University of Portsmouth

Technology Extended Campus
Master’s project undertaken in partial fulfilments of
the requirements for the
MSc Degree in Internet Systems Development
Virtual Shopping and Payment Processing Centre
by
Srđan Popović
HEMIS No. 353328
Supervisor: Mr M.J. Lynch
Project unit code: PJ60P
December 2007
Volume 1 – Project Report

University of Portsmouth
Technology Extended Campus
Master’s project undertaken in partial fulfilment of the requirements for the
MSc Degree in Internet Systems Development
Virtual Shopping and Payment Processing Centre
by
Srđan Popović
HEMIS No. 353328
Supervisor: Mr M.J. Lynch
Project unit code: PJ60P
December 2007
Volume 1

Abstract
This project is about providing economically viable business-to-consumer e-commerce capability to micro and
small enterprises in middle income countries. The report outlines why these companies are not using standard
e-commerce practices as used in developed countries and describes a solution involving a virtual shopping
centre with product presentations submitted directly by shops. The requirements for this application are
obtained through interviews with small shops and analysis of their business practices, legal obligations and
restrictions. These requirements have been analysed using UML notation, with use cases and sequence
diagrams, and they have lead to a full system design. The application was developed and tested.
The report concludes that, although there is a room for improvement and implementation of additional
features, this application would provide added value for micro and small enterprises requiring ability to offer
their products over the Internet without prior investment. As the application is build around the idea of a
potentially profitable business model, for an online service provider it could represent a significant business
opportunity.

Keyword List
E-commerce, development, developing countries, micro enterprises, small enterprises, shops, shopping, retail,
payment processing

Acknowledgements
I would like to thank interview respondents for all the hours they have spent providing valuable information and
insight that helped determine software requirements for this project.
I would like to thank my project supervisor, Mr Mike Lynch, for all the guidance and advice.
I would like to thank my wife, Marinês Bortolete Popović, for her continued support in making this possible.

Declaration
I confirm that the enclosed assignment including any associated software is entirely my own work except
where explicitly stated otherwise. I further declare that when such other work is used it only supports my own
work and its inclusion is in accordance with normal scholarly conventions.

Signed: __________________________________ Date ___________

.......9 Summary ...............................6 1.......................................28 6..................................................................................................................14 3...............................................................................................................................1 Introduction.............................1 Elaboration on Technology Requirements ..................................................................................................9 1................................................................................5 Best Practice E-Commerce Solutions................................................................................................................................................................................................................................................................4 Technical and Financial Resources ..............................................................5 Online Credit Card Payments ...................................................................................................3 Standards ......................................................................................................... 4 List of Figures.......................................................................................12 2...........................................................................2 Adjacent Systems ..................................................10 2 Background Literature Review ...............................................................................................................................................................................11 2..8 1.................................9 1.................................................................8 1.........................................1 Functional Requirements.............................................................................................................12 2.........................................................................................13 Values............................1 Background.........................17 3..............................................................................................................................................................................................................16 3.........................................................11 2............................9 1...............................................25 5......28 6...............................................................................21 5 Further Requirements Analysis and Preliminary Design Choices ................................................................................................................................................................................. 1 Keyword List.......................................7 Other Obstacles..........11 2.................................................................................................................................................................................................................. Guarantees and Trust ....... 5 1 Introduction .........................................................................................................................................2 Non-Functional Requirements ................................ Constraints and Boundaries ................ 1 Acknowledgements ............................................................................................18 4 Requirements Model...........................................4 Legislation and Legal Issues........................................................................................................6 Application Description ................................................................31 .............................................................................20 4...............................7 1........................................................................................12 2..........................1 Interviews..............................20 4.......... 2 Declaration ........3 An Urban Phenomenon ............................................................11 2.....................6 1...............2 Interface................................8 Earnings Potential........................................................................................................................................................................................................................................5 Real World Target............4 Personal Theory on the Best Solution Route .........................................11 2.....14 3................................1 Database ..............................7 Expected Project Outcome ....................10 Project Objectives..................................................................................................... 6 1....28 7 Testing ..................................................................................8 Project Scope...........................................................................................................................25 6 System Design.................................................................................3 Application Programming.................2 From Use Cases to Programming Code: Using UML Sequence Diagrams .....................................................................................28 6..................13 3 Requirements Collection Process .......................................................25 5.......................................................................................................................................................................................................................................................................2 Obstacles to E-Commerce.......................10 1........................................................................................................................................................................................................................................................................................................................................................................................................................................................11 Logistics.........................................................6 1...........................6 Foreign Markets..................7 1....................................................15 3..Table of Contents Abstract................................................................7 1.3 Speculation of Problem Causes and Possible Solution Routes ..........................................................................................................................................................................................................9 Project Aim ............6 Payments...13 2...............................................2 Problem Definition ................................... 3 Table of Contents....................................................................15 3................12 Risk...........................................................

...............................................................29 Figure 6.............................................................................................................................................................................................................2 Functional Requirements and Interface ......................................................................34 10 Conclusions ..............37 11..........................................37 11...2 Evaluation of Practice and Methods ....................37 11.......32 9 Evaluation .......6 Figure 1................4 Research ......................................................................37 11...............................................................................................................1: Examples of minimal fee structure for existing e-commerce options available to small shops............36 11 Future Work ......................................................................................................................................................................................30 ......................37 11....................................................................................................................................................................................................................................................33 9............................................................................38 11........................................1 Evaluation of Project Product...........................................................................2: Simplified Sequence Diagram for Requirements Analysis ....................................................................................19 Figure 5............................................................................................................................................................................................37 11........................................................................................................................................................................................................6 Outreach.5 Testing..................................................................................................3 Implementation ........................................37 11..........8 Implementation ............1: Struts Sequence Diagram ..................42 List of Figures Figure 1...........................................................................................................................................8 Other.....................1: Triangle of Trust ...........................38 12 References....33 9.........1: Global Relations Diagram for Project Database...........2: Web application start page with sample products and shops............................................7 Business Planning .............................................................................................................................................................27 Figure 6........................................7 Figure 3...............................................................................................39 13 Table of Contents of Volume 2 (Appendices)..............................26 Figure 5..................................1 Payments and Finances ....................2: Broad overview of activities by user class............................................

their counterparts in developing countries typically have smaller sales in hard currency terms and these costs represent a greater percentage of their revenue. as defined by their income per capita by the World Bank (2006a).3 Speculation of Problem Causes and Possible Solution Routes As mentioned above.95/month + 7% sales fee Network Solutions: $49. 353328 Submission Date: 2007/12 . in particular in urban areas. XX) report identifies perceived lack of profitability as the main reason for low adoption of information and computer technologies (ICT) among small companies in developing countries.20 to $4. UNCTAD (2004. Page 6 of 43 – Srđan Popović HEMIS No.1 Introduction 1.1). p. 1.2 Problem Definition Expected return on investment in business-to-consumer (B2C) e-commerce for MSEs in developing countries is in most cases below the point of economic viability.5% transaction fee Amazon Webstores: $59. but if individual MSEs are reluctant to make investments because of low profitability potential. pp.com: Insertion fee $0. where existing solutions require • advance setup fees. However. this problem is caused by investment expenses being high in comparison to income expectations within small potential markets. 2003. It is important to mention that the term “developing countries” is very wide. 2000).1 Background With the increasing competition in application development.5% commission Figure 1. in general have the necessary electronic.25% final value fee Etsy. How can these investment costs be reduced? The services needed for implementation of B2C e-commerce cannot be offered for free or below market cost as they themselves require investments and work. Common sense would tell us that a sustainable solution has to be within market economy principles.5% commission eBay: Insertion fee from $0. With weak chances of profitability.95/month + 0.20 per item + up to 5.95/month + $50 setup + 1. • regular fixed payments and • transaction processing fees (see Figure 1. transport and payment infrastructures.95/month + $49 setup fee + fees for credit card payments with external partners eBay ProStores: $29. middle income countries (MIC). While the heavily indebted poor countries (HIPC) do not meet basic preconditions for successful implementation of e-commerce (OderdraStraub. why would service providers take this risk? Virtual Shops: Auctions and Many-to-Many E-Commerce Sites: Yahoo Small Business Solutions: $39. 1-2. the cost of selling goods and services online has been reduced to the level broadly acceptable to micro and small enterprises (MSE) in the developed world. reluctance to make advance investment is understandable.20 per quantity of one + 3. instead of fixed amounts? Yes. even to those for whom the Internet is not the primary market. This clearly applies to e-commerce. Web hosting and credit card processing services. 1. Verhovek.1: Examples of minimal fee structure for existing e-commerce options available to small shops Source: see Appendix F. Could the service providers offer B2C infrastructure to MSEs in return for a percentage of sales revenues. and where due to lower Internet penetration and less common use of credit cards locally oriented MSEs have smaller potential markets.

1. • There will be no setup or participation fees. however. country or product description language. • The shops will be responsible for product delivery. • The solution would be financed through a small percentage of each sale. • It will be permanently open to participation of new shops. there would be no cost for MSEs. If a large number of high-risk individual enterprises would share common resources the new platform would represent a low-risk enterprise. • All product information will be submitted by the participating shops. 353328 Submission Date: 2007/12 . The diagram below provides a very broad overview of activities by user class. • In case of no online sales.1. • The shopping centre will be responsible for managing financial transactions. remove and modify their products receive orders from shoppers confirm shipments of ordered products view their account request payment via bank transfer. Shoppers: search for products browse product categories browse shops register and sign in add a product to their shopping cart go to checkout and pay request more information complain or return products view account details with orders and payments history MSEs: apply for a virtual shop provide background and contact information add. they will have to go through registration and approval process by the shopping centre administration. 1.4 Personal Theory on the Best Solution Route Solution has to be in economies of scale. • It will enable management of shop cash accounts. check or credit view account details with orders and transfers history Shopping centre administration: approve or deny applications for virtual shops allow or reject product presentations charge shoppers’ credit cards apply commission send money to MSEs mediate in case of conflict (between MSEs and shoppers) view all data Figure 1. • The shoppers will be able to browse or search for products by keyword. shop. category.2: Broad overview of activities by user class Page 7 of 43 – Srđan Popović HEMIS No.6 Application Description The main characteristics of the proposed application are the following: • It will an international virtual shopping centre. • As there would be no required minimal sales volume. • It will have capacity for accepting credit card payments. • It will be a single global online application.5 Real World Target To build a web application providing virtual shopping centre facilities and B2C e-commerce capability to MSEs in middle income countries. this could also be used by MSEs that expect only sporadic Internet sales.

