IN THIS PART 12 Running an E-commerce Site 267 13 E-commerce Security Issues 281 14 Implementing Authentication with PHP and MySQL 303 15 Implementing Secure Transactions with PHP and MySQL 327 E-commerce and Security PART III 15 7842 part 3 3/6/01 3:42 PM Page 265 15 7842 part 3 3/6/01 3:42 PM Page 266 CHAPTER 12 Running an E-commerce Site 16 7842 CH12 3/6/01 3:43 PM Page 267 E-commerce and Security P ART III 268 This chapter introduces some of the issues involved in specifying, designing, building, and maintaining an e-commerce site effectively. We will examine your plan, possible risks, and some ways to make a Web site pay its own way. We will cover • What you want to achieve with your e-commerce site • Types of commercial Web site • Risks and threats • Deciding on a strategy What Do You Want to Achieve? Before spending too much time worrying about the implementation details of your Web site, you should have firm goals in mind, and a reasonably detailed plan leading to meeting those goals. In this book, we make the assumption that you are building a commercial Web site. Presumably then, making money is one of your goals. There are many ways to take a commercial approach to the Internet. Perhaps you want to advertise your offline services or sell a real-world product online. Maybe you have a product that can be sold and provided online. Perhaps your site is not directly intended to generate rev- enue, but instead supports offline activities or acts as a cheaper alternative to present activities. Types of Commercial Web Sites Commercial Web sites generally perform one or more of the following activities: • Publish company information through online brochures • Take orders for goods or services • Provide services or digital goods • Add value to goods or services • Cut costs Sections of many Web sites will fit more than one of these categories. What follows is a description of each category, and the usual way of making each generate revenue or other ben- efits for your organization. The goal of this section of the book is to help you formulate your goals. Why do you want a Web site? How is each feature built in to your Web site going to contribute to your business? 16 7842 CH12 3/6/01 3:43 PM Page 268 Online Brochures Nearly all the commercial Web sites in the early 1990s were simply an online brochure or sales tool. This type of site is still the most common form of commercial Web site. Either as an ini- tial foray onto the Web, or as a low-cost advertising exercise, this type of site makes sense for many businesses. A brochureware site can be anything from a business card rendered as a Web page to an exten- sive collection of marketing information. In any case, the purpose of the site, and its financial reason for existing, is to entice customers to make contact with your business. This type of site does not generate any income directly, but can add to the revenue your busi- ness receives via traditional means. Developing a site like this presents few technical challenges. The issues faced are similar to those in other marketing exercises. A few of the more common pitfalls with this type of site include • Failing to provide important information • Poor presentation • Not answering feedback generated by the site • Allowing a site to age • Not tracking the success of the site Failing to Provide Important Information What are visitors likely to be seeking when they visit your site? Depending on how much they already know, they might want detailed product specifications, or they might just want very basic information such as contact details. Many Web sites provide no useful information, or miss crucial information. At the very least, your site needs to tell visitors what you do, what geographical areas your business services, and how to make contact. Poor Presentation “On the Internet, nobody knows you are a dog,” or so goes the old saying. 1 In the same way that small businesses, or dogs, can look larger and more impressive when they are using the Internet, large businesses can look small, unprofessional, and unimpressive with a poor Web site. Running an E-commerce Site C HAPTER 12 12 RUNNING AN E-COMMERCE SITE 269 1 Of course, an “old saying” about the Internet cannot really be very old. This is the caption from a car- toon by Peter Steiner originally published in the July 5, 1993 issue of The New Yorker. 16 7842 CH12 3/6/01 3:43 PM Page 269 Regardless of the size of your company, make sure that your Web site is of a high standard. Text should be written and proofread by somebody with a very good grasp of the language being used. Graphics should be clean, clear, and fast to download. On a business site, you should carefully consider your use of graphics and color, and make sure that they fit the image you would like to present. Use animation and sound carefully if at all. Although you will not be able make your site look the same on all machines, operating sys- tems, and browsers, make sure that it is viewable and does not give errors to the vast majority of users. Not Answering Feedback Generated by the Web Site Good customer service is just as vital in attracting and retaining customers on the Web as it is in the outside world. Large and small companies are guilty of putting an email address on a Web page, and then neglecting to check or answer that mail promptly. People have different expectations of response times to email than to postal mail. If you do not check and respond to mail daily, people will believe that their inquiry is not important to you. Email addresses on Web pages should usually be generic, addressed to job title or department, rather than a specific person. What will happen to mail sent to fred.smith@company.com when Fred leaves? Mail addressed to sales@company.com is more likely to be passed to his succes- sor. It could also be delivered to a group of people, which might help ensure that it is answered promptly. Allowing a Site to Age You need to be careful to keep your Web site fresh. Content needs to be changed periodically. Changes in the organization need to be reflected on the site. A “cobweb” site discourages repeat visits, and leads people to suspect that much of the information might now be incorrect. One way to avoid a stale site is to manually update pages. Another is to use a scripting lan- guage such as PHP to create dynamic