Accessibility is very important to commercial websites, wanting to reach a wide range/variety of customers, while at the same time making sure they are not discriminating against a particular set of users. For many online consumers, it can be more convenient and simple to order their goods online, rather than travelling to and from towns/cities which they may find difficult, or more personal issues. Online sites have to try and accomodate to the best of their ability for people who may be disimpaired in some form; with the web mainly being visual, it may put individuals who are partially sited or colour blind at a disadvantage or navigating the computer by mouse/keyboard may be extremely hard for some people. Many web designers have taken this into account, with good accessible design attempting to make the experience as rich as possible for the possibly wide variety of users.
An example of a website that has catered to accesibility problems is Marks and Spencers,
http://help.marksandspencer.com/faqs/company-website/accessibility-policy.html#PartA
Monday, 20 May 2013
Sunday, 19 May 2013
2.7 Security
Physical Protection – Organisations need to protect personal data from unauthorised access, both externally and internally. Personal data has to be stored on a machine where not just anyone could access the information on the machine. For example information should not be placed on a computer in an open planned office with no password protection; a standalone machine should always be protected physically from unauthorised access. With a transactional website, it would be very unlikely that a standalone machine would be used; however not controlling physical access to your computers simply makes unauthorised access easy. Normally, most organisations would make sure that any data placed on their systems was backed up in case of accidental, or deliberate, data loss or damage. These backups also contain sensitive information and should also be kept under high levels of security.
User names and passwords – Transactional websites cannot be completely secure, they need to allow remote access otherwise no transactions could take place. It has to be connected to the internet; therefore locking it in a room would be pointless, only adding physical protection. Additional protection is needed to try and stop potential hackers from accessing the data.
Usernames and passwords are one of the most commonly used techniques, allowing the individuals to have the capacity to create files and store them on common drives, while knowing it is your own file. A user name is a way of identifying yourself to the computer, supplying it when you sign on. Most systems then create, or allow you to create, a user area into which all your files are saved.
This means that your files are ‘yours’ and other users are not able to access your area without the password. It is up to the user to define the level of permission others have, maybe giving individual’s permission to read your files, or even being allowed to read them and to change them. There will, however, always be someone who administers the site, who has access to all files, usually being a special user name for this purpose.
Usernames cannot usually be changed; if you do all the relevant file permissions would also have to change. Whereas, computer networks cannot physically differentiate between you and anyone else, therefore giving a system your username and password it will automatically assume it’s you, giving them access to everything you had access to. This is where passwords are able to provide a layer of protection that a simple user ID does not provide. A password should be secret, only known to you and the network, checking your identity when you sign in. A transactional website works the same, with an area of data containing information about you and only those who need the information to process the transaction being able to access it. This is why it is likely that the data will be protected by a user name and password. Commonly your email address will be used as a user name as it is unique to the user, and is an easy way to communicate with the consumer. Many people forget user names and passwords, therefore many provide more security questions to give you access if this did happen. A commonly used question is the mother’s maiden name, which would be unlikely known to a hacker, and provides the organisation with a way of identifying you and giving you access, either by resetting your password, or telling you your old one.
Usernames and passwords are one of the most commonly used techniques, allowing the individuals to have the capacity to create files and store them on common drives, while knowing it is your own file. A user name is a way of identifying yourself to the computer, supplying it when you sign on. Most systems then create, or allow you to create, a user area into which all your files are saved.
This means that your files are ‘yours’ and other users are not able to access your area without the password. It is up to the user to define the level of permission others have, maybe giving individual’s permission to read your files, or even being allowed to read them and to change them. There will, however, always be someone who administers the site, who has access to all files, usually being a special user name for this purpose.
Usernames cannot usually be changed; if you do all the relevant file permissions would also have to change. Whereas, computer networks cannot physically differentiate between you and anyone else, therefore giving a system your username and password it will automatically assume it’s you, giving them access to everything you had access to. This is where passwords are able to provide a layer of protection that a simple user ID does not provide. A password should be secret, only known to you and the network, checking your identity when you sign in. A transactional website works the same, with an area of data containing information about you and only those who need the information to process the transaction being able to access it. This is why it is likely that the data will be protected by a user name and password. Commonly your email address will be used as a user name as it is unique to the user, and is an easy way to communicate with the consumer. Many people forget user names and passwords, therefore many provide more security questions to give you access if this did happen. A commonly used question is the mother’s maiden name, which would be unlikely known to a hacker, and provides the organisation with a way of identifying you and giving you access, either by resetting your password, or telling you your old one.
Firewalls - once your machine is is connected to the internet you become part of a huge network. Once this happens and you can be 'seen by anyone else on the internet it means you can be targeted by anyone wanting to access your machine. A firewall is a software utility which sits between your computer and the internet, monitering traffic. It operates as a filter, anything it doesnt 'like' it blocks access, it also monitors incoming and outgoing peices of information. It stops access from unknown sources accessing your computers, but also stop this from accessing the internet aswell.