(All guarantees are responsibility of participating shops only.) • Do not provide any money return guarantees to the shoppers. potential for future work will be indicated.com. Examples of project restrictions include.7 Expected Project Outcome The application will provide MSEs with an affordable solution for B2C e-commerce.) • Require participating shops to have credit cards or PayPal accounts. 2. • Will provide money return guarantee to the shoppers. only the essential functionality will be implemented.8 Project Scope. country or internationally. due to time constraints. The cost of delivery will be provided by shops. Options for delivery cost will be limited. The application interface will be in English language only. for example eBay. There will be no customer targeting. • In cases when this is not acceptable by participating shops. However. it will be based on commission premium or security deposits. however. but in the project application.The major differences between the project application and existing e-commerce sites with multiple buyers and sellers. 4. 1. due to time restrictions the actual content for these sections will not be written. however.com or MercadoLibre. The commercial application would have to provide interfaces in at least several languages. Participating shops will decide on the language in which they wish to present their products. Mechanisms for interface localisation will be explained. French or Portuguese. the only options that will be allowed will be for sending items within the same town. This application: • Will charge shops only commission on successful sales.br. • This will be based on shopping centre administration withholding payments during guarantee period defined by law in administration’s legal residence. 353328 Submission Date: 2007/12 . Help and tutorials will contain only placeholder text. (This fee depends either on product price or on the quantity of items. There will be no further price differentiation based on delivery methods or speed. Page 8 of 43 – Srđan Popović HEMIS No. • Will require participating shops to have bank accounts only (where they could receive money from the shopping centre administration). including the widely spoken ones like Spanish. For an entity prepared to invest in application commercialisation and implementation this could represent a business opportunity. Customer shopping preferences will not be analysed and used for offer customization. but are not limited to. • Charge virtual shops for placement of their products. Etsy. Most elements of the application interface will have a link to appropriate help items. 1.com. the following: 1. Constraints and Boundaries The requirements collection and analysis process will without doubt lead to identification of a large number of potentially desirable components and functionalities (see below). it will not be written within the project and will be left for future work. While a comprehensive help manual is an important part of the final application. For many of them the ability to offer their goods over the Internet without prior investment could provide financial benefits. can be summarized as follows: Other sites: • Charge commission on sales. 3.

The full implementation of the application would require creation of multiple Internet Merchant Accounts for at least the most popular credit cards.10 Project Objectives • To produce requirements model with use cases for all user classes and list of all requirements (Chapter 4 and Appendix I) • To produce a functional design of the e-shopping centre (Chapters 5 and 6 and Appendix K) • To design and document database (Section 6. NetBeans. MySQL as well as image editing and Web design software have been installed. Although a very popular feature. Other options are to work in cooperation with. For development purposes all server software and data will be located on one machine. The application will be developed on Dell Workstation under MS Windows XP environment. enabling access to business-to-consumer ecommerce to micro and small enterprises in middle income countries. In the project application they will only be recorded into the database and as of that moment will be considered executed. 353328 Submission Date: 2007/12 . All development tools. Within the University project there will be only a simulation of this data being sent and processed. for development and demonstration purposes all databases will be on the same server. Page 9 of 43 – Srđan Popović HEMIS No. to be used for demonstration purposes. 9. in order to meet Payment Card Industry Data Security Standards it is necessary to store customer credit card information on a computer behind a firewall and not on the same server as the web application.5. Furthermore. however no actual certificates will be purchased or installed for the demonstration. Separation of tasks would increase application performance. 7. Credit card payments in partial instalments will not be supported. Credit Card verification and processing will only be simulated. Nevertheless.2 and Appendices M and N) • To produce full source code listings (Appendix O) • To produce Javadoc report for the source code (accompanying CD) • To produce application testing report (Chapter 7 and Appendix P) • To product implementation guidelines (Chapter 8) • To produce application evaluation report (Chapter 9) • To deliver full project report 1. existing banking or payment institutions. The same applies for returning money to the customers. Use of SSL is necessary for confidential transmission of customer data. Outgoing payments will also only be simulated. In all cases the credit card data would be passed to external systems for verification and payment collection. or to outsource this task to. 8. have been purchased. The project will not use SSL certificates. such as Tomcat.1 and Appendix L) • To design web interface (Section 6.9 Project Aim To create a web application based on client-controlled content. 1. 6. Maximum of one photograph per product will be allowed. Virtual Web server and Internet domain.11 Logistics The requirements collection process will include interviews outside the author’s town of residence and all travel arrangements have been made. this would add unnecessary complexity to the academic project and it can be implemented at a later stage. 1. In the commercial implementation information on payments to shops would be sent to financial staff or to a bank. 10.

13 Values This project is built around the values of free enterprise and market economy. so providing the results in time represents a challenge. For this reason. Page 10 of 43 – Srđan Popović HEMIS No. 1. where rational users can choose a cost-efficient and risk-free solution. 353328 Submission Date: 2007/12 . they will be built in a way that enables future developments.12 Risk This is a large project involving a complex application.1.

532) agree that one of the main problems is the high cost of technical infrastructure. pp. XX). p. 2006.3 An Urban Phenomenon Another geographic limitation is related to location within the country. pp. 310). Resources required for • server hardware. 2. the importance of this limitation is diminished by the fact that. p. • unreliable postal service. pp. Humphrey.2 Background Literature Review 2. while in the middle income countries they are much better developed and cause less obstacles to ecommerce. Egea & Menéndez. For small companies “in many cases Internet use is limited to the owner or managers” (UNCTAD. While the rural areas may have less developed supporting infrastructure. This view is supported by UNCTAD (2005. Even in rare occasions when micro and small companies in developing countries do have their websites this tends to be for presentation purposes only and it is indeed very unusual to see that they directly sell their products or services online. p. Paré & Schmitz. East Europe and parts of Asia to low income and heavily indebted poor countries. the latter report explains that the main beneficiary of e-commerce in the developing world are large enterprises. there is relatively little business-to-consumer e-commerce. 312) argues that in the developing countries “business-to-consumer e-commerce growth will be largely an urban phenomenon. p. • development or purchase of software applications. even in urban areas of more advanced developing countries there are barriers to adoption of B2C e-commerce by micro and small enterprises. 2006. Oderdra-Straub (2003. banking and transport systems in the poorest countries are below necessary thresholds. the term “developing countries” is very wide as they range from middle income countries in most of Latin America. 626-628. Mansell. pp. p. and rural areas will participate at much lower rates”. 2. However. 353328 Submission Date: 2007/12 . Let us look further and try to identify them. 2006. 2004. • poor transport infrastructure. 2006. • inadequate payment systems and • lack of technical knowledge. p.2 Obstacles to E-Commerce What are the main obstacles for successful implementation of B2C e-commerce by micro and small enterprises in developing countries? Some of the reasons mentioned in literature (Sharma. 2000) and explains that most of the poorest countries are not ready to benefit from almost any form of e-commerce and that these opportunities apply only to “more advanced developing countries” or “emerging economies”. 2003. 627-628. 34) are: • high cost of technical infrastructure. Toland (2006. as mentioned in the introduction chapter. Page 11 of 43 – Srđan Popović HEMIS No. Nevertheless. p.4 Technical and Financial Resources Many authors (Sharma. according to the World Bank (2006b. 166). It would be difficult not to agree with this point as the power. 2003. p. 2006. • unstable power supplies. 310-311. 1-2) echoes the famous view of Bill Gates (Verhovek. 2) and although UNCTAD (2004. 310. pp. Toland. p. mostly in Africa. p.” (Toland. 627-630) and Toland (2006. and their “main use of the Internet is for email. 2006. 2. Toland. 309-311). XVII) report that shows that the “proportion of enterprises selling online decreases with size” as well as by recent articles by Sharma (2006.1 Introduction Although it is widely accepted that small and medium enterprises “play a major role in the economies of developing countries” (Oderdra-Straub. in most middle income countries and in particular in Latin America and Eastern Europe over 80% of the population lives in cities. pp. telecommunications. XX) report points out that small companies “have been found to have the greatest potential for productivity gains through e-business”.

311) explains that “in order for e-commerce to take off the number of users needs to reach a critical mass”. but the same barriers exist in the developed world and they are not specific to developing countries. 66. p. Paré & Schmitz. It is easy to agree that the precondition for more significant participation in e-commerce by companies in developing countries is to have a growing number of customers capable of making online credit card payments. To proceed. Of greater importance is the fact. 2. in particular for connections to international backbones. obviously. and that at this stage the potential for profit. 2). 2006. 30) that in developing countries small companies are disadvantaged because “shipping and handling costs decrease with the volume of the transaction”? Is the lack of trust in online payments (World Bank. 37). we have to ask ourselves how important is this for micro and small enterprises? Even a quick Internet search can reveal a number of other available options. having an international leased line is several times more expensive as these prices are “kept artificially high in unliberalised markets” (Nicol. 11. 532) argue that opening to foreign markets cause a different set of problems.6 Foreign Markets There are. Toland (2006. as all other ones are either relevant only to the poorest countries or also present in the developed world. However. 2004. however Egea & Menéndez (2006. p. 628) an important factor? Yes. 353328 Submission Date: 2007/12 . Humphrey. they cannot borrow the money at reasonable rates as their access to growth capital “is not only limited but often prohibitively costly” (World Bank.• connectivity and • hiring or training of staff are beyond the financial capabilities of most micro and small enterprises in developing countries. like Yahoo or Network Solutions. these arguments are certainly valid. p. Toland. is possible at the fraction of the above described costs. local markets are of particular importance to small retailers who sell imported products. 310. p. often as part of e-commerce web hosting packages. pp. setting a B2C e-commerce website with a well known provider in the developed world. 2. Tigre & O’Connor. p. Tigre & O’Connor (2002. p. Nicol (2003. 2006. including “linguistic and specific skills to deal with foreign customers and partners” and “perceived market risk or distribution and logistic complexities”. p. 37) shows that while the cost of basic and broadband access to the Internet is comparable with the developed countries. p. The cost of leased lines to the Internet in many developing countries is very high. yet in order to achieve desired privatization price they have guaranteed monopoly position to private sector buyers.5 Online Credit Card Payments Toland (2006. Mansell. 2002. 2002. While it is unlikely that the cost of leased lines is going to be significantly reduced in the near future. p. 17) determines a causal correlation between adoption of Internet technologies and export. Lefebvre & Lefebvre. 321) and managerial awareness (UNCTAD. 627-628. explained by the same authors. Mann (2000. 310-311). is limited. Mansell. of course. XX). It is necessary to add that not everything can be successfully exported and. p. 2001. at least in local markets. p. we have to look at earnings potential of MSEs in the developing countries and their profit expectations from e-commerce. 17) point to “natural monopolies” and explain that many countries have recently privatized their telecommunication services. p. p. 2006c. 7-8) and Sharma (2006. credit card processing can also be provided by a number of international companies. pp. 628) point out that one of the barriers is the lack of ability to process credit card payments. p. pp. Sharma. foreign markets. 286. 34. and indeed a study by Clarke & Wallsten (2004. 2. Furthermore. Where does this lead us? So far we have identified only the low credit card usage as an obstacle to ecommerce in the middle income countries. p.7 Other Obstacles Among other mentioned reasons are lack of trained staff (Sharma 2006. For instance. p. 2003. pp. 2006c. that the credit cards have a very low penetration in developing countries and the customers are not used to online purchasing. Page 12 of 43 – Srđan Popović HEMIS No. 2003. but how specific is it for developing countries? Or can we agree with UNCTAD (2004.33.