pages. If your scripts have access to up-to-date informa- tion, they can constantly generate up-to-date pages. Not Tracking the Success of the Site Creating a Web site is all well and good, but how do you justify the effort and expense? Particularly if the site is for a large company, there will come a time when you are asked to demonstrate or quantify its value to the organization. For traditional marketing campaigns, large organizations spend tens of thousands of dollars on market research, both before launching a campaign and after the campaign to measure its effectiveness. Depending on the scale and budget of your Web venture, these measures might be equally appropriate to aid in the design and measurement of your site. E-commerce and Security P ART III 270 16 7842 CH12 3/6/01 3:43 PM Page 270 Simpler or cheaper options include Examining Server Logs: Web servers store a lot of data about every request from your server. Much of this data is useless, and its sheer bulk makes it useless in its raw form. To distill your log files into a meaningful summary, you need a log file analyzer. Two of the better-known free programs are Analog, which is available from http:// www.statslab.cam.ac.uk/~sret1/analog, and Webalizer, available from http://www.mrunix.net/webalizer/. Commercial programs such as Summary, avail- able from http://summary.net, might be more comprehensive. A log file analyzer will show you how traffic to your site changes over time and what pages are being viewed. Monitoring Sales: Your online brochure is supposed to generate sales. You should be able to estimate its effect on sales by comparing sales levels before and after the launch of the site. This obviously becomes difficult if other kinds of marketing cause fluctua- tions in the same period. Soliciting User Feedback: If you ask them, your users will tell you what they think of your site. Providing a feedback form or email address will gather some useful opinions. To increase the quantity of feedback, you might like to offer a small inducement, such as entry into a prize draw for all respondents. Surveying Representative Users: Holding focus groups can be an effective technique for evaluating your site, or even a prototype of your intended site. To conduct a focus group, you simply need to gather some volunteers, encourage them to evaluate the site, and then interview them to gauge and record their opinions. Focus groups can be expensive affairs, conducted by professional facilitators, who evaluate and screen potential participants to try to ensure that they accurately represent the spread of demo- graphics and personalities in the wider community and then skillfully interview participants. Focus groups can also cost nothing, be run by an amateur, and be populated by a sample of people whose relevance to the target market is unknown. Paying a specialist market research company is one way to get a well-run focus group, and get useful results, but it is not the only way. If you are running your own focus groups, choose a skilful moderator. The moderator should have excellent people skills and not have a bias or stake in the result of the research. Limit group sizes to six to ten people. The moderator should be assisted by a recorder or secretary to leave the moderator free to facilitate discussion. The result that you get from your groups will only be as relevant as the sample of people you use. If you evaluate your product only with friends and family of your staff, they are unlikely to represent the general community. Taking Orders for Goods or Services If your online advertising is compelling, the next logical step is to allow your customers to order while still online. Traditional salespeople know that it is important to get the customer to Running an E-commerce Site C HAPTER 12 12 RUNNING AN E-COMMERCE SITE 271 16 7842 CH12 3/6/01 3:43 PM Page 271 make a decision now. The more time you give people to reconsider a purchasing decision, the more likely they are to shop around or change their mind. If a customer wants your product, it is in your best interests to make the purchase as quick and easy as possible. Forcing people to hang up their modem and call a phone number or visit a store places obstacles in their way. If you have online advertising that has convinced a viewer to buy, let them buy now, without leaving your Web site. Taking orders on a Web site makes sense for many businesses. Every business wants orders. Allowing people to place orders online can either provide additional sales, or reduce the work- load of your salespeople. There will obviously be costs involved. Building a dynamic site, organizing payment facilities, and providing customer service all cost money. Try to determine whether your products are suitable for an e-commerce site. Products that are commonly bought using the Internet include books and magazines, computer software and equipment, music, clothing, travel, and tickets to entertainment events. Just because your product is not in one of these categories, do not despair. Those categories are already crowded with established brands. However, you would be wise to consider some of the factors that make these products big online sellers. Ideally, an e-commerce product is nonperishable and easily shipped, expensive enough to make shipping costs seem reasonable, yet not so expensive that the purchaser feels compelled to physically examine the item before purchase. The best e-commerce products are commodities. If you buy an avocado, you will probably want to look at the particular avocado and perhaps feel it. All avocados are not the same. One copy of a book, CD, or computer program is usually identical to other copies of the same title. Purchasers do not need to see the particular item they will purchase. In addition, e-commerce products should appeal to people who use the Internet. At the time of writing, this audience consists primarily of employed, younger adults, with above-average incomes, living in metropolitan areas. 