Implementing basic eCommerce: shopping carts, payment

gateways, security, fulfillment

MGMT 230WEEK 5

Midterm – Thursday October 22nd

• Closed book test. During normal class time

• 30 short questions. (Multiple-choice, short answer, definitions etc) (30 marks)

• 4 Mini-Essay Questions (20 marks) 8 questions will be provided ahead of time (later this week). 5 of those questions will be on the paper

The midterm will cover:• Required reading materials listed on the

course website (Weeks 1 – 6)• Material covered in lectures (your own notes

plus the ppt slides)• Theoretical material covered in labs (not

practical techniques – these will be tested in the lab assignment)

• I will review the mini-essay questions in the lecture next week

After today’s class you will understand…

• The basic requirements for an organization or business to conduct eCommerce (basic selling on the web)– Shopping carts and merchant solutions– Payment systems and payment gateways– Basic website security– Fulfillment and logistics

SMALL / MEDIUM BUSINESSES AND ECOMMERCE REQUIREMENTS

SMEs and EC• Many small /medium businesses are uncertain how to

deal with the technical issues and potentially high costs of getting into full electronic commerce

• Creating an online selling environment requires time, money, and expertise - most businesses look to outsourcing in one form or another

Key functions of an electronic commerce system (merchant

solutions)• The e-commerce system must provide:

– Product information (catalogue database, metadata, search functionality)

– Shopping cart and inventory systems– Secure transaction capability / payment gateway– Shipping / fulfillment– Linkages with other IT systems in the firm (inventory,

financial systems etc)– Customer service / support

Secure transaction

A basic electronic commerce transaction: the process

Catalogue browse and search

Fill out shipping details

Enter CC #

Order verified and processed

$$$

CC verified by provider

Chapters.ca

Options for acquiring eCommerce functionality

1. Build and code from scratch – bespoke development (HTML, CSS, databases, eCommerce functionality etc)

2. Use a content management system (CMS) as the foundation for the site

3. Build using templates, infrastructure and services provided by a vendor (outsourced / hosted solution)

4. Use another eCommerce firm’s storefront technology

1. Build from scratch – custom programming• Programmers create the software (including databases

and middleware) required for all the functionality– Can be slow to develop, expensive, and error-prone– But, can have whatever features and functionality is

desired– Usually only v. large companies, or very small internet

startups take this approach– Can give exclusivity and competitive advantage– Amazon and Craigslist– Wide range of firms offer services of varying expense,

sophistication, and levels of expertise (the sky is the limit in terms of cost)

2. Use a content management system (CMS) as the foundation for the site

• A content management system is in simple terms a database of content that feeds a set of HTML and CSS customizable templates

• Examples of web content management systems• Wordpress (it is said that Wordpress

powers 23% of the web); Joomla; Drupal etc

– A more affordable solution than custom development, but skilled technology experience still usually needed if customization is wanted

• We will be using WordPress to build a very simple website in the second half of the semester

3. Build using templates, infrastructure and services provided by a vendor

• Vendor will take care of all the management of the software so no IT experience is required

• Plug-and-play eCommerce• Limited functionality and tailoring for particular business

needs – Based on templates– Very limited customization so your site may look very similar to a

competitor’s site– Pricing often depends on sales volume / usage– Disadvantage is that the site is not usually exportable for hosting

elsewhere (these are non-standard, proprietary systems)• Examples of vendors of template-based sites

– Squarespace, Weebly, Wix etc• Relatively inexpensive – targeted at small business

4. Use someone else’s storefront technology• Place products in another company’s store• Use their payment and fulfillment functionality

– Example: Amazon Services– Price: subscription fee + commission fee

• What are the advantages & disadvantages of this model?

• A variant of this option is to use a specialist online marketplace such as Etsy.com – info and pricing

FOCUS ON PAYMENT SYSTEMS AND GATEWAYS…

Electronic payments• Confidence in a secure payment environment is one

of the most important success factors in eCommerce• B2B transactions

– Electronic Data Interchange (EDI)– Electronic Funds Transfer (EFT)

• Consumer eCommerce– Credit cards– Person-to-person transactions via an intermediary (eg.

PayPal)– Other forms of eCash such as BitCoin P2P Digital currency

Credit cards • The most popular form of payment on the web• The process of using a credit card involves several parties

– Cardholder - purchaser– Merchant - the entity that accepts the card in exchange for goods or

services– Card issuer - financial institution (usually a bank) that establishes an

account for the cardholder, and issues credit– Acquirer - financial institution (usually a bank) that establishes the

merchant account, and acquires the credit card vouchers / sales slips– Card association - association of issuers and acquirers eg. Visa,

MasterCard - authorizes the credit transaction, and guarantees payment to the merchant

– Third party processors - outsourcers who perform some of the duties of issuers and acquirers

• signing up merchants, billing customers etc

Merchant fees for accepting payment via credit card

• “Merchant fees” paid to the acquiring bank by the eCommerce firm that accepts credit card payments

• Typically between 1.5 – 3% of the purchase price

Electronic payment gateway: handling online credit card transactions

• Electronic payment gateway: software and hardware interfacing merchants and credit-card authorization networks.

