Sell, Sell, Sell !

So you have got your web site up and running. Now the boss/client says that they want to sell from the web. They want to handle credit cards, but in a secure manner. The thought of doing this, whilst making sure that sufficient levels of security are maintained so that customers credit card details are not revealed to others on the web is enough to bring most of us out in to a cold sweat.

However help is at hand in the form of several companies who offer a variety of solutions at differing prices and differing levels of functionality. These companies will enable you to do credit card validation in real-time via the web. To explain how all this works, if you are not familiar with credit card transactions, we shall explain with a couple of examples.

Typical credit card transaction in a shop

First example is one that most of us are familiar with and that is the credit card transaction in a shop where both the buyer and the seller are present. The buyer presents his credit card to the seller who is a credit card Merchant. The Merchant takes the card details and the details of the transaction. If the value of the transaction is over a preset limit, the merchant will then phone up the credit card company and obtain an authorization number for that transaction. This number will guarantee that the merchant will receive the money for the goods. At the end of the day the merchant sends off the completed vouchers to the credit card company, and within a few days the merchant's normal bank account is credited. This is obviously slightly different if a credit card terminal is used in the shop, however the flow of data is similar.

Typical credit card transaction over the web

Over the web what should happen is that the buyer enters their credit card details on an HTML page which contains a form held on a secure server. Then the form details are sent from the buyer's browser to the server (usually using 40bit encryption in this country). These details are then sent via a secure private SET (Secure Electronic Transaction) link to the credit card house who then validate the details, then they check to see if there is any credit available. Should the transaction pass all these tests, a confirmation is returned to the buyer's browser and the order details are sent to the merchant. The credit card details need never go to the merchant web site.

To enable your site to do credit card transactions securely, in many cases you don't even need to get a secure server yourself. You put a form or a link on your site which takes you to the validation server which will then present a secure form for the buyer to enter their credit card details. If these details pass validation at the credit card house then a success screen is returned to the buyer and an email/fax message is sent to the seller for the order to be dispatched.

As simple as that, so what are the problems? Well first you need an internet merchant credit card account with someone like Barclaycard or MasterCard, which if you are not already a credit card merchant with them will cost you between £ 125 - 250. This will give you an account at the credit card company so that credit card transactions can be credited/debited and the monies less their commission (usually between 2% and 5%) transferred to your normal bank account. If you have a merchant agreement with say Barclaycard you are not just limited to Visa, you can still take the other credit cards with it. There are some exceptions so it is worth checking, most notably American Express require a separate merchant agreement with them. To get a credit card merchant account your company has to meet certain minimum requirements with the credit card company. This is usually 2 years trading, but we are told that they are agreeable to reducing this in the case of internet-based businesses as many of these companies are new. However in this case they may insist that the internet banking transactions are done through the main company bank account.

If you do not qualify for a merchant account or do not wish to, then you can use the services of a bureau. This is a company that handles all the transaction for you inculding the credit card side, then, usually 30 days from the end of the month they will transfer the monies due to you less their commission. The obvious problem here is that you will have already shipped the goods to the customer before you get your money, and you are paying a higher commission on each transaction, you also need to be very sure of the stability of the company you are dealing with. This solution may suit a company that is selling software that you download and so there are no substantial direct costs involved to a sale via the web, in fact one of the companies that we approached offers a service for such a type of business. NetBanx (www.netbanx.com) will sell a single product for just a set up fee of £ 75 and a commission of 4%. They also offer a whole range of other services, which we shall come to later.

The other problem when dealing via the web is the international nature of your customers, all wanting to deal in differing currencies. Now you can just trade in your local currency and let the credit card companies handle the conversion rates, or you could allow customers to see the prices in their currency and to buy in that currency. DataCash (www.datacash.com) offer a very extensive range of multi currency handling.

As far as security of your customers credit card details go, all of the companies we approach offered either 40 or 128 bit encryption from the buyer's browser to their server, the level being set by the buyer's browser.

When choosing a company to handle the credit card side of your web commerce solution, when asked, Simon Pounds from BarclaySquare said that you should consider the following:

  1. The type of product and service you are looking at providing.
  2. The mechanism by which you will receive funds payment.
  3. The functionality of the order delivery/processing system.
  4. Security.
  5. The service you receive from your ISP.
  6. Implementation time scales.
  7. Credit Card processor requirements and membership process.

It was impossible to talk to all the companies involved in this type of business, but here is a summary of some of the more helpful that we contacted.