Virus Protection - Viruses being placed/transferred onto computer systems has been increasing with the advances in computer technology, the most popular way of catching a virus being through an email. Common types of viruses are file viruses, boot-sector viruses, email viruses, worms and Trojan horses.
Antivirus sottware works by detecting the virus before it has the chance to attatch itself to the system, and letting the user know if it did detect one. The programme then repairs the infected file, deletes it, or places it in quarentine where the file cannot infect anything else.
There is a massive choice for consumers when it comes to buying the antivirus software, all claiming to identify and remove potential threats/viruses. New viruses are constantly being made to try and get around the virus protecters, therefore the protecters have to constantly be updated/renewed, ensuring that any new viruses are detected. To make this more cost effective the user may take out a subscription, where the system will update regularly.
Antivirus sottware works by detecting the virus before it has the chance to attatch itself to the system, and letting the user know if it did detect one. The programme then repairs the infected file, deletes it, or places it in quarentine where the file cannot infect anything else.
There is a massive choice for consumers when it comes to buying the antivirus software, all claiming to identify and remove potential threats/viruses. New viruses are constantly being made to try and get around the virus protecters, therefore the protecters have to constantly be updated/renewed, ensuring that any new viruses are detected. To make this more cost effective the user may take out a subscription, where the system will update regularly.
Risk Assessment – The first step when protecting or securing data is to understand what level of threat you are under, known as a risk assessment. In this risk assessment you assess what the risks are and the outcomes if the worst happens. Once you understand this you can take steps to try and reduce the effects. The two types of threats that are considered are; physical threats such as fire, theft, malicious damage and hardware failure, or, human error such as input errors or program bugs.
Encription - Data on computers is held in binary code, a series of zeroes and ones, whereas the information we hold is usually numbers and letters. We therfore have to assign codes to a group of these zeroes and ones to represent letters, which is why preparing data to be stored on computers is referred to as encoding. There are a number of standard versions which many computers/systems work by, the most common which is ASCII (American Standard Code for Information Interchange). These codes are universally known and accessible, which is why if someone was able to intercept a transmission you make, or interrogate your hard disk, it would be very easy to figure out what the binary data is.
To help protect your data, you would use encription, which is a mathematical formula to scramble letters or numbers to make it seem like a random order or sequence. Even if this was then to be intercepted, it would not make any sense, therefore meaning the data is protected. However, a similar formula can be used to decrypt the data, putting it back into its meaningful form. This sound easier than it actually is in practice, even if you knew what the algorithm did you would have to know the key to decrypt the data, adding an extra layer of protection.
Secure Electronic Transactions (SET) - Online purchases have increased dramatically over the years, from the beggining being recognised as a potentially poweful market place. This was relying on their money transactions being secure and the goods they requested arriving, particularly being paid attention by credit card companies and banks. Two of these companies, Visa and Mastercard, in conjunction with some major computer companies, including IBM, developed the secure electronic transation (SET) protocol. A protocol is a set of rules which have to be complied by, in this situation a set of rules by which transactions are goverened; the rules of this particular protocol include two encryption methods being applied to transmitted data. SET also includes the use of digital certificates, which are issued by a certification authority, which confirms that you are actually dealing wth the legitimate organisation.
When you are initially browsing a website, you are doing so via an insecure connection, as no personal information is being transferred. However, once you proceed to a monetary transaction, you are directed to a secure connection, with any information you put in being encrypted.When you supply your credit card number to a secure site, it is done so by sending initially an incrypted form, however this is decrypted when sent with details of your purchase to the credit card company.
Encription - Data on computers is held in binary code, a series of zeroes and ones, whereas the information we hold is usually numbers and letters. We therfore have to assign codes to a group of these zeroes and ones to represent letters, which is why preparing data to be stored on computers is referred to as encoding. There are a number of standard versions which many computers/systems work by, the most common which is ASCII (American Standard Code for Information Interchange). These codes are universally known and accessible, which is why if someone was able to intercept a transmission you make, or interrogate your hard disk, it would be very easy to figure out what the binary data is.
To help protect your data, you would use encription, which is a mathematical formula to scramble letters or numbers to make it seem like a random order or sequence. Even if this was then to be intercepted, it would not make any sense, therefore meaning the data is protected. However, a similar formula can be used to decrypt the data, putting it back into its meaningful form. This sound easier than it actually is in practice, even if you knew what the algorithm did you would have to know the key to decrypt the data, adding an extra layer of protection.
