PayPal

Explain why Website Payments Standard is fast, easy, low cost.

With Paypal’s Payments Standard you get no set-up fees. No monthly fees or termination fees. No hidden fees. You only pay when you get paid. Volume discounts available. You are charged by: 2.9% + $0.30 per transaction. which makes setup a breeze.

Which are the different methods PayPal can accept?

  1. Accept PayPal payments
  2. Accept credit and debit cards
  3. Accept PayPal Credit payments (U.S. only)

Do you need to have a shopping cart to use PayPal? Name 5 compatible carts with PayPal.

If you want to sell more than one item online, you need shopping cart software so your customers can:

  • Browse items
  • Make multiple selections
  • See shipping, taxes, and any other costs up front

5 compatible carts with PayPal:

  • Bigcommerce
  • Magento
  • Wix
  • Godaddy
  • 3dcart

Are applications, setup, or monthly fees required with PayPal?

No fees at all only charged once a transaction has been made.

With PayPal, do you need to store and protect customers’ sensitive financial information?

No paypal takes care of that for you.

 

Is a long-term commitment required with PayPal?

No long term commitment required.

 

Does every customer require a PayPal account to make payments on your web site?

No they usually have the option to pay with credit or debit cards as well.

Briefly explain what happens after the customer reviews the order in your site and proceeds to checkout in PayPal.

Once at checkout they will be brought to paypal to confirm the order, after which they will be returned to the initial site.

Explain briefly if the PayPal check-out site can match the look and feel of your own site.

The only way to customize the PayPal check-out site is to sign-up for PayPal Payment Pro which is $30/ month + the 2.9% + $0.30 per transaction.

 

Briefly explain what encryption is and why PayPal encrypts your business and customer information.

Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ;encrypted data is referred to as cipher text.

PayPal does this to keep your information and your customer’s information  secure.

 

What is the PayPal transaction fee?

2.9% + $0.30 per transaction.

 

What are the three steps to integrate the PayPal Shopping Cart?

Go to your paypal shopping cart page, enter your product details, copy and paste the html code generated into your website.

Name 5 additional features of the PayPal Shopping Cart.

  1. Accept 26 currencies from 203 countries
  2. Detailed transactions dashboard
  3. Optimized mobile checkout experience
  4. Simplified PCI compliance standards
  5. Accept credit and debit cards +PayPal payments

 

 

 

 

 

Advertisements

E-commerce

Compare and Contrast the following sites:

Shopify, Big Cartel, bigcommerce, and Prestashop are all onlinestore builders with fully integrated shopping carts whereas zen cart and 1shoppingcart are just shopping cart software.

Price + Special Features Comparison

  • Shopify: Basic plan = $29/ Month
    • Online Store
    • Social Media Integration
    • Unlimited Products
  • Big Cartel: Titanium plan = $29/ Month
    • Online Store
    • Inventory Tracking
    • 300 Products
  • Bigcommerce: Standard plan = $29.95/ Month
    • Online Store
    • Unlimited Storage
    • Unlimited Products
  • Prestashop: Free to use
    • 2,000+ professional ecommerce website templates $124+
    • mobile-responsive design

Cart Price + Special Features Comparison

  • Zen Cart: Free open source software
    • You are free to modify the source code in whatever ways your application requires.
    • Many popular payment gateways built-in, you can start accepting payment immediately.
  • 1Shoppingcart: 1 Month Free Trial*  + Standard Monthly Price* of $24.95
    • Unlimited Products
    • Full Featured Email Marketing
    • Integrated Post-Sale Upsells
    • Over 1GB Online Storage

Hosting options available for use with shopping cart software.

Zen Cart: “Works with any* hosting company”

Shopping cart vulnerabilities and best-practice preventative measures.

Shopping carts are vulnerable to viruses and attacks.

6 Essential Requirements for a Secure e-Commerce Site

  • Use Enhance Verification SSL
  • Use PCI and Vulnerability Scanning Services
  • Use penetration testing to stay ahead of the bad guys
  • Use multi-factor authentication
  • Trust seals matter. Use them
  • Use a Managed DNS

What software is needed to install and setup pre-built shopping cart software.

It is all determined by what shopping cart you will use but Paypal is currently the most convenient pre-built software that can be easily integrated into websites

 

 

Identify security issues associated with E-commerce and discuss methods to mitigate risks.

Describe the differences between Transaction Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL).

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.

SSL is an encrypted connection between web server and visitors browser allowing for private information to be transmitted without eavesdropping, data tampering or message forgery.

TLS ensures privacy between communication applications and their users.

Explain transaction security

Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others. With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser’s bank in a way that ensures privacy and confidentiality. SET makes use of Netscape’s Secure Sockets Layer (SSL), Microsoft’s Secure Transaction Technology (STT), and Terisa System’s Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public key infrastructure (PKI).

 

What are security and payment processing issues involved in developing a site (e.g., SSL, Digital Certificates, SET Protocol, Cyber Cash)?

SSL security certificate is critical. SSL certificates prevent cyber criminals from intercepting financial data. They encrypt credit card numbers/ passwords/ log -ins.

