Electronic Business On The Internet

Electronic Business on the Internet
- Tutorial -
How to Make Your Own E-Commerce Site:
The Design Engineer Viewpoint
Authors: Marjan Mihanovic, marjanm@eunet.yu

Dusan Dingarac, dingo@sk.co.yu
Zoran Horvat, zoranh@eunet.yu
Miodrag Stefanovic, mik42@yahoo.com
Prof. Dr. Veljko Milutinovic, vm@etf.bg.ac.yu
What will you learn from this tutorial?
This Tutorial will guide you through the following sections:
 INTRODUCTION
– You will become familiar with some basic techniques and terminology.
 YAHOO! Store
– The easiest way to make your business Internet-enabled
 ecBuilder
– Software package, intended for creating more advanced eCommerce
solutions, still very easy to use.
 SSL
– What is Secure Socket Layer, and why is it so important?
 Microsoft Site Server Commerce Edition
– The most powerful tool,
for the large and most advanced e-commerce solutions.
 E-Xact Online Payment System
– How does payment transaction really works.
Made by: Ifact

Introduction to E-Commerce
E-Business - The shape of things to come

Introduction
 E-business has made lots of innovations in modern business.
 Today, the most important way of doing E-business
is over the Internet.
 Old kinds of E-business systems are either canceled
or improved so they can work over the Internet.
 In the next two years
one percent of World Trade will go over the Internet
(billions of dollars).
Made by: Ifact

Introduction
 By using modern techniques such as:
– World Wide Web (WWW)
– Intranet
– Extranet
– Virtual Private Network (VPN)
– Secure Socket Layer (SSL) encryption
 Business over the Internet is opening
a whole new world of opportunities:
Made by: Ifact

Introduction
 Better communication inside company (Intranet)
 Geographical location of company parts
became transparent (VPN)
 Collaboration with distributors and suppliers on scheduling
 Forecasting, and just-in-time
replenishment of supplies (Extranet)
 Telecommuting (employee can do his/her job from home)...
Made by: Ifact

Introduction
 The most interesting part of E-business over the Internet
(also called I-business)
is E-commerce over the Internet (I-commerce)
 Over 170 000 000 people,
that were using Internet on 1.1.2000.,
can be potential customers
 Number of Internet users doubles every three years
 The most important thing for I-commerce is web store;
a place where you can show and sell
your goods to Internet users.
Made by: Ifact

Web store
 Having web store is much cheaper
than having a classical one
 For web store you don't have to pay dozens of bills:
– rent
– electricity
– water
– city taxes
– cleaning...
 You don't need to worry
if your store is in a good location for customers
 Also, you don't need any salesmen.
Made by: Ifact

Web store
 Your store is working non-stop:
 24 hours per day
 7 day per week
 365 (366) days per year
 Your customers from all over the world
can spend their money without any time-zone limits.
Made by: Ifact

Web store
 Internet is one giant market
where you can sell your goods to anyone, anywhere
 A number of countries that had been marginalized
by their geographical position
take extremely active interest in E-commerce
 With E-commerce those countries can move
to the center of the virtual geography
 With your own Web store
hundreds of millions of people
are just one click away from your business.
Made by: Ifact

Web store
 Let us see what is needed to open a new web store:
 1. Getting an Internet Merchant Bank Account
(account that enables credit card transactions over the Internet)
 2. Web Hosting
(getting WWW space with some Internet provider)
 3. Obtaining a Digital Certificate
(obtaining initial keys for encryption, etc…)
 4. Finding a Provider of Online Transactions
(middleman between your customer and your bank)
 5. Creating or Purchasing a Shopping Cart Software
(getting hold of the web store infrastructure: sw-shelves, etc…)
Made by: Ifact

Internet Merchant Bank Account
 In order to be able to accept
credit cards over the Internet,
you must apply to your bank
for an Internet Merchant Bank Account
 Depending on which country you live in
and what bank you are with,
this can be relatively easy or somewhat difficult.
Made by: Ifact

In the U.S.A.:
 In the USA, this is a fairly simple procedure
 Many banks offer Internet Merchant Accounts,
and most Online Transaction Providers will support them
 Contact your bank for details.
Made by: Ifact

Internationally:
 Majority of Online Transaction Providers
are located in the USA
 They are restricted in their ability
to interact with banks outside their own country
 International merchants have very little choice
 An international merchant has to find a way:
– to get a US merchant account
– to find a local Online Transaction Provider
– or utilize one of the few companies
that services the international market
Made by: Ifact

 Many banks outside the US
have very restrictive policies
regarding Internet accounts
 Luckily, the situation is improving
 Most Online Transaction Providers will help you with this
if you get in touch with them.
 EU has recently adopted a recommendation
aimed at making E-commerce easier
(liberal domain assignments, int’l Internet banking, etc…)
Made by: Ifact

 Keep in mind when you apply for a Merchant Bank Account:
 A US merchant account can take
up to a month to come through
 If you already have a merchant bank account,
you will probably also need to upgrade it
to an Internet account
 Ensure that your bank accepts Internet merchant accounts
and has credit card processors that can connect to
FDC, Paymentech, or CyberCash (alternative payment methods)
 Your account must be able to handle
Card Not Present transactions (important!).
Made by: Ifact

Web Hosting
 Web hosting is a very important step in this process
 This is how you gain a presence on the Internet
in the first place
 It is important that the web hosting company
is capable of providing you with the level of service
that you need to maintain your Web store
 A few things to look for are:
– Good uptime (over 99,5% guarantied)
– Good technical support (your store is working non-stop)
– Fast connection to the Internet
– Staff that is knowledgeable about E-commerce
– Compatibility with major E-commerce providers
– Classified statistics of access to your Web site
Made by: Ifact

Web Hosting
 It is always good to spend some time
when choosing a Web hosting company
 There are many 'fly-by-night' businesses out there
(if you are working globally, night jobs are not wanted)
 For the money you're spending,
make sure that the company is reputable.
Made by: Ifact

Obtaining a Digital Certificate
 A digital certificate (SSL Server Certificate),
enables SSL on the Web server
 SSL protects communications,
so you can take credit card orders securely
 It ensures that hackers cannot eavesdrop on you
 Any E-commerce company will require you
to have SSL before you can use their services
 For most people
obtaining a digital certificate is not a problem
 For a minimal fee,
one can usually use the certificate owned by
the Web hosting company where your page resides.
Made by: Ifact

Obtaining a Digital Certificate
 If you are a larger company, however,
you may want to get your own digital certificate
(for CC processing and/or for processing of sensitive data)
 A certificate costs about $150.00 per year
and can be obtained from
– Verisign (http://www.verisign.com)
or
– Thawte (http://www.thawte.com)
Made by: Ifact

Provider of Online Transactions
 Before you start looking for a provider,
you should stop for a moment
and consider what exactly you need
 How many transactions do you expect
to be completed in a month?
 How many products do you have
to put on your web site?
 How complex does the software need to be?
 How much are you willing to spend?
Made by: Ifact

Provider of Online Transactions
 There are a lot of online transaction providers
 They offer all kinds of packages
 Decide on a provider's package that fits your needs
 This is perhaps the most important aspect
in creating an E-commerce Web site.
Made by: Ifact

Shopping Cart Software
 Shopping cart software is the most popular
and the most widely used concept of Web store architecture
 There are many other types of software
that you can use in your store,
such as catalog software or a flat order form
 Creating or purchasing a Shopping Cart Software?
 Creating can be very complicated without proper tools
 Creating can be very expensive.
Made by: Ifact

 Many Online Transaction Providers will have
shopping cart software that comes with their service,
but it can often be very expensive
 Another possibility is a package that offers it as a rental
included in the monthly service charge,
or one that offers a simple flat order form
 Maybe purchasing of good tools is the best solution
(ecBuilder or Microsoft SSCE;
Yahoo! Store is a ready-to-use Web store).
Made by: Ifact

 Generally it is possible to find
three different types of Web store
 Three types of Web store creating and shopping cart software are
best represented with three examples
discussed later in this tutorial:
• 1) Yahoo! Store
• 2) EcBuilder
• 3) Microsoft Site Server Commerce Edition
Made by: Ifact

Credit Card
 The most widely used way of purchasing
over the Internet is Credit Card
 The consumer surfs the Internet to the merchants Web site,
where he/she decides he/she wants to buy something.
 The consumer is moved to the online transaction server,
which ensures security.
 Transaction (credit card billing) is passed
through private gateway to a CC Processing Network,
where it is completed (or denied).
Made by: Ifact

Credit Card
 System of validating card data
and making a transaction is shown on this picture
Other Merchant Sites

Bank
Bank
Consumer Online
Merchant
Internet Site
Transaction
Server Bank
Bank
Consumer
Other Merchant Sites issuing and
Consumer
acquiring
Private Gateway
banks
Made by: Ifact

Electronic Cash
 Contrary to Credit Card,
Electronic Cash is informational equivalent
of physical banknotes and coins.
 It is perfect for so-called micropayments
(such as paying $0.10 for the one-time use of software
or $0.19 for reading a literary essay)
 Electronic Cash can offer such benefits as
– anonymity of the buyer
– global acceptance...
but Credit Card will be dominant for at least the next few years.
Made by: Ifact

Marketing...
 When the Web store is ready for customers,
marketing your site is very important:
– Submit your site to as many search engines as possible
– Try finding Web sites with similar themes
and make deals to create reciprocal links
– Create an advertising banner
and purchase space from a popular Web site to display it
– Put your URL in the signature file of your email
and the header of all business correspondence
– Word of mouth is very powerful on the Internet;
tell all of your friends about your page
– Avoid spamming - it is a sure way to get a very bad reputation.
Made by: Ifact

... and Planing
 Investigate the web sites that are possible rivals
and formulate a strategy for competing against them
 If you anticipate a lot of growth
in the amount of orders coming through your site,
figure out how you are going to cope with
the increased load before you get swamped.
Made by: Ifact

Yahoo! Store
Introduction to Yahoo! Store
 Yahoo! Store is a powerful tool for building e-Commerce sites.
It can be accessed on the Internet address http://store.yahoo.com/.
 Basic advantages
– Low cost for small stores,
thus highly applicable to small business solutions
– Intuitive interface, easy to use
– Results are visible immediately
– Powerful support provided by Yahoo! on a number of topics
concerning e-Commerce and e-Business
Made by: Ifact

Introduction to Yahoo! Store
 Basic disadvantages
– Cannot create original look of the e-Commerce site;
sites on Yahoo! Store look similar to each other
no matter what effort was taken for visual design.
That is because all sites are forced to have the same structure,
and only graphical elements and their arrangement on the screen
may be partially different
– Company still needs its own server
in order to use most advanced capabilities of Yahoo! Store
(e.g. custom functions for tax and shipment calculation).
If company owes a server (virtual or real),
it can use other tools (such as ecBuilder)
to create more flexible e-Commerce site.
– Yahoo! Store certainly cannot fulfill all e-Business demands
asked by big companies
Made by: Ifact

Registering With Yahoo!
 Yahoo! Store IDs are maintained on the level of Yahoo!
(not on the level of Yahoo! Store),
so once you get an ID, you can access all Yahoo! services
 Obtain Yahoo! ID by registering at http://www.yahoo.com/
or at http://store.yahoo.com/.
 This ID offers pass to Yahoo! services like:
mail at mail.yahoo.com,
e-Commerce at store.yahoo.com, etc.
 If you are already using some of Yahoo! services,
you do not need to register again;
just use the same ID to create the store.
 Once logged on, the welcoming screen will be shown.
 You may take a look at some featured stores
by clicking on appropriate links,
or you can take a search in order to find some specific store
by using the Search field.
Made by: Ifact

Creating the Store
 First step in
creating your own
store is to click on
Create a Store
link.
 This action leads
to the store editor.
Made by: Ifact