SECPay (www.secpay.com)

SECPay state that they intend to "provide a one stop shop solution for small to medium sized companies". This company offers a service where credit cards are authorized in real time for which they charge £50 one off set up and £50 a year and 1% per transaction, with a minimum billing of £ 10 per quarter. You need to be a registered Barclays Internet Credit Card Merchant. The very knowledgeable Susie Hunter at SECPay told us that they have some other products underdevelopment including some software to implement a shopping basket on your web site (www.shop-express.com). A couple of features that were not offered by anyone else we spoke to, was that notification of a successful order placement could be done via a fax message being sent to say the dispatch department, and also their site will catch the use of the same transaction Id from the same person within a 1 hour period. This is to stop accidental double payment. In line with providing a complete solution SECPay will even supply a PC pre configured , and are offering web hosting through a 3rd party , they also have relationships with a few web designers , and can provide a basic home page to front their shopping basket, Vstore, for as little as £30. In effect an Internet shop for around £2500 for people who are starting from scratch and need the whole package.

Contact: Susie Hunter(susie@secpay.com)

NetBanx (www.netbanx.com)

NetBanx offer a wide range of services from £75 setup and 4% commission and no monthly minimum charge, to £500 set up and 50p per transaction with £100 a month min charge. They also offer bureau services at a similar setup with commission ranging from 9% to 6% or £3 per transaction. They have the ability to handle transactions in many different currencies so that the exchange risk is pasted to the processing bank and not to either the Buyer or the seller. NetBanx have been trading since Feb 1998 and are part of the NetInvest Group. They can also offer other more conventional web services such as email forwarding and web hosting.

Contact: info@netbanx.com

Data Cash (www.datacash.com)

DataCash have software in the form of Perl scripts, which is free and runs on your own secure web server. And then an annual license fee of £ 600 plus a usage fee £100 for the first 1000 transactions and £75 for each 1000 transactions thereafter. There are other charges for extended services, as this is a very comprehensive service that caters for many options including foreign currencies, and almost uniquely, address verification. You will need a Credit card merchant agreement and the ability to run cgi scripts on your web server, which some ISP's will not allow. This solution is probably better for those companies that run their own web server.

Contact: info@datacash.com

Secure Trading (www.securetrading.com)

Secure Trading have an annual fee of £ 295 and charge 2% commission on all transactions, but with no minimum monthly fee. They can offer many facilities from a simple secure online order form to a fully automated credit card authorizing and payment solution. Again you will need a credit card merchant account, but Secure Trading can help you apply for this. Secure Trading do not recommend using the bureau-type of system for trading over the internet and so do not offer this facility. To use their system can host your order form on their secure server so again this means that you are not limited by your ISP's requirements nor do you have to get involved in setting up a secure server. Transaction details can be accessed by merchants via either a secure web front-end or via a piece of software supplied. This software will allow the merchant to confirm that the goods have been dispatched if necessary. The security within their system is 2048 -bit RSA encryption with variable 168-bit session keys. This is a very high level of security, and is in fact greater than that specified by the credit card company's SET protocol. They also have a 'Fraud Control System' that looks for patterns of transactions, and inform the merchant so that they may make further checks. The merchant is informed of a successful transaction via either email or through a cgi script which could do almost anything.

Contact: Sunnie Bell (sunnie@securetrading.com)

E-payment Solutions (www.epaymentsolutions.com)

E-payment Solutions offer a complete solution from obtaining the Credit Card merchant agreement for the client to setting up an e-commerce solution for your web site. Prices for this type of complete solution obviously vary but usually around £900 - £4000 with a commission of 2.5% - 3% per transaction. They use SET and SSL encryption between themselves and the credit card houses with the standard 40 bit encryption between the buyer's browser and the web site. Email reports can be sent to the merchant about transactions with all the relevant tax information on them.

Contact: Anthony Brown (admin@epaymentsolutions.com)

Phone +44 (0) 1737 767 175

 

A Free Lunch?

The Dixons freebie Internet service which leapt to number two in the UK ISP charts with 475,000 subscribers within weeks of its launch, has hired US Web ad sales specialist DoubleClick. We talked about DoubleClick previously. This company supplies banner adverts to high traffic sites, and produce profiling of the web users who click on them (see issue xxx) This coupled with Dixons service using a proxy server to potentially monitor their members browsing, should give Dixons a formidable profile of web users. This sort of information is priceless to marketing companies and certainly answers the question many ask about this free service, 'where's the catch? '