E-Commerce

Nuts and Bolts of E-Commerce Systems

Six Degrees Studio has a lot of experience setting up online sales systems for clients. What follows is a simple primer that will allow you to better understand the online credit card process. Once you have read this and feel you have a basic understanding of how the process works, Six Degrees Studio walks you through the various phone calls necessary to set all of the steps up with the different entities.

Because you will be providing sensitive information directly to these entities, you are essential to the phone calls and in providing information for applications. We have found that the entire process goes much more smoothly when clients are somewhat familiar with how it all works.

 

The Typical Online Purchasing Process

1. Customer visits your site (you are called the “merchant”)

2. Customer clicks on a "buy" button, which begins the purchasing process

3. The product selection is added to the shopping cart on your website

4. Once at the 'checkout', the customers' personal and financial details are recorded via a secure form where the customer types in all important information like name, address, phone number, email address, credit card number, expiration date etc.

5. Details submitted from the “secure form” are transmitted to a payment gateway service, which is separate from the cart. The gateway service securely routes the information through the relevant financial networks. All ecommerce is done via gateways, although customers never interact directly with the process and probably aren’t aware it exists.

6. The gateway transmits the information to your bank’s processor, which runs it through a credit card “interchange”, and then on to the credit card issuer for verification of funds. And then, back through the process in reverse to the gateway. The gateway completes the process by storing the transaction results and sending them to the customer (confirmation or auto-reply form) and to the merchant to let you know you have a valid purchase. Whew! This process takes about 3 seconds.

7. If the transaction is successful, the customer’s credit card account is debited and your merchant account is credited.

8. Once all funds have cleared, you are then able to transfer money to your ordinary business checking account.


Payment Gateway

A payment gateway is a specific service and acts as an intermediary between the ALCC shopping cart and all the financial networks involved with the transaction, including the customers' credit card issuers and your own merchant bank account. It checks for validity, encrypts transaction details, ensures they are sent to the correct destination and then decrypts the responses which are sent back to the shopping cart.

There are a number of gateway service providers that are reputable:

www.authorize.net, www.merchantexpress.com, www.paypal.com

We recommend Authorize.net as a payment gateway because their support is outstanding and their product offers a QuickBooks Download Report feature that is compatible with Basic, Professional, and Premier editions of QuickBooks from 2002 to 2005. We also recommend including the Address Verification System (AVS) as it greatly decreases the incidence of accepting fraudulent transactions by verifying the cardholder’s billing address with the card issuer. Using AVS on your transactions may also benefit you by reducing the fees charged by your Merchant Bank.

Six Degrees Studio will set this up for you, or walk through the application process together with you. What we receive once the application is approved is an API code: "script" or "code" for us to embed in the site to make the online process function. Once the service is set up, we will work with the account representative directly to get the parts and pieces we need to make the gateway work properly on the site.

Merchant Interface: this is where you will go to manage your gateway account, submit manual transactions, configure account settings (i.e. filters), monitor and review unsettled transactions, search for and view settled transactions, view account billing statements, and more.

Transaction key: the payment gateway generates what is called a “transaction key” which is a complex value that uniquely identifies your gateway account and is similar to an account password. Transaction keys are used to authenticate requests submitted to the payment gateway. You will see this recorded on your One Sheet.

SIM: used for merchants that do not want to collect, transmit, or store sensitive cardholder information. We will be integrating your shopping cart with the gateway using this.

Filters: gateways allow you to customize the settings for your credit card transactions. For example, if you want every credit card to be address verified, to check the zip code against the billing address for the credit card and so on. Some of these are typical low-level “checks and balances”, others are more sophisticated in nature depending on how stringent you want to get in making sure that the credit card is being used by the card owner. We’ll walk you through the choices.


The Merchant Bank Account

Some type of Internet merchant bank account is necessary in order to have a place to receive funds from credit card sales. This is different from you normal bank/checking account. Obtaining a merchant account is not difficult and includes opening a business bank account that can work directly with the chosen gateway. You can expect to pay from $19.95 per month and up for the merchant bank account plus a per transaction fee. We will probably want to work with your existing banker (Wells Fargo) first to see what they offer.


Costs

Costs are estimates only and based on what is typically offered by service providers currently.