2 With time, though, the online population is beginning to look more like the whole population. Some products are never going to be reflected in surveys of e-commerce purchases, but are still a success. If you have a product that appeals only to a niche market, the Internet might be the ideal way to reach buyers. E-commerce and Security P ART III 272 2 Use of Internet by Householders, Australia, Feb. 2000 (Cat. No. 8147.0) Australian Bureau of Statistics 16 7842 CH12 3/6/01 3:43 PM Page 272 Some products are unlikely to succeed as e-commerce categories. Cheap, perishable items, such as groceries, seem a poor choice, although this has not deterred companies from trying, mostly unsuccessfully. Other categories suit brochureware sites very well, but not online order- ing. Big, expensive items fall into this category—items such as vehicles and real estate that require a lot of research before purchasing, but that are too expensive to order without seeing and impractical to deliver. There are a number of obstacles to convincing a prospective purchaser to complete an order. These include • Unanswered questions • Trust • Ease of use • Compatibility If a user is frustrated by any of these obstacles, she is likely to leave without buying. Unanswered Questions If a prospective customer cannot find an immediate answer to one of her questions, she is likely to leave. This has a number of implications. Make sure that your site is well organized. Can a first-time visitor find what she wants easily? Make sure your site is comprehensive, without overloading visitors. On the Web, people are more likely to scan than to carefully read, so be concise. For most advertising media, there are practical limits on how much information you can provide. This is not true for a Web site. For a Web site, the two main limits are the cost of creating and updating information and limits imposed by how well you can organize, layer, and connect information so as not to overwhelm visitors. It is tempting to think of a Web site as an unpaid, never sleeping, automatic salesperson, but customer service is still important. Encourage visitors to ask questions. Try to provide immedi- ate or nearly immediate answers via phone, email, or some other convenient means. Trust If a visitor is not familiar with your brand name, why should he trust you? Anybody can put together a Web site. People do not need to trust you to read your brochureware site, but placing an order requires a certain amount of faith. How is a visitor to know whether you are a rep- utable organization, or the aforementioned dog? People are concerned about a number of things when shopping online: What are you going to do with their personal information? Are you going to sell it to others, use it to send them huge amounts of advertising, or store it somewhere insecurely so that others can gain access to it? It is important to tell people what you will and will not do with their data. This is called a privacy policy and should be easily accessible on your site. Running an E-commerce Site C HAPTER 12 12 RUNNING AN E-COMMERCE SITE 273 16 7842 CH12 3/6/01 3:43 PM Page 273 Are you a reputable business? If your business is registered with the relevant authority in a particular place, has a physical address and a phone number, and has been in busi- ness for a number of years, it is less likely to be a scam than a business that consists solely of a Web site and perhaps a post office box. Make sure that you display these details. What happens if a purchaser is not satisfied with a purchase? Under what circum- stances will you give a refund? Who pays for shipping? Mail order retailers have tradi- tionally had more liberal refund and return policies than traditional shops. Many offer an unconditional satisfaction guarantee. Consider the cost of returns against the increase in sales that a liberal return policy will create. Whatever your policy is, make sure that it is displayed on your site. Should customers entrust their credit card information to you? The single greatest trust issue for Internet shoppers is fear of transmitting their credit card details over the Internet. For this reason, you need to both handle credit cards securely and be seen as security con- scious. At the very least, this means using SSL (Secure Sockets Layer) to transmit the details from the user’s browser to your Web server and ensuring that your Web server is competently and securely administered. We will discuss this in more detail later. Ease of Use Consumers vary greatly in their computer experience, language, general literacy, memory, and vision. Your site needs to be as easy as possible to use. User interface design fills many books on its own, but here are a few guidelines: Keep your site as simple as possible. The more options, advertisements, and distrac- tions on each screen, the more likely a user is to get confused. Keep text clear. Use clear, uncomplicated fonts. Do not make text too small and bear in mind that it will be different sizes on different types of machines. Make your ordering process as simple as possible. Intuition and available evidence both support the idea that the more mouse clicks users have to make to place an order, the less likely they are to complete the process. Keep the number of steps to a minimum, but note that Amazon.com has a U.S. patent 3 on a process using only one click, which it calls 1-Click. This patent is strongly challenged by many Web site owners. Try not to let users get lost. Provide landmarks and navigational cues to tell users where they are. For example, if a user is within a subsection of the site, highlight the navigation for that subsection. If you are using a shopping cart metaphor in which you provide a virtual container for cus- tomers to accumulate purchases prior to finalizing the sale, keep a link to the cart visible on the screen at all times. E-commerce and Security P ART III 274 3 U.S. Patent and Trademark Office Patent Number 5,960,411. Method and system for placing a pur- chase order via a communications network. 16 7842 CH12 3/6/01 3:43 PM Page 274 . THIS PART 12 Running an E-commerce Site 267 13 E-commerce Security Issues 281 14 Implementing Authentication with PHP and MySQL 303 15 Implementing Secure Transactions with PHP and MySQL 327 E-commerce. Security PART III 15 7842 part 3 3/6/01 3:42 PM Page 265 15 7842 part 3 3/6/01 3:42 PM Page 266 CHAPTER 12 Running an E-commerce Site 16 7842 CH12 3/6/01 3:43 PM Page 267 E-commerce and Security P ART. demo- graphics and personalities in the wider community and then skillfully interview participants. Focus groups can also cost nothing, be run by an amateur, and be populated by a sample of people