★ FAQ

Although electronic commerce, in the widest sense, has been defined as 'any business activity utilizing electronic communication channels for data transfer', modern usage is more related to commerce conducted over the Internet or over networks utilizing internet technologies; that is, extranets, intranets and virtual private networks using internet protocols. (See below for definitions of these terms.)

For the purpose of this FAQ, we will regard e-commerce specifically as:
"the process of electronically conducting business over the Internet -- or networks using internet protocols -- with particular reference to innovative marketing, order and payment systems, and administrative integration."

How much will it cost my company to set up an e-commerce web site?

This is an open ended question and depends, obviously, on the size, nature and sophistication of the enterprise, inventory, marketing requirements, and many other factors.

Here are some cost entities:

Hardware and software to connect to the Internet
Web site construction
Staff to maintain the Web site
Web hosting and Internet service provider charges
Online communications costs, eg, phone lines, ISDN lines, cable
Support staff for online order taking and customer care
Marketing of Web site
Credit card processing

A 'brochure' web site can be built for a few thousand dollars to allow contact and orders by email. This is the minimalist position. At the other end of the scale, Internet startups which rely on attracting millions of web site visitors each month to enable them to sell advertising and other products and services, invest millions of dollars in the enterprise.

How much you spend will depend on the results of a well considered business plan and the estimated return on investment; but be careful, the ROI may have to be calculated over the longer term.

How does e-commerce over the Internet differ from traditional commerce?

E-commerce is changing the relationship between merchant and customer, whether it be business to business or business to consumer commerce, or the government isomers of these.

Relationship building is paramount. Savvy Internet users know that if they cannot get good service, which also means an easily navigable web site, they can move on -- and quickly. The Internet is providing customers with growing power and purchasing control. Shopping agents will find the lowest price; scams or poor service will quickly be identified and passed on.

In addition there is still a strong ethic of 'free stuff' on the web. Consumers in particular are looking for free information and services. Providing these aspects is a crucial part of relationship building which will form the basis of electronic commerce into the future.

With the potential speed and efficiency of electronic communications and transactions, the nature of inventory is changing. A virtual shop on the web may carry no stock at all, relying on suppliers to fulfill orders; a small, on-site inventory can be replenished with just-in-time manufacturing

Tip: Do not build an e-commerce site without adequate backup for responding to email enquiries -- and it better be fast -- say within 24 hours at the outside, and preferably with an auto response if it is to take longer.

What are the e-commerce options for business?

These are some basic Internet/Web e-commerce transaction models:

The web brochure
Simple product description web site. Relies on pushing customers to traditional outlets. Email contact is usually provided for further enquiry.

The enhanced web brochure
Can take orders by email, fax, phone, including credit card purchases. Product is shipped. Credit card numbers usually are not secure when passed over the Internet.

The e-commerce mall site
Places your web site on a web mall (host) with other e-commerce merchants and usually includes shopping cart, secure server and credit card processing.

The e-commerce host site
Similar to above except you are an independent entity on the web host and have more control of the setup and software yourself.

The in-house site
You do the lot yourself, that is, setup and run the web servers, backup, and connectivity in-house. You can be as sophisticated as you like with electronic payment systems and end-to-end secure credit card processing. You need to be well resourced with technical support staff to ensure reliability and efficiency.

The business to business extranet
Business to business e-commerce is predicted to be the largest value sector of the industry within a few years. This model may incorporate elements of the EDI (electronic data interchange) standard and will perhaps use XML (extensible markup language) as a content description language (XML-EDI).

E-commerce extranets are secure Internet networks, usually with router encryption, over which merchants and customers can exchange order information and funds securely. Integration with the administrative backend may also be a feature. That is, order and financial information will be automatically incorporated into corporate accounts via the web interface.

Describe some Internet business models

Here are some successful business models already operating on the Internet:

The information provider
Sell information directly in the form of a book, manual or newsletter subscription. Be wary of this model. It works for some, but you must have unique content because of the abundance of free information on the Internet. The information products that work best seem to be those that claim to describe how to make money on the Internet or to save or make money in personal finances. Be careful of sharks and shanks in this field.

One of the decisions to be taken is related to the next model, below. That is, do you sell the information or give it away and rely on selling advertising based on the number of visitors you get to your site? Or do you give information away and sell something else -- say a book or vitamins or cars or financial services.

