Card Rules for acquirers and

merchants Fair Credit Billing Act

Debit Card Rules Regulation E

Consumer Telephone Protection Act Can Internet Protection Act be far behind?

Privacy Principles Yet to be mandated, but inevitable; and

generally a good idea


120

Privacy Issues for the Consumer

Most people just want to be asked for their permission

Your customers don’t object so much if you use their information to sell them other products you may offer

But many object if you sell or rent their names to someone else


121

Privacy Issues for the Consumer

Anonymity Confidentiality Disclosure

Name and address info Disclosure of transaction to a third party Merchant’s identity


122

“Data Mining”: How much is enough?

You have the opportunity to build a customer database for future sales

To what degree do you slice and dice? If you slice too fine, are you missing

opportunities? This leads to more privacy issues


123

IV. The Future of Payments on the Internet

Transaction security New forms of payment systems Access devices Virtual currency


124

Transaction Security

Many more iterations of SET and similar protocols

Digital IDs held off-line in smart cards New payment systems (beyond Visa,

MasterCard)


125

Access devices

Will we really need plastic cards? Who says a chip has to be on a card? Mobil Oil’s clever idea for POS device

Eliminates need for credit card Biometrics as identification

Fingerprint scanning Iris scanning Voice recognition


126

Virtual Currency

The move to a single, blended account for consumer-oriented transactions

Multi-functional chip (smart) cards Universal, worldwide currency?


127

Summary

If all this information seems overwhelming... New environments are always scary Awareness and curiosity are the keys to

taking advantage of new opportunities You don’t have to know everything about it

— you just need to know where to get the answers.

“Everyone is ignorant, only on different subjects.”-- Will Rogers


128

Questions & Answers


129

Useful References

SET (Secure Electronic Transaction protocol) http://www.dc.net/gtill/set1.htm

Gregory J. Till, US Treasury Dept. attorney

Document details the implications of SET for merchants

http://www.visa.com/ http://www.mastercard.com/ http://www.setco.org/


130

Useful References — Cryptography

Cryptography/cryptosystems http://www.rsa.com/ http://www.counterpane.com/ http://www.pipeline.com/

Richard Field, Esq. (US attorney specializing in payment systems and electronic commerce)


131

Useful References —Merchant Payment Options

http://www.cybercash.com/ http://www.firstdatacorp.com/ http://www.firstvirtual.com/


132

Useful References

History of money http://www.frbsf.org/ http://www.firstdatacorp.com/ http://www.mastercard.com/


133

Relevant acronyms

ACH Automated Clearing House CA Certificate Authority ISP Independent Service Provider MAC Message Authenticity Check MICR Magnetic Ink Character Recognition MO/TO Mail Order/Telephone Order NACHA National Automated Clearing House

Association PIN Personal Identification Number PKC Public Key Cryptography POS Point of Sale RSA Rivest, Shamir and Adleman


134

Copy of This Presentation

www.strom.com/pubwork/vegas98t275.ppt And URLs are at

www.strom.com/pubwork/vegas98.html


135

Internet Commerce:Understanding Payments, Security and Storefronts

presented by:

Stephanie Denny, [email protected] www.denny.dc3.com

David Strom, [email protected] www.strom.com


136

Day 2: Internet Storefronts

presented by:

David Strom, [email protected] www.strom.com +1 516 944 3407


137

Today’s Topics

V: What Becomes Success VI: Choosing the Right eCommerce

Path VII: Installing and Operating Your Own

Storefront


138

Topic V: What Becomes Success?

Overview of eCommerce market Review physical storefront success

factors Propose some definitions Define success for the web Draw up five eCommerce principles


139

Overview of eCommerce Market

Predictions Success factors Five principles


140

eCommerce Revenue Predictions are Wide-Ranging

Source 1996 (B$US) 2000 est. (B$ US)

IDC $2.2 94

Forrester 1.4 117

Jupiter .7 15.6

Dataquest 6.4 56


141

And Not Very Believable

IDC says the web will become a mass market in the US by 12/98!

With 100 million users! Let’s not confuse web users with

eCommerce BUYERS!


