COMP2113COMP2113Electronic CommerceElectronic Commerce

Richard HensonRichard Henson

University of WorcesterUniversity of Worcester

April 2008April 2008

Week 6: On-line ShoppingWeek 6: On-line Shopping Objectives:Objectives:

Explain the features of B2C systems for Explain the features of B2C systems for handling on-line ordering and paymenthandling on-line ordering and payment

Describe the stages required to achieve an Describe the stages required to achieve an on-line orderon-line order

Identify these stages in a pre-prepared Identify these stages in a pre-prepared simple but effective on-line shopping simple but effective on-line shopping systemsystem

Explain important considerations when Explain important considerations when planning to receive payment on-lineplanning to receive payment on-line

Three stages of buyingThree stages of buying

Whether happening face-face, by mail Whether happening face-face, by mail order, or through the web, the following order, or through the web, the following three stages usually occur:three stages usually occur:customer (usually) looks at goodscustomer (usually) looks at goodsvendor lets customer know total price of vendor lets customer know total price of

goods chosengoods chosencustomer pays for goods (or leaves without customer pays for goods (or leaves without

making a purchase)making a purchase)

Buying on-line from a websiteBuying on-line from a website

All about the website…All about the website… Functionally (and legally) MUST Functionally (and legally) MUST

include:include:web pages showing details of products web pages showing details of products

(product pages)(product pages)web pages and system giving cost detail web pages and system giving cost detail

and total cost of order (shopping cart)and total cost of order (shopping cart)web pages for managing on-line paymentweb pages for managing on-line payment

The Home PageThe Home Page

Equivalent of a shop windowEquivalent of a shop window Needs to:Needs to:

be attractive to users – potential customers be attractive to users – potential customers (marketing!)(marketing!)

provide a balanced colour scheme & text font provide a balanced colour scheme & text font which will be replicated throughout the site…which will be replicated throughout the site…

provide links to all features of the site, including provide links to all features of the site, including product pagesproduct pages

Product PagesProduct Pages

As an absolute minimum, a product As an absolute minimum, a product page should include:page should include:picture of productpicture of productpricepricedrop-down menu for quantitydrop-down menu for quantityat least one mouse-click option to buyat least one mouse-click option to buy

» preferable also for customer to click on product preferable also for customer to click on product image to make a purchaseimage to make a purchase

On-line OrderingOn-line Ordering Can be achieved via the www in a number of Can be achieved via the www in a number of

ways:ways: data noted by customer and sent manually via data noted by customer and sent manually via

emailemail» requires effort on the part of the customer…requires effort on the part of the customer…

HTML or Web forms on the shopping pages linked HTML or Web forms on the shopping pages linked to an on-line product database capture data and to an on-line product database capture data and send it via emailsend it via email

A more sophisticated forms system creates the A more sophisticated forms system creates the on-line orderon-line order

» captures customer’s personal data securelycaptures customer’s personal data securely» links to a secure payment systemlinks to a secure payment system

Order via e-mailOrder via e-mail Now considered as primitive…Now considered as primitive…

but better than nothingbut better than nothing provided that emails are checked regularly!provided that emails are checked regularly!

Two possibilities:Two possibilities: customer creates email from scratch using email customer creates email from scratch using email

address given on home pageaddress given on home page using a HTML mailto command, which allows the using a HTML mailto command, which allows the

email message header to be generated email message header to be generated automaticallyautomatically

In either case, this is a manual system requiring the In either case, this is a manual system requiring the vendor to physically read the message and send a vendor to physically read the message and send a reply...reply...

Process of ordering via e-mailProcess of ordering via e-mail Customer:Customer:

initiates communication by sending an initiates communication by sending an unstructured message requesting product(s) unstructured message requesting product(s) displayed on websitedisplayed on website

Vendor:Vendor: replies with an emailed orderreplies with an emailed order

» may have be inputted by handmay have be inputted by hand requests an address for sending the request for requests an address for sending the request for

paymentpayment Payment needs to be manual:Payment needs to be manual:

shouldn’t send credit card details by emailshouldn’t send credit card details by email

Order via a Simple HTML formOrder via a Simple HTML form Customer presented with product list as a Customer presented with product list as a

form on the web pageform on the web page Just needs to select qty of each product Just needs to select qty of each product

required and submit the completed form to required and submit the completed form to either the vendor’s email address or direct to either the vendor’s email address or direct to the vendor’s own serverthe vendor’s own server because the information is structured, it can be because the information is structured, it can be

read, processed, and stored automatically by read, processed, and stored automatically by software at the server endsoftware at the server end

vendor system can also automatically get back to vendor system can also automatically get back to the customer to continue the buying process…the customer to continue the buying process…

Order via real-time on-line Order via real-time on-line forms system (Shopping Cart)forms system (Shopping Cart) The cart….The cart….