Information providers on the Internet may reap more monetary benefits as micro payment systems evolve (see below for more on payment systems). Micro payment systems will make the collection of small charges easy and convenient on the web -- perhaps below one dollar per transaction.

Even so, with the growth of the web and the problem of finding what you want in a reasonable time, information providers with good content may do well because time is money, and searching the web for 30 minutes to find free information may not be as cost effective as paying $20 for a report that you can access instantly.

The free information advertising model
This model relies on attracting a large number of web site visitors with the purpose of selling advertising (and possibly consumer services and products). Most of the large search engine, portal and hub sites rely on this model, but many smaller sites also do well. The information and services could be across any subject including health information (www.medscape.com), Internet marketing (www.e-land.com), computer glossary (www.whatis.com), or news (www.moreover.com).

The customer service/cost saving model
This model has reduced support costs for computer software and hardware companies considerably. The basics are simple: provide product support online and reduce the need for direct customer support -- and, in some cases, avoid the need for hard copy manuals. Companies like Sun Microsystems and IBM and a host of others describe customer support success stories with Internet technologies.

The direct sales model
This is often combined with the customer service model above. Dell Computer is one of the success stories of online selling and other computer manufacturers are rushing to emulate the model. At the same time, corporations with a strong reseller infrastructure have to tread carefully to ensure they do not alienate resellers and channel partners. A trend away from resellers in some industries will occur if web based direct sales become the dominant model.

As IBM says "Every transaction we move to the web saves us 70 to 90 percent."

One way of attending to resellers is to have a web presence offering direct sales, but asking the customer to select the nearest dealer or franchisee. The order is then passed electronically to the reseller to fulfill the order and accept payment. The corporate centre takes an additional percentage of each transaction to support the online service.

With recent 'dot.com' crashes on the stock market, business to consumer 'etailing' is not the growth industry it was in 1999 and the first half of 2000. However etailing is here to stay albeit with some modification to business models.

The innovative marketing model
If you can think of a new way of making money using Internet technologies then you could make a fortune if you can get in before anyone else does. This is the history of small scale startups like Yahoo web directory.

One relatively recent success story has been Internet auctions at sites like EBay (www.ebay.com). Make a bid for any of thousands of items and if you are the best, you've bought it. Also see www.priceline.com where you can make an offer for surplus airline seats. Is this the future of e-commerce?

The business to business model
This is said to be the fastest growing sector of Internet commerce. It involves electronic transactions for ordering, purchasing and administration using secure Internet protocols between traditional merchants and customers. See EDI below.

What is EDI and do I need the Internet for EDI?

EDI (Electronic Data Interchange), a form of e-commerce, is a standard format for exchanging business data. The standard is ANSI X12 and it was developed by the Data Interchange Standards Association. ANSI X12 is either closely coordinated with or is being merged with an international standard, EDIFACT. See Data Interchange Standards Association (DISA). www.disa.org

Much effort is being expended on making Internet EDI a standard for business to business e-commerce. The Extensible Markup Language (XML) is a likely vehicle for content description. See XML/EDI Framework

Currently, EDI operates over value added networks (VAN).

In practical terms EDI provides a common format for the exchange of orders, invoices and payments -- and may integrate back office accounting and administrative function at both ends of the transaction.

How important is my own domain name?

Absolutely essential. Domain names are extraordinarily important and valuable and good ones are exchanging hands for up to six figures.

Explain Internet, intranet, extranet VPN and VAN?

An intranet is an implementation of Internet technologies usually restricted to within corporate sites, but which may operate over a wide area network.

An extranet is a further extension of such restriction to approved clients, customers or associates for the purpose of exchanging confidential information or transactions.

A VPN (virtual private network) is the network application for implementing an extranet or wide area intranet.

A VAN (value added network), is essentially a proprietary network over which EDI, EFTPOS or other financial transactions are implemented.

Firewall and encryption technologies are important in securing all of these networks, particularly over the external communications infrastructure.

Why should my company get involved in e-commerce, I am doing okay with my current approach?

See the next two items.

What are the risks associated with conducting e-commerce?

First, e-commerce may require considerable capital outlay, ongoing costs, staff retraining and organizational restructuring -- for the most committed organizations.
Second, you may not realize a return on investment for several years. Amazon.com, the online bookseller, is still waiting to report a profit!
At the operational level, you have to be concerned about the following security breaches (courtesy of Verisign):
Spoofing - Ease of copying web pages makes it easy to create illegitimate sites that appear to be published by established organizations. Electronic criminals have illegally obtained credit card numbers by setting up web sites that mimic legitimate businesses.

