Selling on-line in a changing world
===================================
by Gordon Woolf
You've got a web site. You want it to sell for you -- finding a worldwide market.
First, take a step back and recall those multi-million dollar online stores which opened with a flourish and closed with not so much a whimper but with tears gushing as fast as the losses.
A small business can make money on the Web -- but you have to think cheap.
Profit depends on keeping costs under control. If you can set up a selling system in time which would not otherwise be spent creating profit in more traditional ways, then you will be ready for the upswing which will come (if someone can only predict when).
The public is becoming aware that they can buy things on the Internet more easily and often cheaper than by driving to the store or by mail order. But they are also being hammered by the messages that they must play safe.
So, anyone inviting internet sales has to offer a secure way of transferring the money. That can be costly, but it does not have to be.
Giving card details over the Internet is no more dangerous than giving it to a market trader you don't know, or giving it over the phone. Most thefts of card numbers have been from the offices of traders, not during their transmission. Misuse of card numbers is more likely to be due to a rogue merchant or a rogue employee of a reputable merchant.
You may have the most secure online ordering system that money can buy, but could you then leave printouts of the details on your shop or reception counter unattended or leave the details on the PC when it is traded on an upgrade? The buyer would have been safer sending the card number by email to a merchant who deleted the file and shredded the printout a month later.
In the not-too-distant future, the buyer will be persuaded that his credit details should go one stage less: straight to the card company or bank which then tells the merchant the money is on its way to his account.
A shopping cart is a program which takes over when the visitor to a web site clicks on a button to make a purchase. It can be on the same computer as the website, or it can be on a secure computer operated by the company hosting the site, or it can be in a computer farm operated by a firm specialising in handling secure transactions.
The transaction can also be handled in two parts. The initial detail collected, such as the items ordered and the address to which they should be sent may not need to be at a very secure level, if indeed they need to be secure at all. However, the credit card number does need to be entered over a secure connection.
The most common secure system is what is known as SSL, the "secure sockets level" and it is the change to this which brings up the lock symbol in Internet Explorer or the unbroken key in Netscape. It is the level of security used for most Internet banking. The key or lock indicate that your information is being encrypted at your end and unencrypted at the other end. In theory, anyone who comes across the information while it is in transit will merely see a set of nonsense characters.
However, a customer needs to know where the message is going. Is it going to the firm you think you are dealing with, or has the address line changed to some strange name you have never heard of? If so, does it matter? You may even get a message box indicating that the security certificate is current but that it is not held by the domain name you have reached.
Security certificates cost many hundreds of dollars, so many service providers and web hosts let their customers use the host's certificate. This is acceptable as you can easily find out who is the certificate holder, but is the main reason businesses using such a service will let the genuine host's name appear as the address; this stops the message box which many users would not understand and which could put them off the transaction.
In our case we use, as one option on our Australian web site, hosted by Web Central in Brisbane, a simple web order form that actually resides on a different server operated by the same hosting company. When a customer enters details here they are connected securely to that server, which sends a plain unencrypted email to the merchant just advising that a new order has been received.
To get the details of that order, we have to go via our web browser to the secure server and enter a password in order to get the order and credit card details via a secure connection.
The next step up is used on both our web sites when the customer clicks on a "Buy Now" button. In this case the customer is then connected to a server at a separate company which specialises in handling secure orders. In this case we use one of the major free or low cost services, Mal's E-commerce, in the United Kingdom.
Mal doesn't handle credit card transactions themselves. His company just ensures that the numbers are collected in a secure way and passed on to the merchant. The information about what you have ordered is passed to Mal's computers as part of the process of transferring the buyer to the order site. This is a sequence of information which follows a question mark after the domain name.
Below is a typical sequence which is actually an order for one of our books. It passes the information from our site to Mal's about the item name, the price, information which helps to calculate postage or freight such as the item's weight, and the address of a web page to come back to when the transaction is complete.
http://ww3.aitsafe.com/cf/add.cfm?userid=5520373&product=Publication+Production+using+PageMaker&price=55.00&units=310&return=www.worsleypress.com.au/books.htm
It is similar to the links which search engines connect to a search for a website, and it does not contain any information on who the buyer is, the address etc -- which is added on the first stage of the visit to Mal. When details of the item ordered and the cost have been presented to the customer and agreed, the customer is then transferred to the secure server where card details are entered.
The customer is given a receipt number on a web page and will usually be sent a confirmation by email at the same time as an email with very basic order information is sent to the merchant.