2. p. 353328 Submission Date: 2007/12 . XX) points out that studies show that the key to willingness to adopt these technologies and go online is the profitability and not necessarily only cost. 2. This certainly applies to B2C e-commerce as well. In a more general discussion on adoption of information technologies and Internet among small companies in developing countries. Therefore. UNCTAD (2004. MSEs have relatively limited online market. where “entrepreneurship is often seen as a way to escape unemployment” (Hekl & Waack. Higher cost of technical infrastructure and restricted access to growth capital in these countries also do not have to represent major barriers to e-commerce for small shops. Micro and small enterprises in developing world have scarce resources and uncertain potential for earnings through e-commerce. however. Low expectation of profitability has been identified as the main reason why MSEs in developing countries tend not to use online sales. p. they are less relevant to middle income countries. however the potential return on investment is perceived as low and the risk as high. As exports are not always feasible. 2). we can see that the micro enterprises in the developed world and in the developing countries have annual revenues with a different order of magnitude. in particular in urban areas.8 Earnings Potential If we compare definitions of micro enterprises in the European Union (European Commission. are important factors limiting potential domestic buyers. 2001. 2006) and in Brazil (Finance Ministry of Brazil.9 Summary Companies in the developing world that are participating in e-commerce are mostly large enterprises. The available options for implementation of technological infrastructure and payment processing are relatively inexpensive. while MSEs are not using online sales in any significant numbers. Page 13 of 43 – Srđan Popović HEMIS No. together with their lower income in comparison to the developed world. Main obstacles to e-commerce in the poorest countries have been identified. 2006). in most cases they are not willing to invest any financial resources until there is a recognized customer base and potential for profit. Low penetration of credit cards in the general population in the developing countries.

time consuming and unpredictable.2. This should be simple. or sometimes totally non-existent. Page 14 of 43 – Srđan Popović HEMIS No. (Concern about inefficiency of legal system. This leads us to another major requirement: MSEs should be able to post and update information about their offer without technical assistance from the application provider. The basic functional requirements for the application are given in Figure 1. they would be more interested in participation in e-commerce as this would involve no financial risk. Further information is obtained by studying legal sources and best practice implementations in other areas of e-commerce. if ever. but to the more general uncertainty of doing business in the environment of weak rule of law.. 11-12)) 2. 3. increasing costs and uncertainty. small businesses avoid judicial processes as much as possible. intuitive and easy to learn. In Brazil. integrity and non-repudiation. expressed by interview respondents. 1. … Trials can last for years. This requirement is necessary in order to keep the costs of running the application sufficiently low. 2006d. Both sides can initiate legal proceedings. coverage and detailed interview notes please see Appendix D. coming out of the definition of problem.1 Interviews For the applied methodology. … The judicial system in Brazil is perceived as slow. As a result. nor can the buyers feel truly protected by the consumer protection system. there are many companies registered and shut almost overnight. but often the aim is only to collect credit card numbers and other related information. The sellers cannot rely on the courts making buyers fulfil their financial obligations. present in most developing countries. The primary concern of all respondents was security. 3. is that the participation should be offered to MSEs with no advance fees. together with the security code and owner address and telephone number. In this they did not refer only to technical security in terms of data confidentiality. is also supported by the World Bank (2006d) report which states that “in Latin America … average time spent enforcing a contract is over a year and costs amount to more than 30% of the debt. Other important issues included credit card security and fraud prevention. corruption and underdeveloped banking systems. This was confirmed by interviews and further developed and formalised in DFDs and STD in the Appendices C and G.3 Requirements Collection Process The proposed project application is based on the assumption that if the MSEs would be able to offer their products online without any prior investment and paying only a percentage of each successful sale transaction. but according to the interviewers this is usually futile as these cases would drag for years and it would take a long time to get money or products returned.” (World Bank. to allow for commissions to be attractive and the entire system profitable. Sometimes this involves receiving payments. pp. . 353328 Submission Date: 2007/12 . but would not have to help with page design or uploading of product images.. whose purpose is to lure consumers into making orders without any intention of delivery. For the reasons that will be mentioned later the provider would need to approve if the product can be presented or not. The interview respondents noted several issues specific to the developing countries that make operations of standard e-commerce applications difficult. in particular. there are many duplicated credit cards held by the organised crime. So the primary application requirement. This solution could use the economy of scale so that commissions on small individual revenues of a large number of MSEs would be sufficient for financing shared e-commerce infrastructure. multiple appeals are common. Also in Brazil.

This organisation has developed Payment Card Industry Data Security Standards (PCI DSS). agreeing that at least in Latin America it sounds very friendly and easy to remember.6. 5. Therefore. 3.2. For more details see Section 3.2 Credit Rating Institutions An important step when deciding on approval of MSE applications will be to obtain information about their credit risk rating or any history of fraud. While the interviews conducted in Brazil have led to clear requirements. 7. Particular attention needs to be paid to documentation necessary for various inspections and for the financial police. 3. For this reason. Visa (2006). if the product was delivered broken or if it is materially different to what was advertised.2 Adjacent Systems 3.3 Product Delivery Participating shops will be responsible for delivery of ordered items and the shopping centre administration will not provide any assistance in this regard.1 Credit Card and Banking Institutions The system needs to interact with credit card and banking institutions in order to obtain verification for shopper’s credit cards and to reserve and charge appropriate amounts. Possible name for the virtual shopping centre was discussed and the number of options were reviewed. the interview in Bosnia and Herzegovina has demonstrated that there may be further challenges in attempts to reconcile legal and bookkeeping obligations of the shopping centre administration and the virtual shops in some of the cases when they have different legal residencies. if the shops do not deliver ordered products in good condition and on time. The major sources in this process were Visa (2005). this information can only point to previous misconduct. MasterCard Worldwide. It helped to identify flexibility and possibility to adopt to different country specific circumstances as necessary requirements. it was necessary to learn about online credit card payments and to determine what information is required for processing. but cannot help to identify any companies recently created with the aim of committing fraud. JCB. 3. The respondents claimed that incomplete documentation accompanying the product can be a reason for Brazilian financial police to confiscate the shipment. but easier to pronounce without the initial “A”. However. a minimal number of years in operation should be introduced as a precondition for MSE application approval.1 Payment Card Industry Data Security Standards (PCI DSS) The Payment Card Industry Security Standards Council (PCI SSC) was founded by American Express.3. However. they will not be paid and the customers will be reimbursed. These solutions are further discussed later this report. 6. as explained in the interview notes in Appendix D. 3. and Visa International. which often goes beyond what is sufficient for product delivery. This also helped to determine a practical system of guarantees that the consumer can rely on in case of non-delivery. The mechanisms for determining if the companies really exist. except practical advice.3 Standards 3. Visa (2007a) and MasterCard (2007a). 353328 Submission Date: 2007/12 . Discover Financial Services. Page 15 of 43 – Srđan Popović HEMIS No. It was agreed that the application has to provide detailed information necessary for bookkeeping and order processing.2.4. what is their legal status and if there is any history of fraud or non-payments were discussed and appropriate solutions were agreed.2. The respondents liked the idea of MigoMart. For details please see Appendix D. It is based on words “Amigo” (friend in Portuguese and Spanish) and “Mart” (recognisable from Wall-Mart and K-Mart).

including annual data security assessment or self-assessment and quarterly network scan. warning the MSE or blocking the associated account. card number and expiration date is permitted only in encrypted form. in particular to Consumer Defence Code (CDC. Shopping centre administration is jointly responsible for these guarantees with the participating shops. Given its legal and ethical responsibility vis-à-vis the shoppers. procedures. network architecture.2) and iv) Shopping centre will react to any misinformation by removing the product offer. Page 16 of 43 – Srđan Popović HEMIS No. policies.” (PCI SSC. 1990). Due to large volume of text these requirements will not be repeated in this report. In case of products being defective or materially different than advertised. They are not optional. They are grouped in measures for building and maintaining a secure network. b) Liability for damages caused by products and c) Responsibility for sales of prohibited items. Storage of card-validation code (CVC2/CVV2/CID) is not permitted and it must not be stored subsequent to authorization (even if encrypted).6 below. as well as transmission and storage of all passwords. in a manner described in Section 3. This can be resolved as follows: i) The shopping centre administration will have to approve the presentation content for each product. PCI DSS is a major source of requirements for security planning and implementation. regularly monitoring and testing networks and maintaining an information security policy. As such it would share: a) Responsibility for accuracy of product descriptions. as PCI SSC members require compliance with all specified data security standards.2. 353328 Submission Date: 2007/12 . maintaining a vulnerability management program. so it will be legally considered as “supplier” and have a role beyond being only a media for product advertising. This comprehensive standard is intended to help organizations proactively protect customer account data. the shopping centre will have to directly offer full money return guarantee. the reader is encouraged to read them in PCI SCC (2006). Compliance validation. customers are entitled to full money return or product exchange as long as the complaint is submitted within 90 days of product delivery. let us assume that the virtual shopping centre will have the same corporate legal residency and be subject to Brazilian legislation. As the author of this project is a resident of Brazil. Transmission of cardholder data over public networks. iii) Shopping centre will work only with MSEs with no negative record with Serasa (see Section 3. With close to two hundred specified standards. is mandatory for all merchant and service provider levels. ii) MSE will be contractually obliged to compensate the shopping centre for any damages caused by joint liability. implementing strong access control measures. The virtual shopping centre will be the entity that charges consumers. 3. 2006) It is important to note that storage of cardholder name. must be encrypted. software design and other critical protective measures. However.4 Legislation and Legal Issues Discussion on legal issues related to project application is presented in Appendix E and in this section only the major points are summarised. protecting cardholder data. both for defective items and for cases of no delivery.“The PCI DSS is a multifaceted security standard that includes requirements for security management.

