Electronic Commerce Tutorial

By HTMLGoodies Staff

written by Bob Browning

The Internet is a different sales medium with some direct sales and some retail
characteristics. Marketers will have to learn new skills and attitudes to be successful.

Any e-commerce solution needs to be functional and secure. Planning is vital, and other
papers in this series discuss the business and technical issues that have to be addressed at the
planning stage.

Introduction
Electronic commerce over the Internet is predicted to grow at an ever-increasing rate over the
next few years, with on-line sales already heading for several billion. Many companies are
using this new sales channel, and a few retailers now have established major on-line sales
sites. There have been some successes, particularly in technology, business-to-business and
niche markets.

This paper has been produced to summarise the basics of electronic commerce, covering on-
line catalogues and on-line purchasing. We have not attempted to review the subject of
Electronic Document Interchange (EDI) which is clearly related, but is a very specialised
subject.

The Market
The Market in the UK and Europe

The NOP organisation publishes survey results on its Web site. The following quotes are
from that source:

Home shopping is still at an embryonic stage in all three countries. Approximately

10% of Web users in France, Germany and Britain have shopped on-line in the last
four weeks.
The NOP findings indicate that, as a proportion of the total adult population, the
percentage of people who have used the Web in the past four weeks is highest in
Britain and Germany. France currently has the smallest proportion of Internet users
with relation to its total adult population - 6 per cent (2.87 million people).

Putting the Kibosh on Shadow IT: Best Practices for Hybrid Cloud Management
Download Now

The criterion of having purchased in the last four weeks is a little rigid, and most users will
purchase less frequently than this. US studies indicate up to 25% of Internet users shop on-
line, so the UK 'Internet Shopping' population is probably in the half to one million range.

However the potential figure may be much higher. In a recent survey more than half of those
surveyed said they had no qualms about using their credit card over the Internet. So there
may be as many as 2-3 million people who would purchase if the sales proposition is right.
This research was carried out by leading market research company BMRB, for Internet
Monitor.

In mass-market terms this may still be considered low, and merchants selling low-value items
may not find that they generate the volume of business to justify a large expensive site. Any
projects of this nature, such as supermarket sites, are experimental at this stage.

There are however profitable e-commerce operations in niche areas, business-to-business or

export markets. For example, Textor Webmasters Ltd has been building a successful business
intelligence site in partnership with CMS. Initial growth was slow, but now with the benefit
of three years of experience and development the enterprise is profitable and has a very
respectable turnover.

We recommend that merchants with the right product line and a good business plan start now
with this sales channel. In most cases expect slow but steady growth rather than an immediate
'pot of gold'. Establish a beachhead now and grow your Internet presence so that when the
market takes off - which it will - you are ready to take advantage of the opportunities that
present themselves.

The Worldwide Market

The total figure worldwide for Internet users is in the region of 200 million. Clearly anyone
wishing to export should look at the Internet as a sales channel.

Selling on the Internet

Marketing versus Selling Web Sites

Most companies with an Internet presence have a straightforward marketing site. The
objective of the site is to supplement traditional marketing activities, perhaps give additional
information, and generally promote the company. There is often a reluctance to give
complete product details because the objective is to induce visitors to call or write to the
company for more information and thus establish contact.

A selling site is different. The objective is to close the sale electronically with payment (and
sometimes delivery) made over the Internet. This type of site will be designed to include
comprehensive product information, as visitors will be expected to make a purchasing
decision based on the information presented.

Such sites generally have three sections:

Marketing and added value information. This is aimed at attracting customers,

giving them a feel for the contents, and giving them confidence in the retailer.
The catalogue. Detailed information on product benefits, specifications, and
pricing.
 Order processing. This will include a method for specifying and paying for the
order. More advanced systems may have a method for the customer to go back into
the system to check progress and delivery of the order.

The true electronic commerce site will have all three components in some degree.

Such sites may be stand-alone, or may form part of a larger retailing site called a shopping
mall.

Shopping Malls

Internet shopping malls were set up early in the development of Internet commerce. A
shopping mall has a standardised environment into which several merchants are held in a
single Web site. They offer advantages to a new on-line merchant:

A standard environment for setting up the catalogue and arranging payment.