Extended validation is considered the best bet, when developing a e-commerce site. It requires a more thorough authentication process.

Payment security is complex. Many vulnerabilities exist in the payments processing chain, especially in the interactions between consumers, merchants and acquirers. The sheer volume of consumers and merchants provides a large window of opportunity for thieves to capture data that can be fraudulently turned into profit. J None of the technologies that exist today solves all the security problems in the payments processing chain. However, a select few technologies focus on solving the biggest problems and greatest vulnerabilities that affect most merchants, and they can do so in a cost-effective manner. Merchants can use these solutions to reduce their overall level of vulnerability. J New security methods are now available to secure sensitive cardholder data from compromise as close to the initiation of the transaction as possible. In addition, these technologies can help reduce a merchant’s PCI compliance burden.

Payment processing chain:

  1. A consumer wants to buy goods or services and pay for it using his credit card. The cardholder data is entered into the merchant’s payment system, which could be a point-of-sale (POS) terminal/software or an e-commerce Web site.
  2. The card data (PAN) is sent to an acquirer/payment processor, whose job it is to route the data through the interchange system for processing.
  3. The acquirer/processor sends the data to the payment brand (e.g., Visa, MasterCard, American Express, etc.), who forwards it to the issuing bank.
  4. The issuing bank verifies that the card is legitimate, not reported lost or stolen, and that the account has the appropriate amount of credit/funds available to pay for the transaction.
  5. If so, the issuer generates an authorization number and routes this number back to the card brand. The issuing bank agrees to fund the purchase on the consumer’s behalf.
  6. The card brand forwards the authorization code and the PAN back to the acquirer/processor.
  7. The acquirer/processor sends the authorization code and either the PAN or a viable substitute number for the PAN (i.e., a token) back to the merchant.
  8. The merchant concludes the sale with the customer.
  9. The merchant may retain the transaction data long term for the processing of returns, retrieval requests or chargebacks, as well as for business intelligence reasons such as analysis of consumer buying behavior and creation of marketing programs.

Where encryption fits in the payments process

  1. When the cardholder data (the PAN) is captured at the POS (with a physical swipe or data entry), the data is encrypted.
  2. The data is encrypted as it traverses any in-store network.
  3. The merchant sends the encrypted PAN to the acquirer/processor.
  4. The payment processor decrypts the data and sends it via a secure channel to the appropriate network or association for authorization. When the transaction is authorized for payment, it gets sent back to the payment processor.
  5.  After authorization, the acquirer/processor returns the encrypted PAN along with the transaction response to the merchant.
  6. The merchant may retain the encrypted transaction data long term for the processing of returns, retrieval requests or chargebacks, as well as for business intelligence reasons such as analysis of consumer buying behavior and creation of marketing programs

The problems that data encryption solves

Data encryption solutions solve for the problem of live (clear text) data in transmission as it moves upstream to the acquirer by encrypting the data as close to the point of capture as makes sense for a particular merchant. It also can solve for the problem of having clear text cardholder data in electronic storage environments when the data is kept for auxiliary use. These are two of the greatest vulnerabilities for most merchants, and by applying data encryption technology, merchants can reduce their risk of liability stemming from a data breach. If a breach does occur and a thief obtains encrypted data, he can’t use it without also obtaining the decrypting key. End-to-end encryption is not currently a requirement in PCI DSS. However, according to George Peabody, principal analyst with the Mercator Advisory Group, “end-to-end encryption may well be the end game recommendation of PCI and, if data breaches continue to plague the payments industry and occupy headlines, that recommendation may become a mandate within two years.”

Where tokenization fits in the payments process

  1.  When the cardholder data (the PAN) is captured at the POS (with a physical swipe or data entry), the data is encrypted.
  2.  The data is encrypted as it traverses any in-store network.
  3. The merchant sends the encrypted PAN to the acquirer/processor.
  4. The payment processor decrypts the data and sends it via a secure channel to the appropriate network or association for authorization. When the transaction is authorized for payment, it gets sent back to the payment processor.
  5.  After authorization, the acquirer/processor returns the encrypted PAN along with the transaction response to the merchant.
  6. The merchant may retain the encrypted transaction data long term for the processing of returns, retrieval requests or chargebacks, as well as for business intelligence reasons such as analysis of consumer buying behavior and creation of marketing programs.

The problems that tokenization solves

Tokenization solves the problem of having live cardholder data in storage or in use in business applications after the transaction approval. This process eliminates the possibility of having real card data stolen at this point because it doesn’t even exist here. And unlike encrypted data, the use of tokenized data reduces the scope of PCI audits, again because there is no cardholder data that must be secured. Merchants can save significant time and money by reducing the scope of their PCI audits.

SSL security certificate is critical. SSL certificates prevent cyber criminals from intercepting financial data. They encrypt credit card numbers/ passwords/ log -ins.

Extended validation is considered the best bet, when developing a e-commerce site. It requires a more thorough authentication process.

 

What is https and htaccess?

HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering.HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server.

A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.

 

How to obtain an SSL certificate and secure transactions?

  1. Purchase an SSL certificate from a vendor
  2. Install Certificate on your host
  3. Update site using https

Compare and contrast the appropriateness of employing a merchant account or a payment gateway to handle online transactions.