who could explain the benefits of using the application to local MSEs and help to educate them in basic computer and Internet skills. E-commerce options available for small merchants were seen through Yahoo and Network Solutions. the project application will remain focused on products provided by member shops only. Brazil.6 Advertising and Product Promotions While it was not uncommon to see advertisements for products on external sites and sponsored links in search results. Over thirty websites in Argentina. (Nevertheless. it will still require basic computer knowledge. as many of the existing sellers could be expected to rationally choose solution with less risk. who often target domestic markets only. recognising that there might be cases when international sales are not feasible for sellers due to licensing issues. It will be possible to search for products Page 17 of 43 – Srđan Popović HEMIS No. entering data in forms and uploading product images. benefit from cooperation with institutions providing educational and organisational support to MSEs. the customer target group will mostly overlap with those for the existing sites. Administration could. as well as the ability to understand their tasks.5. including. 3. this often translates to a growing category of young urban middle class. Dell and eBay. 3. humanitarian. the application will allow an option to offer sales only domestically. Of particular interest for this project were large e-commerce websites in middle income countries. a study of a number of existing websites was necessary. therefore. for example. 3. However. on the other hand.1 Introduction Through the interviewing process it was possible to determine how the respondents do their work and what are their business requirements. While the major US sites have provided insight into advanced functionality elements. Bulgaria. No matter how well the interface is designed. However. charity and other non-governmental organisations. as they were mostly designed for and used by shoppers in these countries. Russia and South Africa were analyzed.2 Website Analysis This analysis started with the most popular e-commerce websites like Amazon.3. is a good example of integration of small businesses into a wider network provided by a major company. including both United States sites and local versions for a number of countries. 3. most respondents were not familiar with possible options and the best practice solutions in e-commerce and. Mexico. mentioned by interview respondents. The shoppers will be those who probably already have some experience with Internet purchases and have credit cards.5. and will have no links. study of websites from middle income countries provided significant input into usability requirements.5. the virtual shopping centre will be more internationally oriented than the majority of examined sites. 353328 Submission Date: 2007/12 . advertising banners or search results leading to other sites. The best example of such an institution in Brazil is SABRAE (Brazilian Support Service for Micro and Small Enterprises).) At the core of this project is an attempt to offer online sales to those shops who find that existing e-commerce costs are higher than potential revenues. China. Therefore. Amazon Business Solutions. India.5.5. the initial clients will most likely be new to Internet sales. However. the application will also try to gain seller market share from other many-to-many e-commerce sites.5.4 Technical Assistance Some familiarity with Internet and e-commerce is a precondition for sellers. 3. therefore. In developing countries.5 Best Practice E-Commerce Solutions 3. exporting permits or potential complexity of required documentation.3 Target Groups In the project application.5 Expanding Market Outreach In further steps interaction with local communities should go beyond government agencies and involve activity groups within religious institutions.

this can be set at 100 days. Figure 3. but that is the risk that has to be taken. it will review any supporting evidence and reach appropriate decision at its discretion. possibly involving reimbursing the customer. Buyers will be allowed to rate the shops from which they have ordered items and the average rating and number of votes will be visible to all visitors. since there are three parties involved in each transaction.based on keywords. we have a triangle. 3. As mentioned in Section 3. 353328 Submission Date: 2007/12 . Guarantees and Trust Interview respondents expressed concern that the shoppers might refuse to pay once they receive the items and insisted on mechanism that would protect them from dishonest action. where the best way to achieve this is by controlling the money. List of all e-commerce solutions analysed in this exercise is provided in Appendix F. While Figure 1.com protection for products sold by their partner sellers. Allowing additional ten days for delivery. the shopping centre administration will actively participate in problem resolution. If we look at the application from the perspective of trust. country of origin or description language and the products with equal results accuracy will be sorted by popularity. category. which can be verified. they can rely on the rule of law to enforce cooperation. it is left as optional and subject to testing on how acceptable it would be by the participants who expect equal treatment within the application promise of “no prior investment”. they will not be paid and the money will be returned to customers. If before the end of this period customers complain that the products were not delivered and if the shops cannot prove otherwise.6 Payments. however. but only if they have valid reasons.2 explained what each participant does. as they also have to review case by case and make decisions. This guarantee will also apply for delivery itself.4. 3. they will have an option to contest the charge with their banks. The project application will support virtual shop ratings. It is similar to Amazon.7 Vendor Ratings Many sites offering items from multiple sources make it possible for buyers to provide ratings on sellers and a similar suggestion was also introduced by one of the interview respondents. and this is not the case in developing countries. The accepted solution is that the shoppers pay for ordered product using their credit cards. The credit cards will be charged at the time of shipment and the shoppers will not have an option not to pay. However.5. The safest way for the shopping centre to enforce this guarantee by MSEs is by withholding payments at the shopping centre account until the expiration of shoppers’ right to complain. with the application reserving these amounts with the card issuing banks at the time of ordering. shoppers must be entitled to full money return or product exchange if they make justifiable complaints about product condition within 90 days of delivery. If there is no resolution.1 shows why they would trust each other. Page 18 of 43 – Srđan Popović HEMIS No. The administration could potentially spend a lot of time arbitrating. An option was considered to include promotion of products on major pages or higher placements in search results for shops who pay for this kind of advertisement. based on previous orders. If customers complain that the products are defect or materially different from what was advertised. Of course.

Shoppers: Pay for orders with credit cards. subject to approval by credit card companies. It is a reliable partner that is not going to disappear and will always be there on the next day. Has high data security based on PCI DSS standards. Provides money return guarantee by holdings shopper amounts for statutory period of 100 (90+10) days. Therefore. Page 19 of 43 – Srđan Popović HEMIS No. Building reputation will take time. Their complaints will have to be based on reality and reviewed by the shopping centre administration. Their product presentations approved by the administration. Virtual Shops: Do not get paid until statutory guarantee period expires. but not given credit card data. Takes sales provision and transfers money to virtual shops. for the administration it is invaluable to gain trust by other two parties and it should be highly valued and protected. Figure 3. 353328 Submission Date: 2007/12 .1: Triangle of Trust Trust is a key component of the project application and it is of value to all participants. less restrictive and potentially more attractive solutions. Use customer complaints procedure. Amounts are reserved to they cannot decide not to pay. While the above described represents the safest way to guarantee partner cooperation. absolute integrity and dedication to flawless and timely transactions. as well as other ways of handling delivery and payment procedures. Responsible for their personal data security.Shopping centre administration: Meets all legal standards and requirements. Handles all complaints efficiently. trust in the administration is implicit. For discussion on these solutions please see Appendix H. Responsible for security of their data and any customer data they have. have also been explored and could at a later stage be further analysed and implemented. While both buyers and sellers can be trusted because of imposed limitations.

which adds measurable business value and leaves the data in a consistent state” (Larman. 4. p. Confirm order. defined as “a task performed by one person in one place at one time. Request payment. See product information. Contact Shopping Centre about the account F6 To allow MSEs to view and manage orders View order history.137). p.1. A comprehensive Use Case Analysis with diagrams and activity descriptions is presented in Appendix I. 60). 176). View individual orders. Manage orders. with separate use cases representing steps within a base use case. there are occasions where the use cases violate the EBP guideline as a more granular approach. expressing use cases “in relation to the actors that invoke them” (Conallen. Contact Shopping Centre about the order F7 To allow shoppers to register and sign-in Register. Manage finances. However. McRobb & Farmer (2002. Reject order.4 Requirements Model 4. Bennett.1 Functional Requirements 4. Larman (2001. While the first group is in line with the EBP guidelines. p. The table below shows functional requirements and the associated use cases. These requirements have also been used as the basis for application testing. Add product to shopping cart Page 20 of 43 – Srđan Popović HEMIS No. Remove product F5 To allow MSEs to manage their accounts Change password. p. p. 60) argues that use cases should be “at the level of elementary business processes (EBP)”. 173) mentions that “functional requirements often require greater detail in order to clearly understand them” and that “use cases are a powerful technique for capturing and expressing detailed system behaviour”. Contact shopper about the order. In this project use case diagrams. 2001. however. See featured products. 353328 Submission Date: 2007/12 . Browse categories. Request forgotten user code or password F3 To allow MSEs to manage their profile and contact information Modify background information. Modify contact information F4 To allow MSEs to manage their products Add new product. McRobb & Farmer (2002. Bennett.2 Requirements List No Requirement Use Cases F1 To allow MSEs to apply for virtual shops Apply for virtual shop F2 To allow secure sign-in for MSE staff MSE sign-in. helped to better facilitate requirements analysis.1 Introduction Conallen (2002.1. p. presented in Chapter 7 and Appendix P. real use cases “describe the concrete detail of the use case in terms of its design” (Bennett. In this project an effort was made to stay with the essence use cases. Confirm shipment. McRobb & Farmer. were used together with textual descriptions. 2002. in response to a business event. 134) describe use cases as “descriptions of functionality of the system from the users’ perspective” and use case diagrams as showing “functionality that the system will provide” and “which users will communicate with the system in some way to use that functionality”. p. Sign-in. Request forgotten password F8 To allow shoppers to find and buy products Find products. Modify product information.135) state that use case “describes the interaction as the user sees it” and they differentiate between essence and real use cases. Search for product. 2002.