Someone else is arranging for promotion of the mall as a whole.
In the UK, where the payment processing has historically been a problem, it has
meant a trouble-free credit card collection mechanism.

However these benefits have not generally materialised. Malls work in the real world because
there is something that attracts visitors, generally a large department store. Once visitors
arrive, park their cars and start shopping, it is convenient for them to shop at other merchants
in that same locality. The Internet is not like this. It is as easy to visit another shop anywhere
in the world as the next shop in a virtual mall. People shopping for books are going to
search for book sites. If they browse, it is the list of matches to their requirements from a
search engine, not an on-line shopping mall.

From the infrastructure point of view, catalogue software and payment processing is now
more widely available. Many merchants who started out in a shopping mall have graduated to
a stand-alone site.

Building the Business

It is not enough to simply set up the catalogue and electronic commerce programs. Build it
and they will come has never been an approach that works on the Internet. The site must be
promoted both on the Internet and via traditional means.

The biggest single source of visitors is also the cheapest. Registering with a few major search
engines will generate over half, perhaps as much as 75% of your potential total traffic.

Other techniques are:

Negotiating links with other Web sites

Traditional marketing and PR
Advertising on search engines and other high traffic sites
Associate programs by which sites that refer visitors get a commission on sales.

Once the site is built and registered, look for other ways of building business such as special
offers. Visitors can be tracked through the site and offers customised to their interests. These
techniques are in their infancy, but are being developed rapidly.

Is this direct marketing?

Direct marketers should also not make the mistake of equating the number of Internet users
with a mail shot of that size. If there are 2-3 million potential Internet shoppers in the UK, a
Web site is not like a mail shot to 2 million people. Only a tiny fraction of these will ever find
your Web site and see it at all. The good news is that they will by and large be people
interested in your product.

Direct marketers often have difficulty with handling on-line catalogues. The fact of the matter
is that if someone visits a site and decides not to purchase, then that is the end of the matter.
If someone is sent a catalogue or brochure and decides not to purchase, the merchant can re-
send the catalogue, follow up by telephone, and so on. Direct marketers are often loath to lose
the degree of control implied in traditional methods.

Is this one-to-one marketing?

Internet selling is not retail, and it is not direct marketing. It has its own characteristics, which
are evolving as the technology develops. As we learn more about this area we are finding
new innovative ways of building the business, which are unique to this medium. Increasingly
we are looking for ways to build a one-to-one relationship with customers using the Internet.

This has to be done carefully. You might be able to tell that you have a repeat visitor, but that
person might not like the idea that someone is keeping track of his or her movements. By all
means keep records of visitors' preferences so you can present them with the right special
offers when they return. But be subtle - or preferably do this by consent.

This new world will require new attitudes and new marketing skills. It may not be right for
every business, but when it is appropriate it can offer a low-cost channel with an outlet in
virtually every country in the world.

The On-line Catalogue

The key to a good electronic commerce site is to provide an environment that makes it easy
for the customer to navigate through the catalogue of products and ultimately make a
purchase. How does this work? In the following section, we take a look at the purchase cycle
from the point of view of the customer.

Navigation

The customer must be able to find the product they need without going through endless levels
of indexes or menus. The visitor should be able to get to the product they need with very few
clicks.

80% of visitors to any site will take one look at the page they arrive on and then leave. It has
been estimated that you lose 20% of visitors every time you ask them to link to a new page.
Good navigation is essential.

The information must be comprehensive once the customer has located the product of
interest. Provide pictures and diagrams to help the customer understand what is being offered.

The Shopping Cart

When the catalogue is small (say less than 20 items), a simple order form will often do the
job. However on larger sites the customer will flag products during this browsing session to
be added to an electronic shopping cart. At any point the customer can review the contents
of the cart, the cost and so on. This makes it easy for the customer to browse the site selecting
products as they go.

Check-out

When the shopping session is complete, the customer clicks on a hyperlink which takes him
or her to the checkout page.

At this stage the customer is presented with a list of the goods marked for purchase, the total
cost, shipping, handling, tax, etc. The customer can then add shipping instructions, name,
address and so on.

The customer is normally given a range of payment options, and some of the more common
are discussed in more detail below. The most common is to use a credit card, and the
customer enters the card number, name on the card and expiry date.