142

Ticketmaster

US$5 million/month via the web in sales

Started 11/96 Generating lots of new buyers, who

wouldn’t ordinarily use their service


143

Then there is Disney.com

Web site Daily Blast signing up 15k members/month

Sales via web are equal to 3x-5x of physical Disney store!


144

And of Course, There is the Porn Industry

“However, extensive interviews with adult site owners yield a picture of a highly charged market of approximately 10,000 sites generating about $1 billion in revenue per year, most through electronic credit card transactions.”

From Interactive Week


145

Sad State of Today’s eCommerce Marketplace

Poor quality tools Hard-to-find stores Limited payment methods Credit card snooping perceptions Older browser versions can’t view

latest sites


146

Case in Point: Buying a Bike Rack

Item not carried: outdated catalog Telesales not familiar with web No cross-sell or substitutions online Needed three phone calls to complete

purchase


147

Let’s Learn From the “Real World”

Compare what works for physical stores

Try to extend to the web


148

Critical Success Factors for Physical Storefronts

Location Branding Good service Good product selection Proper pricing and margins Traffic


149

First Problem:

None of these translate on the ‘net!


150

Now Try to Agree on Definitions for Web Stores

What determines a good location? Position on a search page Nearness to popular destination Ad on a popular server

What determines branding? Memorable domain name Popular search category destination


151

An Example of bad location: Montana Meats

www.imt.net/~lingerie/buffalo/buffalo.html Can’t they afford their own domain

name? www.company.com/~anything is BAD

NEWS!


152

Another Case: Buying Toner and Batteries

www.cartridgesusa.com, www.batterybarn.com Catalog shows pictures of parts Easy to find relevant item But payment acknowledgement

incomplete


153

Determining Traffic

Hard to do -- is it hits, page views, registered users?

[HITS = How Idiots Track Success] Hard to measure -- do you count gifs?

Use log files? No general agreement on any metrics!


154

Traditional Advertising Doesn’t Apply Anymore

Can’t measure anything Every site has its own banner sizes The Web is not TV


155

One Working Definition of Success:

SURVIVAL! If a site is still running after 12

months, and getting more traffic, it is a success.


156

Does a site actually have to sell something?

Many actual eCommerce sites don’t do the complete transaction (Cisco)

Require faxes or telephone calls! Some merely have catalogs A good example: Singapore Power

Authority www.spower.com.sg/readmeter.cgi?cmd=form


157

Good eCommerce Examples

Easy to find merchandize Good service Individual customization is key Simple navigation Business-to-business focus


158

AMP Connect

Have customers in 100 countries Speak many languages Produce 400 catalogs covering

135,000 items Mailings cost US$7MM/yr Fax back cost US$800,000/yr But you can’t buy anything directly!


159

Solution: “Step Searching”

Saqqara.com software to enhance Oracle database

Provide user feedback as they type in the query

Show how many matches in the database Different mechanisms for searching:

by part number by alphabetical names by part family by picture even


160

AMP connect.ampincorporated.com


161

AMP Connect (con’t)

And can set to list parts that are available in specific countries!

Updated daily with over 200 item changes

Detailed drawings saves time for customers to pick the right item

Saved AMP over US$5MM in production costs


162

Save in Translation Costs

AMP catalog in several languages Translation cost was US$100,000 Versus US$1.5MM to produce separate

translations of print editions


163

Silicon Investor www.techstocks.com

Difficult to find anything Incomplete database of companies Companies are arranged poorly


164

First Principle of eCommerce:

It is easy to find what you are selling!


165

Amazon.com

Services frequent readers with a variety of programs Editorial comments If you liked this book, you’ll like... Notification of new books by author, topic Simplified “1 Click” ordering

Uses simple pages and email Associates program for commission kickbacks Gift certificates via email And ... lots of books to choose from


166

Amazon


167

Update your directories!

This one is almost a year old www.asiapage.com/alist.html#jewellery


168

Non-secure servers

Many SG sites collect credit cards on them

www.asiapage.com/goodwood


169

Second Principle of eCommerce:

Deliver solid service!


170

Dell

Most notable site for computer buyers Customize the features you want via a

web form Simplifies and personalizes the

shopping experience WYSIWYB (buy) >US$1MM/day in sales!