To get the credit card details, the merchant has to use one password to reach his area of Mal's site, where full details of the order can be obtained, but he then has to use an additional password to reach the credit card number and details. The merchant then enters these in his usual way, probably by a terminal identical to that seen in any retail shop. For smaller merchants who have a retail outlet, it is probably that same terminal. Merchants who take phone, mail and internet orders have to have approval from their bank's card department to be able to unlock the ability to enter card numbers via the keys rather than by swiping the card itself.
Until now, the card number will only have been checked to see that it does have the correct number of digits and that the final check digit is calculated correctly. Now, it will be checked for being credit worthy and has the correct expiry date. Only at this stage is there any communication with the card company's computer, via the bank's computer, to get authority for the transaction.
The next step forward in web transactions comes with the services offered by well over 30 US companies, a few elsewhere in the world, but only via some banks in Australia to users of their own merchants websites, by which card approval can be obtained while the customer is still on line.
Another option for this service is the WorldPay service linked with the UK-based National Westminster Bank which adds an additional bonus for small businesses wanting to trade internationally. This is to offer the customer the facility of being charged in their own currency. As each additional service adds extra cost, small companies might restrict this to offering prices in US and Australian dollars and perhaps UK pounds. No longer does the Australian seller have to explain that the US dollar price is approximate and that the amount on the buyer's statement will be determined by the currency conversion rate on the day the transaction goes through. Buyers can be worried by that "approximate", especially those who have not ordered from overseas before.
This kind of service is offered to New Zealand sellers via the Bank of New Zealand's BanqOnIt service, but there is as yet no indication of when the service will be extended to Australia, though it will almost certainly happen.
The big benefit to customers in the WorldPay and Banquit transactions is that they are giving their credit card details only via a secure connection to a bank's computer. The merchant does not get those details, just a confirmation that the transaction was approved, and sufficient information to supply the ordered product.
It can be expected that this kind of transaction setup, which is offered only by a minority of merchants on the Internet at present, will become the standard. Customers will come to expect it, and that will lead to more options from the banks. Choices may also be widened if the Government allows more non-banks to offer credit cards.
As a guide, the WorldPay system costs around A$600 to set up, with ongoing costs of about A$450 a year, on top of normal web hosting fees, and around a 4.5% fee on each transaction (about what a micro retailer will currently pay the card companies, slightly more than most small retailers are paying).
On top of this will be the cost of the shopping cart software itself. Although it is possible to use homemade or free CGI scripts as a basis, there are more than 100 options in software that is recognised by the major gateway services such as WorldPay. Both the software suppliers and the gateway companies offer kits, usually free, with either additional software or the detailed instructions to make them work together seemlessly.
The shopping cart software ranges from free (such as those based on the original ones by Matt Wright and Solena Sol) through commercial ones which cost anything from a few dollars to several thousand. With many the software is provided for a flat fee, while others offer the software at low cost if they host your cart site at a monthly fee. It is an area where you have to try the demos and read the fine print.
The world of commerce on the Internet is changing.
-----
In a future article, Gordon Woolf will detail his shortlist of shopping carts and how he overcomes his present procrastination to reach a final decision. Gordon can be contacted at gordon@worsleypress.com
RESOURCES:
Matt Wright built one of the first Web shopping carts. Now he runs the CGI Resources Index, where as well as many other CGI scripts you'll find links to 128 shopping carts written as CGI scripts:
More advice on e=commerce development from a site which could be anywhere in the US, but is actually run by Michael Bloch in Adelaide.
There are at least a couple of Australian companies which produce shopping carts. WebGenie is at which is a system based on CGI scripts for Unix-based servers, and Virtual Programming Pty Ltd with VP-ASP at which is an Active Server Page system for Windows based servers.
Mal's e-commerce is at
WorldPay is at
SHOPPING CARTS
They are called a supermarket trolley in Australia but in the USA they are shopping carts and they were first used in 1937 in Oklahoma by store owner Sylvan N. Goldman who thought his customers could not carry enough in their hand-held wire baskets.
CAPTIONS
pic1:
The setup of a shopping cart is complex -- mainly because of options such as freight. In this example, cComm Pro allows almost limitless weight and country combinations. Then you can add multiple choices for freight methods.
pic2:
At the other extreme, the shareware program "Shopping Cart 3" offers little other than a list of products with pictures for each and a weight setting to calculate freight. But even here there are five setup screens.
pic3:
With Mal's E-Commerce, the shopper only enters a secure are for the entry of credit card details. At the merchant's end, two passwords are needed to get to where these details are kept.
Ask us for access to the pictures: gordon@worsleypress.com