At this stage the Web site should switch to secure mode. The technology normally used is
called SSL (Secure Socket Layer). This means that all communication with the server is
encrypted in such a way that eavesdroppers cannot (without disproportionate difficulty) steal
the credit card information. We shall discuss this further later, but it is important for customer
confidence that the site switches to secure mode as soon as credit card information is
requested.

The customer will get visual warning from his or her Web browser that they are in secure
mode, a blue key and blue line in Netscape or a padlock symbol in Internet Explorer. There
are some older browsers that dont support SSL but most do.

This technology is widely used and quite well understood by Internet users. Most articles on
e-commerce rightly emphasise the need for customers only to give up confidential
information in a secure session, and users will look out for it. We believe that it is essential.

It is worth mentioning at this stage that a secure server is not absolutely necessary for bank-
approved (and indeed very secure) e-commerce. There is a new British e-commerce product
that uses its own Java-based encryption, and therefore does not need a secure server
environment.

There are practical benefits here, and the solution is very cost effective and does not require
more than a standard Internet server operation. The important issue here in our opinion is that
the customer does not get the visual feedback from a secure session (the blue key in Netscape
or the padlock symbol in Explorer). So irrespective of the technical merits of this solution, we
believe it could adversely affect customer confidence.

It is not enough to be secure - you must be seen to be secure.

More on security later.

Payment and Order Processing

There are a number of catalogue Web sites being run by UK companies, varying from large
sophisticated book retailers to small mom and pop operations. The most popular payment
mechanism is payment by credit card, and clearly such payments must be secure. However in
a review of a number of such sites, we found that only a minority offered credit card payment
over a secure link.

Other options are:

Credit cards over an insecure link

Purchase orders only
Purchaser contacted later by phone or post
Purchaser prints form and faxes it

The few sites that accept credit card information over an insecure link are almost certainly in
violation of their agreement with the bank that is accepting their payments. They are also
taking on the business risk of fraud. The risk does not stop at the bank but gets passed on to
the merchant. .

Issues for these sites are:

Perceived non-availability of secure payment methods. We discuss payment

methods and security issues below.
Inability of the design shop that developed the Web site to implement a complex
catalogue or secure payment system.
Difficulty in finding a commercial Web site hosting operation that will offer a
suitable secure environment.
Perceived cost of setting up a merchant server.

Most of these issues are perception rather than reality. There is no reason why a merchant
should not be able to offer a fully functional catalogue site with a proper secure payment
mechanism. This can be done very cost-effectively.

What is involved in credit card processing?

The steps in credit card processing are as follows.

Authorisation

The merchant must first obtain authorisation for the charge from the merchants credit card
processing company. Authorisation simply means that the card has not been reported stolen,
and there is sufficient credit on the card. It results in the customers credit limit being
temporarily reduced by the value of the transaction.

There are two ways in which authorisation may be obtained:

 Manual: The merchant downloads details of the sale from the computer that is
acting as Web server. The merchant then requests authorisation using their normal
method such as a point of sale (POS) terminal or PC program.
Automatic: The server software communicates directly with the credit card
processing company computer and arranges authorisation on-line.

Clearly option 2 is preferred, but this is more complex and the costs are greater.

Capture

The final stage is for the credit card to be debited. This can happen at the same time as
authorisation, provided that the merchant guarantees that delivery will take place within a
certain fixed time. Otherwise capture should take place when the goods are shipped.

If the merchant's business is such that capture can take place immediately, then this can also
happen automatically. Otherwise a second manual process is required.

Chargeback

Regretably, there is sometimes a further stage at which the customer is dissatisfied and
arranges for the transaction to be cancelled. Because many Internet sales are made to
overseas customers, many banks perceive that there is an increased risk of chargebacks. It has
been reported that some merchants will not accept orders to Russia because of the frequency
of chargeback.

Note that the fact that a payment has been authorised by the bank does not provide any
protection against chargeback.

Other Payment Methods

The discussion above has concentrated on credit card payments because they are the most
efficient for most purchases.

However there are a number of alternatives, and you should offer as many of these on your
site if you can, for example fax and telephone ordering should almost always be offered.

Fax

Simply printing an order form and faxing it to the merchant is feasible and reasonably secure.
The form can be the secure order form - simply offer this as an option in the text.

