eCommerce in Today's Market

Business is done with many communication technologies today, walk-in retail, mail-order
phone, mail-order fax etc. The Web and the Internet are just one another communication
medium with its own benefits and disadantages. The cost for a business to hae a world
wide presence is the lowest in history with the World Wide Web. Budgets of the !"#$%s
would hae listed at least &!$$,$$$ per month in expenses to hae a business handling
international customers '( hours a day, ) days a week. Today those same budgets are
closer to &*,$$$ per month and some een much lower. +et the ,uality of serice that the
customer of these businesses is expecting continues to climb.
With these demands you need a scaleable sales force, immediate, accurate and secure
information exchange, automatic deliery of products, and accurate tracking information
for package deliery. In this article we will discuss the issues in constructing a web site
that can gie you all of this and much more. -oweer, there are some pitfalls to be
watchful of. The anonymity of the people buying from you can make you feel like you
are talking to .r. /. +ou rarely hae the chance to speak directly with your customers. It
is also far more difficult to get a feel for the si0e and condition of your endors and your
competitors. +ou hae to help your customers oercome the fear that many people hae
putting their credit card number into a form on a web page. 1sing and understanding
e2ommerce can gie you a strong adantage oer your competitors while proiding
greater alue and comfort to your customers.
How eCommerce is Different from Normal Business
e2ommerce is ery similar to the mail-order business. +ou normally do not hae your
customer right in front of you to confirm the signatures with the back of their credit card.
+ou do hae an adantage in e2ommerce in that you can track exactly where your
customer is 3calling3 from. This can help to reduce fraud, unlike mail-order and other
types of communication. It also doesn%t cost you any more to be open '( hours a day, )
days a week.
+ou hae the opportunity to gie your customer more information about their purchase,
both in terms of product information and in deliery tracking, you can proide direct
links to shipping serices with tracking numbers and much more. With many of the
emerging payment technologies you will also be able to offer smaller priced items for
sale, that is, access to a complete new story for *$ cents is now practical in e2ommerce,
but it would be silly to do with mail-order. If you sell electronic products, like software,
your customer doesn%t hae to wait for oernight deliery serices, you can gie them
immediate deliery once the payment has been cleared.
To make sure that all of this access to information is accurate and secure, there are some
precautions that you should take. 4on%t be like most people and assume that e2ommerce
is just an electronic catalog on a 556 serer. These are the same people that are happy to
accept the price for a product from a static -T.6 page. That would be like honoring a
faxed order form that a customer has written their own prices written on7 imagine buying
a new 8owerBook !($$ cs for, oh, how about &!$. We will come back to this issue later,
first what do we mean by 556 serer9
What is SSL?
556 stands for 5ecure 5ockets 6ayer. This is the techni,ue in which web serers and web
browsers encrypt and decrypt all of the information that they transmit and reciee. 5ecret
decoder ring time. Both ends establish and use the same scheme for making sure that no
one else is listening to their conersation. Web browsers will typically indicate a secure
connection with an alert when the connection is first established and with a key graphic
somewhere in the window. :s of this writing ;:ugust !"")<, the only current 556 serer
implementation aailable on the .acintosh is from 5tar=ine, Web5tar 556.
556 encrypts eery bit of data that is transmitted from the serer to the customer and ice
ersa. Think about that one, eery bit of data, text, pictures and all. This can be ery
wasteful if you don%t use it carefully. =ot to mention the fact that there are still some
browsers out there that aren%t capable of 556 and those users wouldn%t be able to access
the secure part of your site. +ou don%t want to slam the door on any customers. 5o now
that we hae a techni,ue to keep our conersation priate, what does the conersation
look like9
low of a eCommerce transaction
We often describe the web as being analogous to doing business with faxes. Imagine that
the home page of your site is a fax back form. +ou hae checkboxes for people to
indicate what they are interested in and, in return, you send them another fax. The
customer then fills out some more check boxes and we continue the exchange until they
get what they want. The web is ery similar, the site must respond with a page which
elicits more information from the customer guiding them to their buying decision.
The basic flow of a e2ommerce site has ( major sections !< >ntry ? 5earch, '< @esults,
A< Inoice, (< Thank +ou. >ach of these sections can be a single page on simple sites, or
become complete sections on more complicated sites. Bn the >ntry ? 5earch page you
must hae some way for the customer to select what they want to see. ;This actually can
be embedded right in the >ntry page if you only hae a few products, but to keep the flow
simple we%ll assume that it is its own page.< Bn the @esults page you display information
about a product or products and the option to add it to the customer%s shopping cart or
Inoice. Bnce you are on the Inoice page you collect the necessary payment information
from the customer and complete the order. These steps are illustrated in i!ure ".
Figure 1. Flow of a eCommerce Web Site, courtesy of Pacific Coast Software.