Collects the order based on mouse clicks on Collects the order based on mouse clicks on shopping pagesshopping pages

Stores, processes, displays the orderStores, processes, displays the order Captures customer detailsCaptures customer details Displays on-line invoice for customer, including tax Displays on-line invoice for customer, including tax

and any other extra costsand any other extra costs Provides payment options for the customer to Provides payment options for the customer to

complete their ordercomplete their order Emails a copy of the online invoice to the Emails a copy of the online invoice to the

customercustomer

More about More about Shopping Cart softwareShopping Cart software

Written in a combination of:Written in a combination of:HTMLHTMLa client-side scripting languagea client-side scripting language

» E.g. JavascriptE.g. Javascript» VBScriptVBScript

Scripts running on the vendor’s web server Scripts running on the vendor’s web server (server-side)(server-side)» interaction with server each time new data is interaction with server each time new data is

enteredentered

Further requirements of a full Further requirements of a full B2C e-commerce systemB2C e-commerce system

B2C e-commerce sites also seek to provide B2C e-commerce sites also seek to provide customers with up to date informationcustomers with up to date information e.g. price changes e.g. price changes new products in stocknew products in stock changes to existing productschanges to existing products

Can only be achieved by linking the web site Can only be achieved by linking the web site to a product database on a web serverto a product database on a web server database records for products should themselves database records for products should themselves

be easily updated from an online formbe easily updated from an online form

Server side web programmingServer side web programming

Already cover “web scripting” (client side)Already cover “web scripting” (client side) Shopping Cart implementation requires Shopping Cart implementation requires

“server scripts” running on web servers“server scripts” running on web servers Current popular types of script:Current popular types of script:

php (PHP Hypertext Preprocessor) often on a php (PHP Hypertext Preprocessor) often on a breed of Unixbreed of Unix

asp.net (Active Server Pages) often on Windows asp.net (Active Server Pages) often on Windows 2000, XP, or 2003 Server systems2000, XP, or 2003 Server systems

More this in the practical, and next week...More this in the practical, and next week...

Typical Implementation of Typical Implementation of Server-side Shopping CartServer-side Shopping Cart

Most commonly used (and most successful) Most commonly used (and most successful) B2C e-commerce implementation:B2C e-commerce implementation: Web page displays live data from organisational Web page displays live data from organisational

web serverweb server Customer selects product(s) and qty from on-line Customer selects product(s) and qty from on-line

formform Costs, including VAT and any extras automatically Costs, including VAT and any extras automatically

included on on-line invoiceincluded on on-line invoice Customer can choose to buy (or not!) directly by Customer can choose to buy (or not!) directly by

simply clicking a screen buttonsimply clicking a screen button System requests customer details and means of System requests customer details and means of

payment before continuing…payment before continuing…

Capture of Customer DetailsCapture of Customer Details Essential to deliver the goods…Essential to deliver the goods… Needs to include email address to inform Needs to include email address to inform

customer of progress of ordercustomer of progress of order details need to be stored so as not to infringe the details need to be stored so as not to infringe the

1998 Data protection Act1998 Data protection Act Customer data capture could be combined Customer data capture could be combined

with choice of username/password for future with choice of username/password for future login site authentication purposeslogin site authentication purposes should not be used for bank details authenticationshould not be used for bank details authentication a fraudster could guess username/password…a fraudster could guess username/password…

On-line Payment SystemsOn-line Payment Systems

Require a reliable means of authentication of Require a reliable means of authentication of the user, to establish TRUSTthe user, to establish TRUST

Most effectively done through an on-line link Most effectively done through an on-line link to the International banking systemto the International banking system

Authentication requires confirmation of:Authentication requires confirmation of: NameName type of accounttype of account account numberaccount number other information, depending on the type of other information, depending on the type of

accountaccount

B2B Payment SystemsB2B Payment Systems

B2B systems around for some time…B2B systems around for some time… made use of EFT (Electronic funds Transfer) from made use of EFT (Electronic funds Transfer) from

the outsetthe outset Both buyer and seller need to contact Both buyer and seller need to contact

relevant bank computer:relevant bank computer: for authentication purposesfor authentication purposes to transfer fundsto transfer funds

On-line banking system highly secure:On-line banking system highly secure: 512 bit encryption512 bit encryption virtual private network (VPN)virtual private network (VPN)