Telephone Order

Offer customers the option of calling in their order, using the order form as a prompt. Many
will prefer this, and the order form will be useful in confirming product codes and prices.

Micro-payments:

Whereas credit cards are fine for significant purchases, they are not efficient for a purchase of
only a few pence (a micro-payment). There are systems being developed which operate like
an electronic purse which can be recharged using traditional payment mechanisms. The purse
can be depleted without formality for these small payments. Micro-payment systems are seen
as a significant future development. The main players are:

Mondex originally developed in the UK but now operated by Master Card. This
relies on the use of SmartCards to hold the value, and payments can be made from
card to card without any intermediary. This makes the Mondex card a powerful
substitute for cash, and with cheap smart card readers becoming available for PCs, a
very acceptable Internet payment method.
Visa Cash has been developed by Visa.
Cybercash already has an electronic wallet concept to retain credit card information
and pass it securely to a merchant (see below). This concept can readily be extended
to electronic cash for micro-payments.
Ecash is an early cash system, which is unlikely to survive in competition with
giants like Visa.

Remember that micro-payment systems are often seen as less secure than other payment
methods. For example the smart card can be stolen, like a real wallet. A trade off against
security is part of the concept. For this reason there will normally be an upper limit to
transaction and wallet sizes.

Proprietary Payment Systems

These were developed before secure server technology was widely available. They operate in
different ways.

Cybercash uses an electronic wallet to hold credit card details and to transmit
them securely using their own encryption software.
First Virtual uses a system of e-mail messages to confirm the sale.

The problem with all of these proprietary systems is that they require the user to do
something to set themselves up, either to install special software or to register with the
organisation.

Electronic Cheques

These are quite possible and are in use in the USA.

Purchase Orders

For business purchases a purchase order would be appropriate.

Security Issues
Why is the Internet different?

There is a widely perceived risk attached to payments made via the Internet, and this
perception is in some circumstances justified. This is not like making a phone call or sending
a fax. The information sent from the customer to the Web server may pass through many
different stages before being delivered. The information is in digital form, and at any stage an
unauthorised individual may scan every message looking for credit card numbers (which are
easily identified).

The difference between this process and a telephone call or fax is that the scanning process
can be automated. It is as easy to check every message as to check a single one.

Secure Socket Layer (SSL)

It is therefore essential that traffic be scrambled (or encrypted), and the standard SSL
protocol developed by Netscape provides a high level of protection. The US government
views encryption technology as munitions, and therefore the only version of SSL available
worldwide is the relatively weak 40-bit version. However, this version is quite strong enough
to protect against automated scanning as described above, as it takes over an hour to crack
one message.

Browsers that support this technology indicate that a secure session is in progress by showing
a dialog box, or in the case of Netscape Navigator by showing a blue key on the screen.

Beyond the Blue Key

Even if the customer is protected by SSL technology, it is clearly important that the
information remain secure.

Once stored on the Web server, and before being passed to the merchant, the information is at
risk from someone breaching security on the server and examining the files. Protection from
this can be provided by either:

Encrypting the information stored on the server

Using a firewall to protect the information. A firewall is a device (or a piece of
software) which limits access to a server to specific types, such as Web traffic only.
An important UK acquiring bank (Barclays) insists that credit card data be held
behind a firewall.

The further stage of sending the information to the credit card processor, and to the merchant
must similarly be protected.

The blue key which Netscape Navigator provides to show that a secure session is under way
is therefore no guarantee of total security, and the reputation of the merchant (or the payment
process) is also important.

In an attempt to overcome these weaknesses, the industry has developed the SET
specification. SET stands for Secure Electronic Transactions.

SET

The SET standard has been developed to protect payment instructions in transit. A discussion
of SET is outside the scope of this document, and we recommend that anyone interested in
this subject download the SET business description document from (e.g.) the Visa site
(http://www.visa.com).
SET is expected to become operational in 1998. However progress is slow. For SET to
provide the ultimate level of security it will be necessary for each cardholder to be issued a
digital certificate by their credit card issuer. This presents significant logistical problems,
and is unlikely to be rolled out in less than 3-4 years. There are a number of unresolved issues
here which deserve a paper of their own!