-ere are some sites that follow the aboe flow, just to mention a fewC
2ra0y 5hirts at httpCDDwww.cra0yshirts.com.
>ducorp 4irect at httpCDDwww.educorp.com.
2lub .ac at httpCDDwww.club-mac.com.
24 4irect at httpCDDwww.cddirect.co.ukD.
8ro 5ound and 6ighting at httpCDDwww.cddirect.co.ukD.
:82net 2yerb.all at httpCDDwww.apcn.comD.
:s you can tell from this type of flow, all of the pages past the entry page are returned
from a 2EI. There are a number of commercially aailable 2EIs designed for both
database access and the complete e2ommerce process, including Web2atalog from
5tar=ine, Tango .erchant from >eryware, Icat from Icat, and many others, both
commercial and shareware. +ou can een write all of this interaction in your own 2EI
with :pple5cript, Frontier or another programming language. .any of the commercial
products hae their own language to help you. 6et%s spend just a few minutes talking
about the key functions reguired for the 2EI to handle the e2ommerce transaction.
Trackin! the customer
Bf primary importance in any transaction is that the customer feel comfortable with your
communication. To make it seem like the website is talking to each customer indiidually
you must track who the customer is and what they are interested in. The most common
way this is achieed on the web is with the shopping cart concept. This allows many
different people to be shopping on your site and all hae their own sets of items in their
cart. In our fax back example you would hae to use something like the fax number to
keep track of each customer. The e,uialent with the web would be the I8 number
;known as I8 tracking<. The one major difference is that a customer%s fax number doesn%t
change ery often, while a customer%s I8 number can change eerytime that they connect
to the Internet -- for those people using dial up accounts or other dynamic addressing
situations -- so I8 numbers are not a ery reliable way to track customers.
:nother common tracking techni,ue is cookies. +ou can hae your website put a cookie
onto the customer%s machine so that it maintains important information, like the contents
of their shopping cart. : better techni,ue that I hae found is tag propagation. This is a
techni,ue in which the first page that someone hits when they enter the site assigns a
uni,ue number, something like the number of seconds since !"$(. This number is in turn
passed thru eery page on the site and the shopping cart information is stored in a file
with that number on the serer. This allows a customer to disconnect ;by choice or
happenstance< from the Internet and not loose the shopping cart information. This can be
ery important in situations where buying approal from someone else is re,uired for the
purchase. .ost of the commercial products include a way of doing this. With
Web2atalog you insert a cartGHcartI parameter into eery -@>F and form on your site.
Tracking the customer is ery useful not just for the conenience of a shopping cart, but
for things like tracking down people that you think are using stolen cards and, more
importantly for that all allusie goal, to make the site more usable. 2orrelating this
tracking information with the general web serer logs can be used to determine trends of
the people isiting your site, are they getting all the information they need to make a
buying decision, are they understanding the buying process, are they loosing interest after
a certain amount of time. Bne big adantage of this tracking log is to look for all the
searches that people are doing on your site and were they are not finding any products.
.aybe you should describe the products more effectiely. :ll of these answers can help
you understand ways to change your site to make it more useful.
Calculatin! #ccurate $n%oices
The hardest part about calculating inoices is just like fax transactions, you hae to wait
until you get all of the information from the customer before you can hae accurate
results. The most obious place this happens is on the inoice page. 6et%s just say we had
5J1, TIT6>, K1:=TIT+ and 8@I2> on our inoice. In the simplest case the customer
gets to the inoice from the result of a search, usually with a simple hyperlink, so you
assume a ,uantity of one. 5ince you want to allow the customer to order more than one of
a product, you make the K1:=TIT+ an input field on the inoice. To proide as much
feedback as possible there may be a subtotal and other information on the inoice, so if
the user changes the ,uantity, then they may no longer hae accurate information.
This should be the first area of concern for the Web.aster. Bnce the customer has chosen
some products, is the subtotal always accurate9 4o they understand what they are looking
at9 :re there any ways to get the system to accept a 3bad3 subtotal9 If the e2ommerce
product does not confirm the field 38@I2>3 from the web page with the alue in the
database, it will accept whateer the incoming page said the price was. What does that
mean9 +ou may hae a sneaky customer looking at an inoice for a 8owerBook A($$.
The original page from the web serer says the price is &A)"". The sneaky customer can
sae the web page locally as source from his web browser, open the file with 5impleText
and change the price to &!$. =ow the sneaky customer uses his web browser to iew that
file, fills in the rest of the purchase information and submits the form to the web serer.