1 Domain Rules No Requirement D1 Initially the only way to pay for purchases will be with credit cards. Page 21 of 43 – Srđan Popović HEMIS No. Update product quantity or remove products. See all incoming payments. block shops. Search for shop. Set commission. View shop background and contact information. It will securely collect data necessary for this verification and transmit it to the credit card companies. Add a category.2. Contact shopper F18 To allow Shopping Centre staff to manage orders List orders. Register outgoing transfers. What data is needed and how should this information exchange take place will be specified by the card companies. change commission. Contact shops F17 To allow Shopping Centre staff to find information on shoppers Search for shopper. For each online order the system will verify if the shopper’s credit card company will allow the purchase. Review and confirm order F12 To allow shoppers to manage their accounts Add or change personal information and default delivery address. List orders for shop. set commission or request more information View all applications. View individual orders. Reject application. Change password. Reset shop access password. 4. Change order status F19 To allow Shopping Centre staff to manage product categories See product categories. Cancel order for items that are not yet shipped.6. See privacy statement F14 To allow Shopping Centre staff to review. View individual applications. Contact the shopping centre about the order F13 To allow all users to see general information Contact shopping centre. Remove category F20 To allow Shopping Centre staff to see financial information See balances. products and contact details and to provide ratings for shops Find shops. Go to checkout F11 To allow shoppers to go to checkout. Modify category. See outgoing transfers.2 Non-Functional Requirements 4. Approve or reject product. List orders for shoppers. Change commission. View related orders. Block shop. Moderate shop information modifications. See all shop information. Review items and delivery cost. Register incoming payments. to approve or reject products and to block products See new products and products pending approval. View individual orders. Access shop page. Request more information F15 To allow Shopping Centre staff to access all information on products. Browse shops. View offered products. as discussed in Section 3.No Requirement Use Cases F9 To allow shoppers to find shop information. Set initial password. Approve application. Add shop rating F10 To allow shoppers to view and manage their shopping cart View shopping cart. See help. Contact the shop about the order. 353328 Submission Date: 2007/12 . View order history. View shopper information. Provide billing information. See terms and conditions. approve or reject MSE applications for virtual shops. Block product F16 To allow Shopping Centre staff to access an moderate all information on individual shops. review order and provide necessary information Provide delivery address.

The result code will indicate whether the billing address given by the cardholder matches the address on file with the Issuer and if it is not the case the application will not accept the order. S9 Credit card alerts will be triggered for very high amounts or multiple orders within the same day. S5 MSE will enter their user code and password though an on-screen keyboard using mouse clicks. 353328 Submission Date: 2007/12 . payment to MSE will be blocked and both sides will be encouraged to find a solution. MSE account and products management and shopping centre staff activities. Consumer protection S10 The credit card will be charged only after the confirmation of shipment. Shopper’s credit card security code (CCV/CCV2) will never be saved in any database. therefore requiring cooperation with credit card companies.) User protection S12 All users should be informed about phishing. For shoppers this measure will not be introduced for usability reasons. (See Section 3.4. protecting cardholder data. If the customer complains within this period that the shipment has not been received or that it is materially different or in unsatisfactory condition. spoofing and social engineering attacks Page 22 of 43 – Srđan Popović HEMIS No. therefore reducing the threat of user credentials theft by key logger viruses and spyware programs. Detailed requirements are presented in PCI SCC (2006). Their exposure to fraud is lower and making orders will require more information than only user name and password. S7 Address Verification Service (AVS) will be used with every authorisation request. regularly monitoring and testing networks and maintaining an information security policy.2. S8 Shoppers will have to fully enter their credit card information for all purchases as their previously used card information will not be displayed. If a solution it is not found the shopping centre administration will reach the decision at its discretion taking into account statements from both sides and any supporting evidence. This includes measures for building and maintaining a secure network. S3 All activities that leave the system in changed state will be logged. Other protection measures S2 Transmission of all sensitive data over network must be encrypted. implementing strong access control measures. MSE will be identified by their code.6. S11 There will be order guarantee with the payment being held by shopping centre administration until the expiration of guarantee time (90 days for durable items with additional 10 days allowed for delivery). personal identification number and password. S4 Shoppers will be identified by user name and password. Other credit card security measures S6 No orders will be forwarded to MSEs until the customer’s credit card is confirmed as valid and the amount reserved. maintaining a vulnerability management program.2 Security No Requirement Payment Card Industry Data Security Standards (PCI DSS) S1 The application must fully implement PCI DSS. This includes information related to shopper’s account and orders. This should extend not only for orders from the virtual shopping centre but to all orders with this credit card.

0.5. Page 23 of 43 – Srđan Popović HEMIS No. As the system will be intermediary between buyers and sellers it will have to include conflict management and redress measures and particular attention will be devoted to prevention of fraud.2. 353328 Submission Date: 2007/12 . 4. U3 All website navigation and forms will have to be intuitive and search function should be easy. hardware and network bandwidth capable of handling all users even at peak times. and it will use Apache Struts 1.2. U2 Cross-browser support will have to be implemented and as a minimum the web pages will have to be properly displayed and have correct functionality in Microsoft Internet Explorer.4 Ethical No Requirement E1 The key to success of this application is in building confidence between all involved parties. This will.3 Legal and Standards No Requirement L1 The system will follow consumer protection laws of the country or territory where the enterprise owning the virtual shopping centre has been incorporated.6. 1990). version 2 or higher. (See Section 3. require permanent system monitoring and potential network improvements or fine-tuning or modifications of web and application servers. T2 Servlet container will be Apache Tomcat 5. 4.2. based on Sun Microsystems JDK 1. but also having server applications.2.1.0.) 4.6. therefore.2. for further information. version 6 or higher. T3 Database server will be MySQL Server 5. The system will be developed using NetBeans 5.29 framework. 4. U5 All web pages will have to load in under 10 sec on 56K modem connections. As the corporate legal residency would be in Brazil it will be subject to Brazilian legislation and in particular to Consumer Defence Code (CDC.6 Other No Requirement O1 Performance: A simple client-side benchmark specified in requirement U5 (10 seconds rule) will have to be satisfied in all cases. U4 The site will have a help section designed to provide practical assistance to user for all tasks and situations they may encounter. (See section 5.) E2 Strong privacy will be guaranteed and all data will be kept confidential.17.4.5 IDE. This will reduce load on the website support staff.5 Usability No Requirement U1 All web pages generated by the system will have fonts in a readable size and with text in dark colour on white background. This will require not only using web page design rules aiming to reduce page downloading time. and Firefox.6 Technical No Requirement T1 Programming language used for the online application will be Java.

6 above. on Open Source solutions.No Requirement O2 Reliability: The software will be tested for errors.9% operational uptime. however. 353328 Submission Date: 2007/12 . licensing cost should be reduced by basing all supporting application software.2. it will have to support a minimum of 99. Server and network reliability will depend on the chosen hardware configuration. O3 Cost: While no specific cost target is set. as specified in 4. Page 24 of 43 – Srđan Popović HEMIS No.

1 Elaboration on Technology Requirements Database server is this project is MySQL Server 5. Furthermore. but this is not use in this project as there is no need to signal the technology to potential hackers. For this reason the project application code will be based on Struts 1.2 From Use Cases to Programming Code: Using UML Sequence Diagrams A wealth of information about using UML diagrams in designing Web applications is provided by Conallen (2002) and Rosenberg & Scott (2001).2. Struts sequence diagram. The easiest way to move from use cases and show interaction between the user and components (web server. and UML for Struts. cascading updates and deletions. are the reasons why it was chosen for this project. It will use Tomcat Servlet container on Apache web server.9. so the task of translating the application can be reduced to translating property files. JavaBeans and JSP pages) is to use UML sequence diagrams. Struts framework provides numerous functionalities and two of them. Application code will be written in Java programming language. (However. MySQL Server does not support views and stored procedures and they will not be used in this project. well presented in numerous literature and supported by main Integrated Development Environments (IDEs).htm” will be used for all action servlets. can handle large databases. it is relatively new and not yet well documented. However. Struts provides localisation mechanisms with struts-bean components. Dudney & Lehr (2003) and Husted et al (2002). reliability and security. At the time of preparing this project Struts version 2. Some of the Struts components. is shown in Figure 5. server side data validation and support for localisation.0. is covered in Roller (2003). controller servlet. which is a slightly modified version of a diagram adopted from Roller (2003). is already available. and they will be used only for displaying data submission errors.1.5. should a need for them arise in the future they can still use “. form beans. compared to relatively high licensing cost for Oracle and MSSQL software. replication and clustering. for demonstration purposes all text will not be in properties file as this transfer should be the last step following other improvements outside the project scope. can use multiple CPUs if available.0. 353328 Submission Date: 2007/12 . According to MySQL documentation it is fully multi-threaded. both known for performance. including Dynamic Forms or Tiles. However. supports referential integrity. The IDE used in this project is NetBeans version 5. Martin (2003) has focused on UML and Java programming language. tested. and in particular use of sequence diagrams. can mix tables from different databases in the same query. however. but also for performance. Many of the JPS pages are too complex to benefit from usage of struts-html tags. upgrading MySQL server has in the most recent versions been simple and without need to dump and restore the data. Page 25 of 43 – Srđan Popović HEMIS No.) URL addresses in Struts environment traditionally have extension “. selected not only because of free licence. All JSP pages will be in WEB-INF directory on Tomcat.5 Further Requirements Analysis and Preliminary Design Choices 5. Using Struts Validator enables efficient server side validation of client submitted data in an easily controlled manner since the validation rules for the whole application are in a single XML file. formerly known as WebWork. are not used in the project. enabling insertion of text stored in properties files. and therefore not directly accessible. model classes. Properties files can exist for various languages. Code will be based on Model-View-Controller pattern implemented through Struts framework. reliability and scalability. and supports Unicode characters. Neutral extension “. Due to localisation mechanisms the application will have no static HTML pages.html” extension.do”. reliable. 5.

1: Struts Sequence Diagram Page 26 of 43 – Srđan Popović HEMIS No.Figure 5. 353328 Submission Date: 2007/12 .

Diagrams used for streamlining data flow and design of programming objects are in Appendix K. Page 27 of 43 – Srđan Popović HEMIS No. If has been simplified and enables focus on project specific programming components. description and list of related code listings. where each previously determined use case is covered with sequence diagrams.However. Figure 5. 353328 Submission Date: 2007/12 .2 will be used.2: Simplified Sequence Diagram for Requirements Analysis Please refer to Appendix J for discussion on adopted programming solutions. in the requirements analysis for this project the diagram presented in Figure 5.

database and action instructions. primary and alternate keys were identified. Integrity constraints were verified. This included identification of entity and relationship types. Connector for interaction between beans. Full code listings are provided in Appendix O. virtual shop management and shopping centre administration staff. The system was not tuned for a specific load estimate as it will depend on market acceptance. The database system does not use derived data or controlled redundancy and user views are not supported. Security was implemented through Servlet container and through MySQL security mechanisms. interface requirements from technical and usability points of view were obtained by working with interview respondents.6 System Design 6. is in Appendix M. different implementation options are briefly discussed in Chapter 8. 6. Please refer to Appendix L for tables with entities and relations. Attributes were identified and associated with these entity and relationship types. In the second step a logical data model was built and validated. in this case MySQL server. Model was checked for redundancy and validated against user transactions and user needs. As a first step a conceptual data model was built. description of implemented encryption methods and the SQL code which can be used to recreate the database. attribute domains were determined and candidate. Relations were derived and validated using normalization and against user transactions.2 and other application screenshots are in Appendix N. Relations were designed with system specific attribute domains. Global relations diagram is presented in Figure 6. Homepage screenshot is in Figure 6. by analysing similar and best practice e-commerce websites in developing countries and through literature research. in particular from ergonomics and usability side.2 Interface As described in Chapters 3 and 4. Detailed description of interface. and several auxiliary classes. including JavaBeans for storing data. In the third step the logical data model was translated for target DBMS. 353328 Submission Date: 2007/12 . Page 28 of 43 – Srđan Popović HEMIS No. specified in requirements. Encryption methods were determined. Please also refer to Appendices J and K.1 Database Database design and implementation are mostly based on methodology described in Connolly & Beg (2005). however.1. The design aims to satisfy these requirements for different user classes: shoppers. 6.3 Application Programming The application code consists of: • Struts action classes • Struts forms holding user input • Java Server Pages providing view component • Properties files providing error messages and text in different languages • Struts Validator guaranteeing clear limits on allowed user input • XML configuration files putting everything together • Model objects.