  • Authorize.net set up fee $99 (currently discounted from $299)
  • Authorize.net monthly gateway fee: $20
  • Authorize.net per transaction fee: $.10/transaction
  • Merchant Bank Account fee (bank): $9.95/month - $19.95/month
  • Merchant Bank Account per transaction fee: $.25/transaction
  • Visa/MasterCard: 2.19% per transaction
  • SSL (security) certificate: varies widely depending on level of security. $50 - $900/year depending on the certificate chosen. See SSL Certificate information below.


Time Involved

  • Merchant Bank Account - 1 - 2 weeks: Time spent with the bank getting approval, etc.
  • Obtaining API code - 1 - 3 weeks: Depends on the bank, systems they use and other communication factors.
  • SSL – 1 week or less: Submission is minutes. Approval is a few days and requires sending in documents proving you are a business.
  • Gateway setup: 1 –2 weeks – simultaneous with the SSL and API activities


Comments/Notes

API stands for Application Programming Interface. It is a little piece of code (usually just 2 or 3 files) that allows the website to send and receive information from a bank’s software system.

SSL (security) Certificates enable you to activate the security capabilities of your website so that the server will secure transactions or data communication over the web, ensuring your customers gain the highest level of confidence in your site and organization.

We select an SSL certificate by brand (VeriSign, Thawte, GeoTrust, GlobalSign are a few recognizable brands), and by validation method.

SSL is hugely competitive and cost anywhere from $50/year to $900/year or more for the extended certificates. If they are not a well-known Internet security company, Internet Explorer will put up a security warning box. Six Degrees Studio recommends SSL certificates issued by either Thawte or GeoTrust because they are recognized brands and reasonably priced (VeriSign tends to be quite expensive by comparison, for example). We think a simple domain validation certificate is adequate because most of your buyers already know your organization is legitimate.

Thawte: $149/yr mostly recognized; domain validated

GeoTrust: $249/year very recognized; domain validated

Suggested Usage: National, global brands plus all businesses who want to benefit from the ‘rub-off’ effect of having the same ‘green bar’ as the biggest sites in the world.

 

 

NUTS AND BOLDS OF ONLINE SALES USING CREDIT CARDS

January 8, 2008

This document is a simple primer that will allow you to better understand the online credit card process. Once you have read this and feel you have a basic understanding of how the process works, Six Degrees Studio walks you through the various phone calls necessary to set all of the steps up with the different entities. Because you will be providing sensitive information directly to these entities, you are essential to the phone calls and in providing information for applications. We have found that the entire process goes much more smoothly when clients are somewhat familiar with how it all works.

Please do not hesitate to let us know what questions you may have about any of the information presented here.

One Sheet

Six Degrees Studio issues a “One Sheet” to every client that spells out all of the important information associated with your site. It is a quick and easy reference to important information such as hosting provider, gateway service, important contact information, and various user name and passwords for each of the various entities connected to your site.

The nuts and bolts of online buying using credit cards

The typical online purchasing process:

1. Customer visits your site (you are called the “merchant”)

2. Customer clicks on a "buy me" button, which begins the purchasing process

3. The product selection is added to the shopping cart. 

4. Once at the 'checkout', the customers' personal and financial details are recorded via a “secure form” where the customer types in all important information like name, address, phone number, email address, credit card number etc…


5. Details submitted from the “secure form” are transmitted to a payment gateway service, which is separate from the cart. The gateway service securely routes the information through the relevant financial networks. All ecommerce is done via gateways, although customers never interact directly with the process and probably aren’t aware it exists.

6. The gateway transmits the information to your bank’s processor, which runs it through a credit card “interchange”, and then on to the credit card issuer for verification of funds. And then, back through the process in reverse to the gateway. The gateway completes the process by storing the transaction results and sending them to the customer (confirmation or auto-reply form) and to the merchant to let you know you have a valid purchase. Whew! This process takes about 3 seconds.

7. If the transaction is successful, the customer’s credit card account is debited and your merchant account is credited. 

8. Once all funds have cleared, you are then able to transfer money to your ordinary business checking account.

Payment Gateway

A payment gateway is a specific service and acts as an intermediary between the ALCC shopping cart and all the financial networks involved with the transaction, including the customers' credit card issuers and your own merchant bank account. It checks for validity, encrypts transaction details, ensures they are sent to the correct destination and then decrypts the responses which are sent back to the shopping cart.