171

Dell


172

Canadiantire.com

eFlyer uses email notification along with web forms

Customize exactly what coupons and deals are sent to you


173

Third Principle of eCommerce:

Individual customization is key


174

BMW Motors

Example of what not to do Use gratuitous graphics Cheesy low-res videos Toys, not tools


175

BMW


176

Compare with Subaru

Find specific information about each car

Can price options to your particular needs


177

How NOT to Design a Payment Screen

www.netmar.com/new/norderform.shtml


178

How NOT to take advantage of bandwidth

www.clickdiz.com Two different pages, one for SG ONE,

one for all others But SG ONE page has just heavy

graphics -- why?


179

A better example: fishing licenses

Simple, quick, and does the job with a minimum of clutter

www.permit.com


180

Fourth Principle of eCommerce:

Make navigation simple! Use small graphics, site maps, indexes Avoid clutter, frames


181

Int’l Commerce Exchange System

Matches overstocked sellers with buyers

B2B exclusively Uses faxes to notify potential

customers


182

ICES www.icesinc.com


183

Fifth Principle of eCommerce:

Business-to-business focus


184

Topic VI: Choosing the Right eCommerce Path


185

Four Approaches:

Join an eMall Outsource to an ISP Buy suite of software DIY


186

Joining an eMall

Only if you don’t have any in-house programming staff

Don’t want or can’t trust consultants to do it for you

Want someone else to handle payment processing

Don’t care whether your store is tied into your own financial system


187

The Mall of eMalls

malls.com, of course!


188

Different Kinds of eMalls

Collection of independent links elsewhere

Landlord/hosting provider Become a sales representative for an

eMall and Make Money Fast!


189

Evaluating eMalls

Do they offer storefront design? Have in-house programmers? Hosting of your own web? How many payment systems do they

support? What kinds of accounting reports do

they offer? Who are the other tenants and do you

like them?


190

The Truth about Internet Malls

Read your contract Check your site for errors Evaluate your content Measure your results Promote your site (from www.netrageous.com/reports/thetruth.html)


191

Reasons Not to Join an eMall:

You know and like perl Don’t have to take payment via the

web Want complete control over your site


192

The Results So Far Haven’t Been Encouraging

Many store owners haven’t sold anything from the mall!

Over 90% dissatisfied with mall operator

Basic HTML errors and unresponsive staff to fix problems


193

The Catch-22 of eCommerce:

To be successful, a software vendor has to promote his products via the Internet.

But this means eating one’s own dog food!


194

Leading USA eMalls

Vendor, location Number of stores

ViaWebwww.viaweb.com

$100/month, all done witha browser

Internet Mallwww.internetmall.com

$150 + $15/mo, % of eachtransaction

Blue Moneywww.bluemoney.com

Outsourced payments andcatalogs


195

Find an ISP

More ISPs are offering eCommerce solutions

Have to use their software standards and payment schemes

Could be pricey Just catching on in USA


196

Some Examples

www.psi.net/web/ecommerce.shtml www.Best.com/bizcomm.html www.Brainlink.com/html/saleslink.htm www.Earthlink.net/company/webservices.html IBM: mypage.ihost.com www.Netcom.com business.Mindspring.com/prod-svc/smbiz/ www.Mindrush.com/ www.outer.net/ONCommerce (OuterNet)


197

Price Comparison for ISP hosting

Provider Setup fee (US$) Monthly fee(US$)

Plan name,paymentoptions

IBM 260 55 Bronze, creditcards

Earthlink 624 194 Premium Plus

Netcom 450 300 Commerce Site,credit cards

Mindspring 175 324 CommercialAdvantage,credit cards,Cybercash


198

Price Comparison assumptions

10 Mb disk storage Single email account InterNIC $100 fee included for domain

name


199

New Approaches: GeoShop, Tripod

Builds on GeoCities “communities” but for merchants (www.geocities.com/join/geoshops)