Secure Electronic Transactions (SET) - Online purchases have increased dramatically over the years, from the beggining being recognised as a potentially poweful market place. This was relying on their money transactions being secure and the goods they requested arriving, particularly being paid attention by credit card companies and banks. Two of these companies, Visa and Mastercard, in conjunction with some major computer companies, including IBM, developed the secure electronic transation (SET) protocol. A protocol is a set of rules which have to be complied by, in this situation a set of rules by which transactions are goverened; the rules of this particular protocol include two encryption methods being applied to transmitted data. SET also includes the use of digital certificates, which are issued by a certification authority, which confirms that you are actually dealing wth the legitimate organisation.
When you are initially browsing a website, you are doing so via an insecure connection, as no personal information is being transferred. However, once you proceed to a monetary transaction, you are directed to a secure connection, with any information you put in being encrypted.When you supply your credit card number to a secure site, it is done so by sending initially an incrypted form, however this is decrypted when sent with details of your purchase to the credit card company.
2.6 Data at Risk
Data at Risk – When you pass your personal information over to companies, particularly over the internet, you are placing high amounts of trust into that company, especially due to the amount of risk they are at, giving them bank details, names and addresses. One of the highest growing crimes worldwide is identity theft, where someone wrongfully obtains personal information for the purpose of fraud. If someone is able to obtain your credit card details, with the correct name, then they may be in the position to make transactions in your name. This has been the case with many people who have been placed in debt because someone has used their details to run up a high bill, and have not been asked other security questions, such as address and so forth. Data is transferred through many systems when it leaves the main consumer’s computer to the data computer, therefore many points at which the data can be intercepted. Most computer users are actually aware of the risk of placing data on internet websites, especially against hackers. The Data Protection Act makes the organisation in charge of a transactional website responsible for protecting personal data against these attacks. Similar information is held on home computers connected to the internet, by users, however the system is protected less than major business databases and under the same level of threat.
Hacking and Hackers – A transactional website is known to be vulnerable to ‘hackers’, someone who breaks into a computer to steal, change or destroy data. Unauthorised access to data held by a transactional website could have significant consequences for the organisation. As well as breaching the terms of the Data Protection Act, the organisation could suffer serious problems even if the unauthorised access was not meant to be fraudulent.
The Computer Misuse Act (1990) was passed in order to deal with the growing number of computer hackers, unlawful information access and misuse in general. To begin with, hacking wasn’t taken as seriously, seen as more mischievous rather than malicious.
The Computer Misuse Act (1990) was passed in order to deal with the growing number of computer hackers, unlawful information access and misuse in general. To begin with, hacking wasn’t taken as seriously, seen as more mischievous rather than malicious.
2.6 Data Protection & Distance Selling
Any company which stores personal data has to conform to the rules of the Data Protection Act. The original Data Protection Act, which became law in 1984, was upgraded and extended in 1998. The old one covered computer data; however the new one was modified to include some paper-based records and some CCTV systems. Under the 1998 law, companies which hold personal information, such as information gained from transactional websites, have to notify the Information Commissioner, whose job is to enforce the Act and promote good practice in the handling of personal information. The Act defines ‘personal information’ as data about living people who can be identified from that data.
For an organisation to gain personal information and use this information they have to meet at least one of the conditions in Schedule 2 in the Act. There are a number of these conditions; however for the purpose of transactional websites it could be justified as ‘necessary for the performance of a contract to which the data subject is a party’.
Organisations which hold and use personal information have to adhere to the eight principals of the Act, which are;
Personal data must be:
1.Processed fairly and lawfully
2. Processed only for one or more specified and lawful purpose
3.Adequate, relevant and not excessive for the purpose
4.Accurate and kept up to date
5.Kept for no longer than necessary for the purpose it is being processed
6.Processed in accordance with the rights of the individual
7. Protected against accidental loss, destruction, damage or unauthorised and unlawful processing
8. Not transferred to countries outside the European Economic Area that does not have adequate protection for personal data
For an organisation to gain personal information and use this information they have to meet at least one of the conditions in Schedule 2 in the Act. There are a number of these conditions; however for the purpose of transactional websites it could be justified as ‘necessary for the performance of a contract to which the data subject is a party’.
Organisations which hold and use personal information have to adhere to the eight principals of the Act, which are;
Personal data must be:
1.Processed fairly and lawfully
2. Processed only for one or more specified and lawful purpose
3.Adequate, relevant and not excessive for the purpose
4.Accurate and kept up to date
5.Kept for no longer than necessary for the purpose it is being processed
6.Processed in accordance with the rights of the individual
7. Protected against accidental loss, destruction, damage or unauthorised and unlawful processing
8. Not transferred to countries outside the European Economic Area that does not have adequate protection for personal data
If the organisation fails to comply to any of these regulations, the Information Commissioner has the power to take action against the organisation to force it to comply. The commissioner is also able to bring about legal action against an organisation if he/she is sure an offence under the Act has been committed.
