Building Web Sites All-in-One For Dummies® (94 page)

Using PayPal Website Payments Pro

PayPal Website Payments Pro is a package designed for e-commerce Web sites. The application integrates with existing shopping cards using a developer API. It enables you to take Visa, MasterCard, American Express, and Discover credit cards as forms of payment. In addition, a shopping cart powered with PayPal Website Payments Pro can also accept payments from debit cards, e-checks, bank transfers, and PayPal balances. If PayPal Website Payments Pro is used to handle online transactions, your client won't need another merchant account. Here are some added benefits to using PayPal Website Payments Pro:

• No application or setup fees

• No cancellation fees

• No monthly minimum

• No reporting fees

• No gateway fees

• No long-term commitment

When a visitor uses one of these credit cards to make a purchase through a Web site using PayPal Website Payments Pro, the payment is processed in the background. Payments made using PayPal express checkout transport the visitor to PayPal's secure Web site. The landing page can be modified to match the look and feel of your client's Web site. Checkout is an innocuous three-click experience. And the money from the transaction is immediately deposited to your client's account. (Sweet.) PayPal also provides fraud protection. You can set a limit on the maximum purchase amount, country of origin, and so on. As of this writing, Website Payments Pro pricing is as shown in Table 1-1 (all amounts in U.S. dollars):

Integrating with Credit Card Authorization Packages

The traditional way to handle transactions from a Web site is using a credit card authorization package. When you integrate a site with a credit card package, the payments from the site are handled by a number of banking institutions and processes. The service charges a setup fee and a monthly maintenance fee. The maintenance fee is based on the number of transactions handled per month. A thorough review of each of the many authorization packages available is beyond the scope of this book.

Credit card authorization packages enable you to run your online business with minimum overhead. In a traditional bricks-and-mortar store, you have to hire salespeople to show customers the product, take orders, and accept payments. With a properly designed e-commerce site and credit card authorization package, these tasks are handled automatically. If the e-commerce site you're designing sells a service, you can schedule regular payments through the credit card authorization package.

Online payments are quite involved, flowing through a complex network of financial institutions and processes. The complexity is exacerbated when you accept payment from foreign countries. Fortunately, technology has simplified this process, and the proper credit card authorization package provides the gateway for this process. When a customer makes an online payment, the process occurs in the background, and the payment process occurs fairly quickly.

Solving the online payment maze

When a customer makes a payment, it's submitted through a gateway. Then the payment must go from the
issuing bank
(the institution that funds the customer's credit card) to your client's bank. The process appears seamless when a payment is made online, but there are many supporting players in what seems like a one-act play. The following list introduces the various actors in this one-act play that happens when the Checkout button is clicked:

Merchant's Online Business:
The customer makes a purchase and clicks the Checkout button.

Internet Gateway:
The merchant's secure Web site submits a credit card payment to the payment gateway.

Merchant's Bank Processor:
The gateway provider receives the secure transaction information and hands it off to the merchant's bank processor.

Credit Card Processor Interchange:
The merchant's bank processor submits the transaction information to the
credit card processor interchange,
which is a network of financial entities that manages processing, clearing, and settlement of credit card transactions.

Credit Card Issuer:
The transaction is handed off to the customer's credit card issuer, which approves or declines the transaction based on the customer's available funds. If the truncation is approved, the appropriate funds are sent back through the credit card processor interchange.

Credit Card Processor Interchange:
The credit card processor exchange relays the information to the merchant's bank processor.

Merchant's Bank Processor:
The merchant's bank processor relays the information to the Internet gateway.

Internet Gateway:
The Internet gateway stores the result and funnels the information to the merchant. The process from checkout to sending the information back to the merchant averages less than three seconds.

Credit Card Processor Interchange: The funds, less any processing fees, are transferred to the merchant's bank account — a process that takes from two to four days.

Fees for credit card authorization packages vary, depending on the institution you choose and the number of bells and whistles included with the chosen credit card authorization package.

Internet fraud: An e-commerce merchant's worst nightmare

Not unlike things that go bump in the night, Internet fraud can rear its ugly head when you least expect it. Online merchants are responsible for fraudulent credit card transactions conducted through their sites. In addition to incurring heavy penalties and fees from the credit card association, there is the matter of product costs and shipping fees incurred by your client. Fortunately, you can protect the site against credit card fraud, even with a start-up online business that has limited transactions.

The first and most obvious step in safeguarding against fraud is to choose a secure and reliable payment solution. Choose a payment package that includes standard processing and anti-fraud features such as Card Security Code (CSC) and Address Verification Service (AVS). In addition, the payment solution should have options that enable your client to upgrade to the new buyer verification systems such as MasterCard SecureCode or Verified by Visa. Your payment solution might have additional options to safeguard against fraud. Ask your representative for details.

