MikeCohenMedia.com

E-commerce risks and essentials for conducting e-commerce.

• Intercepted data – data can be intercepted if not encrypted with SSL
• Database hacking – if credit card numbers are stored in an online database and a hacker gains access to the database, they can steal the card numbers. Don’t store card numbers if possible, it’s not necessary when you use online payment systems.
• Credit Card Fraud – merchants (you) are responsible for fraudulent transactions. Requiring the CVV code and using address verification minimize fraudulent transactions.
• Addressing Risk, PCI Compliance – The Payment Card Industry security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats.

Requirements

• E-commerce enabled web site (see types of e-commerce solutions below)
• SSL Certificate (Secure Socket Layer) – Provides encryption for data input by the user, and verifies you are who you say you are. Major providers are: VeriSign.com, GeoTrust.com. Costs start at $99/per year with these companies. Smaller companies such as GoDaddy.com also sell SSL certificates for less. Factors to consider: Browser recognition, web host compatibility, brand recognition of provider and displayed seal, level of validation.
• Merchant Account – A merchant account allows you to accept credit cards and other payment types and is tied to your business bank account. Fees for this service vary, but usually there is a 2%-3% transaction fee, sometimes a fixed transaction fee, sometimes a monthly usage fee and/or statement fee.
• Payment Gateway – A service that communicates with merchants, customers and financial networks to process authorizations and payments. Major gateway providers are Authorize.net, VeriSign, LinkPoint (YourPay) and PayPal. This service can be purchased on its own for a monthly fee, usually $25 and up, plus other fees.

Recommendation: Sign-up for a Merchant Account that also includes a Payment Gateway. This is usually a much better deal.

Payment Process

(see VeriSign download on class website for more details)

1.       Site user begins checkout process on your web site

2.       All pages of the checkout process served by secure server (SSL) which encrypts data, rendering it unreadable should it be intercepted.

3.       User enters and submits credit card information (SSL)

4.       Server receives information and sends to Payment Gateway

5.       Payment Gateway communicates with Issuing Bank to determine whether to authorize or decline transaction.

6.       Payment Gateway receives response and routes back to your web site.

7.       If authorized, order completed. If declined, error message displayed.

8.       If the transaction was a CAPTURE type transaction, the card will be charged, and the funds deposited in your bank. If it was an AUTHORIZATION only transaction, the card will be authorized, but further action will be required to actually charge the card and receive payment. This type of transaction is usually used when it is uncertain if the goods will ship immediately to avoid charging the customer’s card well before the goods are ready to ship.