$25/month for just commercial listings $180/month (or more!) for actual

transactions working with Internet Commerce Services

Corp. who uses Open Market Transact servers Tripod will offer something similar this

summer


200

One Way to Support Lots of Payment Systems

Wired-2-Shop www.wired-2-shop.com/TestDrive/Admin/PaymentList.asp


201

The Suite Approach

Leading contenders What is part of the suite and what

isn’t Prices and platforms


202

Popular eCommerce Suites

Vendor, Product Version Price Platform

ICatElec Comm Suite

3.0 $9000 NT, 95

IBMNet.Commerce

3.0 $5000 NT, AIX

MicrosoftCommerce

2.0 $5000 NT


203

Popular eCommerce Suites (con’t)

Vendor, Product Version Price Platform

OM TransactOpen Market

2.3 $250,000 Unix

Intershop OnlineIntershop

3.0 $5000 NTUnix

WebSite ProO'Reilly

2.0 $800 NT, 95


204

Four Typical Elements

Catalog Storefront designer Ordering/inventory system Shopping cart/check out system


205

The Cold Hard Reality of Suites

Suites are nothing more than collection of products

Lack integration among various elements

Difficult to setup, customize, and use Require you to live “inside” their

structure Limited payment options Sounds like early MS Office


206

Payment Systems Included in Each Suite

Microsoft: Verifone, Buy Now IBM: Verifone, SET, eTill iCat: None (but many third parties) OpenMarket: Verifone WebSite Pro: InternetSecure,

CyberCash Intershop: CyberCash, ICVerify, others


207

Sample Stores Included in Each Suite

Microsoft: 4 stores IBM: eMall, simple and advanced

sample stores iCat: 1 hardware store OpenMarket: none WebSite Pro: 1 bookstore Intershop:3 stores


208

Databases Supported in Each Suite

Microsoft: SQL Server IBM: DB2 iCat: 4D, Sybase SQL Anywhere WebSite: Access Intershop: Sybase SQL 11


209

Dealing With ODBC

Have to understand how to set up data sources

Intimate knowledge of your data structure

Re-install ODBC drivers at least once! Best to start with built-in database


210

Store Wizards Included in Each Suite

WebSite Pro (but doesn’t do much) Intershop (various wizards) net.Commerce v3 MS Commerce

create appearance navigation registration, check out flows payment methods


211

Tips

Don’t install anything before making sure you have everything!

Downloads for free, but they expire Can you export existing files to these

systems?

Don’t install anything before making sure you have everything!

Downloads for free, but they expire Can you export existing files to these

systems?


212

WebSite Professional website.ora.com

Version 2, shipping since 9/97 US$799! NT (or 95) Supports Cybercash OR Internet

Secure (Visa, MC) One sample store (bookstore)


213

Sample storefront

http://merchant.inline.net/admin/


214

WebSite Configuration Sheet


215

Store Properties

Only can operate a single payment system

Run on a series of Access databases Built-in tax table, but for N.Americans! Well documented data structures in

typical O’Reilly fashion


216

Recommendations

Lowest priced suite by far! iHTML is robust, but will take some

learning Nice store setup and organization of

catalog Good low-end solution See Infoworld review


217

Intershop

demo at presentation.intershop.com (admin/admin for store)

Includes Sybase SQL 11 US$5000, includes 3 mos. support


218

Seven Different Managers

Catalog Products Store Purchases Inventory Customers Admin


219

Characteristics

Everything managed via browser, which can get tedious

But you already have a database behind it


220

Payment Options galore


221

Recommendations

Most flexible payment options of any suite

Better at processing orders than site creation

Not good for large catalogs


222

Microsoft Commerce (nee Merchant)

Still evolving More of a development platform than

a suite Closely tied to IIS, SQL Server et al.


223

The many Microsoft servers


224

Shopping with MS Commerce


225

MS Commerce


226

Microsoft Upsells


227

Recommendations

If you are going to use any other MS apps

If you believe developers will follow If you must stay on the cutting edge of

MS products


228

Commerce Server Specifics

NT, fast Pentium with 128 M RAM essential

US$5000 www.microsoft.com/commerce


229

iCat Electronic Commerce Suite


230

iCat Process

Use four-step process Make changes to staging db Use designer and built-in catalog Then post changes to production db