Creating the Store
 In order to create a store, the user is prompted for:
– ID of the site - this field also becomes the address of the site; complete
address of your store after publishing will be
http://store.yahoo.com/xyz, where xyz is ID you typed.
It should be clear that once entered ID cannot be changed
later since it is the WWW address, as well:
user must be very careful when selecting this item.
It also has to be checked whether the specified ID is already in use:
if so, another ID should be entered.
– Name of the site - this field is in fact the name of the company.
Whatever is written as name, it will be shown at the top
of the front page of the site.
Made by: Ifact

Creating the Store – Final Step
 Suppose at this moment that we
are featuring a company named
Raspberries, Inc., which offers
ecological fruit: raspberries,
blackberries, and strawberries.
 Each fruit is offered in a number
of forms: fresh, frozen, juice, etc.
 First we want to create the store
for our company: we may type
rasp in the ID field, and
Raspberries, Inc. in the name field.
 Thus, our WWW address will be:
http://store.yahoo.com/rasp,
and heading on our front page
will read Raspberries, Inc.
Made by: Ifact

Instructions by Yahoo!
 After clicking at the Create button, a screen with instructions
will be shown. There you will find some important
information about your future store:
– An account we have just created is temporal;
transforming this account into real one will be presented later.
– This temporal store will be treated for ten days,
and after that it will be automatically deleted.
(Whenever you log onto your store,
current day countdown will be shown,
just to remind you that your store will be deleted
if account is not transformed.)
– During the test period of ten days, the site will be fully operational,
except that orders from customers will be scrambled;
it means that your temporal account cannot be used to make profit
until it is converted into a real account
(the submitted CC# will not be visible to the store owner, etc...).
Made by: Ifact

Types of Pages on the Store
 Each store has three types of pages:
– Front page - the first page of the site
– Section pages - each section presents separate items for sale,
showing only the most necessary properties
of each item (such as price)
– Item pages - each item is represented on a separate page,
containing all important data (price, design, size, quantity, etc.)
 Links to section pages are provided on the front page.
 Each section page contains names and pictures
(if provided) for items in that section.
 By clicking on some item, the appropriate item page is loaded.
 Items can be put directly onto the front page,
without creating sections at all.
This option is preferable when only a few items are offered.
Made by: Ifact

Preparing to Edit the Store
 After signing
with Yahoo!,
the screen
with options
will be shown.
 The key page;
each one of
the 8 sections
contains links
to vital
activities
 Only manager
can access
this page; not
the shopper.
Made by: Ifact

Selecting the Interface
 At this moment, we are interested in the Edit section,
which allows us to edit our store.
Three options in this column represent three types of interface:
– Simple Interface - shows only the necessary options
for store building
– Regular Interface - shows some additional options,
which allow the user to create a better visual look of the store
– Advanced Interface - shows the complete Yahoo! Store functionality;
its use is recommended to experienced programmers only.
 The three options differ in the amount of tools available for edit
 Only the last option allows links to other sites for extra functions
 In the Edit section, click to link Simple,
in order to step into Simple Interface for store building.
Made by: Ifact

Simple Interface at First Glance
 After stepping into Simple Interface,
a line with options will be shown
at the bottom of the screen.
 Also, online help will be available.
Click to Hide Help button, if you want
to remove help from the screen.
 It is recommended for new users to
leave online help visible for a while.
 Online help is initially shown for
Simple Interface, and for Regular and
Advanced Interface it is initially
hidden.
 In all interfaces, help can be
toggled on/off with a single click.
Made by: Ifact

Initial Look of the Front Page
 Now we shall add content
into our store: we should
create sections for different
kinds of items, and then fill
each section with
appropriate items.
 Before sections and items
are added, our front page
shows only the heading.
 Font, size, face color, and
background color are all
set to defaults.
 We shall see later how
these properties can be
changed in order to meet
our special demands.
Made by: Ifact

Menu Bar at the Front Page
 The line with options at the center of the page is context-sensitive.
 Previous figure shows its look at the front page of the store.
It will look partially different on section and item pages.
 Light yellow buttons on the bar are available.
Grayed buttons are unavailable.
For instance, last button which reads Published
shows that our site is currently published
and another publishing is meaningless.
When we make some changes,
this button will read Publish and will be available.
 The first button is Edit. It allows us to edit the current page,
in this case the front page. This option will be used
to change some general aspects of the front page.
Made by: Ifact

Page Variables
 If we click the Edit
button at the front page,
another page
with properties of the
front page will load.
 Properties are referred
as Variables.
 Each page contains a
number of variables that
describe all relevant
details of its look and
structure.
 The site creation activity
boils down to the
changing of the values
of relevant Variables!
Made by: Ifact

Variables for Front Page
 Field names on this form are self-explanatory:
– Page-title shows title of the browser window
– Page-elements is the list of elements
that should be shown on the front page
– Image field allows us to upload an image,
which will substitute the name of the company
– Image-format shows three possible positions of the image:
left, banner, and unconstrained
– Buttons field is also a list, containing buttons
that should be shown on the left margin of the front page
– Message contains text that should be written under the store title.
 Some other fields will be explained later.
Made by: Ifact

Changing Some Variables
 At this step, we will enter the page title and the logo message.
 Let page title be: Green food from Serbia.
 If no page title is entered, store title will be used instead
(in our case, Raspberries, Inc.).
 Message might be assumed as company motto,
e.g. Our fruit knows of no chemistry.
 We also may upload a title image by pressing
the Upload File button at the appropriate row.
If this image is loaded, it will be used instead of the store title,
i.e. instead of Raspberries, Inc.
 Note that page loading time will be longer when the uploaded
image is bigger. It is highly recommended to upload
images smaller than 20kB, in order to keep high performance.
Made by: Ifact

Creating New Section
 Now we may create sections on our front page.
 We will make three sections:
– Fresh Fruits
– Frozen Fruits
– Finished Products
 In order to create a section,
you should click onto the New Section button on the menu bar.
 Then, you will be prompted for name and caption
of the new section.
Made by: Ifact

Creating New Section
 To finish section creating,
click the Update button.
 In the same manner,
another two sections
can be created.
 After each section is
created, appropriate
section page is loaded.
 In order to return to the
front page, click Home
button at the left margin
on the section page.
Made by: Ifact

Selecting General Look of the Page
 Now we may take some time to change the general look
of the front page.
 The simplest way to do this is to click the Look button
on the menu bar.
 After that, another line with buttons will load,
containing general templates.
 Each look can be selected by simple clicking
on the appropriate button. You may feel free to
experiment with different styles, in order to find
the one which best fits with your store style.
Made by: Ifact

Selecting General Look of the Page
 Figure shows one possible look of
our front page (style Soft on the
menu bar). It is important to know
that all pages (currently our three
section pages) will share the same
look.
 Note that the menu on the left
margin contains three buttons,
each of them leading to one
of our sections.
 It is highly recommended that all
pages on the site have the same
general visual properties, in order
to set impression of stability and
consistency to the customer.
Made by: Ifact

Page Variables
 Once the general look of the store is selected,
some details can be fixed manually.
 Complete look and structure of each page is described
through its variables.
Variables are in fact properties of the page,
and can be viewed by clicking onto Variables button
at the menu bar.
 Variable identifiers are mostly self-explaining,
so the use of the Variables section should be quite simple.
 For instance, there are variables Button-font-size, Title, Email,
Page-width, etc. with obvious meanings.
Made by: Ifact

Changing Variable Values
 Figure shows some of
the variables for the
front page.
 Value of the
Background-color
variable is changed
from white to pink, by
clicking onto the
Select button, next to
the variable name.
 After the Update
button is pressed, our
front page will have
pink background.
Made by: Ifact

Variable Inheritance
 Once the variable is changed
at the front page,
all pages will have
the new variable value as well.
 For instance, our section pages will
have pink background as the front page
does. Figure shows Fresh Fruits section
with the pink background.
 Note that the menu bar is somewhat
different on Fresh Fruits section page
from the one on the front page.
Menu bars are context-sensitive,
and tiny differences will arise
on different pages.
Made by: Ifact

Adding an Item to the Section
 Now, we may try to add items into
our store. Menu bar on section
pages contains New Item option.
 After clicking to New Item option
(say, on the Fresh Fruits section
page), a form will be loaded.
 Four properties of the new item are
asked for: name, caption, code
(this is internal code of the item),
price in US Dollars.
 After clicking to the Update button,
our item will be added
to the Fresh Fruits section.
Made by: Ifact

Uploading an Image for the Item
 After a new item is created,
the appropriate item page will be loaded.
Now we may add ANY image for our item:
click onto Image option on the menu bar,
and upload an image
 Make your own images; no library of images available!
 Note: after clicking to Image option,
another form will be loaded, offering us to browse for the image.
 There will also be a button for final image uploading.
If this button does not exist,
meaning that you cannot upload an image,
it means that your browser does not support uploading.
You should either change the browser,
or update it to newer version.
Made by: Ifact

Full Look of the Item
 After an image is uploaded,
it will be shown both on the
item (upper figure) and the
section pages (lower figure).
 Note that image is shown
in full size on the item page,
and as a thumbnail at the
section page.
 Also, there is an Order button
at the item page. User will be
able to order our product by
clicking on that button.
Made by: Ifact

Final Look of Fresh Fruits Section
 In the same manner,
we can add other items
to our Fresh Fruits page.
 Figure shows possible look
of the Fresh Fruits page
after four items were added.
 By clicking either on the name
or the image of any item,
appropriate item page will be
loaded: then, the user can order
the wanted amount of the
product.
Made by: Ifact

Changing Variables for Single Page
 Now, we may try to edit variables on the Fresh Fruits page.
 By clicking the Variables option at the menu bar,
the list of variables will be loaded.
We may try to change the Background-color variable again,
and choose some other color,
hoping that our Fresh Fruits page will be in a different color.
 New color will be set for the Fresh Fruits section page indeed,
but all the other pages will be changed too,
and that is not what we wanted!
 In fact, we want to change the background color
for Fresh Fruits section only,
and leave all other pages with pink background.
 Well, this task cannot be performed on Simple Interface:
Regular or Advanced Interface should be used.
Made by: Ifact

Starting Regular Interface
 In order to use Regular Interface, type URL
http://store.yahoo.com/ at your browser again.
 If needed, retype your username and password.
 Your personal page should be loaded,
offering you to manage your stores.
 Click onto rasp store, and the manager page will be loaded.
 In the Edit part, click Regular in order to load Regular Interface.
Made by: Ifact

Menu Bar of the Regular Interface
 At first glance,
everything is the same as it was at the Simple Interface,
except that menu bar carries much more options.
 Notice a small triangle at the end of the menu bar.
By clicking at this triangle,
our interface will be upgraded to Advanced.
 At the Advanced interface, the same triangle will exist,
but it will be turned to the left,
and will be used to downgrade to Regular Interface.
 From Simple to Regular/Advanced by new login;
from Regular to Advanced and back via red arrow
Made by: Ifact

Overriding a Variable
 Now, we can step to our Fresh
Fruits sections. When the page
is loaded, click onto Edit button
on the menu bar.
 Page with options for this page
will be shown, and among other
things, there will be
a button reading
Override Variable.
 After clicking at this button, a
simple form will be loaded,
allowing us to select the variable
which we want to override.
 All Variable values are the same,
except where we override the
Variable, locally
(for one page only)
Made by: Ifact

 Variable overriding is a powerful option,
which allows us to change one variable for one page only,
and leave its old value for all the other pages.
 For instance, we may select Background-color variable
in the list offered at the Fresh Fruits page,
in order to change the background color for this page only.
 Click onto the Update button
to select Background-color variable for overriding.
 When you click to the Update button,
the variable is only set for override;
the actual value does not get changed
 The actual value gets changed by clicking to Edit button,
on the specific page of interest; the Variable will be shown,
and you can change it, by clicking where appropriate
Made by: Ifact