Merchant Account:

A merchant account is a type of bank account that allows businesses to accept payments by payment cards, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions.

Payment Gateway:

A payment gateway is an e-commerce application service provider service that authorizes credit card payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar.

 

Discuss the process, advantages, disadvantages, and costs associated with opening a merchant account.

First off, card processing is actually quite regional and the options differ based on the location of your business (e.g. in the US or outside the US, for example) as well as where customers primarily are located.  Lastly, the business needs you have may dictate specific integrations or gateways that you need to use, and then the decision process can be based around technology offerings available from the different platforms.

With Stripe, PayPal and Intuit “GoPayment”, you are leveraging a Payment Service Provider (“PSP”) and not generally establishing a directly acquired merchant account.

 

Describe the process, advantages, disadvantages, and costs associated with using a payment gateway.

Advantages:

  • Process is integrated with the shopping cart.
  • Guaranteed fraud protection Mechanisms in place.
  • PayPal guarantees customer personal data protection.
  • PayPal supports multicurrency payment processing.
  • PayPal has ease of access and use.
  • PayPal has relatively good rates on money transfer.

Disadvantages:

  • PayPal can freeze your money and account at will.
  • Although PayPal may be global not all online businesses have adopted it.

 

E-commerce Quizecommerce quiz

 

SEO/ Site Maintenance

What is SEO

Search Engine Optimization or “SEO” is the process of affecting the visibility of a website or a web page in a search engine’s “natural” or “organic” unpaid results.

The importance of having a“search engine friendly” website is the visibility it can give your website to the world for your business or organization.

“Search Engine Marketing and search engine optimization are critically important to online businesses. You can spend every penny you have on a website, but it will all be for nothing if nobody knows your site is there. -Marc Ostrofsky

Web Crawlers explained

Web Crawlers (web spider or web robot) is a program that automatically browses the internet.  Search engines, use crawling as a means of providing up-to-date data for users.

Meta Tags and how they are used

Meta tags are snippets of text that describe a page’s content; they don’t appear on the page itself, but only in the page’s code; more specifically within the <head> element. they are typically used as little content descriptors that help tell search engines what a web page is about.

SEO attributes and their role in the grand scheme of things

The following two attributes are provided in the html of a site as meta data:

  • The Keyword Attribute is used to specify words that are a comma-separated list of relevant words that informs search engines what the page is about.

    Example: <meta name=”keywords” content=”HTML, meta tag, tag reference”>

  • The Descriptions Attribute is just what you expect, its the descriptions of the page. Search engines can pick up this description to show with the results of searches.

    Example: <meta name=”description” content=”Free web tutorials”>

Other SEO attributes:

  • The Title tag is meant to be an accurate and concise description of a page’s content and is arguably the most important on-page seo factor to address on any web page. Title tags are often used on search engine results pages to display preview snippets for a given page.
  • The Domain name  should strike a balance between finding a catchy, unique, brand-friendly domain name and having a domain that contains keywords they are trying to target.

Caution for Spamdexing

In computing, spamdexing (also known as search engine spam, search engine poisoning, Black-Hat SEO, search spam or web spam) is the deliberate manipulation of search engine indexes. spamdexing involves a number of methods, such as repeating unrelated phrases, to manipulate the relevance or prominence of resources indexed in a manner inconsistent with the purpose of the indexing system. If you spamdex you will be penalized.

search engine marketing methods:

  • Pay Per Click (PPC)  is a model of internet marketing in which advertisers pay a fee each time one of their ads is clicked.  Sponsored Listings are another form of PPC you most likely have seen it in the form of the first two results on a google search that look different from the other “organic results”.
  • Paid Inclusion is a search engine marketing product where the search engine company charges fees related to inclusion of websites in their search index.
  • Video Search Marketing  Search engines are pushing the universal search movement to evolve results into a multimedia-rich blend of images, maps, local and video. As a result, search engine algorithms will look more favorably on video content for the top spots on their result pages, meaning the opportunity for exposure increases for any video producer that is on top of its SEO game.
  • Google-Adsense is a wonderful tool that allows you the site owner to place  PPC ads on your site and start earning some money. You can also you’re in control block ads you don’t like, customize where ads appear, and choose which types fit your site best.

The difference between white hat SEO and black hat SEO.

white hat SEO refers to the usage of optimization strategies, techniques and tactics that focus on a human audience opposed to search engines and completely follows search engine rules and policies. Whereas, black hat SEO refers to the use of aggressive SEO strategies, techniques and tactics that focus only on search engines and not a human audience, and usually does not obey search engines guidelines.

Google Webmaster Guidelines

 

  • Make a site with a clear hierarchy and text links. Every page should be reachable from at least one static text link.
  • Offer a site map to your users with links that point to the important parts of your site. If the site map has an extremely large number of links, you may want to break the site map into multiple pages.
  • Keep the links on a given page to a reasonable number.
  • Create a useful, information-rich site, and write pages that clearly and accurately describe your content.
  • Think about the words users would type to find your pages, and make sure that your site actually includes those words within it.