Distance Selling – When buying from a shop you are able to look at the item, the quality and what it looks like, even being able to return if it doesn’t live up to the expectations. This is the opposite when buying on the internet; you are only able to judge from the picture of the item and the description given. The regulations require that the seller gives adequate information to the consumer prior to the sale, and also provide an after sales ‘cooling off’ period, which the customer is able to return their item. The regulations also offer a framework for the cancellation of credit and the return of goods after the cancellation of the sale.
2.6 what information is held about you by organisations
Most organisations now have some form of information held about you, spending vast amounts of money storing and organising this information. Companies spend all this money and time as this information is money and ‘power’.
To begin with, the organisation, such as online websites, will need your information to process orders, such as name, address, payment details and knowledge of you. The website will tell you that it will keep this information for convenience for next time you log on, not having to put all the details in again.
For every transaction you make from this website, you are telling them more information about yourself, for example if you buy certain DVD’s it tells you about your film taste; then allowing them to make recommendations to you, suggesting products you may like.
This marketing strategy is used by many companies, being very successful in targeting many people to their individual needs and tastes. If the company is large enough, they are able to store details on a large number of transactions. For example if a large number of customers brought two similar products, and you brought one of these, they may make a link and recommend the second item, expecting a reasonable possibility of you purchasing it.
The extent to which this vast amount of information held by companies bothers you depends on the individual, making some people very uncomfortable or even angry. As an individual, you are entitled to a certain amount of privacy; however this is now disappearing, as there is so much information held about you by businesses and government agencies, which is commonly sold and traded.
To begin with, the organisation, such as online websites, will need your information to process orders, such as name, address, payment details and knowledge of you. The website will tell you that it will keep this information for convenience for next time you log on, not having to put all the details in again.
For every transaction you make from this website, you are telling them more information about yourself, for example if you buy certain DVD’s it tells you about your film taste; then allowing them to make recommendations to you, suggesting products you may like.
This marketing strategy is used by many companies, being very successful in targeting many people to their individual needs and tastes. If the company is large enough, they are able to store details on a large number of transactions. For example if a large number of customers brought two similar products, and you brought one of these, they may make a link and recommend the second item, expecting a reasonable possibility of you purchasing it.
The extent to which this vast amount of information held by companies bothers you depends on the individual, making some people very uncomfortable or even angry. As an individual, you are entitled to a certain amount of privacy; however this is now disappearing, as there is so much information held about you by businesses and government agencies, which is commonly sold and traded.
Thursday, 16 May 2013
2.4 Back Office Processes
One of the main priorities of online website is what goes on 'behind the scenes', from the warehouse picking the right stock, to dispatching and delivering the product. Back office processes need to be run just as efficiently for an online store as a normal store;
Maintenance of the virual shopping basket - The virtual shopping basket represents the basket/trolley that people would use when they go shopping normally. Customers are able to add items to the basket, remove items, remove the basket altogether, or proceed to the 'checkout'. Behind the scenes this is represented through a database, where when the customer adds an item to the basket, the stock or catalogue code will be added to the database along with the quantity. Depending on the retailer, stock availability may be checked prior to adding the iterm to the basket, or be checked after adding to the basket, with the message of the current availability being added to the display. Also depending on the retailer is the variety of different forms the basket can take, some showing the basket, contents and the total value while the customer is shopping, while some use a completely different web page. Sometimes these baskets are not as easy as they sound; once the basket has been viewed it is not easy to return shopping, and with some there is difficulty 'leaving' the basket to check other items or prices and on return losing the contents of your basket. Many baskets dont actually make it to the transaction process, with marketing companies estimating that over half of all shopping carts are abandoned before they go to payment. Different companies have different methods to deal with these abandoned baskets. Stores that identify the user when they log on will usually keep a record of what items where put into the basket, meaning the customer is able to return to the abandoned basket, with the same items. This can be very useful for the customer, especially in cases of supermarket shopping, where there can be a large number of items. It would be less important if the customer just had a one of item in their basket. Sites that do not identify the customer until the checkout/purchase stage of buying do not store the basket for future use, they simply discard the table in the background that represent the 'live' basket.
Identify and Authenticate - Many online stores operate exactly the same as they would if the customer was in a store - they browse, select their items, then pay at the checkout and leave. The only identification these stores need is when the customer goes to the checkout and pays for their goods, then needing to identify themselves in some form, so that the card payment can be authorised. Normally this is the store requiring a home address which is linked to the card, and information which comes from the credit card itself, such as the card number, expiry date and the security code on the back of the card.