 Now the Background-color variable will be shown
at the bottom of the Edit page,
and it will be possible to change its value separately.
 Once changed,
the new color will be applied only to the Fresh Fruits page,
and all other pages will keep the pink background.
 Figure shows the bottom of the Edit page
containing the orange background color:
only the Fresh Fruits section page now has the orange background.
Made by: Ifact

Overriding a Variable: Undoing
 If you change your mind
and wish to discard overriding for some variable,
you may step to the Edit page again,
and click onto the Undo Override button.
 Then select variable you wish to discard overriding,
and click onto the Update button:
the selected variable will be cleared from the list
of overridden variables.
Made by: Ifact

Setting an Item to Be Special
 There may happen that you want to set some item
as a special offer.
 For instance, fresh raspberries might be considered
as a representative product of our company.
 Yahoo! Store offers one simple option that helps
to emphasize some item or section.
 At the Regular Interface,
at the page you want to emphasize,
there is an option reading Special.
 Click onto this option,
and a link to current page will be added to the front page.
Made by: Ifact

Setting Item to Be Special
 For instance, we may set
fresh raspberries to be “special”.
In that case, front page will look
as shown on the figure.
 If you change your mind later,
you can easily put the item
off the front page
 Special option on the menu bar
now reads Not Special.
Click on the option,
and the item will not be special
any more.
 Figure shows the front page look
after Fresh Raspberries (in crate)
are set as special item.
Made by: Ifact

Concept of Accessories
 There is another option somewhat similar to the previous one.
 In some cases, it is good to offer some accessories
along with some offered item.
 For instance, if you are selling raspberries in plastic plates,
you may offer spare plastic spoons along with it.
 In many cases, this can be a useful option,
because a user can order a product
and the appropriate accessory at the same page,
without jumping around the store.
 In order to add accessory, click onto New Accessory option
at the menu bar on the item page of interest.
 After that, fill the form with variables describing the accessory,
just as you would do for a regular item.
Made by: Ifact

Adding an Accessory
 As an example, we may add offer
of plastic spoons onto the
Fresh Raspberries page.
 Click onto the New Accessory
option, and fill information
about our spoons;
an appropriate image
should be uploaded, as well.
 If you change your mind later, and
wish to clear the accessory from
the page, just click onto it, and
then select Delete.
After confirming the deletion,
accessory (the entire bottom part)
will be removed.
Made by: Ifact

Internal Clipboard
 Another useful concept of Yahoo! Store is internal clipboard
(a place where the deleted pages are kept).
 Suppose you wish to move or to copy some contents
(item or section; the only options for move) from one page to another.
Internal clipboard can be used for that purpose.
 Without this option, one would have to delete the contents
and then to create a new one (identical) elsewhere, manually (painful!)
 There are three possible actions when working with clipboard:
– Copy - Copies the page onto clipboard; original object is left intact
– Cut - Copies the page onto clipboard, but also deletes the original object
– Paste - Copies the object from the clipboard to the current position
 Content of the clipboard is being cleared each time you log off
from Yahoo! Store. If you cut an item,
and then do not paste it on some other place,
it will be irretrievably lost after you log off.
Made by: Ifact

Using Internal Clipboard
 Contents of the clipboard is
visible underneath the menu bar
(only if it is not empty),
in the right-hand field
(left-hand: the paste command)
 For instance, if we click Copy
when being on Raspberries
(crate) page, the complete
page will be put on the
clipboard. We can later step
to the Frozen Fruits page,
in order to paste the item there.
 In order to paste the object, just
click onto its name in the
clipboard section at the bottom
of the page.
Made by: Ifact

Publishing the Store
 At the end, when our store is finished, we should publish it.
To publish the store, go to the front page
by clicking on the Home button on any page,
and then select Publish option at the menu bar.
 Our updated store will be immediately visible at the address
http://store.yahoo.com/rasp/.
 Remember that your store will be automatically deleted
ten days after it is created (not published).
In order to avoid this, you should turn your temporal account
into real account: at the introductory page for our store
(at the page where you had selected the interface type),
there is at the bottom of the page a link reading Open your account.
 Click on this link,
and Yahoo! will lead you through the rest of the registering process.
Made by: Ifact

Final Notes
 One advice: Do not wait until the tenth day to create your account.
Web services are not reliable enough yet,
and you may be quite disappointed
if you get into position to create the complete store all over again!
 One of important topics of Yahoo! Store is its price.
Stores are valued by its size, i.e. the number of items offered.
There are three categories:
– Small store - With up to 50 items; it costs $100 per month
– Medium store - With up to 1000 items; it costs $300 per month
– Large store - With more than 1000 items;
it costs $300 per month for first 1000 items,
and additional $100 per month for each next 1000 items;
for instance, a store with 2300 items would cost $500 per month.
Made by: Ifact

ecBuilder
ecBuilder
 Product Name:
ecBuilder
 Manufacturer:
MultiActive
Software inc.
 System
requirements:
Desktop PC
with Microsoft
Windows
operating
system and
Microsoft IE 4.0
or Netscape 4.0
Product URL: http://www.ecbuilder.com
Made by: Ifact

Why ecBuilder?
 ecBuilder is a software package by MultiActive Software, Inc.,
that is designated for step by step creation
of fully functional E-business sites from scratch
 It is designed to provide E-business solutions
for small and medium businesses
 It is intuitive and has a quick learning curve
 It hides most of the hard work from you,
so you need not bother thinking
how it is realized or how does it work
 The price of this package = 495$ (1.1.2000.),
and it has no additional hardware or software demands
Made by: Ifact

What you need to start using
ecBuilder?
 Registered version of ecBuilder
(look at http://www.ecbuilder.com
for further information on acquiring and registering it)
 Webspace account with your local ISP
 In order to accept credit cards online
you must already have a merchant status account
with the credit card company and/or your bank
 You will also need to be able
to process these credit card transactions
 You must choose a third-party payment processor
to process credit card payment requests
 You should obtain a digital signature certificate
Made by: Ifact

Introduction to ecBuilder
 As said before - it is designed for small
to medium sized businesses
 Requires only basic HTML and Web design knowledge
 Provides all the necessary elements
every E-business site must have.
 Shopping basket, subtotal calculating,
and similar features are realized
through embedded JavaScript
(no direct access to user memory or hard disks)
and Cookie technologies
(to memorize a data structure on the user’s hard disk)
 All shopping basket related data are stored with the user
(not at the server, which is one of the two options of SSCE)
 With user - easier to develop; with server - more reliable!
Made by: Ifact

Introduction to ecBuilder
 Credit Card payment
 Bought goods reports
 Most important:
Security issues are provided
via a special ecBuilder's server (ecPlace)
 ecPlace server is independent from your site and your ISP,
and it is maintained by MultiActive company
 You don't have to worry about installing it
and providing maintenance for it.
Made by: Ifact

Payment processing
 ecBuilder provides full support for online credit card processing
 Credit card paying process is security sensitive
 The merchant (you) takes care of delivering the bought goods
 ecPlace takes care of CC payment processing
(3) Customer enters Credit card number

SSL
(2) Shopping List encrypted (4) Payment request submitted

with Public Key Technology via secure connection
Customer (1) Makes Shopping List Your ecPlace Payment
Site Server Processor
(5) Transaction
(6) Encrypted eMail with results result
(7) eMail with results
Made by: Ifact

Inside ecBuilder
 ecBuilder providesa built-in wizard

for generating boiler-plate HTML (the HTML skeleton)
and JavaScript code for your E-business site
 There are dozens of built-in templates
for you to choose from
 ecOrderDesk is an accompanying software that is used for
processing orders, bookkeeping, and as a POS terminal
 When published, URL to Your E-business site will appear on
ecPlace`s index of business Web sites,
under appropriate industry category
(http://www.ecPlace.com)
Made by: Ifact

ecBuilder Wizard
 ecBuilder`s Wizard is the only way

to create your E-business site using ecBuilder
 Before beginning to work with Wizard,
you must first make one of the four choices
concerning your site
 The choices are:
• Create a new ecBuilder file
• Look for an existing ecBuilder file
• Open an example ecBuilder file
• Open my last ecBuilder file
Made by: Ifact

ecBuilder Wizard
Made by: Ifact

ecBuilder First step : Site Structure
 ecBuilder will generate several HTML pages,

and will correctly hyperlink them
 In this step you should choose
which additional pages your site will contain
 The choices are:
• Content Pages
• Your Products or Services Catalog
• Feedback Form
• Contact Information Page
Made by: Ifact

ecBuilder First step : Site Structure
 Basically, you should include all of these pages,
as they are required on any serious eBusiness site
 Depending on the pages you checked to be generated,
the number of steps the wizard guides you through may vary
 Choose a title for any of the pages you checked above
 If you want to show your address and phone number on the site,
check the 'Display your address and phone number on Your site'
checkbox at the bottom of the screen
Made by: Ifact

ecBuilder First step: Site Structure
Made by: Ifact

ecBuilder Second step - Company Address
 In this step you are asked to enter
more detailed information on your company
 Fields marked with an asterisk ("*") are required fields,
and you must enter them in order to proceed to the next step
 This information is used by ecBuilder
to create your eBusiness site, and
will appear on appropriate places in it
Made by: Ifact

ecBuilder Second step - Company Address
Made by: Ifact

ecBuilder Third step - Site Builder Profile
 The person building your site may not be the one
you want to receive orders and inquires generated from your site
 This profile is the profile of the person
that is responsible for MAINTAINING your site
(it is not necessarily the person
responsible for handling orders, etc.)
 MultiActive Software inc. will use this information
to send all the info regarding new upgrades,
options, and similar.
Made by: Ifact

ecBuilder Third step - Site Builder Profile
Made by: Ifact

ecBuilder Fourth step - Contact Person
Profile
 This is the profile of the person

that is responsible for HANDLING ORDERS and inquiries
 If this person is the same as the person
that is building your site,
check the 'Same as Builder's Profile' checkbox.
 If you want the name and the position of this person
to appear on the Contact Page,
check the appropriate checkbox at the bottom of the screen
Made by: Ifact

ecBuilder Fourth step - Contact Person
Profile
Made by: Ifact

ecBuilder Fifth step - Business Classification
 This step asks You to choose categories
that best describe your business
 Also enter manually up to 30 keywords
to describe it in more details
 The categories are used to place Your eBusiness site
under the right industry in the
ecPlace`s eBusiness sites list
 Keywords are used when your site is submitted to search engines
Made by: Ifact

ecBuilder Fifth step - Business Classification
Made by: Ifact

ecBuilder Sixth step - Company Identity
 In this step you are prompted
to enter your company’s Logo,
Slogan, and Brief Description
 Company Logo is a .JPG or .GIF picture

that will appear throughout your site
 Company Slogan is a tag line
that will appear on the top of the first page
on Your E-business site
 It should be one of the first things
that visitors to your site (and potential customers) see
Made by: Ifact

 It should convince the customer
to stay and browse through your site
 Brief Company Description is a summary
that is used when your site is submitted
to the search engines
 It will appear as a short description of your site
when its URL is shown
by the respective Search Engine
Made by: Ifact

Made by: Ifact

ecBuilder Seventh step - Web Site Content
 By checking the 'Content Pages' checkbox in Step One,
you caused ecBuilder to generate a page
with the default title 'background'
 A link to that page can be found
on the main page of the site
 This 'background' page contains
up to 100 links to other pages
of your choice and content,
which are also generated by ecBuilder
 You may use this option to add anything
you find relevant to your eBusiness,
or the site in general.
Made by: Ifact

 Visitors may browse through these pages
by choosing the 'Background' link
 'Background' is the default title which can be changed
 Button controls on the Seventh Step splash screen
allow you to add, modify, or delete the content pages
that will show up on 'Background’
as well as their headlines and content.
 Headline is the name of the link

which will appear on the link list
of the 'Background' page
 Content is the text that will appear
when Customer chooses one of the Headline links
on the 'Background' page
Made by: Ifact