SSL — What Is It?

The world is full of acronyms these days, and the wonderful world of e-commerce is no exception. But remember, if it weren't for acronyms, you'd have to type or write a whole lot of words. The acronym of concern for any e-commerce site is SSL, which stands for
Secure Sockets Layer.
See, we told you it was a lot of words.

In a nutshell, when a site has SSL, the transaction is encrypted and cannot be deciphered by a third party. All secure pages are listed as
https
, followed by the rest of the Web address. Users can transmit any amount of information from a secure site and know that a third party cannot decipher the information. Sending credit card information via a secure site is safer than whipping out your credit card in a local store where prying eyes — and for that matter, the salesperson — can see the information. When you purchase goods or services from a secure site, the data is
encrypted
when submitted. When the recipient (the bean counter for your client's e-commerce site) receives the data, it's
decrypted.
The bean counter adds the money to your client's P&L (profit and loss) statement, and the goods are shipped to your client's customer.

Using a secure server

When you conduct your e-commerce using a secure server, the SSL certificate is linked to the site from which the transactions are being conducted. The SSL certificate is in your client's name and in the domain name of the e-commerce site.

Hosting an e-commerce site through a secure server is an expensive proposition. To host an e-commerce site on a secure server using an SSL certificate with 128-bit encryption costs several hundred dollars per year — and as much as one thousand dollars and up per year depending on the services included with the package. However, the less-expensive alternative of using PayPal's secure server is always an option. You might pay a bit more per transaction, but the cost of a secure server isn't added to your overhead. The other alternative is sharing an SSL certificate, if your Web hosting service provides this option.

Sharing an SSL certificate

Many Web hosting services allow their customers to share an SSL certificate. This service is included with your hosting, and therefore can be considered free. When you share an SSL certificate, you do so through a third-level domain alias, for example:
www.
yourdomain
.c2.
yourWebhostingserver
.com
. When you share an SSL certificate, you must use the domain alias in the code you use to create the buttons for your site's shopping cart. Alternatively, you can purchase a shopping cart package, which you can integrate into the site.

The problem with sharing an SSL certificate is that Internet Explorer issues a warning saying the domain name on the certificate doesn't match the domain name of the site from which the transaction is being conducted. Even so, the data is still encrypted, and the transaction is secure. This might cause a customer to back out of a transaction.

E-Commerce Do's and Don'ts

When you create an e-commerce site, your goal is to sell your merchandise — or your client's merchandise. In keeping with these goals, there are certain things you should consider as well as certain things you should avoid (such as designing an e-commerce site that looks like a board game). The following list of do's and don'ts can keep you on the straight and narrow:

•
Do make the site user-friendly.
Make sure your site navigation is easy to decipher. If your visitors need a manual to figure out how to use your site, it's not a good thing.

•
Do include a privacy statement.
If you request the visitor's contact information, make sure you include a link to your privacy statement that is readily visible on any page that requests sensitive information.

•
Make sure the site has the look and feel of other e-commerce sites in your client's industry.
Customers shy away from something that looks different from what they've come to expect. After all, no department stores look like the hip boutiques in Haight-Ashbury.

•
Avoid using buzzwords and hype, such as
best price
or
highest quality,
in the product descriptions.
These raise a red flag with many buyers.

•
Don't write the content.
Your client knows more about his business and product than you could ever hope to. After all, you wouldn't have your client write the content for your Web site, would you?

•
Spice up the pages.
Many Web sites have too much text on the page, while others rely solely on graphics. A good design has a nice mix of text and graphics.

•
Use Flash content judiciously.
If you need to add some razzle-dazzle, Flash can provide it for you, but don't make your site exclusively Flash. Search engines tend to avoid Flash content like the plague. However, you can safely add a small Flash animation to an otherwise HTML page.

•
Keep it fresh.
Make sure your client understands that an e-commerce site needs to be updated frequently in order to ensure return visitors. Either negotiate a fee for periodic revisions up front, or design the site in such a manner that your client can update it with Contribute. If you choose the latter, be sure to add extra for Contribute tutoring and the inevitable calls for advice. For more information on Contribute, see Book VIII, Chapter 2. And read all about it in
Macromedia Contribute For Dummies,
by Janine Warner and Frank Vera (Wiley).

•
Don't clutter the home page.
Some e-commerce sites look like the front page of the daily news and are way too busy to be useful. The home page of the e-commerce site should be like the cover of a book: inviting and a reason for the visitor to click a few links to see what your client has to offer.

•
Give visitors a reason to return.
Set up the site with a news section, or create a small section of the home page devoted to new products or information. Make sure this content is updated at least twice per month.