231

Create Your Database

Can use bundled Sybase SQL Anywhere

Enter upsells, promotions, and discounts


232

Design Your Templates

Look and feel of storefront Design views of catalog


233

Setup Your Hard Disk

Locate your files Setup your web server


234

Set Misc. Options

Matching sales tax rates to zip codes Use registration and indexing tools


235

iCat Demo Catalogs

www.icat.com/catalogs/democats.htm Demonstrate variety of options Several different stores to view


236

Recommendations

No wizards, all browser-based forms Tedious but straightforward Lots of third-party add-on tools Best for people new to db or the ‘net Best if you don’t have computer-based

accounting system yet


237

iCat Specifics

NT, fast Pentium with 128 M of RAM US$9000 for professional version www.icat.com


238

IBM Net.Commerce


239

Included

IBM’s Go Web Server DB2 database Shopping trolley system Credit card verifier, eTill software


240

Several ways to setup your store

Use nine-step wizard with populated catalog

Use wizard with empty catalog Start from scratch Import existing databases


241

Recommendations

Great if you already use DB2 for inventories

Most security-conscious suite More depth than iCat Start with all IBM defaults to save

time


242

Net.Commerce Specifics

NT, fast Pentium with 64 M of RAM AIX, 390, OS/400, Solaris US$5000 Basic, $20,000 Pro www.internet.ibm.com/net.commerce


243

New in version 3.1

“Intelligent Catalog” Java-based wizards to setup and

manage store Recognizes shopping preferences and

upsells New SET payment server but not worth

using Integration with Domino Merchant See Infoworld review


244

OpenMarket

High end solution Worldnet offers hosting of OM servers Still needs customization!


245

Recommendations

If you can afford it .... Really the price covers lots of

consulting time High transactions and throughput

needs


246

OpenMarket Specifics

Various Unix US$250,000 and up! www.openmarket.com


247

Do it Yourself Path

Traditional merchant banking approach

More risk, especially when your payment system is on the ‘net


248

Steps Involved for DIY’ers

Get a web server Get merchant software Integrate with your back end systems

catalogs inventory customer accounts

Be prepared to do lots of coding


249

The 90s Help Wanted

Wanted: Webmaster Required skills: High proficiency in

various web based programming, development tools, CGI, cookies, DNS, eCommerce, FTP, HTML 2.0 through 3.02, IIS Server admin, Javascript, Java, MS SQL, Netscape server admin, NT Server admin, perl, Unix admin, web security


250

One DIY solution

IIS PerlShop shopping cart OuterNet Commerce ISP hosting site First American Payment Systems Verisign certificates Fees: $800 setup, $500/yr, $50/month What isn’t working: perl scripts to

make credit card payments!


251

But First: Consider the Customer


252

How Customers Buy Stuff

Sometimes have partial orders Sometimes cancel orders Sometimes inventory systems lie Sometimes shipments are returned


253

Purchasing Stages

One product has a 14-stage process! Need to gather so many items:

Shipping info Item inventory, pricing Order pricing “Last chance” (upsells, cancel out)

All this means: get thee to a database!


254

What is Needed

A way to track orders Provide shipping status Provide payment status


255

Our Recommendation: email!

Capture that email address Use it for status reports Outcalls and future upsells Reminders But how do you validate the address

these days?


256

Payment System Considerations

Do customers need accounts and profiles? yes: reduces the amount a visitor has to type no: less of a privacy concern

Should shopping be persistent across the session? yes: use accounts or cookies

Should all communications be via SSL? yes: then you’ll need the appropriate browsers

and servers Do I want to have multiple stores on a single

server?


257

Merchant Back-end Integration

Financial interactions Clerical interactions


258

Credit Card Issues

Separate authorization from settlement authorize when order received, but ship within 24 hrs of settlement, and beware of stale backorder data

Consumers can chargeback either need a physical signature or evidence of verified shipping address

Opening a merchant account (see www.shopsite.com/help/payment.merchant.html)


259

Electronic Bill Presentment

Saves on paper but requires lots of coordinated systems

Can show bills with nice fonts, interactive applications

Is separate process from the actual payment system


260

Electronic Bill Presentment Issues

Does the processor use EBP with merchant bank?

Can users browsers support these new applications Java applets Active X controls etc.