Made by: Ifact

ecBuilder Eighth step - Payment Methods
 This is the step where you specify
whether you accept the credit card payment,
as well as the names of the cards you accept
 You may also specify other payment methods
(money order, check, etc.)
 You also specify the currency
in which the prices on your site are specified
 In order to accept credit cards online,
you must already have a merchant account
with a credit card company and/or your bank
Made by: Ifact

ecBuilder Eighth step - Payment Methods
Made by: Ifact

ecBuilder Ninth step - Online Processing
Other Merchant Sites
Bank
Bank
Consumer Online
Merchant
Internet Site
ecPlace Transaction
Server Bank
Bank
Consumer
Consumer issuing and

acquiring
Other Merchant Sites Private Gateway banks
 The ecBuilder adds one more stage

into the generalized e-Business pipeline: The ecPlace
 It is a ready-to-use interface to OTP;
you do not have to create your own one inside the Merchant Site
 Private Gateway = SSL or VPN or anything else to provide security
Made by: Ifact

 Here you must select the third party
online transaction processing (OTP) company you intend to use
 As of this moment,
ecBuilder supports E-xact and InternetSecure
transaction processing companies;
the ecPlace is nothing else but software to interact with the OTP
 After you have obtained a merchant account,
you must obtain a separate account
with one of the supported OTP companies
 Go to http://www.ecbuilder.com/client/merchantaccount
for more info on obtaining an account
with an online transaction processing company
 Remember: OTP = TGP (transaction gateway provider)
Made by: Ifact

 After applying to one of these transaction processing companies,
you will have to enter into the ecPlace (via the Wizard step 9)
the info that OTP sent to you (so ecPlace can work in your name):
ID, password, etc.. (depending on the company),
by selecting the settings button and by following the instructions
 If you haven`t applied to any transaction processing companies,
but you want to create a beta version of the site,
choose [NONE]
in the transaction processing companies drop-down box
 That will allow you to go on with creating your site,
leaving you the possibility to return to this step later
and to finish the process
of supplying your site with the online payment option.
Made by: Ifact

Made by: Ifact

ecBuilder Tenth step - Catalog
 Here you will make the catalogue
of the items/services/goods you are offering
for sale on your E-business site
 On the left side of the splash screen (screen w/ Wizard questions)
there is a box with Catalog Sections
 On the right side is the box
with the corresponding section's items
 Sections will appear as links on the 'Catalog' page,

which is generated automatically
if you've selected 'Your Products or Services Catalog’
checkbox in the First Step
 Items will appear as links
on the corresponding section page.
Made by: Ifact

Made by: Ifact

 Each items page may contain all the info
about the item you want
 It will also contain customer interface
that allows the Customer
– to add the item to his/her Shopping Basket
– to buy that item right away
– to make inquiries about it, etc.
depending on the choices you make in this step
 If you select one section in the Catalog Sections box,
and press the 'Modify' button,
the Catalog Section dialog box will appear.
Made by: Ifact

Made by: Ifact

 In this dialog box, you must choose Business Template,
which will be used for your catalog
 Depending on the template you selected,
the layout of the Web page may change,
as well as the choices you may make
in the next steps and in the dialog boxes
 You must also select one Catalog Section Title
out of the available ones, or enter your own title
 This title will appear as a link
to respective catalogue section page
on the main catalogue page
Made by: Ifact

 You may choose that all of the items/services
in this section are on a discount,
and enter appropriate Description for that Discount
 Finally, you may enter Description for a Catalog section
(which will appear below title of the section),
as well as the Catalog section image
(which will appear left of the section title)
 You may choose to show the preview images
of your items on the Catalog index page
Made by: Ifact

 If you select one item in the Catalog Items,
and press the 'Modify' button,
the Item dialog box will appear
 This box allows you to customize
the way in which the item is presented
to the customer on your site
 You may enter Item/Service name,
its model, description, Item's image, etc.
 You may also enter two bulleted lists
with up to 20 bullets
that describe features of your item, etc.
Made by: Ifact

Made by: Ifact

 Item dialog box also allows you to enter
detailed data on every item, like:
– its weight
– dimensions
– available sizes
– keywords for search engines
– etc.
Made by: Ifact

 Pricing options are also available here:
– Regular price item
– Promotional Item
– No Price Item (Inquiry)
– In which units
the price is applied
(per item, per liter, etc.)
– Whether this item can be
purchased online
– and similar
Made by: Ifact

 Finally, you may configure taxes
that are applied to this item,
depending on the means of the shipping,
residence of the Customer, etc.
Made by: Ifact

ecBuilder Eleventh step - Advertising &
Statistics
 This Step gives you three options to select:
– Top Page Banner
– Bottom Page Banner
– Hit Counter
 Banners are used primarily for link exchange
between sites of similar interest
in order to boost up hit ratios,
and for some additional cash source
(pay per clickthrough banners, for example): e.g., 1cent/click
 Hit counters are used for tracking
visitor statistics for your site,
which can be useful when planning
your future market strategy
Made by: Ifact

Statistics
 Banners (Top and Bottom) can be placed

on your site in one of the two ways:
– You may choose the banner image

and the URL link it points to, by yourself
– You may cut and paste the already generated HTML code.
This will happen if you enlist with some
banner exchange service,
which will provide you with the HTML code
that you should install on your site
 LinkExchange at http://www.linkexchange.com
is one example of banner exchange services
(bringing business to each other).
Made by: Ifact

Statistics
 Hit counter is installed by

pasting appropriate code into the text box
 Counter code may be generated
for you by some of the free counter services,
or it may be your ISP's default counter code,
which you should obtain from your ISP's support service
 TheCounter at http://www.thecounter.com is one of the providers
that offers you the tracking services for “free”
Made by: Ifact

Statistics
Made by: Ifact

ecBuilder Twelfth step - Order & Inquiry Fields
 Order and Inquiry Fields are supplemental information
you may want to hear from your customers, for example:
– how often do you buy on-line?
– How did you hear about us?
– etc.
 These pieces of information are usually intended
for market surveys and market analysis,
which in turn should be used to improve
the way your site and business work
Made by: Ifact

ecBuilder Twelfth step - Order & Inquiry Fields
Made by: Ifact

ecBuilder Thirteenth step - Site Design &
Preview
 In this Step you must choose

one of the presented templates and color schemes,
from which ecBuilder will generate your E-business site
 These are the last ones of the necessary pieces of information

ecBuilder needs to make a fully functional site
 You may check how your site looks like
by pressing the 'Preview' button
 Your site will be generated,
and shown via the ecBuilder's browser
(you may choose another browser,
like Netscape or MSIE for showing preview version)
 You can always return back to this step,
and choose a different template.
Made by: Ifact

Preview
Made by: Ifact

Preview
Made by: Ifact

ecBuilder Fourteenth step - Security Options
 This Step is used to obtain and set up a digital certificate
(if you didn't have one by now)
 You are required to have a digital certificate
if you choose to use any of the payment gateway options
 Digital certificate can be obtained
by pressing the 'Security Configuration' button,
and then by pressing the "Get a New Digital ID" button
 When the certificate is obtained,
check the "Use digital-based security" check-box,
and follow instructions
 Basically, you just get it and then you pass it to your ISP,
to use it for SSL transfers related to your site.
Made by: Ifact

ecBuilder Fourteenth step - Security Options
Made by: Ifact

ecBuilder Fourteenth step - Description
Made by: Ifact

ecBuilder Fifteenth step - Search Engines
 ecBuilder can submit your new site
to eight (as of ‘this’ moment) search engines,
to make sure your E-business site is easy to be found
 The data and keywords you entered in previous steps
will be used in the submit process
 You may visit an independent Submit-It service provider at:
http://www.submit-it.com
 For a small fee they will submit your site
to hundreds of search engines
Made by: Ifact

ecBuilder Fifteenth step - Search Engines
Made by: Ifact

ecBuilder Sixteenth step - Upload Your Site
 This is the final Step,
which offers you to upload your site
to your Webspace, or to save it on your hard disk
 If you choose to FTP your site from ecBuilder,
choose the 'FTP to your existing ISP' radio button,
press the 'Submit' button,
and follow the instructions
 If you choose to save your site on the local disk,
you must FTP it manually to your ISP
by using any FTP client
Made by: Ifact

Made by: Ifact

Made by: Ifact

ecBuilder Menu bar commands (1)
 ecBuilder also has a large number of Menu bar commands
 There are 4 basic menus: File; Edit; Go; Help
 Most of the options in the File menu
are standard File menu options,
or shortcuts for the options of ecBuilder`s wizard
 The only option that deserves further explanations here is 'Catalog
Import and Export'
 The 'Catalog Import and Export' option
allows you to import the item list directly
from the .CSV (Comma Separated Values) file
(offered items separated by commas)
 This is a very useful option
if you plan to sell hundreds of types of items
 Entering these items manually is a painstaking job,
which must produce lots of errors
Made by: Ifact

 If you have many items you want to sell,
you probably have them in some kind of a database
 Exporting this database to a .CSV file should be an easy task
 The easiest way should be
importing your database to Excell,
and then exporting it from Excell to the .CSV format:
apples, $4, yellow
oranges, $5, red
 In ecBuilder, when you choose the .CSV file
from which you are importing a list of items,
you will be prompted to choose the Business Type
(e.g., type, price, description, as specified above)
that best-matches the data model in your external file,
and the section (in the catalogue) you are importing it into
Made by: Ifact

 After selecting whether you are appending the existing list
or updating the existing list (substitute of old with new),
you will be presented with the datasheet view
of the selected .CSV file,
and the option to specify the purpose of each column in that file
 Typically, you select the most suitable Business Type option,
and then you fine-tune it manually.
 When you're done with mapping,
you will be prompted whether you want
to create new sections
 You will also be asked whether you want
to save the mapping scheme for future importing
of the item list of the same format
 When you click finish,
items will be automatically added
into the correct sections
Made by: Ifact

 Selecting the best-matching Business Type template
Made by: Ifact

 Eliminating the non-needed columns
from the selected Business Type template
Made by: Ifact

 Presenting the results in the “Datasheet View” form
Made by: Ifact

 The File Menu is “business as usual”
(New, Open, Close, Save, etc…)
 The Edit Menu provides you with two important options:
to set up Tax Types and Shipping Methods
(these options are in fact shortcuts
to the same options in 'Step Ten - Catalog')
 The Go Menu lists all 16 Steps,
allowing you to jump directly
to any step you want
(you do not have to click “next, next, next…”)
 The Help Menu gives you help on ecBuilder`s
user interface and functionality
Made by: Ifact

ecOrderDesk
 The ecOrderDesk application
allows you to track and manage
the orders you receive from
your ecBuilder Web site
 Visitors to your Web site can
complete an online form to
inquire about your products and
services, or to order something
from you
 The data from this form,
such as name, address,
credit card numbers,
and so on, is encrypted,
compressed, encoded,
and sent to you
as e-mail attachments
Made by: Ifact

ecOrderDesk
 When you receive these orders or inquiries,
you can decode and work with them using ecOrderDesk
 You can use this same application
to enter and manage orders and inquiries
that come to you by telephone, mail, or other methods
 ecOrderDesk allows you to track the status
of your inquiries and orders—
whether your customers have received a response
or had their order been shipped, etc...
Made by: Ifact

ecOrderDesk
 It also lets you mark specific orders or inquiries as urgent,
ignore inquiries without deleting them,
and track shipping and payment status for your orders
 ecOrderDesk lets you export order and inquiry data
for use with your company’s accounting, report-creation,
order fulfillment, or contact management programs
 ecOrderDesk supports three types of records:
– orders
– item inquiries
– general inquiries
Made by: Ifact

ecOrderDesk
 The “Datasheet View” of the purchasing workflow
Made by: Ifact

ecOrderDesk
 Order
– An actual purchase request by a shopper from your Web site
– An order may include one or more catalog items
 Item Inquiries
– A request for information about a specific catalogue item
by a shopper from your web site
– An Item Inquiry is not a purchase request
– It is possible to convert an Item Inquiry to an Order
 General Inquiry
– A request for general information
about your company or anything else
– General Inquiry is not linked to a specific catalog item
Made by: Ifact