Unauthorized disclosure - When transaction information is transmitted "in the clear," hackers can intercept the transmissions to obtain your customers' sensitive information.

Unauthorized action - A competitor or disgruntled customer can alter your Web site so that it refuses service to potential clients, or malfunctions.

Data alteration - The content of a transaction can be intercepted and altered en route, either maliciously or accidentally. User names, credit card numbers, and dollar amounts are all vulnerable to such alteration.

What are the risks of NOT conducting e-commerce?

Internet e-commerce is a reality and is the basis on which international electronic business and commerce will be conducted beyond 2000.

Even the smallest business may be affected. Businesses not in touch with the technology will confer an advantage on competitors.

Internet futurist Chuck Martin says this about ecommerce: "With all the cyber trends, it's important to understand that this is not a small thing, this e-business revolution is a very, very big thing. And the future will look very, very different than today."

How can I prevent hackers getting access to my important financial information and transactions?

Use a recognized ISP with an established security record and platform. Ask them about it.
Utilize a secure web server (and browser) with secure sockets layer (SSL) for credit card transactions and other e-commerce transactions.
Employ reliable firewall technology for in-house servers and networks. Get a recognized consultant with platform-specific expertise to set this up.
Utilize digital certificates and IDs to verify merchant and customer, and digital signatures to encrypt and authorize messages where appropriate. Digital certificates based on public key infrastructure (PKI) are still an emerging technology, but currently, the merchant/server side is important.

Explain encryption and cryptography in laypersons' terms?

Encryption is the transformation of data into a form (a cipher) that is, for most intents and purposes, impossible to read with out the appropriate decoder (a cryptographic key). Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form.

What is a digital certificate and a digital ID?

A digital certificate is an electronic "credit card" or "passport" that establishes your credentials when doing business or other transactions on the Web. A digital ID is the name Verisign, a certificate issuing authority gives to personal certificates.

A certificate is issued by a certificate authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting and decrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticated users can look up other users' public keys.

It is likely that in the near future organizations and individuals will have several digital certificates (ID) for a range of activities that require their identity to be validated. A person within a government department may use one to access confidential information on an intranet for example, while she has a separate ID for purchasing on the Net. A government, and even a department, may be a certificate issuing authority in the hierarchy (see below for more on certificate authorities).

Several IDs and cryptographic keys may be held on a smart card.

What is a digital signature?

A digital signature, not be confused with a digital certificate, is an electronic signature that can be used to authenticate the identity of the sender of a message, the signer of a document, or the owner of a credit card. It can also be used to ensure that the original content of the message or document sent is unchanged. A digital signature is usually generated from a digital certificate using public and private key technology.

(Note that a digital signature is not just a scanned image of a signature -- a relatively common misconception.)

Additional benefits of a digital signature are that it is easily transportable, cannot be easily repudiated, cannot be imitated by someone else, and can be automatically time-stamped.

A digital signature can be used with any kind of message, whether it is encrypted or not, so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate also contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.

What is a certificate authority?

A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption and decryption. A CA will require, and authenticate, documents to verify the identity of a person or organization before issuing a digital certificate. A hierarchy of certificate authorities can exist for different purposes under a public key infrastructure (PKI).

Depending on the PKI implementation, the certificate includes the owner's public key, the expiration date of the certificate, the owner's name, and other information about the public key owner.

The schema for certificate authorities is quite complex and has some way to go before it is easy to apply for Internet users, but it will be essential for full-scale electronic commerce to evolve.

Do I need a certificate or digital ID to buy and/or sell on the Internet?

Not necessarily, but if you are a merchant, you should get a certificate for your secure server so that the customer can ascertain that you are who you say you are. Assuring the customer of the security of their transaction and the authenticity of the merchant is essential to maximize sales over the Internet.

You can get a server certificate from Verisign and also read about the use of server certificates.

The need is less urgent at present for buyers. Consider current off line credit card processing. You buy something with a credit card and the seller calls the card processing centre and verifies the card number. It does NOT verify that you, the buyer, are who you say you are. You may have just stolen the card.