B2C Payment SystemsB2C Payment Systems

Websites and http are NOT secureWebsites and http are NOT secure Payment data may take place FROM the web Payment data may take place FROM the web

site, if made securesite, if made secure no easy matter requires secure protocols:no easy matter requires secure protocols:

» http-s (secure)http-s (secure)» SSLSSL

safer to transfer to a secure site for data capturesafer to transfer to a secure site for data capture Most popular method of authentication and Most popular method of authentication and

payment is credit/debit cardpayment is credit/debit card relevant bank computer needs to be contactedrelevant bank computer needs to be contacted similar authentication and funds transfer systems similar authentication and funds transfer systems

as for B2Bas for B2B

Security on B2C Payment Security on B2C Payment SystemsSystems

Lot of concern about security of B2C Lot of concern about security of B2C authentication and transactionsauthentication and transactions

Use of VPNs, encryption and secure Use of VPNs, encryption and secure protocols make it extremely unlikely that data protocols make it extremely unlikely that data will be intercepted en routewill be intercepted en route

Some concern about the “secure servers” of Some concern about the “secure servers” of merchant service providersmerchant service providers

Such servers hold e.g. credit card numbers Such servers hold e.g. credit card numbers stored in an encrypted formatstored in an encrypted format

Secure Merchant ServersSecure Merchant Servers

Server security a a matter of:Server security a a matter of: configuration and management of the server configuration and management of the server

softwaresoftware setting appropriate user privileges and file securitysetting appropriate user privileges and file security auditing of all access to confidential dataauditing of all access to confidential data appropriate monitoring of attempted entry to the appropriate monitoring of attempted entry to the

system by “invalid” userssystem by “invalid” users Probably a lot safer to have credit details Probably a lot safer to have credit details

here than written down by a stranger at the here than written down by a stranger at the other end of the telephone line…other end of the telephone line…

Keeping the Customer Informed!Keeping the Customer Informed! Relatively easy to produce a system that will Relatively easy to produce a system that will

keep the customer informed by email about keep the customer informed by email about the processing of their orderthe processing of their order especially important, bearing in mind that especially important, bearing in mind that

customers may be from overseascustomers may be from overseas Can program the system to send messages Can program the system to send messages

at various trigger points:at various trigger points: credit details are authenticatedcredit details are authenticated order is paid fororder is paid for order is “picked” order is “picked”

» from the databasefrom the database» physically from storesphysically from stores

order is dispatchedorder is dispatched

Completing the customer Completing the customer shopping experience…shopping experience…

Important to have:Important to have:A means of giving the customer a record of A means of giving the customer a record of

their order:their order:» by web page as well by email… (“fail-safe”)by web page as well by email… (“fail-safe”)

A corporate “thank you” pageA corporate “thank you” pageequivalent to the polite “goodbye” when a equivalent to the polite “goodbye” when a

customer leaves the shop – especially if customer leaves the shop – especially if they have made a purchase…they have made a purchase…

Producing web pages for e-Producing web pages for e-commercecommerce

By now, you should be able to use HTML (or By now, you should be able to use HTML (or an Authoring package) to produce simple web an Authoring package) to produce simple web pagespages

You should also be able to implement mailto, You should also be able to implement mailto, simple forms, and framessimple forms, and frames

You should be at the point of using small You should be at the point of using small JavaScript applets in HTML programs to JavaScript applets in HTML programs to provide processing ability or special effectsprovide processing ability or special effects

You should be becoming aware that using You should be becoming aware that using JavaScript makes the whole thing much more JavaScript makes the whole thing much more complicated!complicated!

Who can create Who can create e-commerce websites?e-commerce websites?

Producing an e-commerce site from scratch Producing an e-commerce site from scratch requires:requires: Good communication and analysis skillsGood communication and analysis skills Web page design skillsWeb page design skills Some programming skillsSome programming skills Database knowledgeDatabase knowledge Client-server networking skillsClient-server networking skills

Shop@ssistantShop@ssistant (example of (example of how to design shopping pages)how to design shopping pages) A variety of page itemsA variety of page items

e.g.e.g. buttons, text, pictures etc buttons, text, pictures etc. that can be . that can be changechangedd

““Instant” shopping cart system:Instant” shopping cart system: automatically displays “shopping basket” whenever automatically displays “shopping basket” whenever

forms data is addedforms data is added handles tax and shippinghandles tax and shipping links with third party payment handling system links with third party payment handling system

(merchant services provider)(merchant services provider)» security security handled by a “trusted” third partyhandled by a “trusted” third party