ecOrderDesk
 The email attachment
specifying the contents of a shopping cart is an encrypted file
 Importing that file into ecOrderDesk is done
using one of these two methods (decryption done automaticaly):
– Double-click on the attachment file in the e-mail message
to open it in ecOrderDesk (the attachment file will be
in Multiactive ecOrderDesk (MEC) format); or
– Save the attachment file onto your hard drive;
if ecBuilder is not installed on the computer
where you receive your e-mail,
save the MEC attachment file to a diskette
and copy it onto the computer where ecBuilder is installed
– Open ecOrderDesk, and choose ‘File > Import’.
Then browse to the MEC file on your hard drive
Made by: Ifact

ecOrderDesk
 All three types of records (O,II, or GI)
can be inserted and modified manually
 Records are rich with details about order or inquiry
 Sorting records is possible by any column
 Records could be edited, deleted, filtered, sorted...
 A selective report for printing also exists
 Records can be exported to three file types:
– .mec (ecOrderDesk format)
– .mel (Multiactive Maximizer format)
– .csv (comma separated file - Excell, Lotus 1-2-3)
 It is possible to archive records,
and to restore them if necessary
Made by: Ifact

ecOrderDesk
 Yes, the order/inquiry form is rich in details
Made by: Ifact

ecBuilder Conclusion
 ecBuilder is a powerful and a very cost-effective tool
 The amount of time and other resources
you must invest in mastering the more advanced technologies
(such as Microsoft Site Server, etc.)
greatly surpasses the time and resources
needed to learn and use ecBuilder
 ecBuilder also provides basically all the functionality
you need for and from an eBusiness site,
with very few drawbacks
 Having in mind all this,
as well as the relative small price of this package,
ecBuilder is probably the best choice for medium businesses
(all except the smallest and the biggest eBusiness companies)
Made by: Ifact

SSL (Secure Socket Layer)
SSL Basics
 Protection of critical data during transfer
from customer’s browser to the merchant server
 Most sensitive information are credit card numbers
and any other payment related information
 Ideally, transaction should be as secured as in the real world,
where customer and merchant interact directly
without the possibility of third person involvement
Made by: Ifact

Jeopardy of Critical Information
 On the Internet,
when customer types in his/hers credit card number
and initiates a payment procedure, data have to propagate
through the net, to get to the merchant server
 Actually, customer’s browser sends an HTTP POST message
which is then broken into TCP/IP packets
before sending across the network
 If someone could intercept these packets and read them
he/she would be able to obtain confidential data
Made by: Ifact

The SSL Idea
 SSL is a network software layer that resides
between HTTP (application) and TCP (transport) layers
 Both server and client must have the SSL layer installed,
in order to be able to communicate securely
 This new layer encrypts data in such a manner
that it can only be decrypted by the SSL layer
on the machine data is meant for
 That means,
if client sends encrypted data to the server,
only that server should have the key needed to decrypt the data
Made by: Ifact

The SSL Architecture
 SSL consists of at least 2 levels:
– SSL Handshake Protocol
– SSL Record Layer
 During the connection establishing between client and server,
SSL handshake protocol ensures a negotiation of secret data
needed for calculation of encryption/decryption keys
(master secret data) and MACs (Message Authentication Code)
 SSL record layer uses the agreed secret data
to actually calculate keys and MACs
and uses them for secure transmission of information
across the network
Made by: Ifact

The MAC Mechanism
 Authentication of both client and server messages is performed through the
use of the MAC mechanism
 MAC is a peace of data used to authenticate packets of data
to ensure that they arrive at the destination unchanged
 MACs are calculated with special algorithm applied to the:
– contents of data packets
– size of data packets
– secret data mention earlier
 The MAC, calculated this way, is then added to the data packet
 So, if attacker makes changes to a data packet,
MAC of the new message will be different
from the MAC contained in the message,
and calculation of the new MAC is not possible
without possession of the secret data
 If no MACs included, an attacker can intercept the data packet,
replace it with its own data of the same format,
and the receiver would NOT notice the difference.
Made by: Ifact

Encryption Algorithms: Bird’s View
 Two types of algorithms: Symmetric and Asymmetric
 Both algorithms used in SSL:
- Symmetric by the record layer
- Asymmetric by the handshake protocol
 In steady state, record layer is responsible for online
encryption/decryption, using one secret key (symmetric),
which is the same both on the client and the server sides
 Before that, handshake protocol implements the initial passing
of the public key from the server to the client (asymmetric),
as well as a number of related activities
 At the very beginning (before all above), server obtains
both the public and the secret keys during the certification
(inside the certificate obtained from the trusted source)
Made by: Ifact

Symmetric Algorithms
 Actual encryption is performed
through the use of symmetric encryption algorithms
 The most widely used symmetric algorithm is DES
(Data Encryption Standard)
 Symmetric means that both encryption and decryption
are performed with the same key
 How to make the Symmetric Secret Key known to both
the server and the client? By an asymmetric algorithm!
SSL Encrypts DATA with SSL Decrypts DATA with

SymmetricSecretKey SymmetricSecretKey
Encrypted
S DATA S Receiver
DATA
S S
Sender L L
DATA
Sender Ports Receiver Ports
Socket
Made by: Ifact
Asymmetric Algorithms
 In order to hide the encryption/decryption key
from possible attackers
and still make it known to both server and client,
SSL handshake protocol uses an asymmetric protocol like RSA (Rivest +
Shamir + Adleman, MIT)
 Asymmetric algorithms are based on the concept of secret key and the
corresponding public key
 In general, secure sending of data includes the following steps:
– receiver obtains the public key and the corresponding secret key;
the longer the better!
– receiver publishes the public key (e.g., via the Internet),
and keeps the secret key hidden
– sender obtains the receiver’s public key
and encrypts data with it (the receiver’s public key)
– sender transmits data over the network
– receiver uses his/her secret key to decrypt data
 Intercepted data cannot be decrypted without the secret key
even if attacker knows the public key
Made by: Ifact

Server Certification
 In the e-commerce field,
each and every server is supposed to be certified
 This means that merchant has obtained a certificate
from a well known and reliable institution
 Incorporated in the certificate is a set of RSA keys
(used in asymmetric algorithms).
 This set of keys shall be used during the SSL handshake phase
with the client (initial exchange)
Made by: Ifact

Simplified SSL Handshake Protocol
 We assume that only the server
is certified clientHello
(has obtained a set of RSA
public keys); this is why
‘simplified’ serverHello
 Picture explains communication certificate
between server and client
during the handshake serverKeyExchange
agreement
 Client generates data to be used
for the later-on generation of the clientKeyExchage
symmetric secret key, and finished
passes it to the server, using
the asymmetric algorithm (using
the asymmetric public key finished
obtained from the server)
Made by: Ifact

ClientHello
 With this message, client actually announces its existence!
 Client sends ClientHello message which contains
(among other things) randomly chosen 28 bytes
 Message also contains the list of supported algorithms (by client)
for encryption and optional compression of data. List is sorted
with more secure algorithms placed near the top of the list
(e.g., it announces that it supports DES
with a 128-bit symmetric secret key)
Made by: Ifact

ServerHello
 Server as an answer sends ServerHello message that contains
independently generated random data (similar to ClientHello)
 These random data add one more security level into the system
 Also, message contains a response to the client
with the server’s selection of algorithms from the client’s lists.
Server chooses the first algorithm, from the top of the list,
that he/she supports (the first one is the most reliable)
 As already indicated,
this message is to negotiate the symmetric algorithm to be used
Made by: Ifact

Certificate
 Server sends its certificate to the client (certificate=PublicKeyEtc);
incorporated in the message, the server’s public key is sent.

 Additional data exchanged are the company name, physical
address, contact address, assurances from the trusted party
(that the certificate is not fake)
 After the reception of this message,
client knows the server’s public key
that shall be used in subsequent messages
 Generally speaking,
there exist certificates that are used only as signatures
(with ‘additional data’ specified above)
and do not contain RSA keys.
Made by: Ifact

ServerKeyExchange
 If the previous message did not contain the set of RSA keys, then
this message has to be sent
 Server sends the ServerKeyExchange message
with a temporary public key generated ad hoc
(the secret key is generated at the same time,
but, of course, it is not sent over the network)
Made by: Ifact

ClientKeyExchange (1)
 Unlike the ServerKeyExchange,
this message is exchanged always (essential for the handshake)
 Client randomly generates a 40 bytes long data called
PreMasterSecret (that will turn later into the symmetric secret key)
 Note that it is the Client who generates the symmetric key,
but not in its direct form; instead in the form of PreMasterSecret.
 This PreMasterSecret is used on both sides (Server and Client),
in conjunction with the initially transferred random data,
to form the symmetric encryption/decription key
(using the predefined algorithm)
Made by: Ifact

ClientKeyExchange (2)
 Using the public key, client encrypts PreMasterSecret
and sends it as the EncryptedPreMasterSecret
incorporated into ClienKeyExchange message
 Server accepts the message
and decrypts PreMasterSecret with its secret key
 When both server and client have obtained PreMasterSecret,
they calculate a 40B MasterSecret
(using PreMasterSecret and previously exchanged random data)
 That is in fact the final goal of the SSL handshake protocol
(passing the secret key from client to server)
Made by: Ifact

Finished Messages
 Both client and server now send finished messages
containing parameters derived from the contents
of all previous handshake massages and MasterSecret
(the last derivative on the way to symmetric key)
 This is a protection against attacks (in the procedure so far)
performed by altering handshake messages
 If attacker tampers with handshake messages,
then these parameters
(contained in the message and derived from sent messages)
will differ from the same parameters computed by the receiver
(derived from received messages)
 There is no way for attacker to fake finished messages
without knowing the agreed MasterSecret
 In essence, a CRC is applied to all messages exchanged
in the handshaking process; the resulting checksum is encrypted.
Made by: Ifact

Simplified Handshake: Revisited
Client Server
PublicAsymmKey is transmitted
Client generates to Client Server generates
SecretSymmKey PublicAsymmKey
Crypted SecretSymmKey is
Client crypts transmitted to Server Server decrypts
SecretSymmKey SecretSymmKey using
using PubAsymKey SecretAssymKey
Cheksums are exchanged and

Client generates validated Server generates
master cheksum master cheksum
Client encrypts/decrypts Encrypted connection established Server encrypts/decrypts

DATA with DATA with
SecretSymmKey SecretSymmKey
Made by: Ifact

SSL Record Layer
 After the handshake protocol is successfully completed,
client and server independently compute MACs
and encryption/decryption keys
 Now everything is ready for a safe transmission:
- keys are to prevent abuse
- MACs are to detect abuse
 Record layer first optionally compresses every packet
that needs to be transmitted;
after that, MAC is attached to it,
and then the record layer encrypts it all together
 After reception, receiver first decrypts data, separates MAC,
and makes sure that it is identical to the one calculated earlier
 If everything is OK, receiver decompresses data
(if that is needed), which effectively ends secure transmission.
Made by: Ifact

Microsoft
Site Server Commerce Edition
A Technological Survey
Basic Concepts and Tools
 SSCE enables merchants to build their storefronts
with much more flexibility than with previous tools.
 SSCE comes with the means for integration
with existing information systems and tools
for virtually any part of store development and use
 Based on the ASP technology
which enables the execution of script language programs
on a Web server; the ASP files include HTML tags and script code
 The script code is able to dynamically create the HTML pages
for storefront implementation purposes (and wider);
 The SSCE is a methodology to connect the existing IS
with the newly generated storefront
 SSCE is a kind of ASP extension!
Made by: Ifact