Some other stores need full identification and autheniticity before you are allowed to start shopping. Many businesses vary between the two forms, allowing the customer to decide whether identify themselves prior to checkout, and to keep their details on the website or not. All the main grocery websites, including Tesco, Sainsburys and Asda require the customer to register, identifying and authenticiate themseles before they are able to start shopping. One of the main ways the websites are able to do this is through the users email address; these are unique to each individual, has usually some form of identity within it, and is a popular method of communicaton between the website and the customer, for example latest offers. Many people have different email addresses, which everyone is able to access, therefore cannot always prove that its the consumer. This is tackled by the business by getting the customer to provide a personal password, which only they know, or, another method is getting the customer to verify themselves through an attached email. You give your email address to the website, they send a confirmation email, with the customer having to follow the link given on the email to verify its you. This is a useful method for both the consumer and business; it confirms to the store that its actually the customer and can be used for marketing purposes, and secondly, if the email has been used by someone else the problem can be corrected.
Most stores also use cookies, identifying the customer as the click onto the site, even before they log onto the site. This allows the website to see who the customer is, what their spending habits are, and tailor marketing techniques to the individual, such as offers on similar products. However, although this may seem useful for the customer, there may be many users on one computer, so there still needs to be a password.
Different sites use different techniques, however the ones listed above are the most commonly used, with registration varying from just a user name and password, to full name, address, postcode, phone number and bank details. This logging in process then matches the customer to a record registered in the database, where all the details are stored. For customers and the business this is more convenient, as their details are stored and there is no need to enter the details every time they proceed to the checkout, and for the business they are able to know who they are dealing with, can target their market more effectively and the fast checkout means fewer abandoned baskets.
Real time tracking of customers' actions - Customers firstly browse through all the products, with the website wanting to make this as easy for the customer as possible, with the easiest route being to divide all the sections into categories, especially websites with large inventory. Store websites with a smaller inventory would be straightforward, with choosing a category simply being a link to another web page, displaying the category or product listing. In stores with a much larger inventory the click through that takes you through the categories is much more likely to query a database containing either a catalouge of products or an interface to a stock list. This database provides a webpage to display the products. The advantage of this is that changes to the products in stock do not require any reprogramming of the website, just changes to the database.
When browsing for a particular product it works in a similar way, the page is programmed to display certain products within the list chosen. When a particular product is selected, the database is required to give more information, such as a new page or even a pop up window where more informtion is supplied, such as descriptions and pictures.
Searching for specific products can use the same technology, when the user enters the search term into the supplied box, the database is queried and a list is returned dynamically with all possible matches. For example, on the majority of supermarket websites when you search coffee, all possible products with coffee will return as a match, such as instand and ground coffee, coffee cake, coffee biscuits etc. Sainsburys also offer the customer to be able to 'jot down' the items they need in a jotter pad, working on the same principle, however its a bit more complicated for the database. It must extract all key phrases, such as 'coffee', from the text in the jotter pad and present these one at a time as a query to the database engine. These results are then presented on a seperate page.
Payment Processing - When transactional websites recieve payments using credit cards, which are the majority, they do not get the money straight away, they have to submit a request for payment later, with most waiting until the customers items have been dispatched, then create the invoice and request payment. This payment process involves requesting payment from the gateway, with the merchant sending details of the transactions along with the authorisations provided by the bank (or issuer) in the authorisation process. The payments network is then able to arrange settlement between the issuer and acquirer. The funds are then able to be transferred to the merchants account, and a credit card statement is sent to the customer and the cycle is complete.
However, there are problems which can arise from credit card payments, as the user and the card are not pysically present. Card companies class this as a 'card not present' transaction, which is less secure due to the website not being able to fully confirm its the user and correct card, unlike a face-to-face transaction, which is the whole essence of an online transaction. This is why stores need to place strict security measures to deal with any potential security lapse that could arise. Stores such as grocery websites who require registration and logging in before any purchases can be made are more safe, especially due to the good being deliered to fixed and known addresses. Asking for addresses, especially post codes is a secure way of trying to stop fraud, many may know the card numbers, but not the address the card is linked to. In order to counteract the 'card not present' problem, the website will ask for secutity code and expiry date found on the card, if all these are correct, the issuer sends an authorisation number to the merchant that is added to the transaction record and used later by the merchant to claim payment from the card issuer.
Dispatch, Delivery & Stock Control - Dispatch and delivery can be a very complicated area for websites. However, for some this can be simple, especially if it is electronic download, such as music downloads, ring tones, some software, and reasearch services can complete their orders automatically bo allowing the customer to download the product directly from their website, removing many problems that can occur with physical delivery. Depending on the type of delivery you recieve will depend on many factors, including whether; goods are made to order, goods are distributed directly from the website company's stock, goods are brought in from suppliers as soon as the order is made or goods are completely outsourced, e.g the website company does not have its own physical warehouse, but rather supplies its customers with another companys products. Distribution also depends on the type of sending the company is using, from in house distribution, the post, parecel delivery or specialist delivery to transport the goods. Dispatch and delivery are similar processs, the order has to be made up so its able to be dispatched. This is done by 'picking' the products from a warehouse, while this is happening the stock records are adjusted accordingly. When the order is ready for dispatch, the payment is processed and collected, and the goods have to be delivered. For this a delivery or advice note is required, sometimes proof of delivery is also needed, where the reciever has to sign a special PDA. Some websites also allow their customers to track their order, by entering an order number, whereas some send email messages informing the customer of every stage of their delivery. However, fulfillment does not always end with a delivery of a single package. For example, when ordering books, some may be in stock, others may not, choosing to either have them delivered as a whole package, or as the books are in stock, bit by bit. Another option is more complex, involving back orders. Some orders are delivered faulty or innappropriate, some goods never arrive and some arrive damaged from the delivery process itself, with a good system being able to deal with these problems if they ever did arise.