Online Authorisation
Payment Gateways

You may need authorisation to be made on-line:

Because you are delivering the product immediately over the Internet.
Because you want to bypass the manual effort of keying the information into your
bank terminal.
Because you want to protect yourself from fraud. Much credit card fraud happens at
the merchant. If the credit card information is handled by the computer, the chance of
in-house fraud is reduced.

Generally speaking, connecting your computer directly to the bank is a very expensive
option. You can however go through a number of payment gateway services. There is a list of
services on the Textor Webmasters Ltd Web site.

These services interface with your Web application in some way to create the link to the
bank.

If you are using shopping cart software then it has to be interfaced to the gateway. For
example we have interfaced our primary product (Shopsite) to a leading gateway service
(DataCash). This is never going to be a straightforward thing to do and it is important that
when signing up to a gateway service you are sure that they can interface to the software you
need.

Form-based Services

If you are using a simple order form with no shopping cart then the form can possibly be
handled by the gateway operation, eliminating the need for a secure server.

Commerce Service Providers

The most complex type of service is called a Commerce Service Provider (CSP). A CSP
offers a complete shopping cart and back-office environment which can be used by a
catalogue running on their or another server. The CSP uses complex industry strength
software - of which the market leader is Transact, produced by Open Market.

The unique feature of Transact is that the product details can all be held on a catalogue Web
site on a non-secure server. They do not have to be held in a product file on the secure server,
but can just be built into the Web site. When the customer presses the order button, all the
product details are passed to the shopping cart software at that time. What is more, they are
passed in a fraud-resistant way guaranteed by security keys.

This has a number of important implications, and is one reason why Transact carries a six-
figure price tag. One of these implications is that a company can offer Transact as a utility
that can be tapped by merchants without requiring any sort of complex product file-
maintenance operation. The merchant needs only a simple piece of software to create a
security key against each product offering.

A further implication is that there is no real upper limit on the size of a catalogue, and
because of the strong software involved there are no real transaction volume limits.

There are about four Transact-based CSPs in the UK today. Because of the significant
investment required these are all major organisations.

Shopsite, offered by Textor Webmasters Ltd, is an Open Market product and an interface
between Shopsite and Transact is promised. This gives merchants who purchase Shopsite a
good expected upgrade path to Transact if the volume of business warrants or if they feel that
a major support organisation is required.

Planning
Planning is an important part of this type of business, as it is with any business venture. We
suggest three main stages to the process:

Business Requirements

Make sure you understand the market, and that you understand the business processes that
you need to implement. Select a project manager and ensure that project disciplines are in
place. Produce a first-cut budget.

Technical Requirements

Identify the technical requirements you will need to satisfy. Draw up short lists of products
and services. Refine the budget.

Selection / Procurement

Finally, select the products and services you need to start the project.

It may seem obvious but it is important to procure products and services only after the
business and technical investigations have been complete. Businesses that start by (for
example) selecting a software product or a service provider before the business requirements
are clear are in danger of not meeting those requirements.

Conclusion
Electronic commerce is a new form of marketing with a predicted explosive growth over the
next few years. The technology underlying the market is quite complex, and will become
more so as new payment methods and Web technologies come on stream. The marketing
approach is also new and different. The key to success is to find innovative ways to use that
technology to attract customers and build business.

This paper is intended to give an overview of the most important concepts in electronic
commerce. Other papers in this series will:

Give guidelines for the business requirements study.

Give some guidelines for the technical requirements study.
List some guidelines for creating a successful site.

Now is a good time to enter this market at a relatively low cost, to learn how the market
works, and be ready to take advantage of new opportunities as they arise.

This Electronic Commerce Tutorial is presented in three sections. Click one of the links
below to continue reading.

Electronic Commerce Primer

Planning for Electronic Commerce: Business Issues
Selecting an Electronic Commerce Solution

This Electronic Commerce Tutorial is courtesy of Textor Webmasters Ltd. Textor are located
in a leafy suburb of London, and are one of the most innovative Internet shops in the UK.
They specialize in electronic commerce.

Bob Browning is the President of Textor Webmasters Ltd., a London Internet consultancy
that specializes in electronic commerce.

This article originally appeared on WebDevelopersJournal.com.