Mentioned tools include:
 Site Builder Wizard is a simple step by step wizard
that simplifies HTML and database connection writing.
It comes with several completed sites as examples
 Dynamic Merchandising is a way for real-time catalog administration
with WWW interface. Included are cross-sell systems
that enable merchants to dynamically generate offer pages
based on customer’s purchasing history
and current contents of his/her shopping basket
 Order processing pipeline (OPP) is a concept
that takes care about background tasks
like gathering information about products catalog,
calculation of prices, taxes calculation…
 It can be integrated with the existing information systems
and its capabilities can be extended by inserting new components.
OPP is the fundamental concept
behind the e-commerce business to consumer (B2C) sites
Made by: Ifact

 Commerce Interchange Pipeline (CIP) is a concept
intended for business to business (B2B) applications.
B2B includes implementation of infrastructure for businesses
to exchange documents and forms of business transactions
through an existing EDI (Electronic data interchange) system;
outside the scope of this tutorial.
 Integration with Microsoft Transaction Server (MTS).
MTS is a sw package that ensures integrity of database operations
by introducing a transaction based interface for database access
 SSCE is based upon the ASP server side script technology
 SSCE also includes Direct Mailer - A simple tool
for personalized TDEM (Target Directed E-mail Marketing)
campaigns based on customers profiles and their affiliations
Made by: Ifact

Basics
 Technically,
any SSCE-built store is based on three key technologies:
ASP, COM (Component Object Model) objects, and OPP
 Pages on a SSCE-created Web site are ASP pages
with a server side script that manipulates a set of COM objects,
usually those coming within the SSCE package.
Script uses these objects to gather information from consumers,
to find or save info with a ODBC/ADO query, and
to process needed tasks through OPP (ADO = ActiveX Data Objects)
Made by: Ifact

OPP Concept
 OPP imitates interaction between customer and merchant
in a typical real-world store
 OPP is actually a name for a set of three pipelines and
each one will be described in full extent
 As any other pipelines,
OPP pipelines also consist of discrete parts called stages
that are executed in a precisely determined sequence
 Each stage contains COM objects that actually do the job
the stage is supposed to perform
 It is clear that information needs to be passed from
one pipeline stage to another
to perform meaningful processing.
This is implemented through use of the OrderForm object
 OrderForm object is a COM object that contains info about: consumer,
shopping basket details, prices,
and additional expenses
Made by: Ifact

Short Description of OPP Stages
 This is about a stage, no matter what pipe it belongs to!
Some of the stages may exist in one, others in two pipelines;
No case when a stage can exist in all three pipes (rule, so far)
 Product Info - Gathers data about products offered to consumers
 Merchant Information - Adds info about merchant to OrderForm
 Shopper Information - Adds info about customer
(one that is currently visiting the site) to the OrderForm
 Order Initialization - Sets initial order data to OrderForm
and makes sure that OrderForm contains a unique ID
of this particular order
 Order Check - Checks whether OrderForm contains
needed information;
for example, is there at least one product that is put into the order
 Item Price - Determines initial price of the order
without any discounts and additional expenses
Made by: Ifact

 Item Adjust Price - For product price adjustment
based on possible discounts
 Order Adjust Price - Discounts based on total amount of order
 Order Subtotal - Calculates price of order before any tax,
shipment and handling expenses are considered
 Shipping - This stage calculates amount of shipping expenses
for the order
 Handling - This stage calculates the amount of handling expenses
for the order

 Tax - Calculates taxes for each item in the order
and the total tax amount for the entire order
Made by: Ifact

 Order Total - Calculates final prices based on previous stages
 Inventory - Makes sure that there are enough ordered products
on the stocks
 Purchase Check - Checks customer’s cc and address information
 Payment - Actually performs financial transaction
 Accept - Finalizing the purchase process
Made by: Ifact

Files That Describe Pipelines
 SSCE organizes data about pipelines in files with .pcf extensions.
These files can be created with SSCE Pipeline Editor
 In .pcf files SSCE keeps info about stages and objects
corresponding to these stages
 SSCE comes with the three templates for .pcf files.
Template files come with the .pct extension
Made by: Ifact

The Three Pipeline Types
 Three Pipeline types included in the SSCE package are:
– Product pipeline with 5 predefined stages
– Plan pipeline with 14 predefined stages
– Payment pipeline with 3 predefined stages
 Some pipeline stages include COM objects
responsible for execution of the stage-related functions
 These COM objects are represented graphically as valves
Made by: Ifact

Product Template
 This is the template for the first of the three pipelines
 Product.pct - this template is used for price and discount calculation
for individual products. Usually application uses this pipeline
on product.asp page to obtain general information
and the price for each offered product
 Stages in the product pipeline usually include :
Product Info, Shopper Info, Item Price, Item Adjust Price, and Inventory
Made by: Ifact

Plan Template
 Plan.pct - This template is for pipeline
which is supposed to calculate the final price of the order.
Usually, pipeline is used to create the final report for the customer
with the facility to finalize the payment process
or to drop from the purchase all together
 Stages in the plan pipeline usually include: Product Info, Merchant
Info, Shopper Info, Order Initialization, Order Check, Item Price, Item
Adjust Price, Order Adjust Price, Order Subtotal, Shipping, Tax, Order
Total, and Inventory
Made by: Ifact

Purchase Template
 Purchase.pct - This template is for pipelines that check
payment information, perform financial transaction,
and save order information into the database
 This type of pipeline usually receives OrderForm
that has already propagated through the plan pipeline.
Actually, this pipeline only completes the payment process
initiated in the plan pipeline
 This type of pipeline usually consists of the following stages:
Purchase Check, Payment, and Accept
Made by: Ifact

Pipeline Editor
 Pipeline Editor is a visual tool

for creating pipeline files (.pcf).
Pipeline is graphically presented
as a vertical pipe broken into
sections representing stages
 Every horizontal section (valve)
represents an OPP COM object
in the corresponding stage
 This software enables user to
add and configure OPP objects.
Also, user can create or remove
stages from the pipeline.
Made by: Ifact

MTS and OPP
 OPP supports full Microsoft Transaction Server integration.
Actually there are two versions of objects
that encapsulate pipeline during execution.
Those are MtsPipeline and MtsTxPipeline objects.
 The only difference is that MtsTxPipeline runs in cooperation
with MTS, ensuring data integrity.
Usually, merchant runs the Purchase pipeline
with the MtsTxPipeline object
 After instancing one of the above object,
by calling the LoadPipe method,
the desired .pcf file gets loaded,
and the Execute method starts the pipeline execution
Made by: Ifact

OrderForm as a Dictionary Object
 OrderForm is a so-called dictionary object.
This type of objects are unique by the fact that
users can dynamically add properties (name/value pairs) to them
 Name/value pairs have references and values
just like any other object property,
except that they can be dynamically added
with a simple assignment command like:
Object.name_of_name/value_pair = value_of_name/value_pair
 If an object does not contain a property with this name,
a new property (name/value pair) will be created
and a value will be assigned to it.
If it does exist,
then the above call will be considered to be a normal reference
and a value will be assigned to the existing property
Made by: Ifact

OrderForm:
 This object should contain all information necessary
for order completion
 This is NOT an object that helps implement functionality of a stage;
this is an object that propagates through all 3 pipelines!
This object maintains the context of the order processing
 Generally it consists of data needed for payment and shipment,
along with the collection of objects representing items
that customer wishes to buy.
 Item is, in this terminology, a set of products of the same type,
that a customer chooses on the merchant’s site
 Usually, customer chooses a product
and then specifies the desired quantity he/she wishes to buy
 Also OrderForm contains two object collections (‘sub-objects’) used
by pipelines to report errors encountered during order processing
Made by: Ifact

Properties
 Every ‘item’ object

has fields for
calculating the price
and the additional
expenses tied to that
‘item’
 The ‘items’ is an
object implemented
as a collection of
‘item’ objects
 Each ‘item’ includes
no methods (only
data)
Made by: Ifact

Adding New Info to OrderForm
 This ‘adding’ is related to an on-going purchase
 During pipeline processing,
additional information (new fields; new name-value pairs)
is usually added to the OrderForm object
 A typical example is the Product Info Pipeline stage
that gathers product information usually by database query
 Example:
SELECT * FROM products WHERE SKU=OrderForm.Item[1].SKU
 Description:
This SQL query (in the PI pipeline stage) is executed for each item
(specified with a different product code/identifier SKU);
For every column of the query result,
COM object in this stage creates a new property (field; name-value) in the
OrderForm object, like _product_columnName
and stores the value obtained from the query in it.
 Many of these properties are predefined
(like _product_name for example).
Those that are not, are automatically created.
Made by: Ifact

Pipeline Types and Stage Functions
 As already mentioned,
a SSCE pipeline is a series of COM objects
executed in a predefined order
 These objects are grouped in pipeline stages.
Every stage is a logical macro step and is meant for certain function.
Usually, a stage has an ability to check (at the end of its execution)
whether the function, stage is meant for, is actually performed
 This is done before execution control is transferred
to the next pipeline stage
Made by: Ifact

“Branching”
 Branching does not exist directly; only indirectly,

using the ‘null data field’ mechanism
 Pipeline stages and components in those stages are executed
sequentially according to the predefined order specified in
pipeline editor. One form of branching simulation can be
achieved by the following mechanism
 The idea is to write components (many built-in ones are of this type)
that first checks to see if fields they are supposed to set are null.
If they are not, components perform their function,
otherwise they do nothing. This enables, for instance,
to calculate different shipping fees
for different shipping methods and destinations
Made by: Ifact

Product Pipeline
 Aim of this type of pipeline is
to gather information about
products, and shows it on the
product.asp page
 This page shows info on the
products offered for sale
 This stage, among other
things, is used for a
preliminary single item price
determination
Made by: Ifact

Product Info Stage (#1)
 Minimal requirements for this stage is that it must,
for each Item in Items collection,
copy info from the product database to the required fields
 Additional components in this stage should be used
for retrieval and/or calculation of non predefined data
such as product weight needed
as a basis for shipment cost calculation
 At the end of stage execution, a check is performed to see
if required data are retrieved for all Items
Made by: Ifact

Shopper Information (#2)
 This stage writes information (to OrderForm) about the customer;
if the related field already exists - just fill in;
if no - create!
 This is useful if a customer database is to be built
 This is usually done to enable creation of special discounts
for particular groups of customers
 This stage is not required
and no checking is performed at the end
Made by: Ifact

Item Price (#3)
 Goal of this stage is to determine the regular price
(without any discounts and additional expenses) for every Item,
and to put it into the OrderForm object.
 This value is written to the field called
_iadjust_regularprice
 At the end of this stage, checking is performed to see if all
_iadjust_regularprice fields are set
Made by: Ifact

Item Adjust Price (#4)
 This stage calculates all possible discounts
and comes up with a new price value
when all these discounts are applied to the price
obtained in the previous stage
 Result is written to _iadjust_currentprice for each item
 At the end, stage checks if all _iadjust_currentprice values are set
Made by: Ifact

Inventory (#5)
 This is the last stage in the product pipeline
and it is used to check if the required amount of products
is present on stocks (in the inventory)
 If not enough products are present for a particular Item,
component sets _inventory_backorder for that Item
 No checking is performed at the end of this stage
Made by: Ifact

Plan Pipeline
 Plan pipeline is a
superset of the
Product pipeline
 It is used for
complete price
calculation based on
various parameters
 What follows is only
the NEW stages, not
mentioned before, in
the product pipeline
Made by: Ifact

Merchant Information
 Used for setting data about merchant in OrderForm
 This is an optional stage and no checking is performed at the end
Made by: Ifact

Order Initialization
 This stage initializes order information
while checking that correct product quantity is set
for each item (Item[n].Quantity)
 At the end of the stage,
a built-in checking system sets the order ID,
if it is not already set,
creates _oadjust_adjustedprice for each item
as well as deletes some fields
that need to be reset when the pipeline execution commences
Made by: Ifact

Order Check
 Verifies that the order can be processed. This means that
stage adds error message to OrderForm
if the order does not contain at least one item
 Any additional component in this stage should check
order validity based on possible specific criteria
and maybe make some corrections
that will allow further pipeline processing
Made by: Ifact