1: Global Relations Diagram for Project Database Page 29 of 43 – Srđan Popović HEMIS No. 353328 Submission Date: 2007/12 .Figure 6.

353328 Submission Date: 2007/12 .Figure 6.2: Web application start page with sample products and shops Page 30 of 43 – Srđan Popović HEMIS No.

which for obvious reasons was not respected. In general. 353328 Submission Date: 2007/12 . For detailed information on performed testing. although at a higher level it was incomplete as it was not conducted in a replica of production environment and included no independent user testing without the presence of author. a higher order testing was undertaken to see if “big picture” requirements were satisfied and load testing has led to code modification resulting in performance improvement. including test cases. for example checking for broken links or data recovery possibilities. According to Myers (2004. Discovered errors were fixed as soon as possible and the testing continued until no more errors were found. solutions. In this project testing started with the assumption that the program contains errors and that it should be tested in order to find as many of them as possible. and discussion on load and acceptance testing. Application testing was thorough.7 Testing The chosen testing strategy is mainly based on work by Myers (2004). as well as different connection speeds. 5-9). In terms of security. like black box or regression testing. pp. and to fix them. devices and operating systems. Web applications have many additional challenges compared to traditional applications as the users can have different browsers. one of the “primary causes of poor program testing” is the fact that “most programmers test the programs trying to prove that errors are not present” and that “the program performs its intended functions correctly”. and allocates a whole chapter to a modern topic of testing Web applications. the mere fact that the application is accessible by the whole world makes it more vulnerable to attacks. as well as common techniques like code inspection and black box testing for pre-determined test cases. This included layer-specific techniques. monitor sizes and resolutions. They may reside in different countries which might involve translations and currency conversions. please refer to Appendix P. This second edition of 1989 classic goes beyond explaining fundamentals. The only major discrepancy between this project and Myers (2004) is in disobeying the major rule that the application developer and the application tester must not be the same person. Page 31 of 43 – Srđan Popović HEMIS No. The application was tested at presentation. errors. business logic and data layers and within each layer a number of different testing activities were performed. In addition to this.

The initial capital investment does not necessarily have to be high. hardware can subsequently improve. and the number of items served by the database server. The load on systems by users will also dictate the need for network components and internet connection speed. this report will not try to impose the solution on operating system. maintaining a vulnerability management program. 208). 2007. Application software. As mentioned in security requirements. Implementation can start as a pilot project and. protecting cardholder data. and to adopt accordingly. Only practice will demonstrate if the developed website contains sufficient appeal for users and it is natural to expect that some design and functionality adjustments will be required. this responsibility should not be delegated to them as it is the shopping centre administration’s obvious benefit to have as many closed sales as possible. but also investment in paid advertising on Internet and in other media. PCI SSC (2006) specifies that the database with customer credit card information must be kept on the machine separate from the web server and placed behind the firewall. The same applies to staff working with financial transactions. They clearly specify measures for building and maintaining a secure network. Furthermore. Laudon & Traver (2007. implementing strong access control measures. and MySQL is most commonly used with Linux. by adding more processing power to servers. Unix is generally considered to be more stable and reliable (Laudon & Traver. While any efforts by member shops to attract visitors could certainly contribute. As far as hardware is concerned. This involves attracting both participating member shops and their customers. p. Page 32 of 43 – Srđan Popović HEMIS No. pp. improvement and correction” (Laudon & Traver. E-commerce security requirements go far beyond writing a secure code and there are a number of measures that have to be implemented. Attention needs to be paid to website maintenance. The second option is more preferable as in general it is better to use higher number of balanced systems then to depend on small number of powerful machines. but also strict guidelines and sets of rules governing their work. as a minimum web and database servers should be on separate systems. powerful and easy to use. by adding additional computers to be used as servers. as well as compare the performance with the competition. Hardware needs obviously also depend on the demand that the users put on the site and the important factors to consider are the number of simultaneous users at peak period. Application provider will need permanent staff dedicated to site administration and maintenance. While Windows solutions are integrated. regularly monitoring and testing networks and maintaining an information security policy. or horizontal scaling. supports clustering. the entire system must fully implement PCI DSS standards. In terms of server performance. 204) as this is a very dynamic field. E-commerce websites “are always in process of change. It will also be necessary to verify application acceptance across a number of countries and see if any country specific issue will require modifications or additional functionality.8 Implementation The application works on variety of operating systems. 204-205) explain how server segregation can enhance page generation speed and that using a single server for these tasks can reduce this speed by up to 50%. In terms of functionality it is very important to constantly seek and listen to user feedback. This outreach should involve not only search engine optimisation and submission to main search engines and directories. if there is acceptance by users. including database system. 2007. p. This can include vertical scaling. Once the site is up and running the work has only begun and in the next stage it is necessary to reach out to potential users. Most commonly used operating systems in web server environment are MS Windows Server and various flavours of Unix and Linux. However. 353328 Submission Date: 2007/12 . Administrative staff involved in approval of member shops and products moderation will need not only appropriate training in how to use the application. it is necessary to build and implement a system monitoring plan.

For example. 353328 Submission Date: 2007/12 . for example. shops that are target of the application are in the developing countries where other languages are more widely spoken. A music CD highly popular in Brazil might go unnoticed in Asia. able to easily understand the functionality and perform necessary steps with minimal guidance. several issues can be identified related to functionalities that have not been included in design or have not been fully implemented. in this case Brazil. for example. For the purpose of academic review the application interface is written in English language and due to time constraints it has not been translated. Another option would have been to hide the products with descriptions in languages different than the selected interface.9 Evaluation 9. Accepting credit card payments and making transfers would require technical integration with supporting banks or credit card companies. this part was either simulated or not tackled at all. Some products are legal in one country and illegal in another. The project application does well what is designed to do. and seem to be accepted by international banks and brokerages. but how can the administration know what is or is not allowed in other places? This problem is even more pronounced with various international safety standards. however. It would have been easy to design secure communication through web forms. this product description will be displayed in original languages so there will be two different languages on the screen at the same time. However. customers in other countries should at least be advised on any local legal issues. for example order complaints. transfer requests are not submitted through web forms and member shops should request them by email or telephone. cricket equipment popular in India would be ignored in Brazil and beach sandals from Panama are very unlikely be bought in Russia.1 Evaluation of Project Product One of the major strengths of the application developed during this project is in its usability. The same applies for other communication. but also miss the opportunities to present targeted products to specific markets. however. Since such cooperation does not yet exist. as this requires only trivial programming. they can be limiting in the situations where international clients can request transfers to banks in different countries. and selects a product for which description was submitted in. There is a reason why major websites have different versions for many countries and if this is not respected we can end up not only offering items unlikely to be sold. where forms would be Page 33 of 43 – Srđan Popović HEMIS No. is that if a shopper uses interface in. All respondents involved both in early versions of the interface and in testing of the application were. Shopping centre administration must approve all products before they are offered on the website. However. except for language barriers. For the application to be accepted the interface would need to be translated to other languages. This goes beyond marketing and can have legal consequences. The application does not take into account geographic. and automatic translation tools are not yet at the stage where they would be reliable enough for this usage. Another issue. and in doing so they must rely on the legislation of its legal residence. Portuguese. Some of the requirements related to communication between parties have been implemented in a simplistic way. Moreover. Portuguese and French languages. this idea was rejected in favour of enabling product exposure to as many customers as possible. also related to languages. a method with clients only initiating communication and shopping centre administration subsequently contacting them through previously agreed contact channels and requesting Personal Identification Numbers is more secure. including at least Spanish. and is left to be done at a later stage. regardless of language in which they are presented. Nevertheless. cultural or economic differences and the same products are featured regardless of customer location. although web forms can be useful in standardising information requirements. Having a website targeting users in many countries should involve more than translation and localised orthography. Providing customised translation would have been too expensive. English language.

it is not ready for commercial use. due to a number of constraints. specified in the introductory chapter. Possible technological solutions for a web application supported by database are numerous and the author felt that any attempt to contribute in this field would be superficial. however. Of course. 353328 Submission Date: 2007/12 . Perhaps a combination of web forms and others means of communication would have been a more suitable solution. Connections to the database were done with SQL queries and there is no use of Java Persistence API or Hibernate. therefore being useful for knowledge consolidation.2. weak position of small shops in developing countries in the regard to e-commerce. All defined use cases are implemented and the application meets the specified requirements. from Java to MySQL server. project application quality depends on the implementation. so a simplified version was submitted as official project proposal.2 Evaluation of Practice and Methods When the project proposal was first mentioned the initial reaction from the University was this it might be too big and too difficult for any single student to create. that needed to be addressed and demanded focused attention. This has presented a significant learning opportunity and the author has benefited from the newly acquired knowledge. as their assistance involved not simple questionnaires that can be answered quickly. included technologies. 9. support clustered servers and replication of databases. which will result in need for partial application modifications and enhancements.limiting. The project activities not only included themes from all units at the MSc Internet Systems Development course. so the presented code can be implemented on scalable configurations. Most of the interviews were conducted with small companies from Brazil and this was limiting. but also made it necessary to do learn additional topics and to make independent research. Although this project represents a major step in creation of a full product. It was difficult to find them. Java Struts 1. All project objectives are met. the created code is robust. Project plan was well designed and time well managed. Page 34 of 43 – Srđan Popović HEMIS No. On the other hand. The application is unique and cannot be directly compared with other applications in its class. and even harder to motivate them. The program is not truly component based. and subsequently accepted. it compares well with the major e-commerce sites in developing countries. and this has been left vague. it is flexible and additional functionality can be introduced without great effort. having standardized forms would have made it easier to record the communication in the database and keep it linked to relevant shoppers. However. It is based on a widely accepted technology. which would have enabled a smoother programming integration through object-relational mapping. possibly involving customisation based on MSE location. The process of collecting requirements from the potential participants was the most challenging part of the project. It is the problem itself. From technical and programming perspective. At the initial stage the Data Flow Diagrams (DFDs) were designed and they have led to a full understanding of steps that needed to be followed. but hours of joint analysis. shops or products. within the mentioned constraints. Presented literature review focused on problem from business perspective and not on technology. Lack of profound international research will probably lead to identification of certain country specific issues during the implementation phase. Meeting any benchmarks would strongly depend on choice and organisation of servers and connection speed. however.

