Shopping Cart Overview
 

 

All materials on this site - Copyright © 2004, Philip van Allen

  
shopping cart overview

Building a
shopping cart


 

 

  
Introduction

A shopping cart is a system that allows at web site to sell products online. It provides a system of selecting products to purchase (filling the cart), and then "checking out", where the user enters their billing and shipping information in a secure manner. For more information, see this article on setting up an e-commerce site:

 

  
Security

Because shopping carts involve private information including credit card numbers and expiration dates, it is very important that the shopping cart system keep this information secure. This means that the information must be secured by being encrypted when transmitted from the user's computer to the site's web server. It also means that once the information is on the site's server, the information must be handled in a secure way.

SSL - Secure Sockets Layer. SSL is a system that encrypts information transmitted from the user's browser (usually in a form) to the site server, preventing anyone from capturing the information while it is being transmitted. You can tell that a page is secure when the little lock in the lower left hand corner is closed. Often pages that are secured with SSL have the .shtml suffix.

Server security. Once the information is stored on the server, the security story is only beginning. In fact, it could be argued that the greatest danger for sensitive information being stolen is security holes in the server, rather than while the information is being transmitted from the user's browser. This is particularly true since the server may contain thousands of credit card numbers, rather than a single person's information. For example:

  • Physical security. If the server is in a physical location that is accessible to unauthorized persons, they may be able to simply put a disk in the computer and steal the information directly.
  • Electronic security. If the server is not properly set up, it may be possible for someone to hack into the system and steal information off of the server via the Internet.
  • Information transfer security. Even if the server is secure, a potential security hole can be opened when the information is transferred from one computer to another. If any information is transmitted from one computer to another, it should be encrypted. Otherwise, the information could be stolen while it is being transmitted over the Internet.

 

  
Handling credit card
transactions

In order to handle transactions online, it is necessary to receive, verify, and process credit card orders. The services to perform these operations may be included with the service, or they may be an additional monthly charge. Be sure you understand the costs of these services when you calculate the total cost of building an online catalog.

Merchant Account: You will need a credit card merchant account with a bank for processing the transactions.

Online Processing - Authorization & Capture: Most sites will want to verify the validity of the credit card and purchase amount at the time of the order. This is called Authorization. When you ship the product, you will want to charge the person's credit card to receive payment. This is called Capture. Online processing requires an arrangement with a service who will check and process the credit card electronically. If you don't have online processing, you will have to run the credit card manually via your traditional merchant account.

 

  
Approaches to Selling
on the Internet

Receive an order and process it manually. This approach involves using a form on a SSL enabled web page (to ensure that credit card info is transmitted safely). Once the information is collected, the proprietor manually processes the order. Be careful that any sensitive information is stored and handled securely. For example, sending the form information by email is very insecure!

Use a packaged catalog service. Packaged catalogs are a service provided by an e-commerce vendor, where the merchant builds a web site using a template and simple forms to enter their specific product information. The product listings, web pages and shopping cart all reside on the vendor's server. This method has the benefit of being very quick and simple. But it does not permit custom designed web sites. Security is handled by the catalog vendor.

Use a hosting server with an integrated shopping cart. The merchant purchases hosting services as well as a shopping cart service from a vendor. The merchant is responsible for designing and building the web site, and uses special codes to integrate the shopping cart features into their web site. Security is handled by the hosting service.

Use an offsite shopping cart service. When a merchant has an existing web site, and wants to integrate a shopping cart into this site, an offsite shopping cart service can be purchased. This is very similar to the previous method, except that the site resides on one server, and the shopping cart resides on the offsite services server. Security is handled by the shopping cart service.

Use a complete fulfillment service for downloadable products. If your product is software or MP3 files, or some other downloadable file, then you may want to work with a vendor that can handle not only the shopping cart, but also the storage and downloading of the files. Typically, the purchaser is transferred to the fulfillment vendors site to complete a transaction, and then downloads the product. They may need an unlock code which may be sent to them by the vendor at a later time.

Build your own site. This approach involves installing a product like Cold Fusion, or open source software like PHP and mySQL on your server, and building a complete commerce system on your server. This is a major undertaking that should not be approached lightly. In particular, the security issues are significant--both electronic and physical, and the site will require a full-time technical staff to operate.

 

  

Copyright © 2002, Philip van Allen