There are a number of gateway service providers that are reputable:

 

www.authorize.net, www.merchantexpress.com, www.paypal.com

 

We recommend Authorize.net as a payment gateway because their support is outstanding and their product offers a QuickBooks Download Report feature that is compatible with Basic, Professional, and Premier editions of QuickBooks from 2002 to 2005. We also recommend including the Address Verification System (AVS) as it greatly decreases the incidence of accepting fraudulent transactions by verifying the cardholder’s billing address with the card issuer. Using AVS on your transactions may also benefit you by reducing the fees charged by your Merchant Bank.

We will set this up for you, or walk through the application process together with you. What we receive once the application is approved is an API code: "script" or "code" for us to embed in the site to make the online process function. Once the service is set up, we will work with the account representative directly to get the parts and pieces we need to make the gateway work properly on the site.

Merchant Interface: this is where you will go to manage your gateway account, submit manual transactions, configure account settings (i.e. filters), monitor and review unsettled transactions, search for and view settled transactions, view account billing statements, and more.

Transaction key: the payment gateway generates what is called a “transaction key” which is a complex value that uniquely identifies your gateway account and is similar to an account password. Transaction keys are used to authenticate requests submitted to the payment gateway. You will see this recorded on your One Sheet.

SIM: used for merchants that do not want to collect, transmit, or store sensitive cardholder information. We will be integrating your shopping cart with the gateway using this.

Filters: gateways allow you to customize the settings for your credit card transactions. For example, if you want every credit card to be address verified, to check the zip code against the billing address for the credit card and so on. Some of these are typical low-level “checks and balances”, others are more sophisticated in nature depending on how stringent you want to get in making sure that the credit card is being used by the card owner. We’ll walk you through the choices.

Merchant Bank Account

Some type of Internet merchant bank account is necessary in order to have a place to receive funds from credit card sales. This is different from you normal bank/checking account. Obtaining a merchant account is not difficult and includes opening a business bank account that can work directly with the chosen gateway.  You can expect to pay from $19.95 per month and up for the merchant bank account plus a per transaction fee. We will probably want to work with your existing banker (Wells Fargo) first to see what they offer.

 

Costs:

Costs are estimates only and based on what is typically offered by service providers currently.

Authorize.net set up fee $99 (currently discounted from $299)

Authorize.net monthly gateway fee: $20

Authorize.net per transaction fee: $.10/transaction

Merchant Bank Account fee (bank): $9.95/month - $19.95/month

Merchant Bank Account per transaction fee: $.25/transaction

Visa/MasterCard: 2.19% per transaction

SSL (security) certificate: varies widely depending on level of security. $50 - $900/year depending on the certificate chosen. See SSL Certificate information below.

Time Involved

  1. Merchant Bank Account - 1 - 2 weeks: Time spent with the bank getting approval, etc. 
  2. Obtaining API code - 1 - 3 weeks: Depends on the bank, systems they use and other communication factors.
  3. SSL – 1 week or less:  Submission is minutes.  Approval is a few days and requires sending in documents proving you are a business.
  4. Gateway setup: 1 –2 weeks – simultaneous with the SSL and API activities

Comments/Notes

API stands for Application Programming Interface.  It is a little piece of code (usually just 2 or 3 files) that allows the website to send and receive information from a bank’s software system.

 

SSL (security) Certificates enable you to activate the security capabilities of your website so that the server will secure transactions or data communication over the web, ensuring your customers gain the highest level of confidence in your site and organization.

We select an SSL certificate by brand (VeriSign, Thawte, GeoTrust, GlobalSign are a few recognizable brands), and by validation method (see DV, OV, and EV below).

SSL is hugely competitive and cost anywhere from $50/year to $900/year or more for the extended certificates. If they are not a well-known Internet security company, Internet Explorer will put up a security warning box. Six Degrees Studio recommends SSL certificates issued by either Thawte or GeoTrust because they are recognized brands and reasonably priced (VeriSign tends to be quite expensive by comparison, for example). We think a simple domain validation certificate is adequate because most of your buyers already know your organization is legitimate.

Thawte: $149/yr mostly recognized; domain validated

GeoTrust: $249/year very recognized; domain validated

Suggested Usage: National, global brands plus all businesses who want to benefit from the ‘rub-off’ effect of having the same ‘green bar’ as the biggest sites in the world.

You will need to provide a realistic estimate of your estimated monthly sales and average sale amounts. You can base the monthly estimate on the highest single month from your sales.