• When an order is received, the gateway passes the payment information to an off-site server run by the gateway company

• The gateway company then handles the processing activities and authorizations

• Moneris and Dejardins are examples of gateway providers used by Canadian banks

Source: Electronic Commerce 7th ed. Schneider. Thompson. 2006

What happens when someone uses a credit card on a merchant’s website

• Submits card number and purchase amount (protected by SSL) to merchant

• The information plus merchant’s ID# is passed to the merchant’s acquirer

• The acquirer sends the information to the customer’s issuing bank for approval

• The issuer sends its response (approve/disapprove) back to the acquirer, where it is passed on to the merchant

• After the transaction is complete, the issuer settles the transaction

Merchant Merchant’s acquirer (bank)

Credit card fraud

• Serious problem for merchants• The merchant has to bear the loss

– treated as “card not present” transactions, where the merchant takes the risk - not the card holder or the credit card company

– merchant loses the value of the sale, and has to pay the credit card company not only the commission, but also a “charge-back” fee (typically $25 - $100)

• VerifiedByVisa program

Person-to-person payments • Enables the transfer of funds between individuals• PayPal is the most successful - there were several

competitors, including Yahoo for a while (strong network effect makes it difficult)

• User must open an account with the selected service, and provide a credit card number or bank account number

• Put money into the account• Specify the email address of the recipient of the payment and

the payment amount• PayPal emails the specified email address and puts the money

into an account for the recipient, that can be credited to a bank account or credit card

Some payment service providers• PayPal is now offering a range of services to help small

businesses take payments on the web (including credit cards)– PayPal Business Solutions

• Moneris targets medium and large firms• B2B focus with EFT Canada• Square and Stripe target physical and online retailers who

want a fast, non-traditional method of accepting credit card payments. – Fees are higher than “merchant” fees paid to credit card acquirer

banks

Trends toward other electronic payment options

• Broader markets - now including more and more people who don’t have credit cards

• Low value transactions (micropayments) - pay per view, pay per song, online gaming, MMOs, virtual currencies. They all allow money to be transferred over a network, without any face to face transaction

• Now seeing other forms of eCash such as BitCoin P2P Digital currency

• Mobile payments such as Apple Pay and Google Wallet – very fast-growing sector (although the credit card payment infrastructure still provides the foundation)

MAKING YOUR TRANSACTIONS SECURE

Transport Security Layer / Secure Socket Layer

• If the average user had to figure out how to encrypt and decrypt messages in order to pay for something on the web, there would be far less eCommerce

• All these issues are handled automatically and transparently by web browsers and web servers - primarily through a protocol called Transport Security Layer - previously known as Secure Socket Layer (SSL)

• When a website user clicks on a link whose web address begins with https rather than http, the communication is then encrypted using SSL

• The client (web browser) negotiates with the server to obtain a session key and to pass the message (eg. credit card number) in a secure fashion (in IE - indicated by a padlock symbol)

• Simple explanation of digital encryption using toolbox and key example

Digital certificates and certificate authorities

• For these security measures to work, we need “trusted third parties” to ensure that firms are who they say they are

• Digital certificates verify that holders of public and private encryption keys are who they say they are

• Digital certificates are issued by Certificate Authorities (CAs) - the most well known of these is VeriSign (now owned by Symantec)

• SSL Certificates: What are they? (video)

FULFILLMENT: MAKING SURE YOUR CUSTOMER GETS THE GOODS….ON TIME

Fulfillment

• The term fulfillment includes:– Logistics– Supply chain management– Transportation and inventory management– Physical distribution management

Fulfillment issues

• How will the customer pay for the product or service?• What is the best way to deliver the product or service

to the customer on time?• The “last-mile” problem• What customs issues are involved for international

orders?• How will I maintain sufficient inventory to ensure that

I can fulfill all the orders?• What business processes will need to be altered to

accommodate these fulfillment issues?

Customer Support: Questions eCommerce customers ask

• Where is my order?• Can I change my order?• When will my order arrive?

• The only way to effectively answer these is to move information along with goods and services. – provide customers with real-time, 24/7

access to the status of their shipments. • supply chain from the factory through

transportation to delivery must be completely visible

Outsourcing logistics

• Tie the eCommerce front end to a fulfillment back-end– Very often outsourced to a third-party logistics

specialist• Fulfillment by Amazon• Package tracking• Full service provider example

• Reverse logistics (returns)– Increased likelihood of returns in eBusiness