Reconciliation requires access to both dispute and payout information


261

Microsoft’s MSFDC

A means to standardize on presentment

Have both web-based access and special consumer-based software

Former “Marble” server, read white paper at: www.microsoft.com/finserv/marblewp.htm

Requires NT, SQL Server, IIS, etc.


262

Other EBP efforts

Open Financial Exchange (www.ofx.net)

www.Integrion.Net CheckFree’s E-Bill

(getbills.checkfree.com)


263

eBill

Most popular and in widest practice Schwab and Intuit/Quicken are

supporters Most threatened by MSFDC


264

OFX

Started with Intuit Trying to standarize on too much at

once: data transfers account inquiries financial applications and transactions

Verisign Financial Server (US$1200) digitalid.verisign.com/ofxIntro.htm


265

Integrion

Banking-intensive plus IBM No other software supporter, BUT… Combining forces with CheckFree Trying to establish their “Gold

Standard” vs. OFX


266

What about SET?

IBM, Verifone having second thoughts Specs still at 1.0 (barely) Just handles the buyer authentication

piece Trial with Citibank/SG www.visa.com for more info


267

What about OBI?

Open Buying on the Internet A bunch of standards: SSL, X12 EDI,

X.509 PKI Exchange of purchase order info Unresolved issues:

who owns the catalog? how much infrastructure is really needed? knitting together a solid solution is more

than enumerating standards!


268

Topic VII: Installing and Operating Your Own Storefront

What you need to know What you need to buy


269

You Need to be a Superhero:

Part web designer Internet technologist SQL database admin Payment system maven


270

Things You’ll Need to Discover

Are your sales and marketing staff web-savvy?

Is your accounting system adaptable to web purchases?

How do you reconcile these accounts? Does your business owner understand

Internet culture? Can anyone find you


271

Dealing with search engines

Some use <META>, some use <TITLE> Keep descriptions at top of your home

page short and sweet Web Review article: webreview.com/97/10/17/webmaster


272

The Most Under-rated Skill:

PATIENCE!


273

Components Needed to Operate a Web Storefront

Database of items to sell and current inventories

Secure web server Searchable catalog server Connections to backend payments and

financial servers Shopping cart system Checkout/payment system Don’t forget about security!


274

Which Database Server?

Pick before anything else Core of your store revolves around the

database: inventory system accounting system catalog system


275

Database Server Recommendations

Use existing client/server db if possible

SQL Server: best with MS tools Oracle: if you know pSQL already Informix: all other situations


276

Database/web Tools

Develop your own forms Query your database Develop your own catalog


277

Why is a Catalog Important?

Your customers view of your store Current with your own inventory and

offerings Don’t want to sell what you don’t have


278

Catalog Software

Cadis.com, US$1500 Centor.com, US$50,000 Dataware.com, US$1800 Elekom.com, US$25,000 Isadra.com, US$10,000


279

Other catalogs

Product Price range

Icat (www.icat.com) US$3-10,000

Intershop(www.intershop.com)

3-8,000

CatSmart 10,000

WebCatalog (www.pacific-coast.com)

2500

Cat@log(www.thevisionfactory.com)

3-4000

Impulse (www.inetrep.com) <$1000


280

Another choice: outsourced catalog!

ShopSite IBM Home Page Creator mypage-

products.ihost.com (N. America only) Mindspring with Mercantec


281

ShopSite demo

www.reliablehost.com/cgi-bin/bo/start.cgi username: test8 password: test


282

Tool Recommendations

Cold Fusion, www.allaire.com Sapphire/Web, www.bluestone.com


283

Which Web Server?

Hundreds to choose from Must support SSL and/or SHTTP Platform isn’t important, really


284

Get Your Certificates in Order

Bring up form inside web server Send to Verisign on letterhead with

credit card (!) Receive cert from Verisign Install on your web server


285

What can a Shopping cart do?