Similarly, at present, you can buy over the Internet without a digital certificate or ID which would establish your identity and card ownership. However, in the future, expect this to be required for many transactions.

What is a secure SSL server?

SSL (Secure Sockets Layer) is a program layer created by Netscape for managing the security of message transmissions in a network. Netscape's SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.

The client part of SSL is built into version 4.0 web browsers. If a Web site is on an SSL server, SSL can be enabled and specific Web pages can be identified as requiring SSL access.

SSL is becoming the defacto standard for secure transactions over the Internet. Note though, that although this standard ensures data transfer security and merchant verification, online credit card processing requires additional gateways to banks and credit card processing centers. Nor does it hide credit card numbers from the merchant. These are additional layers of electronic commerce sophistication and rely on protocols such as SET (secure electronic transactions).

Explain SET (Secure Electronic Transactions)

SET (Secure Electronic Transaction) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by MasterCard, Visa, Microsoft, Netscape, and others.

With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality. SET makes use of Netscape's Secure Sockets Layer (SSL), Microsoft's Secure Transaction Technology (STT), and Terisa System's Secure Hypertext Transfer Protocol (S-HTTP).

SET has been in the doldrums lately because of lack of support in the wider banking community. It is seen as being somewhat complex and slow -- perhaps unjustifiably.

Describe the process when someone buys from my web page with a credit card and online authorization and processing occurs.

Assume that a customer has a SET-enabled browser such as Netscape or Microsoft's Internet Explorer and that the transaction provider (bank, store, etc.) has a SET-enabled server.

The customer opens a MasterCard or Visa bank account.
The customer receives a digital certificate from the bank. This electronic file functions as a credit card for online purchases or other transactions. It includes a public key with an expiration date. It has been digitally signed by the bank to ensure its validity.
Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key.
The customer places an order over a web page.
The customer's browser receives and confirms from the merchant's certificate that the merchant is valid.
The browser sends the order information. This message is encrypted with the merchant's public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order.
The merchant verifies the customer by checking the digital signature on the customer's certificate. This may be done by referring the certificate to the bank or to a third-party verifier.
The merchant sends the order message along to the bank. This includes the bank's public key, the customer's payment information (which the merchant can't decode), and the merchant's certificate.
The bank verifies the merchant and the message. The bank uses the digital signature on the certificate with the message and verifies the payment part of the message.
The bank digitally signs and sends authorization to the merchant, who can then fill the order.

It's that simple ;-).

One of the stumbling blocks to SET and similar protocols is the requirement for the purchaser to have a "digital wallet". This is a piece of software on the customer's computer that contains credit card and digital certificate information and which is essential to the process. Until digital wallets are built into browsers so that customers do not have to download and install them before making a purchase, this model of e-commerce standard will languish.

Tell me more about electronic payment systems?

SET is a standard for electronic payment systems around which proprietary payment systems can develop applications.

Other payment systems in use include CyberCash, Ecash, PayPal.

Consumers will not wish to have to conform to several different payment system requirements, eg a CyberCash wallet, Surelink registration, or Ecash purchases and so on. Wallet technology, which will probably be supplied with browsers, will need to provide seamless support for the main payment systems.

What are the main types of e-commerce software and how do they work?

Apart from the standard web tools for forms processing and database-driven web back ends etc, e-commerce software can be roughly divided into the following sectors:

1. Shopping cart or shopping bag software
Shopping cart software makes selection and compilation of orders from web sites easier for customers. Customers can select, total and pay by credit card in a more or less, easy to navigate environment. Examples are Cart32, InetStore and Net.Commerce from IBM.

See here for a large list: www.poorrichard.com/freeinfo/shop.htm

2. Back Office integration
One of the advantages of electronic commerce should be the opportunity to integrate ordering and invoicing into financial systems. Such applications would normally require custom software to be written.

3. Bank gateways
For full scale e-commerce with end-to-end credit card authorization and processing, the merchant server requires a payment gateway to their participating bank.

Explain 'smart cards' and how they will be used in e-commerce.

Looking like a credit card or other blackstripe card, a smart card is a plastic card with an embedded microchip that can be loaded with data and used for telephone calls, stored cash payments, personal verification, and a host of applications that will emerge over the next few years, including the storage of personal digital certificates.

Smart cards have their own operating systems such as JavaCard and Multi OS.