Bbiously, you must make sure that your site uses the 3real3 price for the 8owerBook and
not the &!$ priceL
This is just a simple example of calculation issues7 add in taxes and shipping costs and
you can see that this can easily get ery complex. The best way to oercome these issues
is to split the inoice into two pages, a proforma inoice and a final inoice. .ost of the
commercial products do a ery good job taking care of these situations. The proforma
inoice shows a listing of the shopping cart, possibly with a subtotal, as well as any other
information that you need to complete a final inoice, like ,uantity for each item, what
state they are buying from to help with the tax calculation, choice of shipping method etc.
2ollecting all of that information will allow you to calculate and display a final inoice.
With 6asso and Tango you can communicate back to your current database, 5K6,
File.aker etc., to calculate these numbers for your website. =ot until you get to the
Inoice page is any information sensitie. From this point on, you want to make sure that
you are communicating only with the customer. +ou should make sure that no one is
listening in.
Security Concerns
#reas that we D& care a'out security
:s mentioned in the section about 556 we do want to protect the transmission of
sensitie information with something like 556 to keep the eaesdroppers away, but
another e,ually important issue for security is protection from attacks on your web serer.
8eople trying to find credit card numbers in accounting logs or just trying to steal
products, to buy at ridiculously low or free prices. 8reention of this type of security
breach is the most oerlooked area. .uch of the information on the machine should not
be allowed any access. +ou don%t want people knowing een about access statistics
without you knowing about it.
The first obious area to secure is the accounting files. 6et%s say the web serer is doing a
great job of keeping people out of sensitie areas, but the same machine is also your ftp
serer. 8eople are preented by the web serer from getting to your accounting log, but
maybe there is a security hole because your ftp serer software allows access to this log...
so my first adice, limit the access protocols to all sensitie data -- !< store your
accounting logs and other sensitie files outside of the web serer folder, Web5tar and
many other web serer products will not sere files outside of their folder tree, '< don%t
run ftp and other protocol serices on the same machine. :lso, make sure that if you are
deliering electronic product, only the person that bought it, gets it. For this you should
either be copying the product to some uni,ue place only that person is gien access to or
hae a one time password scheme allowing only one shot at downloading the product.
The concern of the web serer allowing access to files that are sensitie is best taken care
of by your disk organi0ation. Below is a screen shot of a sample organi0ation of your web
serer folder structure using Web5tar and Web2atalogC
Figure 2. Folder Structure for a typical web server.
Figure 3. Folder structure inside WebStar.
Figure 4. Folder structure inside WebCatalog.
#reas that we D&N'T care a'out security
There are many areas within the selection and buying process that are considered public
information and therefore don%t need security. In fact, the whole process would be slowed
down if it sent eerything through a 556 serer. Imagine if you receied a mail-order
catalog from .acWarehouse or 2lub-.ac and you had to put a decoder ring oer each
letter to figure out what it really was, that would take you hours just to read one page.
That is what your browser is doing with 556 data. 5o, big picture, you only want to use
556 when you are expecting sensitie data from the customer, like a credit card number.
8rotect that from eaesdroppers with 556, eerything else should go thru the non-556
serer.
Conclusion
e2ommerce is more secure than most business we conduct eeryday and is getting better
eery minute. Jnowing arious hacking techni,ues on the Internet and haing built an
e2ommerce package, if I wanted to get a few credit card numbers I would head for the
local bar and go thru the dumpster long before I would start going after websites. Eie
yourself time to understand and work with your new sales force. : properly constructed
website benefits the consumer with up to the minute information and immediate
response. The same website seres as hundreds of sales people for the merchant, all
trained with exactly the right information as well as access to tracking information etc.
The positie return for the customer and the merchant will help to oercome the myth
and fear of the security on the Internet. I would like to end on a obseration about most
credit cards, een if it is stolen, the owner is only liable for &*$.
There are a ariety of tools on the market to help you construct your e2ommerce web
site. >ach has its own strengths and weaknesses. To choose the best for your needs, you
must carefully research the speed and responsieness of the serer under load, how they
handle the security areas and your database connectiity needs, do they hae to handle a
lie existing database. +ou can find more information to help you with your research at
these web addressesC
8acific 2oast 5oftware at httpCDDwww.pacific-coast.com.
>eryware Inc. at httpCDDwww.eeryware.com.
BlueWorld 2ommunications at httpCDDwww.blueworld.com.
Icat at httpCDDwww.icat.com.
5tar=ine Technologies at httpCDDwww.starnine.com.
(ay )an )ark is the founder and 2>B of 8acific 2oast 5oftware a Internet commerce
tool and commerce site hosting company, deelopers of Web2atalog ? Web.erchant,
marketed by 5tar=ine. May has an engineering background and continues to do much of
the engineering on the products and serices that 8acific 2oast 5oftware offers. -e is also
an actie speaker with the .ac2ryptography conference as well as other Internet ?
.acintosh conferences. +ou can reach him at jay'Npacific-coast.com