Maintenance of the virual shopping basket - The virtual shopping basket represents the basket/trolley that people would use when they go shopping normally. Customers are able to add items to the basket, remove items, remove the basket altogether, or proceed to the 'checkout'. Behind the scenes this is represented through a database, where when the customer adds an item to the basket, the stock or catalogue code will be added to the database along with the quantity. Depending on the retailer, stock availability may be checked prior to adding the iterm to the basket, or be checked after adding to the basket, with the message of the current availability being added to the display. Also depending on the retailer is the variety of different forms the basket can take, some showing the basket, contents and the total value while the customer is shopping, while some use a completely different web page. Sometimes these baskets are not as easy as they sound; once the basket has been viewed it is not easy to return shopping, and with some there is difficulty 'leaving' the basket to check other items or prices and on return losing the contents of your basket. Many baskets dont actually make it to the transaction process, with marketing companies estimating that over half of all shopping carts are abandoned before they go to payment. Different companies have different methods to deal with these abandoned baskets. Stores that identify the user when they log on will usually keep a record of what items where put into the basket, meaning the customer is able to return to the abandoned basket, with the same items. This can be very useful for the customer, especially in cases of supermarket shopping, where there can be a large number of items. It would be less important if the customer just had a one of item in their basket. Sites that do not identify the customer until the checkout/purchase stage of buying do not store the basket for future use, they simply discard the table in the background that represent the 'live' basket.
Identify and Authenticate - Many online stores operate exactly the same as they would if the customer was in a store - they browse, select their items, then pay at the checkout and leave. The only identification these stores need is when the customer goes to the checkout and pays for their goods, then needing to identify themselves in some form, so that the card payment can be authorised. Normally this is the store requiring a home address which is linked to the card, and information which comes from the credit card itself, such as the card number, expiry date and the security code on the back of the card.
Some other stores need full identification and autheniticity before you are allowed to start shopping. Many businesses vary between the two forms, allowing the customer to decide whether identify themselves prior to checkout, and to keep their details on the website or not. All the main grocery websites, including Tesco, Sainsburys and Asda require the customer to register, identifying and authenticiate themseles before they are able to start shopping. One of the main ways the websites are able to do this is through the users email address; these are unique to each individual, has usually some form of identity within it, and is a popular method of communicaton between the website and the customer, for example latest offers. Many people have different email addresses, which everyone is able to access, therefore cannot always prove that its the consumer. This is tackled by the business by getting the customer to provide a personal password, which only they know, or, another method is getting the customer to verify themselves through an attached email. You give your email address to the website, they send a confirmation email, with the customer having to follow the link given on the email to verify its you. This is a useful method for both the consumer and business; it confirms to the store that its actually the customer and can be used for marketing purposes, and secondly, if the email has been used by someone else the problem can be corrected.
Most stores also use cookies, identifying the customer as the click onto the site, even before they log onto the site. This allows the website to see who the customer is, what their spending habits are, and tailor marketing techniques to the individual, such as offers on similar products. However, although this may seem useful for the customer, there may be many users on one computer, so there still needs to be a password.
Different sites use different techniques, however the ones listed above are the most commonly used, with registration varying from just a user name and password, to full name, address, postcode, phone number and bank details. This logging in process then matches the customer to a record registered in the database, where all the details are stored. For customers and the business this is more convenient, as their details are stored and there is no need to enter the details every time they proceed to the checkout, and for the business they are able to know who they are dealing with, can target their market more effectively and the fast checkout means fewer abandoned baskets.
Real time tracking of customers' actions - Customers firstly browse through all the products, with the website wanting to make this as easy for the customer as possible, with the easiest route being to divide all the sections into categories, especially websites with large inventory. Store websites with a smaller inventory would be straightforward, with choosing a category simply being a link to another web page, displaying the category or product listing. In stores with a much larger inventory the click through that takes you through the categories is much more likely to query a database containing either a catalouge of products or an interface to a stock list. This database provides a webpage to display the products. The advantage of this is that changes to the products in stock do not require any reprogramming of the website, just changes to the database.