Order Adjust Price
 This stage calculates additional discount
based on the order as a whole
 This enables, for instance, discounts for orders
that are above some predefined amount
 This is for ‘buy 6, pay 5, scenarios’
Made by: Ifact

Order Subtotal
 Final order price before any shipping, handling, and
tax expenses should be set here
 This is done by summing up all _oadjust_adjustedprice
values and storing result in _oadjust_subtotal
 Reason for this calculation is that this value is needed
for additional calculation in the next stages
that are based on the total price of the order
and not on the price of a particular items
 Additionally, this value is presented as a final price
on a page where contents of customer’s basket is shown
because shipping address is not yet known,
so shipping and taxes fees cannot be calculated yet
Made by: Ifact

Shipping
 Calculates shipping fees that should be incorporated
in the final price
 This value should be written in _shipping_total field
which is checked at the end of the stage execution
Made by: Ifact

Handling
 Similarly calculates the handling fee and stores it in the
_handling_total field
Made by: Ifact

Tax
 Last stage before final price calculation
 Components in this stage should always set _tax_total field
and _tax_included field
which denounces part of the previously calculated prices
as the already included tax
 Although this is not checked at the end of the stage execution,
components should set tax fee value for each item
in order to simplify later book-keeping process
Made by: Ifact

Order Total
 Calculates FINAL price by summing values calculated in Tax,
Shipping, Handling, and Order Subtotal stages
 Final price is stored in OrderForm._total_total.
This field is checked at the end of this stage execution
Made by: Ifact

Purchase Pipeline
 This type of pipeline accepts
the OrderForm object already
processed through the Plan
pipeline and completes the
order processing by
performing financial
transaction
 This pipeline, among other
things, performs the cc
authorization and completes
the purchase
Made by: Ifact

Purchase Check
 This stage is often used for verification
if OrderForm is ready for order completion.
OrderForm must have _total_total value set along
with the all necessary payment processing information
 No checks are performed at the end of this stage
Made by: Ifact

Payment
 This stage should perform the actual financial transactions
 The goal is to accept or reject the purchase
by performing cc authorization.
 This stage must set _payment_auth_code
which represents ID of the particular transaction,
as well as an indication that the transaction has been completed
successfully
Made by: Ifact

Accept
 This last stage in the purchase pipeline performs activities
like updating inventory information, storing order data,
sending e-mail confirmation to customers (electronic bill), etc.
 This is an optional stage without any checking at the end
 SSCE provides components for automatic OrderForm
database storing
Made by: Ifact

The OPP COM Components
Included in SSCE (‘Valves’)
Scriptor Component
 This is the only built-in component that is not meant for
particular stage
 Scriptor component allows SSCE users to implement
virtually any function without writing new COM OPP objects in
Visual C++ or VB
 This component works by executing script associated with it.
Any Windows Scripting Host script language can be used
(VBScript, JavaScript...)
 Since programmer can use any additional functionality
in the script by instancing ActiveX objects, there are
virtually no limitations for use of scriptor component
Made by: Ifact

QueryProdInfoADO
 QueryProdInfoADO is the only component that comes with the
SSCE that is meant to work in Product Information stage
 This component queries product database for each Item
 Query is specified either as a value of a field “Query” or as
a part QueryMap object that encapsulates collection of all
queries used in application. This object is usually instanced
in global.asa file, so that is visible for all parts of the application.
Made by: Ifact

QueryProdInfoADO
 Also there is a “Connection String” field that contains
specification of ODBC accessed database and field
“Parameter List” that specifies parameters used for
each Item in the Query
 Component executes query for each item like this:
– SELECT * from Product where SKU=‘?’ and name like ‘%?%’
– with parameter list like this: Item.SKU Item.Name
 For each Item question marks will be replaced with
the value from the parameter list for that item.
Every column from the resulting recordset will be
stored in OrderForm
Made by: Ifact

DefaultShopperInfo
 This component is used in ShopperInformation stage
 It is copying data from Shopper object to OrderForm
 Shopper object is another predefined dictionary object
that application uses to store customer data.
This data is usually obtained through customer
registration on the site
 ShopperInformation creates fields in OrderForm like:
OrderForm._shopper_*
where * represents names of shopper object’s properties
Made by: Ifact

RequiredOrderInit
 The only component in SSCE for Order Initialization stage is
RequiredOrderInit. Instance of this component is
automatically created and placed as a part of
checking logic at the end of this stage
 This component (among other things) does the following:
– if OrderForm.order_ID = null, creates new unique order ID
– sets following values to null: _total_total, _oadjust_adjustedprice,
_oadjust_subtotal, _shipping_total, _tax_total, _handling_total,
_tax_included i _payment_auth_code
Made by: Ifact

RequiredOrderCheck
 This component similarly to previous is part of checking logic
and is always present
 It simply checks if there is at least one item in Items collection.
If there are no items, component adds error message in the
_purchase_errors collection of the OrderForm object
 This error stops the pipeline execution
Made by: Ifact

DefaultItemPrice
 This component simply copies values from
Item._product_list_price to Item._iadjust_regularprice for
each item
 Fields _product_list_price must be present for each item.
These values were set in Product Information stage by
QueryProdInfoADO component. This means that
product database must have _list_price column where
product prices are stored
 Offcourse, this can be bypassed with custom scriptor
component that obtains prices, on some different way,
and stores them in the _iadjust_regularprice fields
Made by: Ifact

SaleAdjust
 SaleAdjust component for Item Adjust Price stage checks
whether items (products) are on sale and adjusts prices
accordingly
 This component compares current date with dates set
in the Item._product_sale_start and Item._product_sale_end
fields and if product is on sale copies
Item._product_sale_price to Item._iadjust_currentprice
 This means that as is the case with previous component
QueryProdinfoADO component must provide
mentioned fields from product database
Made by: Ifact

ItemPromo
 This is a more complex version of the previous component.
Needed information is not obtained from the database,
but from component properties
 Component first checks if current date is between values mentioned in the
“Start Date” and “End Date” properties.
If this is the case, the following must be also true for discount
to be applied:
[condition order key][condition operator][condition value]
 “condition order key” ,”condition operator” and
“condition value” are component fields that should contain
values that help determine which products are on sale.
For example, if we want to apply discount only to product
with SKU = 123 then we set properties as follows:
– Condition Order Key: SKU
– Condition Operator: =
– Condition Value: 123
Made by: Ifact

DBOrderPromoADO
 This component for Order Adjust stage should obtain information
about additional discounts on the order level from database
 These pieces of information include the discount applying
conditions
Made by: Ifact

DefaultOrderSubTotal
 This component for Order Subtotal stage simply sums up all
item._oadjust_adjustedprice values and results stores to
OrderForm._oadjust_subtotal field
 Usually, it is not needed to add any more additional components
in this stage
Made by: Ifact

DefaultShipping
 SSCE comes with a number of components that can be
used for shipping fee calculation. Some of them will be
presented here
 Simplest is DefaultShipping component simply stores zero
in OrderForm._shipping_total field
 This component is used when no shipping fee is needed.
Typical example is selling downloadable software
Made by: Ifact

FixedShipping
 When customer buys the goods he/she must notify merchant
about preferred shipping method. Software must set this value
to OrderForm.shipping_method field
 FixedShipping component has “Apply when” property that
defines when to apply value of the field FixedShipping.cost
as the order shipping cost. If “Apply when” has value “Always”
then shipping fee is set without regards to whether
OrderForm.shipping_method is set. If value is
“Has any value” the shipping cost is set if the
OrderForm.shipping_method is not null. And finally if value is
“Equal to method” cost is set only if OrderForm.shipping_method
is equal to FixedShipping.method field value
 Fee is calculated simply by copying FixedShipping.Cost in
OrderForm._shipping_total
Made by: Ifact

TableShippingADO
 This component calculates shipping fees based on information obtained
form a database
 Idea is to have a table that specifies, for example, that for certain type of
transport and for a range of order weight specified amount of money
must be charged
 Table should look like this (SQL script of MSSQL server):
– CREATE TABLE dbo.shipping_costs (
shipping_method varchar (20) NOT NULL ,
min_weight float NOT NULL ,
max_weight float NOT NULL ,
cost int NOT NULL,
PRIMARY KEY (shipping_method,min_weight,max_weight
)
 And will process the following query with actual parameters:
– SELECT cost FROM healthy_shipping_costs WHERE min_weight <= ? AND
max_weight > ? AND shipping_method = ?
Made by: Ifact

Handling Components
 Components in this stage are very similar to components in the
previous stage, so there are DefaultHandling, FixedHandling,
TableHandlingADO and others
 Handling fee is connected with activities such as packing, gift
wrapping, and so on
 Components are analogous to their shipping counterparts, so that
a more detailed description is not needed
Made by: Ifact

Components for Tax Stage
 Tax calculation is a relatively difficult task and components
provided will in most cases be inadequate
 Built-in components calculate taxes according to American,
Japanese, partially Canadian laws, as well as laws of European
Union. For tax calculation in other countries, new components
must be written. Due to the fact that laws were not written for this
type of commercial activity, merchant does not charge any tax
fees to customers abroad. Taxes are only calculated for customers
from the same country, merchant is based in. DefaultTax
component is provided to facilitate this simply by writing zero to
OrderForm._tax_total
 As an example SimpleVATTax component for EU VAT tax
calculation will be presented
Made by: Ifact

SimpleVATTax
 Prerequisite for use of this component is setting field
OrderForm.ship_to_country which is used to determine if this
component should be used. Principle is the same as for FixedShipping
component with “Apply when” field with “Always”, “Has any value” and
Equal to country” possible values
 Tax is calculated independently for each item and is based on tax rate
provided by item.RateItemKey, set usually in Product Information stage.
Problem with this component is that some EU countries charge VAT even
when merchant is selling goods to customers to other EU countries. This
is usually solved by introducing new value for Country field (EU)
 Component calculates and sets item._tax_vat_item field and optionally
item._tax_total and OrderForm._tax_total
 Sometimes, it is necessary to calculate tax on shipping and handling
charges. In these cases new components must be written because those
built in are inadequate
Made by: Ifact

DefaultTotal
 This component simply sumps up values calculated in subtotal,
shipping, handling and tax stages and writes result in
OrderForm._total_total
Made by: Ifact

LocalInventory
 This component is meant to be used in the Inventory stage
to check if there are enough products on the stocks
to meet the order
 Component compares Quantity for each item with
item._product_local_inventory that should contain information
about the remaining number of products of that type on stocks.
This field is usually generated in the Product Information stage
 If the ordered quantity is bigger than that present in the inventory,
difference is written to item._inventory_backorder and the pipeline
is optionally stopped so that customer could be informed that
he/she must wait longer for order delivery
Made by: Ifact

ValidateCCNumber
 This component is the only component provided for the Purchase
Check stage
 First component checks cc expiration date to see if cc is still valid.
Secondly, it runs an algorithm that checks if number typed by
customer can be cc number. Actual existence of that cc is verified
through authorization in the next stage
 If check returns false on any of these two steps
ValidateCCNumber stops pipeline and reports error in
OrderForm._Purchase_errors collection
Made by: Ifact

Components for Payment Stage
 There are really no built-in components for payment stage.
Authorization of credit cards requires services of TGPs that
usually provide their software for this stage
 For instance, E-xact COM objects described in this tutorial can be
used as part of the customary built Scriptor component
 End of stage logic checks to see if
OrderForm._payment_auth_code is set. If cc payment is not
performed online but manually, this stage should contain
DefaultPayment component that simply writes “FAITH” in
OrderForm._payment_auth_code. This is offcourse not
recommended
Made by: Ifact

Components for Accept Stage
 In this last stage, operations like inventory data update, storing
completed order data, and even sending requests to other
companies (suppliers) are processed
 There are many built in components for this stage and as an
example SQLItemADO for inventory update and SaveReceipt for
saving order data shall be described
Made by: Ifact