Simplify ordering process Track multiple purchases for a single

visitor Display items purchased Calculate total prices, tax, shipping

charges Track item attributes (colors, styles,

sizes)


286

Different Shopping cart Methods

Account-based Cookie-based; see www.cookiecentral.com

Encoded URLs


287

Shopping cart Programs

S-Mart: www.rcinet.com/~brobison/scripts

Minishop: www.egrafx.com/minishop mvend: www.iac.net/~mikeh/mvend.html PerlShop: www.arpanet.com/perlshop


288

Commercial Programs

Internet Shopping Cart Server: www.webisland.com/cart

Rent-A-Cart: www.rent-a-cart.com CyberCart: www.lobo.net/~rtweb AutoCart: www.autocart.com/Autocart WebCart: www.staff.net/webcart.html SoftCart: www.mercantec.com WWWOrder: www.virtualcenter.com/scripts2/WWWOrder.html


289

Shopping cart Example www.asizip.com (SoftCart)

Shopping basket Cookies to track purchases Simple navigation


290

Payment Systems for SSL

ICVerify, www.icverify.com Worldpay/PSI www.psi.net/worldpay


291

ICVerify Process

Customer submits 16+4 through SSL browser connection

Merchant swre records to a file ICVerify submits to bank ICVerify receives response from bank,

creates answer file Merchant swre retrieves answer, sends

response to customer No per transaction fee!


292

Supported Merchant Servers for ICVerify

MS Merchant, Commerce Oracle Payment Mercantec SoftCart Internet Factory Merchant InterShop Online


293

ICVerify Demo Download

www.icverify.com/library/downloads/icvdemo20.html


294

WorldPay and PSI

Multicurrency payments >100 for product prices 16 different ones for settlement

Have to host your web at PSI Includes SoftCart and iCat software as

well US$1000 + US$1400/yr


295

WorldPay Demo

www.worldpay.com/demo/store.html


296

Prices of Typical Products

Product Type PriceInex Accounting US$6000SoftCart Shopping Cart 900MallManager Catalog 2000WebCatalog Catalog 1600Saqqara Search tool 700VPOS Payment server 2500WebMate Development tool 750


297

Inex Demo

Financial backend strength Store front and some aspects of suite www.inex-corp.com


298

Don’t Forget About Security

Make sure you protect your web site! See “Ten ways” article from Winn

Schwartau Limit access, isolate servers, lock

down scripts, so forth See www.nwfusion.com/netresources/0202hack1.html


299

What About Web Server Load Balancing?

Resonate, HydraWeb, Cisco IBM Interactive Network Dispatcher,

www.ics.raleigh.ibm.com/netdispatch Packeteer PacketShaper,

www.packeteer.com Others at www.techweb.com/se/directlink.cgi?NWC19970801S0026


300

Putting Together Your Own Solution

Mercantec shopping cart SQL Server database ICVerify payment system WebCatalog IIS web server Total price: <US$10,000


301

Don’t Forget the Process and People

Put together policies and procedures book that describe what you did

Gather forms for your business partners to sign up for ISPs if needed

Document how to make changes to your product catalog via the web

Approach your trading partners with solutions, not problems!


302

Conclusions

eCommerce crosses many different skill sets

Software is still too dicey in many areas

Standards aren’t much use right now Suites don’t offer much in the way of

integration DIY may be the best solution


303

Some eCommerce Resources

Web Review article on NT, Mac Suites: webreview.com/98/01/23/feature/

Windows Sources reviews of 3 eCommerce suites: web1.zdnet.com/wsources/content/0697/ntadmin.html

My Infoworld reviews www.strom.com/pubwork/iworld.html

www.webcompare.com, all the web servers you could ask for

PC Magazine review of various products www5.zdnet.com/products/content/pcmg/1620/pcmg0024.html


304

For future reference

Copy of this presentation (Powerpoint): www.strom.com/pubwork/vegas98t275.ppt

And list of all the relevant links mentioned: www.strom.com/pubwork/vegas98.html


305

Acronyms

B2B Business to business DIY Do It Yourself EBP Electronic Bill Presentment URLs Universal Resource Locator SSL Secure Sockets Layer OFX Open Financial Exchange SHTTP Secure web protocol HTTP


306

Conclusion

Review

Q&A David Strom +1 516 944 3407 [email protected]

1 (c) stephanie denny and david strom, 1998 internet commerce: understanding payments, security and...

Documents

c stephanie denny

david strom

internet slide

storefront slide

distribution slide

customer slide

measurable slide

communications slide