When browsing for a particular product it works in a similar way, the page is programmed to display certain products within the list chosen. When a particular product is selected, the database is required to give more information, such as a new page or even a pop up window where more informtion is supplied, such as descriptions and pictures.
Searching for specific products can use the same technology, when the user enters the search term into the supplied box, the database is queried and a list is returned dynamically with all possible matches. For example, on the majority of supermarket websites when you search coffee, all possible products with coffee will return as a match, such as instand and ground coffee, coffee cake, coffee biscuits etc. Sainsburys also offer the customer to be able to 'jot down' the items they need in a jotter pad, working on the same principle, however its a bit more complicated for the database. It must extract all key phrases, such as 'coffee', from the text in the jotter pad and present these one at a time as a query to the database engine. These results are then presented on a seperate page.
Payment Processing - When transactional websites recieve payments using credit cards, which are the majority, they do not get the money straight away, they have to submit a request for payment later, with most waiting until the customers items have been dispatched, then create the invoice and request payment. This payment process involves requesting payment from the gateway, with the merchant sending details of the transactions along with the authorisations provided by the bank (or issuer) in the authorisation process. The payments network is then able to arrange settlement between the issuer and acquirer. The funds are then able to be transferred to the merchants account, and a credit card statement is sent to the customer and the cycle is complete.
However, there are problems which can arise from credit card payments, as the user and the card are not pysically present. Card companies class this as a 'card not present' transaction, which is less secure due to the website not being able to fully confirm its the user and correct card, unlike a face-to-face transaction, which is the whole essence of an online transaction. This is why stores need to place strict security measures to deal with any potential security lapse that could arise. Stores such as grocery websites who require registration and logging in before any purchases can be made are more safe, especially due to the good being deliered to fixed and known addresses. Asking for addresses, especially post codes is a secure way of trying to stop fraud, many may know the card numbers, but not the address the card is linked to. In order to counteract the 'card not present' problem, the website will ask for secutity code and expiry date found on the card, if all these are correct, the issuer sends an authorisation number to the merchant that is added to the transaction record and used later by the merchant to claim payment from the card issuer.
Dispatch, Delivery & Stock Control - Dispatch and delivery can be a very complicated area for websites. However, for some this can be simple, especially if it is electronic download, such as music downloads, ring tones, some software, and reasearch services can complete their orders automatically bo allowing the customer to download the product directly from their website, removing many problems that can occur with physical delivery. Depending on the type of delivery you recieve will depend on many factors, including whether; goods are made to order, goods are distributed directly from the website company's stock, goods are brought in from suppliers as soon as the order is made or goods are completely outsourced, e.g the website company does not have its own physical warehouse, but rather supplies its customers with another companys products. Distribution also depends on the type of sending the company is using, from in house distribution, the post, parecel delivery or specialist delivery to transport the goods. Dispatch and delivery are similar processs, the order has to be made up so its able to be dispatched. This is done by 'picking' the products from a warehouse, while this is happening the stock records are adjusted accordingly. When the order is ready for dispatch, the payment is processed and collected, and the goods have to be delivered. For this a delivery or advice note is required, sometimes proof of delivery is also needed, where the reciever has to sign a special PDA. Some websites also allow their customers to track their order, by entering an order number, whereas some send email messages informing the customer of every stage of their delivery. However, fulfillment does not always end with a delivery of a single package. For example, when ordering books, some may be in stock, others may not, choosing to either have them delivered as a whole package, or as the books are in stock, bit by bit. Another option is more complex, involving back orders. Some orders are delivered faulty or innappropriate, some goods never arrive and some arrive damaged from the delivery process itself, with a good system being able to deal with these problems if they ever did arise.
Wednesday, 15 May 2013
2:5 E-Customers: Cookies
Cookies are small files of information, and are stored on the users computers by the websites that they visit, with web servers having the right to store a small amount of information on each computer that visits the site. When the users computer requests a page, the server receives a copy of any cookie that has previously been stored. A script on the web page can then access the information in the cookie and use this to make the web page more personal. Cookies have six parameters in total that can be passed to them; the name of the cookie, the value of the cookie, the path the cookie is valid for, the domain the cookie is valid for and the expiry date of the cookie - this determines how long the cookie will stay valid in your browser and whether it needs a secure connection.
Cookies are used by websites for many reasons, mainly all tailored to the individual; they are able to identify a particular user or computer by storing visitors ID's, which can then link them to the consumers 'personal' database. It also stores the users personal preferences, and keeps them if the user returns to the site later on, for example making the font larger or changing the font. It also shows the captured information between web pages, espeically for those websites that do not store visitor details in a database. It also stores store marketing information, such as how many times you have visited a site, what you brought etc.