with support for database views or data analysis. Used procedure was to create interface prototypes which have naturally lead to view and controller classes followed by the design of model and as a result model and controller are too closely coupled. but at least partly because they were the most accessible. This would be more time consuming. For testing purposes the product was deployed on a personal computer and on a shared server with a web hosting company in the United States. however. As mentioned in the chapter with further requirements analysis. Most of the testing was performed directly by the author and testing with potential clients was limited to only a several users using the application for less than one day. Page 35 of 43 – Srđan Popović HEMIS No. but at the expense of model usability with a different controller and view. However. were chosen not because they were the best. assuming that this would be the corporate residence of the entity providing the application. There were no dedicated servers and no deployment similar to any real world implementation. but the resulting code would have better quality. The chosen solution is flexible. the fact remains that more external users should have been involved in the testing process. including Apache Tomcat and MySQL server. However. The supporting technical solutions. There was no testing configuration close to production environment.Study of legal sources focused on Brazil. If the project were to be repeated this approach would have been changed and the focus placed first on model. 353328 Submission Date: 2007/12 . programming code is not fully object oriented. There is no escape from the fact that model was build with view in mind. There was no beta testing with independent users who would take their time to review the application and provide comments and information on errors. the best practice solutions covered a wide range of developing countries and the rules and restrictions imposed by the relevant credit card authorities are international. obtaining a licence was not foreseen in the project budget. It is possible that a more reliable and efficient solution would use commercial products like Oracle or MSSQL server. and only then on building controller and view as one of the possible interfaces. The author is very grateful to those who provided this support.

a different business model would be needed. The proposed solution involved economy of scale and sharing of common resources. Classes and methods designed to enable submission of content by users. The potential usage of the project solution targets economic inequality in a sustainable. The developing world is already on the path to wider adoption of e-commerce and it can be expected that. nor was creating a business opportunity the primary motivation for this project. The project of this size and in such an evolving area can never be finished and the work can only be postponed. for example in sales of real estate. Page 36 of 43 – Srđan Popović HEMIS No. The specified problem is real and covered in recent publications. Not only should the future work go beyond specified project constraints. estimate that needed investment would be higher than potential benefits. Significance of this solution is in democratisation of online sales by allowing small shops in developing countries to take part in e-commerce. related to international development. with costs associated with using e-shops being covered through a small percentage of successful sales. credit card penetration and online market in these countries improve. However. Apart from technological and commercial aspect. personals or auction sites. together with the developed product search algorithms could also be used for presentations that do not involve direct online payments. through fairness and dedication to absolute integrity. as income of the population. While a system of payment and guarantees was designed to ensure that they are treated honestly be each other. trust in the application administration will have to be earned over time. 353328 Submission Date: 2007/12 . Of course. at this stage investments in e-commerce by small shops are often not considered justified by market conditions. having thousands of lines of reusable code is not the key outcome. who avoid participation in e-commerce and investing in online sales as they. which eliminates the possibility of low financial return of investment for participating enterprises. or for a group of co-operating shops. it should also involve numerous functionalities yet to be discovered through user feedback and further research. more and more MSEs will use online sales. the project has achieved its purpose. as specified in the project evaluation. A key component of developed e-commerce application is confidence by both buyers and sellers. While it is the author’s firm belief that this solution can help to reduce the scope of the problem and open the door for many potential participants who were left outside the e-commerce revolution. often rightly. as mentioned in the chapter with literature review. It has been widely acknowledged by the interview participants during the requirements collection process. However. including product images. The created application may be imperfect. which is something they are currently doing only in rare instances. but if it points to the right direction. there is another dimension. based on market principles. self-financed manner. The project application was built around e-commerce B2C model. but a great amount of created programming code could be adjusted and used. it has not been proven in the practice and remains in the realm of theory.10 Conclusions This project was based around an idea for a solution to a problem common to micro and small enterprises in the developing world. It would be relatively simple to extrapolate parts related to online sales that could be reused in an application designed for a single shop. For this solution to work a lot of improvements are still needed.

including Spanish. • Purchase and use SSL certificates. • Integrate code for outgoing transfers. • Determine country specific issues through wider international research. currier etc). searches and browsing behaviour and promote products accordingly. 11. as specified in detail in Appendix H.6 Outreach • Search engine optimisation and submission to main search engines and directories • Investment in paid advertising on Internet and in other media.1 Payments and Finances • Analyse alternative solutions for payments and guarantees. • Find best way to develop local versions targeting users in different countries.3 Implementation • Server segregation: separate database and Web / application servers. • Allow several photographs for each product.5. 11.11 Future Work The following items have been identified as excluded from the project and meriting future work: 11. • Limit product search by price or delivery options. • Customer targeting: analyse orders. • Determine if there is need for customisation based on MSE location and proceed accordingly.2 Functional Requirements and Interface • Translate application interface to several languages. • Allow payments in partial instalments. 11. • Build and implement a system monitoring plan. air. Page 37 of 43 – Srđan Popović HEMIS No.5. • Explore options for investment in technical education for micro enterprises. • Write Terms and Conditions.5 Testing • Testing by another person.4 and 3. • Explore potential of working with common interest groups. • Obtain support from Sabrae and similar institutions (see section 3. • Liaise with banks and credit card companies to enable processing for all major credit cards. 11. charity and other non-governmental organisations. humanitarian.5). • Testing in replica of production environment. 353328 Submission Date: 2007/12 . • Beta testing with user working independently from the author. 11. French and Portuguese.4 Research • Verify with users if advertising would be acceptable. • Explore other ways of marketing to buyers and sellers. • Increase usage of web forms for communications and storage of messages. • Allow further price differentiation for delivery methods (priority. • Write complete help pages and tutorials. • Place database server behind the firewall. including activity groups within religious institutions. • Write auxiliary application to help administration to retrieve encoded credit card data. • Develop staff training plan and work guidelines. • Integrate credit card verification code into the application. • Write Privacy Statement.

11. • Full cost estimate and profitability analysis. • Required assets. • Financing plan. • Presentation to investors. 353328 Submission Date: 2007/12 .11. Page 38 of 43 – Srđan Popović HEMIS No. • Marketing costs.7 Business Planning • Human resources.8 Other • Open Serasa account and integrate software with Serasa online services (see Appendix D).

C. Dudney. 8078 as of September 11. C. (2002). Berkeley: New Riders Publishing.. S. Receita Federal: Sistema Integrado de Pagamento de Impostos e Contribuições das Microempresas e das Empresas de Pequeno Porte. More Rivalry. 123 from December 14. 353328 Submission Date: 2007/12 . Krug. Building web applications with the leading Java framework. Ant. A..org Conallen. Page 39 of 43 – Srđan Popović HEMIS No.). Upper Saddle River: Prentice Hall. Lei complementar nº 123. Society.apache. R. 2006 from the Finance Ministry’s Internal Revenue Service website: http://www. B. 1990. E-commerce. J. The Art and Science of Selling Online. CDC (1990). 2006).12 References Barlas. Laudon. Translation by Foundation for Protection of Consumer (Fundação de Proteção e Defesa do Consumidor – PROCON). (2002). (2002). P.webstyleguide. A Practical Approach to Design.br/TextConcat/ Default. E. Techniques for Requirements Elicitation. Bennett. Los Angeles: The Investor Business Daily. 530-536). Mansell. Egea. R. Mansell.. Has the Internet Increased Trade? Evidence from Industrial and Developed Countries. 2007 from http://wicket. Building Web Applications with UML. Humphrey. (2nd ed. J.gov. Hekl. K. & Waack. & Linde. J. (2002). G. Brighton: Institute of Development Studies. Yale: Yale University Press... C. (2003). Intelligent Selling. de 14 de dezembro de 2006. Berkeley: New Riders Publishing LGMPE (2006).. More Money. & Menéndez. Upper Saddle River: Prentice Hall. R. & Lefebvre. M. Brazil Clarke. & Begg. G. 1. (2001). E-commerce and virtual enterprises: issues and challenges for transition economies. & Schmitz. In Fickas S. A. (2002). 2006 from the website of EC Directorate General for Enterprise and Industry: http://ec. Requirements Engineering '93 (pp. Washington: Institute for International Economics. Greenwich: Manning. 152-164). R. Washington: World Resources Institute. Martin. (2001). Comparing Wicket and Struts. Connolly.. The Reality of E-Commerce with Developing Countries. L. Maidenhead: McGraw-Hill Education. C. J. (2000). J. JUnit and Cactus. & Horton.). C. Paré. Indianapolis: Wiley Publishing. R. (2005). Global Marketing on the Internet. & Traver. Franciscus. Retrieved August 18. (2002). T. (Eds. Lenker.. Proceedings. Dumoulin. McRobb. Implementation and management. N. Hershey: Idea Group Publishing. pp. & Winterfeldt. (Complementary Law No.. Washington: The World Bank Group. Digital opportunities and the missing link for developing countries [Electronic version]. São Paulo. 2007 from http://www. (2nd Ed.. (2004). E-Government and Mobile Commerce (Vol.. Consumer Defense Code (Código de Defesa do Consumidor). L. (World Bank Policy Research Working Paper 3215). P. UML for Java Programmers..com/ Mann. & Farmer. S. C. Web Style Guide. June 9). Boston: Addison-Wesley. Electronic Commerce in Developing Countries. & Finkelstein A. Struts in Action. J.eu/enterprise/ enterprise_policy/sme_definition/index_en. C.). Issues for Domestic Policy and WTO Negotiations. Larman. (1993). & Lehr. Definition of Small and Medium Size Enterprises. S.. (2003). Upper Saddle River: Prentice Hall. San Diego: IEEE Computer Society. Petaluma: Multimedia Live.htm Finance Ministry of Brazil (2006).. (2006..asp?Pos=2&Div=GuiaContribuinte/Simples/ Goguen. Lefebvre.).. Law No. Database Systems. Lynch. New York: Elsevier Science. Oxford review on Economic Policy.C. Electronic version retrieved on April 20. J. H. T. K. D. (2002). G. R. Applying UML and Patterns. In Encyclopaedia of ECommerce. Train of Thoughts: Designing the Effective Web Experience. Object Oriented Systems Analysis and Design Using UML. 17(2). O. (2000). (2006). S. Business. What works: ViaSebrae’s e-commerce solution for small businesses. Retrieved December 15. Technology. Time Saving Solutions for Struts.. Brasília: Presidência da República. Harlow: Pearson Education Limited. C. Retrieved December 15. Husted. J. Don’t Make Me Think! A Common Sense Approach to Web Usability.receita. Burke. (2003).europa. European Commission (2006).). (4th ed. & Wallsten. (2001). S.. G. D... M. (2nd ed.fazenda. (2007).