Smart card readers that connect to PCs are under development and will enable smart cards to be used in e-commerce over the Internet, perhaps by storing digital cash and certificates.

How will customers find my site on the web and how can I keep them coming back?

You need to work at this -- probably much more than many startup sites do in practice.

Here are the minimal successful strategies:

Register your site at the top 10-20 search engines: ResponsiveWeb offers Search Engine Submission and Google Web Page Optimization. Click here for more information.

Develop a signature for the bottom of emails and newsgroup messages. This is an automatic advertisement for your site whenever you send a message. You can include information including URLs and description of your enterprise in three lines. Don't exceed four lines.

Place your web address and email address on ALL possible stationery and offline advertising. This fundamental technique has taken some time to get through to some organizations who build a good site and then don't bother to let people know it is available. Put the URL on stationery, company vehicles, newspaper and television advertising, caps, t-shirts and absolutely anywhere it can be seen. We haven't seen it that much yet in Australia, but watch for web addresses on the front of buildings.

Join banner exchange programs and list in free classifieds if you wish, but some people avoid these resources because they deem them not worth the time. In other words, do as much as you can for free without spending larger amounts on online advertising.

The secret to keeping customers coming back to your site is to build customer loyalty -- and you need to give them a reason to come back that does not necessarily rely on purchasing intent. Depending on the product, surfers will buy on impulse -- but you have to have them browsing the site for this to occur. Changing content is important: news, information, forums, chat groups, free stuff. Providing an email delivered newsletter is a popular and effective tool to keep your name in front of customers.

How should I best approach marketing over the Internet?

A marketing plan should be an integral part of your Internet business plan. If you don't have a business plan for Internet commerce you should get one soon!

The options are to employ someone in house to pursue marketing full time, or to employ a consultant to assist you.

How much does advertising on web pages or in newsletters cost?

The current rates are anywhere between $20-$50 per thousand page impressions or ad views. Other rates are available for click through advertising (see below).

What do the acronyms CPM, CTR, CPC, CPS mean in relation to web advertising?

CPM -- Cost per thousand page impressions, usually meaning advertisement views by a surfer.

CTR -- Click through rate means the percentage of site visitors who click on a banner advertisement to go to the advertisers site -- often around 1%.

CPC -- Cost per click refers to the averaged cost of a banner ad campaign per click. That is, the cost divided by the number of times a click through to your site occurs. Say the site you are advertising on charges $1000/month and the CTR is 1% of 100,000 ad views, then the cost per click is $1000/1000, or $1 per click.

CPS -- Cost per sale is the calculation for return on investment of the ad campaign. Using the above example, if you make 10 sales out of 1000 click throughs, then it has cost you $100 per sale which may or may not be profitable depending on the profit margin on each sale.

Explain affiliate programs in web marketing?

Affiliate or associate programs are business relationships with other ecommerce vendors in which you get a percentage of each sale that results from your recommendation -- usually from your web site. This works best when the affiliate has the software to track the customer coming from your site, and can inspire confidence in you that your reference is being recorded.

Targeted advertising is important. What does it mean in Internet terms?

As with offline advertising, if you can get your message to a group of customers who are more likely to be interested in your product then your sales percentages should be higher. At search engine sites banner ads are served according to the search terms you put in the search box.

The dream of tightly targeted advertising on the web is evolving slowly. If you consider that your buying preferences, newsgroup postings, emails, chat and so on are subject to possible recording and subsequent database delivery, you can see how targeted advertising will be used. If a cookie detects your presence at a web site, it could look up your database profile and serve a banner advertisement based on your interests. It is even possible to detect your international domain, and perhaps even the regional location, using sophisticated domain lookup procedures.

Expect the sophistication of targeted advertising on the Internet to increase dramatically over the next few years.

Why shouldn't I send out 10,000 emails to prospective customers?

Sending our unsolicited email is bad for the Internet community and bad for marketers because you become labeled as a spammer -- and this is the opposite of the 'trust' you need to encourage business sales on the Internet. News travels fast! Don't do it.

By all means use 'opt-in' email lists where the recipient has volunteered to receive advertising material in a particular category. Make sure these lists are maintained by reputable firms.

Better still, develop your own opt-in list by capturing the email addresses of visitors to your site. Do this authentically by offering a regular ezine or newsletter or some other vehicle for prospective customers to receive information. You can then offer products and services in conjunction with the emailed information.