The main aim of websites using cookies is so that the site is able to recognise each individual user when they log on. This ID can then be matched to the database record of the user where the ID acts as a primary key. This then ables the site to welcome each customer by name, have their order history, preferences etc from the second they log onto the site. Many computers are shared, and have more than one user for multiple sites, therefore the sites have to make sure that the consumer is who they say they are. On Amazon's website, further cookies are also maintained within the cookie file to store session ID's and other information as well. Some search engines use this information to advertise similar products/services tailored to the clients previous search history.
Some advertising and marketing agencies use cookies for their own benefit, making agreements to allow them to place banner ads and other images on their clients websites; such as a web bug (an invisible image used to monitor what adverts and web pages a user is viewing. When the banner or image is clicked, the server of the advertising agency places a cookie on the computer of the person accessing it. The same cookie is then accessed across the multiple sites on which these banner ads have been placed. The agency are then able to track what users have clicked onto what advertisement, with overtime being able to determine the interests of many users and create a profile of them. These profiles are then placed on a database, and can be more specific and personalised to each user. These agencies can then look at the patterns and trends for predicting the most used site and what banners work best, possibly selling this information to other companies to use in the future.
Adware is much more intrusive than cookies, usually being a program that you can install yourself. This is usually done without realising, tracking your online behaviour so that advertisers and market reasearchers are able to watch your spending habits and predict market trends. On the other hand, if advertisers are open and inform the customers what they are intending to do, it can be very useful. From installing this service they will offer the customer incentives and rewards from participating retailers. Many reasons why Adware is installed is due to the customers negligence; the acceptance is often hidden in the small print of the End User Licence Agreements (EULA), being asked to confirm that you have read and agreed to the sortwares terms and conditions. Many just tick the box and carry on, not bothering to read the small print or any of the agreement. Sometimes this can be extrememly hard for customers to remove from their system, becoming a very intrusive program which collects and reports information about the users habits.
Being recognised and having your own 'personalised' database on a system is not all bad, providing a better experience for the customer. Orders are able to be processed very quicly without the need to ask all the personal information, such as delivery address and payment details. Many will also store birthdays or special occasions of their customres, sending out special offers or vouchers for the customer, as to gain a loyal customer base.
Cookies are used by websites for many reasons, mainly all tailored to the individual; they are able to identify a particular user or computer by storing visitors ID's, which can then link them to the consumers 'personal' database. It also stores the users personal preferences, and keeps them if the user returns to the site later on, for example making the font larger or changing the font. It also shows the captured information between web pages, espeically for those websites that do not store visitor details in a database. It also stores store marketing information, such as how many times you have visited a site, what you brought etc.
The main aim of websites using cookies is so that the site is able to recognise each individual user when they log on. This ID can then be matched to the database record of the user where the ID acts as a primary key. This then ables the site to welcome each customer by name, have their order history, preferences etc from the second they log onto the site. Many computers are shared, and have more than one user for multiple sites, therefore the sites have to make sure that the consumer is who they say they are. On Amazon's website, further cookies are also maintained within the cookie file to store session ID's and other information as well. Some search engines use this information to advertise similar products/services tailored to the clients previous search history.
Some advertising and marketing agencies use cookies for their own benefit, making agreements to allow them to place banner ads and other images on their clients websites; such as a web bug (an invisible image used to monitor what adverts and web pages a user is viewing. When the banner or image is clicked, the server of the advertising agency places a cookie on the computer of the person accessing it. The same cookie is then accessed across the multiple sites on which these banner ads have been placed. The agency are then able to track what users have clicked onto what advertisement, with overtime being able to determine the interests of many users and create a profile of them. These profiles are then placed on a database, and can be more specific and personalised to each user. These agencies can then look at the patterns and trends for predicting the most used site and what banners work best, possibly selling this information to other companies to use in the future.
Adware is much more intrusive than cookies, usually being a program that you can install yourself. This is usually done without realising, tracking your online behaviour so that advertisers and market reasearchers are able to watch your spending habits and predict market trends. On the other hand, if advertisers are open and inform the customers what they are intending to do, it can be very useful. From installing this service they will offer the customer incentives and rewards from participating retailers. Many reasons why Adware is installed is due to the customers negligence; the acceptance is often hidden in the small print of the End User Licence Agreements (EULA), being asked to confirm that you have read and agreed to the sortwares terms and conditions. Many just tick the box and carry on, not bothering to read the small print or any of the agreement. Sometimes this can be extrememly hard for customers to remove from their system, becoming a very intrusive program which collects and reports information about the users habits.
Being recognised and having your own 'personalised' database on a system is not all bad, providing a better experience for the customer. Orders are able to be processed very quicly without the need to ask all the personal information, such as delivery address and payment details. Many will also store birthdays or special occasions of their customres, sending out special offers or vouchers for the customer, as to gain a loyal customer base.
Subscribe to:
Comments (Atom)