Shop@ssistantShop@ssistant Demo SDemo Sitesites Page designs can be used as templatesPage designs can be used as templates

also contain embedded client-side JavaScript to also contain embedded client-side JavaScript to interface with the shopping cart system…interface with the shopping cart system…

manipulation may need programming knowledge…manipulation may need programming knowledge… should be noted that the shopping system on most should be noted that the shopping system on most

systems uses server-side scripting, and not systems uses server-side scripting, and not necessarily written in JavaScriptnecessarily written in JavaScript

ToTo access access demonstration site demonstration sites:s: locate Shop@ssistant demos share on relevant locate Shop@ssistant demos share on relevant

serverserver double double click on index.html click on index.html in the shop assistant in the shop assistant

demos folder (itself within the program files folder)demos folder (itself within the program files folder)

Bookshop Demo Bookshop Demo Site Site (example)(example)

Navigation:Navigation:forward (buttons at the bottom of the page)forward (buttons at the bottom of the page)back (hyperlinks at top and bottom)back (hyperlinks at top and bottom)

Further forward navigation enables the customer Further forward navigation enables the customer to order the book in at least two waysto order the book in at least two ways ““hot” image of the book (i.e. you can click on it) hot” image of the book (i.e. you can click on it)

Buttons bunched together - bottom of all product Buttons bunched together - bottom of all product pages:pages: Order this BookOrder this Book 3 Copies for 2 Offer3 Copies for 2 Offer Review Basket Review Basket

Bookshop Demo Bookshop Demo SiteSite Each page is customizable for those with Each page is customizable for those with

JavaScript expertise... JavaScript expertise... Other features to note:Other features to note:

heading – to reflect corporate image, etc.heading – to reflect corporate image, etc. product pages all have hyperlink to a pop up “more product pages all have hyperlink to a pop up “more

detail” pagedetail” page the cart displaythe cart display

» terms & conditions & “remove item” check boxterms & conditions & “remove item” check box option to go to payment page - cashieroption to go to payment page - cashier

» brings up form for customer databrings up form for customer data on-line invoiceon-line invoice bullet pointed helpbullet pointed help

Demo Demo Site - Handling Site - Handling PaymentPayment

Online invoice appears AFTER Online invoice appears AFTER customer details completedcustomer details completedincludes shipping and VAT chargesincludes shipping and VAT chargesTOTAL is what the customer will actually TOTAL is what the customer will actually

paypay If name, address, email address fields If name, address, email address fields

not satisfactorily completed (validated)not satisfactorily completed (validated)payment method section is blocked…payment method section is blocked…

Where Where shop@ssistantshop@ssistant fails fails miserably…miserably…

Product details are stored “client-side”Product details are stored “client-side” each product page has its own dataeach product page has its own data no option for updating data remotelyno option for updating data remotely any updating requires reprogramming of the any updating requires reprogramming of the

page…page… This is why SERVER SCRIPTING is usually This is why SERVER SCRIPTING is usually

used for shopping sites…used for shopping sites… product data held on an easily product data held on an easily

readable/updateable databasereadable/updateable database connected via scripts with embedded SQL connected via scripts with embedded SQL

statementsstatements

For next week… More For next week… More Shopping sites to look atShopping sites to look at

WooshWoosh!! (www.wooosh.com) “The World of (www.wooosh.com) “The World of Online Shopping”Online Shopping” over 1,000 UK shopping sitesover 1,000 UK shopping sites

www.childrens-warehouse.comwww.childrens-warehouse.com www.webelectricals.co.ukwww.webelectricals.co.uk sites using freecom.net servicessites using freecom.net services

www.wineonlinenorth.comwww.wineonlinenorth.com www.funerals.co-op.co.ukwww.funerals.co-op.co.uk

And… More URL’s to look atAnd… More URL’s to look at

Continental Research.comContinental Research.com - profiles of - profiles of consumers using E-Commerce consumers using E-Commerce

ZendorZendor.com.com - logistics firm - back end - logistics firm - back end E-CommerceE-Commerce

TPS - Telephone Preference ServiceTPS - Telephone Preference Service MPS - Mail Preference ServiceMPS - Mail Preference Service

Finally… Investigate Finally… Investigate Server-side scriptingServer-side scripting

Course practicals will use asp.netCourse practicals will use asp.net different from asp, which is being phased out…different from asp, which is being phased out…

Needs an Internet Information ServiceNeeds an Internet Information Service provided with any XP Professional machineprovided with any XP Professional machine and any Vista Premium machine…and any Vista Premium machine… in each case, not a default installation & needs to in each case, not a default installation & needs to

be installedbe installed

Each of the above is FREE to Worcester Each of the above is FREE to Worcester Business School students via MSDNBusiness School students via MSDN