SQLItemADO
 This component works simply by executing query for each item
with specified parameters
 Typical example would be:
– UPDATE prod_table SET inventory_field = inventory_field - ? WHERE SKU
=?
– With parameter list: Item.Quantity Item.SKU
Made by: Ifact

SaveReceipt
 Saving order data from OrderForm object into the database can be
done after pipeline execution in application ASP script.
Alternative for this approach would be the use of the SaveReceipt
component
 This component uses ReceiptStorage global object that specifies
all needed info about database where data for OrderForm needs to
be stored. The only field of SaveReceipt component - “No save
key prefix” determines prefix for those fields of OrderForm that
should not be saved to database. For example, if value is _CC_
then no sensitive credit card info shall be stored
Made by: Ifact

E-Xact Online Payment
System
E-Xact COM Object
 E-Xact is one of the TGP service providers!
 Of all technologies that can be used for e-commerce site creation
ASP (Active Server Pages) is probably the most popular one
 One of the ways to enable automatic credit card payment
in ASP applications
is implementation of ActiveX COM object
provided by the E-Xact company
Made by: Ifact

Transaction Process
 In order to make possible automatic credit card transactions several
parties must be involved in the process
– Customer with his/her credit card
– Merchant that owns the e-commerce site
– Transaction Gateway Provider
– Financial organization
(merchant must have an account with permission to accept CC payments)
– Credit card issuing company
Made by: Ifact

Insides of the Transaction Process
 Usual e-commerce transaction is performed like this:
– Customer chooses whatever he desires to buy
(usually, information about goods customer wants to buy
is held in some form of shopping cart)
and then goes to a secured page (SSL)
where he/she enters personal, shipping, and payment information
– Mentioned data is then securely transmitted over the net
to the merchant’s server.
By use of software, usually obtained from a TGP company,
merchant relays data to the TGP server which
(usually by simulating standard POS terminal)
performs authorization and capture of credit card transaction
Made by: Ifact

About the Object
 E-Xact provides the COM Object that encapsulates
and hides from merchant the entire process of TGP communication
and the rest of the transaction processing
 Responsibility for the CC abuse is now away from the merchant!
 Object (as OCX file) can be downloaded from the company site
(www.exact.com)
 Before it can be used,
the OCX file has to be registered on the Web server.
 Considering the nature of this object,
it can only be used on servers and with server-side technologies
that support the use of COM objects.
Of course, this means Microsoft Internet Information Server and ASP
(other choices are also possible, but not probable)
Made by: Ifact

Component Server Registration
 Name of the file with the COM ActiveX object is ExactAX1.ocx
 To perform component server registration
– Copy ExactAX1.ocx to
local_drive:\<% winnt_folder %>\system32\inetsrv\components
– Execute (in command prompt)
regsrv32 ExactAX1.ocx
 The above registration is done with the following program:
regsrv32.exe ships with ExactAX1.ocx
Made by: Ifact

Instantiation
 Of course, before usage, the component has to be instantiated
in the standard ASP (VBScript) way
 Example (a line of this kind has to exist in the ASP code):
exactAuth = Server.CreateObject(“ExactAX1.preauthorization98x”)
 This means that we will create an instance of the class
ExactAX1.preauthorization98x
and store it into the variable
exactAuth
using the ASP command
Server.CreatObject
Made by: Ifact

Functioning
 ASP application has to set object’s properties to desired values
and then to call the method that initiates the transaction
 There is a lot of properties of the ExactAX1 object,
so we shall describe the most important ones of them,
along with examples of its practical use
Made by: Ifact

$ Amount and CC Properties
 The fields are set by standard object data assignment command
of the used OO scripting language;
ObjectReference.FieldReference=Value
 OO scripting languages of interest here are
VBScript, JavaScript, and even Perl
 Field amount: This property should contain
the amount of the transaction in US dollars
 Field ccnum: Customer’s credit card number
(VISA, Master Card, and American Express are supported)
 Field cardholder: Name of the customer written on credit card
 Field expiry: Credit card expiry date
Made by: Ifact

Server Properties
 Server related properties also have to be set!
 ddmhip: IP address of the E-Xact (TGP) server
that component needs to communicate to.
Currently, the field ddmhip default value is 204.239.214.212
and it should not be changed (the IP address of the ‘uhrsprung’)
 ddmhport: Port on the above mentioned server.
Default value is 2609.
This is a test port that can be used to test E-Xact functionality.
Credit card authorization will be performed,
but no financial transfer shall be done (test port, isn’t it).
Full functionality is obtained after registration
at the E-Xact transactions LTD.
After registration, the port should be set to 2610
 terminal: An 8 digit number that identifies the merchant.
For test purposes, the following number should be used:
– exactAuth.terminal = “66001047”
Made by: Ifact

Merchant Properties
 merchant: 13 digit number that identifies the merchant account with
the cc payment acceptance permission
 merchantAddress: Physical, real-world address of the merchant
 merchantCity: City in which merchant resides
 merchantEmail: E-mail address by which merchant can be contacted
 merchantPostal: ZIP code
 merchantProvince: State or province
Made by: Ifact

Types of Transactions
 E-Xact system recognizes four types of transactions:
– Purchase represents a standard transaction where money is, immediately after
authorization, transferred to merchant’s account.
This type of transaction is usually utilized when no shipment is needed
(customer just needs to download software or pays for services)
– PreAuthorisationPurchase puts a temporary hold on the money
in the customer’s account, but does not transfer funds to merchant’s account
(not yet). This type of authorization is usually performed
when goods have to be shipped to the customer. When this is completed, field
exactAuth.autnum contains ID of the performed transaction.
– When customer receives merchandise (or when merchant sends it)
new transaction, PreAuthorisationPurchaseCompletion, must be performed
in order to complete the money transfer.
Also, the merchant must specify which transaction needs to be completed
by setting the autnum field with previously obtained ID.
– Refund is a transfer of money from merchant’s to customer’s account.
Made by: Ifact

Commencing a Transaction
 After setting all the required fields,
merchant’s software calls the exactAuth.sendToServer method
that initiates the authorization process.
 In other words, after all fields are set,
we call the SendToServer method to authorize the payment.
Made by: Ifact

E-commerce in Yugoslavia
The E-Bank Online Payment

System
General Info
 E-bank is currently the only company in YU
that acts as a TGP (transaction gateway provider)
for online credit card payment
 E-Bank system currently accepts
only BKB and Visa electron cards of “Beobanka”
Made by: Ifact

Requirements
 In order to be able to accept cc payment
merchant must fulfill the following steps:
– Sign a contract with e-bank. This enables following:
• Merchant on his store now has link “I pay with cc”
that leads to the e-bank SSL server
that accepts payment information and performs authorization.
• Store identification number
• Password for access to database
with info about performed authorizations
– Sign a contract with the card issuing bank
(“Beogradska Banka” for Visa elektron credit card)
Made by: Ifact

Software
 Use of e-bank system requires,
as any other e-commerce payment system,
existence of software that controls the process of buying
and leads to the final bill - HTML with calculated final price.
 Along with the final price, a unique number, transaction identifier,
that merchant and e-bank use for consistently storing information
about one transaction should be added to the transaction.
Unique number is the key for connecting together:
– Merchant store’s info about merchandise
that needs to be delivered to the customer
– Payment information at e-bank databases
Made by: Ifact

Payment Process
 To initiate payment process
customer presses the
button that sends his
browser to SSL protected
payment page on the e-bank
server
 After authorization
completion, customer’s
browser is redirected to the
page specified by the
merchant
 Optionally, merchant gets
e-mail confirmation
concerning the successfully
completed transaction
Made by: Ifact

Security
 This type of payment processing doesn’t require
any additional security measures from the merchant’s store
 Confidential data are only issued
on the 128-bit key SSL-protected e-bank site
 It is important to mention that the level of encryption
also depends on the customer’s browser.
 If the browser is compliant with the USA export laws
encryption will only be performed with 40 bit encryption keys,
without regards to the fact that server supports 128 encryption
Made by: Ifact

Good Behavior
 Merchant is obligated to build his store
in an acceptable e-commerce manner
(i.e., the store must contain the following):
– Complete description of merchandise
– Retail prices
– Conditions of warranty
– Tax, transport and other additional expenses
– Currency in which prices are shown
– Export restrictions
– Contact information: Tel. Fax, email, address
– Country where merchant is physically located
Made by: Ifact

Connecting to e-bank
 Design of the final page,
where the final price and contents of shopping basket are shown
to the customer
along with the mechanism to initiate payment, is not pre arranged
 The only required thing is that page must contain data
that are going to be sent to the e-bank server
so that the payment could be properly initiated
 This info is usually kept in hidden form fields
so that they doesn’t influence appearance of the page
and can be easily sent to E-bank server
using a POST HTTP message
Made by: Ifact

Example on an EUnet YU site
Made by: Ifact

Form
 Click on the button “Uplata karticom” initiates POST message
that sends info contained in the following form
to the SSL e-bank server:
– <form name="PAYMENT" action="https://ssl.e-
bank.co.yu/sz_secure/payment" method="POST">
<input type="hidden" name="service" value="EUnet">
<input type="hidden" name="nextURL"
value="http://www.eunet.yu/online/cc_ok.html">
<input type="hidden" name="errorURL"
value="http://www.eunet.yu/online/cc_bad.html">
<input type="hidden" name="id" value="2335">
<input type="hidden" name="amount" value="72.00">
<input type="hidden" name="cardType" value="BKB">
<input type="hidden" name="fc" value="1">
<input type="button" value=" Uplata karticom "
onClick="javascript:sendPaymentForm();">
</form>
Made by: Ifact

Hidden Form Fields
 When e-bank server gets the POST message,
it relays message to “payment” Java Servlet that uses it
to create a page for accepting the payment information
 Data is sent as hidden form fields:
– Service: merchant ID
– NextUrl and errorUrl specify where e-bank server
should redirect customer’s browser
in the case of successful and unsuccessful authorization.
– ID: transaction identifier
– Amount: final price in Yugoslav dinars
– CardType: specify which cc is customer using
Made by: Ifact

Page Where Customer Types
Payment Info
Made by: Ifact

E-Pin
 E-bank system employs one nonstandard fraud prevention mechanism.
System is password based
 Besides cc number and expiration date system,
customer is required to type in an E-Pin password.
 E-Pin is calculated from standard cc info
and credit card magnetic signature
and is not present on cc in a readable form.
Customer obtains it from his cc issuing bank
 So, even in the case of the stolen cc,
the perpetrator still can not easily perform a fraud purchase
Made by: Ifact

Conclusion
 Currently, by using E-bank system,
merchant can accept payment
only from customers from Yugoslavia
 After E-bank is integrated into the global VISA authorization system,
merchant will be able to sell goods to customers from abroad
 In Yugoslavia, as we speak,
there are about 15 000 BKB and VISA electron credit cards
but only around 30% is active and in regular use
Made by: Ifact

Issues in Modern Management
and Business Administration
The Three Approaches to Business
 Common Sense
 Fast Knowledge
 Formal MBA
Made by: Ifact

Experiences From the MIT
Sloan School of Management
 Growth versus organization (case: NCR)
 Competition on the same levels of hierarchy (case: GreedyAlgo)
 Distributed decision making (case: Fert)
 Filters for partners (case: ChangesAfterContract)
 Filters for staff (case: EthSocAca)
 Mapping of jobs to staff (case: ImpedMatch)
 The MBA/MSM game (case: ElectronicExperience)
Made by: Ifact

The MBA Issues of Importance
 Form
 Essence
 Morale of the Story
Made by: Ifact

Electronic Business On The Internet - Tutorial

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Electronic Business On The Internet - Tutorial

Uploaded by

Copyright:

Available Formats

Authors: Marjan Mihanovic, marjanm@eunet.yu

Made by: Ifact

E-Business - The shape of things to come

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Other Merchant Sites

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact

Made by: Ifact