UNCTAD (2005). E. Tigre.serasa. MasterCard Merchant Services.html Visa (2007b). (2003). New York and Geneva: United Nations Conference on Trade and Development.usa. Berkeley: New Riders Press. Paris: OECD. K. D. UNCTAD (2004). D. Retrieved May 12.com. In Encyclopaedia of E-Commerce. Card Acceptance and Chargeback Management Guidelines.. Boston: Addison Wesley Professional. & Lee.useit. (2004.mastercard.html MasterCard (2007b). (2003). PCI SSC (2006).). 1. Bill Gates Turns Sceptical On Digital Solution’s Scope [Electronic version]. Visa International. & O’Connor. Inherent E-Commerce Barriers for SMEs. B. E-Commerce in Developing Countries. Retrieved May 14. 2007 from http://rollerjm. 2007 from http://www. Guia de Prefeito Empreendedor.. Policies and institutions for e-commerce readiness: what can developing countries learn from OECD experience? Working Paper No. S. Turban. Viehland. Designing Web Usability. 2007 from http://www. E. Applying Use Case Driven Object Modelling with UML: An Annotated ECommerce Example. Retrieved May 12. International credit risk reports.M. (2001). San Francisco: The Association for Progressive Communications. Berkeley: New Riders Publishing. Version 1. & Loranger. Hoboken: John Wiley & Sons. (2002). Silva. Sabrae (2007).webreference.fr/ pro/Struts11. P. & Robertson.usa. E-Commerce and Development Report 2004. Upper Saddle River: Prentice Hall. Retrieved May 12. September 13). A Managerial Perspective. EGovernment and Mobile Commerce (Vol. Mastering the Requirements Process (2nd ed. (2006).com/ merchants/index. (2000. retrieved October 25.1. H. Sachs. Nielsen. (1999). Visa (2006).visa. A. The New York Times. pp. Electronic version retrieved on April 8.. 2006 from http://www. J. New York and Geneva: United Nations Conference on Trade and Development. Tools and Practices for Building a Secure Internet Business. King. Rules for Visa Merchants. Visa International.1 Controller UML Diagrams. (2004). Nielsen. 2007 from http://www. Prioritizing Web Usability. (2006). Visa (2007a). Struts 1.. J.J. G. Payment Card Industry Security Standards Council. D.com/programming/web_usability/ Odedra-Straub.html Wiegers. 2007 from http://www.MasterCard (2007a). Useit. Retrieved April 15.com/Authoring/Design/Back/ Serasa (2007). J.html Rosenberg. C. E-Government and Mobile Commerce (Vol. Web Design in a Nutshell. G. M.ejisdc. Lei Geral de Micro e Pequena Empresa. Brasília. Hershey: Idea Group Publishing. Page 40 of 43 – Srđan Popović HEMIS No. T. Electronic version retrieved April 15. Retrieved May 12. Electronic Commerce. pp. 11. & McClain. Information Economy Report 2005. Payment Card Industry Data Security Standards. 353328 Submission Date: 2007/12 . K. Back to the User: Creating User-Focused Websites. Cambridge: O’Reilly & Associates. 1. 2007 from http://www. Toland. C.com/us/merchant/security/what_can_do/beyond/index.com Alertbox. Software Requirements (2nd ed.free.. The Art of Software Testing (2nd ed. E-Commerce Merchant Guide to Risk Management. H. S. K. In Encyclopaedia of E-Commerce. J. & Scott. Visa Information for Merchants. M. E-commerce in Brazil: an overview. Roller. (2001). E-Commerce and Development: Whose development? The Electronic Journal on Information Systems in Developing Countries.).html Myers. 2007 from http://www. M. November 3).php/ejisdc/article/viewFile/60/60 Robertson S. J. 12 Potential Signs of CNP Fraud. Verhovek. New York: United Nations..br/ Sharma. (2003). (1999).mastercard.. (ed) (2003).). (2006). The Need for Web Design Standards. 189. Boston: Addison Wesley.. Hershey: Idea Group Publishing. Niederst.org/ojs2/ index. 308-312). 2007 from http://wdvl.internet. J. ICT Policy Handbook. Berkeley: New Riders Press. (2002). Retrieved August 22. 2007 from http://www.html Nielsen J. (2006). (General Law on Micro and Small Enterprises).visa.com/ us/merchant/index..com/ merchants/risk_management/card_not_present. (2006).com/alertbox/20040913. Serviço Brasileiro de Apoio às Micro e Pequenas Empresas. Redmond: Microsoft Press. What You Can Do To Protect Yourself As A Merchant. 627-630). Visa (2005). J. D. Nicol.

Washington: The World Bank Group. Washington: The World Bank Group.World Bank (2006a).org/DATASTATISTICS/Resources/CLASS. List of Economies. Retrieved December 14. 2006 from the World Bank website: http://siteresources. World Development Indicators 2006. Page 41 of 43 – Srđan Popović HEMIS No. InfoDev report. 353328 Submission Date: 2007/12 . World Bank (2006c). Scaling up innovation and entrepreneurship in developing countries: the role of private sector finance. July 2006. Doing Business in Brazil.XLS World Bank (2006b). World Bank (2006d). Washington: The World Bank Group. worldbank.

.....................................................................34 Appendix E – Legislation and Legal Issues.................................106 Shopping Centre Staff Access .................................................................................................................................102 All External Users ...............................................................32 Methodology .............................................................150 Package com...............33 Interview Notes .................................47 Appendix H – Alternative Solutions for Payments and Guarantees......................................................................................131 Appendix N – Screenshots....116 Appendix L – Database.......................114 Shopping Centre Staff: Manage Categories......................................69 MSE Registration and Approval .............................113 Shopping Centre Staff: Manage Orders ..........121 Relations ......42 Defective Products..................................................................................122 Data Encryption ........................................................................................................................................45 Appendix G – Product State Transition Diagram (STD) .......................................................................84 Shopper: Products and Shops ....migomart........................................................108 Shopping Centre Staff: Products and Shops................................................................................................................................................................................................................................................................admin................................................................................................................................................................125 Appendix M – Interface ...........................................................................mse...50 Appendix J – Apache Struts and Object-Oriented Paradigm...................124 SQL Code to Re-create the Database ................................................struts................................................................................................................................................................................................................43 Prohibited Items ..................................................................... 353328 Submission Date: 2007/12 ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................134 Appendix O – Code Listings..................................................................................................................................................................90 Shopping Cart and Checkout ......................................................................................................................................................................................web.............................................................................................................................................................143 Package com.....................................................................................................32 Coverage and Practical Issues ..................................................................................................access......................................................43 Exporting..............................................................................................................................struts...48 Appendix I – Use Case Analysis .....14 Appendix D – Interviews.......................................42 Product Presentation....................................................................................................................migomart.................................................................................................................................206 Page 42 of 43 – Srđan Popović HEMIS No.....................................................................................................................................................................................................migomart........................................................................................................................................50 Use Cases .......................................74 Shopper Registration and Sign-in ...............167 Package com.......................143 Package com..................115 Shopping Centre Staff: Transactions and Financial Information ..........................................................................................................................................98 Shopper Account Management...............................................................................................................................................................................43 Delivery Guarantees ............................................44 List of Sources ............................................................................................................44 Appendix F – Analysed Best Practice E-Commerce Solutions...............................................68 Appendix K – Further Requirements Analysis and System Design with UML Diagrams....................................................................................................struts....................................................................................................................................13 Appendix C – Data Flow Diagrams (DFD)......................42 Liabilities ................................................................................................................................................................................................................................121 Entities .............................................110 Shopping Centre Staff: Manage Information on Shoppers.................................................................................................................................................migomart........................................................................................................................................................50 Actors....................................... 9 Appendix B – Project Plan.............................................................69 MSE Account Management ..................................................................................................................................................................................................................................................13 Table of Contents of Volume 2 (Appendices) Appendix A – Project Specification ............

............772 Character Set Issues.....................shopper..........................................................................................access.........struts..................................shopper...................................................migomart......................775 Methodology .............................migomart..............................774 Load Testing .account ....................................................................................................797 Page 43 of 43 – Srđan Popović HEMIS No.......................................................................................220 Package com....................................................................................................model........................795 Testing with Users: Usability and Acceptance Testing....................................................................................................checkout........................... 353328 Submission Date: 2007/12 .....................................................769 White Box and Black Box Testing .................................migomart...............shopper.......................................758 Appendix P – Testing .............................................................................................................................................................................................................migomart....................................443 JSP Pages .............account ..................................................................................................................................................................................................................struts.......................Package com...........................................................migomart................................................................................................struts.........................................................................................................775 Testing scripts.......................................................................................................shopper...............migomart......beans ................cart........................290 Package com......struts.................................................................................................migomart....................................................................................model..........................................................................................................276 Package com...................................................................769 Code Inspections and Walkthroughs.............................................................................................................................................................................................775 Results and Modifications ....................264 Package com........................................................767 Business Logic Layer....................376 Configuration Files ...........................................................................756 StyleSheets.........420 Properties File................................................................................................774 Limitations....................................................277 Package com..........................767 Presentation Layer.....................................................769 Data Layer .........................................................mse.................................................................................................................................445 Scripts............................................................................................................................................................796 Appendix Q – List of Abbreviations ...........................................struts..........................................773 Higher Order Testing.......................................................................................246 Package com................................